From 1338680ef142f9a33ee32a00b07c7d2ae658cb3a Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Fri, 12 Jul 2019 17:01:40 -0500
Subject: Adjust Agent for none K8s

Issue-ID: AAF-857
Change-Id: Iae6ab3800376465deb69d735d1ab38c931b46688
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java    |  74 +++++++--------
 .../org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java     |   5 --
 .../java/org/onap/aaf/cadi/configure/Agent.java    | 100 ++++++++++++++++-----
 .../aaf/cadi/configure/PlaceArtifactScripts.java   |  19 ++--
 .../onap/aaf/cadi/oauth/TokenClientFactory.java    |  20 +++--
 .../main/java/org/onap/aaf/cadi/sso/AAFSSO.java    |   2 +-
 .../src/main/java/org/onap/aaf/cadi/CmdLine.java   |   6 +-
 .../main/java/org/onap/aaf/cadi/config/Config.java |   3 +
 .../java/org/onap/aaf/cadi/test/JU_CmdLine.java    |   1 +
 9 files changed, 148 insertions(+), 82 deletions(-)

(limited to 'cadi')

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
index 9e21f6cd..e40743da 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFCon.java
@@ -126,43 +126,47 @@ public abstract class AAFCon<CLIENT> implements Connector {
 	            if (mechid==null) {
 	                mechid=access.getProperty(Config.OAUTH_CLIENT_ID,null);
 	            }
-	            String encpass = access.getProperty(Config.AAF_APPPASS, null);
-	            if (encpass==null) {
-	                encpass = access.getProperty(Config.OAUTH_CLIENT_SECRET,null);
-	            }
-	            if (encpass==null) {
-	                String alias = access.getProperty(Config.CADI_ALIAS, mechid);
-	                if (alias==null) {
-	                    access.printf(Access.Level.WARN,"%s, %s or %s required before use.", Config.CADI_ALIAS, Config.AAF_APPID, Config.OAUTH_CLIENT_ID);
-	                    set(si.defSS);
-	                } else {
-	                    si.defSS=x509Alias(alias);
-	                    set(si.defSS);
-	                }
+	            String alias = access.getProperty(Config.CADI_ALIAS, null);
+	            if(alias != null) {
+		            si.defSS=x509Alias(alias);
+		            set(si.defSS);
 	            } else {
-	                if (mechid!=null) {
-	                    si.defSS=basicAuth(mechid, encpass);
-	                    set(si.defSS);
-	                } else {
-	                    si.defSS=new SecuritySetter<CLIENT>() {
-	
-	                        @Override
-	                        public String getID() {
-	                            return "";
-	                        }
-	
-	                        @Override
-	                        public void setSecurity(CLIENT client) throws CadiException {
-	                            throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
-	                        }
 	
-	                        @Override
-	                        public int setLastResponse(int respCode) {
-	                            return 0;
-	                        }
-	                    };
-	                    set(si.defSS);
-	                }
+		            String encpass = access.getProperty(Config.AAF_APPPASS, null);
+		            if (encpass==null) {
+		                encpass = access.getProperty(Config.OAUTH_CLIENT_SECRET,null);
+		            }
+		            
+		            if (encpass==null) {
+		                if (alias==null) {
+		                    access.printf(Access.Level.WARN,"%s, %s or %s required before use.", Config.CADI_ALIAS, Config.AAF_APPID, Config.OAUTH_CLIENT_ID);
+		                    set(si.defSS);
+		                }
+		            } else {
+		                if (mechid!=null) {
+		                    si.defSS=basicAuth(mechid, encpass);
+		                    set(si.defSS);
+		                } else {
+		                    si.defSS=new SecuritySetter<CLIENT>() {
+		
+		                        @Override
+		                        public String getID() {
+		                            return "";
+		                        }
+		
+		                        @Override
+		                        public void setSecurity(CLIENT client) throws CadiException {
+		                            throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
+		                        }
+		
+		                        @Override
+		                        public int setLastResponse(int respCode) {
+		                            return 0;
+		                        }
+		                    };
+		                    set(si.defSS);
+		                }
+		            }
 	            }
 	        }
 	        
