summaryrefslogtreecommitdiffstats
path: root/cadi
diff options
context:
space:
mode:
Diffstat (limited to 'cadi')
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java79
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java33
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java23
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java15
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java18
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java9
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java44
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java10
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java7
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java45
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java5
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java9
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java57
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java6
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java44
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java10
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java2
-rw-r--r--cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java3
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java12
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java23
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java2
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java4
-rw-r--r--cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java10
-rw-r--r--cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java4
31 files changed, 334 insertions, 164 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
index 3b783949..6b69f790 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
import java.util.List;
import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.misc.env.util.Split;
/**
* A Class that understands the AAF format of Permission (name/type/action)
@@ -35,7 +36,7 @@ import org.onap.aaf.cadi.Permission;
*/
public class AAFPermission implements Permission {
private static final List<String> NO_ROLES;
- protected String type,instance,action,key;
+ protected String ns,type,instance,action,key;
private List<String> roles;
static {
@@ -44,19 +45,22 @@ public class AAFPermission implements Permission {
protected AAFPermission() {roles=NO_ROLES;}
- public AAFPermission(String type, String instance, String action) {
- this.type = type;
+ public AAFPermission(String ns, String name, String instance, String action) {
+ this.ns = ns;
+ type = name;
this.instance = instance;
this.action = action;
- key = type + '|' + instance + '|' + action;
+ key = ns + '|' + type + '|' + instance + '|' + action;
this.roles = NO_ROLES;
}
- public AAFPermission(String type, String instance, String action, List<String> roles) {
- this.type = type;
+
+ public AAFPermission(String ns, String name, String instance, String action, List<String> roles) {
+ this.ns = ns;
+ type = name;
this.instance = instance;
this.action = action;
- key = type + '|' + instance + '|' + action;
+ key = ns + '|' + type + '|' + instance + '|' + action;
this.roles = roles==null?NO_ROLES:roles;
}
@@ -71,6 +75,7 @@ public class AAFPermission implements Permission {
* If you want a simple field comparison, it is faster without REGEX
*/
public boolean match(Permission p) {
+ String aafNS;
String aafType;
String aafInstance;
String aafAction;
@@ -79,24 +84,60 @@ public class AAFPermission implements Permission {
// Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
// Current solution is only allow direct match on Type.
// 8/28/2014 Jonathan - added REGEX ability
- aafType = ap.getName();
+ aafNS = ap.getNS();
+ aafType = ap.getType();
aafInstance = ap.getInstance();
aafAction = ap.getAction();
} else {
- // Permission is concatenated together: separated by |
- String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);
- aafType = aaf[0];
- aafInstance = (aaf.length > 1) ? aaf[1] : "*";
- aafAction = (aaf.length > 2) ? aaf[2] : "*";
+ // Permission is concatenated together: separated by
+ String[] aaf = Split.splitTrim('|', p.getKey());
+ switch(aaf.length) {
+ case 1:
+ aafNS = aaf[0];
+ aafType="";
+ aafInstance = aafAction = "*";
+ break;
+ case 2:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aafAction = "*";
+ break;
+ case 3:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = "*";
+ break;
+ default:
+ aafNS = aaf[0];
+ aafType = aaf[1];
+ aafInstance = aaf[2];
+ aafAction = aaf[3];
+ break;
+ }
+ }
+ boolean typeMatches;
+ if(aafNS.length() == ns.length()) {
+ typeMatches = aafNS.equals(ns) && aafType.equals(type);
