diff options
Diffstat (limited to 'aaf/src/main/java/org/onap/aaf/cadi/cm')
9 files changed, 0 insertions, 1904 deletions
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/ArtifactDir.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/ArtifactDir.java deleted file mode 100644 index af50682..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/ArtifactDir.java +++ /dev/null @@ -1,288 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.security.KeyStore;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.util.Chmod;
-
-import org.onap.aaf.inno.env.Trans;
-import org.onap.aaf.inno.env.util.Chrono;
-
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-
-public abstract class ArtifactDir implements PlaceArtifact {
-
- protected static final String C_R = "\n";
- protected File dir;
- private List<String> encodeds = new ArrayList<String>();
-
- private Symm symm;
- // This checks for multiple passes of Dir on the same objects. Run clear after done.
- protected static Map<String,Object> processed = new HashMap<String,Object>();
-
-
- /**
- * Note: Derived Classes should ALWAYS call "super.place(cert,arti)" first, and
- * then "placeProperties(arti)" just after they implement
- */
- @Override
- public final boolean place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- validate(arti);
-
- try {
- // Obtain/setup directory as required
- dir = new File(arti.getDir());
- if(processed.get("dir")==null) {
- if(!dir.exists()) {
- Chmod.to755.chmod(dir);
- if(!dir.mkdirs()) {
- throw new CadiException("Could not create " + dir);
- }
- }
-
- // Also place cm_url and Host Name
- addProperty(Config.CM_URL,trans.getProperty(Config.CM_URL));
- addProperty(Config.HOSTNAME,arti.getMachine());
- //addProperty(Config.AAF_ENV,certInfo.getEnv());
- // Obtain Issuers
- boolean first = true;
- StringBuilder issuers = new StringBuilder();
-// for(String dn : certInfo.getCaIssuerDNs()) {
-// if(first) {
-// first=false;
-// } else {
-// issuers.append(':');
-// }
-// issuers.append(dn);
-// }
- addProperty(Config.CADI_X509_ISSUERS,issuers.toString());
- }
- symm = (Symm)processed.get("symm");
- if(symm==null) {
- // CADI Key Gen
- File f = new File(dir,arti.getAppName() + ".keyfile");
- if(!f.exists()) {
- write(f,Chmod.to400,Symm.baseCrypt().keygen());
- }
- symm = Symm.obtain(f);
-
- addEncProperty("ChallengePassword", certInfo.getChallenge());
-
- processed.put("symm",symm);
- }
-
- _place(trans, certInfo,arti);
-
- placeProperties(arti);
-
- processed.put("dir",dir);
-
- } catch (Exception e) {
- throw new CadiException(e);
- }
- return true;
- }
-
- /**
- * Derived Classes implement this instead, so Dir can process first, and write any Properties last
- * @param cert
- * @param arti
- * @return
- * @throws CadiException
- */
- protected abstract boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException;
-
- protected void addProperty(String tag, String value) throws IOException {
- StringBuilder sb = new StringBuilder();
- sb.append(tag);
- sb.append('=');
- sb.append(value);
- encodeds.add(sb.toString());
- }
-
- protected void addEncProperty(String tag, String value) throws IOException {
- StringBuilder sb = new StringBuilder();
- sb.append(tag);
- sb.append('=');
- sb.append("enc:???");
- sb.append(symm.enpass(value));
- encodeds.add(sb.toString());
- }
-
- protected void write(File f, Chmod c, String ... data) throws IOException {
- f.setWritable(true,true);
-
- FileOutputStream fos = new FileOutputStream(f);
- PrintStream ps = new PrintStream(fos);
- try {
- for(String s : data) {
- ps.print(s);
- }
- } finally {
- ps.close();
- c.chmod(f);
- }
- }
-
- protected void write(File f, Chmod c, byte[] bytes) throws IOException {
- f.setWritable(true,true);
-
- FileOutputStream fos = new FileOutputStream(f);
- try {
- fos.write(bytes);
- } finally {
- fos.close();
- c.chmod(f);
- }
- }
-
- protected void write(File f, Chmod c, KeyStore ks, char[] pass ) throws IOException, CadiException {
- f.setWritable(true,true);
-
- FileOutputStream fos = new FileOutputStream(f);
- try {
- ks.store(fos, pass);
- } catch (Exception e) {
- throw new CadiException(e);
- } finally {
- fos.close();
- c.chmod(f);
- }
- }
-
-
- private void validate(Artifact a) throws CadiException {
- StringBuilder sb = new StringBuilder();
- if(a.getDir()==null) {
- sb.append("File Artifacts require a path");
- }
-
- if(a.getAppName()==null) {
- if(sb.length()>0) {
- sb.append('\n');
- }
- sb.append("File Artifacts require an AAF Namespace");
- }
-
- if(sb.length()>0) {
- throw new CadiException(sb.toString());
- }
- }
-
- private boolean placeProperties(Artifact arti) throws CadiException {
- if(encodeds.size()==0) {
- return true;
- }
- boolean first=processed.get("dir")==null;
- try {
- File f = new File(dir,arti.getAppName()+".props");
- if(f.exists()) {
- if(first) {
- f.delete();
- } else {
- f.setWritable(true);
- }
- }
- // Append if not first
- PrintWriter pw = new PrintWriter(new FileWriter(f,!first));
-
- // Write a Header
- if(first) {
- for(int i=0;i<60;++i) {
- pw.print('#');
- }
- pw.println();
- pw.println("# Properties Generated by AT&T Certificate Manager");
- pw.print("# by ");
- pw.println(System.getProperty("user.name"));
- pw.print("# on ");
- pw.println(Chrono.dateStamp());
- pw.println("# @copyright 2016, AT&T");
- for(int i=0;i<60;++i) {
- pw.print('#');
- }
- pw.println();
- for(String prop : encodeds) {
- if( prop.startsWith("cm_")
- || prop.startsWith(Config.HOSTNAME)
- || prop.startsWith(Config.AAF_ENV)) {
- pw.println(prop);
- }
- }
- }
-
- try {
- for(String prop : encodeds) {
- if(prop.startsWith("cadi")) {
- pw.println(prop);
- }
- }
- } finally {
- pw.close();
- }
- Chmod.to644.chmod(f);
-
- if(first) {
- // Challenge
- f = new File(dir,arti.getAppName()+".chal");
- if(f.exists()) {
- f.delete();
- }
- pw = new PrintWriter(new FileWriter(f));
- try {
- for(String prop : encodeds) {
- if(prop.startsWith("Challenge")) {
- pw.println(prop);
- }
- }
- } finally {
- pw.close();
- }
- Chmod.to400.chmod(f);
- }
- } catch(Exception e) {
