From 2c0dd5c5136e249f63f1d3296063795cde30c399 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 27 Jun 2018 09:15:59 -0500 Subject: Refine Agent to create CADI Configs Issue-ID: AAF-378 Change-Id: I4bb70ff582a3990d0344d23aaac2b750e931a6b1 Signed-off-by: Instrumental --- .../org/onap/aaf/cadi/aaf/TestConnectivity.java | 23 +- .../main/java/org/onap/aaf/cadi/cm/CmAgent.java | 252 +++++++++++++++++---- .../main/java/org/onap/aaf/cadi/sso/AAFSSO.java | 31 ++- 3 files changed, 243 insertions(+), 63 deletions(-) (limited to 'cadi') diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java index 243b3a6a..cd08cd4d 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java @@ -64,14 +64,12 @@ public class TestConnectivity { PropAccess access = new PropAccess(args); String aaflocate; if(args.length>1) { - aaflocate = "https://" + args[1] + "/locate"; + aaflocate = "https://" + args[1]; access.setProperty(Config.AAF_LOCATE_URL, "https://" + args[1]); } else { aaflocate = access.getProperty(Config.AAF_LOCATE_URL); if(aaflocate==null) { print(true,"Properties must contain ",Config.AAF_LOCATE_URL); - } else if (!aaflocate.endsWith("/locate")) { - aaflocate += "/locate"; } } @@ -81,16 +79,15 @@ public class TestConnectivity { List> lss = loadSetters(access,si); ///////// print(true,"Test Connections driven by AAFLocator"); - URI serviceURI = new URI(aaflocate+"/AAF_NS.service/2.0"); + URI serviceURI = new URI(aaflocate+"/locate/AAF_NS.service/2.0"); for(URI uri : new URI[] { serviceURI, - new URI(aaflocate+"/AAF_NS.service:2.0"), - new URI(aaflocate+"/AAF_NS.service"), - new URI(aaflocate+"/AAF_NS.gw:2.0"), - new URI(aaflocate+"/AAF_NS.token:2.0"), - new URI(aaflocate+"/AAF_NS.certman:2.0"), - new URI(aaflocate+"/AAF_NS.hello") + new URI(aaflocate+"/locate/AAF_NS.service:2.0"), + new URI(aaflocate+"/locate/AAF_NS.locate:2.0"), + new URI(aaflocate+"/locate/AAF_NS.token:2.0"), + new URI(aaflocate+"/locate/AAF_NS.certman:2.0"), + new URI(aaflocate+"/locate/AAF_NS.hello") }) { Locator locator = new AAFLocator(si, uri); try { @@ -102,8 +99,8 @@ public class TestConnectivity { } ///////// - print(true,"Test Service driven by AAFLocator"); - Locator locator = new AAFLocator(si,new URI(aaflocate+"/AAF_NS.service:2.0")); + print(true,"Test Service for Perms driven by AAFLocator"); + Locator locator = new AAFLocator(si,serviceURI); for(SecuritySetter ss : lss) { permTest(locator,ss); } @@ -120,7 +117,7 @@ public class TestConnectivity { print(true,"Test essential BasicAuth Service call, driven by AAFLocator"); for(SecuritySetter ss : lss) { if(ss instanceof HBasicAuthSS) { - basicAuthTest(new AAFLocator(si, new URI(aaflocate+"/AAF_NS.service:2.0")),ss); + basicAuthTest(new AAFLocator(si, serviceURI),ss); } } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java index bdd95a77..a899662b 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java @@ -24,45 +24,60 @@ package org.onap.aaf.cadi.cm; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; +import java.io.PrintStream; +import java.net.ConnectException; import java.net.InetAddress; import java.net.UnknownHostException; +import java.nio.file.Files; import java.security.KeyStore; import java.security.cert.X509Certificate; import java.util.ArrayDeque; +import java.util.Date; import java.util.Deque; import java.util.GregorianCalendar; import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; +import java.util.Properties; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.CmdLine; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.Symm; import org.onap.aaf.cadi.aaf.client.ErrMessage; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; +import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.http.HBasicAuthSS; +import org.onap.aaf.cadi.locator.SingleEndpointLocator; import org.onap.aaf.cadi.sso.AAFSSO; import org.onap.aaf.cadi.util.FQI; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.Data.TYPE; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; -import org.onap.aaf.misc.env.Data.TYPE; import org.onap.aaf.misc.env.util.Chrono; import org.onap.aaf.misc.env.util.Split; import org.onap.aaf.misc.rosetta.env.RosettaDF; import org.onap.aaf.misc.rosetta.env.RosettaEnv; -import java.util.Properties; - +import