+ } else { // Allow for restructuring of NS/Perm structure
+ typeMatches = (aafNS+'.'+aafType).equals(ns+'.'+type);
}
- return ((type.equals(aafType)) &&
- (PermEval.evalInstance(instance, aafInstance)) &&
- (PermEval.evalAction(action, aafAction)));
+ return (typeMatches &&
+ PermEval.evalInstance(instance, aafInstance) &&
+ PermEval.evalAction(action, aafAction));
+ }
+
+ public String getNS() {
+ return ns;
}
- public String getName() {
+ public String getType() {
return type;
}
+
+ public String getFullType() {
+ return ns + '.' + type;
+ }
public String getInstance() {
return instance;
@@ -121,7 +162,9 @@ public class AAFPermission implements Permission {
return roles;
}
public String toString() {
- return "AAFPermission:\n\tType: " + type +
+ return "AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java
new file mode 100644
index 00000000..5aa4dbc5
--- /dev/null
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/Defaults.java
@@ -0,0 +1,33 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.cadi.aaf;
+
+public interface Defaults {
+ public static String AAF_VERSION = "2.1";
+ public static String AAF_NS = "AAF_NS";
+ public static String AAF_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".service:" + AAF_VERSION;
+ public static String GUI_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".gui:" + AAF_VERSION;
+ public static String CM_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".cm:" + AAF_VERSION;
+ public static String FS_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".fs:" + AAF_VERSION;
+ public static String HELLO_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".hello:" + AAF_VERSION;
+ public static String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".token:" + AAF_VERSION;
+ public static String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/" + AAF_NS + ".introspect:" + AAF_VERSION;
+}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index 35bcc5a9..3e90087c 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -79,15 +79,16 @@ public class TestConnectivity {
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
print(true,"Test Connections driven by AAFLocator");
- URI serviceURI = new URI(aaflocate+"/locate/AAF_NS.service:2.0");
+ URI serviceURI = new URI(Defaults.AAF_URL);
for(URI uri : new URI[] {
serviceURI,
- new URI(aaflocate+"/locate/AAF_NS.service:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.locate:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.token:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.certman:2.0"),
- new URI(aaflocate+"/locate/AAF_NS.hello")
+ new URI(Defaults.OAUTH2_TOKEN_URL),
+ new URI(Defaults.OAUTH2_INTROSPECT_URL),
+ new URI(Defaults.CM_URL),
+ new URI(Defaults.GUI_URL),
+ new URI(Defaults.FS_URL),
+ new URI(Defaults.HELLO_URL)
}) {
Locator<URI> locator = new AAFLocator(si, uri);
try {
@@ -105,14 +106,6 @@ public class TestConnectivity {
permTest(locator,ss);
}
- /////////
- // Removed for ONAP
-// print(true,"Test Proxy Access driven by AAFLocator");
-// locator = new AAFLocator(si, new URI(aaflocate+"/AAF_NS.gw:2.0/proxy"));
-// for(SecuritySetter<HttpURLConnection> ss : lss) {
-// permTest(locator,ss);
-// }
-
//////////
print(true,"Test essential BasicAuth Service call, driven by AAFLocator");
for(SecuritySetter<HttpURLConnection> ss : lss) {
@@ -163,7 +156,7 @@ public class TestConnectivity {
String tokenURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL);
String locateURL=access.getProperty(Config.AAF_LOCATE_URL);
if(tokenURL==null || (tokenURL.contains("/locate/") && locateURL!=null)) {
- tokenURL=locateURL+"/locate/AAF_NS.token:2.0/token";
+ tokenURL=Defaults.OAUTH2_TOKEN_URL+"/token";
}
try {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
index 84d23655..b7cf62cd 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
@@ -148,7 +148,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
Map<String, Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
for(Perm perm : fp.value.getPerm()) {
- user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ user.add(newMap,new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
if(willLog) {
aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');
}
@@ -197,7 +197,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
Map<String,Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
for(Perm perm : fp.value.getPerm()) {
- user.add(newMap, new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
if(willLog) {
aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
}
@@ -235,10 +235,13 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
@Override
public Permission createPerm(String p) {
