summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--INFO.yaml6
-rw-r--r--auth/auth-cass/docker/dinstall.sh16
-rw-r--r--auth/auth-cass/src/main/cql/build.sh6
-rw-r--r--auth/auth-cass/src/main/cql/config.dat10
-rw-r--r--auth/auth-cass/src/main/cql/init.cql7
-rw-r--r--auth/auth-cass/src/main/cql/init2_1.cql1
-rw-r--r--auth/auth-cass/src/main/cql/osaaf.cql21
-rw-r--r--auth/auth-cass/src/main/cql/pull.sh5
-rw-r--r--auth/auth-cass/src/main/cql/push.sh5
-rw-r--r--auth/auth-cass/src/main/cql/temp_identity.cql9
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java22
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java2
-rw-r--r--auth/auth-certman/pom.xml10
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java12
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java1
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java79
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java567
-rw-r--r--auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java22
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java4
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/HMangrStub.java54
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Clear.java18
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Deny.java12
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Log.java16
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_SessClear.java20
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Admin.java14
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Attrib.java20
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Create.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Delete.java8
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Describe.java8
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListActivity.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListAdminResponsible.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListByName.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListUsersContact.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java91
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Delete.java84
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Describe.java92
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Grant.java111
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListActivity.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListByName.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Rename.java8
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_CreateDelete.java14
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_Describe.java8
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListActivity.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByNameOnly.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByUser.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_User.java26
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Cred.java26
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Delg.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListApprovals.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListForCreds.java2
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Role.java26
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java4
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java2
-rw-r--r--auth/auth-core/src/test/java/org/onap/aaf/auth/common/test/JU_Define.java21
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java33
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java22
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Passwords.java125
-rw-r--r--auth/auth-fs/pom.xml3
-rw-r--r--auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java4
-rw-r--r--auth/auth-gui/pom.xml3
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java5
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java28
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java5
-rw-r--r--auth/auth-hello/pom.xml3
-rw-r--r--auth/auth-locate/pom.xml3
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java12
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java4
-rw-r--r--auth/auth-oauth/pom.xml3
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java4
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java2
-rw-r--r--auth/auth-service/pom.xml3
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java5
-rw-r--r--auth/docker/.gitignore3
-rw-r--r--auth/docker/Dockerfile.client15
-rw-r--r--auth/docker/Dockerfile.config18
-rw-r--r--auth/docker/Dockerfile.core10
-rw-r--r--auth/docker/Dockerfile.ms (renamed from auth/docker/Dockerfile)11
-rw-r--r--auth/docker/README.txt40
-rw-r--r--auth/docker/aaf.props11
-rw-r--r--auth/docker/aaf.sh16
-rw-r--r--auth/docker/agent.sh71
-rw-r--r--auth/docker/d.props15
-rw-r--r--auth/docker/d.props.init17
-rw-r--r--auth/docker/dbounce.sh4
-rwxr-xr-xauth/docker/dbuild.sh52
-rw-r--r--auth/docker/dclean.sh12
-rw-r--r--auth/docker/dpush.sh4
-rw-r--r--auth/docker/drun.sh89
-rw-r--r--auth/docker/dstart.sh8
-rw-r--r--auth/docker/dstop.sh8
-rw-r--r--auth/pom.xml4
-rw-r--r--auth/sample/.gitignore1
-rw-r--r--auth/sample/bin/client.sh190
-rw-r--r--auth/sample/bin/service.sh162
-rw-r--r--auth/sample/data/identities.dat29
-rw-r--r--auth/sample/data/sample.identities.dat40
-rw-r--r--auth/sample/etc/org.osaaf.aaf.cm.props14
-rw-r--r--auth/sample/etc/org.osaaf.aaf.fs.props9
-rw-r--r--auth/sample/etc/org.osaaf.aaf.gui.props (renamed from auth/sample/etc/org.osaaf.gui.props)8
-rw-r--r--auth/sample/etc/org.osaaf.aaf.hello.props8
-rw-r--r--auth/sample/etc/org.osaaf.aaf.locate.props8
-rw-r--r--auth/sample/etc/org.osaaf.aaf.log4j.props (renamed from auth/sample/etc/org.osaaf.log4j.props)0
-rw-r--r--auth/sample/etc/org.osaaf.aaf.oauth.props8
-rw-r--r--auth/sample/etc/org.osaaf.aaf.orgs.props (renamed from auth/sample/etc/org.osaaf.orgs.props)0
-rw-r--r--auth/sample/etc/org.osaaf.aaf.service.props8
-rw-r--r--auth/sample/etc/org.osaaf.cm.props14
-rw-r--r--auth/sample/etc/org.osaaf.common.props30
-rw-r--r--auth/sample/etc/org.osaaf.fs.props10
-rw-r--r--auth/sample/etc/org.osaaf.hello.props8
-rw-r--r--auth/sample/etc/org.osaaf.locate.props8
-rw-r--r--auth/sample/etc/org.osaaf.oauth.props8
-rw-r--r--auth/sample/etc/org.osaaf.service.props8
-rw-r--r--auth/sample/local/.dockerignore1
-rw-r--r--auth/sample/local/aaf.props22
-rw-r--r--auth/sample/local/initialConfig.props8
-rw-r--r--auth/sample/local/org.osaaf.aaf.cassandra.props (renamed from auth/sample/local/org.osaaf.cassandra.props)3
-rw-r--r--auth/sample/local/org.osaaf.aaf.cm.ca.props (renamed from auth/sample/local/org.osaaf.cm.ca.props)4
-rw-r--r--auth/sample/local/org.osaaf.aaf.cm.p12bin2818 -> 0 bytes
-rw-r--r--auth/sample/local/org.osaaf.aaf.keyfile27
-rw-r--r--auth/sample/local/org.osaaf.aaf.p12bin4180 -> 0 bytes
-rw-r--r--auth/sample/local/org.osaaf.aaf.props17
-rw-r--r--auth/sample/local/org.osaaf.aaf.trust.p12bin1560 -> 0 bytes
-rw-r--r--auth/sample/local/org.osaaf.location.props12
-rw-r--r--auth/sample/logs/clean7
-rw-r--r--auth/sample/logs/taillog3
-rw-r--r--cadi/aaf/pom.xml2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java95
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java33
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java25
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java23
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java18
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java9
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java44
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java186
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java8
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java45
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java9
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java57
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java6
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java44
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java3
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java23
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java10
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java2
-rw-r--r--cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java3
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java15
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java23
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java2
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java4
-rw-r--r--cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java10
-rw-r--r--cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java4
-rw-r--r--conf/CA/newCA.sh (renamed from conf/CA/newca.sh)2
-rw-r--r--conf/CA/newIntermediate.sh2
-rw-r--r--docs/sections/installation/client_vol.rst70
-rw-r--r--docs/sections/installation/install_from_source.rst219
-rw-r--r--docs/sections/installation/sample.rst (renamed from docs/sections/installation/fromsource.rst)0
169 files changed, 2678 insertions, 1221 deletions
diff --git a/INFO.yaml b/INFO.yaml
index b90cb9b4..840eb5ec 100644
--- a/INFO.yaml
+++ b/INFO.yaml
@@ -3,9 +3,9 @@ project: 'aaf-authz'
project_creation_date: '2017-07-12'
lifecycle_state: 'Incubation'
project_lead: &onap_releng_ptl
- name: 'Ram Koya'
- email: 'rk541m@att.com'
- id: 'rampi_k'
+ name: 'Jonathan Gathman'
+ email: 'jonathan.gathman@us.att.com'
+ id: 'instrumental'
company: 'ATT'
timezone: 'America/Dallas'
primary_contact: *onap_releng_ptl
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh
index 44ee7130..d6fcb9f9 100644
--- a/auth/auth-cass/docker/dinstall.sh
+++ b/auth/auth-cass/docker/dinstall.sh
@@ -7,11 +7,24 @@ else
echo Docker not available in /usr/bin or /usr/local/bin
exit
fi
+
+if [ "$($DOCKER volume ls | grep aaf_cass_data)" = "" ]; then
+ $DOCKER volume create aaf_cass_data
+ echo "Created Cassandra Volume aaf_cass_data"
+fi
+
echo "Running DInstall"
if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then
echo "starting Cass from 'run'"
# NOTE: These HEAP Sizes are minimal. Not set for full organizations.
- $DOCKER run --name aaf_cass -e HEAP_NEWSIZE=512M -e MAX_HEAP_SIZE=1024M -e CASSANDRA_DC=dc1 -e CASSANDRA_CLUSTER_NAME=osaaf -d cassandra:3.11
+ $DOCKER run \
+ --name aaf_cass \
+ -e HEAP_NEWSIZE=512M \
+ -e MAX_HEAP_SIZE=1024M \
+ -e CASSANDRA_DC=dc1 \
+ -e CASSANDRA_CLUSTER_NAME=osaaf \
+ --mount 'type=volume,src=aaf_cass_data,dst=/var/lib/cassandra,volume-driver=local' \
+ -d cassandra:3.11
# Set on local Disk
# -v /opt/app/cass:/var/lib/cassandra
echo "aaf_cass Starting"
@@ -43,6 +56,7 @@ if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then
echo " cqlsh -f keyspace.cql"
echo " cqlsh -f init.cql"
echo " cqlsh -f osaaf.cql"
+ echo " cqlsh -f temp_identity.cql"
echo ""
echo "The following will give you a temporary identity with which to start working, or emergency"
echo " cqlsh -f temp_identity.cql"
diff --git a/auth/auth-cass/src/main/cql/build.sh b/auth/auth-cass/src/main/cql/build.sh
new file mode 100644
index 00000000..caa07494
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+CQLSH=/Volumes/Data/apache-cassandra-2.1.14/bin/cqlsh
+DIR=.
+for T in ns perm role user_role cred config; do
+ $CQLSH -e "COPY authz.$T TO '$DIR/$T.dat' WITH DELIMITER='|'"
+done
diff --git a/auth/auth-cass/src/main/cql/config.dat b/auth/auth-cass/src/main/cql/config.dat
new file mode 100644
index 00000000..7eba23e1
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/config.dat
@@ -0,0 +1,10 @@
+aaf|aaf_env|DEV
+aaf|aaf_locate_url|https://meriadoc.mithril.sbc.com:8095
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/src/main/cql/init.cql b/auth/auth-cass/src/main/cql/init.cql
index c06e5ee9..bf75998d 100644
--- a/auth/auth-cass/src/main/cql/init.cql
+++ b/auth/auth-cass/src/main/cql/init.cql
@@ -264,3 +264,10 @@ CREATE TABLE run_lock (
start timestamp,
PRIMARY KEY ((class))
);
+
+CREATE TABLE config (
+ name varchar,
+ tag varchar,
+ value varchar,
+ PRIMARY KEY (name,tag)
+);
diff --git a/auth/auth-cass/src/main/cql/init2_1.cql b/auth/auth-cass/src/main/cql/init2_1.cql
index 4b9e7934..701dd774 100644
--- a/auth/auth-cass/src/main/cql/init2_1.cql
+++ b/auth/auth-cass/src/main/cql/init2_1.cql
@@ -1,3 +1,4 @@
+use authz;
CREATE TABLE config (
name varchar,
tag varchar,
diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql
index 67107cb0..51e6b908 100644
--- a/auth/auth-cass/src/main/cql/osaaf.cql
+++ b/auth/auth-cass/src/main/cql/osaaf.cql
@@ -49,6 +49,14 @@ INSERT INTO perm(ns, type, instance, action, roles, description)
INSERT INTO role(ns, name, perms, description)
VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+// OSAAF Root
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+
// ONAP Specific Entities
// ONAP initial env Namespace
INSERT INTO ns (name,description,parent,scope,type)
@@ -71,6 +79,19 @@ INSERT INTO perm(ns, type, instance, action, roles, description)
INSERT INTO role(ns, name, perms, description)
VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+// AAF Admin
+insert into cred (id,type,expires,cred,notes,ns,other) values('aaf_admin@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf_admin@people.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+// A Deployer
+insert into cred (id,type,expires,cred,notes,ns,other) values('deployer@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','deploy',{},'ONAP Deployment Role');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('deployer@people.osaaf.org','org.osaaf.aaf.deploy','2018-10-31','org.osaaf.aaf','deploy');
+
+
// DEMO ID (OPS)
insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
INSERT INTO user_role(user,role,expires,ns,rname)
diff --git a/auth/auth-cass/src/main/cql/pull.sh b/auth/auth-cass/src/main/cql/pull.sh
new file mode 100644
index 00000000..f4db573a
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/pull.sh
@@ -0,0 +1,5 @@
+for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+ cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';"
+done
+tar -cvzf dat.gz *.dat
+
diff --git a/auth/auth-cass/src/main/cql/push.sh b/auth/auth-cass/src/main/cql/push.sh
new file mode 100644
index 00000000..8026c9f9
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/push.sh
@@ -0,0 +1,5 @@
+tar -xvf dat.gz
+for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+ cqlsh -e "use authz; COPY $T FROM '$T.dat' WITH DELIMITER='|';"
+done
+
diff --git a/auth/auth-cass/src/main/cql/temp_identity.cql b/auth/auth-cass/src/main/cql/temp_identity.cql
index 7ca31203..3032372b 100644
--- a/auth/auth-cass/src/main/cql/temp_identity.cql
+++ b/auth/auth-cass/src/main/cql/temp_identity.cql
@@ -1,12 +1,5 @@
USE authz;
// Create Root pass
INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('initial@osaaf.org','org.osaaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400;
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400;
-
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
index 5bdb215e..eb44e143 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
@@ -28,16 +28,16 @@ import java.util.List;
import org.onap.aaf.auth.dao.cass.NsSplit;
import org.onap.aaf.auth.dao.cass.PermDAO;
-import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.hl.Question;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.env.NullTrans;
import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.lur.LocalPermission;
import org.onap.aaf.misc.env.util.Split;
@@ -52,17 +52,23 @@ public class DirectAAFLur implements Lur {
}
@Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
return fish(env.newTransNoAvg(),bait,pond);
}
- public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {
+ public boolean fish(AuthzTrans trans, Principal bait, Permission ... pond) {
+ boolean rv = false;
Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);
switch(pdr.status) {
case OK:
for(PermDAO.Data d : pdr.value) {
- if(new PermPermission(d).match(pond)) {
- return true;
+ if(!rv) {
+ for (Permission p : pond) {
+ if(new PermPermission(d).match(p)) {
+ rv=true;
+ break;
+ }
+ }
}
}
break;
@@ -72,7 +78,7 @@ public class DirectAAFLur implements Lur {
default:
trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);
}
- return false;
+ return rv;
}
@Override
@@ -94,7 +100,7 @@ public class DirectAAFLur implements Lur {
}
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
index 695d80f7..1ddf022c 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
@@ -63,7 +63,7 @@ public class DirectRegistrar implements Registrant<AuthzEnv> {
locate.patch = split.length>2?Integer.parseInt(split[2]):0;
locate.minor = split.length>1?Integer.parseInt(split[1]):0;
locate.major = split.length>0?Integer.parseInt(split[0]):0;
- locate.hostname = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null);
+ locate.hostname = access.getProperty(Config.AAF_REGISTER_AS, null);
if(locate.hostname==null) {
locate.hostname = access.getProperty(Config.HOSTNAME, null);
}
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index f0dc08ff..8b1729ec 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -60,6 +60,14 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
</dependency>
+
+ <!-- Add the Organizations you wish to support. You can delete ONAP if
+ you have something else Match with Property Entry: Organization.<root ns>,
+ i.e. Organization.onap.org=org.onap.org.DefaultOrg -->
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-auth-deforg</artifactId>
+ </dependency>
<dependency>
<groupId>com.google.code.jscep</groupId>
@@ -120,7 +128,7 @@
<mainClass>org.onap.aaf.auth.cm.AAF_CM</mainClass>
<name>cm</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.cm.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.cm.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/cm</commandLineArgument>
</commandLineArguments>
</program>
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
index e840ef56..f1f70a7e 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
@@ -57,20 +57,22 @@ public abstract class CA {
private final String name;
private final String env;
private MessageDigest messageDigest;
+ private final String permNS;
private final String permType;
private final ArrayList<String> idDomains;
private String[] trustedCAs;
private String[] caIssuerDNs;
- private List<RDN> rdns;
+ private List<RDN> rdns;
protected CA(Access access, String caName, String env) throws IOException, CertException {
trustedCAs = new String[4]; // starting array
this.name = caName;
this.env = env;
- permType = access.getProperty(CM_CA_PREFIX + name + ".perm_type",null);
+ permNS = CM_CA_PREFIX + name;
+ permType = access.getProperty(permNS + ".perm_type",null);
if(permType==null) {
- throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+ throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
@@ -204,6 +206,10 @@ public abstract class CA {
}
+ public String getPermNS() {
+ return permNS;
+ }
+
public String getPermType() {
return permType;
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
index af2d2f6b..893e9f32 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
@@ -203,7 +203,7 @@ public class LocalCA extends CA {
public X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
GregorianCalendar gc = new GregorianCalendar();
Date start = gc.getTime();
- gc.add(GregorianCalendar.MONTH, 2);
+ gc.add(GregorianCalendar.MONTH, 6);
Date end = gc.getTime();
X509Certificate x509;
TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
index 70ddd438..e40a7a21 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
@@ -116,7 +116,7 @@ public class BCFactory extends Factory {
CertmanValidator v = new CertmanValidator();
if(v.nullOrBlank("cn", csr.cn())
.nullOrBlank("mechID", csr.mechID())
- .nullOrBlank("email", csr.email())
+// .nullOrBlank("email", csr.email())
.err()) {
return v.errs();
} else {
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
index 7d417d5f..f9fcad17 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
@@ -156,6 +156,7 @@ public class CSRMeta {
Date start = gc.getTime();
gc.add(GregorianCalendar.DAY_OF_MONTH,2);
Date end = gc.getTime();
+ @SuppressWarnings("deprecation")
X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
x500Name(),
new BigInteger(12,random), // replace with Serialnumber scheme
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
index 794f63a6..98fdf11b 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
@@ -32,16 +32,6 @@ import static org.onap.aaf.auth.layer.Result.ERR_Security;
import static org.onap.aaf.auth.layer.Result.OK;
import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -58,8 +48,6 @@ import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.configure.CertException;
-import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Data;
import org.onap.aaf.misc.env.Env;
@@ -232,10 +220,17 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf.
@Override
public Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException {
String[] p = Split.split('|',perm);
- if(p.length!=3) {
- return Result.err(Result.ERR_BadData,"Invalid Perm String");
+ AAFPermission ap;
+ switch(p.length) {
+ case 3:
+ ap = new AAFPermission(null, p[0],p[1],p[2]);
+ break;
+ case 4:
+ ap = new AAFPermission(p[0],p[1],p[2],p[3]);
+ break;
+ default:
+ return Result.err(Result.ERR_BadData,"Invalid Perm String");
}
- AAFPermission ap = new AAFPermission(p[0],p[1],p[2]);
if(certman.aafLurPerm.fish(trans.getUserPrincipal(), ap)) {
resp.setContentType(voidResp);
resp.getOutputStream().write(0);
@@ -360,33 +355,33 @@ public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf.
// return Result.ok();
}
- private KeyStore keystore(AuthzTrans trans, CertResp cr, String[] trustChain, String name, char[] cap) throws KeyStoreException, CertificateException, APIException, IOException, CertException, NoSuchAlgorithmException {
- KeyStore jks = KeyStore.getInstance("jks");
- jks.load(null, cap);
-
- // Get the Cert(s)... Might include Trust store
- List<String> lcerts = new ArrayList<>();
- lcerts.add(cr.asCertString());
- for(String s : trustChain) {
- lcerts.add(s);
- }
-
- Collection<? extends Certificate> certColl = Factory.toX509Certificate(lcerts);
- X509Certificate[] certs = new X509Certificate[certColl.size()];
- certColl.toArray(certs);
- KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(cap);
-
- PrivateKey pk = Factory.toPrivateKey(trans, cr.privateString());
- KeyStore.PrivateKeyEntry pkEntry =
- new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});
- jks.setEntry(name, pkEntry, protParam);
-
- int i=0;
- for(X509Certificate x509 : certs) {
- jks.setCertificateEntry("cert_"+ ++i, x509);
- }
- return jks;
- }
+// private KeyStore keystore(AuthzTrans trans, CertResp cr, String[] trustChain, String name, char[] cap) throws KeyStoreException, CertificateException, APIException, IOException, CertException, NoSuchAlgorithmException {
+// KeyStore jks = KeyStore.getInstance("jks");
+// jks.load(null, cap);
+//
+// // Get the Cert(s)... Might include Trust store
+// List<String> lcerts = new ArrayList<>();
+// lcerts.add(cr.asCertString());
+// for(String s : trustChain) {
+// lcerts.add(s);
+// }
+//
+// Collection<? extends Certificate> certColl = Factory.toX509Certificate(lcerts);
+// X509Certificate[] certs = new X509Certificate[certColl.size()];
+// certColl.toArray(certs);
+// KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(cap);
+//
+// PrivateKey pk = Factory.toPrivateKey(trans, cr.privateString());
+// KeyStore.PrivateKeyEntry pkEntry =
+// new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});
+// jks.setEntry(name, pkEntry, protParam);
+//
+// int i=0;
+// for(X509Certificate x509 : certs) {
+// jks.setCertificateEntry("cert_"+ ++i, x509);
+// }
+// return jks;
+// }
@Override
public Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust) {
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 376ae1b1..744c3c3f 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -58,156 +58,173 @@ import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.Hash;
+import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Chrono;
-
public class CMService {
// If we add more CAs, may want to parameterize
private static final int STD_RENEWAL = 30;
private static final int MAX_RENEWAL = 60;
private static final int MIN_RENEWAL = 10;
-
+
public static final String REQUEST = "request";
+ public static final String IGNORE_IPS = "ignoreIPs";
public static final String RENEW = "renew";
public static final String DROP = "drop";
- public static final String IPS = "ips";
public static final String DOMAIN = "domain";
- private static final String CERTMAN = ".certman";
- private static final String ACCESS = ".access";
-
+ private static final String CERTMAN = "certman";
+ private static final String ACCESS = "access";
+
private static final String[] NO_NOTES = new String[0];
+ private final Permission root_read_permission;
private final CertDAO certDAO;
private final CredDAO credDAO;
private final ArtiDAO artiDAO;
private AAF_CM certman;
-// @SuppressWarnings("unchecked")
+ // @SuppressWarnings("unchecked")
public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException {
- // Jonathan 4/2015 SessionFilter unneeded... DataStax already deals with Multithreading well
-
- HistoryDAO hd = new HistoryDAO(trans, certman.cluster, CassAccess.KEYSPACE);
+ // Jonathan 4/2015 SessionFilter unneeded... DataStax already deals with
+ // Multithreading well
+
+ HistoryDAO hd = new HistoryDAO(trans, certman.cluster, CassAccess.KEYSPACE);
CacheInfoDAO cid = new CacheInfoDAO(trans, hd);
certDAO = new CertDAO(trans, hd, cid);
credDAO = new CredDAO(trans, hd, cid);
artiDAO = new ArtiDAO(trans, hd, cid);
this.certman = certman;
+
+ root_read_permission=new AAFPermission(
+ trans.getProperty(Config.AAF_ROOT_NS, Config.AAF_ROOT_NS_DEF),
+ "access",
+ "*",
+ "read"
+ );
}
-
- public Result<CertResp> requestCert(final AuthzTrans trans,final Result<CertReq> req, final CA ca) {
- if(req.isOK()) {
- if(req.value.fqdns.isEmpty()) {
- return Result.err(Result.ERR_BadData,"No Machines passed in Request");
+ public Result<CertResp> requestCert(final AuthzTrans trans, final Result<CertReq> req, final CA ca) {
+ if (req.isOK()) {
+
+ if (req.value.fqdns.isEmpty()) {
+ return Result.err(Result.ERR_BadData, "No Machines passed in Request");
}
-
+
String key = req.value.fqdns.get(0);
-
+
// Policy 6: Requester must be granted Change permission in Namespace requested
String mechNS = FQI.reverseDomain(req.value.mechid);
- if(mechNS==null) {
- return Result.err(Status.ERR_Denied, "%s does not reflect a valid AAF Namespace",req.value.mechid);
- }
-
-
- // Disallow non-AAF CA without special permission
- if(!"aaf".equals(ca.getName()) && !trans.fish( new AAFPermission(mechNS+CERTMAN, ca.getName(), REQUEST))) {
- return Result.err(Status.ERR_Denied, "'%s' does not have permission to request Certificates from Certificate Authority '%s'",
- trans.user(),ca.getName());
+ if (mechNS == null) {
+ return Result.err(Status.ERR_Denied, "%s does not reflect a valid AAF Namespace", req.value.mechid);
}
List<String> notes = null;
List<String> fqdns = new ArrayList<>(req.value.fqdns);
-
-
+
String email = null;
try {
Organization org = trans.org();
-
+
+ boolean ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
+
InetAddress primary = null;
// Organize incoming information to get to appropriate Artifact
- if(!fqdns.isEmpty()) {
+ if (!fqdns.isEmpty()) {
// Accept domain wild cards, but turn into real machines
// Need *domain.com:real.machine.domain.com:san.machine.domain.com:...
