diff options
Diffstat (limited to 'auth')
8 files changed, 144 insertions, 150 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java index a2dc6b65..948e65be 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Future.java @@ -44,12 +44,12 @@ import com.datastax.driver.core.SimpleStatement; import com.datastax.driver.core.Statement; public class Future implements CacheChange.Data, Comparable<Future> { - public static final Map<UUID,Future> data = new TreeMap<UUID,Future>(); - public static final Map<String,List<Future>> byRole = new TreeMap<String,List<Future>>(); + public static final Map<UUID,Future> data = new TreeMap<>(); + public static final Map<String,List<Future>> byRole = new TreeMap<>(); public final FutureDAO.Data fdd; public final String role; // derived - private final static CacheChange<Future> cache = new CacheChange<Future>(); + private static final CacheChange<Future> cache = new CacheChange<>(); public final UUID id() { @@ -102,13 +102,16 @@ public class Future implements CacheChange.Data, Comparable<Future> { ++count; Future f = creator.create(row); data.put(f.fdd.id,f); - if(f.role!=null) { - List<Future> lf = byRole.get(f.role); - if(lf==null) { - byRole.put(f.role,lf = new ArrayList<Future>()); - } - lf.add(f); + if(f.role==null) { + continue; } + List<Future> lf = byRole.get(f.role); + if(lf==null) { + lf = new ArrayList<>(); + byRole.put(f.role,lf); + } + lf.add(f); + } } finally { tt.done(); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index c90dcccf..ea726480 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -53,7 +53,8 @@ public abstract class CA { public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<String>()); - private final String name,env; + private final String name; + private final String env; private MessageDigest messageDigest; private final String permType; private Set<String> caIssuerDNs; @@ -70,7 +71,7 @@ public abstract class CA { if(permType==null) { throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } - caIssuerDNs = new HashSet<String>(); + caIssuerDNs = new HashSet<>(); String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; @@ -79,13 +80,14 @@ public abstract class CA { throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } access.log(Level.INFO, tag, "=",fields); - for(RDN rdn : rdns = RDN.parse('/',fields)) { + rdns = RDN.parse('/',fields); + for(RDN rdn : rdns) { if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT); } } - idDomains = new ArrayList<String>(); + idDomains = new ArrayList<>(); StringBuilder sb = null; for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) { if(s.length()>0) { @@ -102,14 +104,14 @@ public abstract class CA { access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb); } - String data_dir = access.getProperty(CM_PUBLIC_DIR,null); - if(data_dir!=null) { - File data = new File(data_dir); + String dataDir = access.getProperty(CM_PUBLIC_DIR,null); + if(dataDir!=null) { + File data = new File(dataDir); byte[] bytes; if(data.exists()) { - String trust_cas = access.getProperty(CM_TRUST_CAS,null); - if(trust_cas!=null) { - for(String fname : Split.splitTrim(',', trust_cas)) { + String trustCas = access.getProperty(CM_TRUST_CAS,null); + if(trustCas!=null) { + for(String fname : Split.splitTrim(',', trustCas)) { File crt = new File(data,fname); if(crt.exists()) { access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath()); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index 0d494acd..ee73dbdc 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -59,21 +59,21 @@ public class JscepCA extends CA { static final String CA_PREFIX = "http://"; static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll"; - private final static String MS_PROFILE="1"; - private final static int MAX_RETRY=3; + private static final String MS_PROFILE="1"; + private static final int MAX_RETRY=3; public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins // package on purpose - private Map<String,X509ChainWithIssuer> mxcwi_s; - private Map<Client,X509ChainWithIssuer> mxcwi_c; + private Map<String,X509ChainWithIssuer> mxcwiS; + private Map<Client,X509ChainWithIssuer> mxcwiC; private JscepClientLocator clients; public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException { super(access, name, env); - mxcwi_s = new ConcurrentHashMap<String,X509ChainWithIssuer>(); - mxcwi_c = new ConcurrentHashMap<Client,X509ChainWithIssuer>(); + mxcwiS = new ConcurrentHashMap<>(); + mxcwiC = new ConcurrentHashMap<>(); if(params.length<2) { throw new CertException("No Trust Chain parameters are included"); @@ -110,7 +110,7 @@ public class JscepCA extends CA { dir = dir + '/'; } String path; - List<FileReader> frs = new ArrayList<FileReader>(params.length-1); + List<FileReader> frs = new ArrayList<>(params.length-1); try { for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j]; @@ -119,7 +119,7 @@ public class JscepCA extends CA { } X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs); addCaIssuerDN(xcwi.getIssuerDN()); - mxcwi_s.put(params[i][0],xcwi); + mxcwiS.put(params[i][0],xcwi); } finally { for(FileReader fr : frs) { if(fr!