summaryrefslogtreecommitdiffstats
path: root/cadi
diff options
context:
space:
mode:
Diffstat (limited to 'cadi')
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java95
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java33
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java25
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java23
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java18
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java9
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java44
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java211
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java8
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactOnStream.java8
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java45
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java9
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java57
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java6
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java44
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java3
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java23
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java10
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java2
-rw-r--r--cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java6
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java15
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java23
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java2
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java4
-rw-r--r--cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java10
-rw-r--r--cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java4
35 files changed, 479 insertions, 289 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
index 3b783949..c4ca8082 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
import java.util.List;
import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.misc.env.util.Split;
/**
* A Class that understands the AAF format of Permission (name/type/action)
@@ -35,7 +36,7 @@ import org.onap.aaf.cadi.Permission;
*/
public class AAFPermission implements Permission {
private static final List<String> NO_ROLES;
- protected String type,instance,action,key;
+ protected String ns,type,instance,action,key;
private List<String> roles;
static {
@@ -44,19 +45,30 @@ public class AAFPermission implements Permission {
protected AAFPermission() {roles=NO_ROLES;}
- public AAFPermission(String type, String instance, String action) {
- this.type = type;
+ public AAFPermission(String ns, String name, String instance, String action) {
+ this.ns = ns;
+ type = name;
this.instance = instance;
this.action = action;
- key = type + '|' + instance + '|' + action;
+ if(ns==null) {
+ key = type + '|' + instance + '|' + action;
+ } else {
+ key = ns + '|' + type + '|' + instance + '|' + action;
+ }
this.roles = NO_ROLES;
}
- public AAFPermission(String type, String instance, String action, List<String> roles) {
- this.type = type;
+
+ public AAFPermission(String ns, String name, String instance, String action, List<String> roles) {
+ this.ns = ns;
+ type = name;
this.instance = instance;
this.action = action;
- key = type + '|' + instance + '|' + action;
+ if(ns==null) {
+ key = type + '|' + instance + '|' + action;
+ } else {
+ key = ns + '|' + type + '|' + instance + '|' + action;
+ }
this.roles = roles==null?NO_ROLES:roles;
}
@@ -71,6 +83,7 @@ public class AAFPermission implements Permission {
* If you want a simple field comparison, it is faster without REGEX
*/
public boolean match(Permission p) {
+ String aafNS;
String aafType;
String aafInstance;
String aafAction;
@@ -79,24 +92,68 @@ public class AAFPermission implements Permission {
// Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
// Current solution is only allow direct match on Type.
// 8/28/2014 Jonathan - added REGEX ability
- aafType = ap.getName();
+ aafNS = ap.getNS();
+ aafType = ap.getType();
aafInstance = ap.getInstance();
aafAction = ap.getAction();
} else {
- // Permission is concatenated together: separated by |
- String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);
- aafType = aaf[0];
- aafInstance = (aaf.length > 1) ? aaf[1] : "*";
- aafAction = (aaf.length > 2) ? aaf[2] : "*";
+ // Permission is concatenated together: separated by
+ String[] aaf = Split.splitTrim('|', p.getKey());
+ switch(aaf.length) {
+ case 1:
+ aafNS = aaf[0];
+ aafType="";
+ aafInstance = aafAction = "*";
+ break;
+ case 2:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aafAction = "*";
+ break;
+ case 3:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = "*";
+ break;
+ default:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = aaf[3];
+ break;
+ }
}
- return ((type.equals(aafType)) &&
- (PermEval.evalInstance(instance, aafInstance)) &&
- (PermEval.evalAction(action, aafAction)));
+ boolean typeMatches;
+ if(aafNS==null) {
+ if(ns==null) {
+ typeMatches = aafType.equals(type);
+ } else {
+ typeMatches = aafType.equals(ns+'.'+type);
+ }
+ } else if(ns==null) {
+ typeMatches = type.equals(aafNS+'.'+aafType);
+ } else if(aafNS.length() == ns.length()) {
+ typeMatches = aafNS.equals(ns) && aafType.equals(type);
+ } else { // Allow for restructuring of NS/Perm structure
+ typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type);
+ }
+ return (typeMatches &&
+ PermEval.evalInstance(instance, aafInstance) &&
+ PermEval.evalAction(action, aafAction));
+ }
+
+ public String getNS() {
+ return ns;
}
- public String getName() {
+ public String getType() {
return type;
}
+
+ public String getFullType() {
+ return ns + '.' + type;
+ }
public String getInstance() {
return instance;
@@ -121,7 +178,9 @@ public class AAFPermission implements Permission {
return roles;
}
public String toString() {
- return "AAFPermission:\n\tType: " + type +
+ return "AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java
new file mode 100644
index 00000000..5aa4dbc5
--- /dev/null
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java
@@ -0,0 +1,33 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.cadi.aaf;
+
+public interface Defaults {
+ public static String AAF_VERSION = "2.1";
+ public static String AAF_NS = "AAF_NS";
+ public static String AAF_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".service:" + AAF_VERSION;