String[] params = Split.split('|', p);
- if(params.length==3) {
- return new AAFPermission(params[0],params[1],params[2]);
- } else {
- return new LocalPermission(p);
+ switch(params.length) {
+ case 3:
+ return new AAFPermission(null,params[0],params[1],params[2]);
+ case 4:
+ return new AAFPermission(params[0],params[1],params[2],params[3]);
+ default:
+ return new LocalPermission(p);
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
index 2094948a..bf85beef 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
@@ -55,8 +55,13 @@ public class AAFTrustChecker implements TrustChecker {
AAFPermission temp=null;
if(str!=null) {
String[] sp = Split.splitTrim('|', str);
- if(sp.length==3) {
- temp = new AAFPermission(sp[0],sp[1],sp[2]);
+ switch(sp.length) {
+ case 3:
+ temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+ break;
+ case 4:
+ temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+ break;
}
}
perm=temp;
@@ -69,8 +74,13 @@ public class AAFTrustChecker implements TrustChecker {
AAFPermission temp=null;
if(str!=null) {
String[] sp = Split.splitTrim('|', str);
- if(sp.length==3) {
- temp = new AAFPermission(sp[0],sp[1],sp[2]);
+ switch(sp.length) {
+ case 3:
+ temp = new AAFPermission(null,sp[0],sp[1],sp[2]);
+ break;
+ case 4:
+ temp = new AAFPermission(sp[0],sp[1],sp[2],sp[3]);
+ break;
}
}
perm=temp;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
index f0909062..7de8536a 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
@@ -32,6 +32,7 @@ import java.util.NoSuchElementException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.config.Config;
@@ -87,6 +88,12 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
latitude = Double.parseDouble(lat);
longitude = Double.parseDouble(lng);
}
+ if(name.startsWith(Defaults.AAF_NS)) {
+ String root_ns = access.getProperty(Config.AAF_ROOT_NS, null);
+ if(root_ns!=null) {
+ name=name.replace(Defaults.AAF_NS, root_ns);
+ }
+ }
if(name.startsWith("http")) { // simple URL
this.name = name;
this.version = Config.AAF_DEFAULT_VERSION;
@@ -259,7 +266,7 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI>
@Override
public Item best() throws LocatorException {
if(!hasItems()) {
- throw new LocatorException("No Entries found" + (pathInfo==null?"":(" for " + pathInfo)));
+ throw new LocatorException("No Entries found for '" + aaf_locator_uri.toString() + "/locate/" + name + ':' + version + '\'');
}
List<EP> lep = new ArrayList<>();
EP first = null;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
index 9feeee36..89106cc1 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java
@@ -90,7 +90,7 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
protected abstract boolean isCorrectPermType(Permission pond);
// This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if(preemptiveLur!=null && preemptiveLur.handles(bait)) {
return preemptiveLur.fish(bait, pond);
} else {
@@ -123,20 +123,23 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
user = loadUser(bait);
sb.append("\n\tloadUser called");
}
- if(user==null) {
- sb.append("\n\tUser was not Loaded");
- } else if(user.contains(pond)) {
- sb.append("\n\tUser contains ");
- sb.append(pond.getKey());
- rv = true;
- } else {
- sb.append("\n\tUser does not contain ");
- sb.append(pond.getKey());
- List<Permission> perms = new ArrayList<>();
- user.copyPermsTo(perms);
- for(Permission p : perms) {
- sb.append("\n\t\t");
+ for (Permission p : pond) {
+ if(user==null) {
+ sb.append("\n\tUser was not Loaded");
+ break;
+ } else if(user.contains(p)) {
+ sb.append("\n\tUser contains ");
+ sb.append(p.getKey());
+ rv = true;
+ } else {
+ sb.append("\n\tUser does not contain ");
sb.append(p.getKey());
+ List<Permission> perms = new ArrayList<>();
+ user.copyPermsTo(perms);
+ for(Permission perm : perms) {
+ sb.append("\n\t\t");
+ sb.append(perm.getKey());
+ }
}
}
} else {
@@ -147,14 +150,23 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE
aaf.access.log(Level.INFO, sb);
return rv;
} else {
+ boolean rv = false;
if(handles(bait)) {
User<PERM> user = getUser(bait);
if(user==null || user.permsUnloaded() || user.permExpired()) {
user = loadUser(bait);
}
- return user==null?false:user.contains(pond);
+ if(user==null) {
+ return false;
+ } else {
+ for(Permission p : pond) {
+ if(rv=user.contains(p)) {
+ break;
+ }
+ }
+ }
}
- return false;
+ return rv;
}
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index 7f1b0cf6..b3de9754 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -52,6 +52,7 @@ import org.onap.aaf.cadi.CmdLine;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
@@ -126,7 +127,7 @@ public class Agent {
AAFSSO aafsso=null;
