summaryrefslogtreecommitdiffstats
path: root/auth/auth-certman
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-certman')
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java4
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java51
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java3
3 files changed, 33 insertions, 25 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
index b7dd069d..a0a97241 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
@@ -35,18 +35,16 @@ import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
-
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.jscep.client.Client;
import org.jscep.client.ClientException;
import org.jscep.client.EnrollmentResponse;
-import org.jscep.client.verification.CertificateVerifier;
import org.onap.aaf.auth.cm.cert.BCFactory;
import org.onap.aaf.auth.cm.cert.CSRMeta;
import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.Locator.Item;
+import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.configure.CertException;
import org.onap.aaf.cadi.locator.HotPeerLocator;
import org.onap.aaf.misc.env.Env;
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
index 3ff88d27..2b9204c9 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
@@ -24,6 +24,7 @@ package org.onap.aaf.auth.cm.mapper;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
+import java.util.Set;
import org.onap.aaf.auth.cm.data.CertDrop;
import org.onap.aaf.auth.cm.data.CertRenew;
@@ -35,7 +36,6 @@ import org.onap.aaf.auth.dao.cass.ArtiDAO.Data;
import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
-import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.cadi.util.Vars;
import aaf.v2_0.Error;
@@ -208,39 +208,46 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
List<ArtiDAO.Data> ladd = new ArrayList<>();
for (Artifact arti : artifacts.getArtifact()) {
ArtiDAO.Data data = new ArtiDAO.Data();
- data.mechid = arti.getMechid();
- data.machine = arti.getMachine();
+ data.mechid = trim(arti.getMechid());
+ data.machine = trim(arti.getMachine());
+ Set<String> ss = data.type(true);
+ if(arti.getType()!=null) {
+ for(String t : arti.getType()) {
+ ss.add(t.trim());
+ }
+ }
data.type(true).addAll(arti.getType());
- data.ca = arti.getCa();
- data.dir = arti.getDir();
- data.os_user = arti.getOsUser();
+ data.ca = trim(arti.getCa());
+ data.dir = trim(arti.getDir());
+ data.os_user = trim(arti.getOsUser());
// Optional (on way in)
- data.ns = arti.getNs();
+ data.ns = trim(arti.getNs());
data.renewDays = arti.getRenewDays();
- data.notify = arti.getNotification();
+ data.notify = trim(arti.getNotification());
// Ignored on way in for create/update
- data.sponsor = arti.getSponsor();
+ data.sponsor = trim(arti.getSponsor());
data.expires = null;
-
- // Derive Optional Data from Machine (Domain) if exists
- if (data.machine!=null) {
- if (data.ca==null) {
- if (data.machine.endsWith(".att.com")) {
- data.ca = "aaf"; // default
- }
- }
- if (data.ns==null ) {
- data.ns=FQI.reverseDomain(data.machine);
- }
+ ss = data.sans(true);
+ if(arti.getSans()!=null) {
+ for(String s : arti.getSans()) {
+ ss.add(s.trim());
+ }
}
- data.sans(true).addAll(arti.getSans());
ladd.add(data);
}
return ladd;
}
- /* (non-Javadoc)
+ private String trim(String s) {
+ if(s==null) {
+ return s;
+ } else {
+ return s.trim();
+ }
+ }
+
+ /* (non-Javadoc)
* @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result)
*/
@Override
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
index bb157a2e..f85eb44e 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
@@ -72,6 +72,9 @@ public class CertmanValidator extends Validator{
} else {
for (ArtiDAO.Data a : list) {
allRequired(a);
+ if(a.dir!=null && a.dir.startsWith("/tmp")) {
+ msg("Certificates may not be deployed into /tmp directory (they will be removed at a random time by O/S)");
+ }
}
}
}