+ public static String GUI_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".gui:" + AAF_VERSION;
+ public static String CM_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".cm:" + AAF_VERSION;
+ public static String FS_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".fs:" + AAF_VERSION;
+ public static String HELLO_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".hello:" + AAF_VERSION;
+ public static String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".token:" + AAF_VERSION;
+ public static String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".introspect:" + AAF_VERSION;
+}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index 35bcc5a9..df2ad4f8 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -55,7 +55,7 @@ public class TestConnectivity {
System.out.println("Usage: ConnectivityTester <cadi_prop_files> [<AAF FQDN (i.e. aaf.dev.att.com)>]");
} else {
print(true,"START OF CONNECTIVITY TESTS",new Date().toString(),System.getProperty("user.name"),
- "Note: All API Calls are /authz/perms/user/<MechID/Alias of the caller>");
+ "Note: All API Calls are /authz/perms/user/<AppID/Alias of the caller>");
if(!args[0].contains(Config.CADI_PROP_FILES+'=')) {
args[0]=Config.CADI_PROP_FILES+'='+args[0];
@@ -79,15 +79,16 @@ public class TestConnectivity {
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
print(true,"Test Connections driven by AAFLocator");
- URI serviceURI = new URI(aaflocate+"/locate/AAF_NS.service:2.0");
+ URI serviceURI = new URI(Defaults.AAF_URL);
for(URI uri : new URI[] {
serviceURI,
- new URI(aaflocate+"/locate/AAF_NS.service:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.locate:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.token:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.certman:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.hello")
+ new URI(Defaults.OAUTH2_TOKEN_URL),
+ new URI(Defaults.OAUTH2_INTROSPECT_URL),
+ new URI(Defaults.CM_URL),
+ new URI(Defaults.GUI_URL),
+ new URI(Defaults.FS_URL),
+ new URI(Defaults.HELLO_URL)
}) {
Locator<URI> locator = new AAFLocator(si, uri);
try {
@@ -105,14 +106,6 @@ public class TestConnectivity {
permTest(locator,ss);
}
- /////////
- // Removed for ONAP
-// print(true,"Test Proxy Access driven by AAFLocator");
-// locator = new AAFLocator(si, new URI(aaflocate+"/AAF_NS.gw:2.0/proxy"));
-// for(SecuritySetter<HttpURLConnection> ss : lss) {
-// permTest(locator,ss);
-// }
-
//////////
print(true,"Test essential BasicAuth Service call, driven by AAFLocator");
for(SecuritySetter<HttpURLConnection> ss : lss) {
@@ -163,7 +156,7 @@ public class TestConnectivity {
String tokenURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL);
String locateURL=access.getProperty(Config.AAF_LOCATE_URL);
if(tokenURL==null || (tokenURL.contains("/locate/") && locateURL!=null)) {
- tokenURL=locateURL+"/locate/AAF_NS.token:2.0/token";
+ tokenURL=Defaults.OAUTH2_TOKEN_URL+"/token";
}
try {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
index 84d23655..a5ef6d14 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
@@ -62,7 +62,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur";
/**
- * Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this
+ * Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this
* point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com".
*
* The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.
@@ -107,12 +107,6 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
protected User<AAFPermission> loadUser(final Principal principal) {
final String name = principal.getName();
-// // Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't
-// // have domains. We are going to make the Transitive Class (see this.transmutative) to convert
-// final Principal tp = principal; //transmutate.mutate(principal);
-// if(tp==null) {
-// return null; // if not a valid Transmutated credential, don't bother calling...
-// }
// TODO Create a dynamic way to declare domains supported.
final long start = System.nanoTime();
final boolean[] success = new boolean[]{false};
@@ -148,7 +142,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
Map<String, Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
for(Perm perm : fp.value.getPerm()) {
- user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ user.add(newMap,new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
if(willLog) {
aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');
}
@@ -197,7 +191,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
Map<String,Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
for(Perm perm : fp.value.getPerm()) {
- user.add(newMap, new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
if(willLog) {
aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
}
@@ -235,10 +229,13 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
@Override
public Permission createPerm(String p) {
String[] params = Split.split('|', p);
- if(params.length==3) {
- return new AAFPermission(params[0],params[1],params[2]);
- } else {
- return new LocalPermission(p);
+ switch(params.length) {
+ case 3:
+ return new AAFPermission(null,params[0],params[1],params[2]);
+ case 4:
+ return new AAFPermission(params[0],params[1],params[2],params[3]);
+ default:
+ return new LocalPermission(p);
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
index 2094948a..bf85beef 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
@@ -55,8 +55,13 @@ public class AAFTrustChecker implements TrustChecker {
AAFPermission temp=null;
if(str!=null) {
String[] sp = Split.splitTrim('|', str);
- if(sp.length==3) {
- temp = new AAFPermission(sp[0],sp[1],sp[2]);
+ switch(sp.length) {
+ case 3:
+ temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+ break;
+ case 4:
+ temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+ break;
}
}
perm=temp;
@@ -69,8 +74,13 @@ public class AAFTrustChecker implements TrustChecker {
AAFPermission temp=null;
if(str!=null) {
String[] sp = Split.splitTrim('|', str);
- if(sp.length==3) {
- temp = new AAFPermission(sp[0],sp[1],sp[2]);
+ switch(sp.length) {
+ case 3:
+ temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+ break;
+ case 4:
+ temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+ break;
}
}
perm=temp;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
index a0706c47..fca23740 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