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
index d39fc1d6..e60b5d8a 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
@@ -60,31 +60,26 @@ public class AAFConHttp extends AAFCon<HttpURLConnection> {
 
     public AAFConHttp(Access access, String tag) throws CadiException, LocatorException {
         super(access,tag,SecurityInfoC.instance(access, HttpURLConnection.class));
-        bestSS(si);
         hman = new HMangr(access,Config.loadLocator(si, access.getProperty(tag,tag/*try the content itself*/)));
     }
 
     public AAFConHttp(Access access, String urlTag, SecurityInfoC<HttpURLConnection> si) throws CadiException, LocatorException {
         super(access,urlTag,si);
-        bestSS(si);
         hman = new HMangr(access,Config.loadLocator(si, access.getProperty(urlTag,null)));
     }
 
     public AAFConHttp(Access access, Locator<URI> locator) throws CadiException, LocatorException {
         super(access,Config.AAF_URL,SecurityInfoC.instance(access, HttpURLConnection.class));
-        bestSS(si);
         hman = new HMangr(access,locator);
     }
 
     public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si) throws CadiException, LocatorException, APIException {
         super(access,Config.AAF_URL,si);
-        bestSS(si);
         hman = new HMangr(access,locator);
     }
 
     public AAFConHttp(Access access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si, String tag) throws CadiException, LocatorException, APIException {
         super(access,tag,si);
-        bestSS(si);
         hman = new HMangr(access, locator);
     }
     
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index 98abfbf9..aa9bf138 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -140,28 +140,75 @@ public class Agent {
         } else {
             try {
                 AAFSSO aafsso=null;
-                PropAccess access;
+                PropAccess access=null; 
                 
-                if (args.length>1 && args[0].equals("validate") ) {
-                    int idx = args[1].indexOf('=');
-                    aafsso = null;
-                    access = new PropAccess(
-                                (idx<0?Config.CADI_PROP_FILES:args[1].substring(0, idx))+
-                                '='+
-                                (idx<0?args[1]:args[1].substring(idx+1)));
-                } else {
-                    aafsso= new AAFSSO(args, new AAFSSO.ProcessArgs() {
-                        @Override
-                        public Properties process(String[] args, Properties props) {
-                            if (args.length>1) {
-                                if (!args[0].equals("keypairgen")) {
-                                    props.put(Config.AAF_APPID, args[1]);
-                                }    
-                            }
-                            return props;
-                        }
-                    });
-                    access = aafsso.access();
+            	String hasEtc = null;
+                for(String a : args) {
+                	if(a.startsWith(Config.CADI_PROP_FILES)) {
+                		access = new PropAccess(args);
+                		break;
+                	} else if(a.startsWith(Config.CADI_ETCDIR)) {
+                		int idx = a.indexOf('=');
+                		if(idx>=0 && idx<a.length()) {
+                			hasEtc = a.substring(idx+1);
+                		}
+                	}
+                }
+                
+                if(access==null) {
+                	if(args.length>1 && args[1].contains("@")) {
+                		String domain = FQI.reverseDomain(args[1]);
+                		if(domain!=null) {
+                			if(hasEtc==null) {
+                				hasEtc = ".";
+                			}
+                			File etc = new File(hasEtc);
+                			if(etc.exists()) {
+                				File nsprops = new File(etc,domain+".props");
+                				if(nsprops.exists()) {
+                					access = new PropAccess(new String[] {Config.CADI_PROP_FILES+'='+nsprops.getAbsolutePath()});
+                				}
+                			}
+                		}
+                	} 
+                }
+                
+                if(access==null) {
+	                for(Entry<Object, Object> es : System.getProperties().entrySet()) {
+	                	if(Config.CADI_PROP_FILES.equals(es.getKey())) {
+	                		access = new PropAccess();
+	                	}
+	                }
+                }
+
+				// When using Config file, check if Cred Exists, and if not, work with Deployer.
+				if(access!=null && !"config".equals(args[0]) && access.getProperty(Config.AAF_APPPASS)==null && access.getProperty(Config.CADI_ALIAS)==null) {
+					// not enough credentials to use Props.  Use AAFSSO 
+					access = null;
+				}
+
+                if(access==null) {
+	                if (args.length>1 && args[0].equals("validate") ) {
+	                    int idx = args[1].indexOf('=');
+	                    aafsso = null;
+	                    access = new PropAccess(
+	                                (idx<0?Config.CADI_PROP_FILES:args[1].substring(0, idx))+
+	                                '='+
+	                                (idx<0?args[1]:args[1].substring(idx+1)));
+	                } else {
+	                    aafsso= new AAFSSO(args, new AAFSSO.ProcessArgs() {
+	                        @Override
+	                        public Properties process(String[] args, Properties props) {
+	                            if (args.length>1) {
+	                                if (!args[0].equals("keypairgen")) {
+	                                    props.put(Config.AAF_APPID, args[1]);
+	                                }    
+	                            }
+	                            return props;
+	                        }
+	                    });
+	                    access = aafsso.access();
+	                }
                 }
                     
                 if (aafsso!=null && aafsso.loginOnly()) {
@@ -805,7 +852,7 @@ public class Agent {
         try {
 	        final String fqi = fqi(cmds);
 	        Artifact arti = new Artifact();
-	        arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, "."));
+	        arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, System.getProperty("user.dir")));
 	        arti.setNs(FQI.reverseDomain(fqi));
             PropHolder loc = PropHolder.get(arti, "location.props");
             PropHolder cred = PropHolder.get(arti,"cred.props");
@@ -822,13 +869,20 @@ public class Agent {
             	loc.add(tag, getProperty(propAccess, trans, false, tag, "%s: ",tag));
             }
             
