diff options
39 files changed, 903 insertions, 509 deletions
@@ -34,9 +34,9 @@ committers: id: 'giri' timezone: 'India/Bangalore' - name: 'Huabing Zhao' - email: 'zhao.huabing@zte.com.cn' + email: 'zhaohuabing@gmail.com' company: 'ZTE' - id: 'HuabingZhao' + id: 'Huabing_Zhao' timezone: 'China/Chengdu' - name: 'Kiran Kamineni' email: 'kiran.k.kamineni@intel.com' diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java index b2043f07..2a55af76 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java @@ -89,8 +89,6 @@ public abstract class Batch { protected static final String VERSION="VERSION"; public static final String GUI_URL="GUI_URL"; - protected static final String ORA_URL="ora_url"; - protected static final String ORA_PASSWORD="ora_password"; protected final Organization org; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java index a2dc6b65..948e65be 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java @@ -44,12 +44,12 @@ import com.datastax.driver.core.SimpleStatement; import com.datastax.driver.core.Statement; public class Future implements CacheChange.Data, Comparable<Future> { - public static final Map<UUID,Future> data = new TreeMap<UUID,Future>(); - public static final Map<String,List<Future>> byRole = new TreeMap<String,List<Future>>(); + public static final Map<UUID,Future> data = new TreeMap<>(); + public static final Map<String,List<Future>> byRole = new TreeMap<>(); public final FutureDAO.Data fdd; public final String role; // derived - private final static CacheChange<Future> cache = new CacheChange<Future>(); + private static final CacheChange<Future> cache = new CacheChange<>(); public final UUID id() { @@ -102,13 +102,16 @@ public class Future implements CacheChange.Data, Comparable<Future> { ++count; Future f = creator.create(row); data.put(f.fdd.id,f); - if(f.role!=null) { - List<Future> lf = byRole.get(f.role); - if(lf==null) { - byRole.put(f.role,lf = new ArrayList<Future>()); - } - lf.add(f); + if(f.role==null) { + continue; } + List<Future> lf = byRole.get(f.role); + if(lf==null) { + lf = new ArrayList<>(); + byRole.put(f.role,lf); + } + lf.add(f); + } } finally { tt.done(); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/NsAttrib.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/NsAttrib.java index bb76c34c..eafbe909 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/NsAttrib.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/NsAttrib.java @@ -23,6 +23,7 @@ package org.onap.aaf.auth.helpers; import java.util.ArrayList; import java.util.List; +import java.util.SortedMap; import java.util.TreeMap; import org.onap.aaf.misc.env.Env; @@ -36,11 +37,24 @@ import com.datastax.driver.core.SimpleStatement; import com.datastax.driver.core.Statement; public class NsAttrib { - public static final List<NsAttrib> data = new ArrayList<NsAttrib>(); - public static final TreeMap<String,List<NsAttrib>> byKey = new TreeMap<String,List<NsAttrib>>(); - public static final TreeMap<String,List<NsAttrib>> byNS = new TreeMap<String,List<NsAttrib>>(); + public static final List<NsAttrib> data = new ArrayList<>(); + public static final SortedMap<String,List<NsAttrib>> byKey = new TreeMap<>(); + public static final SortedMap<String,List<NsAttrib>> byNS = new TreeMap<>(); - public final String ns,key,value; + public final String ns; + public final String key; + public final String value; + public static Creator<NsAttrib> v2_0_11 = new Creator<NsAttrib>() { + @Override + public NsAttrib create(Row row) { + return new NsAttrib(row.getString(0), row.getString(1), row.getString(2)); + } + + @Override + public String select() { + return "select ns,key,value from authz.ns_attrib"; + } + }; public NsAttrib(String ns, String key, String value) { this.ns = ns; @@ -69,14 +83,14 @@ public class NsAttrib { List<NsAttrib> lna = byKey.get(ur.key); if(lna==null) { - lna = new ArrayList<NsAttrib>(); + lna = new ArrayList<>(); byKey.put(ur.key, lna); } lna.add(ur); lna = byNS.get(ur.ns); if(lna==null) { - lna = new ArrayList<NsAttrib>(); + lna = new ArrayList<>(); byNS.put(ur.ns, lna); } lna.add(ur); @@ -87,19 +101,6 @@ public class NsAttrib { } } - public static Creator<NsAttrib> v2_0_11 = new Creator<NsAttrib>() { - @Override - public NsAttrib create(Row row) { - return new NsAttrib(row.getString(0), row.getString(1), row.getString(2)); - } - - @Override - public String select() { - return "select ns,key,value from authz.ns_attrib"; - } - }; - - public String toString() { return '"' + ns + "\",\"" + key + "\",\"" + value +'"'; } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index c90dcccf..ea726480 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -53,7 +53,8 @@ public abstract class CA { public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<String>()); - private final String name,env; + private final String name; + private final String env; private MessageDigest messageDigest; private final String permType; private Set<String> caIssuerDNs; @@ -70,7 +71,7 @@ public abstract class CA { if(permType==null) { throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } - caIssuerDNs = new HashSet<String>(); + caIssuerDNs = new HashSet<>(); String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; @@ -79,13 +80,14 @@ public abstract class CA { throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } access.log(Level.INFO, tag, "=",fields); - for(RDN rdn : rdns = RDN.parse('/',fields)) { + rdns = RDN.parse('/',fields); + for(RDN rdn : rdns) { if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT); } } - idDomains = new ArrayList<String>(); + idDomains = new ArrayList<>(); StringBuilder sb = null; for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) { if(s.length()>0) { @@ -102,14 +104,14 @@ public abstract class CA { access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb); } - String data_dir = access.getProperty(CM_PUBLIC_DIR,null); - if(data_dir!=null) { - File data = new File(data_dir); + String dataDir = access.getProperty(CM_PUBLIC_DIR,null); + if(dataDir!=null) { + File data = new File(dataDir); byte[] bytes; if(data.exists()) { - String trust_cas = access.getProperty(CM_TRUST_CAS,null); - if(trust_cas!=null) { - for(String fname : Split.splitTrim(',', trust_cas)) { + String trustCas = access.getProperty(CM_TRUST_CAS,null); + if(trustCas!=null) { + for(String fname : Split.splitTrim(',', trustCas)) { File crt = new File(data,fname); if(crt.exists()) { access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath()); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index 0d494acd..ee73dbdc 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -59,21 +59,21 @@ public class JscepCA extends CA { static final String CA_PREFIX = "http://"; static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll"; - private final static String MS_PROFILE="1"; - private final static int MAX_RETRY=3; + private static final String MS_PROFILE="1"; + private static final int MAX_RETRY=3; public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins // package on purpose - private Map<String,X509ChainWithIssuer> mxcwi_s; - private Map<Client,X509ChainWithIssuer> mxcwi_c; + private Map<String,X509ChainWithIssuer> mxcwiS; + private Map<Client,X509ChainWithIssuer> mxcwiC; private JscepClientLocator clients; public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException { super(access, name, env); - mxcwi_s = new ConcurrentHashMap<String,X509ChainWithIssuer>(); - mxcwi_c = new ConcurrentHashMap<Client,X509ChainWithIssuer>(); + mxcwiS = new ConcurrentHashMap<>(); + mxcwiC = new ConcurrentHashMap<>(); if(params.length<2) { throw new CertException("No Trust Chain parameters are included"); @@ -110,7 +110,7 @@ public class JscepCA extends CA { dir = dir + '/'; } String path; - List<FileReader> frs = new ArrayList<FileReader>(params.length-1); + List<FileReader> frs = new ArrayList<>(params.length-1); try { for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j]; @@ -119,7 +119,7 @@ public class JscepCA extends CA { } X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs); addCaIssuerDN(xcwi.getIssuerDN()); - mxcwi_s.put(params[i][0],xcwi); + mxcwiS.put(params[i][0],xcwi); } finally { for(FileReader fr : frs) { if(fr!