- throw new CadiException(e);
- }
- return true;
- }
-
- public static void clear() {
- processed.clear();
- }
-
-}
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/CertException.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/CertException.java deleted file mode 100644 index bac4a17..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/CertException.java +++ /dev/null @@ -1,46 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-public class CertException extends Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = 1373028409048516401L;
-
- public CertException() {
- }
-
- public CertException(String message) {
- super(message);
- }
-
- public CertException(Throwable cause) {
- super(cause);
- }
-
- public CertException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java deleted file mode 100644 index 15ed5d0..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java +++ /dev/null @@ -1,712 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.security.KeyStore;
-import java.security.cert.X509Certificate;
-import java.util.ArrayDeque;
-import java.util.Deque;
-import java.util.GregorianCalendar;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.aaf.client.ErrMessage;
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
-import org.onap.aaf.cadi.client.Future;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.http.HBasicAuthSS;
-import org.onap.aaf.cadi.sso.AAFSSO;
-
-import java.util.Properties;
-
-import org.onap.aaf.inno.env.Data.TYPE;
-import org.onap.aaf.inno.env.Env;
-import org.onap.aaf.inno.env.TimeTaken;
-import org.onap.aaf.inno.env.Trans;
-import org.onap.aaf.inno.env.util.Chrono;
-import org.onap.aaf.inno.env.util.Split;
-import org.onap.aaf.rosetta.env.RosettaDF;
-import org.onap.aaf.rosetta.env.RosettaEnv;
-
-import certman.v1_0.Artifacts;
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-import certman.v1_0.CertificateRequest;
-
-public class CmAgent {
- private static final String PRINT = "print";
- private static final String FILE = "file";
- private static final String PKCS12 = "pkcs12";
- private static final String JKS = "jks";
- private static final String SCRIPT="script";
-
- private static final String CM_VER = "1.0";
- public static final int PASS_SIZE = 24;
- private static int TIMEOUT;
-
- private static RosettaDF<CertificateRequest> reqDF;
- private static RosettaDF<CertInfo> certDF;
- private static RosettaDF<Artifacts> artifactsDF;
- private static ErrMessage errMsg;
- private static Map<String,PlaceArtifact> placeArtifact;
- private static RosettaEnv env;
-
- public static void main(String[] args) {
- int exitCode = 0;
- try {
- AAFSSO aafsso = new AAFSSO(args);
- if(aafsso.loginOnly()) {
- aafsso.setLogDefault();
- aafsso.writeFiles();
- System.out.println("AAF SSO information created in ~/.aaf");
- } else {
- PropAccess access = aafsso.access();
- env = new RosettaEnv(access.getProperties());
- Deque<String> cmds = new ArrayDeque<String>();
- for(String p : args) {
- if(p.indexOf('=')<0) {
- cmds.add(p);
- }
- }
-
- if(cmds.size()==0) {
- aafsso.setLogDefault();
- System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");
- System.out.println(" create <mechID> [<machine>]");
- System.out.println(" read <mechID> [<machine>]");
- System.out.println(" update <mechID> [<machine>]");
- System.out.println(" delete <mechID> [<machine>]");
- System.out.println(" copy <mechID> <machine> <newmachine>[,<newmachine>]*");
- System.out.println(" place <mechID> [<machine>]");
- System.out.println(" showpass <mechID> [<machine>]");
- System.out.println(" check <mechID> [<machine>]");
- System.exit(1);
- }
-
- TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000"));
-
- reqDF = env.newDataFactory(CertificateRequest.class);
- artifactsDF = env.newDataFactory(Artifacts.class);
- certDF = env.newDataFactory(CertInfo.class);
- errMsg = new ErrMessage(env);
-
- placeArtifact = new HashMap<String,PlaceArtifact>();
- placeArtifact.put(JKS, new PlaceArtifactInKeystore(JKS));
- placeArtifact.put(PKCS12, new PlaceArtifactInKeystore(PKCS12));
- placeArtifact.put(FILE, new PlaceArtifactInFiles());
- placeArtifact.put(PRINT, new PlaceArtifactOnStream(System.out));
- placeArtifact.put(SCRIPT, new PlaceArtifactScripts());
-
- Trans trans = env.newTrans();
- try {
- // show Std out again
- aafsso.setLogDefault();
- aafsso.setStdErrDefault();
-
- // if CM_URL can be obtained, add to sso.props, if written
- String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL+": ");
- if(cm_url!=null) {
- aafsso.addProp(Config.CM_URL, cm_url);
- }
- aafsso.writeFiles();
-
- AAFCon<?> aafcon = new AAFConHttp(access,Config.CM_URL);
-
- String cmd = cmds.removeFirst();
- if("place".equals(cmd)) {
- placeCerts(trans,aafcon,cmds);
- } else if("create".equals(cmd)) {
- createArtifact(trans, aafcon,cmds);
- } else if("read".equals(cmd)) {
- readArtifact(trans, aafcon, cmds);
- } else if("copy".equals(cmd)) {
- copyArtifact(trans, aafcon, cmds);
- } else if("update".equals(cmd)) {
- updateArtifact(trans, aafcon, cmds);
- } else if("delete".equals(cmd)) {
- deleteArtifact(trans, aafcon, cmds);
- } else if("showpass".equals(cmd)) {
- showPass(trans,aafcon,cmds);
- } else if("check".equals(cmd)) {
- try {
- exitCode = check(trans,aafcon,cmds);
- } catch (Exception e) {
- exitCode = 1;
- throw e;
- }
- } else {
- AAFSSO.cons.printf("Unknown command \"%s\"\n", cmd);
- }
- } finally {
- StringBuilder sb = new StringBuilder();
- trans.auditTrail(4, sb, Trans.REMOTE);
- if(sb.length()>0) {
- trans.info().log("Trans Info\n",sb);
- }
- }
- aafsso.close();
- }
- } catch (Exception e) {
- e.printStackTrace();
- }
- if(exitCode!=0) {
- System.exit(exitCode);
- }
- }
-
- private static String getProperty(PropAccess pa, Env env, boolean secure, String tag, String prompt, Object ... def) {
- String value;
- if((value=pa.getProperty(tag))==null) {
- if(secure) {
- value = new String(AAFSSO.cons.readPassword(prompt, def));
- } else {
- value = AAFSSO.cons.readLine(prompt,def).trim();
- }
- if(value!=null) {