@@ -32,6 +32,7 @@ import java.util.NoSuchElementException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.config.Config;
@@ -87,6 +88,12 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
latitude = Double.parseDouble(lat);
longitude = Double.parseDouble(lng);
}
+ if(name.startsWith(Defaults.AAF_NS)) {
+ String root_ns = access.getProperty(Config.AAF_ROOT_NS, null);
+ if(root_ns!=null) {
+ name=name.replace(Defaults.AAF_NS, root_ns);
+ }
+ }
if(name.startsWith("http")) { // simple URL
this.name = name;
this.version = Config.AAF_DEFAULT_VERSION;
@@ -261,7 +268,7 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
@Override
public Item best() throws LocatorException {
if(!hasItems()) {
- throw new LocatorException("No Entries found" + (pathInfo==null?"":(" for " + pathInfo)));
+ throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + "/locate/" + name + ':' + version + '\'');
}
List<EP> lep = new ArrayList<>();
EP first = null;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
index 9feeee36..89106cc1 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
@@ -90,7 +90,7 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
protected abstract boolean isCorrectPermType(Permission pond);
// This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
return preemptiveLur.fish(bait, pond);
} else {
@@ -123,20 +123,23 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
user = loadUser(bait);
sb.append("\n\tloadUser called");
}
- if(user==null) {
- sb.append("\n\tUser was not Loaded");
- } else if(user.contains(pond)) {
- sb.append("\n\tUser contains ");
- sb.append(pond.getKey());
- rv = true;
- } else {
- sb.append("\n\tUser does not contain ");
- sb.append(pond.getKey());
- List<Permission> perms = new ArrayList<>();
- user.copyPermsTo(perms);
- for(Permission p : perms) {
- sb.append("\n\t\t");
+ for (Permission p : pond) {
+ if(user==null) {
+ sb.append("\n\tUser was not Loaded");
+ break;
+ } else if(user.contains(p)) {
+ sb.append("\n\tUser contains ");
+ sb.append(p.getKey());
+ rv = true;
+ } else {
+ sb.append("\n\tUser does not contain ");
sb.append(p.getKey());
+ List<Permission> perms = new ArrayList<>();
+ user.copyPermsTo(perms);
+ for(Permission perm : perms) {
+ sb.append("\n\t\t");
+ sb.append(perm.getKey());
+ }
}
}
} else {
@@ -147,14 +150,23 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
aaf.access.log(Level.INFO, sb);
return rv;
} else {
+ boolean rv = false;
if(handles(bait)) {
User<PERM> user = getUser(bait);
if(user==null || user.permsUnloaded() || user.permExpired()) {
user = loadUser(bait);
}
- return user==null?false:user.contains(pond);
+ if(user==null) {
+ return false;
+ } else {
+ for(Permission p : pond) {
+ if(rv=user.contains(p)) {
+ break;
+ }
+ }
+ }
}
- return false;
+ return rv;
}
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index a86649db..ef73adaa 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -35,20 +35,24 @@ import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayDeque;
+import java.util.Arrays;
import java.util.Date;
import java.util.Deque;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
+import java.util.TreeMap;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.CmdLine;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
@@ -85,8 +89,8 @@ public class Agent {
private static final String HASHES = "################################################################";
private static final String PRINT = "print";
private static final String FILE = "file";
- private static final String PKCS12 = "pkcs12";
- private static final String JKS = "jks";
+ public static final String PKCS12 = "pkcs12";
+ public static final String JKS = "jks";
private static final String SCRIPT="script";
private static final String CM_VER = "1.0";
@@ -123,7 +127,7 @@ public class Agent {
AAFSSO aafsso=null;
PropAccess access;
- if(args.length>0 && args[0].equals("validate")) {
+ if(args.length>1 && args[0].equals("validate") ) {
int idx = args[1].indexOf('=');
aafsso = null;
access = new PropAccess(
@@ -325,7 +329,7 @@ public class Agent {
private static String fqi(Deque<String> cmds) {
if(cmds.size()<1) {
String alias = env.getProperty(Config.CADI_ALIAS);
- return alias!=null?alias:AAFSSO.cons.readLine("MechID: ");
+ return alias!=null?alias:AAFSSO.cons.readLine("AppID: ");
}
return cmds.removeFirst();
}
@@ -350,17 +354,17 @@ public class Agent {
}
private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = fqi(cmds);
- String machine = machine(cmds);
+ final String mechID = fqi(cmds);
+ final String machine = machine(cmds);
Artifacts artifacts = new Artifacts();
Artifact arti = new Artifact();
artifacts.getArtifact().add(arti);
- arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: "));
+ arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("AppID: "));
arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));
arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf"));
- String resp = AAFSSO.cons.readLine("Types [file,jks,script] (%s): ", "jks");
+ String resp = AAFSSO.cons.readLine("Types [file,pkcs12,jks,script] (%s): ", PKCS12);
for(String s : Split.splitTrim(',', resp)) {
arti.getType().add(s);
}
@@ -415,7 +419,7 @@ public class Agent {
if(future.get(TIMEOUT)) {
boolean printed = false;
for(Artifact a : future.value.getArtifact()) {
- AAFSSO.cons.printf("MechID: %s\n",a.getMechid());
+ AAFSSO.cons.printf("AppID: %s\n",a.getMechid());
AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor());
AAFSSO.cons.printf("Machine: %s\n",a.getMachine());
AAFSSO.cons.printf("CA: %s\n",a.getCa());
@@ -646,7 +650,7 @@ public class Agent {
// Have to wait for JDK 1.7 source...
//switch(artifact.getType()) {
if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);
+ AAFSSO.cons.printf("No Artifacts found for %s on %s ", mechID, machine);
} else {
String id = aafcon.defID();
boolean allowed;
@@ -656,7 +660,7 @@ public class Agent {
&& aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));
if(!allowed) {
Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" +
- a.getNs() + ".certman|"+a.getCa()+"|showpass","*/*");
+ a.getNs()+"|certman|"+a.getCa()+"|showpass","*/*");
if(pf.get(TIMEOUT)) {
allowed = true;
} else {
@@ -754,7 +758,7 @@ public class Agent {
psProps.print("# Configuration File generated on ");
psProps.println(new Date().toString());
psProps.println(HASHES);
- for(String tag : new String[] {Config.CADI_LATITUDE,Config.CADI_LONGITUDE}) {
+ for(String tag : LOC_TAGS) {
