diff options
23 files changed, 495 insertions, 298 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java index d4b582a3..b2043f07 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java @@ -68,7 +68,7 @@ import com.datastax.driver.core.Statement; public abstract class Batch { - private static String ROOT_NS; + private static String rootNs; private static StaticSlot ssargs; @@ -84,13 +84,13 @@ public abstract class Batch { public static final String CASS_ENV = "CASS_ENV"; public static final String LOG_DIR = "LOG_DIR"; - protected final static String PUNT="punt"; - protected final static String MAX_EMAILS="MAX_EMAILS"; - protected final static String VERSION="VERSION"; - public final static String GUI_URL="GUI_URL"; + protected static final String PUNT="punt"; + protected static final String MAX_EMAILS="MAX_EMAILS"; + protected static final String VERSION="VERSION"; + public static final String GUI_URL="GUI_URL"; - protected final static String ORA_URL="ora_url"; - protected final static String ORA_PASSWORD="ora_password"; + protected static final String ORA_URL="ora_url"; + protected static final String ORA_PASSWORD="ora_password"; protected final Organization org; @@ -123,7 +123,7 @@ public abstract class Batch { cluster = CassAccess.cluster(env,batchEnv); env.info().log("cluster name - ",cluster.getClusterName()); String dryRunStr = env.getProperty( "DRY_RUN" ); - if ( dryRunStr == null || dryRunStr.trim().equals("false") ) { + if ( dryRunStr == null || "false".equals(dryRunStr.trim()) ) { dryRun = false; } else { dryRun = true; @@ -134,7 +134,7 @@ public abstract class Batch { org.setTestMode(dryRun); // Special names to allow behaviors beyond normal rules - specialNames = new HashSet<String>(); + specialNames = new HashSet<>(); String names = env.getProperty( "SPECIAL_NAMES" ); if ( names != null ) { @@ -151,7 +151,7 @@ public abstract class Batch { protected abstract void _close(AuthzTrans trans); public String[] args() { - return (String[])env.get(ssargs); + return env.get(ssargs); } public boolean isDryRun() @@ -177,9 +177,9 @@ public abstract class Batch { } } - protected PrintStream fallout(PrintStream _fallout, String logType) + protected PrintStream fallout(PrintStream inFallout, String logType) throws IOException { - PrintStream fallout = _fallout; + PrintStream fallout = inFallout; if (fallout == null) { File dir = new File("logs"); if (!dir.exists()) { @@ -187,7 +187,6 @@ public abstract class Batch { } File f = null; - // String os = System.getProperty("os.name").toLowerCase(); long uniq = System.currentTimeMillis(); f = new File(dir, getClass().getSimpleName() + "_" + logType + "_" @@ -199,15 +198,15 @@ public abstract class Batch { } public Organization getOrgFromID(AuthzTrans trans, String user) { - Organization org; + Organization organization; try { - org = OrganizationFactory.obtain(trans.env(),user.toLowerCase()); + organization = OrganizationFactory.obtain(trans.env(),user.toLowerCase()); } catch (OrganizationException e1) { trans.error().log(e1); - org=null; + organization=null; } - if (org == null) { + if (organization == null) { PrintStream fallout = null; try { @@ -220,7 +219,7 @@ public abstract class Batch { return (null); } - return (org); + return (organization); } public static Row executeDeleteQuery(Statement stmt) { @@ -238,7 +237,7 @@ public abstract class Batch { String envStr = env.getProperty("AFT_ENVIRONMENT"); if (envStr != null) { - if (envStr.equals("AFTPRD")) { + if ("AFTPRD".equals(envStr)) { testEnv = false; } } else { @@ -331,31 +330,32 @@ public abstract class Batch { // IMPORTANT! VALIDATE Organization isUser method protected void checkOrganizationAcccess(AuthzTrans trans, Question q) throws APIException, OrganizationException { - Set<String> testUsers = new HashSet<String>(); - Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, ROOT_NS); - if(rrd.isOK()) { - for(RoleDAO.Data r : rrd.value) { - Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName()); - if(rur.isOK()) { - for(UserRoleDAO.Data udd : rur.value) { + Set<String> testUsers = new HashSet<>(); + Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, rootNs); + if (rrd.isOK()) { + for (RoleDAO.Data r : rrd.value) { + Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName()); + if (!rur.isOK()) { + continue; + } + for (UserRoleDAO.Data udd : rur.value) { testUsers.add(udd.user); } } + if (testUsers.size() < 2) { + throw new APIException("Not enough Users in Roles for " + rootNs + " to Validate"); + } + + Identity iden; + for (String user : testUsers) { + if ((iden = org.getIdentity(trans, user)) == null) { + throw new APIException("Failed Organization Entity Validation Check: " + user); + } else { + trans.info().log("Organization Validation Check: " + iden.id()); + } + } } } - if(testUsers.size()<2) { - throw new APIException("Not enough Users in Roles for " + ROOT_NS + " to Validate"); - } - - Identity iden; - for(String user : testUsers) { - if((iden=org.getIdentity(trans,user))==null) { - throw new APIException("Failed Organization Entity Validation Check: " + user); - } else { - trans.info().log("Organization Validation Check: " + iden.id()); - } - } - } protected static String logDir() { String ld = env.getProperty(LOG_DIR); @@ -392,7 +392,7 @@ public abstract class Batch { String propLoc; try { Define.set(access); - ROOT_NS=Define.ROOT_NS(); + rootNs =Define.ROOT_NS(); File f = new File("etc/authzBatch.props"); try { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Email.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Email.java index 25e2ffca..15dfed38 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Email.