=null) { @@ -173,26 +173,16 @@ public class JscepCA extends CA { break; } } - X509ChainWithIssuer mxcwi = mxcwi_c.get(client); + X509ChainWithIssuer mxcwi = mxcwiC.get(client); return new X509ChainWithIssuer(mxcwi,x509); -// break; + } else if (er.isPending()) { trans.checkpoint("Polling, waiting on CA to complete"); Thread.sleep(3000); } else if (er.isFailure()) { -// switch(er.getFailInfo()) { -// case badMessageCheck: -// throw new ClientException("Received BadMessageCheck from Jscep"); -// case badAlg: -// case badCertId: -// case badRequest: -// case badTime: -// default: -// } throw new CertException(clients.info(item)+':'+er.getFailInfo().toString()); } } - //i=MAX_RETRY; } catch(LocatorException e) { trans.error().log(e); i=MAX_RETRY; @@ -246,7 +236,7 @@ public class JscepCA extends CA { } ); // Map URL to Client, because Client doesn't expose Connection - mxcwi_c.put(c,mxcwi_s.get(urlinfo)); + mxcwiC.put(c, mxcwiS.get(urlinfo)); return c; } catch (MalformedURLException e) { throw new LocatorException(e); @@ -260,7 +250,7 @@ public class JscepCA extends CA { @Override protected void _destroy(Client client) { - mxcwi_c.remove(client); + mxcwiC.remove(client); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index cd8886da..e2287c3b 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -97,7 +97,7 @@ public class LocalCA extends CA { String fileName = f.getName(); if(fileName.endsWith(".key")) { caKey = Factory.toPrivateKey(NullTrans.singleton(),f); - List<FileReader> frs = new ArrayList<FileReader>(params.length-1); + List<FileReader> frs = new ArrayList<>(params.length-1); try { String dir = access.getProperty(CM_PUBLIC_DIR, ""); if(!"".equals(dir) && !dir.endsWith("/")) { @@ -128,8 +128,8 @@ public class LocalCA extends CA { KeyStore keyStore; FileInputStream fis = null; if(fileName.endsWith(".pkcs11")) { - String ksType; - p = Factory.getSecurityProvider(ksType="PKCS11",params); + String ksType="PKCS11"; + p = Factory.getSecurityProvider(ksType,params); keyStore = KeyStore.getInstance(ksType,p); } else if(fileName.endsWith(".jks")) { keyStore = KeyStore.getInstance("JKS"); @@ -216,7 +216,7 @@ public class LocalCA extends CA { SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent())) // new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded())) ); - List<GeneralName> lsan = new ArrayList<GeneralName>(); + List<GeneralName> lsan = new ArrayList<>(); for(String s : csrmeta.sans()) { lsan.add(new GeneralName(GeneralName.dNSName,s)); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java index 6f3062bb..6ba5a37f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java @@ -45,24 +45,26 @@ public class X509ChainWithIssuer extends X509andChain { Collection<? extends Certificate> certs; X509Certificate x509; for(Reader rdr : rdrs) { - if(rdr!=null) { // cover for badly formed array - byte[] bytes = Factory.decode(rdr); - try { - certs = Factory.toX509Certificate(bytes); - } catch (CertificateException e) { - throw new CertException(e); + if(rdr==null) { // cover for badly formed array + continue; + } + byte[] bytes = Factory.decode(rdr); + try { + certs = Factory.toX509Certificate(bytes); + } catch (CertificateException e) { + throw new CertException(e); + } + for(Certificate c : certs) { + x509=(X509Certificate)c; + Principal subject = x509.getSubjectDN(); + if(subject==null) { + continue; } - for(Certificate c : certs) { - x509=(X509Certificate)c; - Principal subject = x509.getSubjectDN(); - if(subject!=null) { - if(cert==null) { // first in Trust Chain - issuerDN= subject.toString(); - } - addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. - } + if(cert==null) { // first in Trust Chain + issuerDN = subject.toString(); } + addTrustChainEntry(x509); + cert=x509; // adding each time makes sure last one is signer. } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index 2541bea0..2b763f7f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -60,17 +60,16 @@ public class CSRMeta { private String email; private String challenge; private List<RDN> rdns; - - public CSRMeta(List<RDN> rdns) { - this.rdns = rdns; - } - - private ArrayList<String> sanList = new ArrayList<String>(); + private ArrayList<String> sanList = new ArrayList<>(); private KeyPair keyPair; private X500Name name = null; private SecureRandom random = new SecureRandom(); - public X500Name x500Name() throws IOException { + public CSRMeta(List<RDN> rdns) { + this.rdns = rdns; + } + + public X500Name x500Name() { if(name==null) { X500NameBuilder xnb = new X500NameBuilder(); xnb.addRDN(BCStyle.CN,cn); @@ -99,7 +98,7 @@ public class CSRMeta { } int plus = email==null?0:1; - if(sanList.size()>0) { + if(!sanList.isEmpty()) { GeneralName[] gna = new GeneralName[sanList.size()+plus]; int i=-1; for(String s : sanList) { @@ -114,10 +113,7 @@ public class CSRMeta { }) ); } - - if(email!=null) { - - } + try { return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate())); } catch (OperatorCreationException e) { @@ -129,27 +125,29 @@ public class CSRMeta { public static void dump(PKCS10CertificationRequest csr) { Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { - if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { - Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); - GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); - GeneralName[] names = gns.getNames(); - for(int k=0; k < names.length; k++) { - String title = ""; - if(names[k].getTagNo() == GeneralName.dNSName) { - title = "dNSName"; - } else if(names[k].getTagNo() == GeneralName.iPAddress) { - title = "iPAddress"; - // Deprecated, but I don't see anything better to use. - names[k].toASN1Object(); - } else if(names[k].getTagNo() == GeneralName.otherName) { - title = "otherName"; - } else if(names[k].getTagNo() == GeneralName.rfc822Name) { - title = "email"; - } + if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { + continue; + } + + Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); + GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); + GeneralName[] names = gns.getNames(); + for(int k=0; k < names.length; k++) { + String title = ""; + if(names[k].getTagNo() == GeneralName.dNSName) { + title = "dNSName"; + } else if(names[k].getTagNo() == GeneralName.iPAddress) { + title = "iPAddress"; + // Deprecated, but I don't see anything better to use. + names[k].toASN1Object(); + } else if(names[k].getTagNo() == GeneralName.otherName) { + title = "otherName"; + } else if(names[k].getTagNo() == GeneralName.rfc822Name) { + title = "email"; + } - System.out.println(title + ": "+ names[k].getName()); - } - } + System.out.println(title + ": "+ names[k].getName()); + } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java index 3d865d30..16517c95 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java @@ -97,50 +97,51 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { */ @Override public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException { - if(in.isOK()) { - CertResp cin = in.value; - CertInfo cout = newInstance(API.CERT); - cout.setPrivatekey(cin.privateString()); - String value; - if((value=cin.challenge())!=null) { - cout.setChallenge(value); - } - cout.getCerts().add(cin.asCertString()); - if(cin.trustChain()!=null) { - for(String c : cin.trustChain()) { - if(c!=null) { - cout.getCerts().add(c); - } + if(!in.isOK()) { + return Result.err(in); + } + + CertResp cin = in.value; + CertInfo cout = newInstance(API.CERT); + cout.setPrivatekey(cin.privateString()); + String value; + if((value=cin.challenge())!=null) { + cout.setChallenge(value); + } + cout.getCerts().add(cin.asCertString()); + if(cin.trustChain()!=null) { + for(String c : cin.trustChain()) { + if(c!=null) { + cout.getCerts().add(c); } } - // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup - // Certs in keystore versus Truststore. Separate in Version 2_0 - if(cin.trustCAs()!=null) { - for(String c : cin.trustCAs()) { - if(c!=null) { - cout.getCerts().add(c); - } + } + // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup + // Certs in keystore versus Truststore. Separate in Version 2_0 + if(cin.trustCAs()!=null) { + for(String c : cin.trustCAs()) { + if(c!=null) { + cout.getCerts().add(c); } } - if(cin.notes()!=null) { - boolean first = true; - StringBuilder sb = new StringBuilder(); - for(String n : cin.notes()) { - if(first) { - first = false; - } else { - sb.append('\n'); - } - sb.append(n); + } + if(cin.notes()!=null) { + boolean first = true; + StringBuilder sb = new StringBuilder(); + for(String n : cin.notes()) { + if(first) { + first = false; + } else { + sb.append('\n'); } - cout.setNotes(sb.toString()); + sb.append(n); } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); - cout.setEnv(cin.env()); - return Result.ok(cout); - } else { - return Result.err(in); + cout.setNotes(sb.toString()); } + cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); + cout.setEnv(cin.env()); + return Result.ok(cout); + } @Override @@ -171,9 +172,10 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { CertReq out = new CertReq(); CertmanValidator v = new CertmanValidator(); - v.isNull("CertRequest", req) - .nullOrBlank("MechID", out.mechid=in.getMechid()); - v.nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1); + out.mechid=in.getMechid(); + out.fqdns=in.getFqdns(); + v.isNull("CertRequest", req).nullOrBlank("MechID", out.mechid); + v.nullBlankMin("FQDNs", out.fqdns,1); if(v.err()) { return Result.err(Result.ERR_BadData, v.errs()); } @@ -206,7 +208,7 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { */ @Override public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) { - List<ArtiDAO.Data> ladd = new ArrayList<ArtiDAO.Data>(); + List<ArtiDAO.Data> ladd = new ArrayList<>(); for(Artifact arti : artifacts.getArtifact()) { ArtiDAO.Data data = new ArtiDAO.Data(); data.mechid = arti.getMechid(); @@ -226,10 +228,8 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { // Derive Optional Data from Machine (Domain) if exists if(data.machine!