aaf.v2_0.Perm; +import aaf.v2_0.Perms; import certman.v1_0.Artifacts; import certman.v1_0.Artifacts.Artifact; import certman.v1_0.CertInfo; import certman.v1_0.CertificateRequest; +import locate.v1_1.Configuration; +import locate.v1_1.Configuration.Props; public class CmAgent { + private static final String HASHES = "######################"; private static final String PRINT = "print"; private static final String FILE = "file"; private static final String PKCS12 = "pkcs12"; @@ -76,6 +91,8 @@ public class CmAgent { private static RosettaDF reqDF; private static RosettaDF certDF; private static RosettaDF artifactsDF; + private static RosettaDF configDF; + private static RosettaDF permDF; private static ErrMessage errMsg; private static Map placeArtifact; private static RosettaEnv env; @@ -86,7 +103,19 @@ public class CmAgent { int exitCode = 0; doExit = true; try { - AAFSSO aafsso = new AAFSSO(args); + AAFSSO aafsso = new AAFSSO(args, new AAFSSO.ProcessArgs() { + @Override + public Properties process(String[] args, Properties props) { + if(args.length>1) { + if(args[0].equals("validate")) { + props.put(Config.CADI_PROP_FILES, args[1]); + } else if (!args[0].equals("genkeypair")) { + props.put("aaf_id", args[1]); + } + } + return props; + } + }); if(aafsso.loginOnly()) { aafsso.setLogDefault(); aafsso.writeFiles(); @@ -105,15 +134,18 @@ public class CmAgent { if(cmds.size()==0) { aafsso.setLogDefault(); + // NOTE: CHANGE IN CMDS should be reflected in AAFSSO constructor, to get FQI->aaf-id or not System.out.println("Usage: java -jar cmd []*"); - System.out.println(" create []"); - System.out.println(" read []"); - System.out.println(" update []"); - System.out.println(" delete []"); - System.out.println(" copy [,]*"); - System.out.println(" place []"); - System.out.println(" showpass []"); - System.out.println(" check []"); + System.out.println(" create []"); + System.out.println(" read []"); + System.out.println(" update []"); + System.out.println(" delete []"); + System.out.println(" copy [,]*"); + System.out.println(" place []"); + System.out.println(" showpass []"); + System.out.println(" check []"); + System.out.println(" config "); + System.out.println(" validate "); System.out.println(" genkeypair"); if (doExit) { System.exit(1); @@ -125,6 +157,8 @@ public class CmAgent { reqDF = env.newDataFactory(CertificateRequest.class); artifactsDF = env.newDataFactory(Artifacts.class); certDF = env.newDataFactory(CertInfo.class); + configDF = env.newDataFactory(Configuration.class); + permDF = env.newDataFactory(Perms.class); errMsg = new ErrMessage(env); placeArtifact = new HashMap(); @@ -154,29 +188,44 @@ public class CmAgent { AAFCon aafcon = new AAFConHttp(access,Config.CM_URL); String cmd = cmds.removeFirst(); - if("place".equals(cmd)) { - placeCerts(trans,aafcon,cmds); - } else if("create".equals(cmd)) { - createArtifact(trans, aafcon,cmds); - } else if("read".equals(cmd)) { - readArtifact(trans, aafcon, cmds); - } else if("copy".equals(cmd)) { - copyArtifact(trans, aafcon, cmds); - } else if("update".equals(cmd)) { - updateArtifact(trans, aafcon, cmds); - } else if("delete".equals(cmd)) { - deleteArtifact(trans, aafcon, cmds); - } else if("showpass".equals(cmd)) { - showPass(trans,aafcon,cmds); - } else if("check".equals(cmd)) { - try { - exitCode = check(trans,aafcon,cmds); - } catch (Exception e) { - exitCode = 1; - throw e; - } - } else { - AAFSSO.cons.printf("Unknown command \"%s\"\n", cmd); + switch(cmd) { + case "place": + placeCerts(trans,aafcon,cmds); + break; + case "create": + createArtifact(trans, aafcon,cmds); + break; + case "read": + readArtifact(trans, aafcon, cmds); + break; + case "copy": + copyArtifact(trans, aafcon, cmds); + break; + case "update": + updateArtifact(trans, aafcon, cmds); + break; + case "delete": + deleteArtifact(trans, aafcon, cmds); + break; + case "showpass": + showPass(trans, aafcon, cmds); + break; + case "config": + initConfig(trans,access,aafcon,cmds); + break; + case "validate": + validate(aafsso,aafcon); + break; + case "check": + try { + exitCode = check(trans,aafcon,cmds); + } catch (Exception e) { + exitCode = 1; + throw e; + } + break; + default: + AAFSSO.cons.printf("Unknown command \"%s\"\n", cmd); } } finally { StringBuilder sb = new StringBuilder(); @@ -217,7 +266,7 @@ public class CmAgent { return value; } - private static String mechID(Deque cmds) { + private static String fqi(Deque cmds) { if(cmds.size()<1) { String alias = env.getProperty(Config.CADI_ALIAS); return alias!