diff options
Diffstat (limited to 'auth')
33 files changed, 959 insertions, 24 deletions
diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile index 729a460e..7afe69d8 100644 --- a/auth/docker/Dockerfile +++ b/auth/docker/Dockerfile @@ -15,10 +15,10 @@ COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin -#CMD ["/bin/bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] +CMD ["/bin/bash","-c","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT} >> /opt/app/osaaf/logs/${AAF_COMPONENT}/stdout`date -I` 2>> /opt/app/osaaf/logs/${AAF_COMPONENT}/stderr`date -I`"] # For Debugging installation -CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] +# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] # Java Debugging VM Args # "-Xdebug",\ # "-Xnoagent",\ diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 23fa72f5..23fa72f5 100644..100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index 4c2dd3bf..d83f61c8 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -1,9 +1,6 @@ #!/bin/bash dclean.sh -ORG=onap -PROJECT=aaf -DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.0-SNAPSHOT -./d.props +# Pull in Variables from d.props +. ./d.props if [ "$1" == "" ]; then AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'` diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh index a9a03875..99a88f96 100644 --- a/auth/docker/dpush.sh +++ b/auth/docker/dpush.sh @@ -1,12 +1,8 @@ # # Docker push Script. Reads all the components generated by install, on per-version basis # - -ORG=onap -PROJECT=aaf -DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.0-SNAPSHOT -# TODO add ability to do DEBUG settings +# Pull in Variables from d.props +. ./d.props if ["$1" == ""]; then AAF_COMPONENTS=`ls ../aaf_*HOT/bin | grep -v '\.'` @@ -17,4 +13,4 @@ fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} -done
\ No newline at end of file +done diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 2b5f709a..b4c64d09 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -1,4 +1,5 @@ #!/bin/bash drun.sh +# Pull in Variables from d.props . ./d.props @@ -40,7 +41,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do echo Starting aaf_$AAF_COMPONENT... docker run \ - -d \ + -i \ --name aaf_$AAF_COMPONENT \ --hostname="${AAF_COMPONENT}.aaf.osaaf.org" \ --add-host="$HOSTNAME:$HOST_IP" \ diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh index ac8ffd06..41aa6a45 100644 --- a/auth/docker/dstart.sh +++ b/auth/docker/dstart.sh @@ -1,9 +1,6 @@ #!/bin/bash dstop.sh -ORG=onap -PROJECT=aaf -DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.0-SNAPSHOT -./d.props +# Pull in Props +. ./d.props if [ "$1" == "" ]; then AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'` diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh index 6105a00b..58ac0bf7 100644 --- a/auth/docker/dstop.sh +++ b/auth/docker/dstop.sh @@ -1,8 +1,5 @@ #!/bin/bash dstop.sh -ORG=onap -PROJECT=aaf -DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.0-SNAPSHOT +# Pull in Properties . ./d.props if [ "$1" == "" ]; then diff --git a/auth/sample/backup/backup.sh b/auth/sample/backup/backup.sh new file mode 100644 index 00000000..1359d3de --- /dev/null +++ b/auth/sample/backup/backup.sh @@ -0,0 +1,32 @@ +# BEGIN Store prev +BD=/opt/app/osaaf/backup +if [ -e "$BD/6day" ]; then + rm -Rf $BD/6day +fi + +PREV=$BD/6day +for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do + if [ -e "$D" ]; then + mv "$D" "$PREV" + fi + PREV="$D" +done + +if [ -e "$BD/today" ]; then + if [ -e "$BD/backup.log" ]; then + mv $BD/backup.log $BD/today + fi + gzip $BD/today/* + mv $BD/today $BD/yesterday +fi + +mkdir $BD/today + +# END Store prev +date +docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup" +docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh +# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh" +docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh +docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today +date diff --git a/auth/sample/backup/cbackup.sh b/auth/sample/backup/cbackup.sh new file mode 100644 index 00000000..9c91d0c6 --- /dev/null +++ b/auth/sample/backup/cbackup.sh @@ -0,0 +1,8 @@ +cd /opt/app/cass_backup +DATA="ns role perm ns_attrib user_role cred cert x509 delegate approval approved future notify artifact health history" +PWD=cassandra +CQLSH="cqlsh -u cassandra -k authz -p $PWD" +for T in $DATA ; do + echo "Creating $T.dat" + $CQLSH -e "COPY authz.