=null) { - if(data.ca==null) { - if(data.machine.endsWith(".att.com")) { + if(data.ca==null && data.machine.endsWith(".att.com")) { data.ca = "aaf"; // default - } } if(data.ns==null ) { data.ns=FQI.reverseDomain(data.machine); diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml index 1adf1350..3f7c74a3 100644 --- a/auth/auth-cmd/pom.xml +++ b/auth/auth-cmd/pom.xml @@ -95,7 +95,6 @@ <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> - <version>1.6.7</version> <extensions>true</extensions> <configuration> <nexusUrl>${nexusproxy}</nexusUrl> @@ -106,7 +105,6 @@ <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> - <version>${jacoco.version}</version> <configuration> <excludes> <exclude>**/gen/**</exclude> @@ -165,6 +163,35 @@ </execution> </executions> </plugin> + <plugin> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <classifier>tests</classifier> + <archive> + <manifest> + <mainClass>org.onap.aaf.auth.cmd.AAFcli</mainClass> + </manifest> + <manifestEntries> + <Sealed>true</Sealed> + </manifestEntries> + </archive> + </configuration> + <executions> + <execution> + <id>full</id> + <phase>package</phase> + <goals> + <goal>single</goal> + </goals> + <configuration> + <descriptors> + <descriptor>src/assemble/auth-cmd.xml</descriptor> + </descriptors> + </configuration> + </execution> + </executions> + </plugin> + </plugins> </build> @@ -172,13 +199,11 @@ <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> - <version>${project.version}</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-core</artifactId> - <version>${project.version}</version> </dependency> <dependency> diff --git a/auth/auth-cmd/src/assemble/auth-cmd.xml b/auth/auth-cmd/src/assemble/auth-cmd.xml new file mode 100644 index 00000000..7a86ea84 --- /dev/null +++ b/auth/auth-cmd/src/assemble/auth-cmd.xml @@ -0,0 +1,34 @@ +<?xml version='1.0' encoding='utf-8'?> +<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd"> + + <id>full</id> + <formats> + <format>jar</format> + </formats> + + <includeBaseDirectory>false</includeBaseDirectory> + <dependencySets> + <dependencySet> + <unpack>true</unpack> + <scope>compile</scope> + <includes> + <include>org.onap.aaf.authz:aaf-auth-cmd</include> + <include>org.onap.aaf.authz:aaf-auth-core</include> + <include>org.onap.aaf.authz:aaf-auth-client</include> + <include>org.onap.aaf.authz:aaf-cadi-aaf</include> + <include>org.onap.aaf.authz:aaf-cadi-core</include> + <include>org.onap.aaf.authz:aaf-cadi-client</include> + <include>org.onap.aaf.authz:aaf-misc-env</include> + <include>org.onap.aaf.authz:aaf-misc-rosetta</include> + <include>jline:jline</include> + </includes> + </dependencySet> + + </dependencySets> + <fileSets> + <fileSet> + <directory>src/main/xsd</directory> + </fileSet> + </fileSets> +</assembly>
\ No newline at end of file diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java index 72aa0ccd..2efbff73 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java @@ -42,11 +42,11 @@ import org.onap.aaf.auth.cmd.user.User; import org.onap.aaf.auth.common.Define; import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Locator; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.SecuritySetter; -import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.aaf.v2_0.AAFLocator; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; @@ -59,7 +59,6 @@ import org.onap.aaf.misc.env.APIException; import jline.console.ConsoleReader; public class AAFcli { - private static final String HTTPS = "https://"; protected static PrintWriter pw; protected HMangr hman; // Storage for last reused client. We can do this @@ -439,174 +438,167 @@ public class AAFcli { AAFSSO aafsso = new AAFSSO(args); try { PropAccess access = aafsso.access(); - Define.set(access); - AuthzEnv env = new AuthzEnv(access); - - StringBuilder err = aafsso.err(); - String noexit = access.getProperty("no_exit"); - if (err != null) { - err.append("to continue..."); - System.err.println(err); - if(noexit!=null) { - System.exit(1); - } - } - - Reader rdr = null; - boolean exitOnFailure = true; - /* - * Check for "-" options anywhere in command line - */ - StringBuilder sb = new StringBuilder(); - for (int i = 0; i < args.length; ++i) { - if ("-i".equalsIgnoreCase(args[i])) { - rdr = new InputStreamReader(System.in); - // } else if("-o".equalsIgnoreCase(args[i])) { - // // shall we do something different? Output stream is - // already done... - } else if ("-f".equalsIgnoreCase(args[i])) { - if (args.length > i + 1) { - rdr = new FileReader(args[++i]); - } - } else if ("-a".equalsIgnoreCase(args[i])) { - exitOnFailure = false; - } else if ("-c".equalsIgnoreCase(args[i])) { - isConsole = true; - } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) { - access.setProperty(Cmd.STARTDATE, args[++i]); - } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) { - access.setProperty(Cmd.ENDDATE, args[++i]); - } else if ("-t".equalsIgnoreCase(args[i])) { - isTest = true; - } else if ("-d".equalsIgnoreCase(args[i])) { - showDetails = true; - } else if ("-n".equalsIgnoreCase(args[i])) { - ignoreDelay = true; - } else { - if (sb.length() > 0) { - sb.append(' '); - } - sb.append(args[i]); - } - } - - SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class); - Locator<URI> loc; - String aafUrl = access.getProperty(Config.AAF_URL); - if(aafUrl==null) { - aafsso.setLogDefault(); - aafsso.setStdErrDefault(); - aafUrl=AAFSSO.cons.readLine("aaf_url=%s", HTTPS); - if(aafUrl.length()==0) { - System.exit(0); - } else if(!aafUrl.startsWith(HTTPS)) { - aafUrl=HTTPS+aafUrl; - } - aafsso.addProp(Config.AAF_URL, aafUrl); - } - // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan - if(!aafsso.loginOnly()) { - try { - loc = new AAFLocator(si,new URI(aafUrl)); - } catch (Throwable t) { - aafsso.setStdErrDefault(); - throw t; - } finally { - // Other Access is done writing to StdOut and StdErr, reset Std out - aafsso.setLogDefault(); - } - - TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF)); - HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion("2.0"); + if(aafsso.ok()) { + Define.set(access); + AuthzEnv env = new AuthzEnv(access); - if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) { - access.log(Level.ERROR, Config.AAF_DEFAULT_REALM,"is required"); + Reader rdr = null; + boolean exitOnFailure = true; + /* + * Check for "-" options anywhere in command line + */ + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < args.length; ++i) { + if ("-i".equalsIgnoreCase(args[i])) { + rdr = new InputStreamReader(System.in); + // } else if("-o".equalsIgnoreCase(args[i])) { + // // shall we do something different? Output stream is + // already done... + } else if ("-f".equalsIgnoreCase(args[i])) { + if (args.length > i + 1) { + rdr = new FileReader(args[++i]); + } + } else if ("-a".equalsIgnoreCase(args[i])) { + exitOnFailure = false; + } else if ("-c".equalsIgnoreCase(args[i])) { + isConsole = true; + } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) { + access.setProperty(Cmd.STARTDATE, args[++i]); + } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) { + access.setProperty(Cmd.ENDDATE, args[++i]); + } else if ("-t".equalsIgnoreCase(args[i])) { + isTest = true; + } else if ("-d".equalsIgnoreCase(args[i])) { + showDetails = true; + } else if ("-n".equalsIgnoreCase(args[i])) { + ignoreDelay = true; + } else { + if (sb.length() > 0) { + sb.append(' '); + } + sb.append(args[i]); + } } + SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class); + Locator<URI> loc; - AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si, - new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false))); - if(!ignoreDelay) { - File delay = new File("aafcli.delay"); - if(delay.exists()) { - BufferedReader br = new BufferedReader(new FileReader(delay)); - try { - globalDelay = Integer.parseInt(br.readLine()); - } catch(Exception e) { - access.log(Level.DEBUG,e); - } finally { - br.close(); + aafsso.setLogDefault(); + aafsso.setStdErrDefault(); + + // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan + if(!aafsso.loginOnly()) { + try { + loc = new AAFLocator(si,new URI(access.getProperty(Config.AAF_URL))); + } catch (Throwable t) { + aafsso.setStdErrDefault(); + throw t; + } finally { + // Other Access is done writing to StdOut and StdErr, reset