psProps.print(tag);
psProps.print('=');
psProps.println(getProperty(pa, trans, false, tag, "%s: ",tag));
@@ -788,19 +792,15 @@ public class Agent {
if(!fkf.exists()) {
CmdLine.main(new String[] {"keygen",fkf.toString()});
}
- psCredProps.print("cadi_keyfile=");
- psCredProps.println(fkf.getCanonicalPath());
-
- psCredProps.print(Config.AAF_APPID);
- psCredProps.print('=');
- psCredProps.println(fqi);
-
Symm filesymm = Symm.obtain(fkf);
- psCredProps.print(Config.AAF_APPPASS);
- psCredProps.print("=enc:");
- String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false);
- ps = filesymm.enpass(ps);
- psCredProps.println(ps);
+ Map<String,String> normal = new TreeMap<>();
+ Map<String,String> creds = new TreeMap<>();
+
+ directedPut(pa, filesymm, normal,creds, Config.CADI_KEYFILE, fkf.getCanonicalPath());
+ directedPut(pa, filesymm, normal,creds, Config.AAF_APPID,fqi);
+ directedPut(pa, filesymm, normal,creds, Config.AAF_APPPASS,null);
+ directedPut(pa, filesymm, normal,creds, Config.AAF_URL, Defaults.AAF_URL);
+
String cts = pa.getProperty(Config.CADI_TRUSTSTORE);
if(cts!=null) {
@@ -820,7 +820,7 @@ public class Agent {
}
}
if(!origTruststore.exists()) {
- throw new CadiException(cts + "does not exist");
+ throw new CadiException(cts + " does not exist");
}
}
@@ -829,97 +829,73 @@ public class Agent {
if(!newTruststore.exists()) {
Files.copy(origTruststore.toPath(), newTruststore.toPath());
}
- psCredProps.print(Config.CADI_TRUSTSTORE);
- psCredProps.print("=");
- psCredProps.println(newTruststore.getCanonicalPath());
-
- psCredProps.print(Config.CADI_TRUSTSTORE_PASSWORD);
- psCredProps.print("=enc:");
- ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false);
- ps = filesymm.enpass(ps);
- psCredProps.println(ps);
+
+ directedPut(pa, filesymm, normal,creds, Config.CADI_TRUSTSTORE,newTruststore.getCanonicalPath());
+ directedPut(pa, filesymm, normal,creds, Config.CADI_TRUSTSTORE_PASSWORD,null);
}
-// String cadi_x509_issuers = pa.getProperty(Config.CADI_X509_ISSUERS);
-// if(cadi_x509_issuers!=null) {
-// psCredProps.print(Config.CADI_X509_ISSUERS);
-// psCredProps.print('=');
-// psCredProps.println(cadi_x509_issuers);
-// }
-
-
- try {
- if(aafcon!=null) { // get Properties from Remote AAF
- final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: ");
+ if(aafcon!=null) { // get Properties from Remote AAF
+ final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: ");
- Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator))
- .read("/configure/"+fqi+"/aaf", configDF);
- if(acf.get(TIMEOUT)) {
- PrintStream pstemp;
- for(Props props : acf.value.getProps()) {
- if(Config.CADI_X509_ISSUERS.equals(props.getTag())) {
- pstemp=psCredProps;
- } else {
- pstemp = psProps;
- }
- pstemp.print(props.getTag());
- pstemp.print('=');
- pstemp.println(props.getValue());
- }
- ok = true;
- } else if(acf.code()==401){
- trans.error().log("Bad Password sent to AAF");
- } else {
- trans.error().log(errMsg.toMsg(acf));
+ Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator))
+ .read("/configure/"+fqi+"/aaf", configDF);
+ if(acf.get(TIMEOUT)) {
+ for(Props props : acf.value.getProps()) {
+ directedPut(pa, filesymm, normal,creds, props.getTag(),props.getValue());
}
+ ok = true;
+ } else if(acf.code()==401){
+ trans.error().log("Bad Password sent to AAF");
} else {
- String cpf = pa.getProperty(Config.CADI_PROP_FILES);
- if(cpf!=null){
- for(String f : Split.split(File.pathSeparatorChar, cpf)) {
- System.out.format("Reading %s\n",f);
- FileInputStream fis = new FileInputStream(f);
- try {
- Properties props = new Properties();
- props.load(fis);
- PrintStream pstemp;
- String key,value;
- for(Entry<Object, Object> prop : props.entrySet()) {
- key = prop.getKey().toString();
- if(Config.CADI_X509_ISSUERS.equals(key)) {
- pstemp=psCredProps;
- value = prop.getValue().toString();
- } else if(key.endsWith("_password")){
- if(Config.AAF_APPPASS.equals(key) || Config.CADI_TRUSTSTORE_PASSWORD.equals(key)) {
- continue;
- }
- value = "enc:" + filesymm.enpass(prop.getValue().toString());
- pstemp = psCredProps;
- } else if(Config.CADI_TRUSTSTORE.equals(key)) {
- continue;
- } else {
- value = prop.getValue().toString();
- pstemp = psProps;
- }
- pstemp.print(key);
- pstemp.print('=');
- pstemp.println(value);
- }
- } finally {
- fis.close();
+ trans.error().log(errMsg.toMsg(acf));
+ }
+ } else {
+ String cpf = pa.getProperty(Config.CADI_PROP_FILES);
+ if(cpf!=null){
+ for(String f : Split.split(File.pathSeparatorChar, cpf)) {
+ System.out.format("Reading %s\n",f);
+ FileInputStream fis = new FileInputStream(f);
+ try {
+ Properties props = new Properties();
+ props.load(fis);
+ for(Entry<Object, Object> prop : props.entrySet()) {
+ directedPut(pa, filesymm, normal,creds, prop.getKey().toString(),prop.getValue().toString());
}
+ } finally {
+ fis.close();
}
}
- ok = true;
}
- } finally {
- psProps.close();
+ ok = true;
}
if(ok) {
+ for(Entry<String, String> es : normal.entrySet()) {
+ psProps.print(es.getKey());
+ psProps.print('=');
+ psProps.println(es.getValue());
+ }
+
+ for(Entry<String, String> es : creds.entrySet()) {
+ psCredProps.print(es.getKey());
+ psCredProps.print('=');
+ psCredProps.println(es.getValue());
+ }
+
File newFile = new File(dir,rootFile+".props");
+ if(newFile.exists()) {
+ File backup = new File(dir,rootFile+".props.backup");
+ newFile.renameTo(backup);
+ System.out.println("Backed up to " + backup.getCanonicalPath());
+ }
fProps.renameTo(newFile);
System.out.println("Created " + newFile.getCanonicalPath());
fProps = newFile;
+ if(fSecureProps.exists()) {
+ File backup = new File(dir,fSecureProps.getName()+".backup");
+ fSecureProps.renameTo(backup);
+ System.out.println("Backed up to " + backup.getCanonicalPath());
+ }
fSecureTempProps.renameTo(fSecureProps);
System.out.println("Created " + fSecureProps.getCanonicalPath());
fProps = newFile;
@@ -937,7 +913,36 @@ public class Agent {
tt.done();
}
}
+
+ private static List<String> CRED_TAGS = Arrays.asList(new String[] {
+ Config.CADI_KEYFILE,
+ Config.AAF_APPID, Config.AAF_APPPASS,
+ Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD, Config.CADI_KEY_PASSWORD,
+ Config.CADI_TRUSTSTORE,Config.CADI_TRUSTSTORE_PASSWORD,
+ Config.CADI_ALIAS, Config.CADI_X509_ISSUERS
+ });
+
+ private static List<String> LOC_TAGS = Arrays.asList(new String[] {Config.CADI_LATITUDE, Config.CADI_LONGITUDE});
