From 7e8989cd2879ff0b93734995586ba7ed426a6f8a Mon Sep 17 00:00:00 2001 From: sg481n Date: Sat, 30 Sep 2017 03:30:05 +0000 Subject: Improve code coverage for aaf cadi modules Issue-ID: AAF-79 Change-Id: Ib01236cc4548a172d6455c59cd03a46b9743b09d Signed-off-by: sg481n --- aaf/src/assemble/cadi-aaf-test.xml | 6 +- aaf/src/assemble/cadi-aaf.xml | 12 +- aaf/src/src/assemble/cadi-aaf-test.xml | 109 --- aaf/src/src/assemble/cadi-aaf.xml | 52 -- aaf/src/src/main/java/Examples.java | 41 -- .../main/java/com/att/cadi/aaf/AAFPermission.java | 106 --- .../main/java/com/att/cadi/aaf/AAFTransmutate.java | 83 --- .../src/main/java/com/att/cadi/aaf/PermEval.java | 144 ---- .../java/com/att/cadi/aaf/client/ErrMessage.java | 97 --- .../java/com/att/cadi/aaf/client/Examples.java | 444 ------------ .../java/com/att/cadi/aaf/marshal/CertMarshal.java | 66 -- .../com/att/cadi/aaf/marshal/CertsMarshal.java | 45 -- .../main/java/com/att/cadi/aaf/v2_0/AAFAuthn.java | 196 ----- .../main/java/com/att/cadi/aaf/v2_0/AAFCon.java | 278 -------- .../java/com/att/cadi/aaf/v2_0/AAFConDME2.java | 157 ---- .../java/com/att/cadi/aaf/v2_0/AAFConHttp.java | 147 ---- .../java/com/att/cadi/aaf/v2_0/AAFLurPerm.java | 198 ------ .../main/java/com/att/cadi/aaf/v2_0/AAFTaf.java | 198 ------ .../com/att/cadi/aaf/v2_0/AAFTrustChecker.java | 90 --- .../main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java | 274 ------- .../src/main/java/com/att/cadi/cm/ArtifactDir.java | 272 ------- .../main/java/com/att/cadi/cm/CertException.java | 46 -- aaf/src/src/main/java/com/att/cadi/cm/CmAgent.java | 786 --------------------- aaf/src/src/main/java/com/att/cadi/cm/Factory.java | 446 ------------ .../main/java/com/att/cadi/cm/PlaceArtifact.java | 33 - .../java/com/att/cadi/cm/PlaceArtifactInFiles.java | 53 -- .../com/att/cadi/cm/PlaceArtifactInKeystore.java | 149 ---- .../com/att/cadi/cm/PlaceArtifactOnStream.java | 52 -- .../java/com/att/cadi/cm/PlaceArtifactScripts.java | 123 ---- .../java/com/att/cadi/lur/aaf/test/TestAccess.java | 116 --- aaf/src/src/test/resources/cadi.properties | 52 -- aaf/src/src/test/resources/log4j.properties | 57 -- aaf/src/src/test/resources/logging.props | 38 - 33 files changed, 9 insertions(+), 4957 deletions(-) delete mode 100644 aaf/src/src/assemble/cadi-aaf-test.xml delete mode 100644 aaf/src/src/assemble/cadi-aaf.xml delete mode 100644 aaf/src/src/main/java/Examples.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/AAFPermission.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/AAFTransmutate.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/PermEval.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/client/ErrMessage.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/client/Examples.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertMarshal.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertsMarshal.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFAuthn.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFCon.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConDME2.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConHttp.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFLurPerm.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTaf.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/ArtifactDir.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/CertException.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/CmAgent.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/Factory.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifact.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInFiles.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInKeystore.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactOnStream.java delete mode 100644 aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactScripts.java delete mode 100644 aaf/src/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java delete mode 100644 aaf/src/src/test/resources/cadi.properties delete mode 100644 aaf/src/src/test/resources/log4j.properties delete mode 100644 aaf/src/src/test/resources/logging.props diff --git a/aaf/src/assemble/cadi-aaf-test.xml b/aaf/src/assemble/cadi-aaf-test.xml index 20626ad..8f3fc43 100644 --- a/aaf/src/assemble/cadi-aaf-test.xml +++ b/aaf/src/assemble/cadi-aaf-test.xml @@ -34,14 +34,14 @@ false test - com.att.cadi:cadi-core + org.onap.aaf.cadi:cadi-core false test - com.att.cadi:cadi-aaf + org.onap.aaf.cadi:cadi-aaf @@ -86,7 +86,7 @@ false compile - com.att.cssa:rosetta + org.onap.aaf.cssa:rosetta diff --git a/aaf/src/assemble/cadi-aaf.xml b/aaf/src/assemble/cadi-aaf.xml index 3460028..0166367 100644 --- a/aaf/src/assemble/cadi-aaf.xml +++ b/aaf/src/assemble/cadi-aaf.xml @@ -34,12 +34,12 @@ true compile - com.att.authz:authz-client - com.att.cadi:cadi-aaf - com.att.cadi:cadi-core - com.att.cadi:cadi-client - com.att.inno:env - com.att.inno:rosetta + org.onap.aaf.authz:authz-client + org.onap.aaf.cadi:cadi-aaf + org.onap.aaf.cadi:cadi-core + org.onap.aaf.cadi:cadi-client + org.onap.aaf.inno:env + org.onap.aaf.inno:rosetta diff --git a/aaf/src/src/assemble/cadi-aaf-test.xml b/aaf/src/src/assemble/cadi-aaf-test.xml deleted file mode 100644 index 20626ad..0000000 --- a/aaf/src/src/assemble/cadi-aaf-test.xml +++ /dev/null @@ -1,109 +0,0 @@ - - - - test - - zip - - - true - - - false - test - - com.att.cadi:cadi-core - - - - false - test - - com.att.cadi:cadi-aaf - - - - false - test - - org.eclipse.jetty.aggregate:jetty-all - - - - - false - test - - org.eclipse.jetty.orbit:javax.servlet - - - - - false - test - - javax:servlet - - - - - false - test - - com.att.aft:dme2 - - - - false - test - - com.att.aft.discovery:discovery-clt - - - - false - compile - - com.att.cssa:rosetta - - - - - - run - - cadi.properties - keyfile - start.sh - - - - - ../cadi/target/cadi-core*tests.jar - - - - - diff --git a/aaf/src/src/assemble/cadi-aaf.xml b/aaf/src/src/assemble/cadi-aaf.xml deleted file mode 100644 index 3460028..0000000 --- a/aaf/src/src/assemble/cadi-aaf.xml +++ /dev/null @@ -1,52 +0,0 @@ - - - - full - - jar - - - false - - - true - compile - - com.att.authz:authz-client - com.att.cadi:cadi-aaf - com.att.cadi:cadi-core - com.att.cadi:cadi-client - com.att.inno:env - com.att.inno:rosetta - - - - - - - src/main/xsd - - - diff --git a/aaf/src/src/main/java/Examples.java b/aaf/src/src/main/java/Examples.java deleted file mode 100644 index 7ea379b..0000000 --- a/aaf/src/src/main/java/Examples.java +++ /dev/null @@ -1,41 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -import com.att.rosetta.env.RosettaEnv; - -public class Examples { - public static void main(String[] args) { - if(args.length<1) { - System.out.println("Usage: Examples [\"optional\" - will show optional fields]"); - } else { - boolean options = args.length>1&&"optional".equals(args[1]); - try { - RosettaEnv env = new RosettaEnv(); - System.out.println(com.att.cadi.aaf.client.Examples.print(env, args[0], options)); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } - } - - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/AAFPermission.java b/aaf/src/src/main/java/com/att/cadi/aaf/AAFPermission.java deleted file mode 100644 index 7a3f175..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/AAFPermission.java +++ /dev/null @@ -1,106 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf; - -import com.att.cadi.Permission; - -/** - * A Class that understands the AAF format of Permission (name/type/action) - * or String "name|type|action" - * - * - */ -public class AAFPermission implements Permission { - protected String type,instance,action,key; - - protected AAFPermission() {} - - public AAFPermission(String type, String instance, String action) { - this.type = type; - this.instance = instance; - this.action = action; - key = type + '|' + instance + '|' + action; - } - - /** - * Match a Permission - * if Permission is Fielded type "Permission", we use the fields - * otherwise, we split the Permission with '|' - * - * when the type or action starts with REGEX indicator character ( ! ), - * then it is evaluated as a regular expression. - * - * If you want a simple field comparison, it is faster without REGEX - */ - public boolean match(Permission p) { - if(p instanceof AAFPermission) { - AAFPermission ap = (AAFPermission)p; - // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy - // Current solution is only allow direct match on Type. - // 8/28/2014 - added REGEX ability - if(type.equals(ap.getName())) - if(PermEval.evalInstance(instance,ap.getInstance())) - if(PermEval.evalAction(action,ap.getAction())) - return true; - } else { - // Permission is concatenated together: separated by | - String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3); - if(aaf.length>0 && type.equals(aaf[0])) - if(PermEval.evalInstance(instance,aaf.length>1?aaf[1]:"*")) - if(PermEval.evalAction(action,aaf.length>2?aaf[2]:"*")) - return true; - } - return false; - } - - - public String getName() { - return type; - } - - public String getInstance() { - return instance; - } - - public String getAction() { - return action; - } - - public String getKey() { - return key; - } - - /* (non-Javadoc) - * @see com.att.cadi.Permission#permType() - */ - public String permType() { - return "AAF"; - } - - public String toString() { - return "AAFPermission:\n\tType: " + type + - "\n\tInstance: " + instance + - "\n\tAction: " + action + - "\n\tKey: " + key; - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/AAFTransmutate.java b/aaf/src/src/main/java/com/att/cadi/aaf/AAFTransmutate.java deleted file mode 100644 index cb01068..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/AAFTransmutate.java +++ /dev/null @@ -1,83 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf; - -import java.security.Principal; -import java.util.regex.Pattern; - -import com.att.cadi.Transmutate; -import com.att.cadi.lur.ConfigPrincipal; -import com.att.cadi.principal.BasicPrincipal; -import com.att.cadi.principal.CSPPrincipal_T; - -/** - * AAFTransmutate - * - * Each System determines the mechanisms for which one Principal is transmutated to another, such as whether it is created - * independently, etc. - * - * For AAF, the only important thing is that these are valid ATTUID/mechIDs, to avoid unnecessary user hits - * - * attUIDs look like ab1234 or AB1234 or AZ123a - * mechids look like m12345 - * - * - */ -public final class AAFTransmutate implements Transmutate { - private Pattern pattern = Pattern.compile("[a-zA-Z]\\w\\d\\d\\d\\w"); - - public Principal mutate(Principal p) { - // Accept these three internal kinds of Principals - if(p instanceof CSPPrincipal_T - || p instanceof BasicPrincipal - || p instanceof ConfigPrincipal) { - return p; - } else { - String name = p.getName(); - final int idx = name.indexOf('@'); - if(idx>0) { // strip off any domain - name = name.substring(0,idx); - } - - // Check for ATTUID specs before creating CSP_T - return pattern.matcher(name).matches()? - new CSP_T(name): - null; - } - } - - /** - * Essential Principal reflecting CSP Principal - * - * - */ - private final class CSP_T implements CSPPrincipal_T { - private String name; - public CSP_T(String name) { - this.name = name; - } - public String getName() { - return name; - } - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/PermEval.java b/aaf/src/src/main/java/com/att/cadi/aaf/PermEval.java deleted file mode 100644 index e581745..