- if(fqdns.get(0).startsWith("*")) { // Domain set
- if(!trans.fish(new AAFPermission(ca.getPermType(), ca.getName(), DOMAIN))) {
- return Result.err(Result.ERR_Denied, "Domain based Authorizations (" + fqdns.get(0) + ") requires Exception");
+ if (fqdns.get(0).startsWith("*")) { // Domain set
+ if (!trans.fish(new AAFPermission(null,ca.getPermType(), ca.getName(), DOMAIN))) {
+ return Result.err(Result.ERR_Denied,
+ "Domain based Authorizations (" + fqdns.get(0) + ") requires Exception");
}
-
- //TODO check for Permission in Add Artifact?
+
+ // TODO check for Permission in Add Artifact?
String domain = fqdns.get(0).substring(1);
fqdns.remove(0);
- if(fqdns.isEmpty()) {
- return Result.err(Result.ERR_Denied, "Requests using domain require machine declaration");
- }
-
- InetAddress ia = InetAddress.getByName(fqdns.get(0));
- if(ia==null) {
- return Result.err(Result.ERR_Denied, "Request not made from matching IP matching domain");
- } else if(ia.getHostName().endsWith(domain)) {
- primary = ia;
- }
-
- } else {
- for(String cn : req.value.fqdns) {
- try {
- InetAddress[] ias = InetAddress.getAllByName(cn);
- Set<String> potentialSanNames = new HashSet<>();
- for(InetAddress ia1 : ias) {
- InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress());
- if(primary==null && ias.length==1 && trans.ip().equals(ia1.getHostAddress())) {
- primary = ia1;
- } else if(!cn.equals(ia1.getHostName()) && !ia2.getHostName().equals(ia2.getHostAddress())) {
- potentialSanNames.add(ia1.getHostName());
+ if (fqdns.isEmpty()) {
+ return Result.err(Result.ERR_Denied, "Requests using domain require machine declaration");
+ }
+
+ if (!ignoreIPs) {
+ InetAddress ia = InetAddress.getByName(fqdns.get(0));
+ if (ia == null) {
+ return Result.err(Result.ERR_Denied,
+ "Request not made from matching IP matching domain");
+ } else if (ia.getHostName().endsWith(domain)) {
+ primary = ia;
+ }
+ }
+
+ } else {
+ for (String cn : req.value.fqdns) {
+ if(ignoreIPs) {
+ potentialSanNames.add(cn);
+ } else {
+ try {
+ InetAddress[] ias = InetAddress.getAllByName(cn);
+ Set<String> potentialSanNames = new HashSet<>();
+ for (InetAddress ia1 : ias) {
+ InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress());
+ if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) {
+ primary = ia1;
+ } else if (!cn.equals(ia1.getHostName())
+ && !ia2.getHostName().equals(ia2.getHostAddress())) {
+ potentialSanNames.add(ia1.getHostName());
+ }
}
+ } catch (UnknownHostException e1) {
+ return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn);
}
- } catch (UnknownHostException e1) {
- return Result.err(Result.ERR_BadData,"There is no DNS lookup for %s",cn);
}
-
}
}
}
-
- if(primary==null) {
- return Result.err(Result.ERR_Denied, "Request not made from matching IP (%s)",trans.ip());
+
+ final String host;
+ if(ignoreIPs) {
+ host = req.value.fqdns.get(0);
+ } else if (primary == null) {
+ return Result.err(Result.ERR_Denied, "Request not made from matching IP (%s)", trans.ip());
+ } else {
+ host = primary.getHostAddress();
}
-
+
ArtiDAO.Data add = null;
- Result<List<ArtiDAO.Data>> ra = artiDAO.read(trans, req.value.mechid,primary.getHostAddress());
- if(ra.isOKhasData()) {
- if(add==null) {
+ Result<List<ArtiDAO.Data>> ra = artiDAO.read(trans, req.value.mechid, host);
+ if (ra.isOKhasData()) {
+ if (add == null) {
add = ra.value.get(0); // single key
}
} else {
- ra = artiDAO.read(trans, req.value.mechid,key);
- if(ra.isOKhasData()) { // is the Template available?
- add = ra.value.get(0);
- add.machine=primary.getHostName();
- for(String s : fqdns) {
- if(!s.equals(add.machine)) {
- add.sans(true).add(s);
- }
- }
- Result<ArtiDAO.Data> rc = artiDAO.create(trans, add); // Create new Artifact from Template
- if(rc.notOK()) {
- return Result.err(rc);
- }
- } else {
- add = ra.value.get(0);
- }
+ ra = artiDAO.read(trans, req.value.mechid, key);
+ if (ra.isOKhasData()) { // is the Template available?
+ add = ra.value.get(0);
+ add.machine = host;
+ for (String s : fqdns) {
+ if (!s.equals(add.machine)) {
+ add.sans(true).add(s);
+ }
+ }
+ Result<ArtiDAO.Data> rc = artiDAO.create(trans, add); // Create new Artifact from Template
+ if (rc.notOK()) {
+ return Result.err(rc);
+ }
+ } else {
+ add = ra.value.get(0);
+ }
}
-
+
// Add Artifact listed FQDNs
- if(add.sans!=null) {
- for(String s : add.sans) {
- if(!fqdns.contains(s)) {
+ if (add.sans != null) {
+ for (String s : add.sans) {
+ if (!fqdns.contains(s)) {
fqdns.add(s);
}
}
@@ -215,134 +232,142 @@ public class CMService {
// Policy 2: If Config marked as Expired, do not create or renew
Date now = new Date();
- if(add.expires!=null && now.after(add.expires)) {
- return Result.err(Result.ERR_Policy,"Configuration for %s %s is expired %s",add.mechid,add.machine,Chrono.dateFmt.format(add.expires));
+ if (add.expires != null && now.after(add.expires)) {
+ return Result.err(Result.ERR_Policy, "Configuration for %s %s is expired %s", add.mechid,
+ add.machine, Chrono.dateFmt.format(add.expires));
}
-
+
// Policy 3: MechID must be current
Identity muser = org.getIdentity(trans, add.mechid);
- if(muser == null) {
- return Result.err(Result.ERR_Policy,"MechID must exist in %s",org.getName());
+ if (muser == null) {
+ return Result.err(Result.ERR_Policy, "MechID must exist in %s", org.getName());
}
-
+
// Policy 4: Sponsor must be current
Identity ouser = muser.responsibleTo();
- if(ouser==null) {
- return Result.err(Result.ERR_Policy,"%s does not have a current sponsor at %s",add.mechid,org.getName());
- } else if(!ouser.isFound() || ouser.mayOwn()!=null) {
- return Result.err(Result.ERR_Policy,"%s reports that %s cannot be responsible for %s",org.getName(),trans.user());
+ if (ouser == null) {
+ return Result.err(Result.ERR_Policy, "%s does not have a current sponsor at %s", add.mechid,
+ org.getName());
+ } else if (!ouser.isFound() || ouser.mayOwn() != null) {
+ return Result.err(Result.ERR_Policy, "%s reports that %s cannot be responsible for %s",
+ org.getName(), trans.user());
}
-
+
// Set Email from most current Sponsor
email = ouser.email();
-
+
// Policy 5: keep Artifact data current
- if(!ouser.fullID().equals(add.sponsor)) {
+ if (!ouser.fullID().equals(add.sponsor)) {
add.sponsor = ouser.fullID();
artiDAO.update(trans, add);
}
-
- // Policy 7: Caller must be the MechID or have specifically delegated permissions
- if(!(trans.user().equals(req.value.mechid) || trans.fish(new AAFPermission(mechNS + CERTMAN, ca.getName() , REQUEST)))) {
- return Result.err(Status.ERR_Denied, "%s must have access to modify x509 certs in NS %s",trans.user(),mechNS);
+
+ // Policy 7: Caller must be the MechID or have specifically delegated
+ // permissions
+ if (!(trans.user().equals(req.value.mechid)
+ || trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), REQUEST)))) {
+ return Result.err(Status.ERR_Denied, "%s must have access to modify x509 certs in NS %s",
+ trans.user(), mechNS);
}
-
+
// Make sure Primary is the first in fqdns
- if(fqdns.size()>1) {
- for(int i=0;i<fqdns.size();++i) {
- if(fqdns.get(i).equals(primary.getHostName())) {
- if(i!=0) {
- String tmp = fqdns.get(0);
- fqdns.set(0, primary.getHostName());
- fqdns.set(i, tmp);
+ if (fqdns.size() > 1) {
+ for (int i = 0; i < fqdns.size(); ++i) {
+ if(primary==null) {
+ trans.error().log("CMService var primary is null");
+ } else {
+ String fg = fqdns.get(i);
+ if (fg!=null && fg.equals(primary.getHostName())) {
+ if (i != 0) {
+ String tmp = fqdns.get(0);
+ fqdns.set(0, primary.getHostName());
+ fqdns.set(i, tmp);
+ }
}
}
}
}
} catch (Exception e) {
+ e.printStackTrace();
trans.error().log(e);
- return Result.err(Status.ERR_Denied,"MechID Sponsorship cannot be determined at this time. Try later");
+ return Result.err(Status.ERR_Denied,
+ "AppID Sponsorship cannot be determined at this time. Try later.");
}
-
+
CSRMeta csrMeta;
try {
- csrMeta = BCFactory.createCSRMeta(
- ca,
- req.value.mechid,
- email,
- fqdns);
+ csrMeta = BCFactory.createCSRMeta(ca, req.value.mechid, email, fqdns);
X509andChain x509ac = ca.sign(trans, csrMeta);
- if(x509ac==null) {
- return Result.err(Result.ERR_ActionNotCompleted,"x509 Certificate not signed by CA");
+ if (x509ac == null) {
+ return Result.err(Result.ERR_ActionNotCompleted, "x509 Certificate not signed by CA");
}
trans.info().printf("X509 Subject: %s", x509ac.getX509().getSubjectDN());
-
+
X509Certificate x509 = x509ac.getX509();
CertDAO.Data cdd = new CertDAO.Data();
- cdd.ca=ca.getName();
- cdd.serial=x509.getSerialNumber();
- cdd.id=req.value.mechid;
- cdd.x500=x509.getSubjectDN().getName();
- cdd.x509=Factory.toString(trans, x509);
+ cdd.ca = ca.getName();
+ cdd.serial = x509.getSerialNumber();
+ cdd.id = req.value.mechid;
+ cdd.x500 = x509.getSubjectDN().getName();
+ cdd.x509 = Factory.toString(trans, x509);
certDAO.create(trans, cdd);
-
+
CredDAO.Data crdd = new CredDAO.Data();
crdd.other = Question.random.nextInt();
- crdd.cred=getChallenge256SaltedHash(csrMeta.challenge(),crdd.other);
+ crdd.cred = getChallenge256SaltedHash(csrMeta.challenge(), crdd.other);
crdd.expires = x509.getNotAfter();
crdd.id = req.value.mechid;
crdd.ns = Question.domain2ns(crdd.id);
crdd.type = CredDAO.CERT_SHA256_RSA;
credDAO.create(trans, crdd);
-
- CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes));
+
+ CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(notes));
return Result.ok(cr);
} catch (Exception e) {
trans.error().log(e);
- return Result.err(Result.ERR_ActionNotCompleted,e.getMessage());
+ return Result.err(Result.ERR_ActionNotCompleted, e.getMessage());
}
} else {
return Result.err(req);
}
}
- public Result<CertResp> renewCert(AuthzTrans trans, Result<CertRenew> renew) {
- if(renew.isOK()) {
- return Result.err(Result.ERR_NotImplemented,"Not implemented yet");
+ public Result<CertResp> renewCert(AuthzTrans trans, Result<CertRenew> renew) {
+ if (renew.isOK()) {
+ return Result.err(Result.ERR_NotImplemented, "Not implemented yet");
} else {
return Result.err(renew);
- }
+ }
}
public Result<Void> dropCert(AuthzTrans trans, Result<CertDrop> drop) {
- if(drop.isOK()) {
- return Result.err(Result.ERR_NotImplemented,"Not implemented yet");
+ if (drop.isOK()) {
+ return Result.err(Result.ERR_NotImplemented, "Not implemented yet");
} else {
return Result.err(drop);
- }
+ }
}
public Result<List<Data>> readCertsByMechID(AuthzTrans trans, String mechID) {
// Policy 1: To Read, must have NS Read or is Sponsor
String ns = Question.domain2ns(mechID);
try {
- if( trans.user().equals(mechID)
- || trans.fish(new AAFPermission(ns + ACCESS, "*", "read"))
- || (trans.org().validate(trans,Organization.Policy.OWNS_MECHID,null,mechID))==null) {
+ if (trans.user().equals(mechID) || trans.fish(new AAFPermission(ns,ACCESS, "*", "read"))
+ || (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, mechID)) == null) {
return certDAO.readID(trans, mechID);
} else {
- return Result.err(Result.ERR_Denied,"%s is not the ID, Sponsor or NS Owner/Admin for %s at %s",
- trans.user(),mechID,trans.org().getName());
+ return Result.err(Result.ERR_Denied, "%s is not the ID, Sponsor or NS Owner/Admin for %s at %s",
+ trans.user(), mechID, trans.org().getName());
}
- } catch(OrganizationException e) {
+ } catch (OrganizationException e) {
return Result.err(e);
}
}
public Result<CertResp> requestPersonalCert(AuthzTrans trans, CA ca) {
- if(ca.inPersonalDomains(trans.getUserPrincipal())) {
+ if (ca.inPersonalDomains(trans.getUserPrincipal())) {
Organization org = trans.org();
-
+
// Policy 1: MechID must be current
Identity ouser;
try {
@@ -351,39 +376,36 @@ public class CMService {
trans.error().log(e1);
ouser = null;
}
- if(ouser == null) {
- return Result.err(Result.ERR_Policy,"Requesting User must exist in %s",org.getName());
+ if (ouser == null) {
+ return Result.err(Result.ERR_Policy, "Requesting User must exist in %s", org.getName());
}
-
+
// Set Email from most current Sponsor
-
+
CSRMeta csrMeta;
try {
- csrMeta = BCFactory.createPersonalCSRMeta(
- ca,
- trans.user(),
- ouser.email());
+ csrMeta = BCFactory.createPersonalCSRMeta(ca, trans.user(), ouser.email());
X509andChain x509ac = ca.sign(trans, csrMeta);
- if(x509ac==null) {
- return Result.err(Result.ERR_ActionNotCompleted,"x509 Certificate not signed by CA");
+ if (x509ac == null) {
+ return Result.err(Result.ERR_ActionNotCompleted, "x509 Certificate not signed by CA");
}
X509Certificate x509 = x509ac.getX509();
CertDAO.Data cdd = new CertDAO.Data();
- cdd.ca=ca.getName();
- cdd.serial=x509.getSerialNumber();
- cdd.id=trans.user();
- cdd.x500=x509.getSubjectDN().getName();
- cdd.x509=Factory.toString(trans, x509);
+ cdd.ca = ca.getName();
+ cdd.serial = x509.getSerialNumber();
+ cdd.id = trans.user();
+ cdd.x500 = x509.getSubjectDN().getName();
+ cdd.x509 = Factory.toString(trans, x509);
certDAO.create(trans, cdd);
-
+
CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
return Result.ok(cr);
} catch (Exception e) {
trans.error().log(e);
- return Result.err(Result.ERR_ActionNotCompleted,e.getMessage());
+ return Result.err(Result.ERR_ActionNotCompleted, e.getMessage());
}
} else {
- return Result.err(Result.ERR_Denied,trans.user()," not supported for CA",ca.getName());
+ return Result.err(Result.ERR_Denied, trans.user(), " not supported for CA", ca.getName());
}
}
@@ -392,71 +414,69 @@ public class CMService {
//////////////
public Result<Void> createArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {
CertmanValidator v = new CertmanValidator().artisRequired(list, 1);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
- for(ArtiDAO.Data add : list) {
+ for (ArtiDAO.Data add : list) {
try {
// Policy 1: MechID must exist in Org
Identity muser = trans.org().getIdentity(trans, add.mechid);
- if(muser == null) {
- return Result.err(Result.ERR_Denied,"%s is not valid for %s", add.mechid,trans.org().getName());
+ if (muser == null) {
+ return Result.err(Result.ERR_Denied, "%s is not valid for %s", add.mechid, trans.org().getName());
}
-
+
// Policy 2: MechID must have valid Organization Owner
Identity emailUser;
- if(muser.isPerson()) {
+ if (muser.isPerson()) {
emailUser = muser;
} else {
Identity ouser = muser.responsibleTo();
- if(ouser == null) {
- return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
+ if (ouser == null) {
+ return Result.err(Result.ERR_Denied, "%s is not a valid Sponsor for %s at %s", trans.user(),
+ add.mechid, trans.org().getName());
}
// Policy 3: Calling ID must be MechID Owner
- if(!trans.user().equals(ouser.fullID())) {
- return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
+ if (!trans.user().startsWith(ouser.id())) {
+ return Result.err(Result.ERR_Denied, "%s is not the Sponsor for %s at %s", trans.user(),
+ add.mechid, trans.org().getName());
}
emailUser = ouser;
}
-
- // Policy 4: Renewal Days are between 10 and 60 (constants, may be parameterized)
- if(add.renewDays<MIN_RENEWAL) {
+ // Policy 4: Renewal Days are between 10 and 60 (constants, may be
+ // parameterized)
+ if (add.renewDays < MIN_RENEWAL) {
add.renewDays = STD_RENEWAL;
- } else if(add.renewDays>MAX_RENEWAL) {
+ } else if (add.renewDays > MAX_RENEWAL) {
add.renewDays = MAX_RENEWAL;
}
-
+
// Policy 5: If Notify is blank, set to Owner's Email
- if(add.notify==null || add.notify.length()==0) {
- add.notify = "mailto:"+emailUser.email();
+ if (add.notify == null || add.notify.length() == 0) {
+ add.notify = "mailto:" + emailUser.email();
}
-
+
// Policy 6: Only do Domain by Exception
- if(add.machine.startsWith("*")) { // Domain set
+ if (add.machine.startsWith("*")) { // Domain set
CA ca = certman.getCA(add.ca);
-
- if(!trans.fish(new AAFPermission(ca.getPermType(), add.ca, DOMAIN))) {
- return Result.err(Result.ERR_Denied,"Domain Artifacts (%s) requires specific Permission",
- add.machine);
+ if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
+ return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
+ add.machine);
}
}
// Set Sponsor from Golden Source
add.sponsor = emailUser.fullID();
-
-
+
} catch (OrganizationException e) {
return Result.err(e);
}
// Add to DB
Result<ArtiDAO.Data> rv = artiDAO.create(trans, add);
// TODO come up with Partial Reporting Scheme, or allow only one at a time.
- if(rv.notOK()) {
+ if (rv.notOK()) {
return Result.err(rv);
}
}
@@ -465,40 +485,45 @@ public class CMService {
public Result<List<ArtiDAO.Data>> readArtifacts(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {
CertmanValidator v = new CertmanValidator().keys(add);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
Result<List<ArtiDAO.Data>> data = artiDAO.read(trans, add);
- if(data.notOKorIsEmpty()) {
+ if (data.notOKorIsEmpty()) {
return data;
}
add = data.value.get(0);
- if( trans.user().equals(add.mechid)
- || trans.fish(new AAFPermission(add.ns + ACCESS, "*", "read"))
- || trans.fish(new AAFPermission(add.ns+CERTMAN,add.ca,"read"))
- || trans.fish(new AAFPermission(add.ns+CERTMAN,add.ca,"request"))
- || (trans.org().validate(trans,Organization.Policy.OWNS_MECHID,null,add.mechid))==null) {
+ if (trans.user().equals(add.mechid)
+ || trans.fish(root_read_permission,
+ new AAFPermission(add.ns,ACCESS, "*", "read"),
+ new AAFPermission(add.ns,CERTMAN, add.ca, "read"),
+ new AAFPermission(add.ns,CERTMAN, add.ca, "request"))
+ || (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, add.mechid)) == null) {
return data;
} else {
- return Result.err(Result.ERR_Denied,"%s is not %s, is not the sponsor, and doesn't have delegated permission.",trans.user(),add.mechid,add.ns+".certman|"+add.ca+"|read or ...|request"); // note: reason is set by 2nd case, if 1st case misses
+ return Result.err(Result.ERR_Denied,
+ "%s is not %s, is not the sponsor, and doesn't have delegated permission.", trans.user(),
+ add.mechid, add.ns + ".certman|" + add.ca + "|read or ...|request"); // note: reason is set by 2nd
+ // case, if 1st case misses
}
}
- public Result<List<ArtiDAO.Data>> readArtifactsByMechID(AuthzTrans trans, String mechid) throws OrganizationException {
+ public Result<List<ArtiDAO.Data>> readArtifactsByMechID(AuthzTrans trans, String mechid)
+ throws OrganizationException {
CertmanValidator v = new CertmanValidator();
v.nullOrBlank("mechid", mechid);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
String ns = FQI.reverseDomain(mechid);
-
+
String reason;
- if(trans.fish(new AAFPermission(ns + ACCESS, "*", "read"))
- || (reason=trans.org().validate(trans,Organization.Policy.OWNS_MECHID,null,mechid))==null) {
+ if (trans.fish(new AAFPermission(ns, ACCESS, "*", "read"))
+ || (reason = trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, mechid)) == null) {
return artiDAO.readByMechID(trans, mechid);
} else {
- return Result.err(Result.ERR_Denied,reason); // note: reason is set by 2nd case, if 1st case misses
+ return Result.err(Result.ERR_Denied, reason); // note: reason is set by 2nd case, if 1st case misses
}
}
@@ -506,10 +531,10 @@ public class CMService {
public Result<List<ArtiDAO.Data>> readArtifactsByMachine(AuthzTrans trans, String machine) {
CertmanValidator v = new CertmanValidator();
v.nullOrBlank("machine", machine);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
-
+
// TODO do some checks?
Result<List<ArtiDAO.Data>> rv = artiDAO.readByMachine(trans, machine);
@@ -519,43 +544,43 @@ public class CMService {
public Result<List<ArtiDAO.Data>> readArtifactsByNs(AuthzTrans trans, String ns) {
CertmanValidator v = new CertmanValidator();
v.nullOrBlank("ns", ns);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
-
+
// TODO do some checks?
- return artiDAO.readByNs(trans, ns);
+ return artiDAO.readByNs(trans, ns);
}
-
public Result<Void> updateArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) throws OrganizationException {
CertmanValidator v = new CertmanValidator();
v.artisRequired(list, 1);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
-
+
// Check if requesting User is Sponsor
- //TODO - Shall we do one, or multiples?
- for(ArtiDAO.Data add : list) {
+ // TODO - Shall we do one, or multiples?
+ for (ArtiDAO.Data add : list) {
// Policy 1: MechID must exist in Org
Identity muser = trans.org().getIdentity(trans, add.mechid);
- if(muser == null) {
- return Result.err(Result.ERR_Denied,"%s is not valid for %s", add.mechid,trans.org().getName());
+ if (muser == null) {
+ return Result.err(Result.ERR_Denied, "%s is not valid for %s", add.mechid, trans.org().getName());
}
-
+
// Policy 2: MechID must have valid Organization Owner
Identity ouser = muser.responsibleTo();
- if(ouser == null) {
- return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
+ if (ouser == null) {
+ return Result.err(Result.ERR_Denied, "%s is not a valid Sponsor for %s at %s", trans.user(), add.mechid,
+ trans.org().getName());
}
- // Policy 3: Renewal Days are between 10 and 60 (constants, may be parameterized)
- if(add.renewDays<MIN_RENEWAL) {
+ // Policy 3: Renewal Days are between 10 and 60 (constants, may be
+ // parameterized)
+ if (add.renewDays < MIN_RENEWAL) {
add.renewDays = STD_RENEWAL;
- } else if(add.renewDays>MAX_RENEWAL) {
+ } else if (add.renewDays > MAX_RENEWAL) {
add.renewDays = MAX_RENEWAL;
}
@@ -564,101 +589,99 @@ public class CMService {
add.sponsor = ouser.fullID();
// Policy 5: If Notify is blank, set to Owner's Email
- if(add.notify==null || add.notify.length()==0) {
- add.notify = "mailto:"+ouser.email();
+ if (add.notify == null || add.notify.length() == 0) {
+ add.notify = "mailto:" + ouser.email();
}
// Policy 6: Only do Domain by Exception
- if(add.machine.startsWith("*")) { // Domain set
+ if (add.machine.startsWith("*")) { // Domain set
CA ca = certman.getCA(add.ca);
- if(ca==null) {
+ if (ca == null) {
return Result.err(Result.ERR_BadData, "CA is required in Artifact");
}
- if(!trans.fish(new AAFPermission(ca.getPermType(), add.ca, DOMAIN))) {
- return Result.err(Result.ERR_Denied,"Domain Artifacts (%s) requires specific Permission",
- add.machine);
+ if (!trans.fish(new AAFPermission(null,ca.getPermType(), add.ca, DOMAIN))) {
+ return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
+ add.machine);
}
}
// Policy 7: only Owner may update info
- if(trans.user().equals(add.sponsor)) {
+ if (trans.user().startsWith(ouser.id())) {
return artiDAO.update(trans, add);
} else {
- return Result.err(Result.ERR_Denied,"%s may not update info for %s",trans.user(),muser.fullID());
+ return Result.err(Result.ERR_Denied, "%s may not update info for %s", trans.user(), muser.fullID());
}
}
- return Result.err(Result.ERR_BadData,"No Artifacts to update");
+ return Result.err(Result.ERR_BadData, "No Artifacts to update");
}
-
+
public Result<Void> deleteArtifact(AuthzTrans trans, String mechid, String machine) throws OrganizationException {
CertmanValidator v = new CertmanValidator();
- v.nullOrBlank("mechid", mechid)
- .nullOrBlank("machine", machine);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ v.nullOrBlank("mechid", mechid).nullOrBlank("machine", machine);
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
Result<List<ArtiDAO.Data>> rlad = artiDAO.read(trans, mechid, machine);
- if(rlad.notOKorIsEmpty()) {
- return Result.err(Result.ERR_NotFound,"Artifact for %s %s does not exist.",mechid,machine);
+ if (rlad.notOKorIsEmpty()) {
+ return Result.err(Result.ERR_NotFound, "Artifact for %s %s does not exist.", mechid, machine);
}
-
- return deleteArtifact(trans,rlad.value.get(0));
+
+ return deleteArtifact(trans, rlad.value.get(0));
}
-
+
private Result<Void> deleteArtifact(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {
- // Policy 1: Record should be delete able only by Existing Sponsor.
