summaryrefslogtreecommitdiffstats
path: root/cadi/core/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'cadi/core/src/main')
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java71
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java83
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java37
4 files changed, 136 insertions, 59 deletions
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index bbc3086a..2fe5f41c 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -37,6 +37,7 @@ import java.util.Properties;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.SecurityInfo;
+import org.onap.aaf.cadi.util.Split;
public class PropAccess implements Access {
// Sonar says cannot be static... it's ok. not too many PropAccesses created.
@@ -119,13 +120,21 @@ public class PropAccess implements Access {
props.putAll(p);
}
- // Third, load any Chained Property Files
- load(props.getProperty(Config.CADI_PROP_FILES));
-
+ // Preset LogLevel
String sLevel = props.getProperty(Config.CADI_LOGLEVEL);
if (sLevel!=null) {
level=Level.valueOf(sLevel).maskOf();
}
+
+ // Third, load any Chained Property Files
+ load(props.getProperty(Config.CADI_PROP_FILES));
+
+ if(sLevel==null) { // if LogLev wasn't set before, check again after Chained Load
+ sLevel = props.getProperty(Config.CADI_LOGLEVEL);
+ if (sLevel!=null) {
+ level=Level.valueOf(sLevel).maskOf();
+ }
+ }
// Setup local Symmetrical key encryption
if (symm==null) {
try {
@@ -139,52 +148,41 @@ public class PropAccess implements Access {
name = props.getProperty(Config.CADI_LOGNAME, name);
- specialConversions();
+ SecurityInfo.setHTTPProtocols(this);
}
- private void specialConversions() {
- // Critical - if no Security Protocols set, then set it. We'll just get messed up if not
- if (props.get(Config.CADI_PROTOCOLS)==null) {
- props.setProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT);
- }
-
- Object temp;
- temp=props.get(Config.CADI_PROTOCOLS);
- if (props.get(Config.HTTPS_PROTOCOLS)==null && temp!=null) {
- props.put(Config.HTTPS_PROTOCOLS, temp);
- }
-
- if (temp!=null) {
- if ("1.7".equals(System.getProperty("java.specification.version"))
- && (temp==null || (temp instanceof String && ((String)temp).contains("TLSv1.2")))) {
- System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT);
- }
- }
- }
-
private void load(String cadi_prop_files) {
if (cadi_prop_files==null) {
return;
}
String prevKeyFile = props.getProperty(Config.CADI_KEYFILE);
- int prev = 0, end = cadi_prop_files.length();
- int idx;
- String filename;
- while (prev<end) {
- idx = cadi_prop_files.indexOf(File.pathSeparatorChar,prev);
- if (idx<0) {
- idx = end;
- }
- File file = new File(filename=cadi_prop_files.substring(prev,idx));
+
+
+ for(String filename : Split.splitTrim(File.pathSeparatorChar, cadi_prop_files)) {
+ Properties fileProps = new Properties();
+ File file = new File(filename);
if (file.exists()) {
printf(Level.INIT,"Loading CADI Properties from %s",file.getAbsolutePath());
try {
FileInputStream fis = new FileInputStream(file);
try {
- props.load(fis);
+ fileProps.load(fis);
+ // Only load props from recursion which are not already in props
+ // meaning top Property file takes precedence
+ for(Entry<Object, Object> es : fileProps.entrySet()) {
+ if(props.get(es.getKey())==null) {
+ String key = es.getKey().toString();
+ String value = es.getValue().toString();
+ props.put(key, value);
+ if(key.contains("pass")) {
+ value = "XXXXXXX";
+ }
+ printf(Level.DEBUG," %s=%s",key,value);
+ }
+ }
// Recursively Load
- String chainProp = props.getProperty(Config.CADI_PROP_FILES);
+ String chainProp = fileProps.getProperty(Config.CADI_PROP_FILES);
if (chainProp!=null) {
if (recursionProtection==null) {
recursionProtection = new ArrayList<>();
@@ -204,7 +202,6 @@ public class PropAccess implements Access {
} else {
printf(Level.WARN,"Warning: recursive CADI Property %s does not exist",file.getAbsolutePath());
}
- prev = idx+1;
}
// Trim
@@ -244,8 +241,6 @@ public class PropAccess implements Access {
printf(Level.ERROR,"%s=%s is an Invalid Log Level",Config.CADI_LOGLEVEL,loglevel);
}
}
-
- specialConversions();
}
@Override
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 62623fb8..26305e91 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -92,6 +92,7 @@ public class Config {
public static final String CADI_KEYSTORE = "cadi_keystore";
public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password";
public static final String CADI_ALIAS = "cadi_alias";
+ public static final String CADI_CLIENT_ALIAS = "cadi_client_alias";
public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url";