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Email.java @@ -46,9 +46,9 @@ public class Email implements Action<Organization,Void, String>{ public Email(String ... defaultCC) { - toList = new ArrayList<String>(); + toList = new ArrayList<>(); this.defaultCC = defaultCC; - ccList = new ArrayList<String>(); + ccList = new ArrayList<>(); clear(); } @@ -71,10 +71,8 @@ public class Email implements Action<Organization,Void, String>{ } public Email addTo(Identity id) { - if(id!=null) { - if(!toList.contains(id.email())) { + if(id!=null && !toList.contains(id.email())) { toList.add(id.email()); - } } return this; } @@ -94,10 +92,8 @@ public class Email implements Action<Organization,Void, String>{ } public Email addCC(Identity id) { - if(id!=null) { - if(!ccList.contains(id.email())) { + if(id!=null && !ccList.contains(id.email())) { ccList.add(id.email()); - } } return this; } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Message.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Message.java index 98fc0054..a4122d61 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Message.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/Message.java @@ -28,7 +28,7 @@ public class Message { public final List<String> lines; public Message() { - lines = new ArrayList<String>(); + lines = new ArrayList<>(); } public void clear() { @@ -42,7 +42,7 @@ public class Message { } public void msg(StringBuilder sb, String lineIndent) { - if(lines.size()>0) { + if(!lines.isEmpty()) { for(String line : lines) { sb.append(lineIndent); sb.append(line); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java index 6cf2c53e..635efef0 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java @@ -56,8 +56,8 @@ public class URFutureApproveExec extends ActionDAO<List<Approval>, OP_STATUS, Fu return Result.err(Result.ERR_ActionNotCompleted,"Not Executed"); } else { // Save on Lookups - final List<ApprovalDAO.Data> apprs = new ArrayList<ApprovalDAO.Data>(); - final List<UserRoleDAO.Data> urs = new ArrayList<UserRoleDAO.Data>(); + final List<ApprovalDAO.Data> apprs = new ArrayList<>(); + final List<UserRoleDAO.Data> urs = new ArrayList<>(); for(Approval a : app) { apprs.add(a.add); UserRole ur = UserRole.get(a.add.user, future.role); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java index a2dc6b65..948e65be 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java @@ -44,12 +44,12 @@ import com.datastax.driver.core.SimpleStatement; import com.datastax.driver.core.Statement; public class Future implements CacheChange.Data, Comparable<Future> { - public static final Map<UUID,Future> data = new TreeMap<UUID,Future>(); - public static final Map<String,List<Future>> byRole = new TreeMap<String,List<Future>>(); + public static final Map<UUID,Future> data = new TreeMap<>(); + public static final Map<String,List<Future>> byRole = new TreeMap<>(); public final FutureDAO.Data fdd; public final String role; // derived - private final static CacheChange<Future> cache = new CacheChange<Future>(); + private static final CacheChange<Future> cache = new CacheChange<>(); public final UUID id() { @@ -102,13 +102,16 @@ public class Future implements CacheChange.Data, Comparable<Future> { ++count; Future f = creator.create(row); data.put(f.fdd.id,f); - if(f.role!=null) { - List<Future> lf = byRole.get(f.role); - if(lf==null) { - byRole.put(f.role,lf = new ArrayList<Future>()); - } - lf.add(f); + if(f.role==null) { + continue; } + List<Future> lf = byRole.get(f.role); + if(lf==null) { + lf = new ArrayList<>(); + byRole.put(f.role,lf); + } + lf.add(f); + } } finally { tt.done(); diff --git a/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Email.java b/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Email.java index 0779a33d..70cd08a8 100644 --- a/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Email.java +++ b/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Email.java @@ -37,6 +37,7 @@ import org.onap.aaf.auth.org.OrganizationException; import static org.mockito.Mockito.*; +import java.io.ByteArrayOutputStream; import java.io.FileNotFoundException; import java.io.PrintStream; import java.util.Collection; @@ -47,12 +48,21 @@ import org.junit.Test; public class JU_Email { + private ByteArrayOutputStream outStream; + private ByteArrayOutputStream errStream; Email email; Identity usersI; Message msg; + PrintStream ps; @Before - public void setUp() { + public void setUp() throws FileNotFoundException { + outStream = new ByteArrayOutputStream(); + errStream = new ByteArrayOutputStream(); + ps = new PrintStream(errStream); + System.setOut(new PrintStream(outStream)); + System.setErr(ps); + usersI = mock(Identity.class); msg = new Message(); email = new Email(); @@ -124,7 +134,6 @@ public class JU_Email { @Test public void testLog() throws FileNotFoundException { - PrintStream ps = new PrintStream("test"); email.addTo("email"); email.addCC("email"); email.log(ps, "email"); @@ -132,5 +141,11 @@ public class JU_Email { email.addCC("emails"); email.log(ps, "emails"); } + + @After + public void cleanUp() { + System.setErr(System.err); + System.setOut(System.out); + } } diff --git a/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_EmailPrint.java b/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_EmailPrint.java new file mode 100644 index 00000000..fb5d2bd5 --- /dev/null +++ b/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_EmailPrint.java @@ -0,0 +1,92 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.actions.test; + +import static org.junit.Assert.*; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.onap.aaf.auth.actions.EmailPrint; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.org.Organization; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; + +import static org.mockito.Mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; + +import org.junit.Test; + +public class JU_EmailPrint { + + private ByteArrayOutputStream outStream; + private ByteArrayOutputStream errStream; + EmailPrint ePrint; + AuthzTrans trans; + Organization org; + StringBuilder strBuilder; + + @Before + public void setUp() { + outStream = new ByteArrayOutputStream(); + errStream = new ByteArrayOutputStream(); + System.setOut(new PrintStream(outStream)); + System.setErr(new PrintStream(errStream)); + ePrint = new EmailPrint(); + trans = mock(AuthzTrans.class); + org = mock(Organization.class); + strBuilder = new StringBuilder(); + strBuilder.append("test\nte\nst"); + ePrint.addTo("test"); + ePrint.addTo("test1"); + ePrint.addTo("test2"); + ePrint.addCC("test"); + ePrint.addCC("test1"); + ePrint.addCC("test2"); + + } + + @Test + public void testExec() throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException { + Class c = ePrint.getClass(); + Class[] cArg = new Class[3]; + cArg[0] = AuthzTrans.class; + cArg[1] = Organization.class; + cArg[2] = StringBuilder.class;//Steps to test a protected method + Method execMethod = c.getDeclaredMethod("exec", cArg); + execMethod.setAccessible(true); + execMethod.invoke(ePrint, trans, org, strBuilder); + } + + @After + public void cleanUp() { + System.setErr(System.err); + System.setOut(System.out); + } + +} diff --git a/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Message.java b/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Message.java new file mode 100644 index 00000000..fa7409ea --- /dev/null +++ b/auth/auth-batch/src/test/java/org/onap/aaf/auth/actions/test/JU_Message.java @@ -0,0 +1,62 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.actions.test; + +import static org.junit.Assert.*; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.onap.aaf.auth.actions.Message; + +import static org.mockito.Mockito.*; +import org.junit.Test; + +public class JU_Message { + + Message msg; + + @Before + public void setUp() { + msg = new Message(); + } + + @Test + public void testLine() { + msg.line("test"); + } + + @Test + public void testClear() { + msg.clear(); + } + + @Test + public void testMsg() { + StringBuilder sb = new StringBuilder(); + msg.line("test"); + msg.line("test1"); + msg.msg(sb, "indent"); + } + +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index c90dcccf..ea726480 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -53,7 +53,8 @@ public abstract class CA { public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<String>()); - private final String name,env; + private final String name; + private final String env; private MessageDigest messageDigest; private final String permType; private Set<String> caIssuerDNs; @@ -70,7 +71,7 @@ public abstract class CA { if(permType==null) { throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } - caIssuerDNs = new HashSet<String>(); + caIssuerDNs = new HashSet<>(); String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; @@ -79,13 +80,14 @@ public abstract class CA { throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } access.log(Level.INFO, tag, "=",fields); - for(RDN rdn : rdns = RDN.parse('/',fields)) { + rdns = RDN.parse('/',fields); + for(RDN rdn : rdns) { if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT); } } - idDomains = new ArrayList<String>(); + idDomains = new ArrayList<>(); StringBuilder sb = null; for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) { if(s.length()>0) { @@ -102,14 +104,14 @@ public abstract class CA { access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb); } - String data_dir = access.getProperty(CM_PUBLIC_DIR,null); - if(data_dir!=null) { - File data = new File(data_dir); + String dataDir = access.getProperty(CM_PUBLIC_DIR,null); + if(dataDir!=null) { + File data = new File(dataDir); byte[] bytes; if(data.exists()) { - String trust_cas = access.getProperty(CM_TRUST_CAS,null); - if(trust_cas!=null) { - for(String fname : Split.splitTrim(',', trust_cas)) { + String trustCas = access.getProperty(CM_TRUST_CAS,null); + if(trustCas!=null) { + for(String fname : Split.splitTrim(',', trustCas)) { File crt = new File(data,fname); if(crt.exists()) { access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath()); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index 0d494acd..ee73dbdc 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -59,21 +59,21 @@ public class JscepCA extends CA { static final String CA_PREFIX = "http://"; static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll"; - private final static String MS_PROFILE="1"; - private final static int MAX_RETRY=3; + private static final String MS_PROFILE="1"; + private static final int MAX_RETRY=3; public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins // package on purpose - private Map<String,X509ChainWithIssuer> mxcwi_s; - private Map<Client,X509ChainWithIssuer> mxcwi_c; + private Map<String,X509ChainWithIssuer> mxcwiS; + private Map<Client,X509ChainWithIssuer> mxcwiC; private JscepClientLocator clients; public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException { super(access, name, env); - mxcwi_s = new ConcurrentHashMap<String,X509ChainWithIssuer>(); - mxcwi_c = new ConcurrentHashMap<Client,X509ChainWithIssuer>(); + mxcwiS = new ConcurrentHashMap<>(); + mxcwiC = new ConcurrentHashMap<>(); if(params.length<2) { throw new CertException("No Trust Chain parameters are included"); @@ -110,7 +110,7 @@ public class JscepCA extends CA { dir = dir + '/'; } String path; - List<FileReader> frs = new ArrayList<FileReader>(params.length-1); + List<FileReader> frs = new ArrayList<>(params.length-1); try { for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j]; @@ -119,7 +119,7 @@ public class JscepCA extends CA { } X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs); addCaIssuerDN(xcwi.getIssuerDN()); - mxcwi_s.put(params[i][0],xcwi); + mxcwiS.put(params[i][0],xcwi); } finally { for(FileReader fr : frs) { if(fr!