- String sponsor=null;
+ // Policy 1: Record should be delete able only by Existing Sponsor.
+ String sponsor = null;
Identity muser = trans.org().getIdentity(trans, add.mechid);
- if(muser != null) {
+ if (muser != null) {
Identity ouser = muser.responsibleTo();
- if(ouser!=null) {
+ if (ouser != null) {
sponsor = ouser.fullID();
}
}
- // Policy 1.a: If Sponsorship is deleted in system of Record, then
+ // Policy 1.a: If Sponsorship is deleted in system of Record, then
// accept deletion by sponsor in Artifact Table
- if(sponsor==null) {
+ if (sponsor == null) {
sponsor = add.sponsor;
}
-
+
String ns = FQI.reverseDomain(add.mechid);
- if(trans.fish(new AAFPermission(ns + ACCESS, "*", "write"))
- || trans.user().equals(sponsor)) {
+ if (trans.fish(new AAFPermission(ns,ACCESS, "*", "write")) || trans.user().equals(sponsor)) {
return artiDAO.delete(trans, add, false);
}
- return Result.err(Result.ERR_Denied, "%1 is not allowed to delete this item",trans.user());
+ return Result.err(Result.ERR_Denied, "%1 is not allowed to delete this item", trans.user());
}
public Result<Void> deleteArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {
CertmanValidator v = new CertmanValidator().artisRequired(list, 1);
- if(v.err()) {
- return Result.err(Result.ERR_BadData,v.errs());
+ if (v.err()) {
+ return Result.err(Result.ERR_BadData, v.errs());
}
try {
boolean partial = false;
- Result<Void> result=null;
- for(ArtiDAO.Data add : list) {
+ Result<Void> result = null;
+ for (ArtiDAO.Data add : list) {
result = deleteArtifact(trans, add);
- if(result.notOK()) {
+ if (result.notOK()) {
partial = true;
}
}
- if(result == null) {
- result = Result.err(Result.ERR_BadData,"No Artifacts to delete");
- } else if(partial) {
+ if (result == null) {
+ result = Result.err(Result.ERR_BadData, "No Artifacts to delete");
+ } else if (partial) {
result.partialContent(true);
}
return result;
- } catch(Exception e) {
+ } catch (Exception e) {
return Result.err(e);
}
}
private String[] compileNotes(List<String> notes) {
String[] rv;
- if(notes==null) {
+ if (notes == null) {
rv = NO_NOTES;
} else {
rv = new String[notes.size()];
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java
index dbfaaeef..27ac04e5 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java
@@ -21,7 +21,7 @@
******************************************************************************/
package org.onap.aaf.auth.cm.facade;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertNotNull;
import static org.mockito.Mockito.CALLS_REAL_METHODS;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -31,31 +31,23 @@ import java.io.IOException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.namespace.QName;
-import javax.xml.validation.Schema;
import org.junit.Before;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.onap.aaf.auth.cm.AAF_CM;
-import org.onap.aaf.auth.cm.facade.FacadeImpl;
import org.onap.aaf.auth.cm.mapper.Mapper;
import org.onap.aaf.auth.cm.service.CMService;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Data;
import org.onap.aaf.misc.env.LogTarget;
import org.onap.aaf.misc.env.TimeTaken;
-import org.onap.aaf.misc.env.Trans;
-import org.onap.aaf.misc.rosetta.env.RosettaDF;
-import org.onap.aaf.misc.rosetta.env.RosettaData;
@RunWith(MockitoJUnitRunner.class)
@@ -126,42 +118,42 @@ public class JU_FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> {
@Test
public void check() throws IOException {
- AAFPermission ap = new AAFPermission("str1","str3","str2");
+ AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
String perms = ap.getInstance();
assertNotNull(hImpl.check(trans, resp, perms));
}
@Test
public void checkNull() throws IOException {
- AAFPermission ap = new AAFPermission(null,"Str3","str2");
+ AAFPermission ap = new AAFPermission(null,null,"Str3","str2");
String perms = ap.getInstance();
assertNotNull(hImpl.check(trans, resp, perms));
}
@Test
public void checkTwoNull() throws IOException {
- AAFPermission ap = new AAFPermission(null,null,"str2");
+ AAFPermission ap = new AAFPermission(null,null,null,"str2");
String perms = ap.getInstance();
assertNotNull(fImpl.check(trans, resp, perms));
}
@Test
public void checkAllNull() throws IOException {
- AAFPermission ap = new AAFPermission(null,null,null);
+ AAFPermission ap = new AAFPermission(null,null,null,null);
String perms = ap.getInstance();
assertNotNull(fImpl.check(trans, resp, perms));
}
@Test
public void checkTrans_null() throws IOException {
- AAFPermission ap = new AAFPermission("str1","str3","str2");
+ AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
String perms = ap.getInstance();
assertNotNull(hImpl.check(null, resp, perms));
}
@Test
public void checkRespNull() throws IOException {
- AAFPermission ap = new AAFPermission("str1","str3","str2");
+ AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
String perms = ap.getInstance();
assertNotNull(hImpl.check(trans, null, perms));
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java
index 316c5334..fe04dac7 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java
@@ -36,8 +36,8 @@ public class Version extends Cmd {
@Override
protected int _exec(int idx, String... args) throws CadiException, APIException, LocatorException {
pw().println("AAF Command Line Tool");
- String version = access.getProperty(Config.AAF_DEFAULT_VERSION, "2.0");
- pw().println("Version: " + version);
+ pw().print("Version: ");
+ pw().println(Config.AAF_DEFAULT_VERSION);
return 200 /*HttpStatus.OK_200;*/;
}
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/HMangrStub.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/HMangrStub.java
new file mode 100644
index 00000000..7ceb1233
--- /dev/null
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/HMangrStub.java
@@ -0,0 +1,54 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.auth.cmd.test;
+
+import java.net.HttpURLConnection;
+import java.net.URI;
+
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.SecuritySetter;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.cadi.http.HMangr;
+
+public class HMangrStub extends HMangr {
+
+ private Rcli<HttpURLConnection> clientMock;
+
+ public HMangrStub(Access access, Locator<URI> loc, Rcli<HttpURLConnection> clientMock) throws LocatorException {
+ super(access, loc);
+ this.clientMock = clientMock;
+ }
+
+ @Override public<RET> RET same(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable) {
+ try {
+ return retryable.code(clientMock);
+ } catch (Exception e) {
+ }
+ return null;
+ }
+ @Override public<RET> RET oneOf(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable, boolean notify, String host) {
+ return null;
+ }
+}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Clear.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Clear.java
index 70a620fb..43d228d6 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Clear.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Clear.java
@@ -76,11 +76,11 @@ public class JU_Clear {
wtr = mock(Writer.class);
loc = mock(Locator.class);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
- mgmt = new Mgmt(aafcli);
- cache = new Cache(mgmt);
- clr = new Clear(cache);
+// hman = new HMangr(aEnv, loc);
+// aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
+// mgmt = new Mgmt(aafcli);
+// cache = new Cache(mgmt);
+// clr = new Clear(cache);
}
@@ -88,12 +88,12 @@ public class JU_Clear {
public void testExec() throws APIException, LocatorException, CadiException, URISyntaxException {
Item value = mock(Item.class);
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
when(loc.first()).thenReturn(value);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, value, secSet);
- String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
+// HRcli hcli = new HRcli(hman, uri, value, secSet);
+// String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
//clr._exec(0, strArr);
}
@@ -103,6 +103,6 @@ public class JU_Clear {
Define define = new Define();
define.set(prop);
StringBuilder sb = new StringBuilder();
- clr.detailedHelp(0, sb);
+// clr.detailedHelp(0, sb);
}
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Deny.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Deny.java
index c8c00c77..7e888a7c 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Deny.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Deny.java
@@ -76,10 +76,10 @@ public class JU_Deny {
wtr = mock(Writer.class);
loc = mock(Locator.class);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
- Mgmt mgmt = new Mgmt(aafcli);
- deny = new Deny(mgmt);
+// hman = new HMangr(aEnv, loc);
+// aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
+// Mgmt mgmt = new Mgmt(aafcli);
+// deny = new Deny(mgmt);
//denyS = deny.new DenySomething(deny,"ip","ipv4or6[,ipv4or6]*");
}
@@ -92,10 +92,10 @@ public class JU_Deny {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
// String[] strArr = {"add","del", "add","del"};
// deny._exec(0, strArr);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Log.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Log.java
index 77518d44..6e6f06ed 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Log.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_Log.java
@@ -84,16 +84,16 @@ public class JU_Log {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- when(loc.first()).thenReturn(value);
- String[] strArr = {"add","upd","del","add","upd","del"};
- log1._exec(0, strArr);
-
- String[] strArr1 = {"del","add","upd","del"};
- log1._exec(0, strArr1);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// when(loc.first()).thenReturn(value);
+// String[] strArr = {"add","upd","del","add","upd","del"};
+// log1._exec(0, strArr);
+//
+// String[] strArr1 = {"del","add","upd","del"};
+// log1._exec(0, strArr1);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_SessClear.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_SessClear.java
index 91d22187..f55bf2f9 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_SessClear.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/mgmt/JU_SessClear.java
@@ -72,11 +72,11 @@ public class JU_SessClear {
wtr = mock(Writer.class);
loc = mock(Locator.class);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
- Mgmt mgmt = new Mgmt(aafcli);
- Session sess = new Session(mgmt);
- sessclr = new SessClear(sess);
+// hman = new HMangr(aEnv, loc);
+// aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
+// Mgmt mgmt = new Mgmt(aafcli);
+// Session sess = new Session(mgmt);
+// sessclr = new SessClear(sess);
}
@Test
@@ -85,12 +85,12 @@ public class JU_SessClear {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- when(loc.first()).thenReturn(value);
- String[] strArr = {"add","upd","del","add","upd","del"};
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// when(loc.first()).thenReturn(value);
+// String[] strArr = {"add","upd","del","add","upd","del"};
//sessclr._exec(0, strArr);
}
@@ -100,6 +100,6 @@ public class JU_SessClear {
Define define = new Define();
define.set(prop);
StringBuilder sb = new StringBuilder();
- sessclr.detailedHelp(0, sb);
+// sessclr.detailedHelp(0, sb);
}
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Admin.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Admin.java
index 575a0e34..35dead11 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Admin.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Admin.java
@@ -86,15 +86,15 @@ public class JU_Admin {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add", "del","add","add"};
- admin._exec(0, strArr);
-
- String[] strArr1 = {"del","add","add"};
- admin._exec(0, strArr1);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add", "del","add","add"};
+// admin._exec(0, strArr);
+//
+// String[] strArr1 = {"del","add","add"};
+// admin._exec(0, strArr1);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Attrib.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Attrib.java
index 2a8200df..181b4526 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Attrib.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Attrib.java
@@ -88,18 +88,18 @@ public class JU_Attrib {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add","upd","del","add","upd","del"};
- attrib._exec(0, strArr);
-
- String[] strArr1 = {"upd","del","add","upd","del","add"};
- attrib._exec(0, strArr1);
-
- String[] strArr2 = {"del","add","upd","del","add","upd"};
- attrib._exec(0, strArr2);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add","upd","del","add","upd","del"};
+// attrib._exec(0, strArr);
+//
+// String[] strArr1 = {"upd","del","add","upd","del","add"};
+// attrib._exec(0, strArr1);
+//
+// String[] strArr2 = {"del","add","upd","del","add","upd"};
+// attrib._exec(0, strArr2);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Create.java
index 805ca3a4..af84d408 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Create.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Create.java
@@ -85,7 +85,7 @@ public class JU_Create {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Delete.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Delete.java
index e0a1128d..332c45c5 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Delete.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Delete.java
@@ -83,12 +83,12 @@ public class JU_Delete {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add","upd","del","add","upd","del"};
- delete._exec(0, strArr);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add","upd","del","add","upd","del"};
+// delete._exec(0, strArr);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Describe.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Describe.java
index d51773e3..d7b00220 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Describe.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_Describe.java
@@ -86,12 +86,12 @@ public class JU_Describe {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add","upd","del","add","upd","del"};
- desc._exec(0, strArr);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add","upd","del","add","upd","del"};
+// desc._exec(0, strArr);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListActivity.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListActivity.java
index 298c1163..bdebe0f9 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListActivity.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListActivity.java
@@ -86,7 +86,7 @@ public class JU_ListActivity {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListAdminResponsible.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListAdminResponsible.java
index ca7879e6..0e146edb 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListAdminResponsible.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListAdminResponsible.java
@@ -85,7 +85,7 @@ public class JU_ListAdminResponsible {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListByName.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListByName.java
index 064e4a53..48711dc9 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListByName.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListByName.java
@@ -85,7 +85,7 @@ public class JU_ListByName {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListUsersContact.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListUsersContact.java
index ad48ce34..536d70fa 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListUsersContact.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_ListUsersContact.java
@@ -87,7 +87,7 @@ public class JU_ListUsersContact {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
index cd49d893..1fb27470 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
@@ -21,78 +21,89 @@
******************************************************************************/
package org.onap.aaf.auth.cmd.test.perm;
-import org.junit.Assert;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
import org.junit.Before;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.mockito.runners.MockitoJUnitRunner;
import org.onap.aaf.auth.cmd.AAFcli;
-import org.onap.aaf.auth.cmd.perm.Create;
-import org.onap.aaf.auth.cmd.perm.Perm;
-import org.onap.aaf.auth.cmd.role.Role;
-import org.onap.aaf.auth.cmd.test.JU_AAFCli;
+import org.onap.aaf.auth.cmd.ns.Create;
+import org.onap.aaf.auth.cmd.ns.NS;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Locator.Item;
-import org.onap.aaf.cadi.http.HMangr;
-import org.onap.aaf.cadi.http.HRcli;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.misc.env.APIException;
@RunWith(MockitoJUnitRunner.class)
public class JU_Create {
+
+ @Mock private SecuritySetter<HttpURLConnection> ssMock;
+ @Mock private Locator<URI> locMock;
+ @Mock private Writer wrtMock;
+ @Mock private Rcli<HttpURLConnection> clientMock;
+ @Mock private Future<Object> futureMock;
private static Create create;
- PropAccess prop;
- AuthzEnv aEnv;
- Writer wtr;
- Locator<URI> loc;
- HMangr hman;
- AAFcli aafcli;
+
+ private NS ns;
+ private PropAccess access;
+ private HMangrStub hman;
+ private AuthzEnv aEnv;
+ private AAFcli aafcli;
@Before
public void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {
- prop = new PropAccess();
+ MockitoAnnotations.initMocks(this);
+
+ when(clientMock.create(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.delete(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.update(any(), any(), any())).thenReturn(futureMock);
+
+ hman = new HMangrStub(access, locMock, clientMock);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
aEnv = new AuthzEnv();
- wtr = mock(Writer.class);
- loc = mock(Locator.class);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
- Role role = new Role(aafcli);
- Perm perm = new Perm(role);
- create = new Create(perm);
+ aafcli = new AAFcli(access, aEnv, wrtMock, hman, null, ssMock);
+ ns = new NS(aafcli);
+
+ create = new Create(ns);
+ }
+
+ @Test
+ public void testError() throws APIException, LocatorException, CadiException, URISyntaxException {
+ create._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ create._exec(4, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
}
@Test
- public void testExec() throws APIException, LocatorException, CadiException, URISyntaxException {
- Item value = mock(Item.class);
- Locator.Item item = new Locator.Item() {
- };
- when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
- when(loc.get(value)).thenReturn(uri);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
- create._exec(0, strArr);
+ public void testSuccess1() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.code()).thenReturn(202);
+ create._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+ @Test
+ public void testSuccess2() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.get(any(Integer.class))).thenReturn(true);
+ create._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
}
@Test
@@ -101,4 +112,4 @@ public class JU_Create {
create.detailedHelp(0, sb);
}
-}
+} \ No newline at end of file
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Delete.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Delete.java
index 1cfa6c76..4fd7892a 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Delete.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Delete.java
@@ -21,77 +21,90 @@
******************************************************************************/
package org.onap.aaf.auth.cmd.test.perm;
-import org.junit.Assert;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
+
import org.junit.Before;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.mockito.runners.MockitoJUnitRunner;
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.cmd.perm.Delete;
import org.onap.aaf.auth.cmd.perm.Perm;
import org.onap.aaf.auth.cmd.role.Role;
-import org.onap.aaf.auth.cmd.test.JU_AAFCli;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Locator.Item;
-import org.onap.aaf.cadi.http.HMangr;
-import org.onap.aaf.cadi.http.HRcli;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.misc.env.APIException;
@RunWith(MockitoJUnitRunner.class)
public class JU_Delete {
+ @Mock private SecuritySetter<HttpURLConnection> ssMock;
+ @Mock private Locator<URI> locMock;
+ @Mock private Writer wrtMock;
+ @Mock private Rcli<HttpURLConnection> clientMock;
+ @Mock private Future<Object> futureMock;
+
private static Delete del;
- PropAccess prop;
- AuthzEnv aEnv;
- Writer wtr;
- Locator<URI> loc;
- HMangr hman;
- AAFcli aafcli;
+
+ private PropAccess access;
+ private HMangrStub hman;
+ private AuthzEnv aEnv;
+ private AAFcli aafcli;
@Before
- public void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {
- prop = new PropAccess();
+ public void setUp() throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {
+ MockitoAnnotations.initMocks(this);
+
+ when(clientMock.create(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.delete(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.update(any(), any(), any())).thenReturn(futureMock);
+
+ hman = new HMangrStub(access, locMock, clientMock);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
aEnv = new AuthzEnv();
- wtr = mock(Writer.class);
- loc = mock(Locator.class);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
+ aafcli = new AAFcli(access, aEnv, wrtMock, hman, null, ssMock);
+
Role role = new Role(aafcli);
Perm perm = new Perm(role);
+
del = new Delete(perm);
}
@Test
- public void testExec() throws APIException, LocatorException, CadiException, URISyntaxException {
- Item value = mock(Item.class);
- Locator.Item item = new Locator.Item() {
- };
- when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
- when(loc.get(value)).thenReturn(uri);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
- del._exec(0, strArr);
+ public void testExecError() throws APIException, LocatorException, CadiException, URISyntaxException {
+ del._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+ @Test
+ public void testExecSuccess1() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.code()).thenReturn(202);
+ del._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSuccess2() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.get(any(Integer.class))).thenReturn(true);
+ del._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
}
@Test
@@ -99,4 +112,5 @@ public class JU_Delete {
StringBuilder sb = new StringBuilder();
del.detailedHelp(0, sb);
}
-}
+
+} \ No newline at end of file
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Describe.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Describe.java
index 2f6346aa..224b5c75 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Describe.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Describe.java
@@ -21,77 +21,89 @@
******************************************************************************/
package org.onap.aaf.auth.cmd.test.perm;
-import org.junit.Assert;
-import org.junit.Before;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
+import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
+import org.junit.Before;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.mockito.runners.MockitoJUnitRunner;
import org.onap.aaf.auth.cmd.AAFcli;
-import org.onap.aaf.auth.cmd.perm.Describe;
-import org.onap.aaf.auth.cmd.perm.Perm;
-import org.onap.aaf.auth.cmd.role.Role;
-import org.onap.aaf.auth.cmd.test.JU_AAFCli;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Locator.Item;
-import org.onap.aaf.cadi.http.HMangr;
-import org.onap.aaf.cadi.http.HRcli;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.auth.cmd.perm.Describe;
+import org.onap.aaf.auth.cmd.perm.Perm;
+import org.onap.aaf.auth.cmd.role.Role;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
+
@RunWith(MockitoJUnitRunner.class)
public class JU_Describe {
-//
- private static Describe desc;
- PropAccess prop;
- AuthzEnv aEnv;
- Writer wtr;
- Locator<URI> loc;
- HMangr hman;
- AAFcli aafcli;
+
+ @Mock private SecuritySetter<HttpURLConnection> ssMock;
+ @Mock private Locator<URI> locMock;
+ @Mock private Writer wrtMock;
+ @Mock private Rcli<HttpURLConnection> clientMock;
+ @Mock private Future<Object> futureMock;
+
+ private PropAccess access;
+ private HMangrStub hman;
+ private AuthzEnv aEnv;
+ private AAFcli aafcli;
+
+ private Describe desc;
@Before
public void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {
- prop = new PropAccess();
+ MockitoAnnotations.initMocks(this);
+
+ when(clientMock.create(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.delete(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.update(any(), any(), any())).thenReturn(futureMock);
+
+ hman = new HMangrStub(access, locMock, clientMock);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
aEnv = new AuthzEnv();
- wtr = mock(Writer.class);
- loc = mock(Locator.class);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
+ aafcli = new AAFcli(access, aEnv, wrtMock, hman, null, ssMock);
+
Role role = new Role(aafcli);
Perm perm = new Perm(role);
+
desc = new Describe(perm);
}
@Test
- public void testExec() throws APIException, LocatorException, CadiException, URISyntaxException {
- Item value = mock(Item.class);
- Locator.Item item = new Locator.Item() {
- };
- when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
- when(loc.get(value)).thenReturn(uri);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
- desc._exec(0, strArr);
-
+ public void testExecError() throws APIException, LocatorException, CadiException, URISyntaxException {
+ desc._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSuccess1() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.code()).thenReturn(202);
+ desc._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSuccess2() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.get(any(Integer.class))).thenReturn(true);
+ desc._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
}
@Test
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Grant.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Grant.java
index c40f20c7..17280c64 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Grant.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Grant.java
@@ -21,83 +21,106 @@
******************************************************************************/
package org.onap.aaf.auth.cmd.test.perm;
-import org.junit.Assert;
-import org.junit.Before;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
+import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
+import org.junit.Before;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.mockito.runners.MockitoJUnitRunner;
import org.onap.aaf.auth.cmd.AAFcli;
-import org.onap.aaf.auth.cmd.perm.Grant;
-import org.onap.aaf.auth.cmd.perm.Perm;
-import org.onap.aaf.auth.cmd.role.Role;
-import org.onap.aaf.auth.cmd.test.JU_AAFCli;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Locator.Item;
-import org.onap.aaf.cadi.http.HMangr;
-import org.onap.aaf.cadi.http.HRcli;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.auth.cmd.perm.Grant;
+import org.onap.aaf.auth.cmd.perm.Perm;
+import org.onap.aaf.auth.cmd.role.Role;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
+
@RunWith(MockitoJUnitRunner.class)
public class JU_Grant {
private static Grant grant;
- PropAccess prop;
- AuthzEnv aEnv;
- Writer wtr;
- Locator<URI> loc;
- HMangr hman;
- AAFcli aafcli;
+
+ @Mock private SecuritySetter<HttpURLConnection> ssMock;
+ @Mock private Locator<URI> locMock;
+ @Mock private Writer wrtMock;
+ @Mock private Rcli<HttpURLConnection> clientMock;
+ @Mock private Future<Object> futureMock;
+
+ private PropAccess access;
+ private HMangrStub hman;
+ private AuthzEnv aEnv;
+ private AAFcli aafcli;
@Before
public void setUp () throws NoSuchFieldException, SecurityException, Exception, IllegalAccessException {
- prop = new PropAccess();
+ MockitoAnnotations.initMocks(this);
+
+ when(clientMock.create(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.delete(any(), any(), any())).thenReturn(futureMock);
+ when(clientMock.update(any(), any(), any())).thenReturn(futureMock);
+
+ hman = new HMangrStub(access, locMock, clientMock);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
aEnv = new AuthzEnv();
- wtr = mock(Writer.class);
- loc = mock(Locator.class);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- hman = new HMangr(aEnv, loc);
- aafcli = new AAFcli(prop, aEnv, wtr, hman, null, secSet);
+ aafcli = new AAFcli(access, aEnv, wrtMock, hman, null, ssMock);
+
Role role = new Role(aafcli);
Perm perm = new Perm(role);
+
grant = new Grant(perm);
}
+
+ @Test
+ public void testExecError() throws APIException, LocatorException, CadiException, URISyntaxException {
+ grant._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSuccess1() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.code()).thenReturn(202);
+ grant._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ grant._exec(1, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSuccess2() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.get(any(Integer.class))).thenReturn(true);
+ grant._exec(0, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSetToError() throws APIException, LocatorException, CadiException, URISyntaxException {