Std out + aafsso.setLogDefault(); + } + + TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF)); + HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion(Config.AAF_DEFAULT_VERSION); + + if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) { + access.setProperty(Config.AAF_DEFAULT_REALM, "people.osaaf.org"); + aafsso.addProp(Config.AAF_DEFAULT_REALM, "people.osaaf.org"); + } + + + AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si, + new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false))); + if(!ignoreDelay) { + File delay = new File("aafcli.delay"); + if(delay.exists()) { + BufferedReader br = new BufferedReader(new FileReader(delay)); + try { + globalDelay = Integer.parseInt(br.readLine()); + } catch(Exception e) { + access.log(Level.DEBUG,e); + } finally { + br.close(); + } } } - } - try { - if (isConsole) { - System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands"); - System.out.println("Type '?' for help with command line editing"); - System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n"); - - ConsoleReader reader = new ConsoleReader(); - try { - reader.setPrompt("aafcli > "); + try { + if (isConsole) { + System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands"); + System.out.println("Type '?' for help with command line editing"); + System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n"); + ConsoleReader reader = new ConsoleReader(); + try { + reader.setPrompt("aafcli > "); + + String line; + while ((line = reader.readLine()) != null) { + showDetails = (line.contains("-d"))?true:false; + + if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) { + break; + } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d") + || line.equalsIgnoreCase("help")) { + line = "--help"; + } else if (line.equalsIgnoreCase("cls")) { + reader.clearScreen(); + continue; + } else if (line.equalsIgnoreCase("?")) { + keyboardHelp(); + continue; + } + try { + aafcli.eval(line); + pw.flush(); + } catch (Exception e) { + pw.println(e.getMessage()); + pw.flush(); + } + } + } finally { + reader.close(); + } + } else if (rdr != null) { + BufferedReader br = new BufferedReader(rdr); String line; - while ((line = reader.readLine()) != null) { - showDetails = (line.contains("-d"))?true:false; - - if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) { + while ((line = br.readLine()) != null) { + if (!aafcli.eval(line) && exitOnFailure) { + rv = 1; break; - } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d") - || line.equalsIgnoreCase("help")) { - line = "--help"; - } else if (line.equalsIgnoreCase("cls")) { - reader.clearScreen(); - continue; - } else if (line.equalsIgnoreCase("?")) { - keyboardHelp(); - continue; - } - try { - aafcli.eval(line); - pw.flush(); - } catch (Exception e) { - pw.println(e.getMessage()); - pw.flush(); } } - } finally { - reader.close(); - } - } else if (rdr != null) { - BufferedReader br = new BufferedReader(rdr); - String line; - while ((line = br.readLine()) != null) { - if (!aafcli.eval(line) && exitOnFailure) { - rv = 1; - break; + } else { // just run the command line + aafcli.verbose(false); + if (sb.length() == 0) { + sb.append("--help"); } + rv = aafcli.eval(sb.toString()) ? 0 : 1; } - } else { // just run the command line - aafcli.verbose(false); - if (sb.length() == 0) { - sb.append("--help"); + + } finally { + aafcli.close(); + + // Don't close if No Reader, or it's a Reader of Standard In + if (rdr != null && !(rdr instanceof InputStreamReader)) { + rdr.close(); } - rv = aafcli.eval(sb.toString()) ? 0 : 1; - } - - } finally { - aafcli.close(); - - // Don't close if No Reader, or it's a Reader of Standard In - if (rdr != null && !(rdr instanceof InputStreamReader)) { - rdr.close(); } } } - aafsso.writeFiles(); } finally { aafsso.close(); + StringBuilder err = aafsso.err(); + String noexit = aafsso.access().getProperty("no_exit"); + if (err != null) { + err.append("to continue..."); + System.err.println(err); + } + if(noexit==null) { + return; + } + } - } catch (MessageException e) { System.out.println("MessageException caught"); diff --git a/auth/auth-cmd/temp b/auth/auth-cmd/temp deleted file mode 100644 index e69de29b..00000000 --- a/auth/auth-cmd/temp +++ /dev/null diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java index 6f0ea084..1e7a0530 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java @@ -51,7 +51,7 @@ public class Define { } public static void set(Access access) throws CadiException { - ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.onap.aaf"); + ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.osaaf.aaf"); ROOT_COMPANY = access.getProperty(Config.AAF_ROOT_COMPANY,null); if(ROOT_COMPANY==null) { int last = ROOT_NS.lastIndexOf('.'); diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_Organization.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_Organization.java index 7599241e..b898e885 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_Organization.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_Organization.java @@ -85,5 +85,4 @@ public class JU_Organization { Assert.assertTrue(Organization.NULL.getPasswordRules() instanceof String[]); } - } diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java index 9120ceb2..e1bfda5b 100644 --- a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java +++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java @@ -145,7 +145,13 @@ public class JU_DefaultOrg { assertEquals(response.name(), "OK"); } - + + @Test + public void testDefOrgPasswords() { + assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "new2You!", "Pilgrim"),""); + assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "new2you!", "Pilgrim"),""); + + } @Test public void testDefOrgNotifyPasswordExpiration_returnResponseOK() { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java index da552aeb..bc9811ba 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java @@ -135,12 +135,12 @@ public class ApprovalForm extends Page { @Override public Cells get(final AuthzTrans trans, final AAF_GUI gui) { final String userParam = trans.get(sUser, null); - ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>(); + ArrayList<AbsCell[]> rv = new ArrayList<>(); String msg = null; TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE); try { - final List<Approval> pendingApprovals = new ArrayList<Approval>(); - final List<Integer> beginIndicesPerApprover = new ArrayList<Integer>(); + final List<Approval> pendingApprovals = new ArrayList<>(); + final List<Integer> beginIndicesPerApprover = new ArrayList<>(); int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException { @@ -150,12 +150,10 @@ public class ApprovalForm extends Page { if(fa.value!=null) { for (Approval appr : fa.value.getApprovals()) { - if (appr.getStatus().equals("pending")) { - if (userParam!=null) { - if (!appr.getUser().equalsIgnoreCase(userParam)) { + if ("pending".equals(appr.getStatus())) { + if (userParam!=null && !appr.getUser().equalsIgnoreCase(userParam)) { numLeft++; continue; - } } pendingApprovals.add(appr); } @@ -178,7 +176,7 @@ public class ApprovalForm extends Page { } }); - if (pendingApprovals.size() > 0) { + if (!pendingApprovals.isEmpty()) { // Only add select all links if we have approvals AbsCell[] selectAllRow = new AbsCell[] { AbsCell.Null, @@ -191,7 +189,7 @@ public class ApprovalForm extends Page { int line=-1; - while (beginIndicesPerApprover.size() > 0) { + while (!beginIndicesPerApprover.isEmpty()) { int beginIndex = beginIndicesPerApprover.remove(0); int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0)); List<Approval> currApproverList = pendingApprovals.subList(beginIndex, endIndex); @@ -243,7 +241,7 @@ public class ApprovalForm extends Page { } else { Identity au = org.getIdentity(trans, user); if(au!