+ private static void directedPut(final PropAccess orig, final Symm symm, final Map<String,String> main, final Map<String,String> secured, final String tag, final String value) throws IOException {
+ if(!LOC_TAGS.contains(tag)) { // Location already covered
+ String val = value==null?orig.getProperty(tag):value;
+ if(tag.endsWith("_password")) {
+ if(val.length()>4) {
+ if(val.startsWith("enc:")) {
+ val = orig.decrypt(val, true);
+ }
+ val = "enc:" + symm.enpass(val);
+ }
+ }
+ if(CRED_TAGS.contains(tag)) {
+ secured.put(tag, val);
+ } else {
+ main.put(tag, val);
+ }
+ }
+ }
+
private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
System.out.println("Validating Configuration...");
final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa));
@@ -1012,13 +1017,13 @@ public class Agent {
String prop;
File f;
- if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||
+ if((prop=trans.getProperty(Config.CADI_KEYFILE))==null ||
!(f=new File(prop)).exists()) {
trans.error().printf("Keyfile must exist to check Certificates for %s on %s",
a.getMechid(), a.getMachine());
} else {
- String ksf = props.getProperty(Config.CADI_KEYSTORE);
- String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+ String ksf = trans.getProperty(Config.CADI_KEYSTORE);
+ String ksps = trans.getProperty(Config.CADI_KEYSTORE_PASSWORD);
if(ksf==null || ksps == null) {
trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",
Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index cb282605..c5413919 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -28,7 +28,6 @@ import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -51,7 +50,7 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
@Override
public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getNs()+'.'+kst);
+ File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
try {
KeyStore jks = KeyStore.getInstance(kst);
if(fks.exists()) {
@@ -118,13 +117,14 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
write(fks,Chmod.to400,jks,keystorePassArray);
// Change out to TrustStore
- fks = new File(dir,arti.getNs()+".trust."+kst);
+ // NOTE: PKCS12 does NOT support Trusted Entries. Put in JKS Always
+ fks = new File(dir,arti.getNs()+".trust.jks");
if(fks.exists()) {
File backup = File.createTempFile(fks.getName()+'.', ".backup",dir);
fks.renameTo(backup);
}
- jks = KeyStore.getInstance(kst);
+ jks = KeyStore.getInstance(Agent.JKS);
// Set Truststore Password
addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactOnStream.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactOnStream.java
index b6aeafe6..92308034 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactOnStream.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactOnStream.java
@@ -37,11 +37,13 @@ public class PlaceArtifactOnStream implements PlaceArtifact {
@Override
public boolean place(Trans trans, CertInfo capi, Artifact a, String machine) {
+ String lineSeparator = System.lineSeparator();
+
if(capi.getNotes()!=null && capi.getNotes().length()>0) {
- trans.info().printf("Warning: %s\n",capi.getNotes());
+ trans.info().printf("Warning: %s" + lineSeparator, capi.getNotes());
}
- out.printf("Challenge: %s\n",capi.getChallenge());
- out.printf("PrivateKey:\n%s\n",capi.getPrivatekey());
+ out.printf("Challenge: %s" + lineSeparator, capi.getChallenge());
+ out.printf("PrivateKey:" + lineSeparator + "%s" + lineSeparator, capi.getPrivatekey());
out.println("Certificate Chain:");
for(String c : capi.getCerts()) {
out.println(c);
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
index 89816a2c..b3fe2947 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
@@ -41,34 +41,37 @@ public class OAuth2Lur implements Lur {
@Override
public Permission createPerm(String p) {
String[] params = Split.split('|', p);
- if(params.length==3) {
- return new AAFPermission(params[0],params[1],params[2]);
- } else {
- return new LocalPermission(p);
+ switch(params.length) {
+ case 3:
+ return new AAFPermission(null,params[0],params[1],params[2]);
+ case 4:
+ return new AAFPermission(params[0],params[1],params[2],params[3]);
+ default:
+ return new LocalPermission(p);
}
}
@Override
- public boolean fish(Principal bait, Permission pond) {
- AAFPermission apond = (AAFPermission)pond;
- OAuth2Principal oap;
+ public boolean fish(Principal bait, Permission ... pond) {
+ boolean rv = false;
+
if(bait instanceof OAuth2Principal) {
- oap = (OAuth2Principal)bait;
- } else {
- // Here is the spot to put in Principal Conversions
- return false;
- }
-
- TokenPerm tp = oap.tokenPerm();
- if(tp==null) {
- } else {
- for(Permission p : tp.perms()) {
- if(p.match(apond)) {
- return true;
+ OAuth2Principal oap = (OAuth2Principal)bait;
+ for (Permission p : pond ) {
+ AAFPermission apond = (AAFPermission)p;
+
+ TokenPerm tp = oap.tokenPerm();
+ if(tp==null) {
+ } else {
+ for(Permission perm : tp.perms()) {
+ if(perm.match(apond)) {
+ return true;
+ }
+ }
}
}
}
- return false;
+ return rv;
}
@Override
@@ -87,7 +90,7 @@ public class OAuth2Lur implements Lur {
}
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
index 2ebd7dc1..e0d6bf0e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
@@ -443,6 +443,11 @@ public class TokenClient {
throw new APIException("Error Decrypting Password",e);
}
}
+
+ if(username!=null) {
+ params.add("username="+username);
+ }
+
break;
case refresh_token:
if(client_id!=null) {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index 28bf6592..e235b681 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -38,6 +38,7 @@ import org.onap.aaf.cadi.Hash;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.config.Config;
@@ -63,10 +64,10 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
if(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, "https://AAF_LOCATE_URL/AAF_NS.token:2.0"); // Default to AAF
+ access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Defaults.OAUTH2_TOKEN_URL); // Default to AAF
}
if(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, "https://AAF_LOCATE_URL/AAF_NS.introspect:2.0"); // Default to AAF);
+ access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
}
symm = Symm.encrypt.obtain();
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
index 5c77fda7..bb33bc76 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
@@ -141,13 +141,16 @@ public class TokenPerm extends Persisting<Introspect>{
// Gathering object for parsing objects, then creating AAF Permission