=null) { @@ -173,26 +173,16 @@ public class JscepCA extends CA { break; } } - X509ChainWithIssuer mxcwi = mxcwi_c.get(client); + X509ChainWithIssuer mxcwi = mxcwiC.get(client); return new X509ChainWithIssuer(mxcwi,x509); -// break; + } else if (er.isPending()) { trans.checkpoint("Polling, waiting on CA to complete"); Thread.sleep(3000); } else if (er.isFailure()) { -// switch(er.getFailInfo()) { -// case badMessageCheck: -// throw new ClientException("Received BadMessageCheck from Jscep"); -// case badAlg: -// case badCertId: -// case badRequest: -// case badTime: -// default: -// } throw new CertException(clients.info(item)+':'+er.getFailInfo().toString()); } } - //i=MAX_RETRY; } catch(LocatorException e) { trans.error().log(e); i=MAX_RETRY; @@ -246,7 +236,7 @@ public class JscepCA extends CA { } ); // Map URL to Client, because Client doesn't expose Connection - mxcwi_c.put(c,mxcwi_s.get(urlinfo)); + mxcwiC.put(c, mxcwiS.get(urlinfo)); return c; } catch (MalformedURLException e) { throw new LocatorException(e); @@ -260,7 +250,7 @@ public class JscepCA extends CA { @Override protected void _destroy(Client client) { - mxcwi_c.remove(client); + mxcwiC.remove(client); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index cd8886da..e2287c3b 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -97,7 +97,7 @@ public class LocalCA extends CA { String fileName = f.getName(); if(fileName.endsWith(".key")) { caKey = Factory.toPrivateKey(NullTrans.singleton(),f); - List<FileReader> frs = new ArrayList<FileReader>(params.length-1); + List<FileReader> frs = new ArrayList<>(params.length-1); try { String dir = access.getProperty(CM_PUBLIC_DIR, ""); if(!"".equals(dir) && !dir.endsWith("/")) { @@ -128,8 +128,8 @@ public class LocalCA extends CA { KeyStore keyStore; FileInputStream fis = null; if(fileName.endsWith(".pkcs11")) { - String ksType; - p = Factory.getSecurityProvider(ksType="PKCS11",params); + String ksType="PKCS11"; + p = Factory.getSecurityProvider(ksType,params); keyStore = KeyStore.getInstance(ksType,p); } else if(fileName.endsWith(".jks")) { keyStore = KeyStore.getInstance("JKS"); @@ -216,7 +216,7 @@ public class LocalCA extends CA { SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent())) // new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded())) ); - List<GeneralName> lsan = new ArrayList<GeneralName>(); + List<GeneralName> lsan = new ArrayList<>(); for(String s : csrmeta.sans()) { lsan.add(new GeneralName(GeneralName.dNSName,s)); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java index 6f3062bb..6ba5a37f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java @@ -45,24 +45,26 @@ public class X509ChainWithIssuer extends X509andChain { Collection<? extends Certificate> certs; X509Certificate x509; for(Reader rdr : rdrs) { - if(rdr!=null) { // cover for badly formed array - byte[] bytes = Factory.decode(rdr); - try { - certs = Factory.toX509Certificate(bytes); - } catch (CertificateException e) { - throw new CertException(e); + if(rdr==null) { // cover for badly formed array + continue; + } + byte[] bytes = Factory.decode(rdr); + try { + certs = Factory.toX509Certificate(bytes); + } catch (CertificateException e) { + throw new CertException(e); + } + for(Certificate c : certs) { + x509=(X509Certificate)c; + Principal subject = x509.getSubjectDN(); + if(subject==null) { + continue; } - for(Certificate c : certs) { - x509=(X509Certificate)c; - Principal subject = x509.getSubjectDN(); - if(subject!=null) { - if(cert==null) { // first in Trust Chain - issuerDN= subject.toString(); - } - addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. - } + if(cert==null) { // first in Trust Chain + issuerDN = subject.toString(); } + addTrustChainEntry(x509); + cert=x509; // adding each time makes sure last one is signer. } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index 2541bea0..2b763f7f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -60,17 +60,16 @@ public class CSRMeta { private String email; private String challenge; private List<RDN> rdns; - - public CSRMeta(List<RDN> rdns) { - this.rdns = rdns; - } - - private ArrayList<String> sanList = new ArrayList<String>(); + private ArrayList<String> sanList = new ArrayList<>(); private KeyPair keyPair; private X500Name name = null; private SecureRandom random = new SecureRandom(); - public X500Name x500Name() throws IOException { + public CSRMeta(List<RDN> rdns) { + this.rdns = rdns; + } + + public X500Name x500Name() { if(name==null) { X500NameBuilder xnb = new X500NameBuilder(); xnb.addRDN(BCStyle.CN,cn); @@ -99,7 +98,7 @@ public class CSRMeta { } int plus = email==null?0:1; - if(sanList.size()>0) { + if(!sanList.isEmpty()) { GeneralName[] gna = new GeneralName[sanList.size()+plus]; int i=-1; for(String s : sanList) { @@ -114,10 +113,7 @@ public class CSRMeta { }) ); } - - if(email!=null) { - - } + try { return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate())); } catch (OperatorCreationException e) { @@ -129,27 +125,29 @@ public class CSRMeta { public static void dump(PKCS10CertificationRequest csr) { Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { - if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { - Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); - GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); - GeneralName[] names = gns.getNames(); - for(int k=0; k < names.length; k++) { - String title = ""; - if(names[k].getTagNo() == GeneralName.dNSName) { - title = "dNSName"; - } else if(names[k].getTagNo() == GeneralName.iPAddress) { - title = "iPAddress"; - // Deprecated, but I don't see anything better to use. - names[k].toASN1Object(); - } else if(names[k].getTagNo() == GeneralName.otherName) { - title = "otherName"; - } else if(names[k].getTagNo() == GeneralName.rfc822Name) { - title = "email"; - } + if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { + continue; + } + + Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); + GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); + GeneralName[] names = gns.getNames(); + for(int k=0; k < names.length; k++) { + String title = ""; + if(names[k].getTagNo() == GeneralName.dNSName) { + title = "dNSName"; + } else if(names[k].getTagNo() == GeneralName.iPAddress) { + title = "iPAddress"; + // Deprecated, but I don't see anything better to use. + names[k].toASN1Object(); + } else if(names[k].getTagNo() == GeneralName.otherName) { + title = "otherName"; + } else if(names[k].getTagNo() == GeneralName.rfc822Name) { + title = "email"; + } - System.out.println(title + ": "+ names[k].getName()); - } - } + System.out.println(title + ": "+ names[k].getName()); + } } } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/cache/Cache.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/cache/Cache.java index 17368031..9d48ecbe 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/cache/Cache.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/cache/Cache.java @@ -50,12 +50,11 @@ public class Cache<TRANS extends Trans, DATA> { public static final String CACHE_HIGH_COUNT = "CACHE_HIGH_COUNT"; public static final String CACHE_CLEAN_INTERVAL = "CACHE_CLEAN_INTERVAL"; -// public static final String CACHE_MIN_REFRESH_INTERVAL = "CACHE_MIN_REFRESH_INTERVAL"; private static final Map<String,Map<String,Dated>> cacheMap; static { - cacheMap = new HashMap<String,Map<String,Dated>>(); + cacheMap = new HashMap<>(); } /** @@ -64,7 +63,7 @@ public class Cache<TRANS extends Trans, DATA> { * @author Jonathan * */ - public final static class Dated { + public static final class Dated { public Date timestamp; public List<?> data; private long expireIn; @@ -77,7 +76,7 @@ public class Cache<TRANS extends Trans, DATA> { public <T> Dated(T t, long expireIn) { timestamp = new Date(System.currentTimeMillis()+expireIn); - ArrayList<T> al = new ArrayList<T>(1); + ArrayList<T> al = new ArrayList<>(1); al.add(t); data = al; this.expireIn = expireIn; @@ -91,7 +90,7 @@ public class Cache<TRANS extends Trans, DATA> { public static Map<String,Dated> obtain(String key) { Map<String, Dated> m = cacheMap.get(key); if(m==null) { - m = new ConcurrentHashMap<String, Dated>(); + m = new ConcurrentHashMap<>(); synchronized(cacheMap) { cacheMap.put(key, m); } @@ -108,7 +107,7 @@ public class Cache<TRANS extends Trans, DATA> { * @author Jonathan * */ - private final static class Clean extends TimerTask { + private static final class Clean extends TimerTask { private final Env env; private Set<String> set; @@ -124,7 +123,7 @@ public class Cache<TRANS extends Trans, DATA> { high = highCount; timeInterval = cleanInterval; advance = 0; - set = new HashSet<String>(); + set = new HashSet<>(); } public synchronized void add(String key) { @@ -140,16 +139,17 @@ public class Cache<TRANS extends Trans, DATA> { for(String name : set) { Map<String,Dated> map = cacheMap.get(name); - if(map!=null) for(Map.Entry<String,Dated> me : map.entrySet()) { + if(map==null) { + continue; + } + + for(Map.Entry<String,Dated> me : map.entrySet()) { ++total; - if(me.getValue().timestamp.before(now)) { + if (me.getValue().timestamp.before(now)) { map.remove(me.getKey()); ++count; } } -// if(count>0) { -// env.info().log(Level.INFO, "Cache removed",count,"expired",name,"Elements"); -// } } if(count>0) { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java index da552aeb..bc9811ba 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java @@ -135,12 +135,12 @@ public class ApprovalForm extends Page { @Override public Cells get(final AuthzTrans trans, final AAF_GUI gui) { final String userParam = trans.get(sUser, null); - ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>(); + ArrayList<AbsCell[]> rv = new ArrayList<>(); String msg = null; TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE); try { - final List<Approval> pendingApprovals = new ArrayList<Approval>(); - final List<Integer> beginIndicesPerApprover = new ArrayList<Integer>(); + final List<Approval> pendingApprovals = new ArrayList<>(); + final List<Integer> beginIndicesPerApprover = new ArrayList<>(); int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException { @@ -150,12 +150,10 @@ public class ApprovalForm extends Page { if(fa.value!=null) { for (Approval appr : fa.value.getApprovals()) { - if (appr.getStatus().equals("pending")) { - if (userParam!=null) { - if (!appr.getUser().equalsIgnoreCase(userParam)) { + if ("pending".equals(appr.getStatus())) { + if (userParam!=null && !appr.getUser().equalsIgnoreCase(userParam)) { numLeft++; continue; - } } pendingApprovals.add(appr); } @@ -178,7 +176,7 @@ public class ApprovalForm extends Page { } }); - if (pendingApprovals.size() > 0) { + if (!pendingApprovals.isEmpty()) { // Only add select all links if we have approvals AbsCell[] selectAllRow = new AbsCell[] { AbsCell.Null, @@ -191,7 +189,7 @@ public class ApprovalForm extends Page { int line=-1; - while (beginIndicesPerApprover.size() > 0) { + while (!beginIndicesPerApprover.isEmpty()) { int beginIndex = beginIndicesPerApprover.remove(0); int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0)); List<Approval> currApproverList = pendingApprovals.subList(beginIndex, endIndex); @@ -243,7 +241,7 @@ public class ApprovalForm extends Page { } else { Identity au = org.getIdentity(trans, user); if(au!