=null) { - if(au.type().equals("MECHID")) { + if("MECHID".equals(au.type())) { Identity managedBy = au.responsibleTo(); if(managedBy==null) { title ="title=" + au.type(); @@ -258,12 +256,13 @@ public class ApprovalForm extends Page { title="title=Not a User at " + org.getName(); } } - userCell = new RefCell(prevUser=user, + prevUser=user; + userCell = new RefCell(prevUser, TODO_ILM_INFO+user.substring(0, user.length()-DOMAIN_OF_USER.length()), true, title); } else { - userCell = new TextCell(prevUser=user); + userCell = new TextCell(prevUser); } AbsCell[] sa = new AbsCell[] { userCell, @@ -280,7 +279,7 @@ public class ApprovalForm extends Page { if(numLeft>0) { msg = "After these, there will be " + numLeft + " approvals left to process"; } - if(rv.size()==0) { + if(rv.isEmpty()) { if (numLeft>0) { msg = "No Approvals to process at this time for user " + userParam +". You have " + numLeft + " other approvals to process."; diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java index 1bffbb6f..96ec002e 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java @@ -196,10 +196,11 @@ public class NsHistory extends Page { String user = i.getUser(); AbsCell userCell = new TextCell(user); + String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>"); rv.add(new AbsCell[] { new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), userCell, - new TextCell(i.getMemo()) + new TextCell(memo) }); } } finally { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java index 64a0db17..b7a9960c 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java @@ -207,11 +207,11 @@ public class PermHistory extends Page { for (Item i : histItems) { String user = i.getUser(); AbsCell userCell = new TextCell(user); - + String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>"); rv.add(new AbsCell[] { new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), userCell, - new TextCell(i.getMemo()) + new TextCell(memo) }); } diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java index 37526b86..a4d8bed3 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java @@ -121,35 +121,38 @@ public class RoleDetail extends Page { Future<Roles> fr = client.read("/authz/roles/"+pRole+"?ns",gui.getDF(Roles.class)); Future<UserRoles> fur = client.read("/authz/userRoles/role/"+pRole,gui.getDF(UserRoles.class)); if(fr.get(AAF_GUI.TIMEOUT)) { - Role role = fr.value.getRole().get(0); - trans.put(sRole, role); - Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write")); - trans.put(sMayWrite,mayWrite); - Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve")); - trans.put(sMayApprove, mayApprove); - - if(mayWrite || mayApprove) { - Mark js = new Mark(); - Mark fn = new Mark(); - hgen.js(js) - .function(fn,"touchedDesc") - .li("d=document.getElementById('descText');", - "if (d.orig == undefined ) {", - " d.orig = d.value;", - " d.addEventListener('keyup',changedDesc);", - " d.removeEventListener('keypress',touchedDesc);", - "}").end(fn) - .function(fn,"changedDesc") - .li( - "dcb=document.getElementById('descCB');", - "d=document.getElementById('descText');", - "dcb.checked= (d.orig != d.value)" - ).end(fn) - .end(js); - - Mark mark = new Mark(); - hgen.incr(mark,"form","method=post"); - trans.put(sMark, mark); + List<Role> roles = fr.value.getRole(); + if(!roles.isEmpty()) { + Role role = fr.value.getRole().get(0); + trans.put(sRole, role); + Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write")); + trans.put(sMayWrite,mayWrite); + Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve")); + trans.put(sMayApprove, mayApprove); + + if(mayWrite || mayApprove) { + Mark js = new Mark(); + Mark fn = new Mark(); + hgen.js(js) + .function(fn,"touchedDesc") + .li("d=document.getElementById('descText');", + "if (d.orig == undefined ) {", + " d.orig = d.value;", + " d.addEventListener('keyup',changedDesc);", + " d.removeEventListener('keypress',touchedDesc);", + "}").end(fn) + .function(fn,"changedDesc") + .li( + "dcb=document.getElementById('descCB');", + "d=document.getElementById('descText');", + "dcb.checked= (d.orig != d.value)" + ).end(fn) + .end(js); + + Mark mark = new Mark(); + hgen.incr(mark,"form","method=post"); + trans.put(sMark, mark); + } } } else { trans.error().printf("Error calling AAF for Roles in GUI, Role Detail %d: %s",fr.code(),fr.body()); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java index 7b07b60d..5f7625aa 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java @@ -38,7 +38,6 @@ import org.onap.aaf.auth.gui.Page; import org.onap.aaf.auth.gui.Table; import org.onap.aaf.auth.gui.Table.Cells; import org.onap.aaf.auth.gui.table.AbsCell; -import org.onap.aaf.auth.gui.table.RefCell; import org.onap.aaf.auth.gui.table.TableData; import org.onap.aaf.auth.gui.table.TextCell; import org.onap.aaf.cadi.CadiException; @@ -195,11 +194,12 @@ public class RoleHistory extends Page { for (Item i : histItems) { String user = i.getUser(); AbsCell userCell = new TextCell(user); - + + String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>"); rv.add(new AbsCell[] { new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), userCell, - new TextCell(i.getMemo()) + new TextCell(memo) }); } } else { diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index e8468d6a..519721ce 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -1574,7 +1574,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS } // Look up data - Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, role); + int query = role.indexOf('?'); + Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query)); if(rlrd.isOK()) { // Note: Mapper will restrict what can be viewed ROLES roles = mapper.newInstance(API.ROLES); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java index a6bbbb0b..61b5338b 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java @@ -154,7 +154,8 @@ public class ServiceValidator extends Validator { } if(org.supportsRealm(cd.id)) { - if(isNew && (str=org.isValidID(trans, str)).length()>0) { + String resp = org.isValidID(trans, str); + if(isNew && (resp!=null && resp.length()>0)) { msg(cd.id,str); } } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java index e7e3ef35..7a983104 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java @@ -67,22 +67,32 @@ public class AAFLocator extends AbsAAFLocator<BasicTrans> { int connectTimeout = Integer.parseInt(si.access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF)); try { String[] path = Split.split('/',locatorURI.getPath()); - if(path.length>2 && "locate".equals(path[1])) { + String host = locatorURI.getHost(); + if(host==null) { + host = locatorURI.getAuthority(); // this happens when no port + } + if("AAF_LOCATE_URL".equals(host)) { + URI uri = new URI( + locatorURI.getScheme(), + locatorURI.getUserInfo(), + aaf_locator_uri.getHost(), + aaf_locator_uri.getPort(), + "/locate"+locatorURI.getPath(), + null, + null + ); + client = createClient(ss, uri, connectTimeout); + } else if(path.length>1 && "locate".equals(path[1])) { StringBuilder sb = new StringBuilder(); for(int i=3;i<path.length;++i) { sb.append('/'); sb.append(path[i]); } setPathInfo(sb.toString()); - String host = locatorURI.getHost(); - if(aaf_locator_host!=null && (host==null || "AAF_LOCATOR_URL".equals(host))) { - int slash = aaf_locator_host.lastIndexOf("//"); - host = aaf_locator_host.substring(slash+2); - } URI uri = new URI( locatorURI.getScheme(), locatorURI.getUserInfo(), - host, + locatorURI.getHost(), locatorURI.getPort(), "/locate/"+name + '/' + version, null, @@ -93,7 +103,6 @@ public class AAFLocator extends AbsAAFLocator<BasicTrans> { client = new HClient(ss, locatorURI, connectTimeout); } epsDF = env.newDataFactory(Endpoints.class); - refresh(); } catch (APIException | URISyntaxException e) { throw new LocatorException(e); } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java index fc297606..312c58e9 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java @@ -58,12 +58,22 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> protected String myhostname; protected int myport; protected final String aaf_locator_host; + protected final URI aaf_locator_uri; private long earliest; private final long refreshWait; public AbsAAFLocator(Access access, String name, final long refreshMin) throws LocatorException { aaf_locator_host = access.getProperty(Config.AAF_LOCATE_URL, null); + if(aaf_locator_host==null) { + aaf_locator_uri = null; + } else { + try { + aaf_locator_uri = new URI(aaf_locator_host); + } catch (URISyntaxException e) { + throw new LocatorException(e); + } + } epList = new LinkedList<EP>(); refreshWait = refreshMin; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/AbsOTafLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/AbsOTafLur.java index 616e2dc9..fb844518 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/AbsOTafLur.