private static class PermInfo {
- public String type,instance,action;
+ public String ns,type,instance,action;
public void clear() {
- type=instance=action=null;
+ ns=type=instance=action=null;
}
public void eval(Parsed<State> pd) {
if(pd.hasName()) {
switch(pd.name) {
+ case "ns":
+ ns=pd.sb.toString();
+ break;
case "type":
type=pd.sb.toString();
break;
@@ -162,7 +165,7 @@ public class TokenPerm extends Persisting<Introspect>{
}
public AAFPermission create() {
if(type!=null && instance!=null && action !=null) {
- return new AAFPermission(type, instance, action);
+ return new AAFPermission(ns,type, instance, action);
} else {
return null;
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
index 74d88fc2..95dd9a39 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
@@ -22,16 +22,19 @@
package org.onap.aaf.cadi.olur;
import java.security.Principal;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Result;
+import org.onap.aaf.cadi.lur.LocalPermission;
import org.onap.aaf.cadi.oauth.AbsOTafLur;
import org.onap.aaf.cadi.oauth.OAuth2Principal;
import org.onap.aaf.cadi.oauth.TimedToken;
@@ -39,8 +42,8 @@ import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenPerm;
import org.onap.aaf.cadi.principal.Kind;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.util.Split;
import org.onap.aaf.misc.env.util.Pool.Pooled;
+import org.onap.aaf.misc.env.util.Split;
public class OLur extends AbsOTafLur implements Lur {
public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
@@ -51,7 +54,7 @@ public class OLur extends AbsOTafLur implements Lur {
* @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
*/
@Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
TokenPerm tp;
if(bait instanceof OAuth2Principal) {
OAuth2Principal oa2p = (OAuth2Principal)bait;
@@ -66,7 +69,17 @@ public class OLur extends AbsOTafLur implements Lur {
try {
TokenClient tc = tcp.content;
tc.username(bait.getName());
- Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope());
+ Set<String> scopeSet = new HashSet<>();
+ scopeSet.add(tc.defaultScope());
+ AAFPermission ap;
+ for (Permission p : pond) {
+ ap = (AAFPermission)p;
+ scopeSet.add(ap.getNS());
+ }
+ String[] scopes = new String[scopeSet.size()];
+ scopeSet.toArray(scopes);
+
+ Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
if(rtt.isOK()) {
Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
if(rtp.isOK()) {
@@ -77,9 +90,11 @@ public class OLur extends AbsOTafLur implements Lur {
tcp.done();
}
} catch (APIException | LocatorException | CadiException e) {
- access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage());
+ access.log(e, "Unable to Get a Token");
}
}
+
+ boolean rv = false;
if(tp!=null) {
if(tkMgr.access.willLog(Level.DEBUG)) {
StringBuilder sb = new StringBuilder("AAF Permissions for user ");
@@ -87,8 +102,10 @@ public class OLur extends AbsOTafLur implements Lur {
sb.append(", from token ");
sb.append(tp.get().getAccessToken());
for (AAFPermission p : tp.perms()) {
- sb.append("\n\t");
- sb.append(p.getName());
+ sb.append("\n\t[");
+ sb.append(p.getNS());
+ sb.append(']');
+ sb.append(p.getType());
sb.append('|');
sb.append(p.getInstance());
sb.append('|');
@@ -97,13 +114,18 @@ public class OLur extends AbsOTafLur implements Lur {
sb.append('\n');
access.log(Level.DEBUG, sb);
}
- for (AAFPermission p : tp.perms()) {
- if (p.match(pond)) {
- return true;
+ for (Permission p : pond) {
+ if(rv) {
+ break;
+ }
+ for (AAFPermission perm : tp.perms()) {
+ if (rv=perm.match(p)) {
+ break;
+ }
}
}
}
- return false;
+ return rv;
}
/* (non-Javadoc)
@@ -122,7 +144,7 @@ public class OLur extends AbsOTafLur implements Lur {
* @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
*/
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
@@ -140,10 +162,13 @@ public class OLur extends AbsOTafLur implements Lur {
@Override
public Permission createPerm(final String p) {
String[] s = Split.split('|',p);
- if(s!=null && s.length==3) {
- return new AAFPermission(s[0],s[1],s[2]);
- } else {
- return null;
+ switch(s.length) {
+ case 3:
+ return new AAFPermission(null, s[0],s[1],s[2]);
+ case 4:
+ return new AAFPermission(s[0],s[1],s[2],s[3]);
+ default:
+ return new LocalPermission(p);
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java
index bed201aa..b21f8975 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/RemoteRegistrant.java
@@ -87,7 +87,7 @@ public class RemoteRegistrant<ENV extends BasicEnv> implements Registrant<ENV> {
mep.setPort(port);
try {
- String hostnameToRegister = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null);
+ String hostnameToRegister = access.getProperty(Config.AAF_REGISTER_AS, null);
if(hostnameToRegister==null) {
hostnameToRegister = access.getProperty(Config.HOSTNAME, null);
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 28103b5d..41931976 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -38,6 +38,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
@@ -311,9 +312,8 @@ public class AAFSSO {
addProp(Config.AAF_LOCATE_URL, locateUrl);
}
- String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service:2.0";
- access.setProperty(Config.AAF_URL, aafUrl);
- access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm:2.0");
+ access.setProperty(Config.AAF_URL, Defaults.AAF_URL);
+ access.setProperty(Config.CM_URL, Defaults.CM_URL);
String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
if(cadiLatitude==null) {
System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
index 4836e4ed..939e9b18 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
@@ -33,11 +33,11 @@ import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.aaf.AAFPermission;
public class JU_AAFPermission {
-
+ private final static String ns = "ns";
private final static String type = "type";
private final static String instance = "instance";
private final static String action = "action";
- private final static String key = type + '|' + instance + '|' + action;
+ private final static String key = ns + '|' + type + '|' + instance + '|' + action;
private final static String role = "role";
private static List<String> roles;
@@ -50,14 +50,17 @@ public class JU_AAFPermission {
@Test
public void constructor1Test() {
- AAFPermission perm = new AAFPermission(type, instance, action);
- assertThat(perm.getName(), is(type));