=null) { - if(au.type().equals("MECHID")) { + if("MECHID".equals(au.type())) { Identity managedBy = au.responsibleTo(); if(managedBy==null) { title ="title=" + au.type(); @@ -258,12 +256,13 @@ public class ApprovalForm extends Page { title="title=Not a User at " + org.getName(); } } - userCell = new RefCell(prevUser=user, + prevUser=user; + userCell = new RefCell(prevUser, TODO_ILM_INFO+user.substring(0, user.length()-DOMAIN_OF_USER.length()), true, title); } else { - userCell = new TextCell(prevUser=user); + userCell = new TextCell(prevUser); } AbsCell[] sa = new AbsCell[] { userCell, @@ -280,7 +279,7 @@ public class ApprovalForm extends Page { if(numLeft>0) { msg = "After these, there will be " + numLeft + " approvals left to process"; } - if(rv.size()==0) { + if(rv.isEmpty()) { if (numLeft>0) { msg = "No Approvals to process at this time for user " + userParam +". You have " + numLeft + " other approvals to process."; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java index f900a1f4..bcc156c8 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java @@ -79,9 +79,12 @@ public class CmAgent { private static ErrMessage errMsg; private static Map<String,PlaceArtifact> placeArtifact; private static RosettaEnv env; + + private static boolean doExit; public static void main(String[] args) { int exitCode = 0; + doExit = true; try { AAFSSO aafsso = new AAFSSO(args); if(aafsso.loginOnly()) { @@ -93,7 +96,9 @@ public class CmAgent { env = new RosettaEnv(access.getProperties()); Deque<String> cmds = new ArrayDeque<String>(); for(String p : args) { - if(p.indexOf('=')<0) { + if("-noexit".equalsIgnoreCase(p)) { + doExit = false; + } else if(p.indexOf('=') < 0) { cmds.add(p); } } @@ -110,7 +115,9 @@ public class CmAgent { System.out.println(" showpass <mechID> [<machine>]"); System.out.println(" check <mechID> [<machine>]"); System.out.println(" genkeypair"); - System.exit(1); + if (doExit) { + System.exit(1); + } } TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000")); @@ -183,7 +190,7 @@ public class CmAgent { } catch (Exception e) { e.printStackTrace(); } - if(exitCode!=0) { + if(exitCode != 0 && doExit) { System.exit(exitCode); } } diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java index 34ccf57b..fbeb360f 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java @@ -56,54 +56,61 @@ public class JU_CmAgent { String[] args; args = new String[] { "-login", - "-noexit", + "-noExit", }; CmAgent.main(args); inStream.reset(); args = new String[] { - "noexit=true", + "-noExit", }; CmAgent.main(args); inStream.reset(); args = new String[] { "place", + "-noExit", }; CmAgent.main(args); inStream.reset(); args = new String[] { + "-noExit", "create" }; CmAgent.main(args); inStream.reset(); args = new String[] { + "-noExit", "read" }; CmAgent.main(args); inStream.reset(); args = new String[] { + "-noExit", "copy" }; CmAgent.main(args); inStream.reset(); args = new String[] { + "-noExit", "update" }; CmAgent.main(args); inStream.reset(); args = new String[] { + "-noExit", "delete" }; CmAgent.main(args); inStream.reset(); args = new String[] { + "-noExit", "showpass" }; CmAgent.main(args); diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java index 9d555f62..c9ff59db 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java @@ -69,10 +69,10 @@ public class HX509SS implements SecuritySetter<HttpURLConnection> { public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, CadiException { securityInfo = si; if((alias=sendAlias) == null) { - if(si.default_alias == null) { + if(si.defaultAlias == null) { throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias"); } else { - alias = si.default_alias; + alias = si.defaultAlias; } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java index b34d096d..f63de20c 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java @@ -61,23 +61,23 @@ public class SecurityInfo { public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2"; public static final String REGEX_COMMA = "\\s*,\\s*"; - public static final String SslKeyManagerFactoryAlgorithm; + public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM; - private SSLSocketFactory scf; - private X509KeyManager[] km; - private X509TrustManager[] tm; - public final String default_alias; + private SSLSocketFactory socketFactory; + private X509KeyManager[] x509KeyManager; + private X509TrustManager[] x509TrustManager; + public final String defaultAlias; private NetMask[] trustMasks; - private SSLContext ctx; + private SSLContext context; private HostnameVerifier maskHV; public final Access access; // Change Key Algorithms for IBM's VM. Could put in others, if needed. static { - if(System.getProperty("java.vm.vendor").equalsIgnoreCase("IBM Corporation")) { - SslKeyManagerFactoryAlgorithm = "IbmX509"; + if ("IBM Corporation".equalsIgnoreCase(System.getProperty("java.vm.vendor"))) { + SSL_KEY_MANAGER_FACTORY_ALGORITHM = "IbmX509"; } else { - SslKeyManagerFactoryAlgorithm = "SunX509"; + SSL_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; } } @@ -91,23 +91,23 @@ public class SecurityInfo { initializeTrustManager(); - default_alias = access.getProperty(Config.CADI_ALIAS, null); + defaultAlias = access.getProperty(Config.CADI_ALIAS, null); initializeTrustMasks(); - String https_protocols = Config.logProp(access, Config.CADI_PROTOCOLS, + String httpsProtocols = Config.logProp(access, Config.CADI_PROTOCOLS, access.getProperty(HTTPS_PROTOCOLS, HTTPS_PROTOCOLS_DEFAULT) ); - System.setProperty(HTTPS_PROTOCOLS, https_protocols); - System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, https_protocols); - if("1.7".equals(System.getProperty("java.specification.version")) && https_protocols.contains("TLSv1.2")) { + System.setProperty(HTTPS_PROTOCOLS, httpsProtocols); + System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsProtocols); + if ("1.7".equals(System.getProperty("java.specification.version")) && httpsProtocols.contains("TLSv1.2")) { System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT); } - ctx = SSLContext.getInstance("TLS"); - ctx.init(km, tm, null); - SSLContext.setDefault(ctx); - scf = ctx.getSocketFactory(); + context = SSLContext.getInstance("TLS"); + context.init(x509KeyManager, x509TrustManager, null); + SSLContext.setDefault(context); + socketFactory = context.getSocketFactory(); } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException | CertificateException | UnrecoverableKeyException | IOException e) { throw new CadiException(e); } @@ -117,162 +117,168 @@ public class SecurityInfo { * @return the scf */ public SSLSocketFactory getSSLSocketFactory() { - return scf; + return socketFactory; } public SSLContext getSSLContext() { - return ctx; + return context; } /** * @return the km */ public X509KeyManager[] getKeyManagers() { - return km; + return x509KeyManager; } public void checkClientTrusted(X509Certificate[] certarr) throws CertificateException { - for(X509TrustManager xtm : tm) { + for (X509TrustManager xtm : x509TrustManager) { xtm.checkClientTrusted(certarr, SECURITY_ALGO); } } public void checkServerTrusted(X509Certificate[] certarr) throws CertificateException { - for(X509TrustManager xtm : tm) { + for (X509TrustManager xtm : x509TrustManager) { xtm.checkServerTrusted(certarr, SECURITY_ALGO); } } public void setSocketFactoryOn(HttpsURLConnection hsuc) { - hsuc.setSSLSocketFactory(scf); - if(maskHV != null && !maskHV.equals(hsuc.getHostnameVerifier())) { + hsuc.setSSLSocketFactory(socketFactory); + if (maskHV != null && !maskHV.equals(hsuc.getHostnameVerifier())) { hsuc.setHostnameVerifier(maskHV); } } protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException { String keyStore = access.getProperty(Config.CADI_KEYSTORE, null); - if(keyStore != null && !new File(keyStore).exists()) { + if (keyStore != null && !new File(keyStore).exists()) { throw new CadiException(keyStore + " does not exist"); } String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD, null); keyStorePasswd = (keyStorePasswd == null) ? null : access.decrypt(keyStorePasswd, false); + if (keyStore == null || keyStorePasswd == null) { + x509KeyManager = new X509KeyManager[0]; + return; + } String keyPasswd = access.getProperty(Config.CADI_KEY_PASSWORD, null); keyPasswd = (keyPasswd == null) ? keyStorePasswd : access.decrypt(keyPasswd, false); - KeyManagerFactory kmf = KeyManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm); - if(keyStore == null || keyStorePasswd == null) { - km = new X509KeyManager[0]; - } else { - ArrayList<X509KeyManager> kmal = new ArrayList<X509KeyManager>(); - File file; - for(String ksname : keyStore.split(REGEX_COMMA)) { - file = new File(ksname); - String keystoreFormat; - if(ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) { - keystoreFormat = "PKCS12"; - } else { - keystoreFormat = "JKS"; - } - if(file.exists()) { - FileInputStream fis = new FileInputStream(file); - try { - KeyStore ks = KeyStore.getInstance(keystoreFormat); - ks.load(fis, keyStorePasswd.toCharArray()); - kmf.init(ks, keyPasswd.toCharArray()); - } finally { - fis.close(); - } - } + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM); + + ArrayList<X509KeyManager> keyManagers = new ArrayList<>(); + File file; + for (String ksname : keyStore.split(REGEX_COMMA)) { + String keystoreFormat; + if (ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) { + keystoreFormat = "PKCS12"; + } else { + keystoreFormat = "JKS"; } - for(KeyManager km : kmf.getKeyManagers()) { - if(km instanceof X509KeyManager) { - kmal.add((X509KeyManager)km); + + file = new File(ksname); + if (file.exists()) { + FileInputStream fis = new FileInputStream(file); + try { + KeyStore ks = KeyStore.getInstance(keystoreFormat); + ks.load(fis, keyStorePasswd.toCharArray()); + keyManagerFactory.init(ks, keyPasswd.toCharArray()); + } finally { + fis.close(); } } - km = new X509KeyManager[kmal.size()]; - kmal.toArray(km); } + for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) { + if (keyManager instanceof X509KeyManager) { + keyManagers.add((X509KeyManager)keyManager); + } + } + x509KeyManager = new X509KeyManager[keyManagers.size()]; + keyManagers.toArray(x509KeyManager); } protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException { String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null); - if(trustStore != null && !new File(trustStore).exists()) { + if (trustStore != null && !new File(trustStore).exists()) { throw new CadiException(trustStore + " does not exist"); } + if (trustStore == null) { + return; + } + String trustStorePasswd = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null); trustStorePasswd = (trustStorePasswd == null) ? "changeit"/*defacto Java Trust Pass*/ : access.decrypt(trustStorePasswd, false); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm); - if(trustStore != null) { - File file; - for(String tsname : trustStore.split(REGEX_COMMA)) { - file = new File(tsname); - if(file.exists()) { - FileInputStream fis = new FileInputStream(file); - try { - KeyStore ts = KeyStore.getInstance("JKS"); - ts.load(fis, trustStorePasswd.toCharArray()); - tmf.init(ts); - } finally { - fis.close(); - } + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM); + File file; + for (String trustStoreName : trustStore.split(REGEX_COMMA)) { + file = new File(trustStoreName); + if (file.exists()) { + FileInputStream fis = new FileInputStream(file); + try { + KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(fis, trustStorePasswd.toCharArray()); + trustManagerFactory.init(ts); + } finally { + fis.close(); } } + } - TrustManager tms[] = tmf.getTrustManagers(); - if(tms != null && tms.length>0) { - tm = new X509TrustManager[tms.length]; - for(int i = 0; i < tms.length; ++i) { - try { - tm[i] = (X509TrustManager)tms[i]; - } catch (ClassCastException e) { - access.log(Level.WARN, "Non X509 TrustManager", tm[i].getClass().getName(), "skipped in SecurityInfo"); - } - } - } + TrustManager