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/AbsOTafLur.java @@ -44,9 +44,13 @@ public abstract class AbsOTafLur { protected AbsOTafLur(final PropAccess access, final String token_url, final String introspect_url) throws CadiException { this.access = access; - if((client_id = access.getProperty(Config.AAF_APPID,null))==null) { - throw new CadiException(Config.AAF_APPID + REQUIRED_FOR_OAUTH2); + String ci; + if((ci = access.getProperty(Config.AAF_APPID,null))==null) { + if((ci = access.getProperty(Config.CADI_ALIAS,null))==null) { + throw new CadiException(Config.AAF_APPID + REQUIRED_FOR_OAUTH2); + } } + client_id = ci; synchronized(access) { if(tokenClientPool==null) { diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java index 4b0c944c..0558e815 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java @@ -157,6 +157,18 @@ public class TokenClient { } catch(IOException | NoSuchAlgorithmException e) { throw new CadiException(e); } + } else { + ss = new GetSetter() { + @Override + public <CLIENT> SecuritySetter<CLIENT> get(AAFCon<CLIENT> con) throws CadiException { + try { + return con.x509Alias(client_id);// no password, assume Cert + } catch (APIException e) { + throw new CadiException(e); + } + } + }; + authn_method = AUTHN_METHOD.client_credentials; } } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java index 3f6fa599..e52df961 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java @@ -158,10 +158,8 @@ public class TokenClientFactory extends Persist<Token,TimedToken> { if(locatorURL==null) { throw new LocatorException("Cannot have a null locatorURL in bestLocator"); } - if(locatePattern.matcher(locatorURL).matches()) { + if(locatorURL.startsWith("https://AAF_LOCATE_URL/") || locatePattern.matcher(locatorURL).matches()) { return new AAFLocator(hsi,new URI(locatorURL)); - } else if(locatorURL.contains("//DME2RESOLVE/")) { - throw new LocatorException("DME2Locator doesn't exist. Use DME2 specific Clients"); } else { return new PropertyLocator(locatorURL); } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java index 8948bc3c..522568a9 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java @@ -25,17 +25,19 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; +import java.io.InputStream; import java.io.PrintStream; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.List; +import java.util.Map.Entry; import java.util.Properties; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.util.MyConsole; import org.onap.aaf.cadi.util.SubStandardConsole; @@ -43,9 +45,10 @@ import org.onap.aaf.cadi.util.TheConsole; public class AAFSSO { public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole(); - private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000; +// private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000; - private Properties diskprops = null; // use for temp storing User/Password on disk + private Properties diskprops; + private boolean touchDiskprops; private File dot_aaf = null; private File sso = null; // instantiated, if ever, with diskprops @@ -61,132 +64,316 @@ public class AAFSSO { private PrintStream os; private Method close; + private final PrintStream stdOutOrig; + private final PrintStream stdErrOrig; + private boolean ok; public AAFSSO(String[] args) throws IOException, CadiException { - String[] nargs = parseArgs(args); + ok = true; + List<String> nargs = parseArgs(args); + diskprops = new Properties(); + touchDiskprops = false; dot_aaf = new File(System.getProperty("user.home") + "/.aaf"); if (!dot_aaf.exists()) { dot_aaf.mkdirs(); } + stdOutOrig = System.out; + stdErrOrig = System.err; File f = new File(dot_aaf, "sso.out"); os = new PrintStream(new FileOutputStream(f, true)); System.setOut(os); System.setErr(os); - access = new PropAccess(os, nargs); - Config.setDefaultRealm(access); - - user = access.getProperty(Config.AAF_APPID); - encrypted_pass = access.getProperty(Config.AAF_APPPASS); - + sso = new File(dot_aaf, "sso.props"); + if(sso.exists()) { + InputStream propStream = new FileInputStream(sso); + try { + diskprops.load(propStream); + } finally { + propStream.close(); + } + } + +// String keyfile = diskprops.getProperty(Config.CADI_KEYFILE); +// if(keyfile==null) { +// keyfile = dot_aaf.getCanonicalPath()+".keyfile"; +// touchDiskprops=true; +// } File dot_aaf_kf = new File(dot_aaf, "keyfile"); - sso = new File(dot_aaf, "sso.props"); if (removeSSO) { if (dot_aaf_kf.exists()) { dot_aaf_kf.setWritable(true, true); dot_aaf_kf.delete(); } if (sso.exists()) { - sso.delete(); + Properties temp = new Properties(); + // Keep only these + for(Entry<Object, Object> es : diskprops.entrySet()) { + if(Config.CADI_LATITUDE.equals(es.getKey()) || + Config.CADI_LONGITUDE.equals(es.getKey()) || + Config.AAF_DEFAULT_REALM.equals(es.getKey())) { + temp.setProperty(es.getKey().toString(), es.getValue().toString()); + } + } + diskprops = temp; + touchDiskprops = true; } + String[] naargs = new String[nargs.size()]; + nargs.toArray(naargs); + access = new PropAccess(os, naargs); + ok = false; + setLogDefault(); System.out.println("AAF SSO information removed"); - if (doExit) { - System.exit(0); + } else { + // Config.setDefaultRealm(access); + + if (!dot_aaf_kf.exists()) { + FileOutputStream fos = new FileOutputStream(dot_aaf_kf); + try { + fos.write(Symm.keygen()); + setReadonly(dot_aaf_kf); + } finally { + fos.close(); + } } - } - if (!dot_aaf_kf.exists()) { - FileOutputStream fos = new FileOutputStream(dot_aaf_kf); - try { - fos.write(Symm.keygen()); - setReadonly(dot_aaf_kf); - } finally { - fos.close(); + for(Entry<Object, Object> es : diskprops.entrySet()) { + nargs.add(es.getKey().toString() + '=' + es.getValue().toString()); } - } - - String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props - if (keyfile == null) { - access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath()); - } - - String alias = access.getProperty(Config.CADI_ALIAS); - if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) { - user = alias; - access.setProperty(Config.AAF_APPID, user); - use_X509 = true; - } else { - use_X509 = false; - Symm decryptor = Symm.obtain(dot_aaf_kf); - if (user == null) { - if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) { - String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite... - FileInputStream fos = new FileInputStream(sso); - try { - access.load(fos); - user = access.getProperty(Config.AAF_APPID); - encrypted_pass = access.getProperty(Config.AAF_APPPASS); - // decrypt with .aaf, and re-encrypt with regular Keyfile - access.setProperty(Config.AAF_APPPASS, - access.encrypt(decryptor.depass(encrypted_pass))); - if (cm_url != null) { //Command line CM_URL Overwrites ssofile. - access.setProperty(Config.CM_URL, cm_url); + String[] naargs = new String[nargs.size()]; + nargs.toArray(naargs); + access = new PropAccess(os, naargs); + + if(loginOnly) { + for(String tag : new String[] {Config.AAF_APPID, Config.AAF_APPPASS, + Config.CADI_ALIAS, Config.CADI_KEYSTORE,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) { + access.getProperties().remove(tag); + diskprops.remove(tag); + } + touchDiskprops=true; +// TODO Do we want to require reset of Passwords at least every Eight Hours. +// } else if (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS)) { +// for(String tag : new String[] {Config.AAF_APPPASS,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) { +// access.getProperties().remove(tag); +// diskprops.remove(tag); +// } +// touchDiskprops=true; + } + + String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case its CertificateMan props + if (keyfile == null) { + access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath()); + addProp(Config.CADI_KEYFILE,dot_aaf_kf.getAbsolutePath()); + } + + + String alias, appID; + alias = access.getProperty(Config.CADI_ALIAS); + if(alias==null) { + appID = access.getProperty(Config.AAF_APPID); + user=appID; + } else { + user=alias; + appID=null; + } + + String keystore=access.getProperty(Config.CADI_KEYSTORE); + String keystore_pass=access.getProperty(Config.CADI_KEYSTORE_PASSWORD); + + if(user==null || (alias!=null && (keystore==null || keystore_pass==null))) { + String select = null; + String name; + for (File tsf : dot_aaf.listFiles()) { + name = tsf.getName(); + if (!name.contains("trust") && (name.endsWith(".jks") || name.endsWith(".p12"))) { + select = cons.readLine("Use %s for Identity? (y/n): ",tsf.getName()); + if("y".equalsIgnoreCase(select)) { + keystore = tsf.getCanonicalPath(); + access.setProperty(Config.CADI_KEYSTORE, keystore); + addProp(Config.CADI_KEYSTORE, keystore); + char[] password = cons.readPassword("Keystore Password: "); + encrypted_pass= access.encrypt(new String(password)); + access.setProperty(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass); + addProp(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass); + + // TODO READ Aliases out of Keystore? + user = alias = cons.readLine("Keystore alias: "); + access.setProperty(Config.CADI_ALIAS, user); + addProp(Config.CADI_ALIAS, user); + break; } - } finally { - fos.close(); - } - } else { - diskprops = new Properties(); - String realm = Config.getDefaultRealm(); - // Turn on Console Sysout - System.setOut(System.out); - user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm); - if (user == null) { - user = System.getProperty("user.name") + '@' + realm; - } else if (user.length() == 0) { // - user = System.getProperty("user.name") + '@' + realm; - } else if ((user.indexOf('@') < 0) && (realm != null)) { - user = user + '@' + realm; } - access.setProperty(Config.AAF_APPID, user); - diskprops.setProperty(Config.AAF_APPID, user); - encrypted_pass = new String(cons.readPassword("aaf_password: ")); - System.setOut(os); - encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass); + } + if(alias==null) { + user = appID = cons.readLine(Config.AAF_APPID + ": "); + access.setProperty(Config.AAF_APPID, appID); + addProp(Config.AAF_APPID, appID); + char[] password = cons.readPassword(Config.AAF_APPPASS + ": "); + encrypted_pass= access.encrypt(new String(password)); access.setProperty(Config.AAF_APPPASS, encrypted_pass); - diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass); - diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE)); + addProp(Config.AAF_APPPASS, encrypted_pass); + } + } else { + encrypted_pass = access.getProperty(Config.CADI_KEYSTORE_PASSWORD); + if(encrypted_pass == null) { + keystore_pass = null; + encrypted_pass = access.getProperty(Config.AAF_APPPASS); + } else { + keystore_pass = encrypted_pass; } } - } - if (user == null) { - err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> "); - } - - if (encrypted_pass == null && alias == null) { - if (err == null) { - err = new StringBuilder(); + + + if (alias!