summaryrefslogtreecommitdiffstats
path: root/cadi
diff options
context:
space:
mode:
Diffstat (limited to 'cadi')
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java74
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java100
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java19
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java20
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java6
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java3
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java1
9 files changed, 148 insertions, 82 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
index 9e21f6cd..e40743da 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
@@ -126,43 +126,47 @@ public abstract class AAFCon<CLIENT> implements Connector {
if (mechid==null) {
mechid=access.getProperty(Config.OAUTH_CLIENT_ID,null);
}
- String encpass = access.getProperty(Config.AAF_APPPASS, null);
- if (encpass==null) {
- encpass = access.getProperty(Config.OAUTH_CLIENT_SECRET,null);
- }
- if (encpass==null) {
- String alias = access.getProperty(Config.CADI_ALIAS, mechid);
- if (alias==null) {
- access.printf(Access.Level.WARN,"%s, %s or %s required before use.", Config.CADI_ALIAS, Config.AAF_APPID, Config.OAUTH_CLIENT_ID);
- set(si.defSS);
- } else {
- si.defSS=x509Alias(alias);
- set(si.defSS);
- }
+ String alias = access.getProperty(Config.CADI_ALIAS, null);
+ if(alias != null) {
+ si.defSS=x509Alias(alias);
+ set(si.defSS);
} else {
- if (mechid!=null) {
- si.defSS=basicAuth(mechid, encpass);
- set(si.defSS);
- } else {
- si.defSS=new SecuritySetter<CLIENT>() {
-
- @Override
- public String getID() {
- return "";
- }
-
- @Override
- public void setSecurity(CLIENT client) throws CadiException {
- throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
- }
- @Override
- public int setLastResponse(int respCode) {
- return 0;
- }
- };
- set(si.defSS);
- }
+ String encpass = access.getProperty(Config.AAF_APPPASS, null);
+ if (encpass==null) {
+ encpass = access.getProperty(Config.OAUTH_CLIENT_SECRET,null);
+ }
+
+ if (encpass==null) {
+ if (alias==null) {
+ access.printf(Access.Level.WARN,"%s, %s or %s required before use.", Config.CADI_ALIAS, Config.AAF_APPID, Config.OAUTH_CLIENT_ID);
+ set(si.defSS);
+ }
+ } else {
+ if (mechid!=null) {
+ si.defSS=basicAuth(mechid, encpass);
+ set(si.defSS);
+ } else {
+ si.defSS=new SecuritySetter<CLIENT>() {
+
+ @Override
+ public String getID() {
+ return "";
+ }
+
+ @Override
+ public void setSecurity(CLIENT client) throws CadiException {
+ throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
+ }
+
+ @Override
+ public int setLastResponse(int respCode) {
+ return 0;
+ }
+ };
+ set(si.defSS);
+ }
+ }
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
index d39fc1d6..e60b5d8a 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
@@ -60,31 +60,26 @@ public class AAFConHttp extends AAFCon<HttpURLConnection> {
public AAFConHttp(Access access, String tag) throws CadiException, LocatorException {
super(access,tag,SecurityInfoC.instance(access, HttpURLConnection.class));
- bestSS(si);
hman = new HMangr(access,Config.loadLocator(si, access.getProperty(tag,tag/*try the content itself*/)));
}
public AAFConHttp(Access access, String urlTag, SecurityInfoC<HttpURLConnection> si) throws CadiException, LocatorException {
super(access,urlTag,si);
- bestSS(si);
hman = new HMangr(access,Config.loadLocator(si, access.getProperty(urlTag,null)));
}
public AAFConHttp(Access access, Locator<URI> locator) throws CadiException, LocatorException {
super(access,Config.AAF_URL,SecurityInfoC.instance(access, HttpURLConnection.class));
- bestSS(si);
hman = new HMangr(access,locator);
}