trustManagers[] = trustManagerFactory.getTrustManagers(); + if (trustManagers == null || trustManagers.length == 0) { + return; } + x509TrustManager = new X509TrustManager[trustManagers.length]; + for (int i = 0; i < trustManagers.length; ++i) { + try { + x509TrustManager[i] = (X509TrustManager)trustManagers[i]; + } catch (ClassCastException e) { + access.log(Level.WARN, "Non X509 TrustManager", x509TrustManager[i].getClass().getName(), "skipped in SecurityInfo"); + } + } } protected void initializeTrustMasks() throws AccessException { String tips = access.getProperty(Config.CADI_TRUST_MASKS, null); - if(tips != null) { - access.log(Level.INIT, "Explicitly accepting valid X509s from", tips); - String[] ipsplit = tips.split(REGEX_COMMA); - trustMasks = new NetMask[ipsplit.length]; - for(int i = 0; i < ipsplit.length; ++i) { - try { - trustMasks[i] = new NetMask(ipsplit[i]); - } catch (MaskFormatException e) { - throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e); - } + if (tips == null) { + return; + } + + access.log(Level.INIT, "Explicitly accepting valid X509s from", tips); + String[] ipsplit = tips.split(REGEX_COMMA); + trustMasks = new NetMask[ipsplit.length]; + for (int i = 0; i < ipsplit.length; ++i) { + try { + trustMasks[i] = new NetMask(ipsplit[i]); + } catch (MaskFormatException e) { + throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e); } } - - if(trustMasks != null) { - final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier(); - HttpsURLConnection.setDefaultHostnameVerifier(maskHV = new HostnameVerifier() { - @Override - public boolean verify(final String urlHostName, final SSLSession session) { - try { - // This will pick up /etc/host entries as well as DNS - InetAddress ia = InetAddress.getByName(session.getPeerHost()); - for(NetMask tmask : trustMasks) { - if(tmask.isInNet(ia.getHostAddress())) { - return true; - } + + final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier(); + maskHV = new HostnameVerifier() { + @Override + public boolean verify(final String urlHostName, final SSLSession session) { + try { + // This will pick up /etc/host entries as well as DNS + InetAddress ia = InetAddress.getByName(session.getPeerHost()); + for (NetMask tmask : trustMasks) { + if (tmask.isInNet(ia.getHostAddress())) { + return true; } - } catch (UnknownHostException e) { - // It's ok. do normal Verify } - return origHV.verify(urlHostName, session); - }; - }); - } + } catch (UnknownHostException e) { + // It's ok. do normal Verify + } + return origHV.verify(urlHostName, session); + }; + }; + HttpsURLConnection.setDefaultHostnameVerifier(maskHV); } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java index 4411a859..66683dcd 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java @@ -70,7 +70,7 @@ public class X509Taf implements HttpTaf { try { certFactory = CertificateFactory.getInstance("X.509"); messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone - tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm); + tmf = TrustManagerFactory.getInstance(SecurityInfoC.SSL_KEY_MANAGER_FACTORY_ALGORITHM); } catch (Exception e) { throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e); } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java index 8d528119..b7dd0148 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/SubStandardConsole.java @@ -27,7 +27,13 @@ import java.io.InputStreamReader; // Substandard, because System.in doesn't do Passwords.. public class SubStandardConsole implements MyConsole { - BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); + private final static char[] BLANK = new char[0]; + private final BufferedReader br; + + public SubStandardConsole() { + br = new BufferedReader(new InputStreamReader(System.in)); + } + @Override public String readLine(String fmt, Object... args) { String rv; @@ -48,10 +54,12 @@ public class SubStandardConsole implements MyConsole { public char[] readPassword(String fmt, Object... args) { try { System.out.printf(fmt,args); - return br.readLine().toCharArray(); + String response = br.readLine(); + return response==null?BLANK:response.toCharArray(); + } catch (IOException e) { System.err.println("uh oh..."); - return new char[0]; + return BLANK; } } diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java index 842a7098..001d0fe6 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java @@ -97,6 +97,9 @@ public class JU_SecurityInfo { assertNotNull(si.getSSLSocketFactory()); assertNotNull(si.getSSLContext()); assertNotNull(si.getKeyManagers()); + + access.setProperty(Config.CADI_TRUST_MASKS, "123.123.123.123"); + si = new SecurityInfo(access); } @Test(expected = CadiException.class) @@ -112,6 +115,14 @@ public class JU_SecurityInfo { @SuppressWarnings("unused") SecurityInfo si = new SecurityInfo(access); } + + + @Test(expected = NumberFormatException.class) + public void badTrustMaskTest() throws CadiException { + access.setProperty(Config.CADI_TRUST_MASKS, "trustMask"); + @SuppressWarnings("unused") + SecurityInfo si = new SecurityInfo(access); + } @Test public void coverageTest() throws CadiException { diff --git a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java index fa51719a..17678b3f 100644 --- a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java +++ b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java @@ -25,16 +25,15 @@ import java.util.ArrayList; import java.util.List;
public class Imports implements Thematic{
- List<String> css,js;
+ List<String> css;
+ List<String> js;
public final int backdots;
-// public final File webDir;
private String theme;
public Imports(int backdots) {
-// this.webDir = webDir;
- css = new ArrayList<String>();
- js = new ArrayList<String>();
+ css = new ArrayList<>();
+ js = new ArrayList<>();
this.backdots = backdots;
theme = "";
}
|