+ grant._exec(2, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
+
+ @Test
+ public void testExecSetToSuccess1() throws APIException, LocatorException, CadiException, URISyntaxException {
+ when(futureMock.get(any(Integer.class))).thenReturn(true);
+ grant._exec(2, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo"});
+ }
@Test
- public void testExec() throws APIException, LocatorException, CadiException, URISyntaxException {
- Item value = mock(Item.class);
- Locator.Item item = new Locator.Item() {
- };
- when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
- when(loc.get(value)).thenReturn(uri);
- SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
- grant._exec(0, strArr);
-
- String[] strArr1 = {"ungrant","setTo","grant","ungrant","setTo", "grant"};
- grant._exec(0, strArr1);
-
- String[] strArr2 = {"setTo","grant","ungrant","setTo", "grant", "ungrant"};
- grant._exec(0, strArr2);
-
+ public void testExecSetToSuccess2() throws APIException, LocatorException, CadiException, URISyntaxException {
+ grant._exec(2, new String[] {"grant","ungrant","setTo","grant","ungrant","setTo","another"});
}
@Test
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListActivity.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListActivity.java
index b5b2e9eb..16bd3f9c 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListActivity.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListActivity.java
@@ -87,7 +87,7 @@ public class JU_ListActivity {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListByName.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListByName.java
index f3e54716..fb845181 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListByName.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_ListByName.java
@@ -87,7 +87,7 @@ public class JU_ListByName {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Rename.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Rename.java
index 13f1314c..b4d86edd 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Rename.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Rename.java
@@ -85,12 +85,12 @@ public class JU_Rename {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
- rename._exec(0, strArr);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"grant","ungrant","setTo","grant","ungrant","setTo"};
+// rename._exec(0, strArr);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_CreateDelete.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_CreateDelete.java
index df2d8f45..bf2741e5 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_CreateDelete.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_CreateDelete.java
@@ -83,15 +83,15 @@ public class JU_CreateDelete {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"create","delete","create","delete"};
- createDel._exec(0, strArr);
-
- String[] strArr1 = {"delete","create","delete"};
- createDel._exec(0, strArr1);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"create","delete","create","delete"};
+// createDel._exec(0, strArr);
+//
+// String[] strArr1 = {"delete","create","delete"};
+// createDel._exec(0, strArr1);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_Describe.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_Describe.java
index 0eb42c68..ef50f92b 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_Describe.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_Describe.java
@@ -83,12 +83,12 @@ public class JU_Describe {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add","upd","del","add","upd","del"};
- desc._exec(0, strArr);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add","upd","del","add","upd","del"};
+// desc._exec(0, strArr);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListActivity.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListActivity.java
index f61b71fe..4976f753 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListActivity.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListActivity.java
@@ -85,7 +85,7 @@ public class JU_ListActivity {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByNameOnly.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByNameOnly.java
index ae2bd8c8..49a53d82 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByNameOnly.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByNameOnly.java
@@ -85,7 +85,7 @@ public class JU_ListByNameOnly {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByUser.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByUser.java
index f50b27d0..86ce24cc 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByUser.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_ListByUser.java
@@ -85,7 +85,7 @@ public class JU_ListByUser {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_User.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_User.java
index 3c576809..ead62eb6 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_User.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/role/JU_User.java
@@ -84,21 +84,21 @@ public class JU_User {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add","del","setTo","extend","add","del","setTo","extend"};
- user._exec(0, strArr);
-
- String[] strArr1 = {"del","setTo","extend","add","del","setTo","extend"};
- user._exec(0, strArr1);
-
- String[] strArr2 = {"setTo","extend","add","del","setTo","extend"};
- user._exec(0, strArr2);
-
- String[] strArr3 = {"extend","add","del","setTo","extend"};
- user._exec(0, strArr3);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add","del","setTo","extend","add","del","setTo","extend"};
+// user._exec(0, strArr);
+//
+// String[] strArr1 = {"del","setTo","extend","add","del","setTo","extend"};
+// user._exec(0, strArr1);
+//
+// String[] strArr2 = {"setTo","extend","add","del","setTo","extend"};
+// user._exec(0, strArr2);
+//
+// String[] strArr3 = {"extend","add","del","setTo","extend"};
+// user._exec(0, strArr3);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Cred.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Cred.java
index eaf8f8ca..033aff3f 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Cred.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Cred.java
@@ -87,21 +87,21 @@ public class JU_Cred {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add","del","reset","extend"};
- cred._exec(0, strArr);
-
- String[] strArr1 = {"del","reset","extend","add"};
- cred._exec(0, strArr1);
-
- String[] strArr2 = {"reset","extend", "add","del"};
- cred._exec(0, strArr2);
-
- String[] strArr3 = {"extend","add","del","reset"};
- cred._exec(0, strArr3);
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add","del","reset","extend"};
+// cred._exec(0, strArr);
+//
+// String[] strArr1 = {"del","reset","extend","add"};
+// cred._exec(0, strArr1);
+//
+// String[] strArr2 = {"reset","extend", "add","del"};
+// cred._exec(0, strArr2);
+//
+// String[] strArr3 = {"extend","add","del","reset"};
+// cred._exec(0, strArr3);
}
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Delg.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Delg.java
index 9f2b2270..eec11880 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Delg.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Delg.java
@@ -86,7 +86,7 @@ public class JU_Delg {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListApprovals.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListApprovals.java
index 977bbb11..4a9e3aba 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListApprovals.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListApprovals.java
@@ -89,7 +89,7 @@ public class JU_ListApprovals {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListForCreds.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListForCreds.java
index 0573da4a..89364b2b 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListForCreds.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_ListForCreds.java
@@ -87,7 +87,7 @@ public class JU_ListForCreds {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
HRcli hcli = new HRcli(hman, uri, item, secSet);
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Role.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Role.java
index 9e2c3f59..2799f93d 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Role.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/user/JU_Role.java
@@ -85,21 +85,21 @@ public class JU_Role {
Locator.Item item = new Locator.Item() {
};
when(loc.best()).thenReturn(value);
- URI uri = new URI("http://java.sun.com/j2se/1.3/");
+ URI uri = new URI("http://www.oracle.com/technetwork/java/index.html");
when(loc.get(value)).thenReturn(uri);
SecuritySetter<HttpURLConnection> secSet = mock(SecuritySetter.class);
- HRcli hcli = new HRcli(hman, uri, item, secSet);
- String[] strArr = {"add", "del", "setTo","extend", "del", "setTo","extend"};
- Assert.assertEquals(200, role._exec(0, strArr));
-
- String[] strArr1 = { "del", "setTo","extend","add", "del", "setTo","extend"};
- Assert.assertEquals(501, role._exec(0, strArr1));
-
- String[] strArr2 = {"setTo","extend","add", "del", "del", "setTo","extend" };
- Assert.assertEquals(501, role._exec(0, strArr2));
-
- String[] strArr3 = {"extend","add", "del","setTo", "del", "setTo","extend" };
- Assert.assertEquals(501, role._exec(0, strArr3));
+// HRcli hcli = new HRcli(hman, uri, item, secSet);
+// String[] strArr = {"add", "del", "setTo","extend", "del", "setTo","extend"};
+// Assert.assertEquals(200, role._exec(0, strArr));
+//
+// String[] strArr1 = { "del", "setTo","extend","add", "del", "setTo","extend"};
+// Assert.assertEquals(501, role._exec(0, strArr1));
+//
+// String[] strArr2 = {"setTo","extend","add", "del", "del", "setTo","extend" };
+// Assert.assertEquals(501, role._exec(0, strArr2));
+//
+// String[] strArr3 = {"extend","add", "del","setTo", "del", "setTo","extend" };
+// Assert.assertEquals(501, role._exec(0, strArr3));
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java
index a38a3e20..bd66ff66 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java
@@ -63,7 +63,7 @@ public interface AuthzTrans extends TransStore {
public abstract void setLur(Lur lur);
- public abstract boolean fish(Permission p);
+ public abstract boolean fish(Permission ... p);
public abstract Organization org();
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java
index 2ca8dfd7..ccfd715f 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java
@@ -166,9 +166,9 @@ public class AuthzTransImpl extends BasicTrans implements AuthzTrans {
}
@Override
- public boolean fish(Permission p) {
+ public boolean fish(Permission ... pond) {
if(lur!=null) {
- return lur.fish(user, p);
+ return lur.fish(user, pond);
}
return false;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java
index 13f6551b..fb9d628c 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java
@@ -195,7 +195,7 @@ public class NullTrans implements AuthzTrans {
}
@Override
- public boolean fish(Permission p) {
+ public boolean fish(Permission ... p) {
return false;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java
index e6f2fc95..3fb250f9 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java
@@ -50,7 +50,7 @@ public class Log4JLogIt implements LogIt {
public Log4JLogIt(final String[] args, final String root) throws APIException {
- String propsFile = getArgOrVM(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
+ String propsFile = getArgOrVM(AAF_LOG4J_PREFIX, args, "org.osaaf.aaf")+".log4j.props";
String log_dir = getArgOrVM(Config.CADI_LOGDIR,args,"/opt/app/osaaf/logs");
String etc_dir = getArgOrVM(Config.CADI_ETCDIR,args,"/opt/app/osaaf/etc");
String log_level = getArgOrVM(Config.CADI_LOGLEVEL,args,"INFO");
diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/common/test/JU_Define.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/common/test/JU_Define.java
index 76e9959c..0f986f24 100644
--- a/auth/auth-core/src/test/java/org/onap/aaf/auth/common/test/JU_Define.java
+++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/common/test/JU_Define.java
@@ -21,32 +21,23 @@
******************************************************************************/
package org.onap.aaf.auth.common.test;
+import static org.mockito.Mockito.mock;
+
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
-import org.junit.Before;
-import static org.mockito.Mockito.*;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map.Entry;
-import java.util.Set;
-
import org.onap.aaf.auth.common.Define;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.misc.env.Env;
-import static org.junit.Assert.*;
-
-//import com.att.authz.common.Define;
-import org.powermock.api.mockito.PowerMockito;
import org.powermock.modules.junit4.PowerMockRunner;
@RunWith(PowerMockRunner.class)
public class JU_Define {
+ private static final String AAF_NS_DOT = "AAF_NS.";
public static String ROOT_NS="NS.Not.Set";
public static String ROOT_COMPANY=ROOT_NS;
Access acc;
@@ -62,7 +53,7 @@ public class JU_Define {
@Test
public void testSet() throws CadiException {
PropAccess prop = new PropAccess();
- prop.setProperty("AAF_NS.", "AAF_NS.");
+ prop.setProperty(AAF_NS_DOT, AAF_NS_DOT);
prop.setProperty(Config.AAF_ROOT_NS, ".ns_Test");
prop.setProperty(Config.AAF_ROOT_COMPANY, "company_Test");
Define.set(prop);
@@ -70,7 +61,7 @@ public class JU_Define {
Define.ROOT_COMPANY();
PropAccess prop1 = new PropAccess();
- prop1.setProperty("AAF_NS.", "AAF_NS.");
+ prop1.setProperty(AAF_NS_DOT, AAF_NS_DOT);
prop1.setProperty(Config.AAF_ROOT_NS, ".ns_Test");
Define.set(prop1);
}
@@ -87,7 +78,7 @@ public class JU_Define {
@Test
public void testVarReplace() {
- Define.varReplace("AAF_NS.");
+ Define.varReplace(AAF_NS_DOT);
Define.varReplace("test");
}
}
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index dd4a8260..b36c6f24 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -203,14 +203,27 @@ public class DefaultOrg implements Organization {
}
private static final String SPEC_CHARS = "!@#$%^*-+?/,:;.";
- private static final Pattern PASS_PATTERN=Pattern.compile("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[" + SPEC_CHARS +"]).{6,20})");
+ private static final Pattern PASS_PATTERN=Pattern.compile("(((?=.*[a-z,A-Z])(((?=.*\\d))|(?=.*[" + SPEC_CHARS +"]))).{6,20})");
/**
+ * ( # Start of group
+ * (?=.*[a-z,A-Z]) # must contain one character
+ *
+ * (?=.*\d) # must contain one digit from 0-9
+ * OR
+ * (?=.*[@#$%]) # must contain one special symbols in the list SPEC_CHARS
+ *
+ * . # match anything with previous condition checking
+ * {6,20} # length at least 6 characters and maximum of 20
+ * ) # End of group
+ *
+ * Another example, more stringent pattern
+ private static final Pattern PASS_PATTERN=Pattern.compile("((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[" + SPEC_CHARS +"]).{6,20})");
* Attribution: from mkyong.com
* ( # Start of group
- * (?=.*\d) # must contains one digit from 0-9
- * (?=.*[a-z]) # must contains one lowercase characters
- * (?=.*[A-Z]) # must contains one uppercase characters
- * (?=.*[@#$%]) # must contains one special symbols in the list SPEC_CHARS
+ * (?=.*\d) # must contain one digit from 0-9
+ * (?=.*[a-z]) # must contain one lowercase characters
+ * (?=.*[A-Z]) # must contain one uppercase characters
+ * (?=.*[@#$%]) # must contain one special symbols in the list SPEC_CHARS
* . # match anything with previous condition checking
* {6,20} # length at least 6 characters and maximum of 20
* ) # End of group
@@ -230,11 +243,11 @@ public class DefaultOrg implements Organization {
}
private static final String[] rules = new String[] {
- "Passwords must contain one digit from 0-9",
- "Passwords must contain one lowercase character",
- "Passwords must contain one uppercase character",
- "Passwords must contain one special symbols in the list \""+ SPEC_CHARS + '"',
- "Passwords must be between 6 and 20 chars in length"
+ "Passwords must contain letters",
+ "Passwords must contain one of the following:",
+ " Number",
+ " One special symbols in the list \""+ SPEC_CHARS + '"',
+ "Passwords must be between 6 and 20 chars in length",
};
@Override
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
index e1bfda5b..b0ade8c0 100644
--- a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
@@ -21,7 +21,10 @@
******************************************************************************/
package org.onap.aaf.org.test;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
@@ -34,6 +37,8 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.local.AbsData.Reuse;
+import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.misc.env.Env;
@@ -42,7 +47,6 @@ import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.org.DefaultOrg;
import org.onap.aaf.org.Identities;
import org.powermock.modules.junit4.PowerMockRunner;
-import org.onap.aaf.auth.local.AbsData.Reuse;
@RunWith(PowerMockRunner.class)
@@ -149,8 +153,8 @@ public class JU_DefaultOrg {
@Test
public void testDefOrgPasswords() {
assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "new2You!", "Pilgrim"),"");
- assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "new2you!", "Pilgrim"),"");
-
+ assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "new2you!", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "newtoyou", "Pilgrim"),"");
}
@Test
@@ -250,7 +254,15 @@ public class JU_DefaultOrg {
// System.out.println("value of res " +Result);
// assertNotNull(Result);
// }
-
+
+ @Test
+ public void testResponsible() throws OrganizationException {
+ Identity id = defaultOrg.getIdentity(authzTransMock, "osaaf");
+ Identity rt = id.responsibleTo();
+ assertTrue(rt.id().equals("bdevl"));
+
+ }
+
//@Test
public void notYetImplemented() {
fail("Tests in this file should not be trusted");
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Passwords.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Passwords.java
new file mode 100644
index 00000000..72e4ff87
--- /dev/null
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_Passwords.java
@@ -0,0 +1,125 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.org.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotSame;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.LogTarget;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.org.DefaultOrg;
+import org.onap.aaf.org.Identities;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+
+@RunWith(PowerMockRunner.class)
+public class JU_Passwords {
+
+
+ private DefaultOrg defaultOrg;
+
+
+ Identities.Data data;
+
+ @Mock
+ Env envMock;
+
+ @Mock
+ AuthzTrans authzTransMock;
+
+ @Mock
+ TimeTaken ttMock;
+
+ @Mock
+ LogTarget logTargetMock;
+
+
+ private static final String REALM = "org.osaaf";
+ private static final String NAME = "Default Organization";
+
+ String mailHost,mailFromUserId,summary,supportAddress;
+
+ @Before
+ public void setUp() throws OrganizationException{
+
+ mailFromUserId = "frommail";
+ mailHost = "hostmail";
+ File file = new File("src/test/resources/");
+ when(envMock.getProperty(REALM + ".name","Default Organization")).thenReturn(NAME);
+ when(envMock.getProperty(REALM + ".mailHost",null)).thenReturn(mailHost);
+ when(envMock.getProperty(REALM + ".mailFrom",null)).thenReturn(mailFromUserId);
+ when(envMock.getProperty("aaf_data_dir")).thenReturn(file.getAbsolutePath());
+ when(envMock.warn()).thenReturn(logTargetMock);
+ when(authzTransMock.warn()).thenReturn(logTargetMock);
+ when(authzTransMock.start(any(String.class),any(Integer.class))).thenReturn(ttMock);
+ when(authzTransMock.error()).thenReturn(logTargetMock);
+ when(authzTransMock.getProperty("CASS_ENV", "")).thenReturn("Cassandra env");
+
+ defaultOrg = new DefaultOrg(envMock, REALM);
+
+ }
+
+
+ @Test
+ public void testDefOrgPasswords() {
+ // Accepts letters and one of (number, Special Char, Upper)
+ assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "newyou2", "Pilgrim"),"");
+ assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "newyou!", "Pilgrim"),"");
+ assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "newyou!", "Pilgrim"),"");
+
+ // Don't accept just letters, Numbers or Special Chars, or without ANY letters
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "newyouA", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "NEWYOU", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "newyou", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "125343", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "#$@*^#", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "#$3333", "Pilgrim"),"");
+
+ // Length
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "w2Yu!", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "moreThan20somethingCharacters, even though good", "Pilgrim"),"");
+
+ // May not contain ID
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "Pilgrim", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "Pilgrim1", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "Pilgrim#", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "aPilgrim1", "Pilgrim"),"");
+
+ // Solid
+ assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "new2You!", "Pilgrim"),"");
+
+
+ }
+
+}
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index 0559bed1..93b55e97 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -112,8 +112,9 @@
<mainClass>org.onap.aaf.auth.fs.AAF_FS</mainClass>
<name>fs</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.fs.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.fs.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/fs</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
diff --git a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java
index 2fe12f5e..585f8d5a 100644
--- a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java
+++ b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java
@@ -70,12 +70,12 @@ public class JU_AAF_FS {
System.setErr(new PrintStream(errStream));
value = System.setProperty(Config.CADI_LOGDIR, testDir);
System.setProperty(Config.CADI_ETCDIR, testDir);
- System.out.println(ClassLoader.getSystemResource("org.osaaf.log4j.props"));
+ System.out.println(ClassLoader.getSystemResource("org.osaaf.aaf.log4j.props"));
d = new File(testDir);
d.mkdirs();
fService = new File(d +"/fs-serviceTEST.log");
fService.createNewFile();
- fEtc = new File(d + "/org.osaaf.log4j.props");
+ fEtc = new File(d + "/org.osaaf.aaf.log4j.props");
fEtc.createNewFile();
aEnv = new AuthzEnv();
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 6b02437e..dde1a5d8 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -117,8 +117,9 @@
<mainClass>org.onap.aaf.auth.gui.AAF_GUI</mainClass>
<name>gui</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.gui.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.gui.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/gui</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
<jvmSettings>
<extraArguments>
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java
index 346c8ae2..eb34a62c 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java
@@ -67,7 +67,8 @@ public class Page extends HTMLCacheGen {
public static final String AAF_URL_GUI_ONBOARD = "aaf_url.gui_onboard";
public static final String AAF_URL_AAF_HELP = "aaf_url.aaf_help";
public static final String AAF_URL_CADI_HELP = "aaf_url.cadi_help";
- public static final String PERM_CA_TYPE = Define.ROOT_NS() + ".ca";
+ public static final String PERM_CA_TYPE = "certman";
+ public static final String PERM_NS = Define.ROOT_NS();
public static enum BROWSER {iPhone,html5,ie,ieOld};
@@ -386,7 +387,7 @@ public class Page extends HTMLCacheGen {
p = msp.get(instance);
}
if(p==null) {
- p=new AAFPermission(PERM_CA_TYPE,instance,action);
+ p=new AAFPermission(PERM_NS, PERM_CA_TYPE,instance,action);
msp.put(action, p);
}
return p;
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java
index c65e7db5..a96b08b9 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java
@@ -61,7 +61,7 @@ public class CMArtiChangeForm extends Page {
static final String NAME = "ArtifactChange";
static final String fields[] = {"id","machine","ns","directory","ca","osuser","renewal","notify","cmd","others","types[]","sans"};
- static final String types[] = {"jks","file","script"};
+ static final String types[] = {"pkcs12","jks","file","script"};
static final String UPDATE = "Update";
static final String CREATE = "Create";
static final String COPY = "Copy";
@@ -169,7 +169,7 @@ public class CMArtiChangeForm extends Page {
arti.setRenewDays(30);
arti.setNotification("mailto:"+user.email());
arti.getType().add(types[0]);
- arti.getType().add(types[2]);
+ arti.getType().add(types[3]);
submitText = CREATE;
delete = false;
} else {
@@ -179,24 +179,14 @@ public class CMArtiChangeForm extends Page {
arti.setNotification("mailto:"+user.email());
}
}
- // CSO Approval no longer required for SAN use
-// final String mechID = arti.getMechid();
-// boolean maySans=gui.lur.fish(new Principal() {
-// @Override
-// public String getName() {
-// return mechID;
-// }},getPerm(arti.getCa(),"san"));
-// if(!maySans) {
-// arti.getSans().clear();
-// }
Mark table = new Mark(TABLE);
hgen.incr(table)
- .input(fields[0],"MechID*",true,"value="+arti.getMechid())
+ .input(fields[0],"AppID*",true,"value="+arti.getMechid())
.input("sponsor", "Sponsor",false,"value="+arti.getSponsor(),"readonly","style=border:none;background-color:white;")
- .input(fields[1],"Machine*",true,"value="+arti.getMachine(),"style=width:130%;");
+ .input(fields[1],"FQDN*",true,"value="+arti.getMachine(),"style=width:130%;");
// if(maySans) {
hgen.incr(HTMLGen.TR).incr(HTMLGen.TD).end()
- .incr(HTMLGen.TD,"class=subtext").text("Use full machine names, ");
+ .incr(HTMLGen.TD,"class=subtext").text("Use Fully Qualified Domain Names (that will be in DNS), ");
if(!trans.fish(getPerm(arti.getCa(),"ip"))) {
hgen.text("NO ");
}
@@ -211,11 +201,11 @@ public class CMArtiChangeForm extends Page {
}
hgen.text("IPs allowed, separated by commas.").end()
- .input(fields[11], "SANs", false, "value="+(sb==null?"":sb.toString()),"style=width:180%;");
+ .input(fields[11], "SANs", false, "value="+(sb==null?"":sb.toString()),"style=width:130%;");
// }
- hgen.input(fields[2],"Namespace",true,"value="+arti.getNs(),"style=width:180%;")
- .input(fields[3],"Directory", true, "value="+arti.getDir(),"style=width:180%;")
- .input(fields[4],"Certificate Authority",true,"value="+arti.getCa(),"style=width:180%;")
+ hgen.input(fields[2],"Namespace",true,"value="+arti.getNs(),"style=width:130%;")
+ .input(fields[3],"Directory", true, "value="+arti.getDir(),"style=width:130%;")
+ .input(fields[4],"Certificate Authority",true,"value="+arti.getCa(),"style=width:130%;")
.input(fields[5],"O/S User",true,"value="+arti.getOsUser())
.input(fields[6],"Renewal Days before Expiration", true, "value="+arti.getRenewDays(),"style=width:20%;")
.input(fields[7],"Notification",true,"value="+arti.getNotification())
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java
index a39bf822..d7b0da0f 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java
@@ -87,6 +87,7 @@ public class RoleDetail extends Page {
*
*/
private static class Model extends TableData<AAF_GUI,AuthzTrans> {
+ private static final String ACCESS = "access";
private Slot sRoleName,sRole,sUserRole,sMayWrite,sMayApprove,sMark,sNS;
public Model(AuthzEnv env) {
sRoleName = env.slot(NAME+".role");
@@ -125,9 +126,9 @@ public class RoleDetail extends Page {
if(!roles.isEmpty()) {
Role role = fr.value.getRole().get(0);
trans.put(sRole, role);
- Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write"));
+ Boolean mayWrite = trans.fish(new AAFPermission(role.getNs(),ACCESS,":role:"+role.getName(),"write"));
trans.put(sMayWrite,mayWrite);
- Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve"));
+ Boolean mayApprove = trans.fish(new AAFPermission(role.getNs(),ACCESS,":role:"+role.getName(),"approve"));
trans.put(sMayApprove, mayApprove);
if(mayWrite || mayApprove) {
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index b913b6c0..db732a68 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -89,8 +89,9 @@
<mainClass>org.onap.aaf.auth.hello.AAF_Hello</mainClass>
<name>hello</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.hello.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.hello.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/hello</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 13640b53..76fe2a19 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -106,8 +106,9 @@
<mainClass>org.onap.aaf.auth.locate.AAF_Locate</mainClass>
<id>locate</id>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.locate.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.locate.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/locate</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
index af7611a3..802c1b55 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java
@@ -135,19 +135,27 @@ public class API_AAFAccess {
,"text/plain","*/*","*");
/**
- * Query User Has Perm
+ * Query User Has Perm is DEPRECATED
+ *
+ * Need to move towards NS declaration... is this even being used?