- if(value.length()>0) {
- pa.setProperty(tag,value);
- env.setProperty(tag,value);
- } else if(def.length==1) {
- value=def[0].toString();
- pa.setProperty(tag,value);
- env.setProperty(tag,value);
- }
- }
- }
- return value;
- }
-
- private static String mechID(Deque<String> cmds) {
- if(cmds.size()<1) {
- String alias = env.getProperty(Config.CADI_ALIAS);
- return alias!=null?alias:AAFSSO.cons.readLine("MechID: ");
- }
- return cmds.removeFirst();
- }
-
- private static String machine(Deque<String> cmds) throws UnknownHostException {
- if(cmds.size()>0) {
- return cmds.removeFirst();
- } else {
- String mach = env.getProperty(Config.HOSTNAME);
- return mach!=null?mach:InetAddress.getLocalHost().getHostName();
- }
- }
-
- private static String[] machines(Deque<String> cmds) {
- String machines;
- if(cmds.size()>0) {
- machines = cmds.removeFirst();
- } else {
- machines = AAFSSO.cons.readLine("Machines (sep by ','): ");
- }
- return Split.split(',', machines);
- }
-
- private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = mechID(cmds);
- String machine = machine(cmds);
-
- Artifacts artifacts = new Artifacts();
- Artifact arti = new Artifact();
- artifacts.getArtifact().add(arti);
- arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: "));
- arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));
- arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf"));
-
- String resp = AAFSSO.cons.readLine("Types [file,jks,script] (%s): ", "jks");
- for(String s : Split.splitTrim(',', resp)) {
- arti.getType().add(s);
- }
- // Always do Script
- if(!resp.contains(SCRIPT)) {
- arti.getType().add(SCRIPT);
- }
-
- // Note: Sponsor is set on Creation by CM
- String configRootName = AAFCon.reverseDomain(arti.getMechid());
- arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",configRootName));
- arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", System.getProperty("user.dir")));
- arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", System.getProperty("user.name")));
- arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renewal Days (%s):", "30")));
- arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (mailto owner):", "")));
-
- TimeTaken tt = trans.start("Create Artifact", Env.REMOTE);
- try {
- Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts);
- if(future.get(TIMEOUT)) {
- trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine());
- } else {
- trans.error().printf("Call to AAF Certman failed, %s",
- errMsg.toMsg(future));
- }
- } finally {
- tt.done();
- }
- }
-
- private static String toNotification(String notification) {
- if(notification==null) {
- notification="";
- } else if(notification.length()>0) {
- if(notification.indexOf(':')<0) {
- notification = "mailto:" + notification;
- }
- }
- return notification;
- }
-
-
- private static void readArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = mechID(cmds);
- String machine = machine(cmds);
-
- TimeTaken tt = trans.start("Read Artifact", Env.SUB);
- try {
- Future<Artifacts> future = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
-
- if(future.get(TIMEOUT)) {
- boolean printed = false;
- for(Artifact a : future.value.getArtifact()) {
- AAFSSO.cons.printf("MechID: %s\n",a.getMechid());
- AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor());
- AAFSSO.cons.printf("Machine: %s\n",a.getMachine());
- AAFSSO.cons.printf("CA: %s\n",a.getCa());
- StringBuilder sb = new StringBuilder();
- boolean first = true;
- for(String t : a.getType()) {
- if(first) {first=false;}
- else{sb.append(',');}
- sb.append(t);
- }
- AAFSSO.cons.printf("Types: %s\n",sb);
- AAFSSO.cons.printf("Namespace: %s\n",a.getAppName());
- AAFSSO.cons.printf("Directory: %s\n",a.getDir());
- AAFSSO.cons.printf("O/S User: %s\n",a.getOsUser());
- AAFSSO.cons.printf("Renew Days: %d\n",a.getRenewDays());
- AAFSSO.cons.printf("Notification %s\n",a.getNotification());
- printed = true;
- }
- if(!printed) {
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);
- }
- } else {
- trans.error().log(errMsg.toMsg(future));
- }
- } finally {
- tt.done();
- }
- }
-
- private static void copyArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = mechID(cmds);
- String machine = machine(cmds);
- String[] newmachs = machines(cmds);
- if(newmachs==null || newmachs == null) {
- trans.error().log("No machines listed to copy to");
- } else {
- TimeTaken tt = trans.start("Copy Artifact", Env.REMOTE);
- try {
- Future<Artifacts> future = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
-
- if(future.get(TIMEOUT)) {
- boolean printed = false;
- for(Artifact a : future.value.getArtifact()) {
- for(String m : newmachs) {
- a.setMachine(m);
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, future.value);
- if(fup.get(TIMEOUT)) {
- trans.info().printf("Copy of %s %s successful to %s",mechID,machine,m);
- } else {
- trans.error().printf("Call to AAF Certman failed, %s",
- errMsg.toMsg(fup));
- }
-
- printed = true;
- }
- }
- if(!printed) {
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);
- }
- } else {
- trans.error().log(errMsg.toMsg(future));
- }
- } finally {
- tt.done();
- }
- }
- }
-
- private static void updateArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = mechID(cmds);
- String machine = machine(cmds);
-
- TimeTaken tt = trans.start("Update Artifact", Env.REMOTE);
- try {
- Future<Artifacts> fread = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
-
- if(fread.get(TIMEOUT)) {
- Artifacts artifacts = new Artifacts();
- for(Artifact a : fread.value.getArtifact()) {
- Artifact arti = new Artifact();
- artifacts.getArtifact().add(arti);
-
- AAFSSO.cons.printf("For %s on %s\n", a.getMechid(),a.getMachine());
- arti.setMechid(a.getMechid());
- arti.setMachine(a.getMachine());
- arti.setCa(AAFSSO.cons.readLine("CA: (%s): ",a.getCa()));
- StringBuilder sb = new StringBuilder();
- boolean first = true;
- for(String t : a.getType()) {
- if(first) {first=false;}
- else{sb.append(',');}
- sb.append(t);
- }
-
- String resp = AAFSSO.cons.readLine("Types [file,jks,pkcs12] (%s): ", sb);