+ AAFPermission perm = new AAFPermission(ns, type, instance, action);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(0));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key));
@@ -67,39 +70,45 @@ public class JU_AAFPermission {
public void constructor2Test() {
AAFPermission perm;
- perm = new AAFPermission(type, instance, action, null);
- assertThat(perm.getName(), is(type));
+ perm = new AAFPermission(ns, type, instance, action, null);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(0));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key));
- perm = new AAFPermission(type, instance, action, roles);
- assertThat(perm.getName(), is(type));
+ perm = new AAFPermission(ns, type, instance, action, roles);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(1));
assertThat(perm.roles().get(0), is(role));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
- "\n\tInstance: " + instance +
- "\n\tAction: " + action +
- "\n\tKey: " + key));
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
+ "\n\tInstance: " + instance +
+ "\n\tAction: " + action +
+ "\n\tKey: " + key));
}
@Test
public void matchTest() {
- final AAFPermission controlPermission = new AAFPermission(type, instance, action);
+ final AAFPermission controlPermission = new AAFPermission(ns,type, instance, action);
PermissionStub perm;
AAFPermission aafperm;
- aafperm = new AAFPermission(type, instance, action);
+ aafperm = new AAFPermission(ns, type, instance, action);
assertThat(controlPermission.match(aafperm), is(true));
perm = new PermissionStub(key);
@@ -117,7 +126,8 @@ public class JU_AAFPermission {
@Test
public void coverageTest() {
AAFPermissionStub aafps = new AAFPermissionStub();
- assertThat(aafps.getName(), is(nullValue()));
+ assertThat(aafps.getNS(), is(nullValue()));
+ assertThat(aafps.getType(), is(nullValue()));
assertThat(aafps.getInstance(), is(nullValue()));
assertThat(aafps.getAction(), is(nullValue()));
assertThat(aafps.getKey(), is(nullValue()));
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
index ecadb6ed..d50b87a2 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java
@@ -42,6 +42,7 @@ import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.configure.ArtifactDir;
import org.onap.aaf.cadi.util.Chmod;
import org.onap.aaf.misc.env.Trans;
@@ -112,7 +113,7 @@ public class JU_ArtifactDir {
} catch(NullPointerException e) {
}
- KeyStore ks = KeyStore.getInstance("pkcs12");
+ KeyStore ks = KeyStore.getInstance(Agent.PKCS12);
try {
ArtifactDir.write(writableFile, Chmod.to755, ks, luggagePassword.toCharArray());
fail("Should've thrown an exception");
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
index 0b086f11..d61ac499 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java
@@ -21,9 +21,11 @@
package org.onap.aaf.cadi.cm.test;
-import static org.junit.Assert.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
@@ -31,14 +33,17 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
-import java.security.cert.CertificateException;
-
-import org.junit.*;
-import org.mockito.*;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.configure.PlaceArtifactInKeystore;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
@@ -97,12 +102,12 @@ public class JU_PlaceArtifactInKeystore {
@Test
public void test() throws CadiException {
// Note: PKCS12 can't be tested in JDK 7 and earlier. Can't handle Trusting Certificates.
- PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore("jks");
+ PlaceArtifactInKeystore placer = new PlaceArtifactInKeystore(Agent.JKS);
certs.add(x509String);
certs.add(x509Chain);
assertThat(placer.place(transMock, certInfoMock, artiMock, "machine"), is(true));
- for (String ext : new String[] {"chal", "keyfile", "jks", "trust.jks", "cred.props"}) {
+ for (String ext : new String[] {"chal", "keyfile", Agent.JKS, "trust.jks", "cred.props"}) {
File f = new File(dirName + '/' + nsName + '.' + ext);
assertThat(f.exists(), is(true));
}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
index 6bbed0ed..356c12d5 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
@@ -98,28 +98,28 @@ public class JU_TokenPerm {
String json;
LoadPermissions lp;
Permission p;
-
+
json = "{\"perm\":[" +
- " {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
+ " {\"ns\":\"com\",\"type\":\"access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
"]}";
lp = new LoadPermissions(new StringReader(json));
assertThat(lp.perms.size(), is(1));
p = lp.perms.get(0);
- assertThat(p.getKey(), is("com.access|*|read,approve"));
+ assertThat(p.getKey(), is("com|access|*|read,approve"));
assertThat(p.permType(), is("AAF"));
// Extra closing braces for coverage
json = "{\"perm\":[" +
- " {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
+ " {\"ns\":\"com\",\"type\":\"access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
"]]}";
lp = new LoadPermissions(new StringReader(json));
assertThat(lp.perms.size(), is(1));
p = lp.perms.get(0);
- assertThat(p.getKey(), is("com.access|*|read,approve"));
+ assertThat(p.getKey(), is("com|access|*|read,approve"));
assertThat(p.permType(), is("AAF"));
// Test without a type
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
index 45a7d341..6c3c6118 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
@@ -147,7 +147,7 @@ public class Sample {
String permS = myAccess.getProperty("perm","org.osaaf.aaf.access|*|read");
String[] permA = Split.splitTrim('|', permS);
if(permA.length>2) {
- final Permission perm = new AAFPermission(permA[0],permA[1],permA[2]);
+ final Permission perm = new AAFPermission(null, permA[0],permA[1],permA[2]);
// See the CODE for Java Methods used
if(singleton().oneAuthorization(fqi, perm)) {
System.out.printf("Success: %s has %s\n",fqi.getName(),permS);
diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
index d14e747a..024deff7 100644
--- a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
+++ b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
@@ -81,6 +81,7 @@ public class JU_PropertyLocator {
assertThat(pl.hasItems(), is(false));
assertThat(countItems(pl), is(0));
+ Thread.sleep(20L); // PL checks same milli...
pl.refresh();
assertThat(pl.hasItems(), is(true));
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
index 1d01a3e8..39631894 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
@@ -246,7 +246,7 @@ public abstract class AbsUserCache<PERM extends Permission> {
/**
* The default behavior of a LUR is to not handle something exclusively.