=null) { @@ -173,26 +173,16 @@ public class JscepCA extends CA { break; } } - X509ChainWithIssuer mxcwi = mxcwi_c.get(client); + X509ChainWithIssuer mxcwi = mxcwiC.get(client); return new X509ChainWithIssuer(mxcwi,x509); -// break; + } else if (er.isPending()) { trans.checkpoint("Polling, waiting on CA to complete"); Thread.sleep(3000); } else if (er.isFailure()) { -// switch(er.getFailInfo()) { -// case badMessageCheck: -// throw new ClientException("Received BadMessageCheck from Jscep"); -// case badAlg: -// case badCertId: -// case badRequest: -// case badTime: -// default: -// } throw new CertException(clients.info(item)+':'+er.getFailInfo().toString()); } } - //i=MAX_RETRY; } catch(LocatorException e) { trans.error().log(e); i=MAX_RETRY; @@ -246,7 +236,7 @@ public class JscepCA extends CA { } ); // Map URL to Client, because Client doesn't expose Connection - mxcwi_c.put(c,mxcwi_s.get(urlinfo)); + mxcwiC.put(c, mxcwiS.get(urlinfo)); return c; } catch (MalformedURLException e) { throw new LocatorException(e); @@ -260,7 +250,7 @@ public class JscepCA extends CA { @Override protected void _destroy(Client client) { - mxcwi_c.remove(client); + mxcwiC.remove(client); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index cd8886da..e2287c3b 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -97,7 +97,7 @@ public class LocalCA extends CA { String fileName = f.getName(); if(fileName.endsWith(".key")) { caKey = Factory.toPrivateKey(NullTrans.singleton(),f); - List<FileReader> frs = new ArrayList<FileReader>(params.length-1); + List<FileReader> frs = new ArrayList<>(params.length-1); try { String dir = access.getProperty(CM_PUBLIC_DIR, ""); if(!"".equals(dir) && !dir.endsWith("/")) { @@ -128,8 +128,8 @@ public class LocalCA extends CA { KeyStore keyStore; FileInputStream fis = null; if(fileName.endsWith(".pkcs11")) { - String ksType; - p = Factory.getSecurityProvider(ksType="PKCS11",params); + String ksType="PKCS11"; + p = Factory.getSecurityProvider(ksType,params); keyStore = KeyStore.getInstance(ksType,p); } else if(fileName.endsWith(".jks")) { keyStore = KeyStore.getInstance("JKS"); @@ -216,7 +216,7 @@ public class LocalCA extends CA { SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent())) // new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded())) ); - List<GeneralName> lsan = new ArrayList<GeneralName>(); + List<GeneralName> lsan = new ArrayList<>(); for(String s : csrmeta.sans()) { lsan.add(new GeneralName(GeneralName.dNSName,s)); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java index 6f3062bb..6ba5a37f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java @@ -45,24 +45,26 @@ public class X509ChainWithIssuer extends X509andChain { Collection<? extends Certificate> certs; X509Certificate x509; for(Reader rdr : rdrs) { - if(rdr!=null) { // cover for badly formed array - byte[] bytes = Factory.decode(rdr); - try { - certs = Factory.toX509Certificate(bytes); - } catch (CertificateException e) { - throw new CertException(e); + if(rdr==null) { // cover for badly formed array + continue; + } + byte[] bytes = Factory.decode(rdr); + try { + certs = Factory.toX509Certificate(bytes); + } catch (CertificateException e) { + throw new CertException(e); + } + for(Certificate c : certs) { + x509=(X509Certificate)c; + Principal subject = x509.getSubjectDN(); + if(subject==null) { + continue; } - for(Certificate c : certs) { - x509=(X509Certificate)c; - Principal subject = x509.getSubjectDN(); - if(subject!