- for(String s : Split.splitTrim(',', resp)) {
- arti.getType().add(s);
- }
- // Always do Script
- if(!resp.contains(SCRIPT)) {
- arti.getType().add(SCRIPT);
- }
-
- // Note: Sponsor is set on Creation by CM
- arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",a.getAppName()));
- arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", a.getDir()));
- arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", a.getOsUser()));
- arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renew Days (%s):", a.getRenewDays())));
- arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (%s):", a.getNotification())));
-
- }
- if(artifacts.getArtifact().size()==0) {
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);
- } else {
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, artifacts);
- if(fup.get(TIMEOUT)) {
- trans.info().printf("Call to AAF Certman successful %s, %s",mechID,machine);
- } else {
- trans.error().printf("Call to AAF Certman failed, %s",
- errMsg.toMsg(fup));
- }
- }
- } else {
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",
- errMsg.toMsg(fread),mechID,machine);
- }
- } finally {
- tt.done();
- }
- }
-
- private static void deleteArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechid = mechID(cmds);
- String machine = machine(cmds);
-
- TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE);
- try {
- Future<Void> future = aafcon.client(CM_VER)
- .delete("/cert/artifacts/"+mechid+"/"+machine,"application/json" );
-
- if(future.get(TIMEOUT)) {
- trans.info().printf("Call to AAF Certman successful %s, %s",mechid,machine);
- } else {
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",
- errMsg.toMsg(future),mechid,machine);
- }
- } finally {
- tt.done();
- }
- }
-
-
-
- private static boolean placeCerts(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- boolean rv = false;
- String mechID = mechID(cmds);
- String machine = machine(cmds);
-
- TimeTaken tt = trans.start("Place Artifact", Env.REMOTE);
- try {
- Future<Artifacts> acf = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
- if(acf.get(TIMEOUT)) {
- // Have to wait for JDK 1.7 source...
- //switch(artifact.getType()) {
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {
- AAFSSO.cons.printf("===> There are no artifacts for %s %s", mechID, machine);
- } else {
- for(Artifact a : acf.value.getArtifact()) {
- String osID = System.getProperty("user.name");
- if(a.getOsUser().equals(osID)) {
- CertificateRequest cr = new CertificateRequest();
- cr.setMechid(a.getMechid());
- cr.setSponsor(a.getSponsor());
- cr.getFqdns().add(a.getMachine());
- Future<String> f = aafcon.client(CM_VER)
- .setQueryParams("withTrust")
- .updateRespondString("/cert/" + a.getCa(),reqDF, cr);
- if(f.get(TIMEOUT)) {
- CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject();
- for(String type : a.getType()) {
- PlaceArtifact pa = placeArtifact.get(type);
- if(pa!=null) {
- if(rv = pa.place(trans, capi, a)) {
- notifyPlaced(a,rv);
- }
- }
- }
- // Cover for the above multiple pass possibilities with some static Data, then clear per Artifact
- } else {
- trans.error().log(errMsg.toMsg(f));
- }
- } else {
- trans.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");
- }
- }
- }
- } else {
- trans.error().log(errMsg.toMsg(acf));
- }
- } finally {
- tt.done();
- }
- return rv;
- }
-
- private static void notifyPlaced(Artifact a, boolean rv) {
-
-
- }
-
- private static void showPass(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- String mechID = mechID(cmds);
- String machine = machine(cmds);
-
- TimeTaken tt = trans.start("Show Password", Env.REMOTE);
- try {
- Future<Artifacts> acf = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
- if(acf.get(TIMEOUT)) {
- // Have to wait for JDK 1.7 source...
- //switch(artifact.getType()) {
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);
- } else {
- String id = aafcon.defID();
- boolean allowed;
- for(Artifact a : acf.value.getArtifact()) {
- allowed = id!=null && (id.equals(a.getSponsor()) ||
- (id.equals(a.getMechid())
- && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));
- if(!allowed) {
- Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" +
- a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*");
- if(pf.get(TIMEOUT)) {
- allowed = true;
- } else {
- trans.error().log(errMsg.toMsg(pf));
- }
- }
- if(allowed) {
- File dir = new File(a.getDir());
- Properties props = new Properties();
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));
- try {
- props.load(fis);
- fis.close();
- fis = new FileInputStream(new File(dir,a.getAppName()+".chal"));
- props.load(fis);
- } finally {
- fis.close();
- }
-
- File f = new File(dir,a.getAppName()+".keyfile");
- if(f.exists()) {
- Symm symm = Symm.obtain(f);
-
- for(Iterator<Entry<Object,Object>> iter = props.entrySet().iterator(); iter.hasNext();) {
- Entry<Object,Object> en = iter.next();
- if(en.getValue().toString().startsWith("enc:???")) {
- System.out.printf("%s=%s\n", en.getKey(), symm.depass(en.getValue().toString()));
- }
- }
- } else {
- trans.error().printf("%s.keyfile must exist to read passwords for %s on %s",
- f.getAbsolutePath(),a.getMechid(), a.getMachine());
- }
- }
- }
- }
- } else {
- trans.error().log(errMsg.toMsg(acf));
- }
- } finally {
- tt.done();
- }
-
- }
-
-
- /**
- * Check returns Error Codes, so that Scripts can know what to do
- *
- * 0 - Check Complete, nothing to do
- * 1 - General Error
- * 2 - Error for specific Artifact - read check.msg
- * 10 - Certificate Updated - check.msg is email content
- *
- * @param trans
- * @param aafcon
- * @param cmds
- * @return
- * @throws Exception
- */
- private static int check(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- int exitCode=1;
- String mechID = mechID(cmds);
- String machine = machine(cmds);
-
- TimeTaken tt = trans.start("Check Certificate", Env.REMOTE);
- try {
-
- Future<Artifacts> acf = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
- if(acf.get(TIMEOUT)) {
- // Have to wait for JDK 1.7 source...