PropAccess access;
- if(args.length>0 && args[0].equals("validate")) {
+ if(args.length>1 && args[0].equals("validate")) {
int idx = args[1].indexOf('=');
aafsso = null;
access = new PropAccess(
@@ -353,8 +354,8 @@ public class Agent {
}
private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = fqi(cmds);
- String machine = machine(cmds);
+ final String mechID = fqi(cmds);
+ final String machine = machine(cmds);
Artifacts artifacts = new Artifacts();
Artifact arti = new Artifact();
@@ -798,6 +799,7 @@ public class Agent {
directedPut(pa, filesymm, normal,creds, Config.CADI_KEYFILE, fkf.getCanonicalPath());
directedPut(pa, filesymm, normal,creds, Config.AAF_APPID,fqi);
directedPut(pa, filesymm, normal,creds, Config.AAF_APPPASS,null);
+ directedPut(pa, filesymm, normal,creds, Config.AAF_URL, Defaults.AAF_URL);
String cts = pa.getProperty(Config.CADI_TRUSTSTORE);
@@ -928,7 +930,7 @@ public class Agent {
if(tag.endsWith("_password")) {
if(val.length()>4) {
if(val.startsWith("enc:")) {
- val = orig.decrypt(value, true);
+ val = orig.decrypt(val, true);
}
val = "enc:" + symm.enpass(val);
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index cb282605..3123b89e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -51,7 +51,7 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
@Override
public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getNs()+'.'+kst);
+ File fks = new File(dir,arti.getNs()+'.'+(kst=="pkcs12"?"p12":kst));
try {
KeyStore jks = KeyStore.getInstance(kst);
if(fks.exists()) {
@@ -118,13 +118,14 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
write(fks,Chmod.to400,jks,keystorePassArray);
// Change out to TrustStore
- fks = new File(dir,arti.getNs()+".trust."+kst);
+ // NOTE: PKCS12 does NOT support Trusted Entries. Put in JKS Always
+ fks = new File(dir,arti.getNs()+".trust.jks");
if(fks.exists()) {
File backup = File.createTempFile(fks.getName()+'.', ".backup",dir);
fks.renameTo(backup);
}
- jks = KeyStore.getInstance(kst);
+ jks = KeyStore.getInstance("jks");
// Set Truststore Password
addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
index 89816a2c..b3fe2947 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2Lur.java
@@ -41,34 +41,37 @@ public class OAuth2Lur implements Lur {
@Override
public Permission createPerm(String p) {
String[] params = Split.split('|', p);
- if(params.length==3) {
- return new AAFPermission(params[0],params[1],params[2]);
- } else {
- return new LocalPermission(p);
+ switch(params.length) {
+ case 3:
+ return new AAFPermission(null,params[0],params[1],params[2]);
+ case 4:
+ return new AAFPermission(params[0],params[1],params[2],params[3]);
+ default:
+ return new LocalPermission(p);
}
}
@Override
- public boolean fish(Principal bait, Permission pond) {
- AAFPermission apond = (AAFPermission)pond;
- OAuth2Principal oap;
+ public boolean fish(Principal bait, Permission ... pond) {
+ boolean rv = false;
+
if(bait instanceof OAuth2Principal) {
- oap = (OAuth2Principal)bait;
- } else {
- // Here is the spot to put in Principal Conversions
- return false;
- }
-
- TokenPerm tp = oap.tokenPerm();
- if(tp==null) {
- } else {
- for(Permission p : tp.perms()) {
- if(p.match(apond)) {
- return true;
+ OAuth2Principal oap = (OAuth2Principal)bait;
+ for (Permission p : pond ) {
+ AAFPermission apond = (AAFPermission)p;
+
+ TokenPerm tp = oap.tokenPerm();
+ if(tp==null) {
+ } else {
+ for(Permission perm : tp.perms()) {
+ if(perm.match(apond)) {
+ return true;
+ }
+ }
}
}
}
- return false;
+ return rv;
}
@Override
@@ -87,7 +90,7 @@ public class OAuth2Lur implements Lur {
}
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
index 2ebd7dc1..e0d6bf0e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClient.java
@@ -443,6 +443,11 @@ public class TokenClient {
throw new APIException("Error Decrypting Password",e);
}
}
+
+ if(username!=null) {
+ params.add("username="+username);
+ }
+
break;
case refresh_token:
if(client_id!=null) {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index 28bf6592..e235b681 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -38,6 +38,7 @@ import org.onap.aaf.cadi.Hash;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.config.Config;
@@ -63,10 +64,10 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
if(access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, "https://AAF_LOCATE_URL/AAF_NS.token:2.0"); // Default to AAF
+ access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Defaults.OAUTH2_TOKEN_URL); // Default to AAF
}
if(access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, "https://AAF_LOCATE_URL/AAF_NS.introspect:2.0"); // Default to AAF);