=null?alias:AAFSSO.cons.readLine("MechID: "); @@ -245,7 +294,7 @@ public class CmAgent { } private static void createArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); Artifacts artifacts = new Artifacts(); @@ -299,7 +348,7 @@ public class CmAgent { private static void readArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); TimeTaken tt = trans.start("Read Artifact", Env.SUB); @@ -341,7 +390,7 @@ public class CmAgent { } private static void copyArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); String[] newmachs = machines(cmds); if(machine==null || newmachs == null) { @@ -381,7 +430,7 @@ public class CmAgent { } private static void updateArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); TimeTaken tt = trans.start("Update Artifact", Env.REMOTE); @@ -445,7 +494,7 @@ public class CmAgent { } private static void deleteArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechid = mechID(cmds); + String mechid = fqi(cmds); String machine = machine(cmds); TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE); @@ -468,7 +517,7 @@ public class CmAgent { private static boolean placeCerts(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { boolean rv = false; - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); String[] fqdns = Split.split(':', machine); String key; @@ -530,7 +579,7 @@ public class CmAgent { } private static void showPass(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); TimeTaken tt = trans.start("Show Password", Env.REMOTE); @@ -598,6 +647,121 @@ public class CmAgent { } + private static void initConfig(Trans trans, PropAccess pa, AAFCon aafcon, Deque cmds) throws Exception { + final String fqi = fqi(cmds); + final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); + final String rootFile = FQI.reverseDomain(fqi); + final File dir = new File(pa.getProperty(Config.CADI_ETCDIR, ".")); + if(dir.exists()) { + System.out.println("Writing to " + dir.getCanonicalFile()); + } else if(dir.mkdirs()) { + System.out.println("Created directory " + dir.getCanonicalFile()); + } else { + System.err.println("Unable to create or write to " + dir.getCanonicalPath()); + return; + } + + TimeTaken tt = trans.start("Get Configuration", Env.REMOTE); + try { + boolean ok=false; + File fprops = File.createTempFile(rootFile, ".tmp",dir); + PrintStream out = new PrintStream(new FileOutputStream(fprops)); + out.println(HASHES); + out.print("# Configuration File generated on "); + out.println(new Date().toString()); + out.println(HASHES); + + File fkf = new File(dir,rootFile+".keyfile"); + if(!fkf.exists()) { + CmdLine.main(new String[] {"keygen",fkf.toString()}); + } + out.print("cadi_keyfile="); + out.println(fkf.getCanonicalPath()); + + out.print(Config.AAF_APPID); + out.print('='); + out.println(fqi); + + Symm filesymm = Symm.obtain(fkf); + out.print(Config.AAF_APPPASS); + out.print("=enc:"); + String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false); + ps = filesymm.enpass(ps); + out.println(ps); + + out.print(Config.CADI_TRUSTSTORE); + out.print("="); + File origTruststore = new File(pa.getProperty(Config.CADI_TRUSTSTORE)); + File newTruststore = new File(dir,origTruststore.getName()); + if(!newTruststore.exists()) { + Files.copy(origTruststore.toPath(), newTruststore.toPath()); + } + out.println(newTruststore.getCanonicalPath()); + + out.print(Config.CADI_TRUSTSTORE_PASSWORD); + out.print("=enc:"); + ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false); + ps = filesymm.enpass(ps); + out.println(ps); + + + try { + Future acf = aafcon.client(new SingleEndpointLocator(locator)) + .read("/configure/"+fqi+"/aaf", configDF); + if(acf.get(TIMEOUT)) { +// out.println(acf.value.getName()); + for(Props props : acf.value.getProps()) { + out.println(props.getTag() + '=' + props.getValue()); + } + ok = true; + } else if(acf.code()==401){ + trans.error().log("Bad Password sent to AAF"); + } else { + trans.error().log(errMsg.toMsg(acf)); + } + } finally { + out.close(); + } + if(ok) { + File newFile = new File(dir,rootFile+".common.props"); + fprops.renameTo(newFile); + System.out.println("Created " + newFile.getCanonicalPath()); + fprops = newFile; + } else { + fprops.delete(); + } + } finally { + tt.done(); + } + } + + private static void validate(final AAFSSO aafsso, final AAFCon aafcon) throws LocatorException, CadiException, APIException { + System.out.println("Validating Configuration..."); + aafcon.clone(aafsso.access().getProperty(Config.AAF_URL)).best(new Retryable() { + @Override + public Void code(Rcli client) throws CadiException, ConnectException, APIException { + Future fc = client.read("/authz/perms/user/"+aafsso.user(),permDF); + if(fc.get(aafcon.timeout)) { + System.out.print("Success connecting to "); + System.out.println(client.getURI()); + System.out.print(" Permissions for "); + System.out.println(aafsso.user()); + for(Perm p : fc.value.getPerm()) { + System.out.print('\t'); + System.out.print(p.getType()); + System.out.print('|'); + System.out.print(p.getInstance()); + System.out.print('|'); + System.out.println(p.getAction()); + } + } else { + System.err.println("Error: " + fc.code() + ' ' + fc.body()); + } + return null; + } + }); + } + /** * Check returns Error Codes, so that Scripts can know what to do * @@ -614,7 +778,7 @@ public class CmAgent { */ private static int check(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { int exitCode=1; - String mechID = mechID(cmds); + String mechID = fqi(cmds); String machine = machine(cmds); TimeTaken tt = trans.start("Check Certificate", Env.REMOTE); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java index 7d01b70b..c197be26 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java @@ -69,20 +69,28 @@ public class AAFSSO { private boolean ok; public AAFSSO(String[] args) throws IOException, CadiException { + this(args,new Properties()); + } + + public AAFSSO(String[] args, ProcessArgs pa) throws IOException, CadiException { + this(args,pa.process(args, new Properties())); + } + + public AAFSSO(String[] args, Properties dp) throws IOException, CadiException { + stdOutOrig = System.out; + stdErrOrig = System.err; ok = true; List nargs = parseArgs(args); - diskprops = new Properties(); + diskprops = dp; touchDiskprops = false; dot_aaf = new File(System.getProperty("user.home") + "/.aaf"); if (!dot_aaf.exists()) { dot_aaf.mkdirs(); } - stdOutOrig = System.out; - stdErrOrig = System.err; File f = new File(dot_aaf, "sso.out"); os = new PrintStream(new FileOutputStream(f, true)); - System.setOut(os); + //System.setOut(os); System.setErr(os); sso = new File(dot_aaf, "sso.props"); @@ -174,6 +182,12 @@ public class AAFSSO { appID=null; } + if(appID!=null && access.getProperty(Config.AAF_APPPASS)==null) { + char[] password = cons.readPassword("Password for %s: ", appID); + String app_pass = access.encrypt(new String(password)); + access.setProperty(Config.AAF_APPPASS,app_pass); + } + String keystore=access.getProperty(Config.CADI_KEYSTORE); String keystore_pass=access.getProperty(Config.CADI_KEYSTORE_PASSWORD); @@ -183,6 +197,7 @@ public class AAFSSO { for (File tsf : dot_aaf.listFiles()) { name = tsf.getName(); if (!name.contains("trust") && (name.endsWith(".jks") || name.endsWith(".p12"))) { + setLogDefault(); select = cons.readLine("Use %s for Identity? (y/n): ",tsf.getName()); if("y".equalsIgnoreCase(select)) { keystore = tsf.getCanonicalPath(); @@ -282,14 +297,14 @@ public class AAFSSO { String locateUrl = access.getProperty(Config.AAF_LOCATE_URL); if(locateUrl==null) { - locateUrl=AAFSSO.cons.readLine("AAF Locator FQDN/machine[:port]=https://"); + locateUrl=AAFSSO.cons.readLine("AAF Locator URL=https://"); if(locateUrl==null || locateUrl.length()==0) { err = new StringBuilder(Config.AAF_LOCATE_URL); err.append(" is required."); ok = false; return; } else { - locateUrl="https://"+locateUrl+"/locate"; + locateUrl="https://"+locateUrl; } access.setProperty(Config.AAF_LOCATE_URL, locateUrl); addProp(Config.AAF_LOCATE_URL, locateUrl); @@ -470,4 +485,8 @@ public class AAFSSO { public boolean ok() { return ok; } + + public static interface ProcessArgs { + public Properties process(final String[] args, final Properties props); + } } -- cgit 1.2.3-korg