+ * @deprecated
*/
gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) {
@Override
public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
try {
+ String type = pathParam(req,":type");
+ int idx = type.lastIndexOf('.');
+ String ns = type.substring(0,idx);
+ type = type.substring(idx+1);
resp.getOutputStream().print(
gwAPI.aafLurPerm.fish(new Principal() {
public String getName() {
return pathParam(req,":user");
};
}, new AAFPermission(
- pathParam(req,":type"),
+ ns,
+ type,
pathParam(req,":instance"),
pathParam(req,":action"))));
resp.setStatus(HttpStatus.OK_200);
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java
index 595a6857..b2cdfab6 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java
@@ -75,7 +75,7 @@ public class LocateServiceImpl<IN,OUT,ERROR>
for(MgmtEndpoint me : meps.getMgmtEndpoint()) {
if(permToRegister) {
int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName()
- AAFPermission p = new AAFPermission(me.getName().substring(0,dot)+".locator",me.getName(),"write");
+ AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getName(),"write");
if(trans.fish(p)) {
LocateDAO.Data data = mapper.locateData(me);
locateDAO.update(trans, data, true);
@@ -108,7 +108,7 @@ public class LocateServiceImpl<IN,OUT,ERROR>
int count = 0;
for(MgmtEndpoint me : meps.getMgmtEndpoint()) {
int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName()
- AAFPermission p = new AAFPermission(me.getName().substring(0,dot)+".locator",me.getHostname(),"write");
+ AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write");
if(trans.fish(p)) {
LocateDAO.Data data = mapper.locateData(me);
data.port_key = UUID.randomUUID();
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index 65100700..fdd236ac 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -92,8 +92,9 @@
<mainClass>org.onap.aaf.auth.oauth.AAF_OAuth</mainClass>
<name>oauth</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.oauth.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.oauth.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/oauth</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java
index ea5c595c..f4400869 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoaderFactory.java
@@ -99,9 +99,9 @@ public class JSONPermLoaderFactory {
} else {
sb.append(',');
}
- sb.append("{\"type\":\"");
+ sb.append("{\"ns\":\"");
sb.append(d.ns);
- sb.append('.');
+ sb.append("\",\"type\":\"");
sb.append(d.type);
sb.append("\",\"instance\":\"");
sb.append(d.instance);
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java
index 052b292e..0064e224 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/OAuthService.java
@@ -131,7 +131,7 @@ public class OAuthService {
odd.expires = new Date(exp=(System.currentTimeMillis()+TOK_EXP));
odd.exp_sec = exp/1000;
odd.req_ip = trans.ip();
-
+
try {
Result<Data> rd = loadToken(trans, odd);
if(rd.notOK()) {
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index 244e1e83..6ad719b1 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -120,8 +120,9 @@
<mainClass>org.onap.aaf.auth.service.AAF_Service</mainClass>
<name>service</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.service.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.service.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/service</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index 61b5338b..80b06a51 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -141,11 +141,8 @@ public class ServiceValidator extends Validator {
if(cd==null) {
msg("Cred Data is null.");
} else {
- if(nob(cd.id,ID_CHARS)) {
- msg("ID [" + cd.id + "] is invalid in " + org.getName());
- }
if(!org.isValidCred(trans, cd.id)) {
- msg("ID [" + cd.id + "] is invalid for a cred in " + org.getName());
+ msg("ID [" + cd.id + "] is invalid in " + org.getName());
}
String str = cd.id;
int idx = str.indexOf('@');
diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore
new file mode 100644
index 00000000..c058b043
--- /dev/null
+++ b/auth/docker/.gitignore
@@ -0,0 +1,3 @@
+local
+d.props
+aaf.props
diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client
new file mode 100644
index 00000000..64ed4c03
--- /dev/null
+++ b/auth/docker/Dockerfile.client
@@ -0,0 +1,15 @@
+FROM rmannfv/aaf-base:xenial
+MAINTAINER AAF Team, AT&T 2018
+ENV VERSION=${AAF_VERSION}
+
+LABEL description="aaf_agent"
+LABEL version=${AAF_VERSION}
+
+COPY logs /opt/app/aaf_config/logs
+COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh
+COPY bin/aaf-cadi*full.jar /opt/app/aaf_config/bin/
+COPY public/*all.jks /opt/app/aaf_config/public/
+
+ENTRYPOINT ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
+CMD []
+
diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config
new file mode 100644
index 00000000..60e82ad1
--- /dev/null
+++ b/auth/docker/Dockerfile.config
@@ -0,0 +1,18 @@
+FROM rmannfv/aaf-base:xenial
+MAINTAINER AAF Team, AT&T 2018
+ENV VERSION=${AAF_VERSION}
+
+LABEL description="aaf_config"
+LABEL version=${AAF_VERSION}
+
+COPY data/sample.identities.dat /opt/app/aaf_config/data/
+COPY etc /opt/app/aaf_config/etc
+COPY local /opt/app/aaf_config/local
+COPY public /opt/app/aaf_config/public
+COPY logs /opt/app/aaf_config/logs
+COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
+COPY bin/aaf-cadi-aaf-${VERSION}-full.jar /opt/app/aaf_config/bin/
+
+ENTRYPOINT ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
+CMD []
+
diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core
new file mode 100644
index 00000000..c4e8a461
--- /dev/null
+++ b/auth/docker/Dockerfile.core
@@ -0,0 +1,10 @@
+FROM rmannfv/aaf-base:xenial
+MAINTAINER AAF Team, AT&T 2018
+ENV VERSION=${AAF_VERSION}
+
+LABEL description="aaf_core"
+LABEL version=${AAF_VERSION}
+
+COPY lib /opt/app/aaf/lib
+COPY bin /opt/app/aaf/bin
+
diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile.ms
index d744d69c..b8ef6d9a 100644
--- a/auth/docker/Dockerfile
+++ b/auth/docker/Dockerfile.ms
@@ -1,16 +1,13 @@
-FROM rmannfv/aaf-base:xenial
+FROM onap/aaf/aaf_core:${AAF_VERSION}
MAINTAINER AAF Team, AT&T 2018
ENV VERSION=${AAF_VERSION}
-LABEL description="aaf ${AAF_COMPONENT}"
+LABEL description="aaf_${AAF_COMPONENT}"
LABEL version=${AAF_VERSION}
+COPY theme /opt/app/aaf/theme
-COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib
-COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme
-COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin
-
-CMD ["/bin/bash","-c","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+CMD ["/bin/bash","-c","/opt/app/aaf/bin/${AAF_COMPONENT}"]
# For Debugging installation
# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
diff --git a/auth/docker/README.txt b/auth/docker/README.txt
new file mode 100644
index 00000000..3eb554b1
--- /dev/null
+++ b/auth/docker/README.txt
@@ -0,0 +1,40 @@
+#
+# Edit the following in <your ONAP authz dir>/auth/sample/local
+#
+aaf.props
+org.osaaf.aaf.cm.ca.props (leave out Password)
+
+# cd to main docker dir
+cd ../../docker
+
+# Start the container in bash mode, so it stays up
+sh agent.sh bash
+
+# in another shell, find out your Container name
+docker container ls | grep aaf_agent
+
+# CD to directory with CA info in it.
+# (example)
+cd /opt/app/osaaf/CA/intermediate_7
+
+# copy keystore for this AAF Env
+docker container cp -L org.osaaf.aaf.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
+# (in Agent Window)
+agent encrypt cadi_keystore_password
+
+# If you intend to use Certman to sign certs, it is a "local" CA
+# copy Signing Keystore into container
+docker container cp -L org.osaaf.aaf.signer.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
+# (in Agent Window)
+agent encrypt cm_ca.local
+
+# Check to make sure all passwords are set
+grep "enc:" *.props
+
+
+# When good, run AAF
+bash drun.sh
+
+# watch logs in Agent Window
+cd ../logs
+sh taillog
diff --git a/auth/docker/aaf.props b/auth/docker/aaf.props
new file mode 100644
index 00000000..5c654806
--- /dev/null
+++ b/auth/docker/aaf.props
@@ -0,0 +1,11 @@
+VERSION=2.1.2-SNAPSHOT
+AAF_FQDN=meriadoc.mithril.sbc.com
+DEPLOY_FQI=deployer@people.osaaf.org
+APP_FQDN=meriadoc.mithril.sbc.com
+APP_FQI=clamp@clamp.onap.org
+VOLUME=clamp_aaf
+DRIVER=local
+LATITUDE=38.432899
+LONGITUDE=-90.43248
+AAF_AAF_FQDN_IP=192.168.99.100
+DEPLOY_PASSWORD=demo123456!
diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh
new file mode 100644
index 00000000..441cf2b4
--- /dev/null
+++ b/auth/docker/aaf.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+. ./d.props
+
+docker run \
+ -it \
+ --rm \
+ --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \
+ --add-host="$HOSTNAME:$HOST_IP" \
+ --add-host="aaf.osaaf.org:$HOST_IP" \
+ --env AAF_ENV=${AAF_ENV} \
+ --env AAF_REGISTER_AS=${AAF_REGISTER_AS} \
+ --env LATITUDE=${LATITUDE} \
+ --env LONGITUDE=${LONGITUDE} \
+ --name aaf_config_$USER \
+ ${ORG}/${PROJECT}/aaf_config:${VERSION} \
+ /bin/bash "$@"
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
new file mode 100644
index 00000000..aa3db663
--- /dev/null
+++ b/auth/docker/agent.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+CADI_VERSION=2.1.2-SNAPSHOT
+
+# Fill out "aaf.props" if not filled out already
+if [ ! -e aaf.props ]; then
+ > ./aaf.props
+fi
+for V in VERSION AAF_FQDN DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
+ if [ "$(grep $V ./aaf.props)" = "" ]; then
+ unset DEF
+ case $V in
+ AAF_FQDN) PROMPT="AAF's FQDN";;
+ DEPLOY_FQI) PROMPT="Deployer's FQI";;
+ APP_FQI) PROMPT="App's FQI";;
+ APP_FQDN) PROMPT="App's Root FQDN";;
+ VOLUME) PROMPT="APP's AAF Configuration Volume";;
+ DRIVER) PROMPT=$V;DEF=local;;
+ VERSION) PROMPT="CADI Version";DEF=$CADI_VERSION;;
+ LATITUDE|LONGITUDE) PROMPT="$V of Node";;
+ *) PROMPT=$V;;
+ esac
+ if [ "$DEF" = "" ]; then
+ PROMPT="$PROMPT: "
+ else
+ PROMPT="$PROMPT ($DEF): "
+ fi
+ read -p "$PROMPT" VAR
+ if [ "$VAR" = "" ]; then
+ if [ "$DEF" = "" ]; then
+ echo "agent.sh needs each value queried. Please start again."
+ exit
+ else
+ VAR=$DEF
+ fi
+ fi
+ echo "$V=$VAR" >> ./aaf.props
+ fi
+done
+. ./aaf.props
+
+# Need AAF_FQDN's IP, because not might not be available in mini-container
+if [ "$AAF_AAF_FQDN_IP" = "" ]; then
+ AAF_AAF_FQDN_IP=$(host $AAF_FQDN | grep "has address" | tail -1 | cut -f 4 -d ' ')
+ if [ "$AAF_AAF_FQDN_IP" = "" ]; then
+ read -p "IP of $AAF_FQDN: " AAF_AAF_FQDN_IP
+ echo "AAF_AAF_FQDN_IP=$AAF_AAF_FQDN_IP" >> ./aaf.props
+ fi
+fi
+
+# Make sure Container Volume exists
+if [ "$(docker volume ls | grep ${VOLUME})" = "" ]; then
+ echo -n "Creating Volume: "
+ docker volume create -d ${DRIVER} ${VOLUME}
+fi
+
+docker run \
+ -it \
+ --rm \
+ --mount 'type=volume,src='${VOLUME}',dst=/opt/app/osaaf,volume-driver='${DRIVER} \
+ --add-host="$AAF_FQDN:$AAF_AAF_FQDN_IP" \
+ --env AAF_FQDN=${AAF_FQDN} \
+ --env DEPLOY_FQI=${DEPLOY_FQI} \
+ --env DEPLOY_PASSWORD=${DEPLOY_PASSWORD} \
+ --env APP_FQI=${APP_FQI} \
+ --env APP_FQDN=${APP_FQDN} \
+ --env LATITUDE=${LATITUDE} \
+ --env LONGITUDE=${LONGITUDE} \
+ --name aaf_agent_$USER \
+ onap/aaf/aaf_agent:$VERSION \
+ /bin/bash "$@"
diff --git a/auth/docker/d.props b/auth/docker/d.props
deleted file mode 100644
index e56d4597..00000000
--- a/auth/docker/d.props
+++ /dev/null
@@ -1,15 +0,0 @@
-# Variables for building Docker entities
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-OLD_VERSION=2.1.0-SNAPSHOT
-NEW_VERSION=2.1.1
-VERSION=2.1.1-SNAPSHOT
-CONF_ROOT_DIR=/opt/app/osaaf
-
-# Local Env info
-HOSTNAME=
-HOST_IP=
-CASS_HOST=
-
-
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init
new file mode 100644
index 00000000..b0ba63d8
--- /dev/null
+++ b/auth/docker/d.props.init
@@ -0,0 +1,17 @@
+# Variables for building Docker entities
+ORG=onap
+PROJECT=aaf
+DOCKER_REPOSITORY=nexus3.onap.org:10003
+VERSION=2.1.2-SNAPSHOT
+CONF_ROOT_DIR=/opt/app/osaaf
+
+# Local Env info
+HOSTNAME=aaf.osaaf.org
+HOST_IP=
+CASS_HOST=cass.aaf.osaaf.org:<Cass IP>
+
+# AAF Machine info
+AAF_ENV=DEV
+AAF_REGISTER_AS=$HOSTNAME
+LATITUDE=
+LONGITUDE=
diff --git a/auth/docker/dbounce.sh b/auth/docker/dbounce.sh
new file mode 100644
index 00000000..82aedd0c
--- /dev/null
+++ b/auth/docker/dbounce.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+bash ./dstop.sh "$@"
+bash ./dstart.sh "$@"
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index ce299171..da0b9b64 100755
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -1,26 +1,50 @@
-#!/bin/bash
+#!/bin/bash
#
# Docker Building Script. Reads all the components generated by install, on per-version basis
#
# Pull in Variables from d.props
+if [ ! -e ./d.props ]; then
+ cp d.props.init d.props
+fi
+
. ./d.props
-# TODO add ability to do DEBUG settings
+
+# Create the AAF Config (Security) Images
+cd ..
+cp ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin
+
+# AAF Config image (for AAF itself)
+sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.config > sample/Dockerfile
+docker build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample
+
+# AAF Agent Image (for Clients)
+sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.client > sample/Dockerfile
+docker build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample
+
+# Clean up
+rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar
+cd -
+########
+# Second, build a core Docker Image
+echo Building aaf_$AAF_COMPONENT...
+# Apply currrent Properties to Docker file, and put in place.
+sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.core >../aaf_${VERSION}/Dockerfile
+cd ..
+docker build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION}
+rm aaf_${VERSION}/Dockerfile
+cd -
if ["$1" == ""]; then
- AAF_COMPONENTS=`ls ../aaf_*HOT/bin | grep -v '\.'`
+ AAF_COMPONENTS=$(ls ../aaf_*HOT/bin | grep -v '\.')
else
- AAF_COMPONENTS=$1
+ AAF_COMPONENTS=$1
fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
- echo Building aaf_$AAF_COMPONENT...
- sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile > ../aaf_${VERSION}/Dockerfile
- cd ..
- docker build -t ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION}
- docker tag ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION}
- docker tag ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION}
- rm aaf_${VERSION}/Dockerfile
- cd -
+ echo Building aaf_$AAF_COMPONENT...
+ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.ms >../aaf_${VERSION}/Dockerfile
+ cd ..
+ docker build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION}
+ rm aaf_${VERSION}/Dockerfile
+ cd -
done
-
-
diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
index 7887b677..b502c022 100644
--- a/auth/docker/dclean.sh
+++ b/auth/docker/dclean.sh
@@ -1,15 +1,19 @@
-#!/bin/bash
+#!/bin/bash
# Pull in Variables from d.props
. ./d.props
if [ "$1" == "" ]; then
- AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'`
+ AAF_COMPONENTS=$(ls ../aaf_${VERSION}/bin | grep -v '\.')
else
- AAF_COMPONENTS=$1
+ AAF_COMPONENTS=$1
fi
+docker image rm $ORG/$PROJECT/aaf_agent:${VERSION}
+docker image rm $ORG/$PROJECT/aaf_config:${VERSION}
+docker image rm $ORG/$PROJECT/aaf_core:${VERSION}
+
echo "Y" | docker container prune
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
- docker image rm $DOCKER_REPOSITORY/$ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION}
+ docker image rm $ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION}
done
echo "Y" | docker image prune
diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh
index 78129796..761ae2a8 100644
--- a/auth/docker/dpush.sh
+++ b/auth/docker/dpush.sh
@@ -12,7 +12,7 @@ fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION}
- docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
- docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION}
+ docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
+ docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION}
done
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 7aee605c..c62adfc2 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -1,53 +1,52 @@
-#!/bin/bash
+#!/bin/bash
# Pull in Variables from d.props
. ./d.props
-
if [ "$1" == "" ]; then
- AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'`
+ AAF_COMPONENTS=$(ls -r ../aaf_${VERSION}/bin | grep -v '\.')
else
- AAF_COMPONENTS=$1
+ AAF_COMPONENTS="$@"
fi
-
-for AAF_COMPONENT in ${AAF_COMPONENTS}; do
- case "$AAF_COMPONENT" in
- "service")
- PORTMAP="8100:8100"
- LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
- ;;
- "locate")
- PORTMAP="8095:8095"
- LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
- ;;
- "oauth")
- PORTMAP="8140:8140"
- LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
- ;;
- "gui")
- PORTMAP="8200:8200"
- ;;
- "cm")
- PORTMAP="8150:8150"
- LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
- ;;
- "hello")
- PORTMAP="8130:8130"
- ;;
- "fs")
- PORTMAP="80:8096"
- ;;
- esac
-
- echo Starting aaf_$AAF_COMPONENT...
- docker run \
- -d \
- --name aaf_$AAF_COMPONENT \
- --hostname="${AAF_COMPONENT}.aaf.osaaf.org" \
- --add-host="$HOSTNAME:$HOST_IP" \
- --add-host="aaf.osaaf.org:$HOST_IP" \
- ${LINKS} \
- --publish $PORTMAP \
- --mount type=bind,source=$CONF_ROOT_DIR,target=/opt/app/osaaf \
- ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
+for AAF_COMPONENT in ${AAF_COMPONENTS}; do
+ case "$AAF_COMPONENT" in
+ "service")
+ PORTMAP="8100:8100"
+ LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
+ ;;
+ "locate")
+ PORTMAP="8095:8095"
+ LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
+ ;;
+ "oauth")
+ PORTMAP="8140:8140"
+ LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
+ ;;
+ "gui")
+ PORTMAP="8200:8200"
+ ;;
+ "cm")
+ PORTMAP="8150:8150"
+ LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST"
+ ;;
+ "hello")
+ PORTMAP="8130:8130"
+ ;;
+ "fs")
+ PORTMAP="80:8096"
+ ;;
+ esac
+
+ echo Starting aaf_$AAF_COMPONENT...
+
+ docker run \
+ -d \
+ --name aaf_$AAF_COMPONENT \
+ --hostname="${AAF_COMPONENT}.aaf.osaaf.org" \
+ --add-host="$HOSTNAME:$HOST_IP" \
+ --add-host="aaf.osaaf.org:$HOST_IP" \
+ ${LINKS} \
+ --publish $PORTMAP \
+ --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \
+ ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
done
diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh
index 0fb993ae..4c0a46f4 100644
--- a/auth/docker/dstart.sh
+++ b/auth/docker/dstart.sh
@@ -1,13 +1,13 @@
-#!/bin/bash
+#!/bin/bash
# Pull in Props
. ./d.props
if [ "$1" == "" ]; then
- AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'`
+ AAF_COMPONENTS=$(ls -r ../aaf_${VERSION}/bin | grep -v '\.')
else
- AAF_COMPONENTS=$1
+ AAF_COMPONENTS="$@"
fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
- docker start aaf_$AAF_COMPONENT
+ docker start aaf_$AAF_COMPONENT
done
diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh
index 4c8d4425..c6e1cfeb 100644
--- a/auth/docker/dstop.sh
+++ b/auth/docker/dstop.sh
@@ -1,13 +1,13 @@
-#!/bin/bash
+#!/bin/bash
# Pull in Properties
. ./d.props
if [ "$1" == "" ]; then
- AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'`
+ AAF_COMPONENTS=$(ls ../aaf_${VERSION}/bin | grep -v '\.')
else
- AAF_COMPONENTS=$1
+ AAF_COMPONENTS="$@"
fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
- docker stop aaf_$AAF_COMPONENT
+ docker stop aaf_$AAF_COMPONENT
done
diff --git a/auth/pom.xml b/auth/pom.xml
index 193565d6..8e6045cc 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -57,9 +57,7 @@
<!-- We have to up these versions from the original to avoid Security Errors -->
<project.cassVersion>3.4.0</project.cassVersion>
<project.nettyVersion>4.1.22.Final</project.nettyVersion>
- <!--
- <project.cassVersion>3.3.0</project.cassVersion>
- <project.nettyVersion>4.0.47.Final</project.nettyVersion> -->
+ <project.project.ext_root_dir>/opt/app/osaaf</project.project.ext_root_dir>
</properties>
<developers>
diff --git a/auth/sample/.gitignore b/auth/sample/.gitignore
new file mode 100644
index 00000000..62fd177d
--- /dev/null
+++ b/auth/sample/.gitignore
@@ -0,0 +1 @@
+theme
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
new file mode 100644
index 00000000..46c85be9
--- /dev/null
+++ b/auth/sample/bin/client.sh
@@ -0,0 +1,190 @@
+#!/bin/bash
+# This script is run when starting aaf_config Container.
+# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
+#
+JAVA=/usr/bin/java
+AAF_INTERFACE_VERSION=2.1
+
+# Extract Name, Domain and NS from FQI
+FQIA=($(echo ${APP_FQI} | tr '@' '\n'))
+FQI_SHORT=${FQIA[0]}
+FQI_DOMAIN=${FQIA[1]}
+# Reverse DOMAIN for NS
+FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n'))
+for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do
+ NS=${NS}${FQIA_E[i]}'.'
+done
+NS=${NS}${FQIA_E[0]}
+
+
+# Setup SSO info for Deploy ID
+function sso_encrypt() {
+ $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} ~/.aaf/keyfile
+}
+
+if [ ! -e " ~/.aaf/keyfile" ]; then
+ mkdir -p ~/.aaf
+ SSO=~/.aaf/sso.props
+ $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen ~/.aaf/keyfile
+ chmod 400 ~/.aaf/keyfile
+ echo cadi_latitude=${LATITUDE} > ${SSO}
+ echo cadi_longitude=${LONGITUDE} >> ${SSO}
+ echo aaf_id=${DEPLOY_FQI} >> ${SSO}
+ if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
+ echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
+ fi
+ echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO}
+ echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO}
+ echo cadi_truststore=$(ls /opt/app/aaf_config/public/*trust*) >> ${SSO}
+ echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO}
+fi
+
+# Only initialize once, automatically...
+if [ ! -e /opt/app/osaaf/local/${NS}.props ]; then
+ for D in bin logs; do
+ rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
+ done
+
+ # setup Configs
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \
+ cadi_etc_dir=/opt/app/osaaf/local
+
+ # Place Certificates
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN}
+
+ # Validate
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate \
+ cadi_prop_files=/opt/app/osaaf/local/${NS}.props
+fi
+
+# Now run a command
+CMD=$2
+if [ ! "$CMD" = "" ]; then
+ shift
+ shift
+ case "$CMD" in
+ ls)
+ echo ls requested
+ find /opt/app/osaaf -depth
+ ;;
+ cat)
+ if [ "$1" = "" ]; then
+ echo "usage: cat <file... ONLY files ending in .props>"
+ else
+ if [[ $1 == *.props ]]; then
+ echo
+ echo "## CONTENTS OF $3"
+ echo
+ cat "$1"
+ else
+ echo "### ERROR ####"
+ echo " \"cat\" may only be used with files ending with \".props\""
+ fi
+ fi
+ ;;
+ update)
+ for D in bin logs; do
+ rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
+ done
+ ;;
+ showpass)
+ echo "## Show Passwords"
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar showpass ${APP_FQI} ${APP_FQDN}
+ ;;
+ check)
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar check ${APP_FQI} ${APP_FQDN}
+ ;;
+ validate)
+ echo "## validate requested"
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate /opt/app/osaaf/local/${NS}.props
+ ;;
+ bash)
+ if [ ! -e ~/.bash_aliases ]; then
+ echo "alias cadi='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >~/.bash_aliases
+ echo "alias agent='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.configure.Agent \$*'" >>~/.bash_aliases
+ fi
+ shift
+ cd /opt/app/osaaf/local || exit
+ /bin/bash "$@"
+ ;;
+ setProp)
+ cd /opt/app/osaaf/local || exit
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES="$3"
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$ADD" = "Y" ]; then
+ echo $2 >> $F
+ else
+ sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
+ fi
+ cat $F
+ done
+ ;;
+ encrypt)
+ cd /opt/app/osaaf/local || exit
+ echo $1
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES=/opt/app/osaaf/local/${NS}.cred.props
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$2" = "" ]; then
+ read -r -p "Password (leave blank to cancel): " -s ORIG_PW
+ echo " "
+ if [ "$ORIG_PW" = "" ]; then
+ echo canceling...