public static final String CADI_LATITUDE = "cadi_latitude";
public static final String CADI_LONGITUDE = "cadi_longitude";
@@ -120,8 +121,9 @@ public class Config {
public static final String CADI_TOKEN_DIR = "cadi_token_dir";
public static final String HTTPS_PROTOCOLS = "https.protocols";
- public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols";
+ public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
+ public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,"
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
index e3eb34be..285c45ec 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
@@ -53,20 +53,23 @@ import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.util.MaskFormatException;
import org.onap.aaf.cadi.util.NetMask;
+import org.onap.aaf.cadi.util.Split;
public class SecurityInfo {
- private static final String SECURITY_ALGO = "RSA";
+ private static final String SECURITY_ALGO = "RSA";
private static final String HTTPS_PROTOCOLS = "https.protocols";
private static final String JDK_TLS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
+ private static final String INITIALIZING_ERR_FMT = "Error initializing %s: %s";
+ private static final String LOADED_FROM_CADI_PROPERTIES = "%s loaded from CADI Properties";
+ private static final String LOADED_FROM_SYSTEM_PROPERTIES = "%s loaded from System Properties";
- public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
- public static final String REGEX_COMMA = "\\s*,\\s*";
public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM;
private SSLSocketFactory socketFactory;
private X509KeyManager[] x509KeyManager;
private X509TrustManager[] x509TrustManager;
public final String defaultAlias;
+ public final String defaultClientAlias;
private NetMask[] trustMasks;
private SSLContext context;
private HostnameVerifier maskHV;
@@ -83,37 +86,81 @@ public class SecurityInfo {
public SecurityInfo(final Access access) throws CadiException {
+ String msgHelp = "";
try {
this.access = access;
// reuse DME2 Properties for convenience if specific Properties don't exist
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"Keystore", access.getProperty(Config.CADI_KEYSTORE, ""));
initializeKeyManager();
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"Truststore", access.getProperty(Config.CADI_TRUSTSTORE, ""));
initializeTrustManager();
- defaultAlias = access.getProperty(Config.CADI_ALIAS, null);
+ String str = access.getProperty(Config.CADI_ALIAS, null);
+ if(str==null || str.isEmpty()) {
+ defaultAlias = null;
+ } else {
+ defaultAlias = str;
+ }
+
+ str = access.getProperty(Config.CADI_CLIENT_ALIAS, null);
+ if(str==null) {
+ defaultClientAlias = defaultAlias;
+ } else if(str.isEmpty()) {
+ // intentionally off, i.e. cadi_client_alias=
+ defaultClientAlias = null;
+ } else {
+ defaultClientAlias = str;
+ }
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"Trustmasks", access.getProperty(Config.CADI_TRUST_MASKS, ""));
initializeTrustMasks();
- String httpsProtocols = Config.logProp(access, Config.CADI_PROTOCOLS,
- access.getProperty(HTTPS_PROTOCOLS, HTTPS_PROTOCOLS_DEFAULT)
- );
- System.setProperty(HTTPS_PROTOCOLS, httpsProtocols);
- System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsProtocols);
- if ("1.7".equals(System.getProperty("java.specification.version")) && httpsProtocols.contains("TLSv1.2")) {
- System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT);
- }
-
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"HTTP Protocols", "access properties");
+ setHTTPProtocols(access);
+
+ msgHelp = String.format(INITIALIZING_ERR_FMT,"Context", "TLS");
context = SSLContext.getInstance("TLS");
context.init(x509KeyManager, x509TrustManager, null);
SSLContext.setDefault(context);
socketFactory = context.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException | CertificateException | UnrecoverableKeyException | IOException e) {
- throw new CadiException(e);
+ throw new CadiException(msgHelp,e);
}
}
- /**
+ public static void setHTTPProtocols(Access access) {
+ String httpsProtocols = System.getProperty(Config.HTTPS_PROTOCOLS);
+ if(httpsProtocols!=null) {
+ access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, HTTPS_PROTOCOLS);
+ } else {
+ httpsProtocols = access.getProperty(Config.HTTPS_PROTOCOLS,null);
+ if(httpsProtocols!=null) {
+ access.printf(Level.INIT, LOADED_FROM_CADI_PROPERTIES, HTTPS_PROTOCOLS);
+ } else {
+ httpsProtocols = access.getProperty(HTTPS_PROTOCOLS, Config.HTTPS_PROTOCOLS_DEFAULT);
+ access.printf(Level.INIT, "%s set by %s in CADI Properties",Config.HTTPS_PROTOCOLS,Config.CADI_PROTOCOLS);
+ }
+ // This needs to be set when people do not.