+ access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
}
symm = Symm.encrypt.obtain();
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
index 5c77fda7..bb33bc76 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenPerm.java
@@ -141,13 +141,16 @@ public class TokenPerm extends Persisting<Introspect>{
// Gathering object for parsing objects, then creating AAF Permission
private static class PermInfo {
- public String type,instance,action;
+ public String ns,type,instance,action;
public void clear() {
- type=instance=action=null;
+ ns=type=instance=action=null;
}
public void eval(Parsed<State> pd) {
if(pd.hasName()) {
switch(pd.name) {
+ case "ns":
+ ns=pd.sb.toString();
+ break;
case "type":
type=pd.sb.toString();
break;
@@ -162,7 +165,7 @@ public class TokenPerm extends Persisting<Introspect>{
}
public AAFPermission create() {
if(type!=null && instance!=null && action !=null) {
- return new AAFPermission(type, instance, action);
+ return new AAFPermission(ns,type, instance, action);
} else {
return null;
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
index 74d88fc2..95dd9a39 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/olur/OLur.java
@@ -22,16 +22,19 @@
package org.onap.aaf.cadi.olur;
import java.security.Principal;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Result;
+import org.onap.aaf.cadi.lur.LocalPermission;
import org.onap.aaf.cadi.oauth.AbsOTafLur;
import org.onap.aaf.cadi.oauth.OAuth2Principal;
import org.onap.aaf.cadi.oauth.TimedToken;
@@ -39,8 +42,8 @@ import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenPerm;
import org.onap.aaf.cadi.principal.Kind;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.util.Split;
import org.onap.aaf.misc.env.util.Pool.Pooled;
+import org.onap.aaf.misc.env.util.Split;
public class OLur extends AbsOTafLur implements Lur {
public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
@@ -51,7 +54,7 @@ public class OLur extends AbsOTafLur implements Lur {
* @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
*/
@Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
TokenPerm tp;
if(bait instanceof OAuth2Principal) {
OAuth2Principal oa2p = (OAuth2Principal)bait;
@@ -66,7 +69,17 @@ public class OLur extends AbsOTafLur implements Lur {
try {
TokenClient tc = tcp.content;
tc.username(bait.getName());
- Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope());
+ Set<String> scopeSet = new HashSet<>();
+ scopeSet.add(tc.defaultScope());
+ AAFPermission ap;
+ for (Permission p : pond) {
+ ap = (AAFPermission)p;
+ scopeSet.add(ap.getNS());
+ }
+ String[] scopes = new String[scopeSet.size()];
+ scopeSet.toArray(scopes);
+
+ Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
if(rtt.isOK()) {
Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
if(rtp.isOK()) {
@@ -77,9 +90,11 @@ public class OLur extends AbsOTafLur implements Lur {
tcp.done();
}
} catch (APIException | LocatorException | CadiException e) {
- access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage());
+ access.log(e, "Unable to Get a Token");
}
}
+
+ boolean rv = false;
if(tp!=null) {
if(tkMgr.access.willLog(Level.DEBUG)) {
StringBuilder sb = new StringBuilder("AAF Permissions for user ");
@@ -87,8 +102,10 @@ public class OLur extends AbsOTafLur implements Lur {
sb.append(", from token ");
sb.append(tp.get().getAccessToken());
for (AAFPermission p : tp.perms()) {
- sb.append("\n\t");
- sb.append(p.getName());
+ sb.append("\n\t[");
+ sb.append(p.getNS());
+ sb.append(']');
+ sb.append(p.getType());
sb.append('|');
sb.append(p.getInstance());
sb.append('|');
@@ -97,13 +114,18 @@ public class OLur extends AbsOTafLur implements Lur {
sb.append('\n');
access.log(Level.DEBUG, sb);
}
- for (AAFPermission p : tp.perms()) {
- if (p.match(pond)) {
- return true;
+ for (Permission p : pond) {
+ if(rv) {
+ break;
+ }
+ for (AAFPermission perm : tp.perms()) {
+ if (rv=perm.match(p)) {
+ break;
+ }
}
}
}
- return false;
+ return rv;
}
/* (non-Javadoc)
@@ -122,7 +144,7 @@ public class OLur extends AbsOTafLur implements Lur {
* @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
*/
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
@@ -140,10 +162,13 @@ public class OLur extends AbsOTafLur implements Lur {
@Override
public Permission createPerm(final String p) {
String[] s = Split.split('|',p);
- if(s!=null && s.length==3) {
- return new AAFPermission(s[0],s[1],s[2]);
- } else {
- return null;
+ switch(s.length) {
+ case 3:
+ return new AAFPermission(null, s[0],s[1],s[2]);
+ case 4:
+ return new AAFPermission(s[0],s[1],s[2],s[3]);
+ default:
+ return new LocalPermission(p);