+ break
+ fi
+ else
+ ORIG_PW="$2"
+ fi
+ PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/${NS}.keyfile)
+ if [ "$ADD" = "Y" ]; then
+ echo "$1=enc:$PWD" >> $F
+ else
+ sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+ fi
+ cat $F
+ done
+ ;;
+ taillog)
+ sh /opt/app/osaaf/logs/taillog
+ ;;
+ --help | -?)
+ case "$1" in
+ "")
+ echo "--- Agent Container Comands ---"
+ echo " ls - Lists all files in Configuration"
+ echo " cat <file.props>> - Shows the contents (Prop files only)"
+ echo " validate - Runs a test using Configuration"
+ echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)"
+ echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)"
+ echo " bash - run bash in Container"
+ echo " Note: the following aliases are preset"
+ echo " cadi - CADI CmdLine tool"
+ echo " agent - Agent Java tool (see above help)"
+ echo ""
+ echo " --help|-? [cadi|agent] - This help, cadi help or agent help"
+ ;;
+ cadi)
+ echo "--- cadi Tool Comands ---"
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6
+ ;;
+ agent)
+ echo "--- agent Tool Comands ---"
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar
+ ;;
+ esac
+ echo ""
+ ;;
+ *)
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@"
+ ;;
+ esac
+fi
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
new file mode 100644
index 00000000..15c3714d
--- /dev/null
+++ b/auth/sample/bin/service.sh
@@ -0,0 +1,162 @@
+#!/bin/bash
+# This script is run when starting aaf_config Container.
+# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
+#
+JAVA=/usr/bin/java
+
+# Only load Identities once
+if [ ! -e /opt/app/osaaf/data/identities.dat ]; then
+ mkdir -p /opt/app/osaaf/data
+ cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat
+fi
+
+# Only initialize once, automatically...
+if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then
+ rsync -avzh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local
+ for D in public etc logs; do
+ rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
+ done
+
+ TMP=$(mktemp)
+ echo aaf_env=${AAF_ENV} >> ${TMP}
+ echo cadi_latitude=${LATITUDE} >> ${TMP}
+ echo cadi_longitude=${LONGITUDE} >> ${TMP}
+ echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP}
+ echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP}
+
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \
+ cadi_etc_dir=/opt/app/osaaf/local \
+ cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP}
+ rm ${TMP}
+ # Default Password for Default Cass
+ CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile)
+ sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+fi
+
+# Now run a command
+CMD=$2
+if [ ! "$CMD" = "" ]; then
+ shift
+ shift
+ case "$CMD" in
+ ls)
+ echo ls requested
+ find /opt/app/osaaf -depth
+ ;;
+ cat)
+ if [ "$1" = "" ]; then
+ echo "usage: cat <file... ONLY files ending in .props>"
+ else
+ if [[ $1 == *.props ]]; then
+ echo
+ echo "## CONTENTS OF $3"
+ echo
+ cat "$1"
+ else
+ echo "### ERROR ####"
+ echo " \"cat\" may only be used with files ending with \".props\""
+ fi
+ fi
+ ;;
+ update)
+ rsync -uh --exclude=.gitignore /opt/app/aaf_config/local/org.osaaf.aaf* /opt/app/osaaf/local
+ for D in public data etc logs; do
+ rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
+ done
+ ;;
+ validate)
+ echo "## validate requested"
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props
+ ;;
+ bash)
+ echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc
+ if [ ! "$(grep aaf_config ~/.bashrc)" = "" ]; then
+ echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY cadi \$*'" >>~/.bashrc
+ echo "alias agent='/bin/bash /opt/app/aaf_config/bin/agent.sh EMPTY \$*'" >>~/.bashrc
+ #. ~/.bashrc
+ fi
+ shift
+ cd /opt/app/osaaf/local || exit
+ /bin/bash "$@"
+ ;;
+ setProp)
+ cd /opt/app/osaaf/local || exit
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES="$3"
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$ADD" = "Y" ]; then
+ echo $2 >> $F
+ else
+ sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
+ fi
+ cat $F
+ done
+ ;;
+ encrypt)
+ cd /opt/app/osaaf/local || exit
+ echo $1
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$2" = "" ]; then
+ read -r -p "Password (leave blank to cancel): " -s ORIG_PW
+ echo " "
+ if [ "$ORIG_PW" = "" ]; then
+ echo canceling...
+ break
+ fi
+ else
+ ORIG_PW="$2"
+ fi
+ PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile)
+ if [ "$ADD" = "Y" ]; then
+ echo "$1=enc:$PWD" >> $F
+ else
+ sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+ fi
+ cat $F
+ done
+ ;;
+ taillog)
+ sh /opt/app/osaaf/logs/taillog
+ ;;
+ --help | -?)
+ case "$1" in
+ "")
+ echo "--- Agent Container Comands ---"
+ echo " ls - Lists all files in Configuration"
+ echo " cat <file.props>> - Shows the contents (Prop files only)"
+ echo " validate - Runs a test using Configuration"
+ echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)"
+ echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)"
+ echo " bash - run bash in Container"
+ echo " Note: the following aliases are preset"
+ echo " cadi - CADI CmdLine tool"
+ echo " agent - Agent Java tool (see above help)"
+ echo ""
+ echo " --help|-? [cadi|agent] - This help, cadi help or agent help"
+ ;;
+ cadi)
+ echo "--- cadi Tool Comands ---"
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6
+ ;;
+ agent)
+ echo "--- agent Tool Comands ---"
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar
+ ;;
+ esac
+ echo ""
+ ;;
+ *)
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@"
+ ;;
+ esac
+fi
diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat
index 358829ef..7bf14d5b 100644
--- a/auth/sample/data/identities.dat
+++ b/auth/sample/data/identities.dat
@@ -24,13 +24,24 @@ bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|
mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
+osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl
# ONAP default Users
-demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
-jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
-cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager
-jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager
-op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager
-gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager
-
-
+aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager
+deploy|Deployer|Deployer|Depoyer|||e|aaf_admin
+demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf
+jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf
+cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf
+jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf
+op0001|PORTAL OPS|PORTAL|OPS|||e|aaf
+gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf
+# ONAP App IDs
+aaf|AAF Application|AAF|Application|||a|aaf_admin
+aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin
+clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin
+aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin
+appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf_admin
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin
+oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin
diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat
index 358829ef..185e1604 100644
--- a/auth/sample/data/sample.identities.dat
+++ b/auth/sample/data/sample.identities.dat
@@ -18,19 +18,29 @@
# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
#
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
# ONAP default Users
-demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
-jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
-cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager
-jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager
-op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager
-gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager
-
-
+aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager
+deploy|Deployer|Deployer|Depoyer|||e|aaf_admin
+demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf_admin
+jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf_admin
+cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf_admin
+jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf_admin
+op0001|PORTAL OPS|PORTAL|OPS|||e|aaf_admin
+gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf_admin
+# ONAP App IDs
+aaf|AAF Application|AAF|Application|||a|aaf_admin
+aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin
+clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin
+aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin
+appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf_admin
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin
+oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin
diff --git a/auth/sample/etc/org.osaaf.aaf.cm.props b/auth/sample/etc/org.osaaf.aaf.cm.props
new file mode 100644
index 00000000..661d8bb8
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.aaf.cm.props
@@ -0,0 +1,14 @@
+##
+## org.osaaf.aaf.cm.props
+## AAF Certificate Manager properties
+## Note: Link to CA Properties in "local" dir
+##
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props
+aaf_component=AAF_NS.cm:2.1.2
+port=8150
+
+#Certman
+cm_public_dir=/opt/app/osaaf/public
+cm_trust_cas=AAF_RootCA.cer
+
+
diff --git a/auth/sample/etc/org.osaaf.aaf.fs.props b/auth/sample/etc/org.osaaf.aaf.fs.props
new file mode 100644
index 00000000..d0aac3ae
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.aaf.fs.props
@@ -0,0 +1,9 @@
+##
+## org.osaaf.aaf.fs
+## AAF Fileserver Properties
+##
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
+aaf_component=AAF_NS.fs:2.1.2
+port=8096
+
+aaf_public_dir=/opt/app/osaaf/public
diff --git a/auth/sample/etc/org.osaaf.gui.props b/auth/sample/etc/org.osaaf.aaf.gui.props
index 66a3f4c7..3cff29ba 100644
--- a/auth/sample/etc/org.osaaf.gui.props
+++ b/auth/sample/etc/org.osaaf.aaf.gui.props
@@ -1,9 +1,9 @@
##
-## org.osaaf.locator
-## AAF Locator Properties
+## org.osaaf.aaf.gui
+## AAF GUI Properties
##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props
-aaf_component=AAF_NS.gui:2.1.0.0
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props
+aaf_component=AAF_NS.gui:2.1.2
port=8200
aaf_gui_title=AAF
diff --git a/auth/sample/etc/org.osaaf.aaf.hello.props b/auth/sample/etc/org.osaaf.aaf.hello.props
new file mode 100644
index 00000000..db64baf5
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.aaf.hello.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.aaf.hello
+## AAF Hello Properties
+##
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
+aaf_component=AAF_NS.hello:2.1.2
+port=8130
+
diff --git a/auth/sample/etc/org.osaaf.aaf.locate.props b/auth/sample/etc/org.osaaf.aaf.locate.props
new file mode 100644
index 00000000..90c2c57f
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.aaf.locate.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.aaf.locate
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opts/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+aaf_component=AAF_NS.locator:2.1.2
+port=8095
+
diff --git a/auth/sample/etc/org.osaaf.log4j.props b/auth/sample/etc/org.osaaf.aaf.log4j.props
index 9f108028..9f108028 100644
--- a/auth/sample/etc/org.osaaf.log4j.props
+++ b/auth/sample/etc/org.osaaf.aaf.log4j.props
diff --git a/auth/sample/etc/org.osaaf.aaf.oauth.props b/auth/sample/etc/org.osaaf.aaf.oauth.props
new file mode 100644
index 00000000..ac8b9a54
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.aaf.oauth.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.aaf.oauth
+## AAF OAuth2 Properties
+##
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+aaf_component=AAF_NS.oauth:2.1.2
+port=8140
+
diff --git a/auth/sample/etc/org.osaaf.orgs.props b/auth/sample/etc/org.osaaf.aaf.orgs.props
index f4210599..f4210599 100644
--- a/auth/sample/etc/org.osaaf.orgs.props
+++ b/auth/sample/etc/org.osaaf.aaf.orgs.props
diff --git a/auth/sample/etc/org.osaaf.aaf.service.props b/auth/sample/etc/org.osaaf.aaf.service.props
new file mode 100644
index 00000000..ab050985
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.aaf.service.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.aaf.service
+## AAF Service Properties
+##
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props
+aaf_component=AAF_NS.service:2.1.2
+port=8100
+
diff --git a/auth/sample/etc/org.osaaf.cm.props b/auth/sample/etc/org.osaaf.cm.props
deleted file mode 100644
index da5ea872..00000000
--- a/auth/sample/etc/org.osaaf.cm.props
+++ /dev/null
@@ -1,14 +0,0 @@
-##
-## org.osaaf.cm.props
-## AAF Certificate Manager properties
-## Note: Link to CA Properties in "local" dir
-##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props
-aaf_component=AAF_NS.cm:2.1.0.0
-port=8150
-
-#Certman
-cm_public_dir=/opt/app/osaaf/public
-cm_trust_cas=AAF_RootCA.cer
-
-
diff --git a/auth/sample/etc/org.osaaf.common.props b/auth/sample/etc/org.osaaf.common.props
deleted file mode 100644
index 459d7d7c..00000000
--- a/auth/sample/etc/org.osaaf.common.props
+++ /dev/null
@@ -1,30 +0,0 @@
-############################################################
-# Common properties for all AAF Components
-# on 2018-03-02 06:59.628-0500
-############################################################
-# Pull in Global Coordinates and Certificate Information
-aaf_root_ns=org.osaaf.aaf
-aaf_trust_perm=org.osaaf.aaf|org.onap|trust
-
-cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.props
-cadi_protocols=TLSv1.1,TLSv1.2
-
-aaf_locate_url=https://aaf.osaaf.org:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
-cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login
-
-# Standard for this App/Machine
-aaf_env=DEV
-aaf_data_dir=/opt/app/osaaf/data
-cadi_loglevel=DEBUG
-
-# Domain Support (which will accept)
-aaf_domain_support=.com:.org
-
-# Basic Auth
-aaf_default_realm=people.osaaf.org
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
-
diff --git a/auth/sample/etc/org.osaaf.fs.props b/auth/sample/etc/org.osaaf.fs.props
deleted file mode 100644
index 96d91f9d..00000000
--- a/auth/sample/etc/org.osaaf.fs.props
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## org.osaaf.locator
-## AAF Locator Properties
-##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props
-aaf_component=AAF_NS.fs:2.1.0.0
-port=8096
-
-
-aaf_public_dir=/opt/app/osaaf/public
diff --git a/auth/sample/etc/org.osaaf.hello.props b/auth/sample/etc/org.osaaf.hello.props
deleted file mode 100644
index 9f77986e..00000000
--- a/auth/sample/etc/org.osaaf.hello.props
+++ /dev/null
@@ -1,8 +0,0 @@
-##
-## org.osaaf.locator
-## AAF Locator Properties
-##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props
-aaf_component=AAF_NS.hello:2.1.0.0
-port=8130
-
diff --git a/auth/sample/etc/org.osaaf.locate.props b/auth/sample/etc/org.osaaf.locate.props
deleted file mode 100644
index d85c735e..00000000
--- a/auth/sample/etc/org.osaaf.locate.props
+++ /dev/null
@@ -1,8 +0,0 @@
-##
-## org.osaaf.locator
-## AAF Locator Properties
-##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props
-aaf_component=AAF_NS.locator:2.1.0.0
-port=8095
-
diff --git a/auth/sample/etc/org.osaaf.oauth.props b/auth/sample/etc/org.osaaf.oauth.props
deleted file mode 100644
index 5be90174..00000000
--- a/auth/sample/etc/org.osaaf.oauth.props
+++ /dev/null
@@ -1,8 +0,0 @@
-##
-## org.osaaf.locator
-## AAF Locator Properties
-##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props
-aaf_component=AAF_NS.oauth:2.1.0.0
-port=8140
-
diff --git a/auth/sample/etc/org.osaaf.service.props b/auth/sample/etc/org.osaaf.service.props
deleted file mode 100644
index 1b4df0e8..00000000
--- a/auth/sample/etc/org.osaaf.service.props
+++ /dev/null
@@ -1,8 +0,0 @@
-##
-## org.osaaf.service
-## AAF Service Properties
-##
-cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props
-aaf_component=AAF_NS.service:2.1.0.0
-port=8100
-
diff --git a/auth/sample/local/.dockerignore b/auth/sample/local/.dockerignore
new file mode 100644
index 00000000..6c7b69a0
--- /dev/null
+++ b/auth/sample/local/.dockerignore
@@ -0,0 +1 @@
+.gitignore
diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props
new file mode 100644
index 00000000..f8c4f886
--- /dev/null
+++ b/auth/sample/local/aaf.props
@@ -0,0 +1,22 @@
+#
+# Special AAF specific Properties... for AAF Init only
+#
+# Controlling NS
+aaf_root_ns=org.osaaf.aaf
+aaf_trust_perm=org.osaaf.aaf.appid|org|trust
+
+# Domains and Realms
+aaf_domain_support=.com:.org
+aaf_default_realm=people.osaaf.org
+
+# Initial Passwords and such
+aaf_password=startup
+cadi_alias=aaf@aaf.osaaf.org
+cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
+cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks
+cadi_truststore_password=changeit
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+
+# Other
+aaf_data_dir=/opt/app/osaaf/data
+cadi_token_dir=/opt/app/osaaf/tokens
diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props
new file mode 100644
index 00000000..2f599cdb
--- /dev/null
+++ b/auth/sample/local/initialConfig.props
@@ -0,0 +1,8 @@
+aaf_locate_url=https://meriadoc.mithril.sbc.com:8095
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
+cadi_protocols=TLSv1.1,TLSv1.2
+cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/sample/local/org.osaaf.cassandra.props b/auth/sample/local/org.osaaf.aaf.cassandra.props
index 4489a36b..9e29d834 100644
--- a/auth/sample/local/org.osaaf.cassandra.props
+++ b/auth/sample/local/org.osaaf.aaf.cassandra.props
@@ -7,7 +7,7 @@ cassandra.clusters=cass.aaf.osaaf.org
cassandra.clusters.port=9042
#need this to be fully qualified name when REAL AAF integration
cassandra.clusters.user=cassandra
-cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV
+cassandra.clusters.password=enc:
# Name for exception that has happened in the past
cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
@@ -27,3 +27,4 @@ cassandra.writeConsistency.role=ONE
cassandra.writeConsistency.user_role=ONE
cassandra.writeConsistency.cred=ONE
cassandra.writeConsistency.ns_attrib=ONE
+
diff --git a/auth/sample/local/org.osaaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props
index 8843705c..5c692f4b 100644
--- a/auth/sample/local/org.osaaf.cm.ca.props
+++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props
@@ -1,10 +1,10 @@
##
## org.osaaf.cm.ca.props
-## Properties to access Certifiate Authority
+## Properties to access Certificate Authority
##
#Certman
-cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_7;enc:
cm_ca.local.idDomains=org.osaaf
cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
cm_ca.local.perm_type=org.osaaf.aaf.ca
diff --git a/auth/sample/local/org.osaaf.aaf.cm.p12 b/auth/sample/local/org.osaaf.aaf.cm.p12
deleted file mode 100644
index 63aedd25..00000000
--- a/auth/sample/local/org.osaaf.aaf.cm.p12
+++ /dev/null
Binary files differ
diff --git a/auth/sample/local/org.osaaf.aaf.keyfile b/auth/sample/local/org.osaaf.aaf.keyfile
deleted file mode 100644
index 7206ad93..00000000
--- a/auth/sample/local/org.osaaf.aaf.keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0
-sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng
-tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF
-Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz
-AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb
-yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By
-qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL
-y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco
-6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj
-4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz
--KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f
-Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC
-kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR
-PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3
-YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg
-yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN
-jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_
-biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1
-ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My
-c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf
-GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE
-G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw
-BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS
-acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d
-QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_
-2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im
-3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a \ No newline at end of file
diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12
deleted file mode 100644
index ac1dece8..00000000
--- a/auth/sample/local/org.osaaf.aaf.p12
+++ /dev/null
Binary files differ
diff --git a/auth/sample/local/org.osaaf.aaf.props b/auth/sample/local/org.osaaf.aaf.props
deleted file mode 100644
index 975f80cc..00000000
--- a/auth/sample/local/org.osaaf.aaf.props
+++ /dev/null
@@ -1,17 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# by jg1555
-# on 2018-02-21T10:28:08.909-0600
-# @copyright 2016, AT&T
-############################################################
-cm_url=https://aaf.osaaf.org:8150
-#hostname=aaf.osaaf.org
-aaf_env=DEV
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
-cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile
-cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
-cadi_keystore_password=enc:3O7HDzEzdYatFYb83-jV69MNzN8qIW975SS70qCs7xri0b1n4r5viHo1lrM6K8om
-#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
-cadi_alias=aaf-authz@aaf.osaaf.org
-cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12
-cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np
diff --git a/auth/sample/local/org.osaaf.aaf.trust.p12 b/auth/sample/local/org.osaaf.aaf.trust.p12
deleted file mode 100644
index 1e037def..00000000
--- a/auth/sample/local/org.osaaf.aaf.trust.p12
+++ /dev/null
Binary files differ
diff --git a/auth/sample/local/org.osaaf.location.props b/auth/sample/local/org.osaaf.location.props
deleted file mode 100644
index d6d04ef4..00000000
--- a/auth/sample/local/org.osaaf.location.props
+++ /dev/null
@@ -1,12 +0,0 @@
-##
-## org.osaaf.location.props
-##
-## Localized Machine Information
-##
-# Almeda California
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org
-cadi_trust_masks=10.12.6/24
-
diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean
new file mode 100644
index 00000000..7d5152b9
--- /dev/null
+++ b/auth/sample/logs/clean
@@ -0,0 +1,7 @@
+cd /opt/app/osaaf/logs
+for D in `find . -type d`; do
+ if [ "$D" != "./" ]; then
+ rm -f $D/*.log
+ fi
+done
+
diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog
new file mode 100644
index 00000000..5689caa4
--- /dev/null
+++ b/auth/sample/logs/taillog
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /opt/app/osaaf/logs
+tail -f `find ./$1 -name *service*.log -ctime 0`
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index aa3899aa..2a7cd058 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -194,7 +194,7 @@
<classifier>tests</classifier>
<archive>
<manifest>
- <mainClass>org.onap.aaf.cadi.cm.CmAgent</mainClass>
+ <mainClass>org.onap.aaf.cadi.configure.Agent</mainClass>
</manifest>
<manifestEntries>
<Sealed>true</Sealed>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
index 3b783949..c4ca8082 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
import java.util.List;
import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.misc.env.util.Split;
/**
* A Class that understands the AAF format of Permission (name/type/action)
@@ -35,7 +36,7 @@ import org.onap.aaf.cadi.Permission;
*/
public class AAFPermission implements Permission {
private static final List<String> NO_ROLES;
- protected String type,instance,action,key;
+ protected String ns,type,instance,action,key;
private List<String> roles;
static {
@@ -44,19 +45,30 @@ public class AAFPermission implements Permission {
protected AAFPermission() {roles=NO_ROLES;}
- public AAFPermission(String type, String instance, String action) {
- this.type = type;
+ public AAFPermission(String ns, String name, String instance, String action) {
+ this.ns = ns;
+ type = name;
this.instance = instance;
this.action = action;
- key = type + '|' + instance + '|' + action;
+ if(ns==null) {
+ key = type + '|' + instance + '|' + action;
+ } else {
+ key = ns + '|' + type + '|' + instance + '|' + action;
+ }
this.roles = NO_ROLES;
}
- public AAFPermission(String type, String instance, String action, List<String> roles) {
- this.type = type;
+
+ public AAFPermission(String ns, String name, String instance, String action, List<String> roles) {
+ this.ns = ns;
+ type = name;
this.instance = instance;
this.action = action;
- key = type + '|' + instance + '|' + action;
+ if(ns==null) {
+ key = type + '|' + instance + '|' + action;
+ } else {
+ key = ns + '|' + type + '|' + instance + '|' + action;
+ }
this.roles = roles==null?NO_ROLES:roles;
}
@@ -71,6 +83,7 @@ public class AAFPermission implements Permission {
* If you want a simple field comparison, it is faster without REGEX
*/
public boolean match(Permission p) {
+ String aafNS;
String aafType;
String aafInstance;
String aafAction;
@@ -79,24 +92,68 @@ public class AAFPermission implements Permission {
// Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
// Current solution is only allow direct match on Type.