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/PermEval.java +++ /dev/null @@ -1,144 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf; - -import com.att.inno.env.util.Split; - - -public class PermEval { - public static final char START_REGEX_CHAR = '!'; - public static final char START_INST_KEY_CHAR=':'; - public static final char ALT_START_INST_KEY_CHAR='/'; - - public static final char LIST_SEP = ','; - public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString(); - public static final String ASTERIX = "*"; - - /** - * Evaluate Instance - * - * Instance can be more complex. It can be a string, a Regular Expression, or a ":" separated Key - * who's parts can also be a String, Regular Expression. - * - * sInst = Server's Instance - * In order to prevent false matches, keys must be the same length to count as equal - * Changing this will break existing users, like Cassandra. 9-4-2015 - */ - public static boolean evalInstance(String sInst, String pInst) { - if(ASTERIX.equals(sInst)) return true; // If Server's String is "*", then it accepts every Instance - char firstChar = pInst.charAt(0); - char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR; - switch(pInst.charAt(0)) { // First char - case START_REGEX_CHAR: // Evaluate as Regular Expression - String pItem = pInst.substring(1); - for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," definition in Action - return sItem.matches(pItem); - } - - case START_INST_KEY_CHAR: // Evaluate a special Key field, i.e.:xyz:*:!df.* - case ALT_START_INST_KEY_CHAR: // Also allow '/' as special Key Field, i.e. /xyz/*/!.* - if(sInst.charAt(0)==startChar) { // To compare key-to-key, both strings must be keys - String[] skeys=Split.split(startChar,sInst); - String[] pkeys=Split.split(startChar,pInst); - if(skeys.length!=pkeys.length) return false; - - boolean pass = true; - for(int i=1;pass && i errDF; - - public ErrMessage(RosettaEnv env) throws APIException { - errDF = env.newDataFactory(Error.class); - } - - /** - * AT&T Requires a specific Error Format for RESTful Services, which AAF complies with. - * - * This code will create a meaningful string from this format. - * - * @param ps - * @param df - * @param r - * @throws APIException - */ - public void printErr(PrintStream ps, String attErrJson) throws APIException { - StringBuilder sb = new StringBuilder(); - Error err = errDF.newData().in(TYPE.JSON).load(attErrJson).asObject(); - ps.println(toMsg(sb,err)); - } - - /** - * AT&T Requires a specific Error Format for RESTful Services, which AAF complies with. - * - * This code will create a meaningful string from this format. - * - * @param sb - * @param df - * @param r - * @throws APIException - */ - public StringBuilder toMsg(StringBuilder sb, String attErrJson) throws APIException { - return toMsg(sb,errDF.newData().in(TYPE.JSON).load(attErrJson).asObject()); - } - - public StringBuilder toMsg(Future future) { - return toMsg(new StringBuilder(),future); - } - - public StringBuilder toMsg(StringBuilder sb, Future future) { - try { - toMsg(sb,errDF.newData().in(TYPE.JSON).load(future.body()).asObject()); - } catch(Exception e) { - //just print what we can - sb.append(future.code()); - sb.append(": "); - sb.append(future.body()); - } - return sb; - } - - public StringBuilder toMsg(StringBuilder sb, Error err) { - sb.append(err.getMessageId()); - sb.append(' '); - String[] vars = new String[err.getVariables().size()]; - err.getVariables().toArray(vars); - Vars.convert(sb, err.getText(),vars); - return sb; - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/client/Examples.java b/aaf/src/src/main/java/com/att/cadi/aaf/client/Examples.java deleted file mode 100644 index d469805..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/client/Examples.java +++ /dev/null @@ -1,444 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.client; - - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.GregorianCalendar; - -import aaf.v2_0.Approval; -import aaf.v2_0.Approvals; -import aaf.v2_0.CredRequest; -import aaf.v2_0.Keys; -import aaf.v2_0.NsRequest; -import aaf.v2_0.Nss; -import aaf.v2_0.Nss.Ns; -import aaf.v2_0.Perm; -import aaf.v2_0.PermKey; -import aaf.v2_0.PermRequest; -import aaf.v2_0.Perms; -import aaf.v2_0.Pkey; -import aaf.v2_0.Request; -import aaf.v2_0.Role; -import aaf.v2_0.RoleKey; -import aaf.v2_0.RolePermRequest; -import aaf.v2_0.RoleRequest; -import aaf.v2_0.Roles; -import aaf.v2_0.UserRole; -import aaf.v2_0.UserRoleRequest; -import aaf.v2_0.UserRoles; -import aaf.v2_0.Users; -import aaf.v2_0.Users.User; - -import com.att.inno.env.APIException; -import com.att.inno.env.Data; -import com.att.inno.env.Data.TYPE; -import com.att.inno.env.util.Chrono; -import com.att.rosetta.env.RosettaDF; -import com.att.rosetta.env.RosettaEnv; - -public class Examples { - public static String print(RosettaEnv env, String nameOrContentType, boolean optional) throws APIException, SecurityException, NoSuchMethodException, IllegalArgumentException, IllegalAccessException, InvocationTargetException { - // Discover ClassName - String className = null; - String version = null; - TYPE type = TYPE.JSON; // default - if(nameOrContentType.startsWith("application/")) { - for(String ct : nameOrContentType.split("\\s*,\\s*")) { - for(String elem : ct.split("\\s*;\\s*")) { - if(elem.endsWith("+json")) { - type = TYPE.JSON; - className = elem.substring(elem.indexOf('/')+1, elem.length()-5); - } else if(elem.endsWith("+xml")) { - type = TYPE.XML; - className = elem.substring(elem.indexOf('/')+1, elem.length()-4); - } else if(elem.startsWith("version=")) { - version = elem.substring(8); - } - } - if(className!