=null) { - if(cert==null) { // first in Trust Chain - issuerDN= subject.toString(); - } - addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. - } + if(cert==null) { // first in Trust Chain + issuerDN = subject.toString(); } + addTrustChainEntry(x509); + cert=x509; // adding each time makes sure last one is signer. } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index 2541bea0..2b763f7f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -60,17 +60,16 @@ public class CSRMeta { private String email; private String challenge; private List<RDN> rdns; - - public CSRMeta(List<RDN> rdns) { - this.rdns = rdns; - } - - private ArrayList<String> sanList = new ArrayList<String>(); + private ArrayList<String> sanList = new ArrayList<>(); private KeyPair keyPair; private X500Name name = null; private SecureRandom random = new SecureRandom(); - public X500Name x500Name() throws IOException { + public CSRMeta(List<RDN> rdns) { + this.rdns = rdns; + } + + public X500Name x500Name() { if(name==null) { X500NameBuilder xnb = new X500NameBuilder(); xnb.addRDN(BCStyle.CN,cn); @@ -99,7 +98,7 @@ public class CSRMeta { } int plus = email==null?0:1; - if(sanList.size()>0) { + if(!sanList.isEmpty()) { GeneralName[] gna = new GeneralName[sanList.size()+plus]; int i=-1; for(String s : sanList) { @@ -114,10 +113,7 @@ public class CSRMeta { }) ); } - - if(email!=null) { - - } + try { return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate())); } catch (OperatorCreationException e) { @@ -129,27 +125,29 @@ public class CSRMeta { public static void dump(PKCS10CertificationRequest csr) { Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { - if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { - Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); - GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); - GeneralName[] names = gns.getNames(); - for(int k=0; k < names.length; k++) { - String title = ""; - if(names[k].getTagNo() == GeneralName.dNSName) { - title = "dNSName"; - } else if(names[k].getTagNo() == GeneralName.iPAddress) { - title = "iPAddress"; - // Deprecated, but I don't see anything better to use. - names[k].toASN1Object(); - } else if(names[k].getTagNo() == GeneralName.otherName) { - title = "otherName"; - } else if(names[k].getTagNo() == GeneralName.rfc822Name) { - title = "email"; - } + if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { + continue; + } + + Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); + GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); + GeneralName[] names = gns.getNames(); + for(int k=0; k < names.length; k++) { + String title = ""; + if(names[k].getTagNo() == GeneralName.dNSName) { + title = "dNSName"; + } else if(names[k].getTagNo() == GeneralName.iPAddress) { + title = "iPAddress"; + // Deprecated, but I don't see anything better to use. + names[k].toASN1Object(); + } else if(names[k].getTagNo() == GeneralName.otherName) { + title = "otherName"; + } else if(names[k].getTagNo() == GeneralName.rfc822Name) { + title = "email"; + } - System.out.println(title + ": "+ names[k].getName()); - } - } + System.out.println(title + ": "+ names[k].getName()); + } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java index 3d865d30..16517c95 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java @@ -97,50 +97,51 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { */ @Override public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException { - if(in.isOK()) { - CertResp cin = in.value; - CertInfo cout = newInstance(API.CERT); - cout.setPrivatekey(cin.privateString()); - String value; - if((value=cin.challenge())!=null) { - cout.setChallenge(value); - } - cout.getCerts().add(cin.asCertString()); - if(cin.trustChain()!=null) { - for(String c : cin.trustChain()) { - if(c!=null) { - cout.getCerts().add(c); - } + if(!in.isOK()) { + return Result.err(in); + } + + CertResp cin = in.value; + CertInfo cout = newInstance(API.CERT); + cout.setPrivatekey(cin.privateString()); + String value; + if((value=cin.challenge())!=null) { + cout.setChallenge(value); + } + cout.getCerts().add(cin.asCertString()); + if(cin.trustChain()!=null) { + for(String c : cin.trustChain()) { + if(c!=null) { + cout.getCerts().add(c); } } - // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup - // Certs in keystore versus Truststore. Separate in Version 2_0 - if(cin.trustCAs()!=null) { - for(String c : cin.trustCAs()) { - if(c!=null) { - cout.getCerts().add(c); - } + } + // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup + // Certs in keystore versus Truststore. Separate in Version 2_0 + if(cin.trustCAs()!=null) { + for(String c : cin.trustCAs()) { + if(c!=null) { + cout.getCerts().add(c); } } - if(cin.notes()!=null) { - boolean first = true; - StringBuilder sb = new StringBuilder(); - for(String n : cin.notes()) { - if(first) { - first = false; - } else { - sb.append('\n'); - } - sb.append(n); + } + if(cin.notes()!