// 8/28/2014 Jonathan - added REGEX ability
- aafType = ap.getName();
+ aafNS = ap.getNS();
+ aafType = ap.getType();
aafInstance = ap.getInstance();
aafAction = ap.getAction();
} else {
- // Permission is concatenated together: separated by |
- String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);
- aafType = aaf[0];
- aafInstance = (aaf.length > 1) ? aaf[1] : "*";
- aafAction = (aaf.length > 2) ? aaf[2] : "*";
+ // Permission is concatenated together: separated by
+ String[] aaf = Split.splitTrim('|', p.getKey());
+ switch(aaf.length) {
+ case 1:
+ aafNS = aaf[0];
+ aafType="";
+ aafInstance = aafAction = "*";
+ break;
+ case 2:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aafAction = "*";
+ break;
+ case 3:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = "*";
+ break;
+ default:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = aaf[3];
+ break;
+ }
}
- return ((type.equals(aafType)) &&
- (PermEval.evalInstance(instance, aafInstance)) &&
- (PermEval.evalAction(action, aafAction)));
+ boolean typeMatches;
+ if(aafNS==null) {
+ if(ns==null) {
+ typeMatches = aafType.equals(type);
+ } else {
+ typeMatches = aafType.equals(ns+'.'+type);
+ }
+ } else if(ns==null) {
+ typeMatches = type.equals(aafNS+'.'+aafType);
+ } else if(aafNS.length() == ns.length()) {
+ typeMatches = aafNS.equals(ns) && aafType.equals(type);
+ } else { // Allow for restructuring of NS/Perm structure
+ typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type);
+ }
+ return (typeMatches &&
+ PermEval.evalInstance(instance, aafInstance) &&
+ PermEval.evalAction(action, aafAction));
+ }
+
+ public String getNS() {
+ return ns;
}
- public String getName() {
+ public String getType() {
return type;
}
+
+ public String getFullType() {
+ return ns + '.' + type;
+ }
public String getInstance() {
return instance;
@@ -121,7 +178,9 @@ public class AAFPermission implements Permission {
return roles;
}
public String toString() {
- return "AAFPermission:\n\tType: " + type +
+ return "AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java
new file mode 100644
index 00000000..5aa4dbc5
--- /dev/null
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java
@@ -0,0 +1,33 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.cadi.aaf;
+
+public interface Defaults {
+ public static String AAF_VERSION = "2.1";
+ public static String AAF_NS = "AAF_NS";
+ public static String AAF_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".service:" + AAF_VERSION;
+ public static String GUI_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".gui:" + AAF_VERSION;
+ public static String CM_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".cm:" + AAF_VERSION;
+ public static String FS_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".fs:" + AAF_VERSION;
+ public static String HELLO_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".hello:" + AAF_VERSION;
+ public static String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".token:" + AAF_VERSION;
+ public static String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".introspect:" + AAF_VERSION;
+}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index 35bcc5a9..df2ad4f8 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -55,7 +55,7 @@ public class TestConnectivity {
System.out.println("Usage: ConnectivityTester <cadi_prop_files> [<AAF FQDN (i.e. aaf.dev.att.com)>]");
} else {
print(true,"START OF CONNECTIVITY TESTS",new Date().toString(),System.getProperty("user.name"),
- "Note: All API Calls are /authz/perms/user/<MechID/Alias of the caller>");
+ "Note: All API Calls are /authz/perms/user/<AppID/Alias of the caller>");
if(!args[0].contains(Config.CADI_PROP_FILES+'=')) {
args[0]=Config.CADI_PROP_FILES+'='+args[0];
@@ -79,15 +79,16 @@ public class TestConnectivity {
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
print(true,"Test Connections driven by AAFLocator");
- URI serviceURI = new URI(aaflocate+"/locate/AAF_NS.service:2.0");
+ URI serviceURI = new URI(Defaults.AAF_URL);
for(URI uri : new URI[] {
serviceURI,
- new URI(aaflocate+"/locate/AAF_NS.service:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.locate:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.token:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.certman:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.hello")
+ new URI(Defaults.OAUTH2_TOKEN_URL),
+ new URI(Defaults.OAUTH2_INTROSPECT_URL),
+ new URI(Defaults.CM_URL),
+ new URI(Defaults.GUI_URL),
+ new URI(Defaults.FS_URL),
+ new URI(Defaults.HELLO_URL)
}) {
Locator<URI> locator = new AAFLocator(si, uri);
try {
@@ -105,14 +106,6 @@ public class TestConnectivity {
permTest(locator,ss);
}
- /////////
- // Removed for ONAP
-// print(true,"Test Proxy Access driven by AAFLocator");
-// locator = new AAFLocator(si, new URI(aaflocate+"/AAF_NS.gw:2.0/proxy"));
-// for(SecuritySetter<HttpURLConnection> ss : lss) {
-// permTest(locator,ss);
-// }
-
//////////
print(true,"Test essential BasicAuth Service call, driven by AAFLocator");
for(SecuritySetter<HttpURLConnection> ss : lss) {
@@ -163,7 +156,7 @@ public class TestConnectivity {
String tokenURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL);
String locateURL=access.getProperty(Config.AAF_LOCATE_URL);
if(tokenURL==null || (tokenURL.contains("/locate/") && locateURL!=null)) {
- tokenURL=locateURL+"/locate/AAF_NS.token:2.0/token";
+ tokenURL=Defaults.OAUTH2_TOKEN_URL+"/token";
}
try {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
index 84d23655..a5ef6d14 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
@@ -62,7 +62,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur";
/**
- * Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this
+ * Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this
* point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com".
*
* The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.
@@ -107,12 +107,6 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
protected User<AAFPermission> loadUser(final Principal principal) {
final String name = principal.getName();
-// // Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't
-// // have domains. We are going to make the Transitive Class (see this.transmutative) to convert
-// final Principal tp = principal; //transmutate.mutate(principal);
-// if(tp==null) {
-// return null; // if not a valid Transmutated credential, don't bother calling...
-// }
// TODO Create a dynamic way to declare domains supported.
final long start = System.nanoTime();
final boolean[] success = new boolean[]{false};
@@ -148,7 +142,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
Map<String, Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
for(Perm perm : fp.value.getPerm()) {
- user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ user.add(newMap,new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
if(willLog) {
aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');
}
@@ -197,7 +191,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
Map<String,Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
for(Perm perm : fp.value.getPerm()) {
- user.add(newMap, new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
if(willLog) {
aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
}
@@ -235,10 +229,13 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
@Override
public Permission createPerm(String p) {
String[] params = Split.split('|', p);
- if(params.length==3) {
- return new AAFPermission(params[0],params[1],params[2]);
- } else {
- return new LocalPermission(p);
+ switch(params.length) {
+ case 3:
+ return new AAFPermission(null,params[0],params[1],params[2]);
+ case 4:
+ return new AAFPermission(params[0],params[1],params[2],params[3]);
+ default:
+ return new LocalPermission(p);
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
index 2094948a..bf85beef 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
@@ -55,8 +55,13 @@ public class AAFTrustChecker implements TrustChecker {
AAFPermission temp=null;
if(str!=null) {
String[] sp = Split.splitTrim('|', str);
- if(sp.length==3) {
- temp = new AAFPermission(sp[0],sp[1],sp[2]);
+ switch(sp.length) {
+ case 3:
+ temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+ break;
+ case 4:
+ temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+ break;
}
}
perm=temp;
@@ -69,8 +74,13 @@ public class AAFTrustChecker implements TrustChecker {
AAFPermission temp=null;
if(str!=null) {
String[] sp = Split.splitTrim('|', str);
- if(sp.length==3) {
- temp = new AAFPermission(sp[0],sp[1],sp[2]);
+ switch(sp.length) {
+ case 3:
+ temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+ break;
+ case 4:
+ temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+ break;
}
}
perm=temp;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
index f0909062..7de8536a 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
@@ -32,6 +32,7 @@ import java.util.NoSuchElementException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.config.Config;
@@ -87,6 +88,12 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
latitude = Double.parseDouble(lat);
longitude = Double.parseDouble(lng);
}
+ if(name.startsWith(Defaults.AAF_NS)) {
+ String root_ns = access.getProperty(Config.AAF_ROOT_NS, null);
+ if(root_ns!=null) {
+ name=name.replace(Defaults.AAF_NS, root_ns);
+ }
+ }
if(name.startsWith("http")) { // simple URL
this.name = name;
this.version = Config.AAF_DEFAULT_VERSION;
@@ -259,7 +266,7 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
@Override
public Item best() throws LocatorException {
if(!hasItems()) {
- throw new LocatorException("No Entries found" + (pathInfo==null?"":(" for " + pathInfo)));
+ throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + "/locate/" + name + ':' + version + '\'');
}
List<EP> lep = new ArrayList<>();
EP first = null;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
index 9feeee36..89106cc1 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
@@ -90,7 +90,7 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
protected abstract boolean isCorrectPermType(Permission pond);
// This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
return preemptiveLur.fish(bait, pond);
} else {
@@ -123,20 +123,23 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
user = loadUser(bait);
sb.append("\n\tloadUser called");
}
- if(user==null) {
- sb.append("\n\tUser was not Loaded");
- } else if(user.contains(pond)) {
- sb.append("\n\tUser contains ");
- sb.append(pond.getKey());
- rv = true;
- } else {
- sb.append("\n\tUser does not contain ");
- sb.append(pond.getKey());
- List<Permission> perms = new ArrayList<>();
- user.copyPermsTo(perms);
- for(Permission p : perms) {
- sb.append("\n\t\t");
+ for (Permission p : pond) {
+ if(user==null) {
+ sb.append("\n\tUser was not Loaded");
+ break;
+ } else if(user.contains(p)) {
+ sb.append("\n\tUser contains ");
+ sb.append(p.getKey());
+ rv = true;
+ } else {
+ sb.append("\n\tUser does not contain ");
sb.append(p.getKey());
+ List<Permission> perms = new ArrayList<>();
+ user.copyPermsTo(perms);
+ for(Permission perm : perms) {
+ sb.append("\n\t\t");
+ sb.append(perm.getKey());
+ }
}
}
} else {
@@ -147,14 +150,23 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
aaf.access.log(Level.INFO, sb);
return rv;
} else {
+ boolean rv = false;
if(handles(bait)) {
User<PERM> user = getUser(bait);
if(user==null || user.permsUnloaded() || user.permExpired()) {
user = loadUser(bait);
}
- return user==null?false:user.contains(pond);
+ if(user==null) {
+ return false;
+ } else {
+ for(Permission p : pond) {
+ if(rv=user.contains(p)) {
+ break;
+ }
+ }
+ }
}
- return false;
+ return rv;
}
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index 09f5ed7e..ef73adaa 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -35,20 +35,24 @@ import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayDeque;
+import java.util.Arrays;
import java.util.Date;
import java.util.Deque;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
+import java.util.TreeMap;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.CmdLine;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
@@ -85,8 +89,8 @@ public class Agent {
private static final String HASHES = "################################################################";
private static final String PRINT = "print";
private static final String FILE = "file";
- private static final String PKCS12 = "pkcs12";
- private static final String JKS = "jks";
+ public static final String PKCS12 = "pkcs12";
+ public static final String JKS = "jks";
private static final String SCRIPT="script";
private static final String CM_VER = "1.0";
@@ -123,7 +127,7 @@ public class Agent {
AAFSSO aafsso=null;
PropAccess access;
- if(args.length>0 && args[0].equals("validate")) {
+ if(args.length>1 && args[0].equals("validate") ) {
int idx = args[1].indexOf('=');
aafsso = null;
access = new PropAccess(
@@ -176,7 +180,7 @@ public class Agent {
System.out.println(" check <FQI> [<machine>]");
System.out.println(" keypairgen <FQI>");
System.out.println(" config <FQI>");
- System.out.println(" validate <FQI>.props>");
+ System.out.println(" validate <NS>.props>");
System.out.println(" --- Additional Tool Access ---");
System.out.println(" ** Type with no params for Tool Help");
System.out.println(" ** If using with Agent, preface with \"cadi\"");
@@ -251,7 +255,13 @@ public class Agent {
keypairGen(trans, access, cmds);
break;
case "config":
- config(trans,access,aafcon(access),cmds);
+ if(access.getProperty(Config.CADI_PROP_FILES)!=null) {
+ // Get Properties from initialization Prop Files
+ config(trans,access,null,cmds);
+ } else {
+ // Get Properties from existing AAF Instance
+ config(trans,access,aafcon(access),cmds);
+ }
break;
case "validate":
validate(access);
@@ -319,7 +329,7 @@ public class Agent {
private static String fqi(Deque<String> cmds) {
if(cmds.size()<1) {
String alias = env.getProperty(Config.CADI_ALIAS);
- return alias!=null?alias:AAFSSO.cons.readLine("MechID: ");
+ return alias!=null?alias:AAFSSO.cons.readLine("AppID: ");
}
return cmds.removeFirst();
}
@@ -344,17 +354,17 @@ public class Agent {
}
private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = fqi(cmds);
- String machine = machine(cmds);
+ final String mechID = fqi(cmds);
+ final String machine = machine(cmds);
Artifacts artifacts = new Artifacts();
Artifact arti = new Artifact();
artifacts.getArtifact().add(arti);
- arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: "));
+ arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("AppID: "));
arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));
arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf"));
- String resp = AAFSSO.cons.readLine("Types [file,jks,script] (%s): ", "jks");
+ String resp = AAFSSO.cons.readLine("Types [file,pkcs12,jks,script] (%s): ", PKCS12);
for(String s : Split.splitTrim(',', resp)) {
arti.getType().add(s);
}
@@ -409,7 +419,7 @@ public class Agent {
if(future.get(TIMEOUT)) {
boolean printed = false;
for(Artifact a : future.value.getArtifact()) {
- AAFSSO.cons.printf("MechID: %s\n",a.getMechid());
+ AAFSSO.cons.printf("AppID: %s\n",a.getMechid());
AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor());
AAFSSO.cons.printf("Machine: %s\n",a.getMachine());
AAFSSO.cons.printf("CA: %s\n",a.getCa());
@@ -640,7 +650,7 @@ public class Agent {
// Have to wait for JDK 1.7 source...
//switch(artifact.getType()) {
if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);
+ AAFSSO.cons.printf("No Artifacts found for %s on %s ", mechID, machine);
} else {
String id = aafcon.defID();
boolean allowed;
@@ -650,7 +660,7 @@ public class Agent {
&& aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));
if(!allowed) {
Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" +
- a.getNs() + ".certman|"+a.getCa()+"|showpass","*/*");
+ a.getNs()+"|certman|"+a.getCa()+"|showpass","*/*");
if(pf.get(TIMEOUT)) {
allowed = true;
} else {
@@ -721,7 +731,6 @@ public class Agent {
private static void config(Trans trans, PropAccess pa, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
final String fqi = fqi(cmds);
- final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: ");
final String rootFile = FQI.reverseDomain(fqi);
final File dir = new File(pa.getProperty(Config.CADI_ETCDIR, "."));
if(dir.exists()) {
@@ -749,7 +758,7 @@ public class Agent {
psProps.print("# Configuration File generated on ");
psProps.println(new Date().toString());
psProps.println(HASHES);
- for(String tag : new String[] {Config.CADI_LATITUDE,Config.CADI_LONGITUDE}) {
+ for(String tag : LOC_TAGS) {
psProps.print(tag);
psProps.print('=');
psProps.println(getProperty(pa, trans, false, tag, "%s: ",tag));
@@ -783,42 +792,56 @@ public class Agent {
if(!fkf.exists()) {
CmdLine.main(new String[] {"keygen",fkf.toString()});
}
- psCredProps.print("cadi_keyfile=");
- psCredProps.println(fkf.getCanonicalPath());
-
- psCredProps.print(Config.AAF_APPID);
- psCredProps.print('=');
- psCredProps.println(fqi);
-
Symm filesymm = Symm.obtain(fkf);
- psCredProps.print(Config.AAF_APPPASS);
- psCredProps.print("=enc:");
- String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false);
- ps = filesymm.enpass(ps);
- psCredProps.println(ps);
+ Map<String,String> normal = new TreeMap<>();
+ Map<String,String> creds = new TreeMap<>();
+
+ directedPut(pa, filesymm, normal,creds, Config.CADI_KEYFILE, fkf.getCanonicalPath());
+ directedPut(pa, filesymm, normal,creds, Config.AAF_APPID,fqi);
+ directedPut(pa, filesymm, normal,creds, Config.AAF_APPPASS,null);
+ directedPut(pa, filesymm, normal,creds, Config.AAF_URL, Defaults.AAF_URL);
- psCredProps.print(Config.CADI_TRUSTSTORE);
- psCredProps.print("=");
- File origTruststore = new File(pa.getProperty(Config.CADI_TRUSTSTORE));
- File newTruststore = new File(dir,origTruststore.getName());
- if(!newTruststore.exists()) {
- Files.copy(origTruststore.toPath(), newTruststore.toPath());
+
+ String cts = pa.getProperty(Config.CADI_TRUSTSTORE);
+ if(cts!=null) {
+ File origTruststore = new File(cts);
+ if(!origTruststore.exists()) {
+ // Try same directory as cadi_prop_files
+ String cpf = pa.getProperty(Config.CADI_PROP_FILES);
+ if(cpf!=null) {
+ for(String f : Split.split(File.pathSeparatorChar, cpf)) {
+ File fcpf = new File(f);
+ if(fcpf.exists()) {
+ int lastSep = cts.lastIndexOf(File.pathSeparator);
+ origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts);
+ if(origTruststore.exists()) {
+ break;
+ }
+ }
+ }
+ if(!origTruststore.exists()) {
+ throw new CadiException(cts + " does not exist");
+ }
+ }
+
+ }
+ File newTruststore = new File(dir,origTruststore.getName());
+ if(!newTruststore.exists()) {
+ Files.copy(origTruststore.toPath(), newTruststore.toPath());
+ }
+
+ directedPut(pa, filesymm, normal,creds, Config.CADI_TRUSTSTORE,newTruststore.getCanonicalPath());
+ directedPut(pa, filesymm, normal,creds, Config.CADI_TRUSTSTORE_PASSWORD,null);
}
- psCredProps.println(newTruststore.getCanonicalPath());
-
- psCredProps.print(Config.CADI_TRUSTSTORE_PASSWORD);
- psCredProps.print("=enc:");
- ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false);
- ps = filesymm.enpass(ps);
- psCredProps.println(ps);
- try {
+ if(aafcon!=null) { // get Properties from Remote AAF
+ final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: ");
+
Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator))
.read("/configure/"+fqi+"/aaf", configDF);
if(acf.get(TIMEOUT)) {
- // out.println(acf.value.getName());
for(Props props : acf.value.getProps()) {
- psProps.println(props.getTag() + '=' + props.getValue());
+ directedPut(pa, filesymm, normal,creds, props.getTag(),props.getValue());
}
ok = true;
} else if(acf.code()==401){
@@ -826,15 +849,53 @@ public class Agent {
} else {
trans.error().log(errMsg.toMsg(acf));
}
- } finally {
- psProps.close();
+ } else {
+ String cpf = pa.getProperty(Config.CADI_PROP_FILES);
+ if(cpf!=null){
+ for(String f : Split.split(File.pathSeparatorChar, cpf)) {
+ System.out.format("Reading %s\n",f);
+ FileInputStream fis = new FileInputStream(f);
+ try {
+ Properties props = new Properties();
+ props.load(fis);
+ for(Entry<Object, Object> prop : props.entrySet()) {
+ directedPut(pa, filesymm, normal,creds, prop.getKey().toString(),prop.getValue().toString());
+ }
+ } finally {
+ fis.close();
+ }
+ }
+ }
+ ok = true;
}
if(ok) {
+ for(Entry<String, String> es : normal.entrySet()) {
+ psProps.print(es.getKey());
+ psProps.print('=');
+ psProps.println(es.getValue());
+ }
+
+ for(Entry<String, String> es : creds.entrySet()) {
+ psCredProps.print(es.getKey());
+ psCredProps.print('=');
+ psCredProps.println(es.getValue());
+ }
+
File newFile = new File(dir,rootFile+".props");
+ if(newFile.exists()) {
+ File backup = new File(dir,rootFile+".props.backup");
+ newFile.renameTo(backup);
+ System.out.println("Backed up to " + backup.getCanonicalPath());
+ }
fProps.renameTo(newFile);
System.out.println("Created " + newFile.getCanonicalPath());
fProps = newFile;
+ if(fSecureProps.exists()) {
+ File backup = new File(dir,fSecureProps.getName()+".backup");
+ fSecureProps.renameTo(backup);
+ System.out.println("Backed up to " + backup.getCanonicalPath());
+ }
fSecureTempProps.renameTo(fSecureProps);
System.out.println("Created " + fSecureProps.getCanonicalPath());
fProps = newFile;
@@ -852,7 +913,36 @@ public class Agent {
tt.done();
}
}
+
+ private static List<String> CRED_TAGS = Arrays.asList(new String[] {
+ Config.CADI_KEYFILE,
+ Config.AAF_APPID, Config.AAF_APPPASS,
+ Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD, Config.CADI_KEY_PASSWORD,
+ Config.CADI_TRUSTSTORE,Config.CADI_TRUSTSTORE_PASSWORD,
+ Config.CADI_ALIAS, Config.CADI_X509_ISSUERS
+ });
+
+ private static List<String> LOC_TAGS = Arrays.asList(new String[] {Config.CADI_LATITUDE, Config.CADI_LONGITUDE});
+ private static void directedPut(final PropAccess orig, final Symm symm, final Map<String,String> main, final Map<String,String> secured, final String tag, final String value) throws IOException {
+ if(!LOC_TAGS.contains(tag)) { // Location already covered
+ String val = value==null?orig.getProperty(tag):value;
+ if(tag.endsWith("_password")) {
+ if(val.length()>4) {
+ if(val.startsWith("enc:")) {
+ val = orig.decrypt(val, true);
+ }
+ val = "enc:" + symm.enpass(val);
+ }
+ }
+ if(CRED_TAGS.contains(tag)) {
+ secured.put(tag, val);
+ } else {
+ main.put(tag, val);
+ }
+ }
+ }
+
private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
System.out.println("Validating Configuration...");
final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa));
@@ -927,13 +1017,13 @@ public class Agent {
String prop;
File f;
- if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||
+ if((prop=trans.getProperty(Config.CADI_KEYFILE))==null ||
!(f=new File(prop)).exists()) {
trans.error().printf("Keyfile must exist to check Certificates for %s on %s",
a.getMechid(), a.getMachine());
} else {
- String ksf = props.getProperty(Config.CADI_KEYSTORE);
- String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+ String ksf = trans.getProperty(Config.CADI_KEYSTORE);
+ String ksps = trans.getProperty(Config.CADI_KEYSTORE_PASSWORD);
if(ksf==null || ksps == null) {
trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",
Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index cb282605..c5413919 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -28,7 +28,6 @@ import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -51,7 +50,7 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
@Override
public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getNs()+'.'+kst);
+ File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
try {
KeyStore jks = KeyStore.getInstance(kst);
if(fks.exists()) {
@@ -118,13 +117,14 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
write(fks,Chmod.to400,jks,keystorePassArray);
// Change out to TrustStore
- fks = new File(dir,arti.getNs()+".trust."+kst);
+ // NOTE: PKCS12 does NOT support Trusted Entries. Put in JKS Always
+ fks = new File(dir,arti.getNs()+".trust.jks");
if(fks.exists()) {
File backup = File.createTempFile(fks.getName()+'.', ".backup",dir);
fks.renameTo(backup);
}
- jks = KeyStore.getInstance(kst);
+ jks = KeyStore.getInstance(Agent.JKS);
// Set Truststore Password
addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
index 89816a2c..b3fe2947 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
@@ -41,34 +41,37 @@ public class OAuth2Lur implements Lur {
@Override
public Permission createPerm(String p) {
String[] params = Split.split('|', p);
- if(params.length==3) {
- return new AAFPermission(params[0],params[1],params[2]);
- } else {
- return new LocalPermission(p);
+ switch(params.length) {
+ case 3:
+ return new AAFPermission(null,params[0],params[1],params[2]);
+ case 4:
+ return new AAFPermission(params[0],params[1],params[2],params[3]);
+ default:
+ return new LocalPermission(p);
}
}
@Override
- public boolean fish(Principal bait, Permission pond) {
- AAFPermission apond = (AAFPermission)pond;
- OAuth2Principal oap;
+ public boolean fish(Principal bait, Permission ... pond) {
+ boolean rv = false;
+
if(bait instanceof OAuth2Principal) {
- oap = (OAuth2Principal)bait;
- } else {
- // Here is the spot to put in Principal Conversions
- return false;
- }
-
- TokenPerm tp = oap.tokenPerm();
- if(tp==null) {
- } else {
- for(Permission p : tp.perms()) {
- if(p.match(apond)) {
- return true;
+ OAuth2Principal oap = (OAuth2Principal)bait;
+ for (Permission p : pond ) {
+ AAFPermission apond = (AAFPermission)p;
+
+ TokenPerm tp = oap.tokenPerm();
+ if(tp==null) {
+ } else {
+ for(Permission perm : tp.perms()) {
+ if(perm.match(apond)) {
+ return true;
+ }
+ }
}
}
}
- return false;
+ return rv;
}
@Override
@@ -87,7 +90,7 @@ public class OAuth2Lur implements Lur {
}
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
index 2ebd7dc1..e0d6bf0e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
@@ -443,6 +443,11 @@ public class TokenClient {
throw new APIException("Error Decrypting Password",e);
}
}
+
+ if(username!=null) {
+ params.add("username="+username);
+ }
+
break;
case refresh_token:
if(client_id!=null) {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index 28bf6592..e235b681 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -38,6 +38,7 @@ import org.onap.aaf.cadi.Hash;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.config.Config;
@@ -63,10 +64,10 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
if(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, "https://AAF_LOCATE_URL/AAF_NS.token:2.0"); // Default to AAF
+ access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Defaults.OAUTH2_TOKEN_URL); // Default to AAF
}
if(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, "https://AAF_LOCATE_URL/AAF_NS.introspect:2.0"); // Default to AAF);
+ access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
}
symm = Symm.encrypt.obtain();
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
index 5c77fda7..bb33bc76 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
@@ -141,13 +141,16 @@ public class TokenPerm extends Persisting<Introspect>{
// Gathering object for parsing objects, then creating AAF Permission
private static class PermInfo {
- public String type,instance,action;
+ public String ns,type,instance,action;
public void clear() {
- type=instance=action=null;
+ ns=type=instance=action=null;
}
public void eval(Parsed<State> pd) {
if(pd.hasName()) {
switch(pd.name) {
+ case "ns":
+ ns=pd.sb.toString();
+ break;
case "type":
type=pd.sb.toString();
break;
@@ -162,7 +165,7 @@ public class TokenPerm extends Persisting<Introspect>{
}
public AAFPermission create() {
if(type!=null && instance!=null && action !=null) {
- return new AAFPermission(type, instance, action);
+ return new AAFPermission(ns,type, instance, action);
} else {
return null;
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
index 74d88fc2..95dd9a39 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
@@ -22,16 +22,19 @@
package org.onap.aaf.cadi.olur;
import java.security.Principal;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Result;
+import org.onap.aaf.cadi.lur.LocalPermission;
import org.onap.aaf.cadi.oauth.AbsOTafLur;
import org.onap.aaf.cadi.oauth.OAuth2Principal;
import org.onap.aaf.cadi.oauth.TimedToken;
@@ -39,8 +42,8 @@ import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenPerm;
import org.onap.aaf.cadi.principal.Kind;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.util.Split;
import org.onap.aaf.misc.env.util.Pool.Pooled;
+import org.onap.aaf.misc.env.util.Split;
public class OLur extends AbsOTafLur implements Lur {
public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
@@ -51,7 +54,7 @@ public class OLur extends AbsOTafLur implements Lur {
* @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
*/
@Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
TokenPerm tp;
if(bait instanceof OAuth2Principal) {
OAuth2Principal oa2p = (OAuth2Principal)bait;
@@ -66,7 +69,17 @@ public class OLur extends AbsOTafLur implements Lur {
try {
TokenClient tc = tcp.content;
tc.username(bait.getName());
- Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope());
+ Set<String> scopeSet = new HashSet<>();
+ scopeSet.add(tc.defaultScope());
+ AAFPermission ap;
+ for (Permission p : pond) {
+ ap = (AAFPermission)p;
+ scopeSet.add(ap.getNS());
+ }
+ String[] scopes = new String[scopeSet.size()];
+ scopeSet.toArray(scopes);
+
+ Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
if(rtt.isOK()) {
Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
if(rtp.isOK()) {
@@ -77,9 +90,11 @@ public class OLur extends AbsOTafLur implements Lur {
tcp.done();
}
} catch (APIException | LocatorException | CadiException e) {
- access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage());
+ access.log(e, "Unable to Get a Token");
}
}
+
+ boolean rv = false;
if(tp!=null) {
if(tkMgr.access.willLog(Level.DEBUG)) {
StringBuilder sb = new StringBuilder("AAF Permissions for user ");
@@ -87,8 +102,10 @@ public class OLur extends AbsOTafLur implements Lur {
sb.append(", from token ");
sb.append(tp.get().getAccessToken());
for (AAFPermission p : tp.perms()) {
- sb.append("\n\t");
- sb.append(p.getName());
+ sb.append("\n\t[");
+ sb.append(p.getNS());
+ sb.append(']');
+ sb.append(p.getType());
sb.append('|');
sb.append(p.getInstance());
sb.append('|');
@@ -97,13 +114,18 @@ public class OLur extends AbsOTafLur implements Lur {
sb.append('\n');
access.log(Level.DEBUG, sb);
}
- for (AAFPermission p : tp.perms()) {
- if (p.match(pond)) {
- return true;
+ for (Permission p : pond) {
+ if(rv) {
+ break;
+ }
+ for (AAFPermission perm : tp.perms()) {
+ if (rv=perm.match(p)) {
+ break;
+ }
}
}
}
- return false;
+ return rv;
}
/* (non-Javadoc)
@@ -122,7 +144,7 @@ public class OLur extends AbsOTafLur implements Lur {
* @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
*/
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
@@ -140,10 +162,13 @@ public class OLur extends AbsOTafLur implements Lur {
@Override
public Permission createPerm(final String p) {
String[] s = Split.split('|',p);
- if(s!=null && s.length==3) {
- return new AAFPermission(s[0],s[1],s[2]);
- } else {
- return null;
+ switch(s.length) {
+ case 3:
+ return new AAFPermission(null, s[0],s[1],s[2]);
+ case 4:
+ return new AAFPermission(s[0],s[1],s[2],s[3]);
+ default:
+ return new LocalPermission(p);
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java
index bed201aa..b21f8975 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java
@@ -87,7 +87,7 @@ public class RemoteRegistrant<ENV extends BasicEnv> implements Registrant<ENV> {
mep.setPort(port);
try {
- String hostnameToRegister = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null);
+ String hostnameToRegister = access.getProperty(Config.AAF_REGISTER_AS, null);
if(hostnameToRegister==null) {
hostnameToRegister = access.getProperty(Config.HOSTNAME, null);
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 28103b5d..41931976 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -38,6 +38,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
@@ -311,9 +312,8 @@ public class AAFSSO {
addProp(Config.AAF_LOCATE_URL, locateUrl);
}
- String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service:2.0";
- access.setProperty(Config.AAF_URL, aafUrl);
- access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm:2.0");
+ access.setProperty(Config.AAF_URL, Defaults.AAF_URL);
+ access.setProperty(Config.CM_URL, Defaults.CM_URL);
String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
if(cadiLatitude==null) {
System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
index 4836e4ed..939e9b18 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
@@ -33,11 +33,11 @@ import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.aaf.AAFPermission;
public class JU_AAFPermission {
-
+ private final static String ns = "ns";
private final static String type = "type";
private final static String instance = "instance";
private final static String action = "action";
- private final static String key = type + '|' + instance + '|' + action;
+ private final static String key = ns + '|' + type + '|' + instance + '|' + action;
private final static String role = "role";
private static List<String> roles;
@@ -50,14 +50,17 @@ public class JU_AAFPermission {
@Test
public void constructor1Test() {
- AAFPermission perm = new AAFPermission(type, instance, action);
- assertThat(perm.getName(), is(type));
+ AAFPermission perm = new AAFPermission(ns, type, instance, action);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(0));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key));
@@ -67,39 +70,45 @@ public class JU_AAFPermission {
public void constructor2Test() {
AAFPermission perm;
- perm = new AAFPermission(type, instance, action, null);
- assertThat(perm.getName(), is(type));
+ perm = new AAFPermission(ns, type, instance, action, null);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(0));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key));
- perm = new AAFPermission(type, instance, action, roles);
- assertThat(perm.getName(), is(type));
+ perm = new AAFPermission(ns, type, instance, action, roles);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(1));
assertThat(perm.roles().get(0), is(role));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
- "\n\tInstance: " + instance +
- "\n\tAction: " + action +
- "\n\tKey: " + key));
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
+ "\n\tInstance: " + instance +
+ "\n\tAction: " + action +
+ "\n\tKey: " + key));
}
@Test
public void matchTest() {
- final AAFPermission controlPermission = new AAFPermission(type, instance, action);
+ final AAFPermission controlPermission = new AAFPermission(ns,type, instance, action);
PermissionStub perm;
AAFPermission aafperm;
- aafperm = new AAFPermission(type, instance, action);
+ aafperm = new AAFPermission(ns, type, instance, action);
assertThat(controlPermission.match(aafperm), is(true));
perm = new PermissionStub(key);
@@ -117,7 +126,8 @@ public class JU_AAFPermission {
@Test
public void coverageTest() {
AAFPermissionStub aafps = new AAFPermissionStub();
- assertThat(aafps.getName(), is(nullValue()));
+ assertThat(aafps.getNS(), is(nullValue()));
+ assertThat(aafps.getType(), is(nullValue()));
assertThat(aafps.getInstance(), is(nullValue()));
assertThat(aafps.getAction(), is(nullValue()));
assertThat(aafps.getKey(), is(nullValue()));
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
index ecadb6ed..d50b87a2 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
@@ -42,6 +42,7 @@ import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.configure.ArtifactDir;
import org.onap.aaf.cadi.util.Chmod;
import org.onap.aaf.misc.env.Trans;
@@ -112,7 +113,7 @@ public class JU_ArtifactDir {
} catch(NullPointerException e) {
}
- KeyStore ks = KeyStore.getInstance("pkcs12");
+ KeyStore ks = KeyStore.getInstance(Agent.PKCS12);
try {
ArtifactDir.write(writableFile, Chmod.to755, ks, luggagePassword.toCharArray());
fail("Should've thrown an exception");
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
index 0b086f11..d61ac499 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
@@ -21,9 +21,11 @@
package org.onap.aaf.cadi.cm.test;
-import static org.junit.Assert.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
@@ -31,14 +33,17 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
-import java.security.cert.CertificateException;
-
-import org.junit.*;
-import org.mockito.*;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.configure.PlaceArtifactInKeystore;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
@@ -97,12 +102,12 @@ public class JU_PlaceArtifactInKeystore {
@Test
public void test() throws CadiException {
// Note: PKCS12 can't be tested in JDK 7 and earlier. Can't handle Trusting Certificates.
- PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore("jks");
+ PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore(Agent.JKS);
certs.add(x509String);
certs.add(x509Chain);
assertThat(placer.place(transMock, certInfoMock, artiMock, "machine"), is(true));
- for (String ext : new String[] {"chal", "keyfile", "jks", "trust.jks", "cred.props"}) {
+ for (String ext : new String[] {"chal", "keyfile", Agent.JKS, "trust.jks", "cred.props"}) {
File f = new File(dirName + '/' + nsName + '.' + ext);
assertThat(f.exists(), is(true));
}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
index 6bbed0ed..356c12d5 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
@@ -98,28 +98,28 @@ public class JU_TokenPerm {
String json;
LoadPermissions lp;
Permission p;
-
+
json = "{\"perm\":[" +
- " {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
+ " {\"ns\":\"com\",\"type\":\"access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
"]}";
lp = new LoadPermissions(new StringReader(json));
assertThat(lp.perms.size(), is(1));
p = lp.perms.get(0);
- assertThat(p.getKey(), is("com.access|*|read,approve"));
+ assertThat(p.getKey(), is("com|access|*|read,approve"));
assertThat(p.permType(), is("AAF"));
// Extra closing braces for coverage
json = "{\"perm\":[" +
- " {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
+ " {\"ns\":\"com\",\"type\":\"access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
"]]}";
lp = new LoadPermissions(new StringReader(json));
assertThat(lp.perms.size(), is(1));
p = lp.perms.get(0);
- assertThat(p.getKey(), is("com.access|*|read,approve"));
+ assertThat(p.getKey(), is("com|access|*|read,approve"));
assertThat(p.permType(), is("AAF"));
// Test without a type
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
index 45a7d341..6c3c6118 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
@@ -147,7 +147,7 @@ public class Sample {
String permS = myAccess.getProperty("perm","org.osaaf.aaf.access|*|read");
String[] permA = Split.splitTrim('|', permS);
if(permA.length>2) {
- final Permission perm = new AAFPermission(permA[0],permA[1],permA[2]);
+ final Permission perm = new AAFPermission(null, permA[0],permA[1],permA[2]);
// See the CODE for Java Methods used
if(singleton().oneAuthorization(fqi, perm)) {
System.out.printf("Success: %s has %s\n",fqi.getName(),permS);
diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
index d14e747a..024deff7 100644
--- a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
+++ b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
@@ -81,6 +81,7 @@ public class JU_PropertyLocator {
assertThat(pl.hasItems(), is(false));
assertThat(countItems(pl), is(0));
+ Thread.sleep(20L); // PL checks same milli...
pl.refresh();
assertThat(pl.hasItems(), is(true));
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
index 1d01a3e8..39631894 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
@@ -246,7 +246,7 @@ public abstract class AbsUserCache<PERM extends Permission> {
/**
* The default behavior of a LUR is to not handle something exclusively.
*/
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
index fd73d00b..0beb4856 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
@@ -52,7 +52,7 @@ public interface Lur {
* @param principalName
* @return
*/
- public boolean fish(Principal bait, Permission pond);
+ public boolean fish(Principal bait, Permission ... pond);
/**
* Fish all the Principals out a Pond
@@ -77,7 +77,7 @@ public interface Lur {
* @param pond
* @return
*/
- public boolean handlesExclusively(Permission pond);
+ public boolean handlesExclusively(Permission ... pond);
/**
* Does the LUR support a particular kind of Principal
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
index 07652d24..afc1d979 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
@@ -663,6 +663,9 @@ public class Symm {
* @throws IOException
*/
public void enpass(final String password, final OutputStream os) throws IOException {
+ if(password==null) {
+ throw new IOException("Invalid password passed");
+ }
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
byte[] bytes = password.getBytes();
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index b4e31f2f..efe5503b 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -74,14 +74,12 @@ public class Config {
private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF";
-
public static final String UTF_8 = "UTF-8";
// Property Names associated with configurations.
// As of 1.0.2, these have had the dots removed so as to be compatible with JavaBean style
// configurations as well as property list style.
public static final String HOSTNAME = "hostname";
- public static final String CADI_REGISTRATION_HOSTNAME = "cadi_registration_hostname";
public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)
public static final String CADI_LOGLEVEL = "cadi_loglevel";
public static final String CADI_LOGDIR = "cadi_log_dir";
@@ -136,12 +134,22 @@ public class Config {
public static final String OAUTH_CLIENT_SECRET="client_secret";
public static final String AAF_ENV = "aaf_env";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_ROOT_NS = "aaf_root_ns";
public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
public static final String AAF_ROOT_COMPANY = "aaf_root_company";
public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
+ public static final String AAF_DEFAULT_VERSION = "2.1";
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
+ public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_VERSION;
+ public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_VERSION;
+ public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_VERSION;
+ public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_VERSION;
+ public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_VERSION;
+
+ public static final String AAF_REGISTER_AS = "aaf_register_as";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_LUR_CLASS = "aaf_lur_class";
@@ -175,7 +183,6 @@ public class Config {
public static final String AAF_COMPONENT = "aaf_component";
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
- public static final String AAF_DEFAULT_VERSION = "2.0";
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
index 2813dca8..b442c7d9 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
@@ -60,7 +60,7 @@ public final class EpiLur implements Lur {
if(lurs.length==0) throw new CadiException("Need at least one Lur implementation in constructor");
}
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if(pond==null) {
return false;
}
@@ -99,7 +99,7 @@ public final class EpiLur implements Lur {
}
// Never needed... Only EpiLur uses...
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
index 0f9adb94..e177a22f 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
@@ -94,14 +94,16 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
}
// @Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if (pond == null) {
return false;
}
- if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- if (user != null) {
- return user.contains((LocalPermission)pond);
+ for(Permission p : pond) {
+ if (handles(bait) && p instanceof LocalPermission) { // local Users only have LocalPermissions
+ User<LocalPermission> user = getUser(bait);
+ if (user != null) {
+ return user.contains((LocalPermission)p);
+ }
}
}
return false;
@@ -128,8 +130,15 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
return principal.getName().endsWith(supportedRealm);
}
- public boolean handlesExclusively(Permission pond) {
- return supportingGroups.contains(pond.getKey());
+ @Override
+ public boolean handlesExclusively(Permission ... pond) {
+ boolean rv = false;
+ for (Permission p : pond) {
+ if(rv=supportingGroups.contains(p.getKey())) {
+ break;
+ }
+ }
+ return rv;
}
/* (non-Javadoc)
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
index 1e44726a..b314f20e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
@@ -44,7 +44,7 @@ public class NullLur implements Lur {
return false;
}};
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
// Well, for Jenkins, this is ok... It finds out it can't do J2EE Security, and then looks at it's own
// System.err.println("CADI's LUR has not been configured, but is still being called. Access is being denied");
return false;
@@ -56,7 +56,7 @@ public class NullLur implements Lur {
public void destroy() {
}
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
index f7c3a0a2..b99030eb 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
@@ -117,10 +117,10 @@ public class JU_EpiLur {
private class CredValStub implements Lur, CredVal {
@Override public boolean validate(String user, Type type, byte[] cred, Object state) { return false; }
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return false; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public void destroy() { }
- @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handlesExclusively(Permission ... pond) { return false; }
@Override public boolean handles(Principal principal) { return false; }
@Override public void clear(Principal p, StringBuilder report) { }
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
index 1737710a..b34e90ab 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
@@ -350,7 +350,7 @@ public class JU_AbsUserCache {
class AbsUserCacheCLStub<PERM extends Permission> extends AbsUserCache<PERM> implements CachingLur<PERM> {
public AbsUserCacheCLStub(AbsUserCache<PERM> cache) { super(cache); }
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return false; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public boolean handles(Principal principal) { return false; }
@Override public Resp reload(User<PERM> user) { return null; }
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
index d9a4437c..850dd22c 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
@@ -122,10 +122,10 @@ public class JU_CadiWrap {
// Anonymous object for testing purposes
CachingLur<Permission> lur1 = new CachingLur<Permission>() {
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return true; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return true; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public void destroy() { }
- @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handlesExclusively(Permission ... pond) { return false; }
@Override public boolean handles(Principal principal) { return false; }
@Override public void remove(String user) { }
@Override public Resp reload(User<Permission> user) { return null; }
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
index 835e699b..ae9c93ed 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
@@ -72,13 +73,10 @@ public class OAuthExample {
// Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files"
- String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,
- "https://AAF_LOCATE_URL/AAF_NS.token:2.0"); // Default to AAF
- String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,
- "https://AAF_LOCATE_URL/AAF_NS.introspect:2.0"); // Default to AAF);
+ String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,Defaults.OAUTH2_TOKEN_URL); // Default to AAF
+ String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
// Get Hello Service
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
- "https://AAF_LOCATE_URL/AAF_NS.hello:2.0");
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Defaults.HELLO_URL);
final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
index 4b29518f..c82a7c5d 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
@@ -103,8 +104,7 @@ public class OnapClientExample {
// Use this Token in your client calls with "Tokenized Client" (TzClient)
// These should NOT be used cross thread.
// Get Hello Service URL... roll your own in your own world.
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
- "https://AAF_LOCATE_URL/AAF_NS.hello:2.0");
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Defaults.HELLO_URL);
TzClient helloClient = tcf.newTzClient(endServicesURL);
diff --git a/conf/CA/newca.sh b/conf/CA/newCA.sh
index 5f49f38a..49b12c3f 100644
--- a/conf/CA/newca.sh
+++ b/conf/CA/newCA.sh
@@ -6,6 +6,8 @@ mkdir -p private certs newcerts
chmod 700 private
chmod 755 certs newcerts
touch index.txt
+echo "unique_subject = no" > index.txt.attr
+
if [ ! -e serial ]; then
echo '01' > serial
fi
diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh
index 94103051..303c22e1 100644
--- a/conf/CA/newIntermediate.sh
+++ b/conf/CA/newIntermediate.sh
@@ -13,6 +13,8 @@ mkdir -p $DIR/private $DIR/certs $DIR/newcerts
chmod 700 $DIR/private
chmod 755 $DIR/certs $DIR/newcerts
touch $DIR/index.txt
+echo "unique_subject = no" > $DIR/index.txt.attr
+
if [ ! -e $DIR/serial ]; then
echo '01' > $DIR/serial
fi
diff --git a/docs/sections/installation/client_vol.rst b/docs/sections/installation/client_vol.rst
new file mode 100644
index 00000000..ea98e5f2
--- /dev/null
+++ b/docs/sections/installation/client_vol.rst
@@ -0,0 +1,70 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+========================================
+Setting up Certs and CADI Configurations
+========================================
+
+*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
+
+------------------
+Strategy
+------------------
+
+ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers. Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon)
+
+Given that all ONAP entities are also in Docker Containers, they all can access Persistent Volumes.
+
+This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf"
+
+------------------
+Prerequisites
+------------------
+ * Docker
+ * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
+ | but it DOES have be accessible to the AAF Instance.
+ * For ONAP, this means
+
+ * Windriver VPN
+ * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+
+-----------------------
+Obtain the Agent Script
+-----------------------
+Choose the directory you wish to start in...
+
+If you don't want to clone all of AAF, just get the "agent.sh" from a Browser:
+
+ https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=blob_plain;f=auth/docker/agent.sh;hb=HEAD
+
+ Note: curl/wget get html, instead of text
+ | You might have to mv, and rename it to "agent.sh", but avoids full clone
+
+-------------------------
+Run Script
+-------------------------
+
+In your chosen directory ::
+
+ $ bash agent.sh
+
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it
+
+
+--------------- ---------------
+Tag Value
+--------------- ---------------
+CADI Version Defaults to CADI version of this
+AAF's FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
+Deployer's FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
+App's Root FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
+App's FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
+App's Volume Volume to put the data, see above. ex: clamp_aaf
+DRIVER Docker Volume type... See Docker Volume documentation
+LATITUDE Global latitude coordinate of Node (best guess for Kubernetes)
+LONGITUDE Global longitude coordinate of Node (best guess for Kubernetes)
+--------------- ---------------
+
+
+
diff --git a/docs/sections/installation/install_from_source.rst b/docs/sections/installation/install_from_source.rst
new file mode 100644
index 00000000..761069cb
--- /dev/null
+++ b/docs/sections/installation/install_from_source.rst
@@ -0,0 +1,219 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+============================
+Installing from Source Code
+============================
+
+*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
+
+------------------
+Modes
+------------------
+
+AAF can be run in various ways
+ * Standalone (on your O/S)
+ * Docker (localized)
+ * Kubernetes
+ * ONAP Styles
+ * HEAT (Docker Container Based Initilization)
+ * OOM (a Helm Chart based Kubernetes Environment)
+
+------------------
+Prerequisites
+------------------
+
+You need the following tools to build and run AAF
+ * git
+ * maven
+ * Java (JDK 1.8+, openjdk is fine)
+ * Cassandra
+ * a separate installation is fine
+ * these instructions will start off with a Docker based Cassandra instance
+ * Machine - one of the following
+ * Standalone Java Processes - no additional running environments necessary
+ * docker - typically available via packages for O/S
+ * kubernetes - ditto
+
+
+------------------
+Build from Source
+------------------
+Choose the directory you wish to start in... This process will create an "authz" subdirectory::
+
+ $ mkdir -p ~/src
+ $ cd ~/src
+
+Use 'git' to 'clone' the master code::
+
+ $ git clone https://gerrit.onap.org/r/aaf/authz
+
+Change to that directory::
+
+ $ cd authz
+
+Use Maven to build::
+
+ << TODO, get ONAP Settings.xml>>
+ $ mvn install
+
+.. -----------------
+.. Standalone
+.. -----------------
+
+-----------------
+Docker Mode
+-----------------
+
+After you have successfully run maven, you will need a Cassandra. If you don't have one, here are instructions for a Docker Standalone Cassandra. For a *serious* endeavor, you need a multi-node Cassandra.
+
+From "authz"::
+
+ $ cd auth/auth-cass/src/main/cql
+ $ vi config.dat
+
+===================
+Existing Cassandra
+===================
+
+AAF Casablanca has added a table. If you have an existing AAF Cassandra, do the following::
+
+ ### If Container Cassandra, add these steps, otherwise, skip
+ $ docker container cp init2_1.cql aaf_cass:/tmp
+ $ docker exec -it aaf_cass bash
+ (docker) $ cd /tmp
+ ###
+ $ cqlsh -f 'init2_1.cql'
+
+=====================
+New Docker Cassandra
+=====================
+
+Assuming you are in your src/authz directory::
+
+ $ cd auth/auth-cass/docker
+ $ sh dinstall.sh
+
+---------------------
+AAF Itself
+---------------------
+
+Assuming you are in your src/authz directory::
+
+ $ cd auth/docker
+ ### If you have not done so before (don't overwrite your work!)
+ $ cp d.props.init d.props
+
+You will need to edit and fill out the information in your d.props file. Here is info to help
+
+**Local Env info** - These are used to load the /etc/hosts file in the Containers, so AAF is available internally and externally
+
+ =============== =============
+ Variable Explanation
+ =============== =============
+ HOSTNAME This must be the EXTERNAL FQDN of your host. Must be in DNS or /etc/hosts
+ HOST_IP This must be the EXTERNAL IP of your host. Must be accessible from "anywhere"
+ CASS_HOST If Docker Cass, this is the INTERNAL FQDN/IP. If external Cass, then DNS|/etc/hosts entry
+ aaf_env This shows up in GUI and certs, to differentiate environments
+ aaf_register_as As pre-set, it is the same external hostname.
+ cadi_latitude Use "https://bing.com/maps", if needed, to locate your current Global Coords
+ cadi_longitude ditto
+ =============== =============
+
+==============================
+"Bleeding Edge" Source install
+==============================
+
+AAF can be built, and local Docker Images built with the following::
+
+ $ sh dbuild.sh
+
+Otherwise, just let it pull from Nexus
+
+==============================
+Configure AAF Volume
+==============================
+
+AAF uses a Persistent Volume to store data longer term, such as CADI configs, Organization info, etc, so that data is not lost when changing out a container.
+
+This volume is created automatically, as necessary, and linked into the container when starting. ::
+
+ ## Be sure to have your 'd.props' file filled out before running.
+ $ sh aaf.sh
+
+==============================
+Bootstrapping with Keystores
+==============================
+
+Start the container in bash mode, so it stays up. ::
+
+ $ bash aaf.sh bash
+ id@77777:
+
+In another shell, find out your Container name. ::
+
+ $ docker container ls | grep aaf_config
+
+CD to directory with CA p12 files
+
+ * org.osaaf.aaf.p12
+ * org.osaaf.aaf.signer.p12 (if using Certman to sign certificates)
+
+Copy keystores for this AAF Env ::
+
+ $ docker container cp -L org.osaaf.aaf.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
+ ### IF using local CA Signer
+ $ docker container cp -L org.osaaf.aaf.signer.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
+
+In Agent Window ::
+
+ id@77777: agent encrypt cadi_keystore_password
+ ### IF using local CA Signer
+ id@77777: agent encrypt cm_ca.local
+
+Check to make sure all passwords are set ::
+
+ id@77777: grep "enc:" *.props
+
+When good, exit from Container Shell and run AAF ::
+
+ id@77777: exit
+ $ bash drun.sh
+
+Check the Container logs for correct Keystore passwords, other issues ::
+
+ $ docker container logs aaf_<service>
+
+Watch logs ::
+
+ $ sh aaf.sh taillog
+
+Notes:
+
+You can find an ONAP Root certificate, and pre-built trustores for ONAP Test systems at:
+ | authz/auth/sample/public/AAF_RootCA.cert
+ | authz/auth/sample/public/truststoreONAPall.jks
+
+Good Tests to run ::
+
+ ## From "docker" dir
+ ##
+ ## assumes you have DNS or /etc/hosts entry for aaf-onap-test.osaaf.org
+ ##
+ $ curl --cacert ../sample/public/AAF_RootCA.cer -u demo@people.osaaf.org:demo123456! https://aaf-onap-test.osaaf.org:8100/authz/perms/user/demo@people.osaaf.org
+ $ openssl s_client -connect aaf-onap-test.osaaf.org:8100
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/sections/installation/fromsource.rst b/docs/sections/installation/sample.rst
index 19ac6221..19ac6221 100644
--- a/docs/sections/installation/fromsource.rst
+++ b/docs/sections/installation/sample.rst