+            String keyfile = cred.getKeyPath();
+            if(keyfile!=null) {
+            	File fkeyfile = new File(keyfile);
+            	if(!fkeyfile.exists()) {
+            		ArtifactDir.write(fkeyfile,Chmod.to400,Symm.keygen());
+            	}
+            }
             cred.add(Config.CADI_KEYFILE, cred.getKeyPath());
             final String ssoAppID = propAccess.getProperty(Config.AAF_APPID);
             if(fqi!=null && fqi.equals(ssoAppID)) {
             	cred.addEnc(Config.AAF_APPPASS, propAccess, null);
             // only Ask for Password when starting scratch
             } else if(propAccess.getProperty(Config.CADI_PROP_FILES)==null) {
-            	char[] pwd = AAFSSO.cons.readPassword("Password for %s: ", fqi);
+            	char[] pwd = AAFSSO.cons.readPassword("Password for %s (leave blank for NO password): ", fqi);
             	if(pwd.length>0) {
             		cred.addEnc(Config.AAF_APPPASS, new String(pwd));
             	}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java
index 5ee1abe2..123bb9df 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactScripts.java
@@ -24,6 +24,8 @@ package org.onap.aaf.cadi.configure;
 import java.io.File;
 
 import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.aaf.Defaults;
+import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.util.Chmod;
 import org.onap.aaf.misc.env.Trans;
 import org.onap.aaf.misc.env.util.Chrono;
@@ -55,7 +57,7 @@ public class PlaceArtifactScripts extends ArtifactDir {
                     classpath.append(File.pathSeparatorChar);
                 }
                 File f = new File(pth);
-                classpath.append(f.getCanonicalPath().replaceAll("[0-9]+\\.[0-9]+\\.[0-9]+","*"));
+                classpath.append(f.getCanonicalPath().replaceAll("[0-9]+\\.[0-9]+\\.[0-9]+",Defaults.AAF_VERSION+".*"));
             }
             
             write(f1,Chmod.to644,
@@ -63,10 +65,15 @@ public class PlaceArtifactScripts extends ArtifactDir {
                     "# Certificate Manager Check Script\n",
                     "# Check on Certificate, and renew if needed.\n",
                     "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',
+                    "#   by Deployer " + trans.getProperty(Config.AAF_APPID,"") + '\n', 
+                    "#\n",
                     "DIR="+arti.getDir()+'\n',
+                    "APP_ID=" + arti.getMechid() + '\n',
+                    "FQDN=" + arti.getMachine()+ '\n',
                     "APP="+arti.getNs()+'\n',
-                    "EMAIL="+email,
-                    "CP=\""+classpath.toString()+"\"\n",
+                    "EMAIL="+email+ '\n',
+                    "JAR=\""+classpath.toString()+"\"\n",
+                    "JAVA=\""+javaHome() + "/bin/" +"java\"\n",
                     checkScript
                     );
             