public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si) throws CadiException, LocatorException, APIException {
super(access,Config.AAF_URL,si);
- bestSS(si);
hman = new HMangr(access,locator);
}
public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si, String tag) throws CadiException, LocatorException, APIException {
super(access,tag,si);
- bestSS(si);
hman = new HMangr(access, locator);
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index 98abfbf9..aa9bf138 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -140,28 +140,75 @@ public class Agent {
} else {
try {
AAFSSO aafsso=null;
- PropAccess access;
+ PropAccess access=null;
- if (args.length>1 && args[0].equals("validate") ) {
- int idx = args[1].indexOf('=');
- aafsso = null;
- access = new PropAccess(
- (idx<0?Config.CADI_PROP_FILES:args[1].substring(0, idx))+
- '='+
- (idx<0?args[1]:args[1].substring(idx+1)));
- } else {
- aafsso= new AAFSSO(args, new AAFSSO.ProcessArgs() {
- @Override
- public Properties process(String[] args, Properties props) {
- if (args.length>1) {
- if (!args[0].equals("keypairgen")) {
- props.put(Config.AAF_APPID, args[1]);
- }
- }
- return props;
- }
- });
- access = aafsso.access();
+ String hasEtc = null;
+ for(String a : args) {
+ if(a.startsWith(Config.CADI_PROP_FILES)) {
+ access = new PropAccess(args);
+ break;
+ } else if(a.startsWith(Config.CADI_ETCDIR)) {
+ int idx = a.indexOf('=');
+ if(idx>=0 && idx<a.length()) {
+ hasEtc = a.substring(idx+1);
+ }
+ }
+ }
+
+ if(access==null) {
+ if(args.length>1 && args[1].contains("@")) {
+ String domain = FQI.reverseDomain(args[1]);
+ if(domain!=null) {
+ if(hasEtc==null) {
+ hasEtc = ".";
+ }
+ File etc = new File(hasEtc);
+ if(etc.exists()) {
+ File nsprops = new File(etc,domain+".props");
+ if(nsprops.exists()) {
+ access = new PropAccess(new String[] {Config.CADI_PROP_FILES+'='+nsprops.getAbsolutePath()});
+ }
+ }
+ }
+ }
+ }
+
+ if(access==null) {
+ for(Entry<Object, Object> es : System.getProperties().entrySet()) {
+ if(Config.CADI_PROP_FILES.equals(es.getKey())) {
+ access = new PropAccess();
+ }
+ }
+ }
+
+ // When using Config file, check if Cred Exists, and if not, work with Deployer.
+ if(access!=null && !"config".equals(args[0]) && access.getProperty(Config.AAF_APPPASS)==null && access.getProperty(Config.CADI_ALIAS)==null) {
+ // not enough credentials to use Props. Use AAFSSO
+ access = null;
+ }
+
+ if(access==null) {
+ if (args.length>1 && args[0].equals("validate") ) {
+ int idx = args[1].indexOf('=');
+ aafsso = null;
+ access = new PropAccess(
+ (idx<0?Config.CADI_PROP_FILES:args[1].substring(0, idx))+
+ '='+
+ (idx<0?args[1]:args[1].substring(idx+1)));
+ } else {
+ aafsso= new AAFSSO(args, new AAFSSO.ProcessArgs() {
+ @Override
+ public Properties process(String[] args, Properties props) {
+ if (args.length>1) {
+ if (!args[0].equals("keypairgen")) {
+ props.put(Config.AAF_APPID, args[1]);
+ }
+ }
+ return props;
+ }
+ });
+ access = aafsso.access();
+ }
}
if (aafsso!=null && aafsso.loginOnly()) {
@@ -805,7 +852,7 @@ public class Agent {
try {
final String fqi = fqi(cmds);
Artifact arti = new Artifact();
- arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, "."));
+ arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, System.getProperty("user.dir")));
arti.setNs(FQI.reverseDomain(fqi));
PropHolder loc = PropHolder.get(arti, "location.props");
PropHolder cred = PropHolder.get(arti,"cred.props");
@@ -822,13 +869,20 @@ public class Agent {
loc.add(tag, getProperty(propAccess, trans, false, tag, "%s: ",tag));
}
+ String keyfile = cred.getKeyPath();
+ if(keyfile!=null) {
+ File fkeyfile = new File(keyfile);
+ if(!fkeyfile.exists()) {