- //switch(artifact.getType()) {
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);
- } else {
- String id = aafcon.defID();
- GregorianCalendar now = new GregorianCalendar();
- for(Artifact a : acf.value.getArtifact()) {
- if(id.equals(a.getMechid())) {
- File dir = new File(a.getDir());
- Properties props = new Properties();
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));
- try {
- props.load(fis);
- } finally {
- fis.close();
- }
-
- String prop;
- File f;
-
- if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||
- !(f=new File(prop)).exists()) {
- trans.error().printf("Keyfile must exist to check Certificates for %s on %s",
- a.getMechid(), a.getMachine());
- } else {
- String ksf = props.getProperty(Config.CADI_KEYSTORE);
- String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);
- if(ksf==null || ksps == null) {
- trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",
- Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());
- } else {
- KeyStore ks = KeyStore.getInstance("JKS");
- Symm symm = Symm.obtain(f);
-
- fis = new FileInputStream(ksf);
- try {
- ks.load(fis,symm.depass(ksps).toCharArray());
- } finally {
- fis.close();
- }
- X509Certificate cert = (X509Certificate)ks.getCertificate(mechID);
- String msg = null;
-
- if(cert==null) {
- msg = String.format("X509Certificate does not exist for %s on %s in %s",
- a.getMechid(), a.getMachine(), ksf);
- trans.error().log(msg);
- exitCode = 2;
- } else {
- GregorianCalendar renew = new GregorianCalendar();
- renew.setTime(cert.getNotAfter());
- renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays());
- if(renew.after(now)) {
- msg = String.format("X509Certificate for %s on %s has been checked on %s. It expires on %s; it will not be renewed until %s.\n",
- a.getMechid(), a.getMachine(),Chrono.dateOnlyStamp(now),cert.getNotAfter(),Chrono.dateOnlyStamp(renew));
- trans.info().log(msg);
- exitCode = 0; // OK
- } else {
- trans.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n",
- a.getMechid(), a.getMachine(),cert.getNotAfter());
- cmds.offerLast(mechID);
- cmds.offerLast(machine);
- if(placeCerts(trans,aafcon,cmds)) {
- msg = String.format("X509Certificate for %s on %s has been renewed. Ensure services using are refreshed.\n",
- a.getMechid(), a.getMachine());
- exitCode = 10; // Refreshed
- } else {
- msg = String.format("X509Certificate for %s on %s attempted renewal, but failed. Immediate Investigation is required!\n",
- a.getMechid(), a.getMachine());
- exitCode = 1; // Error Renewing
- }
- }
- }
- if(msg!=null) {
- FileOutputStream fos = new FileOutputStream(a.getDir()+'/'+a.getAppName()+".msg");
- try {
- fos.write(msg.getBytes());
- } finally {
- fos.close();
- }
- }
- }
-
- }
- }
- }
- }
- } else {
- trans.error().log(errMsg.toMsg(acf));
- exitCode=1;
- }
- } finally {
- tt.done();
- }
- return exitCode;
- }
-
-}
-
-
-
-
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java deleted file mode 100644 index 1d488de..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java +++ /dev/null @@ -1,449 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.io.StringReader;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.Collection;
-import java.util.List;
-
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-
-import org.onap.aaf.cadi.Symm;
-
-import org.onap.aaf.inno.env.Env;
-import org.onap.aaf.inno.env.TimeTaken;
-import org.onap.aaf.inno.env.Trans;
-
-public class Factory {
- private static final String PRIVATE_KEY_HEADER = "PRIVATE KEY";
- public static final String KEY_ALGO = "RSA";
- public static final String SIG_ALGO = "SHA256withRSA";
-
- public static final int KEY_LENGTH = 2048;
- private static final KeyPairGenerator keygen;
- private static final KeyFactory keyFactory;
- private static final CertificateFactory certificateFactory;
- private static final SecureRandom random;
-
-
- private static final Symm base64 = Symm.base64.copy(64);
-
- static {
- random = new SecureRandom();
- KeyPairGenerator tempKeygen;
- try {
- tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC");
- tempKeygen.initialize(KEY_LENGTH, random);
- } catch (NoSuchAlgorithmException e) {
- tempKeygen = null;
- e.printStackTrace(System.err);
- }
- keygen = tempKeygen;
-
- KeyFactory tempKeyFactory;
- try {
- tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC"
- } catch (NoSuchAlgorithmException e) {
- tempKeyFactory = null;
- e.printStackTrace(System.err);
- };
- keyFactory = tempKeyFactory;
-
- CertificateFactory tempCertificateFactory;
- try {
- tempCertificateFactory = CertificateFactory.getInstance("X.509");
- } catch (CertificateException e) {
- tempCertificateFactory = null;
- e.printStackTrace(System.err);
- }
- certificateFactory = tempCertificateFactory;
-
-
- }
-
-
- public static KeyPair generateKeyPair(Trans trans) {
- TimeTaken tt;
- if(trans!=null) {
- tt = trans.start("Generate KeyPair", Env.SUB);
- } else {
- tt = null;
- }
- try {
- return keygen.generateKeyPair();
- } finally {
- if(tt!=null) {
- tt.done();
- }
- }
- }
-
- private static final String LINE_END = "-----\n";
-
- protected static String textBuilder(String kind, byte[] bytes) throws IOException {
- StringBuilder sb = new StringBuilder();
- sb.append("-----BEGIN ");
- sb.append(kind);
- sb.append(LINE_END);
-
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- base64.encode(bais, baos);
- sb.append(new String(baos.toByteArray()));
-
- if(sb.charAt(sb.length()-1)!='\n') {
- sb.append('\n');
- }
- sb.append("-----END ");
- sb.append(kind);
- sb.append(LINE_END);