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 28103b5d..41931976 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -38,6 +38,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
@@ -311,9 +312,8 @@ public class AAFSSO {
addProp(Config.AAF_LOCATE_URL, locateUrl);
}
- String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service:2.0";
- access.setProperty(Config.AAF_URL, aafUrl);
- access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm:2.0");
+ access.setProperty(Config.AAF_URL, Defaults.AAF_URL);
+ access.setProperty(Config.CM_URL, Defaults.CM_URL);
String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
if(cadiLatitude==null) {
System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
index 4836e4ed..939e9b18 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
@@ -33,11 +33,11 @@ import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.aaf.AAFPermission;
public class JU_AAFPermission {
-
+ private final static String ns = "ns";
private final static String type = "type";
private final static String instance = "instance";
private final static String action = "action";
- private final static String key = type + '|' + instance + '|' + action;
+ private final static String key = ns + '|' + type + '|' + instance + '|' + action;
private final static String role = "role";
private static List<String> roles;
@@ -50,14 +50,17 @@ public class JU_AAFPermission {
@Test
public void constructor1Test() {
- AAFPermission perm = new AAFPermission(type, instance, action);
- assertThat(perm.getName(), is(type));
+ AAFPermission perm = new AAFPermission(ns, type, instance, action);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(0));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key));
@@ -67,39 +70,45 @@ public class JU_AAFPermission {
public void constructor2Test() {
AAFPermission perm;
- perm = new AAFPermission(type, instance, action, null);
- assertThat(perm.getName(), is(type));
+ perm = new AAFPermission(ns, type, instance, action, null);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(0));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
"\n\tInstance: " + instance +
"\n\tAction: " + action +
"\n\tKey: " + key));
- perm = new AAFPermission(type, instance, action, roles);
- assertThat(perm.getName(), is(type));
+ perm = new AAFPermission(ns, type, instance, action, roles);
+ assertThat(perm.getNS(), is(ns));
+ assertThat(perm.getType(), is(type));
assertThat(perm.getInstance(), is(instance));
assertThat(perm.getAction(), is(action));
assertThat(perm.getKey(), is(key));
assertThat(perm.permType(), is("AAF"));
assertThat(perm.roles().size(), is(1));
assertThat(perm.roles().get(0), is(role));
- assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
- "\n\tInstance: " + instance +
- "\n\tAction: " + action +
- "\n\tKey: " + key));
+ assertThat(perm.toString(), is("AAFPermission:" +
+ "\n\tNS: " + ns +
+ "\n\tType: " + type +
+ "\n\tInstance: " + instance +
+ "\n\tAction: " + action +
+ "\n\tKey: " + key));
}
@Test
public void matchTest() {
- final AAFPermission controlPermission = new AAFPermission(type, instance, action);
+ final AAFPermission controlPermission = new AAFPermission(ns,type, instance, action);
PermissionStub perm;
AAFPermission aafperm;
- aafperm = new AAFPermission(type, instance, action);
+ aafperm = new AAFPermission(ns, type, instance, action);
assertThat(controlPermission.match(aafperm), is(true));
perm = new PermissionStub(key);
@@ -117,7 +126,8 @@ public class JU_AAFPermission {
@Test
public void coverageTest() {
AAFPermissionStub aafps = new AAFPermissionStub();
- assertThat(aafps.getName(), is(nullValue()));
+ assertThat(aafps.getNS(), is(nullValue()));
+ assertThat(aafps.getType(), is(nullValue()));
assertThat(aafps.getInstance(), is(nullValue()));
assertThat(aafps.getAction(), is(nullValue()));
assertThat(aafps.getKey(), is(nullValue()));
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
index 6bbed0ed..356c12d5 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
@@ -98,28 +98,28 @@ public class JU_TokenPerm {
String json;
LoadPermissions lp;
Permission p;
-
+
json = "{\"perm\":[" +
- " {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
+ " {\"ns\":\"com\",\"type\":\"access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
"]}";
lp = new LoadPermissions(new StringReader(json));
assertThat(lp.perms.size(), is(1));
p = lp.perms.get(0);
- assertThat(p.getKey(), is("com.access|*|read,approve"));
+ assertThat(p.getKey(), is("com|access|*|read,approve"));
assertThat(p.permType(), is("AAF"));
// Extra closing braces for coverage
json = "{\"perm\":[" +
- " {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