+ ArtifactDir.write(fkeyfile,Chmod.to400,Symm.keygen());
+ }
+ }
cred.add(Config.CADI_KEYFILE, cred.getKeyPath());
final String ssoAppID = propAccess.getProperty(Config.AAF_APPID);
if(fqi!=null && fqi.equals(ssoAppID)) {
cred.addEnc(Config.AAF_APPPASS, propAccess, null);
// only Ask for Password when starting scratch
} else if(propAccess.getProperty(Config.CADI_PROP_FILES)==null) {
- char[] pwd = AAFSSO.cons.readPassword("Password for %s: ", fqi);
+ char[] pwd = AAFSSO.cons.readPassword("Password for %s (leave blank for NO password): ", fqi);
if(pwd.length>0) {
cred.addEnc(Config.AAF_APPPASS, new String(pwd));
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java
index 5ee1abe2..123bb9df 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java
@@ -24,6 +24,8 @@ package org.onap.aaf.cadi.configure;
import java.io.File;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.aaf.Defaults;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.Chmod;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.env.util.Chrono;
@@ -55,7 +57,7 @@ public class PlaceArtifactScripts extends ArtifactDir {
classpath.append(File.pathSeparatorChar);
}
File f = new File(pth);
- classpath.append(f.getCanonicalPath().replaceAll("[0-9]+\\.[0-9]+\\.[0-9]+","*"));
+ classpath.append(f.getCanonicalPath().replaceAll("[0-9]+\\.[0-9]+\\.[0-9]+",Defaults.AAF_VERSION+".*"));
}
write(f1,Chmod.to644,
@@ -63,10 +65,15 @@ public class PlaceArtifactScripts extends ArtifactDir {
"# Certificate Manager Check Script\n",
"# Check on Certificate, and renew if needed.\n",
"# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',
+ "# by Deployer " + trans.getProperty(Config.AAF_APPID,"") + '\n',
+ "#\n",
"DIR="+arti.getDir()+'\n',
+ "APP_ID=" + arti.getMechid() + '\n',
+ "FQDN=" + arti.getMachine()+ '\n',
"APP="+arti.getNs()+'\n',
- "EMAIL="+email,
- "CP=\""+classpath.toString()+"\"\n",
+ "EMAIL="+email+ '\n',
+ "JAR=\""+classpath.toString()+"\"\n",
+ "JAVA=\""+javaHome() + "/bin/" +"java\"\n",
checkScript
);
@@ -100,7 +107,6 @@ public class PlaceArtifactScripts extends ArtifactDir {
return rc==null?System.getProperty("java.home"):rc;
}
private final static String checkScript =
- "> $DIR/$APP.msg\n\n" +
"function mailit {\n" +
" if [ -e /bin/mail ]; then\n" +
" MAILER=/bin/mail\n" +
@@ -115,9 +121,8 @@ public class PlaceArtifactScripts extends ArtifactDir {
" printf \"$*\" | $MAILER -s \"AAF Certman Notification for `uname -n`\" $EMAIL\n"+
" fi\n" +
"}\n\n" +
- javaHome() + "/bin/" +"java -cp $CP " +
- Agent.class.getName() +
- " cadi_prop_files=$DIR/$APP.props check 2> $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +
+ "> $DIR/$APP.msg\n\n" +
+ "$JAVA -jar $JAR check $APP_ID $FQDN cadi_prop_files=$DIR/$APP.props 2> $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +
"case \"$?\" in\n" +
" 0)\n" +
" # Note: Validation will be mailed only the first day after any modification\n" +
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index b3cf266e..14cf0f62 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -152,15 +152,17 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
}
sb.append('_');
sb.append(tokenSource);
- byte[] tohash=scope.getBytes();
- if (hash!=null && hash.length>0) {
- byte temp[] = new byte[hash.length+tohash.length];
- System.arraycopy(tohash, 0, temp, 0, tohash.length);
- System.arraycopy(hash, 0, temp, tohash.length, hash.length);
- tohash = temp;
- }
- if (scope!=null && scope.length()>0) {
- sb.append(Hash.toHexNo0x(Hash.hashSHA256(tohash)));
+ if (scope!=null) {
+ byte[] tohash=scope.getBytes();
+ if (hash!=null && hash.length>0) {
+ byte temp[] = new byte[hash.length+tohash.length];
+ System.arraycopy(tohash, 0, temp, 0, tohash.length);