=null) { + use_X509 = true; } else { - err.append("and "); + use_X509 = false; + Symm decryptor = Symm.obtain(dot_aaf_kf); + if (user == null) { + if (sso.exists()) { + String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite... + FileInputStream fos = new FileInputStream(sso); + try { + access.load(fos); + user = access.getProperty(Config.AAF_APPID); + encrypted_pass = access.getProperty(Config.AAF_APPPASS); + // decrypt with .aaf, and re-encrypt with regular Keyfile + access.setProperty(Config.AAF_APPPASS, + access.encrypt(decryptor.depass(encrypted_pass))); + if (cm_url != null) { //Command line CM_URL Overwrites ssofile. + access.setProperty(Config.CM_URL, cm_url); + } + } finally { + fos.close(); + } + } else { + diskprops = new Properties(); + String realm = Config.getDefaultRealm(); + // Turn on Console Sysout + System.setOut(System.out); + user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm); + if (user == null) { + user = System.getProperty("user.name") + '@' + realm; + } else if (user.length() == 0) { // + user = System.getProperty("user.name") + '@' + realm; + } else if ((user.indexOf('@') < 0) && (realm != null)) { + user = user + '@' + realm; + } + access.setProperty(Config.AAF_APPID, user); + diskprops.setProperty(Config.AAF_APPID, user); + encrypted_pass = new String(cons.readPassword("aaf_password: ")); + System.setOut(os); + encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass); + access.setProperty(Config.AAF_APPPASS, encrypted_pass); + diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass); + diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE)); + } + } + } + if (user == null) { + err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> "); + } + + if (encrypted_pass == null && alias == null) { + if (err == null) { + err = new StringBuilder(); + } else { + err.append("and "); + } + err.append("-D" + Config.AAF_APPPASS + "=<passwd> "); + } + + String locateUrl = access.getProperty(Config.AAF_LOCATE_URL); + if(locateUrl==null) { + locateUrl=AAFSSO.cons.readLine("AAF Locator FQDN/machine[:port]=https://"); + if(locateUrl==null || locateUrl.length()==0) { + err = new StringBuilder(Config.AAF_LOCATE_URL); + err.append(" is required."); + ok = false; + return; + } else { + locateUrl="https://"+locateUrl+"/locate"; + } + access.setProperty(Config.AAF_LOCATE_URL, locateUrl); + addProp(Config.AAF_LOCATE_URL, locateUrl); + } + + String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service/2.0"; + access.setProperty(Config.AAF_URL, aafUrl); + access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm/2.0"); + String cadiLatitude = access.getProperty(Config.CADI_LATITUDE); + if(cadiLatitude==null) { + System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps"); + cadiLatitude=AAFSSO.cons.readLine("cadi_latitude[0.000]="); + if(cadiLatitude==null || cadiLatitude.isEmpty()) { + cadiLatitude="0.000"; + } + access.setProperty(Config.CADI_LATITUDE, cadiLatitude); + addProp(Config.CADI_LATITUDE, cadiLatitude); + } - err.append("-D" + Config.AAF_APPPASS + "=<passwd> "); + String cadiLongitude = access.getProperty(Config.CADI_LONGITUDE); + if(cadiLongitude==null) { + cadiLongitude=AAFSSO.cons.readLine("cadi_longitude[0.000]="); + if(cadiLongitude==null || cadiLongitude.isEmpty()) { + cadiLongitude="0.000"; + } + access.setProperty(Config.CADI_LONGITUDE, cadiLongitude); + addProp(Config.CADI_LONGITUDE, cadiLongitude); + } + + String cadi_truststore = access.getProperty(Config.CADI_TRUSTSTORE); + if(cadi_truststore==null) { + String name; + String select; + for (File tsf : dot_aaf.listFiles()) { + name = tsf.getName(); + if (name.contains("trust") && + (name.endsWith(".jks") || name.endsWith(".p12"))) { + select = cons.readLine("Use %s for TrustStore? (y/n):",tsf.getName()); + if("y".equalsIgnoreCase(select)) { + cadi_truststore=tsf.getCanonicalPath(); + access.setProperty(Config.CADI_TRUSTSTORE, cadi_truststore); + addProp(Config.CADI_TRUSTSTORE, cadi_truststore); + break; + } + } + } + } + if(cadi_truststore!=null) { + if(cadi_truststore.indexOf(File.separatorChar)<0) { + cadi_truststore=dot_aaf.getPath()+File.separator+cadi_truststore; + } + String cadi_truststore_password = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD); + if(cadi_truststore_password==null) { + cadi_truststore_password=AAFSSO.cons.readLine("cadi_truststore_password[%s]=","changeit"); + cadi_truststore_password = access.encrypt(cadi_truststore_password); + access.setProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password); + addProp(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password); + } + } + ok = err==null; } + writeFiles(); } public void setLogDefault() { this.setLogDefault(PropAccess.DEFAULT); + System.setOut(stdOutOrig); } public void setStdErrDefault() { access.setLogLevel(PropAccess.DEFAULT); - System.setErr(System.err); + System.setOut(stdErrOrig); } public void setLogDefault(Level level) { - access.setLogLevel(level); - System.setOut(System.out); + if(access!=null) { + access.setLogLevel(level); + } + System.setOut(stdOutOrig); } public boolean loginOnly() { @@ -194,29 +381,33 @@ public class AAFSSO { } public void addProp(String key, String value) { - if (diskprops != null) { - diskprops.setProperty(key, value); + if(key==null || value==null) { + return; } + touchDiskprops=true; + diskprops.setProperty(key, value); } public void writeFiles() throws IOException { - // Store Creds, if they work - if (diskprops != null) { - if (!dot_aaf.exists()) { - dot_aaf.mkdirs(); + if(touchDiskprops) { + // Store Creds, if they work + if (diskprops != null) { + if (!dot_aaf.exists()) { + dot_aaf.mkdirs(); + } + FileOutputStream fos = new FileOutputStream(sso); + try { + diskprops.store(fos, "AAF Single Signon"); + } finally { + fos.close(); + setReadonly(sso); + } } - FileOutputStream fos = new FileOutputStream(sso); - try { - diskprops.store(fos, "AAF Single Signon"); - } finally { - fos.close(); + if (sso != null) { setReadonly(sso); + sso.setWritable(true, true); } } - if (sso != null) { - setReadonly(sso); - sso.setWritable(true, true); - } } public PropAccess access() { @@ -250,7 +441,7 @@ public class AAFSSO { } } - private String[] parseArgs(String[] args) + private List<String> parseArgs(String[] args) { List<String> larg = new ArrayList<String>(args.length); @@ -271,9 +462,7 @@ public class AAFSSO { larg.add(args[i]); } } - String[] nargs = new String[larg.size()]; - larg.toArray(nargs); - return nargs; + return larg; } private void setReadonly(File file) { @@ -282,4 +471,8 @@ public class AAFSSO { file.setReadable(false, false); file.setReadable(true, true); } + + public boolean ok() { + return ok; + } } diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java new file mode 100644 index 00000000..27a1a271 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java @@ -0,0 +1,75 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.oauth.test; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.GeneralSecurityException; + +import org.junit.Test; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.LocatorException; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.v2_0.AAFLocator; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.locator.PropertyLocator; +import org.onap.aaf.cadi.oauth.TokenClientFactory; +import org.onap.aaf.misc.env.APIException; + +import junit.framework.Assert; + +public class JU_TokenClientFactoryTest { + + /** + * Acceptable Locator Patterns for choosing AAFLocator over others + */ + @Test + public void testLocatorString() { + /* + PropAccess access = new PropAccess(); + access.setProperty(Config.AAF_LOCATE_URL, "https://xytz.sbbc.dd:8095/locate"); + access.setProperty(Config.CADI_LATITUDE, "39.000"); + access.setProperty(Config.CADI_LONGITUDE, "-72.000"); + TokenClientFactory tcf; + try { + System.out.println("one"); + tcf = TokenClientFactory.instance(access); + System.out.println("two"); + Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd/locate/hello") instanceof AAFLocator); + System.out.println("three"); + Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate/hello") instanceof AAFLocator); + System.out.println("four"); + Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/hello") instanceof AAFLocator); + System.out.println("five"); + Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/AAF_FS.hello/2.0") instanceof AAFLocator); + System.out.println("six"); + Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate") instanceof PropertyLocator); + System.out.println("seven"); + Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/Something") instanceof PropertyLocator); + } catch (APIException | GeneralSecurityException | IOException | CadiException | LocatorException | URISyntaxException e) { + e.printStackTrace(); + Assert.fail(); + } + */ + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TzHClient.