+ " {\"ns\":\"com\",\"type\":\"access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
"]]}";
lp = new LoadPermissions(new StringReader(json));
assertThat(lp.perms.size(), is(1));
p = lp.perms.get(0);
- assertThat(p.getKey(), is("com.access|*|read,approve"));
+ assertThat(p.getKey(), is("com|access|*|read,approve"));
assertThat(p.permType(), is("AAF"));
// Test without a type
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
index 45a7d341..6c3c6118 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
@@ -147,7 +147,7 @@ public class Sample {
String permS = myAccess.getProperty("perm","org.osaaf.aaf.access|*|read");
String[] permA = Split.splitTrim('|', permS);
if(permA.length>2) {
- final Permission perm = new AAFPermission(permA[0],permA[1],permA[2]);
+ final Permission perm = new AAFPermission(null, permA[0],permA[1],permA[2]);
// See the CODE for Java Methods used
if(singleton().oneAuthorization(fqi, perm)) {
System.out.printf("Success: %s has %s\n",fqi.getName(),permS);
diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
index d14e747a..024deff7 100644
--- a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
+++ b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
@@ -81,6 +81,7 @@ public class JU_PropertyLocator {
assertThat(pl.hasItems(), is(false));
assertThat(countItems(pl), is(0));
+ Thread.sleep(20L); // PL checks same milli...
pl.refresh();
assertThat(pl.hasItems(), is(true));
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
index 1d01a3e8..39631894 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
@@ -246,7 +246,7 @@ public abstract class AbsUserCache<PERM extends Permission> {
/**
* The default behavior of a LUR is to not handle something exclusively.
*/
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
index fd73d00b..0beb4856 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Lur.java
@@ -52,7 +52,7 @@ public interface Lur {
* @param principalName
* @return
*/
- public boolean fish(Principal bait, Permission pond);
+ public boolean fish(Principal bait, Permission ... pond);
/**
* Fish all the Principals out a Pond
@@ -77,7 +77,7 @@ public interface Lur {
* @param pond
* @return
*/
- public boolean handlesExclusively(Permission pond);
+ public boolean handlesExclusively(Permission ... pond);
/**
* Does the LUR support a particular kind of Principal
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
index 4067f160..04743b85 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
@@ -662,6 +662,9 @@ public class Symm {
* @throws IOException
*/
public void enpass(final String password, final OutputStream os) throws IOException {
+ if(password==null) {
+ throw new IOException("Invalid password passed");
+ }
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
byte[] bytes = password.getBytes();
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 42c38896..efe5503b 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -134,12 +134,21 @@ public class Config {
public static final String OAUTH_CLIENT_SECRET="client_secret";
public static final String AAF_ENV = "aaf_env";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_ROOT_NS = "aaf_root_ns";
public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
public static final String AAF_ROOT_COMPANY = "aaf_root_company";
public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
+ public static final String AAF_DEFAULT_VERSION = "2.1";
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
+ public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_VERSION;
+ public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_VERSION;
+ public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_VERSION;
+ public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_VERSION;
+ public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_VERSION;
+
public static final String AAF_REGISTER_AS = "aaf_register_as";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
@@ -174,7 +183,6 @@ public class Config {
public static final String AAF_COMPONENT = "aaf_component";
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
- public static final String AAF_DEFAULT_VERSION = "2.0";
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
index 2813dca8..b442c7d9 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/EpiLur.java
@@ -60,7 +60,7 @@ public final class EpiLur implements Lur {
if(lurs.length==0) throw new CadiException("Need at least one Lur implementation in constructor");
}
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if(pond==null) {
return false;
}
@@ -99,7 +99,7 @@ public final class EpiLur implements Lur {
}
// Never needed... Only EpiLur uses...