- return sb.toString();
- }
-
- public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException {
- byte[] bytes = decode(new StringReader(pk));
- return toPrivateKey(trans, bytes);
- }
-
- public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException {
- TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB);
- try {
- return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));
- } catch (InvalidKeySpecException e) {
- throw new CertException("Translating Private Key from PKCS8 KeySpec",e);
- } finally {
- tt.done();
- }
- }
-
- public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException {
- TimeTaken tt = trans.start("Decode Private Key File", Env.SUB);
- try {
- return toPrivateKey(trans,decode(file));
- }finally {
- tt.done();
- }
- }
-
- public static String toString(Trans trans, PrivateKey pk) throws IOException {
-// PKCS8EncodedKeySpec pemContents = new PKCS8EncodedKeySpec(pk.getEncoded());
- trans.debug().log("Private Key to String");
- return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded());
- }
-
- public static PublicKey toPublicKey(Trans trans, String pk) throws IOException {
- TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB);
- try {
- ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes());
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- Symm.base64noSplit.decode(bais, baos);
-
- return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray()));
- } catch (InvalidKeySpecException e) {
- trans.error().log(e,"Translating Public Key from X509 KeySpec");
- return null;
- } finally {
- tt.done();
- }
- }
-
- public static String toString(Trans trans, PublicKey pk) throws IOException {
- trans.debug().log("Public Key to String");
- return textBuilder("PUBLIC KEY",pk.getEncoded());
- }
-
- public static Collection<? extends Certificate> toX509Certificate(String x509) throws CertificateException {
- return toX509Certificate(x509.getBytes());
- }
-
- public static Collection<? extends Certificate> toX509Certificate(List<String> x509s) throws CertificateException {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- try {
- for(String x509 : x509s) {
- baos.write(x509.getBytes());
- }
- } catch (IOException e) {
- throw new CertificateException(e);
- }
- return toX509Certificate(new ByteArrayInputStream(baos.toByteArray()));
- }
-
- public static Collection<? extends Certificate> toX509Certificate(byte[] x509) throws CertificateException {
- return certificateFactory.generateCertificates(new ByteArrayInputStream(x509));
- }
-
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException {
- FileInputStream fis = new FileInputStream(file);
- try {
- return toX509Certificate(fis);
- } finally {
- try {
- fis.close();
- } catch (IOException e) {
- throw new CertificateException(e);
- }
- }
- }
-
- public static Collection<? extends Certificate> toX509Certificate(InputStream is) throws CertificateException {
- return certificateFactory.generateCertificates(is);
- }
-
- public static String toString(Trans trans, Certificate cert) throws IOException, CertException {
- if(trans.debug().isLoggable()) {
- StringBuilder sb = new StringBuilder("Certificate to String");
- if(cert instanceof X509Certificate) {
- sb.append(" - ");
- sb.append(((X509Certificate)cert).getSubjectDN());
- }
- trans.debug().log(sb);
- }
- try {
- if(cert==null) {
- throw new CertException("Certificate not built");
- }
- return textBuilder("CERTIFICATE",cert.getEncoded());
- } catch (CertificateEncodingException e) {
- throw new CertException(e);
- }
- }
-
- public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {
- return Cipher.getInstance(KEY_ALGO);
- }
-
- public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
- Cipher cipher = Cipher.getInstance(KEY_ALGO);
- cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key);
- return cipher;
- }
-
- public static byte[] strip(Reader rdr) throws IOException {
- BufferedReader br = new BufferedReader(rdr);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- String line;
- while((line=br.readLine())!=null) {
- if(line.length()>0 &&
- !line.startsWith("-----") &&
- line.indexOf(':')<0) { // Header elements
- baos.write(line.getBytes());
- }
- }
- return baos.toByteArray();
- }
-
- public static class StripperInputStream extends InputStream {
- private Reader created;
- private BufferedReader br;
- private int idx;
- private String line;
-
- public StripperInputStream(Reader rdr) {
- if(rdr instanceof BufferedReader) {
- br = (BufferedReader)rdr;
- } else {
- br = new BufferedReader(rdr);
- }
- created = null;
- }
-
- public StripperInputStream(File file) throws FileNotFoundException {
- this(new FileReader(file));
- created = br;
- }
-
- public StripperInputStream(InputStream is) throws FileNotFoundException {
- this(new InputStreamReader(is));
- created = br;
- }
-
- @Override
- public int read() throws IOException {
- if(line==null || idx>=line.length()) {
- while((line=br.readLine())!=null) {
- if(line.length()>0 &&
- !line.startsWith("-----") &&
- line.indexOf(':')<0) { // Header elements
- break;
- }
- }
-
- if(line==null) {
- return -1;
- }
- idx = 0;
- }
- return line.charAt(idx++);
- }
-
- /* (non-Javadoc)
- * @see java.io.InputStream#close()
- */
- @Override
- public void close() throws IOException {
- if(created!=null) {
- created.close();
- }
- }
- }
-
- public static class Base64InputStream extends InputStream {
- private InputStream created;
- private InputStream is;
- private byte trio[];
- private byte duo[];
- private int idx;
-
-