+ System.setProperty(HTTPS_PROTOCOLS, httpsProtocols);
+ }
+ String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null);
+ if(httpsClientProtocols!=null) {
+ access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, JDK_TLS_CLIENT_PROTOCOLS);
+ } else {
+ httpsClientProtocols = access.getProperty(Config.HTTPS_CLIENT_PROTOCOLS, null);
+ if(httpsClientProtocols!=null) {
+ access.printf(Level.INIT, LOADED_FROM_CADI_PROPERTIES, Config.HTTPS_CLIENT_PROTOCOLS);
+ } else {
+ httpsClientProtocols = Config.HTTPS_PROTOCOLS_DEFAULT;
+ access.printf(Level.INIT, "%s set from %s",Config.HTTPS_CLIENT_PROTOCOLS, "Default Protocols");
+ }
+ System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsClientProtocols);
+ }
+ }
+
+ /**
* @return the scf
*/
public SSLSocketFactory getSSLSocketFactory() {
@@ -172,7 +219,7 @@ public class SecurityInfo {
ArrayList<X509KeyManager> keyManagers = new ArrayList<>();
File file;
- for (String ksname : keyStore.split(REGEX_COMMA)) {
+ for (String ksname : Split.splitTrim(',', keyStore)) {
String keystoreFormat;
if (ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) {
keystoreFormat = "PKCS12";
@@ -214,7 +261,7 @@ public class SecurityInfo {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM);
File file;
- for (String trustStoreName : trustStore.split(REGEX_COMMA)) {
+ for (String trustStoreName : Split.splitTrim(',',trustStore)) {
file = new File(trustStoreName);
if (file.exists()) {
FileInputStream fis = new FileInputStream(file);
@@ -250,7 +297,7 @@ public class SecurityInfo {
}
access.log(Level.INIT, "Explicitly accepting valid X509s from", tips);
- String[] ipsplit = tips.split(REGEX_COMMA);
+ String[] ipsplit = Split.splitTrim(',', tips);
trustMasks = new NetMask[ipsplit.length];
for (int i = 0; i < ipsplit.length; ++i) {
try {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java
index a3958878..1d60ae58 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/CSV.java
@@ -31,8 +31,8 @@ import java.util.ArrayList;
import java.util.List;
import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.CadiException;
/**
* Read CSV file for various purposes
@@ -156,11 +156,44 @@ public class CSV {
return new Writer(append);
}
- public class Writer {
+ public interface RowSetter {
+ public void row(Object ... objs);
+ }
+
+ public static class Saver implements RowSetter {
+ List<String> ls= new ArrayList<>();
+
+ @Override
+ public void row(Object ... objs) {
+ if(objs.length>0) {
+ for(Object o : objs) {
+ if(o != null) {
+ if(o instanceof String[]) {
+ for(String str : (String[])o) {
+ ls.add(str);
+ }
+ } else {
+ ls.add(o.toString());
+ }
+ }
+ }
+ }
+ }
+
+ public List<String> asList() {
+ List<String> rv = ls;
+ ls = new ArrayList<>();
+ return rv;
+ }
+ }
+
+ public class Writer implements RowSetter {
private PrintStream ps;
private Writer(final boolean append) throws FileNotFoundException {
ps = new PrintStream(new FileOutputStream(csv,append));
}
+
+ @Override
public void row(Object ... objs) {
if(objs.length>0) {
boolean first = true;