$T TO '$T.dat' WITH DELIMITER='|'" +done diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat new file mode 100644 index 00000000..93bfcdb3 --- /dev/null +++ b/auth/sample/data/identities.dat @@ -0,0 +1,38 @@ +# +# Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +jonathan|Jonathan C Gathman|Jonathan|Gathman|314-550-3312|jonathan.gathman@att.com|e| +clefevre|Catherine LeFevre|Catherine|LeFevre||catherine.lefevre@att.com|e| +ramkoya|Ram Koya|Ram|Koya||ram.koya@att.com|e|clefevre +chris|Chris Varner|Chris|Varner|469-375-0774|chris.varner@att.com|c|anne +ian|Ian Howell|Ian|Howell|314-450-2782|ian.howell@att.com|e|jonathan +gabe|Gabe B Maurer|Gabe|Maurer|314-962-9579|gabe.maurer@att.com|e|jonathan +sai|Sai Gandham|Sai|Gandham|424-265-9959|sai.gandham@att.com|c|anne +anne|Anne E Kopp|Anne|Kopp|512-244-4280|anne.e.kopp@att.com|e|jonathan +a2345z|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan +aaf_authz|AAF App|AAF|Application||jonathan.gathman@att.com|a|jonathan +kirankamieni|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|ramkoya +aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirankamieni +djtimoney|Dan Timoney|Dan|Timoney|+1 (732) 420-3226|dt5972@att.com|e|ramkoya +xuegao|Xue Gao|Xue|Gao|0032479670327|xg353y@att.com|e|clefevre +clamp|Clamp Application|clamp|Application||xg353y@att.com|a|xuegao +dmaapbc|DMaap Bus Controller|DMaap|Bus Controller||dgl@research.att.com|a|dgfromatt +dglfromatt|Dominic Lunanuova|Dominic|Lunanuova|732-420-9618|dgl@research.att.com|e|ramokoya +puthenpura|Sarat Puthenpura|Sarat|Puthenpura|||e|clefevre +ruoyu|Ruoyu Ying|Ruoyu|Ying|13661960772|ruoyu.ying@intel.com|e|puthenpura + diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat new file mode 100644 index 00000000..39d18a12 --- /dev/null +++ b/auth/sample/data/sample.identities.dat @@ -0,0 +1,27 @@ +# +# Sample Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +# + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/auth/sample/etc/org.osaaf.cm.props b/auth/sample/etc/org.osaaf.cm.props new file mode 100644 index 00000000..da5ea872 --- /dev/null +++ b/auth/sample/etc/org.osaaf.cm.props @@ -0,0 +1,14 @@ +## +## org.osaaf.cm.props +## AAF Certificate Manager properties +## Note: Link to CA Properties in "local" dir +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props +aaf_component=AAF_NS.cm:2.1.0.0 +port=8150 + +#Certman +cm_public_dir=/opt/app/osaaf/public +cm_trust_cas=AAF_RootCA.cer + + diff --git a/auth/sample/etc/org.osaaf.common.props b/auth/sample/etc/org.osaaf.common.props new file mode 100644 index 00000000..e1477468 --- /dev/null +++ b/auth/sample/etc/org.osaaf.common.props @@ -0,0 +1,30 @@ +############################################################ +# Common properties for all AAF Components +# on 2018-03-02 06:59.628-0500 +############################################################ +# Pull in Global Coordinates and Certificate Information +aaf_root_ns=org.osaaf.aaf +aaf_trust_perm=org.osaaf.aaf|org.onap|trust + +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.props +cadi_protocols=TLSv1.1,TLSv1.2 + +aaf_locate_url=https://aaf.osaaf.org +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 +cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login + +# Standard for this App/Machine +aaf_env=DEV +aaf_data_dir=/opt/app/osaaf/data +cadi_loglevel=DEBUG + +# Domain Support (which will accept) +aaf_domain_support=.com:.org + +# Basic Auth +aaf_default_realm=people.osaaf.org + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + diff --git a/auth/sample/etc/org.osaaf.fs.props b/auth/sample/etc/org.osaaf.fs.props new file mode 100644 index 00000000..96d91f9d --- /dev/null +++ b/auth/sample/etc/org.osaaf.fs.props @@ -0,0 +1,10 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props +aaf_component=AAF_NS.fs:2.1.0.0 +port=8096 + + +aaf_public_dir=/opt/app/osaaf/public diff --git a/auth/sample/etc/org.osaaf.gui.props b/auth/sample/etc/org.osaaf.gui.props new file mode 100644 index 00000000..f1a2770d --- /dev/null +++ b/auth/sample/etc/org.osaaf.gui.props @@ -0,0 +1,30 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +aaf_component=AAF_NS.gui:2.1.0.0 +port=8200 + +aaf_gui_title=AAF +aaf_gui_copyright=(c) 2018 AT&T Intellectual Property. All rights reserved. +aaf_gui_theme=theme/onap +cadi_loginpage_url=https://AAF_LOCATE_URL/com.att.aaf.gui:2.0/login + +# GUI URLS and Help URLS +cm_url=https://aaf.osaaf.org:8150 +gw_url=https://aaf.osaaf.org:8095 +fs_url=http://aaf.osaaf.org:8096 + +aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding +aaf_url.cuigui=https://wiki.web.att.com/display/aaf/Using+the+Command+Prompt + +aaf_url.aaf_help=https://wiki.onap.org/display/DW/Application+Authorization+Framework+Documentation +aaf_url.aaf_help.sub=Bootstrapping+AAF,Installation+Guide +aaf_url.aaf_help.sub.Bootstrapping+AAF=https://wiki.onap.org/display/DW/Bootstrapping+AAF +aaf_url.aaf_help.sub.Installation+Guide=https://wiki.onap.org/display/DW/AAF+Installation+Guide +#aaf_url.cadi_help= +aaf_url.tools=AAF+Projects,AAF+Jira,AAF+Calendar +aaf_url.tool=AAF+Jira=https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF&view=detail&selectedIssue=AAF-134 +aaf_url.tool.AAF+Projects=https://gerrit.onap.org/r/#/admin/projects/?filter=aaf%2F +aaf_url.tool.AAF+Calendar=https://wiki.onap.org/pages/viewpage.action?pageId=6587439 diff --git a/auth/sample/etc/org.osaaf.hello.props b/auth/sample/etc/org.osaaf.hello.props new file mode 100644 index 00000000..9f77986e --- /dev/null +++ b/auth/sample/etc/org.osaaf.hello.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props +aaf_component=AAF_NS.hello:2.1.0.0 +port=8130 + diff --git a/auth/sample/etc/org.osaaf.locate.props b/auth/sample/etc/org.osaaf.locate.props new file mode 100644 index 00000000..d85c735e --- /dev/null +++ b/auth/sample/etc/org.osaaf.locate.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props +aaf_component=AAF_NS.locator:2.1.0.0 +port=8095 + diff --git a/auth/sample/etc/org.osaaf.log4j.props b/auth/sample/etc/org.osaaf.log4j.props new file mode 100644 index 00000000..9f108028 --- /dev/null +++ b/auth/sample/etc/org.osaaf.log4j.props @@ -0,0 +1,51 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender +log4j.appender.INIT.File=${LOG4J_FILENAME_init} +log4j.appender.INIT.DatePattern='.'yyyy-MM-dd +log4j.appender.INIT.layout=org.apache.log4j.PatternLayout +log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n + +log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender +log4j.appender.SRVR.File=${LOG4J_FILENAME_service} +log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd +log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout +log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n + +log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender +log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit} +log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd +log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout +log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n + +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n + +# General Apache libraries +log4j.rootLogger=WARN.SRVR +log4j.logger.org.apache=WARN,SRVR +log4j.logger.com.datastax=WARN,SRVR +log4j.logger.init=INFO,INIT +log4j.logger.service=${LOGGING_LEVEL},SRVR +log4j.logger.audit=INFO,AUDIT +# Additional configs, not cauth with Root Logger +log4j.logger.io.netty=INFO,SRVR +log4j.logger.org.eclipse=INFO,SRVR + + diff --git a/auth/sample/etc/org.osaaf.oauth.props b/auth/sample/etc/org.osaaf.oauth.props new file mode 100644 index 00000000..5be90174 --- /dev/null +++ b/auth/sample/etc/org.osaaf.oauth.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props +aaf_component=AAF_NS.oauth:2.1.0.0 +port=8140 + diff --git a/auth/sample/etc/org.osaaf.orgs.props b/auth/sample/etc/org.osaaf.orgs.props new file mode 100644 index 00000000..66bfd2fa --- /dev/null +++ b/auth/sample/etc/org.osaaf.orgs.props @@ -0,0 +1,11 @@ +# +# Define Organizations for use in some of the components. Not all use them +# +Organization.org.osaaf=org.onap.aaf.org.DefaultOrg +org.osaaf.mailHost=smtp.mail.att.com +org.osaaf.mailFrom=DL-aaf-support@aaf.att.com +org.osaaf.default=true +org.osaaf.also_supports=org.osaaf.people + + + diff --git a/auth/sample/etc/org.osaaf.service.props b/auth/sample/etc/org.osaaf.service.props new file mode 100644 index 00000000..1b4df0e8 --- /dev/null +++ b/auth/sample/etc/org.osaaf.service.props @@ -0,0 +1,8 @@ +## +## org.osaaf.service +## AAF Service Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +aaf_component=AAF_NS.service:2.1.0.0 +port=8100 + diff --git a/auth/sample/local/org.osaaf.aaf.keyfile b/auth/sample/local/org.osaaf.aaf.keyfile new file mode 100644 index 00000000..7206ad93 --- /dev/null +++ b/auth/sample/local/org.osaaf.aaf.keyfile @@ -0,0 +1,27 @@ +rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0 +sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng +tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF +Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz +AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb +yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By +qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL +y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco +6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj +4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz +-KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f +Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC +kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR +PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3 +YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg +yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN +jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_ +biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1 +ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My +c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf +GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE +G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw +BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS +acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d +QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_ +2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im +3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a
\ No newline at end of file diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12 Binary files differnew file mode 100644 index 00000000..08ed3be8 --- /dev/null +++ b/auth/sample/local/org.osaaf.aaf.p12 diff --git a/auth/sample/local/org.osaaf.aaf.trust.p12 b/auth/sample/local/org.osaaf.aaf.trust.p12 Binary files differnew file mode 100644 index 00000000..d01e8569 --- /dev/null +++ b/auth/sample/local/org.osaaf.aaf.trust.p12 diff --git a/auth/sample/local/org.osaaf.cassandra.props b/auth/sample/local/org.osaaf.cassandra.props new file mode 100644 index 00000000..4489a36b --- /dev/null +++ b/auth/sample/local/org.osaaf.cassandra.props @@ -0,0 +1,29 @@ +############################################################ +# Cassandra properties for AAF Components needing +# on 2018-03-02 06:59.628-0500 +############################################################ +# LOCAL Cassandra +cassandra.clusters=cass.aaf.osaaf.org +cassandra.clusters.port=9042 +#need this to be fully qualified name when REAL AAF integration +cassandra.clusters.user=cassandra +cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV + +# Name for exception that has happened in the past +cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" + +# Example Consistency Settings for Clusters with at least instances +#cassandra.writeConsistency.ns=LOCAL_QUORUM +#cassandra.writeConsistency.perm=LOCAL_QUORUM +#cassandra.writeConsistency.role=LOCAL_QUORUM +#cassandra.writeConsistency.user_role=LOCAL_QUORUM +#cassandra.writeConsistency.cred=LOCAL_QUORUM +#cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM + +# Consistency Settings when Single Instance +cassandra.writeConsistency.ns=ONE +cassandra.writeConsistency.perm=ONE +cassandra.writeConsistency.role=ONE +cassandra.writeConsistency.user_role=ONE +cassandra.writeConsistency.cred=ONE +cassandra.writeConsistency.ns_attrib=ONE diff --git a/auth/sample/local/org.osaaf.cm.ca.props b/auth/sample/local/org.osaaf.cm.ca.props new file mode 100644 index 00000000..5293f0bb --- /dev/null +++ b/auth/sample/local/org.osaaf.cm.ca.props @@ -0,0 +1,11 @@ +## +## org.osaaf.cm.ca.props +## Properties to access Certifiate Authority +## + +#Certman +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/intermediate_1.p12;intermediate_1;enc:kieWQoNgaIfCrdoqOTsjDQwIp8V1NM4mLgDW3X1g8oyOhBQ-aOmdo12kvL_AMs6u +cm_ca.local.idDomains=org.osaaf +cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US +cm_ca.local.perm_type=org.osaaf.aaf.ca + diff --git a/auth/sample/local/org.osaaf.location.props b/auth/sample/local/org.osaaf.location.props new file mode 100644 index 00000000..d6d04ef4 --- /dev/null +++ b/auth/sample/local/org.osaaf.location.props @@ -0,0 +1,12 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org +cadi_trust_masks=10.12.6/24 + diff --git a/auth/sample/local/org.osaaf.props b/auth/sample/local/org.osaaf.props new file mode 100644 index 00000000..5ae86c34 --- /dev/null +++ b/auth/sample/local/org.osaaf.