- public Base64InputStream(File file) throws FileNotFoundException {
- this(new FileInputStream(file));
- created = is;
- }
-
- public Base64InputStream(InputStream is) throws FileNotFoundException {
- this.is = is;
- trio = new byte[3];
- idx = 4;
- }
-
- @Override
- public int read() throws IOException {
- if(duo==null || idx>=duo.length) {
- int read = is.read(trio);
- if(read==-1) {
- return -1;
- }
- duo = Symm.base64.decode(trio);
- if(duo==null || duo.length==0) {
- return -1;
- }
- idx=0;
- }
-
- return duo[idx++];
- }
-
- /* (non-Javadoc)
- * @see java.io.InputStream#close()
- */
- @Override
- public void close() throws IOException {
- if(created!=null) {
- created.close();
- }
- }
- }
-
- public static byte[] decode(byte[] bytes) throws IOException {
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- Symm.base64.decode(bais, baos);
- return baos.toByteArray();
- }
-
- public static byte[] decode(File f) throws IOException {
- FileReader fr = new FileReader(f);
- try {
- return Factory.decode(fr);
- } finally {
- fr.close();
- }
-
- }
- public static byte[] decode(Reader rdr) throws IOException {
- return decode(strip(rdr));
- }
-
-
- public static byte[] binary(File file) throws IOException {
- DataInputStream dis = new DataInputStream(new FileInputStream(file));
- try {
- byte[] bytes = new byte[(int)file.length()];
- dis.readFully(bytes);
- return bytes;
- } finally {
- dis.close();
- }
- }
-
-
- public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
- TimeTaken tt = trans.start("Sign Data", Env.SUB);
- try {
- Signature sig = Signature.getInstance(SIG_ALGO);
- sig.initSign(pk, random);
- sig.update(bytes);
- return sig.sign();
- } finally {
- tt.done();
- }
- }
-
- public static String toSignatureString(byte[] signed) throws IOException {
- return textBuilder("SIGNATURE", signed);
- }
-
- public static boolean verify(Trans trans, byte[] bytes, byte[] signature, PublicKey pk) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- TimeTaken tt = trans.start("Verify Data", Env.SUB);
- try {
- Signature sig = Signature.getInstance(SIG_ALGO);
- sig.initVerify(pk);
- sig.update(bytes);
- return sig.verify(signature);
- } finally {
- tt.done();
- }
- }
-}
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifact.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifact.java deleted file mode 100644 index a89b901..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifact.java +++ /dev/null @@ -1,34 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-
-import org.onap.aaf.cadi.CadiException;
-
-import org.onap.aaf.inno.env.Trans;
-
-public interface PlaceArtifact {
- public boolean place(Trans trans, CertInfo cert, Artifact arti) throws CadiException;
-}
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInFiles.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInFiles.java deleted file mode 100644 index eaefd58..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInFiles.java +++ /dev/null @@ -1,54 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.File;
-
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.util.Chmod;
-
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-
-import org.onap.aaf.inno.env.Trans;
-
-public class PlaceArtifactInFiles extends ArtifactDir {
- @Override
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- try {
- // Setup Public Cert
- File f = new File(dir,arti.getAppName()+".crt");
- write(f,Chmod.to644,certInfo.getCerts().get(0),C_R);
-
- // Setup Private Key
- f = new File(dir,arti.getAppName()+".key");
- write(f,Chmod.to400,certInfo.getPrivatekey(),C_R);
-
- } catch (Exception e) {
- throw new CadiException(e);
- }
- return true;
- }
-}
-
-
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java deleted file mode 100644 index ddda1db..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java +++ /dev/null @@ -1,130 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.File;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.util.Chmod;
-
-import org.onap.aaf.inno.env.Trans;
-
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-
-public class PlaceArtifactInKeystore extends ArtifactDir {
- private String kst;
- //TODO get ROOT DNs or Trusted DNs from Certificate Manager.
-// private static String[] rootDNs = new String[]{
-// "CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", // Lab. delete eventually
-// "CN=ATT AAF CADI TEST CA, OU=CSO, O=ATT, C=US",
-// "CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US"
-// };
-
- public PlaceArtifactInKeystore(String kst) {
- this.kst = kst;
- }
-
- @Override
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getAppName()+'.'+kst);
- try {
- KeyStore jks = KeyStore.getInstance(kst);
- if(fks.exists()) {
- fks.delete();
- }
-
- // Get the Cert(s)... Might include Trust store
- Collection<? extends Certificate> certColl = Factory.toX509Certificate(certInfo.getCerts());
- X509Certificate[] certs = new X509Certificate[certColl.size()];
- certColl.toArray(certs);
-
-
- // Add CADI Keyfile Entry to Properties
- addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile");
- // Set Keystore Password
- addProperty(Config.CADI_KEYSTORE,fks.getAbsolutePath());
- String keystorePass = Symm.randomGen(CmAgent.PASS_SIZE);
- addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
- char[] keystorePassArray = keystorePass.toCharArray();
- jks.load(null,keystorePassArray); // load in
-
- // Add Private Key/Cert Entry for App
- // Note: Java SSL security classes, while having a separate key from keystore,
- // is documented to not actually work.