@@ -100,7 +107,6 @@ public class PlaceArtifactScripts extends ArtifactDir {
         return rc==null?System.getProperty("java.home"):rc;
     }
     private final static String checkScript = 
-            "> $DIR/$APP.msg\n\n" +
             "function mailit {\n" +
             "  if [ -e /bin/mail ]; then\n" +
             "     MAILER=/bin/mail\n" +
@@ -115,9 +121,8 @@ public class PlaceArtifactScripts extends ArtifactDir {
             "    printf \"$*\" | $MAILER -s \"AAF Certman Notification for `uname -n`\" $EMAIL\n"+
             " fi\n" +
             "}\n\n" +
-            javaHome() + "/bin/" +"java -cp $CP " +
-                Agent.class.getName() + 
-                " cadi_prop_files=$DIR/$APP.props check 2>  $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +
+            "> $DIR/$APP.msg\n\n" +
+            "$JAVA -jar $JAR check $APP_ID $FQDN cadi_prop_files=$DIR/$APP.props 2>  $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +
             "case \"$?\" in\n" +
             "  0)\n" +
             "    # Note: Validation will be mailed only the first day after any modification\n" +
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index b3cf266e..14cf0f62 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -152,15 +152,17 @@ public class TokenClientFactory extends Persist<Token,TimedToken> {
             }
             sb.append('_');
             sb.append(tokenSource);
-            byte[] tohash=scope.getBytes();
-            if (hash!=null && hash.length>0) {
-                byte temp[] = new byte[hash.length+tohash.length];
-                System.arraycopy(tohash, 0, temp, 0, tohash.length);
-                System.arraycopy(hash, 0, temp, tohash.length, hash.length);
-                tohash = temp;
-            }
-            if (scope!=null && scope.length()>0) {
-                sb.append(Hash.toHexNo0x(Hash.hashSHA256(tohash)));
+            if (scope!=null) {
+                byte[] tohash=scope.getBytes();
+                if (hash!=null && hash.length>0) {
+                    byte temp[] = new byte[hash.length+tohash.length];
+                    System.arraycopy(tohash, 0, temp, 0, tohash.length);
+                    System.arraycopy(hash, 0, temp, tohash.length, hash.length);
+                    tohash = temp;
+                }
+                if (scope.length()>0) {
+                    sb.append(Hash.toHexNo0x(Hash.hashSHA256(tohash)));
+                }
             }
             return sb.toString();
         } catch (NoSuchAlgorithmException e) {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index de31e661..c0ac43e9 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -381,7 +381,7 @@ public class AAFSSO {
             addProp(Config.AAF_LOCATE_URL, locateUrl);
             try {
             	if(access.getProperty(Config.AAF_URL)==null) {
-            		access.setProperty(Config.AAF_URL, "https://AAF_LOCATE/AAF_NS.service:2.1");
+            		access.setProperty(Config.AAF_URL, Defaults.AAF_ROOT+".service:"+Defaults.AAF_VERSION);
             	}
 				AAFCon<?> aafCon = AAFCon.newInstance(access);
 		    	Future<Configuration> acf;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
index 68a8db05..0a1f38db 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
@@ -113,7 +113,8 @@ public class CmdLine {
 // Jonathan.  Oh, well, Deployment services need this behavior.  I will put this code in, but leave it undocumented. 
 // One still needs access to the keyfile to read.
 // July 2016 - thought of a tool "CMPass" to regurgitate from properties, but only if allowed.
-            } else if ("regurgitate".equalsIgnoreCase(args[0]) && args.length>2) {
+            } else if (("regurgitate".equalsIgnoreCase(args[0]) || "undigest".equalsIgnoreCase(args[0]))
+            			&& args.length>2) {
                 try {
                     Symm symm;
                     FileInputStream fis = new FileInputStream(args[2]);
@@ -188,7 +189,7 @@ public class CmdLine {
                     System.out.flush();
                     return;
                 } catch (IOException e) {
-                    System.err.println("Cannot regurgitate password");
+                    System.err.println("Cannot undigest password");
                     System.err.println("   \""+ e.getMessage() + '"');
                 }
             } else if ("encode64".equalsIgnoreCase(args[0]) && args.length>1) {
@@ -334,6 +335,7 @@ public class CmdLine {
             System.out.println("  digest [<passwd>|-i|] <keyfile>        (Encrypts Password with \"keyfile\"");
             System.out.println("                                          if passwd = -i, will read StdIn");
             System.out.println("                                          if passwd is blank, will ask securely)");
+            System.out.println("  undigest <enc:...> <keyfile>           (Decrypts Encoded with \"keyfile\")");
             System.out.println("  passgen <digits>                       (Generate Password of given size)");
             System.out.println("  urlgen <digits>                        (Generate URL field of given size)");
             System.out.println("  encode64 <your text>                   (Encodes to Base64)");
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 2655b4ce..48f5e2d1 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -228,6 +228,9 @@ public class Config {
     public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:"+AAF_DEFAULT_API_VERSION;
     public static final String AAF_URL_HELLO = "aaf_url_hello";
     public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
+    // let NS Owners choose with <ns>.certman aaf ignoreIPs" to ignoreIP Check for Configs
+    // Probably only want to allow in a DEV Env.
+    public static final String CM_ALLOW_IGNORE_IPS="cm_allow_ignore_ips";
 
     public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";
     public static final String PATHFILTER_STACK = "pathfilter_stack";
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java
index 967bf221..859f9a25 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java
@@ -235,6 +235,7 @@ public class JU_CmdLine {
             "  digest [<passwd>|-i|] <keyfile>        (Encrypts Password with \"keyfile\"" + lineSeparator +
             "                                          if passwd = -i, will read StdIn" + lineSeparator +
             "                                          if passwd is blank, will ask securely)" + lineSeparator +
+            "  undigest <enc:...> <keyfile>           (Decrypts Encoded with \"keyfile\")" + lineSeparator +
             "  passgen <digits>                       (Generate Password of given size)" + lineSeparator +
             "  urlgen <digits>                        (Generate URL field of given size)" + lineSeparator +
             "  encode64 <your text>                   (Encodes to Base64)" + lineSeparator +
-- 
cgit 1.2.3-korg