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
index 0f9adb94..e177a22f 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
@@ -94,14 +94,16 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
}
// @Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
if (pond == null) {
return false;
}
- if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- if (user != null) {
- return user.contains((LocalPermission)pond);
+ for(Permission p : pond) {
+ if (handles(bait) && p instanceof LocalPermission) { // local Users only have LocalPermissions
+ User<LocalPermission> user = getUser(bait);
+ if (user != null) {
+ return user.contains((LocalPermission)p);
+ }
}
}
return false;
@@ -128,8 +130,15 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
return principal.getName().endsWith(supportedRealm);
}
- public boolean handlesExclusively(Permission pond) {
- return supportingGroups.contains(pond.getKey());
+ @Override
+ public boolean handlesExclusively(Permission ... pond) {
+ boolean rv = false;
+ for (Permission p : pond) {
+ if(rv=supportingGroups.contains(p.getKey())) {
+ break;
+ }
+ }
+ return rv;
}
/* (non-Javadoc)
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
index 1e44726a..b314f20e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/NullLur.java
@@ -44,7 +44,7 @@ public class NullLur implements Lur {
return false;
}};
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
// Well, for Jenkins, this is ok... It finds out it can't do J2EE Security, and then looks at it's own
// System.err.println("CADI's LUR has not been configured, but is still being called. Access is being denied");
return false;
@@ -56,7 +56,7 @@ public class NullLur implements Lur {
public void destroy() {
}
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
index f7c3a0a2..b99030eb 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_EpiLur.java
@@ -117,10 +117,10 @@ public class JU_EpiLur {
private class CredValStub implements Lur, CredVal {
@Override public boolean validate(String user, Type type, byte[] cred, Object state) { return false; }
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return false; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public void destroy() { }
- @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handlesExclusively(Permission ... pond) { return false; }
@Override public boolean handles(Principal principal) { return false; }
@Override public void clear(Principal p, StringBuilder report) { }
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
index 1737710a..b34e90ab 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java
@@ -350,7 +350,7 @@ public class JU_AbsUserCache {
class AbsUserCacheCLStub<PERM extends Permission> extends AbsUserCache<PERM> implements CachingLur<PERM> {
public AbsUserCacheCLStub(AbsUserCache<PERM> cache) { super(cache); }
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return false; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public boolean handles(Principal principal) { return false; }
@Override public Resp reload(User<PERM> user) { return null; }
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
index d9a4437c..850dd22c 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java
@@ -122,10 +122,10 @@ public class JU_CadiWrap {
// Anonymous object for testing purposes
CachingLur<Permission> lur1 = new CachingLur<Permission>() {
@Override public Permission createPerm(String p) { return null; }
- @Override public boolean fish(Principal bait, Permission pond) { return true; }
+ @Override public boolean fish(Principal bait, Permission ... pond) { return true; }
@Override public void fishAll(Principal bait, List<Permission> permissions) { }
@Override public void destroy() { }
- @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handlesExclusively(Permission ... pond) { return false; }
@Override public boolean handles(Principal principal) { return false; }
@Override public void remove(String user) { }
@Override public Resp reload(User<Permission> user) { return null; }
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
index 835e699b..ae9c93ed 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
@@ -72,13 +73,10 @@ public class OAuthExample {
// Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files"
- String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,
- "https://AAF_LOCATE_URL/AAF_NS.token:2.0"); // Default to AAF
- String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,
- "https://AAF_LOCATE_URL/AAF_NS.introspect:2.0"); // Default to AAF);
+ String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,Defaults.OAUTH2_TOKEN_URL); // Default to AAF
+ String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,Defaults.OAUTH2_INTROSPECT_URL); // Default to AAF);
// Get Hello Service
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
- "https://AAF_LOCATE_URL/AAF_NS.hello:2.0");
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Defaults.HELLO_URL);
final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
index 4b29518f..c82a7c5d 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
@@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
@@ -103,8 +104,7 @@ public class OnapClientExample {
// Use this Token in your client calls with "Tokenized Client" (TzClient)
// These should NOT be used cross thread.
// Get Hello Service URL... roll your own in your own world.
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
- "https://AAF_LOCATE_URL/AAF_NS.hello:2.0");
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Defaults.HELLO_URL);
TzClient helloClient = tcf.newTzClient(endServicesURL);