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TzHClient.java index 7febf51f..bd2393e4 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TzHClient.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TzHClient.java @@ -85,7 +85,12 @@ public class JU_TzHClient { @Test public void test() throws CadiException, LocatorException, APIException, IOException { - TzHClient client = new TzHClient(access, "tag"); + TzHClient client; + try { + client = new TzHClient(access, "tag"); + } catch (Exception e) { + throw e; + } try { client.best(retryableMock); fail("Should've thrown an exception"); diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java index 34997fe6..7a64f71c 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java @@ -74,10 +74,9 @@ public class JU_AAFSSO { assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true)); assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true)); assertThat(sso.loginOnly(), is(true)); - - assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(false)); - sso.writeFiles(); - assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true)); + +// Not necessarily true +// assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true)); sso.setLogDefault(); sso.setStdErrDefault(); @@ -92,7 +91,7 @@ public class JU_AAFSSO { assertThat(new File(aafDir).exists(), is(true)); assertThat(new File(aafDir + "/.aaf").exists(), is(true)); - assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true)); + assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(false)); assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true)); assertThat(sso.loginOnly(), is(false)); @@ -106,7 +105,6 @@ public class JU_AAFSSO { assertThat(sso.useX509(), is(false)); sso.close(); - sso.close(); } private void recursiveDelete(File file) { diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java index b7558c02..d14e747a 100644 --- a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java +++ b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java @@ -96,6 +96,7 @@ public class JU_PropertyLocator { pl.destroy(); pl = new PropertyLocator(uris); + } @Test(expected=LocatorException.class) diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java index 82645c31..ea3891f9 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java @@ -117,7 +117,8 @@ public class Symm { private static char passChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+!@#$%^&*(){}[]?:;,.".toCharArray(); - + private static Symm internalOnly = null; + /** * Use this to create special case Case Sets and/or Line breaks * @@ -537,10 +538,10 @@ public class Symm { * @throws CadiException */ public static Symm obtain(Access access) throws CadiException { - Symm symm = Symm.baseCrypt(); - String keyfile = access.getProperty(Config.CADI_KEYFILE,null); if(keyfile!=null) { + Symm symm = Symm.baseCrypt(); + File file = new File(keyfile); try { access.log(Level.INIT, Config.CADI_KEYFILE,"points to",file.getCanonicalPath()); @@ -570,8 +571,14 @@ public class Symm { } throw new CadiException("ERROR: " + filename + " does not exist!"); } + return symm; + } else { + try { + return internalOnly(); + } catch (IOException e) { + throw new CadiException(e); + } } - return symm; } /** * Create a new random key @@ -855,4 +862,22 @@ public class Symm { return newSymm; } + + /** + * This Symm is generated for internal JVM use. It has no external keyfile, but can be used + * for securing Memory, as it remains the same ONLY of the current JVM + * @return + * @throws IOException + */ + public static synchronized Symm internalOnly() throws IOException { + if(internalOnly==null) { + ByteArrayInputStream baos = new ByteArrayInputStream(keygen()); + try { + internalOnly = Symm.obtain(baos); + } finally { + baos.close(); + } + } + return internalOnly; + } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index d7c7526f..1f778ad6 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -532,7 +532,11 @@ public class Config { access.log(Level.INIT,"AAF/OAuth LUR plugin is not available."); } } catch (NoSuchMethodException| SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { - access.log(e,"AAF/OAuth LUR could not be constructed with given Constructors."); + String msg = e.getMessage(); + if(msg==null && e.getCause()!=null) { + msg = e.getCause().getMessage(); + } + access.log(Level.INIT,"AAF/OAuth LUR is not instantiated.",msg); } } else { access.log(Level.INIT, "OAuth2 Lur disabled"); diff --git a/cadi/oauth-enduser/.gitignore b/cadi/oauth-enduser/.gitignore index 6028f0a5..c14293bc 100644 --- a/cadi/oauth-enduser/.gitignore +++ b/cadi/oauth-enduser/.gitignore @@ -2,3 +2,4 @@ /.settings/ /target/ /.project +tokens/ diff --git a/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OAuthExample.java b/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OAuthExample.java index 9cb4b4af..c79c2fe6 100644 --- a/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OAuthExample.java +++ b/cadi/oauth-enduser/src/test/java/com/att/cadi/enduser/OAuthExample.java @@ -72,12 +72,13 @@ public class OAuthExample { // Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files" - String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL); - String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL); - - - // Get Properties - final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL); + String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL, + "https://AAF_LOCATE_URL/AAF_NS.token/2.0"); // Default to AAF + String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL, + "https://AAF_LOCATE_URL/AAF_NS.introspect/2.0"); // Default to AAF); + // Get Hello Service + final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL, + "https://AAF_LOCATE_URL/AAF_NS.hello/2.0"); final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF)); @@ -95,6 +96,10 @@ public class OAuthExample { // If AAF Token server, then its just the same as your other AAF MechID creds // If it is the Alternate OAUTH, you'll need THOSE credentials. See that tool's Onboarding procedures. String client_id = access.getProperty(Config.AAF_APPID); + if(client_id==null) { + // For AAF, client_id CAN be Certificate. This is not necessarily true elsewhere + client_id = access.getProperty(Config.CADI_ALIAS); + } String client_secret = access.getProperty(Config.AAF_APPPASS); tc.client_creds(client_id, client_secret); @@ -140,7 +145,7 @@ public class OAuthExample { String rv = helloClient.best(new Retryable<String>() { @Override public String code(Rcli<?> client) throws CadiException, ConnectException, APIException { - Future<String> future = client.read(null,"text/plain"); + Future<String> future = client.read("hello","text/plain"); // The "future" calling method allows you to do other processing, such as call more than one backend // client before picking up the result // If "get" matches the HTTP Code for the method (i.e. read HTTP Return value is 200), then @@ -216,7 +221,7 @@ public class OAuthExample { + "\tUserName:\t%s\n" + "\tExpires: \t%d (%s)\n" + "\tScope:\t\t%s\n" - + "\tContent:\t\t%s\n", + + "\tContent:\t%s\n", ti.getAccessToken(), ti.getClientId(), ti.getClientType(), diff --git a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java index fa51719a..17678b3f 100644 --- a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java +++ b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/html/Imports.java @@ -25,16 +25,15 @@ import java.util.ArrayList; import java.util.List;
public class Imports implements Thematic{
- List<String> css,js;
+ List<String> css;
+ List<String> js;
public final int backdots;
-// public final File webDir;
private String theme;
public Imports(int backdots) {
-// this.webDir = webDir;
- css = new ArrayList<String>();
- js = new ArrayList<String>();
+ css = new ArrayList<>();
+ js = new ArrayList<>();
this.backdots = backdots;
theme = "";
}
|