+ System.arraycopy(hash, 0, temp, tohash.length, hash.length);
+ tohash = temp;
+ }
+ if (scope.length()>0) {
+ sb.append(Hash.toHexNo0x(Hash.hashSHA256(tohash)));
+ }
}
return sb.toString();
} catch (NoSuchAlgorithmException e) {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index de31e661..c0ac43e9 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -381,7 +381,7 @@ public class AAFSSO {
addProp(Config.AAF_LOCATE_URL, locateUrl);
try {
if(access.getProperty(Config.AAF_URL)==null) {
- access.setProperty(Config.AAF_URL, "https://AAF_LOCATE/AAF_NS.service:2.1");
+ access.setProperty(Config.AAF_URL, Defaults.AAF_ROOT+".service:"+Defaults.AAF_VERSION);
}
AAFCon<?> aafCon = AAFCon.newInstance(access);
Future<Configuration> acf;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
index 68a8db05..0a1f38db 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
@@ -113,7 +113,8 @@ public class CmdLine {
// Jonathan. Oh, well, Deployment services need this behavior. I will put this code in, but leave it undocumented.
// One still needs access to the keyfile to read.
// July 2016 - thought of a tool "CMPass" to regurgitate from properties, but only if allowed.
- } else if ("regurgitate".equalsIgnoreCase(args[0]) && args.length>2) {
+ } else if (("regurgitate".equalsIgnoreCase(args[0]) || "undigest".equalsIgnoreCase(args[0]))
+ && args.length>2) {
try {
Symm symm;
FileInputStream fis = new FileInputStream(args[2]);
@@ -188,7 +189,7 @@ public class CmdLine {
System.out.flush();
return;
} catch (IOException e) {
- System.err.println("Cannot regurgitate password");
+ System.err.println("Cannot undigest password");
System.err.println(" \""+ e.getMessage() + '"');
}
} else if ("encode64".equalsIgnoreCase(args[0]) && args.length>1) {
@@ -334,6 +335,7 @@ public class CmdLine {
System.out.println(" digest [<passwd>|-i|] <keyfile> (Encrypts Password with \"keyfile\"");
System.out.println(" if passwd = -i, will read StdIn");
System.out.println(" if passwd is blank, will ask securely)");
+ System.out.println(" undigest <enc:...> <keyfile> (Decrypts Encoded with \"keyfile\")");
System.out.println(" passgen <digits> (Generate Password of given size)");
System.out.println(" urlgen <digits> (Generate URL field of given size)");
System.out.println(" encode64 <your text> (Encodes to Base64)");
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 2655b4ce..48f5e2d1 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -228,6 +228,9 @@ public class Config {
public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:"+AAF_DEFAULT_API_VERSION;
public static final String AAF_URL_HELLO = "aaf_url_hello";
public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
+ // let NS Owners choose with <ns>.certman aaf ignoreIPs" to ignoreIP Check for Configs
+ // Probably only want to allow in a DEV Env.
+ public static final String CM_ALLOW_IGNORE_IPS="cm_allow_ignore_ips";
public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";
public static final String PATHFILTER_STACK = "pathfilter_stack";
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java
index 967bf221..859f9a25 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java
@@ -235,6 +235,7 @@ public class JU_CmdLine {
" digest [<passwd>|-i|] <keyfile> (Encrypts Password with \"keyfile\"" + lineSeparator +
" if passwd = -i, will read StdIn" + lineSeparator +
" if passwd is blank, will ask securely)" + lineSeparator +
+ " undigest <enc:...> <keyfile> (Decrypts Encoded with \"keyfile\")" + lineSeparator +
" passgen <digits> (Generate Password of given size)" + lineSeparator +
" urlgen <digits> (Generate URL field of given size)" + lineSeparator +
" encode64 <your text> (Encodes to Base64)" + lineSeparator +