=null && version!=null)break; - } - if(className==null) { - throw new APIException(nameOrContentType + " does not contain Class Information"); - } - } else { - className = nameOrContentType; - } - - // No Void.class in aaf.v2_0 package causing errors when trying to use a newVoidv2_0 - // method similar to others in this class. This makes it work, but is it right? - if ("Void".equals(className)) return ""; - - if("1.1".equals(version)) { - version = "v1_0"; - } else if(version!=null) { - version = "v" + version.replace('.', '_'); - } else { - version = "v2_0"; - } - - Class cls; - try { - cls = Examples.class.getClassLoader().loadClass("aaf."+version+'.'+className); - } catch (ClassNotFoundException e) { - throw new APIException(e); - } - - Method meth; - try { - meth = Examples.class.getDeclaredMethod("new"+cls.getSimpleName()+version,boolean.class); - } catch (Exception e) { - throw new APIException("ERROR: " + cls.getName() + " does not have an Example in Code. Request from AAF Developers"); - } - - RosettaDF df = env.newDataFactory(cls); - df.option(Data.PRETTY); - - Object data = meth.invoke(null,optional); - - @SuppressWarnings("unchecked") - String rv = df.newData().load((C)data).out(type).asString(); -// Object obj = df.newData().in(type).load(rv).asObject(); - return rv; - } - - /* - * Set Base Class Request (easier than coding over and over) - */ - private static void setOptional(Request req) { - GregorianCalendar gc = new GregorianCalendar(); - req.setStart(Chrono.timeStamp(gc)); - gc.add(GregorianCalendar.MONTH, 6); - req.setEnd(Chrono.timeStamp(gc)); -// req.setForce("false"); - - } - - @SuppressWarnings("unused") - private static Request newRequestv2_0(boolean optional) { - Request r = new Request(); - setOptional(r); - return r; - } - @SuppressWarnings("unused") - private static RolePermRequest newRolePermRequestv2_0(boolean optional) { - RolePermRequest rpr = new RolePermRequest(); - Pkey pkey = new Pkey(); - pkey.setType("com.att.myns.mytype"); - pkey.setInstance("myInstance"); - pkey.setAction("myAction"); - rpr.setPerm(pkey); - rpr.setRole("com.att.myns.myrole"); - if(optional)setOptional(rpr); - return rpr; - } - - @SuppressWarnings("unused") - private static Roles newRolesv2_0(boolean optional) { - Role r; - Pkey p; - Roles rs = new Roles(); - rs.getRole().add(r = new Role()); - r.setName("com.att.myns.myRole"); - r.getPerms().add(p = new Pkey()); - p.setType("com.att.myns.myType"); - p.setInstance("myInstance"); - p.setAction("myAction"); - - r.getPerms().add(p = new Pkey()); - p.setType("com.att.myns.myType"); - p.setInstance("myInstance"); - p.setAction("myOtherAction"); - - rs.getRole().add(r = new Role()); - r.setName("com.att.myns.myOtherRole"); - r.getPerms().add(p = new Pkey()); - p.setType("com.att.myns.myOtherType"); - p.setInstance("myInstance"); - p.setAction("myAction"); - - r.getPerms().add(p = new Pkey()); - p.setType("com.att.myns.myOthertype"); - p.setInstance("myInstance"); - p.setAction("myOtherAction"); - - return rs; - } - - - @SuppressWarnings("unused") - private static PermRequest newPermRequestv2_0(boolean optional) { - PermRequest pr = new PermRequest(); - pr.setType("com.att.myns.myType"); - pr.setInstance("myInstance"); - pr.setAction("myAction"); - if(optional) { - pr.setDescription("Short and meaningful verbiage about the Permission"); - - setOptional(pr); - } - return pr; - } - - @SuppressWarnings("unused") - private static Perm newPermv2_0(boolean optional) { - Perm pr = new Perm(); - pr.setType("com.att.myns.myType"); - pr.setInstance("myInstance"); - pr.setAction("myAction"); - pr.getRoles().add("com.att.myns.myRole"); - pr.getRoles().add("com.att.myns.myRole2"); - pr.setDescription("This is my description, and I'm sticking with it"); - if(optional) { - pr.setDescription("Short and meaningful verbiage about the Permission"); - } - return pr; - } - - - @SuppressWarnings("unused") - private static PermKey newPermKeyv2_0(boolean optional) { - PermKey pr = new PermKey(); - pr.setType("com.att.myns.myType"); - pr.setInstance("myInstance"); - pr.setAction("myAction"); - return pr; - } - - @SuppressWarnings("unused") - private static Perms newPermsv2_0(boolean optional) { - Perms perms = new Perms(); - Perm p; - perms.getPerm().add(p=new Perm()); - p.setType("com.att.myns.myType"); - p.setInstance("myInstance"); - p.setAction("myAction"); - p.getRoles().add("com.att.myns.myRole"); - p.getRoles().add("com.att.myns.myRole2"); - - - perms.getPerm().add(p=new Perm()); - p.setType("com.att.myns.myOtherType"); - p.setInstance("myInstance"); - p.setAction("myOtherAction"); - p.getRoles().add("com.att.myns.myRole"); - p.getRoles().add("com.att.myns.myRole2"); - - return perms; - - } - - @SuppressWarnings("unused") - private static UserRoleRequest newUserRoleRequestv2_0(boolean optional) { - UserRoleRequest urr = new UserRoleRequest(); - urr.setRole("com.att.myns.myRole"); - urr.setUser("ab1234@csp.att.com"); - if(optional) setOptional(urr); - return