diff options
Diffstat (limited to 'auth/auth-certman')
3 files changed, 33 insertions, 25 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index b7dd069d..a0a97241 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -35,18 +35,16 @@ import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; - import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.jscep.client.Client; import org.jscep.client.ClientException; import org.jscep.client.EnrollmentResponse; -import org.jscep.client.verification.CertificateVerifier; import org.onap.aaf.auth.cm.cert.BCFactory; import org.onap.aaf.auth.cm.cert.CSRMeta; import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.Locator.Item; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.cadi.locator.HotPeerLocator; import org.onap.aaf.misc.env.Env; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java index 3ff88d27..2b9204c9 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java @@ -24,6 +24,7 @@ package org.onap.aaf.auth.cm.mapper; import java.io.IOException; import java.util.ArrayList; import java.util.List; +import java.util.Set; import org.onap.aaf.auth.cm.data.CertDrop; import org.onap.aaf.auth.cm.data.CertRenew; @@ -35,7 +36,6 @@ import org.onap.aaf.auth.dao.cass.ArtiDAO.Data; import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; -import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.cadi.util.Vars; import aaf.v2_0.Error; @@ -208,39 +208,46 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { List<ArtiDAO.Data> ladd = new ArrayList<>(); for (Artifact arti : artifacts.getArtifact()) { ArtiDAO.Data data = new ArtiDAO.Data(); - data.mechid = arti.getMechid(); - data.machine = arti.getMachine(); + data.mechid = trim(arti.getMechid()); + data.machine = trim(arti.getMachine()); + Set<String> ss = data.type(true); + if(arti.getType()!=null) { + for(String t : arti.getType()) { + ss.add(t.trim()); + } + } data.type(true).addAll(arti.getType()); - data.ca = arti.getCa(); - data.dir = arti.getDir(); - data.os_user = arti.getOsUser(); + data.ca = trim(arti.getCa()); + data.dir = trim(arti.getDir()); + data.os_user = trim(arti.getOsUser()); // Optional (on way in) - data.ns = arti.getNs(); + data.ns = trim(arti.getNs()); data.renewDays = arti.getRenewDays(); - data.notify = arti.getNotification(); + data.notify = trim(arti.getNotification()); // Ignored on way in for create/update - data.sponsor = arti.getSponsor(); + data.sponsor = trim(arti.getSponsor()); data.expires = null; - - // Derive Optional Data from Machine (Domain) if exists - if (data.machine!=null) { - if (data.ca==null) { - if (data.machine.endsWith(".att.com")) { - data.ca = "aaf"; // default - } - } - if (data.ns==null ) { - data.ns=FQI.reverseDomain(data.machine); - } + ss = data.sans(true); + if(arti.getSans()!=null) { + for(String s : arti.getSans()) { + ss.add(s.trim()); + } } - data.sans(true).addAll(arti.getSans()); ladd.add(data); } return ladd; } - /* (non-Javadoc) + private String trim(String s) { + if(s==null) { + return s; + } else { + return s.trim(); + } + } + + /* (non-Javadoc) * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result) */ @Override diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java index bb157a2e..f85eb44e 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java @@ -72,6 +72,9 @@ public class CertmanValidator extends Validator{ } else { for (ArtiDAO.Data a : list) { allRequired(a); + if(a.dir!=null && a.dir.startsWith("/tmp")) { + msg("Certificates may not be deployed into /tmp directory (they will be removed at a random time by O/S)"); + } } } } |