=null) { + boolean first = true; + StringBuilder sb = new StringBuilder(); + for(String n : cin.notes()) { + if(first) { + first = false; + } else { + sb.append('\n'); } - cout.setNotes(sb.toString()); + sb.append(n); } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); - cout.setEnv(cin.env()); - return Result.ok(cout); - } else { - return Result.err(in); + cout.setNotes(sb.toString()); } + cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); + cout.setEnv(cin.env()); + return Result.ok(cout); + } @Override @@ -171,9 +172,10 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { CertReq out = new CertReq(); CertmanValidator v = new CertmanValidator(); - v.isNull("CertRequest", req) - .nullOrBlank("MechID", out.mechid=in.getMechid()); - v.nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1); + out.mechid=in.getMechid(); + out.fqdns=in.getFqdns(); + v.isNull("CertRequest", req).nullOrBlank("MechID", out.mechid); + v.nullBlankMin("FQDNs", out.fqdns,1); if(v.err()) { return Result.err(Result.ERR_BadData, v.errs()); } @@ -206,7 +208,7 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { */ @Override public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) { - List<ArtiDAO.Data> ladd = new ArrayList<ArtiDAO.Data>(); + List<ArtiDAO.Data> ladd = new ArrayList<>(); for(Artifact arti : artifacts.getArtifact()) { ArtiDAO.Data data = new ArtiDAO.Data(); data.mechid = arti.getMechid(); @@ -226,10 +228,8 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> { // Derive Optional Data from Machine (Domain) if exists if(data.machine!=null) { - if(data.ca==null) { - if(data.machine.endsWith(".att.com")) { + if(data.ca==null && data.machine.endsWith(".att.com")) { data.ca = "aaf"; // default - } } if(data.ns==null ) { data.ns=FQI.reverseDomain(data.machine); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java index da552aeb..bc9811ba 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java @@ -135,12 +135,12 @@ public class ApprovalForm extends Page { @Override public Cells get(final AuthzTrans trans, final AAF_GUI gui) { final String userParam = trans.get(sUser, null); - ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>(); + ArrayList<AbsCell[]> rv = new ArrayList<>(); String msg = null; TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE); try { - final List<Approval> pendingApprovals = new ArrayList<Approval>(); - final List<Integer> beginIndicesPerApprover = new ArrayList<Integer>(); + final List<Approval> pendingApprovals = new ArrayList<>(); + final List<Integer> beginIndicesPerApprover = new ArrayList<>(); int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException { @@ -150,12 +150,10 @@ public class ApprovalForm extends Page { if(fa.value!=null) { for (Approval appr : fa.value.getApprovals()) { - if (appr.getStatus().equals("pending")) { - if (userParam!=null) { - if (!appr.getUser().equalsIgnoreCase(userParam)) { + if ("pending".equals(appr.getStatus())) { + if (userParam!=null && !appr.getUser().equalsIgnoreCase(userParam)) { numLeft++; continue; - } } pendingApprovals.add(appr); } @@ -178,7 +176,7 @@ public class ApprovalForm extends Page { } }); - if (pendingApprovals.size() > 0) { + if (!pendingApprovals.isEmpty()) { // Only add select all links if we have approvals AbsCell[] selectAllRow = new AbsCell[] { AbsCell.Null, @@ -191,7 +189,7 @@ public class ApprovalForm extends Page { int line=-1; - while (beginIndicesPerApprover.size() > 0) { + while (!beginIndicesPerApprover.isEmpty()) { int beginIndex = beginIndicesPerApprover.remove(0); int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0)); List<Approval> currApproverList = pendingApprovals.subList(beginIndex, endIndex); @@ -243,7 +241,7 @@ public class ApprovalForm extends Page { } else { Identity au = org.getIdentity(trans, user); if(au!=null) { - if(au.type().equals("MECHID")) { + if("MECHID".equals(au.type())) { Identity managedBy = au.responsibleTo(); if(managedBy==null) { title ="title=" + au.type(); @@ -258,12 +256,13 @@ public class ApprovalForm extends Page { title="title=Not a User at " + org.getName(); } } - userCell = new RefCell(prevUser=user, + prevUser=user; + userCell = new RefCell(prevUser, TODO_ILM_INFO+user.substring(0, user.length()-DOMAIN_OF_USER.length()), true, title); } else { - userCell = new TextCell(prevUser=user); + userCell = new TextCell(prevUser); } AbsCell[] sa = new AbsCell[] { userCell, @@ -280,7 +279,7 @@ public class ApprovalForm extends Page { if(numLeft>0) { msg = "After these, there will be " + numLeft + " approvals left to process"; } - if(rv.size()==0) { + if(rv.isEmpty()) { if (numLeft>0) { msg = "No Approvals to process at this time for user " + userParam +". You have " + numLeft + " other approvals to process."; |