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by jg1555 +# on 2018-02-21T10:28:08.909-0600 +# @copyright 2016, AT&T +############################################################ +cm_url=https://aaf.osaaf.org:8150 +#hostname=aaf.osaaf.org +aaf_env=DEV +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile +cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 +cadi_keystore_password=enc:4L1xY_7mYTuk57SPWZetza5WlgBUYBe8pbT1-AWKO1-5PAbSTynQEc5TU7ZeomfN +#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> +cadi_alias=a2345z@aaf.osaaf.org +cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12 +cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np diff --git a/auth/sample/public/AAF_RootCA.cer b/auth/sample/public/AAF_RootCA.cer new file mode 100644 index 00000000..e9a50d7e --- /dev/null +++ b/auth/sample/public/AAF_RootCA.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/auth/sample/public/aaf_2_0.xsd b/auth/sample/public/aaf_2_0.xsd new file mode 100644 index 00000000..59d4331b --- /dev/null +++ b/auth/sample/public/aaf_2_0.xsd @@ -0,0 +1,527 @@ +<!-- Used by AAF (ATT inc 2013) --> +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:aaf="urn:aaf:v2_0" + targetNamespace="urn:aaf:v2_0" + elementFormDefault="qualified"> + +<!-- + June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes. + + Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that + with Query Params. + + Eliminate in 3.0 + --> +<!-- + Errors + Note: This Error Structure has been made to conform to the AT&T TSS Policies + --> + <xs:element name="error"> + <xs:complexType> + <xs:sequence> + <!-- + Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is + either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception. + Exception numbers may be in the range of 0001 to 9999 where : + * 0001 to 0199 are reserved for common exception messages + * 0200 to 0999 are reserved for Parlay Web Services specification use + * 1000-9999 are available for exceptions + --> + <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/> + + <!-- + Message text, with replacement + variables marked with %n, where n is + an index into the list of <variables> + elements, starting at 1 + --> + <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/> + + <!-- + List of zero or more strings that + represent the contents of the variables + used by the message text. --> + <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Requests + --> + <xs:complexType name="Request"> + <xs:sequence> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> + <!-- Deprecated. Use Query Command + <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/> + --> + </xs:sequence> + </xs:complexType> + +<!-- + Keys + --> + <xs:element name="keys"> + <xs:complexType> + <xs:sequence> + <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + +<!-- + Permissions +--> + <xs:complexType name = "pkey"> + <xs:sequence> + <xs:element name="type" type="xs:string"/> + <xs:element name="instance" type="xs:string"/> + <xs:element name="action" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="permKey"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:pkey" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="perm"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:pkey"> + <xs:sequence> + <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- This data not filled in unless Requested --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="perms"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="permRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="type" type="xs:string"/> + <xs:element name="instance" type="xs:string"/> + <xs:element name="action" type="xs:string"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + +<!-- + Roles +--> + <xs:complexType name="rkey"> + <xs:sequence> + <xs:element name="name" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="roleKey"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:rkey" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="role"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:rkey"> + <xs:sequence> + <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- This data not filled in unless Requested --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="roles"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="roleRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <!-- Added userRole return types jg1555 9/16/2015 --> + <xs:element name="userRole"> + <xs:complexType> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- Added userRoles return types jg1555 9/16/2015 --> + <xs:element name="userRoles"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="userRoleRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="rolePermRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="nsRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Note: dec 11, 2015. Request-able NS Type JG --> + <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/> + + <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions + <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/> + + + <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + + --> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="nsAttribRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name = "nss"> + <xs:complexType> + <xs:sequence> + <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG --> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Users +--> + <xs:element name="users"> + <xs:complexType> + <xs:sequence> + <xs:element name="user" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> + <!-- Changed type to dateTime, because of importance of Certs --> + <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <!-- need to differentiate User Cred Types, jg1555 5/20/2015 + This Return Object is shared by multiple functions: + Type is not returned for "UserRole", but only "Cred" + --> + <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Certs + Added jg1555 5/20/2015 to support identifying Certificate based Services + --> + <xs:element name="certs"> + <xs:complexType> + <xs:sequence> + <xs:element name="cert" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Credentials +--> + <xs:element name="credRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="id" type="xs:string"/> + <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/> + <xs:choice > + <xs:element name="password" type="xs:string" /> + <xs:element name="entry" type="xs:string" /> + </xs:choice> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + +<!-- + Multi Request + --> + + <xs:element name="multiRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/> + <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + +<!-- + History + --> + <xs:element name="history"> + <xs:complexType> + <xs:sequence> + <xs:element name="item" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> + <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Approvals + --> + <xs:complexType name="approval"> + <xs:sequence> + <!-- Note, id is set by system --> + <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="ticket" type="xs:string"/> + <xs:element name="user" type="xs:string"/> + <xs:element name="approver" type="xs:string"/> + <xs:element name="type" type="xs:string"/> + <xs:element name="memo" type="xs:string"/> + <xs:element name="updated" type="xs:dateTime"/> + <xs:element name="status"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="approve"/> + <xs:enumeration value="reject"/> + <xs:enumeration value="pending"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="operation"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="C"/> + <xs:enumeration value="U"/> + <xs:enumeration value="D"/> + <xs:enumeration value="G"/> + <xs:enumeration value="UG"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="approvals"> + <xs:complexType> + <xs:sequence> + <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Delegates +--> + <xs:complexType name="delg"> + <xs:sequence> + <xs:element name="user" type="xs:string"/> + <xs:element name="delegate" type="xs:string"/> + <xs:element name="expires" type="xs:date"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="delgRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="delgs"> + <xs:complexType> + <xs:sequence> + <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- jg 3/11/2015 New for 2.0.8 --> + <xs:element name="api"> + <xs:complexType> + <xs:sequence> + <xs:element name="route" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema>
\ No newline at end of file diff --git a/auth/sample/public/iframe_denied_test.html b/auth/sample/public/iframe_denied_test.html new file mode 100644 index 00000000..613e9c70 --- /dev/null +++ b/auth/sample/public/iframe_denied_test.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<html> +<body> + +<iframe src="https://mithrilcsp.sbc.com:8095/gui/home"> + <p>Your browser does not support iframes.</p> +</iframe> + +</body> +</html> diff --git a/auth/sample/public/truststoreONAP.p12 b/auth/sample/public/truststoreONAP.p12 Binary files differnew file mode 100644 index 00000000..d01e8569 --- /dev/null +++ b/auth/sample/public/truststoreONAP.p12 diff --git a/auth/sample/public/truststoreONAPall.jks b/auth/sample/public/truststoreONAPall.jks Binary files differnew file mode 100644 index 00000000..ff844b10 --- /dev/null +++ b/auth/sample/public/truststoreONAPall.jks |