*/
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
index fd73d00b..0beb4856 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
@@ -52,7 +52,7 @@ public interface Lur {
* @param principalName
* @return
*/
- public boolean fish(Principal bait, Permission pond);
+ public boolean fish(Principal bait, Permission ... pond);
/**
* Fish all the Principals out a Pond
@@ -77,7 +77,7 @@ public interface Lur {
* @param pond
* @return
*/
- public boolean handlesExclusively(Permission pond);
+ public boolean handlesExclusively(Permission ... pond);
/**
* Does the LUR support a particular kind of Principal
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
index 4067f160..afc1d979 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
@@ -483,7 +483,8 @@ public class Symm {
switch(read) {
case -1:
case '=':
- case '\n':
+ case '\n':
+ case '\r':
return -1;
}
for(int i=0;i<codec.length;++i) {
@@ -662,6 +663,9 @@ public class Symm {
* @throws IOException
*/
public void enpass(final String password, final OutputStream os) throws IOException {
+ if(password==null) {
+ throw new IOException("Invalid password passed");
+ }
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
byte[] bytes = password.getBytes();
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index b4e31f2f..efe5503b 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -74,14 +74,12 @@ public class Config {
private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF";
-
public static final String UTF_8 = "UTF-8";
// Property Names associated with configurations.
// As of 1.0.2, these have had the dots removed so as to be compatible with JavaBean style
// configurations as well as property list style.
public static final String HOSTNAME = "hostname";
- public static final String CADI_REGISTRATION_HOSTNAME = "cadi_registration_hostname";
public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)
public static final String CADI_LOGLEVEL = "cadi_loglevel";
public static final String CADI_LOGDIR = "cadi_log_dir";
@@ -136,12 +134,22 @@ public class Config {
public static final String OAUTH_CLIENT_SECRET="client_secret";
public static final String AAF_ENV = "aaf_env";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_ROOT_NS = "aaf_root_ns";
public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
public static final String AAF_ROOT_COMPANY = "aaf_root_company";
public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
+ public static final String AAF_DEFAULT_VERSION = "2.1";
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
+ public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_VERSION;
+ public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_VERSION;
+ public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_VERSION;
+ public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_VERSION;
+ public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_VERSION;
+
+ public static final String AAF_REGISTER_AS = "aaf_register_as";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_LUR_CLASS = "aaf_lur_class";
@@ -175,7 +183,6 @@ public class Config {
public static final String AAF_COMPONENT = "aaf_component";
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
- public static final String AAF_DEFAULT_VERSION = "2.0";
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
index 2813dca8..b442c7d9 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
@@ -60,7 +60,7 @@ public final class EpiLur implements Lur {
if(lurs.length==0) throw new CadiException("Need at least one Lur implementation in constructor");
}
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if(pond==null) {
return false;
}
@@ -99,7 +99,7 @@ public final class EpiLur implements Lur {
}
// Never needed... Only EpiLur uses...
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
index 0f9adb94..e177a22f 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
@@ -94,14 +94,16 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
}
// @Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if (pond == null) {
return false;
}
- if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- if (user != null) {
- return user.contains((LocalPermission)pond);
+ for(Permission p : pond) {
+ if (handles(bait) && p instanceof LocalPermission) { // local Users only have LocalPermissions
+ User<LocalPermission> user = getUser(bait);
+ if (user != null) {
+ return user.contains((LocalPermission)p);
+ }
}
}
return false;
@@ -128,8 +130,15 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
return principal.getName().endsWith(supportedRealm);
}
- public boolean handlesExclusively(Permission pond) {
- return supportingGroups.contains(pond.getKey());
+ @Override
+ public boolean handlesExclusively(Permission ... pond) {
+ boolean rv = false;
+ for (Permission p : pond) {
+ if(rv=supportingGroups.contains(p.getKey())) {
+ break;
+ }
+ }
+ return rv;
}
/* (non-Javadoc)
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
index 1e44726a..b314f20e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
@@ -44,7 +44,7 @@ public class NullLur implements Lur {
return false;
}};
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
// Well, for Jenkins, this is ok... It finds out it can't do J2EE Security, and then looks at it's own
// System.err.println("CADI's LUR has not been configured, but is still being called. Access is being denied");
return false;
@@ -56,7 +56,7 @@ public class NullLur implements Lur {
public void destroy() {
}
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
index f7c3a0a2..b99030eb 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
@@ -117,10 +117,10 @@ public class JU_EpiLur {
private class CredValStub implements Lur, CredVal {
@Override public boolean validate(String user, Type type, byte[] cred, Object state) { return false; }
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return false; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public void destroy() { }
- @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handlesExclusively(Permission ... pond) { return false; }
@Override public boolean handles(Principal principal) { return false; }
@Override public void clear(Principal p, StringBuilder report) { }
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
index 1737710a..b34e90ab 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
@@ -350,7 +350,7 @@ public class JU_AbsUserCache {
class AbsUserCacheCLStub<PERM extends Permission> extends AbsUserCache<PERM> implements CachingLur<PERM> {
public AbsUserCacheCLStub(AbsUserCache<PERM> cache) { super(cache); }
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return false; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public boolean handles(Principal principal) { return false; }
@Override public Resp reload(User<PERM> user) { return null; }
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
index d9a4437c..850dd22c 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
@@ -122,10 +122,10 @@ public class JU_CadiWrap {
// Anonymous object for testing purposes
CachingLur<Permission> lur1 = new CachingLur<Permission>() {
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return true; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return true; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public void destroy() { }
- @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handlesExclusively(Permission ... pond) { return false; }
@Override public boolean handles(Principal principal) { return false; }
@Override public void remove(String user) { }
@Override public Resp reload(User<Permission> user) { return null; }
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
index 835e699b..ae9c93ed 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
@@ -72,13 +73,10 @@ public class OAuthExample {
// Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files"
- String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,
- "https://AAF_LOCATE_URL/AAF_NS.token:2.0"); // Default to AAF
- String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,
- "https://AAF_LOCATE_URL/AAF_NS.introspect:2.0"); // Default to AAF);
+ String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,Defaults.OAUTH2_TOKEN_URL); // Default to AAF
+ String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
// Get Hello Service
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
- "https://AAF_LOCATE_URL/AAF_NS.hello:2.0");
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Defaults.HELLO_URL);
final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
index 4b29518f..c82a7c5d 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
@@ -103,8 +104,7 @@ public class OnapClientExample {
// Use this Token in your client calls with "Tokenized Client" (TzClient)
// These should NOT be used cross thread.
// Get Hello Service URL... roll your own in your own world.
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
- "https://AAF_LOCATE_URL/AAF_NS.hello:2.0");
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Defaults.HELLO_URL);
TzClient helloClient = tcf.newTzClient(endServicesURL);