- // java.security.UnrecoverableKeyException: Cannot recover key
- // You can create a custom Key Manager to make it work, but Practicality
- // dictates that you live with the default, meaning, they are the same
- String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);
- PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());
- addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);
- addProperty(Config.CADI_ALIAS, arti.getMechid());
-// Set<Attribute> attribs = new HashSet<Attribute>();
-// if(kst.equals("pkcs12")) {
-// // Friendly Name
-// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getAppName()));
-// }
-//
- KeyStore.ProtectionParameter protParam =
- new KeyStore.PasswordProtection(keyPass.toCharArray());
-
- KeyStore.PrivateKeyEntry pkEntry =
- new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});
- jks.setEntry(arti.getMechid(),
- pkEntry, protParam);
-
- // Write out
- write(fks,Chmod.to400,jks,keystorePassArray);
-
- // Change out to TrustStore
- fks = new File(dir,arti.getAppName()+".trust."+kst);
- jks = KeyStore.getInstance(kst);
-
- // Set Truststore Password
- addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
- String trustStorePass = Symm.randomGen(CmAgent.PASS_SIZE);
- addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);
- char[] truststorePassArray = trustStorePass.toCharArray();
- jks.load(null,truststorePassArray); // load in
-
- // Add Trusted Certificates
- for(int i=1; i<certs.length;++i) {
- jks.setCertificateEntry("cadi_root_" + arti.getCa() + '_' + i, certs[i]);
- }
- // Write out
- write(fks,Chmod.to644,jks,truststorePassArray);
-
- } catch (Exception e) {
- throw new CadiException(e);
- }
- return false;
- }
-
-}
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactOnStream.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactOnStream.java deleted file mode 100644 index 162d745..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactOnStream.java +++ /dev/null @@ -1,52 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.PrintStream;
-
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-
-import org.onap.aaf.inno.env.Trans;
-
-public class PlaceArtifactOnStream implements PlaceArtifact {
- private PrintStream out;
-
- public PlaceArtifactOnStream(PrintStream printStream) {
- out = printStream;
- }
-
- @Override
- public boolean place(Trans trans, CertInfo capi, Artifact a) {
- if(capi.getNotes()!=null && capi.getNotes().length()>0) {
- trans.info().printf("Warning: %s\n",capi.getNotes());
- }
- out.printf("Challenge: %s\n",capi.getChallenge());
- out.printf("PrivateKey:\n%s\n",capi.getPrivatekey());
- out.println("Certificate Chain:");
- for(String c : capi.getCerts()) {
- out.println(c);
- }
- return true;
- }
-}
diff --git a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactScripts.java b/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactScripts.java deleted file mode 100644 index d1b3141..0000000 --- a/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactScripts.java +++ /dev/null @@ -1,139 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.cm;
-
-import java.io.File;
-
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.util.Chmod;
-
-import org.onap.aaf.inno.env.Trans;
-import org.onap.aaf.inno.env.util.Chrono;
-import org.onap.aaf.inno.env.util.Split;
-
-import certman.v1_0.Artifacts.Artifact;
-import certman.v1_0.CertInfo;
-
-public class PlaceArtifactScripts extends ArtifactDir {
- @Override
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- try {
- // Setup check.sh script
- String filename = arti.getAppName()+".check.sh";
- File f1 = new File(dir,filename);
- String email = arti.getNotification() + '\n';
- if(email.startsWith("mailto:")) {
- email=email.substring(7);
- } else {
- email=arti.getOsUser() + '\n';
- }
-
- StringBuilder classpath = new StringBuilder();
- boolean first = true;
- for(String pth : Split.split(File.pathSeparatorChar, System.getProperty("java.class.path"))) {
- if(first) {
- first=false;
- } else {
- classpath.append(File.pathSeparatorChar);
- }
- File f = new File(pth);
- classpath.append(f.getCanonicalPath().replaceAll("[0-9]+\\.[0-9]+\\.[0-9]+","*"));
- }
-
- write(f1,Chmod.to644,
- "#!/bin/bash " + f1.getCanonicalPath()+'\n',
- "# Certificate Manager Check Script\n",
- "# Check on Certificate, and renew if needed.\n",
- "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',
- "DIR="+arti.getDir()+'\n',
- "APP="+arti.getAppName()+'\n',
- "EMAIL="+email,
- "CP=\""+classpath.toString()+"\"\n",
- checkScript
- );
-
- // Setup check.sh script
- File f2 = new File(dir,arti.getAppName()+".crontab.sh");
- write(f2,Chmod.to644,
- "#!/bin/bash " + f1.getCanonicalPath()+'\n',
- "# Certificate Manager Crontab Loading Script\n",
- "# Add/Update a Crontab entry, that adds a check on Certificate Manager generated Certificate nightly.\n",
- "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',
- "TFILE=\"/tmp/cmcron$$.temp\"\n",
- "DIR=\""+arti.getDir()+"\"\n",
- "CF=\""+arti.getAppName()+" Certificate Check Script\"\n",
- "SCRIPT=\""+f1.getCanonicalPath()+"\"\n",
- cronScript
- );
-
- } catch (Exception e) {
- throw new CadiException(e);
- }
- return true;
- }
-
- private final static String checkScript =
- "> $DIR/$APP.msg\n\n" +
- "function mailit {\n" +
- " printf \"$*\" | /bin/mail -s \"AAF Certman Notification for `uname -n`\" $EMAIL\n"+
- "}\n\n" +
- System.getProperty("java.home") + "/bin/" +"java -cp $CP " +
- CmAgent.class.getName() +
- " cadi_prop_files=$DIR/$APP.props check 2> $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +
- "case \"$?\" in\n" +
- " 0)\n" +
- " # Note: Validation will be mailed only the first day after any modification\n" +
- " if [ \"`find $DIR -mtime 0 -name $APP.check.sh`\" != \"\" ] ; then\n" +
- " mailit `echo \"Certficate Validated:\\n\\n\" | cat - $DIR/$APP.msg`\n" +
- " else\n" +
- " cat $DIR/$APP.msg\n" +
- " fi\n" +
- " ;;\n" +
- " 1) mailit \"Error with Certificate Check:\\\\n\\\\nCheck logs $DIR/$APP.STDOUT and $DIR/$APP.STDERR on `uname -n`\"\n" +
- " ;;\n" +
- " 2) mailit `echo \"Certificate Check Error\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +
- " ;;\n" +
- " 10) mailit `echo \"Certificate Replaced\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +
- " if [ -e $DIR/$APP.restart.sh ]; then\n" +
- " # Note: it is THIS SCRIPT'S RESPONSIBILITY to notify upon success or failure as necessary!!\n" +
- " /bin/sh $DIR/$APP.restart.sh\n" +
- " fi\n" +
- " ;;\n" +
- " *) mailit `echo \"Unknown Error code for CM Agent\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +
- " ;;\n" +
- " esac\n\n" +
- " # Note: make sure to cover this sripts' exit Code\n";
-
- private final static String cronScript =
- "crontab -l | sed -n \"/#### BEGIN $CF/,/END $CF ####/!p\" > $TFILE\n" +
- "# Note: Randomize Minutes (0-60) and hours (1-4)\n" +
- "echo \"#### BEGIN $CF ####\" >> $TFILE\n" +
- "echo \"$(( $RANDOM % 60)) $(( $(( $RANDOM % 3 )) + 1 )) * * * /bin/bash $SCRIPT " +
- ">> $DIR/cronlog 2>&1 \" >> $TFILE\n" +
- "echo \"#### END $CF ####\" >> $TFILE\n" +
- "crontab $TFILE\n" +
- "rm $TFILE\n";
-}
-
-
-
|