urr; - } - - @SuppressWarnings("unused") - private static NsRequest newNsRequestv2_0(boolean optional) { - NsRequest nr = new NsRequest(); - nr.setName("com.att.myns"); - nr.getResponsible().add("ab1234@csp.att.com"); - nr.getResponsible().add("cd5678@csp.att.com"); - nr.getAdmin().add("zy9876@csp.att.com"); - nr.getAdmin().add("xw5432@csp.att.com"); - if(optional) { - nr.setDescription("This is my Namespace to set up"); - nr.setType("APP"); - setOptional(nr); - } - return nr; - } - - - @SuppressWarnings("unused") - private static Nss newNssv2_0(boolean optional) { - Ns ns; - - Nss nss = new Nss(); - nss.getNs().add(ns = new Nss.Ns()); - ns.setName("com.att.myns"); - ns.getResponsible().add("ab1234@csp.att.com"); - ns.getResponsible().add("cd5678@csp.att.com"); - ns.getAdmin().add("zy9876@csp.att.com"); - ns.getAdmin().add("xw5432@csp.att.com"); - ns.setDescription("This is my Namespace to set up"); - - nss.getNs().add(ns = new Nss.Ns()); - ns.setName("com.att.myOtherNs"); - ns.getResponsible().add("ab1234@csp.att.com"); - ns.getResponsible().add("cd5678@csp.att.com"); - ns.getAdmin().add("zy9876@csp.att.com"); - ns.getAdmin().add("xw5432@csp.att.com"); - - return nss; - } - @SuppressWarnings("unused") - private static RoleRequest newRoleRequestv2_0(boolean optional) { - RoleRequest rr = new RoleRequest(); - rr.setName("com.att.myns.myRole"); - if(optional) { - rr.setDescription("This is my Role"); - setOptional(rr); - } - return rr; - } - - @SuppressWarnings("unused") - private static CredRequest newCredRequestv2_0(boolean optional) { - CredRequest cr = new CredRequest(); - cr.setId("myID@fully.qualified.domain"); - if(optional) { - cr.setType(2); - cr.setEntry("0x125AB256344CE"); - } else { - cr.setPassword("This is my provisioned password"); - } - - return cr; - } - - @SuppressWarnings("unused") - private static Users newUsersv2_0(boolean optional) { - User user; - - Users users = new Users(); - users.getUser().add(user = new Users.User()); - user.setId("ab1234@csp.att.com"); - GregorianCalendar gc = new GregorianCalendar(); - user.setExpires(Chrono.timeStamp(gc)); - - users.getUser().add(user = new Users.User()); - user.setId("zy9876@csp.att.com"); - user.setExpires(Chrono.timeStamp(gc)); - - return users; - } - - @SuppressWarnings("unused") - private static Role newRolev2_0(boolean optional) { - Role r = new Role(); - Pkey p; - r.setName("com.att.myns.myRole"); - r.getPerms().add(p = new Pkey()); - p.setType("com.att.myns.myType"); - p.setInstance("myInstance"); - p.setAction("myAction"); - - return r; - } - - @SuppressWarnings("unused") - private static RoleKey newRoleKeyv2_0(boolean optional) { - RoleKey r = new RoleKey(); - Pkey p; - r.setName("com.att.myns.myRole"); - return r; - } - - @SuppressWarnings("unused") - private static Keys newKeysv2_0(boolean optional) { - Keys ks = new Keys(); - ks.getKey().add("Reponse 1"); - ks.getKey().add("Response 2"); - return ks; - } - - @SuppressWarnings("unused") - private static UserRoles newUserRolesv2_0(boolean optional) { - UserRoles urs = new UserRoles(); - UserRole ur = new UserRole(); - ur.setUser("xy1234"); - ur.setRole("com.test.myapp.myRole"); - ur.setExpires(Chrono.timeStamp()); - urs.getUserRole().add(ur); - - ur = new UserRole(); - ur.setUser("yx4321"); - ur.setRole("com.test.yourapp.yourRole"); - ur.setExpires(Chrono.timeStamp()); - urs.getUserRole().add(ur); - return urs; - } - - - @SuppressWarnings("unused") - private static Approvals newApprovalsv2_0(boolean optional) { - Approvals as = new Approvals(); - Approval a = new Approval(); - a.setApprover("MyApprover"); - a.setId("MyID"); - a.setMemo("My memo (and then some)"); - a.setOperation("MyOperation"); - a.setStatus("MyStatus"); - a.setTicket("MyTicket"); - a.setType("MyType"); - a.setUpdated(Chrono.timeStamp()); - a.setUser("MyUser"); - as.getApprovals().add(a); - a = new Approval(); - a.setApprover("MyApprover2"); - a.setId("MyID2"); - a.setMemo("My memo (and then some)2"); - a.setOperation("MyOperation2"); - a.setStatus("MyStatus2"); - a.setTicket("MyTicket2"); - a.setType("MyType2"); - a.setUpdated(Chrono.timeStamp()); - a.setUser("MyUser2"); - as.getApprovals().add(a); - return as; - } - - @SuppressWarnings("unused") - private static Approval newApprovalv2_0(boolean optional) { - Approval a = new Approval(); - a.setApprover("MyApprover"); - a.setId("MyID"); - a.setMemo("My memo (and then some)"); - a.setOperation("MyOperation"); - a.setStatus("MyStatus"); - a.setTicket("MyTicket"); - a.setType("MyType"); - a.setUpdated(Chrono.timeStamp()); - a.setUser("MyUser"); - return a; - } - - - - @SuppressWarnings("unused") - private static aaf.v2_0.Error newErrorv2_0(boolean optional) { - aaf.v2_0.Error err = new aaf.v2_0.Error(); - err.setMessageId("SVC1403"); - err.setText("MyText %s, %s: The last three digits are usually the HTTP Code"); - err.getVariables().add("Variable 1"); - err.getVariables().add("Variable 2"); - return err; - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertMarshal.java b/aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertMarshal.java deleted file mode 100644 index ad75dc5..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertMarshal.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.marshal; - -import javax.xml.datatype.XMLGregorianCalendar; - -import aaf.v2_0.Certs.Cert; - -import com.att.rosetta.marshal.FieldDateTime; -import com.att.rosetta.marshal.FieldHexBinary; -import com.att.rosetta.marshal.FieldString; -import com.att.rosetta.marshal.ObjMarshal; - -public class CertMarshal extends ObjMarshal { - public CertMarshal() { - add(new FieldHexBinary("fingerprint") { - @Override - protected byte[] data(Cert t) { - return t.getFingerprint(); - } - }); - - add(new FieldString("id") { - @Override - protected String data(Cert t) { - return t.getId(); - } - }); - - add(new FieldString("x500") { - @Override - protected String data(Cert t) { - return t.getX500(); - } - }); - - add(new FieldDateTime("expires") { - @Override - protected XMLGregorianCalendar data(Cert t) { - return t.getExpires(); - } - }); - - - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertsMarshal.java b/aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertsMarshal.java deleted file mode 100644 index 3a27a9c..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/marshal/CertsMarshal.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.marshal; - -import java.util.List; - -import aaf.v2_0.Certs; -import aaf.v2_0.Certs.Cert; - -import com.att.rosetta.marshal.ObjArray; -import com.att.rosetta.marshal.ObjMarshal; - -public class CertsMarshal extends ObjMarshal { - - public CertsMarshal() { - add(new ObjArray("cert",new CertMarshal()) { - @Override - protected List data(Certs t) { - return t.getCert(); - } - }); - } - - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFAuthn.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFAuthn.java deleted file mode 100644 index 263f730..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFAuthn.java +++ /dev/null @@ -1,196 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import com.att.aft.dme2.api.DME2Exception; -import com.att.cadi.AbsUserCache; -import com.att.cadi.CachedPrincipal; -import com.att.cadi.GetCred; -import com.att.cadi.Hash; -import com.att.cadi.User; -import com.att.cadi.aaf.AAFPermission; -import com.att.cadi.client.Future; -import com.att.cadi.client.Rcli; -import com.att.cadi.config.Config; -import com.att.cadi.lur.ConfigPrincipal; -import com.att.inno.env.APIException; - -public class AAFAuthn extends AbsUserCache { - private AAFCon con; - private String realm; - - /** - * Configure with Standard AAF properties, Stand alone - * @param con - * @throws Exception - */ - // Package on purpose - AAFAuthn(AAFCon con) throws Exception { - super(con.access,con.cleanInterval,con.highCount,con.usageRefreshTriggerCount); - this.con = con; - - try { - setRealm(); - } catch (APIException e) { - if(e.getCause() instanceof DME2Exception) { - // Can't contact AAF, assume default - realm=con.access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); - } - } - } - - /** - * Configure with Standard AAF properties, but share the Cache (with AAF Lur) - * @param con - * @throws Exception - */ - // Package on purpose - AAFAuthn(AAFCon con, AbsUserCache cache) throws Exception { - super(cache); - this.con = con; - try { - setRealm(); - } catch (Exception e) { - if(e.getCause() instanceof DME2Exception) { - access.log(e); - // Can't contact AAF, assume default - realm=con.access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); - } - } - } - - private void setRealm() throws Exception { - // Make a call without security set to get the 401 response, which - // includes the Realm of the server - // This also checks on Connectivity early on. - Future fp = con.client(AAFCon.AAF_VERSION).read("/authn/basicAuth", "text/plain"); - if(fp.get(con.timeout)) { - throw new Exception("Do not preset Basic Auth Information for AAFAuthn"); - } else { - if(fp.code()==401) { - realm = fp.header("WWW-Authenticate"); - if(realm!=null && realm.startsWith("Basic realm=\"")) { - realm = realm.substring(13, realm.length()-1); - } else { - realm = "unknown.com"; - } - } - } - } - - /** - * Return Native Realm of AAF Instance. - * - * @return - */ - public String getRealm() { - return realm; - } - - /** - * Returns null if ok, or an Error String; - * - * @param user - * @param password - * @return - * @throws Exception - */ - public String validate(String user, String password) throws Exception { - User usr = getUser(user); - if(password.startsWith("enc:???")) { - password = access.decrypt(password, true); - } - - byte[] bytes = password.getBytes(); - if(usr != null && usr.principal != null && usr.principal.getName().equals(user) - && usr.principal instanceof GetCred) { - - if(Hash.isEqual(((GetCred)usr.principal).getCred(),bytes)) { - return null; - } else { - remove(usr); - usr = null; - } - } - - AAFCachedPrincipal cp = new AAFCachedPrincipal(this,con.app, user, bytes, con.cleanInterval); - // Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch - // Statement - switch(cp.revalidate()) { - case REVALIDATED: - if(usr!=null) { - usr.principal = cp; - } else { - addUser(new User(cp,con.timeout)); - } - return null; - case INACCESSIBLE: - return "AAF Inaccessible"; - case UNVALIDATED: - return "User/Pass combo invalid"; - default: - return "AAFAuthn doesn't handle this Principal"; - } - } - - private class AAFCachedPrincipal extends ConfigPrincipal implements CachedPrincipal { - private long expires,timeToLive; - - public AAFCachedPrincipal(AAFAuthn aaf, String app, String name, byte[] pass, int timeToLive) { - super(name,pass); - this.timeToLive = timeToLive; - expires = timeToLive + System.currentTimeMillis(); - } - - public Resp revalidate() { - try { - Miss missed = missed(getName()); - if(missed==null || missed.mayContinue(getCred())) { - Rcli client = con.client(AAFCon.AAF_VERSION).forUser(con.basicAuth(getName(), new String(getCred()))); - Future fp = client.read( - "/authn/basicAuth", - "text/plain" - ); - if(fp.get(con.timeout)) { - expires = System.currentTimeMillis() + timeToLive; - addUser(new User(this, expires)); - return Resp.REVALIDATED; - } else { - addMiss(getName(), getCred()); - return Resp.UNVALIDATED; - } - } else { - return Resp.UNVALIDATED; - } - } catch (Exception e) { - con.access.log(e); - return Resp.INACCESSIBLE; - } - } - - public long expires() { - return expires; - } - }; - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFCon.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFCon.java deleted file mode 100644 index 9b458c7..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFCon.java +++ /dev/null @@ -1,278 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import java.net.URI; -import java.net.URISyntaxException; -import java.security.Principal; - -import com.att.cadi.AbsUserCache; -import com.att.cadi.Access; -import com.att.cadi.CadiException; -import com.att.cadi.CadiWrap; -import com.att.cadi.Connector; -import com.att.cadi.LocatorException; -import com.att.cadi.Lur; -import com.att.cadi.SecuritySetter; -import com.att.cadi.aaf.AAFPermission; -import com.att.cadi.aaf.marshal.CertsMarshal; -import com.att.cadi.client.Rcli; -import com.att.cadi.client.Retryable; -import com.att.cadi.config.Config; -import com.att.cadi.config.SecurityInfo; -import com.att.cadi.lur.EpiLur; -import com.att.cadi.principal.BasicPrincipal; -import com.att.inno.env.APIException; -import com.att.inno.env.util.Split; -import com.att.rosetta.env.RosettaDF; -import com.att.rosetta.env.RosettaEnv; - -import aaf.v2_0.Certs; -import aaf.v2_0.Perms; -import aaf.v2_0.Users; - -public abstract class AAFCon implements Connector { - public static final String AAF_VERSION = "2.0"; - - final public Access access; - // Package access - final public int timeout, cleanInterval, connTimeout; - final public int highCount, userExpires, usageRefreshTriggerCount; - private Rcli client = null; - final public RosettaDF permsDF; - final public RosettaDF certsDF; - final public RosettaDF usersDF; - private String realm; - public final String app; - protected SecuritySetter ss; - protected SecurityInfo si; - protected final URI initURI; - - public Rcli client(String apiVersion) throws CadiException { - if(client==null) { - client = rclient(initURI,ss); - client.apiVersion(apiVersion) - .readTimeout(connTimeout); - } - return client; - } - - protected AAFCon(Access access, String tag, SecurityInfo si) throws CadiException{ - try { - this.access = access; - this.si = si; - this.ss = si.defSS; - if(ss==null) { - String mechid = access.getProperty(Config.AAF_MECHID, null); - String encpass = access.getProperty(Config.AAF_MECHPASS, null); - if(encpass==null) { - String alias = access.getProperty(Config.CADI_ALIAS, mechid); - if(alias==null) { - throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required."); - } - si.defSS=ss = x509Alias(alias); - } else { - if(mechid!=null && encpass !=null) { - si.defSS=ss=basicAuth(mechid, encpass); - } else { - si.defSS=ss=new SecuritySetter() { - - @Override - public String getID() { - return ""; - } - - @Override - public void setSecurity(CLIENT client) throws CadiException { - throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)"); - } - }; - } - } - } - - timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF)); - cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)); - highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim()); - connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim()); - userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim()); - usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based - - - initURI = new URI(access.getProperty(tag,null)); - if(initURI==null) { - throw new CadiException(tag + " property is required."); - } - - app=reverseDomain(ss.getID()); - realm="openecomp.org"; - - RosettaEnv env = new RosettaEnv(); - permsDF = env.newDataFactory(Perms.class); - usersDF = env.newDataFactory(Users.class); - certsDF = env.newDataFactory(Certs.class); - certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling - } catch (APIException|URISyntaxException e) { - throw new CadiException("AAFCon cannot be configured",e); - } - } - - /** - * Return the backing AAFCon, if there is a Lur Setup that is AAF. - * - * If there is no AAFLur setup, it will return "null" - * @param servletRequest - * @return - */ - public static final AAFCon obtain(Object servletRequest) { - if(servletRequest instanceof CadiWrap) { - Lur lur = ((CadiWrap)servletRequest).getLur(); - if(lur != null) { - if(lur instanceof EpiLur) { - AbsAAFLur aal = (AbsAAFLur) ((EpiLur)lur).subLur(AbsAAFLur.class); - if(aal!=null) { - return aal.aaf; - } - } else { - if(lur instanceof AbsAAFLur) { - return ((AbsAAFLur)lur).aaf; - } - } - } - } - return null; - } - - public AAFAuthn newAuthn() throws APIException { - try { - return new AAFAuthn(this); - } catch (APIException e) { - throw e; - } catch (Exception e) { - throw new APIException(e); - } - } - - public AAFAuthn newAuthn(AbsUserCache c) throws APIException { - try { - return new AAFAuthn(this,c); - } catch (APIException e) { - throw e; - } catch (Exception e) { - throw new APIException(e); - } - } - - public AAFLurPerm newLur() throws CadiException { - try { - return new AAFLurPerm(this); - } catch (CadiException e) { - throw e; - } catch (Exception e) { - throw new CadiException(e); - } - } - - public AAFLurPerm newLur(AbsUserCache c) throws APIException { - try { - return new AAFLurPerm(this,c); - } catch (APIException e) { - throw e; - } catch (Exception e) { - throw new APIException(e); - } - } - - /** - * Take a Fully Qualified User, and get a Namespace from it. - * @param user - * @return - */ - public static String reverseDomain(String user) { - StringBuilder sb = null; - String[] split = Split.split('.',user); - int at; - for(int i=split.length-1;i>=0;--i) { - if(sb == null) { - sb = new StringBuilder(); - } else { - sb.append('.'); - } - - if((at = split[i].indexOf('@'))>0) { - sb.append(split[i].subSequence(at+1, split[i].length())); - } else { - sb.append(split[i]); - } - } - - return sb==null?"":sb.toString(); - } - - protected abstract Rcli rclient(URI uri, SecuritySetter ss) throws CadiException; - - public abstract RET best(Retryable retryable) throws LocatorException, CadiException, APIException; - - - public abstract SecuritySetter basicAuth(String user, String password) throws CadiException; - - public abstract SecuritySetter transferSS(Principal principal) throws CadiException; - - public abstract SecuritySetter basicAuthSS(BasicPrincipal principal) throws CadiException; - - public abstract SecuritySetter x509Alias(String alias) throws APIException, CadiException; - - - public String getRealm() { - return realm; - - } - - public SecuritySetter set(SecuritySetter ss) { - this.ss = ss; - if(client!=null) { - client.setSecuritySetter(ss); - } - return ss; - } - - public SecurityInfo securityInfo() { - return si; - } - - public String defID() { - if(ss!=null) { - return ss.getID(); - } - return "unknown"; - } - - public void invalidate() throws CadiException { - if(client!=null) { - client.invalidate(); - } - client = null; - } - - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConDME2.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConDME2.java deleted file mode 100644 index 0ff8958..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConDME2.java +++ /dev/null @@ -1,157 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import java.io.IOException; -import java.net.ConnectException; -import java.net.URI; -import java.security.GeneralSecurityException; -import java.security.Principal; -import java.util.Properties; - -import com.att.aft.dme2.api.DME2Client; -import com.att.aft.dme2.api.DME2Exception; -import com.att.aft.dme2.api.DME2Manager; -import com.att.cadi.Access; -import com.att.cadi.CadiException; -import com.att.cadi.LocatorException; -import com.att.cadi.SecuritySetter; -import com.att.cadi.client.Rcli; -import com.att.cadi.client.Retryable; -import com.att.cadi.config.Config; -import com.att.cadi.config.SecurityInfo; -import com.att.cadi.dme2.DME2BasicAuth; -import com.att.cadi.dme2.DME2TransferSS; -import com.att.cadi.dme2.DME2x509SS; -import com.att.cadi.dme2.DRcli; -import com.att.cadi.principal.BasicPrincipal; -import com.att.inno.env.APIException; - -public class AAFConDME2 extends AAFCon{ - private DME2Manager manager; - - public AAFConDME2(Access access) throws CadiException, GeneralSecurityException, IOException{ - super(access,Config.AAF_URL,new SecurityInfo (access)); - manager = newManager(access); - } - - public AAFConDME2(Access access, String url) throws CadiException, GeneralSecurityException, IOException{ - super(access,url,new SecurityInfo (access)); - manager = newManager(access); - } - - public AAFConDME2(Access access, SecurityInfo si) throws CadiException { - super(access,Config.AAF_URL,si); - manager = newManager(access); - } - - public AAFConDME2(Access access, String url, SecurityInfo si) throws CadiException { - super(access,url,si); - manager = newManager(access); - } - - private DME2Manager newManager(Access access) throws CadiException { - Properties props = new Properties(); - Config.cadiToDME2(access, props); - try { - return new DME2Manager("AAFCon",props); - } catch (DME2Exception e) { - throw new CadiException(e); - } - } - - - /* (non-Javadoc) - * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuth(java.lang.String, java.lang.String) - */ - @Override - public SecuritySetter basicAuth(String user, String password) throws CadiException { - if(password.startsWith("enc:???")) { - try { - password = access.decrypt(password, true); - } catch (IOException e) { - throw new CadiException("Error Decrypting Password",e); - } - } - - try { - return set(new DME2BasicAuth(user,password,si)); - } catch (IOException e) { - throw new CadiException("Error setting up DME2BasicAuth",e); - } - } - - /* (non-Javadoc) - * @see com.att.cadi.aaf.v2_0.AAFCon#rclient(java.net.URI, com.att.cadi.SecuritySetter) - */ - @Override - protected Rcli rclient(URI uri, SecuritySetter ss) { - DRcli dc = new DRcli(uri, ss); - dc.setManager(manager); - return dc; - } - - @Override - public SecuritySetter transferSS(Principal principal) throws CadiException { - try { - return principal==null?ss:new DME2TransferSS(principal, app); - } catch (IOException e) { - throw new CadiException("Error creating DME2TransferSS",e); - } - } - - @Override - public SecuritySetter basicAuthSS(BasicPrincipal principal) throws CadiException { - try { - return new DME2BasicAuth(principal,si); - } catch (IOException e) { - throw new CadiException("Error creating DME2BasicAuth",e); - } - - } - - @Override - public SecuritySetter x509Alias(String alias) throws CadiException { - try { - return new DME2x509SS(alias,si); - } catch (Exception e) { - throw new CadiException("Error creating DME2x509SS",e); - } - } - - @Override - public RET best(Retryable retryable) throws LocatorException, CadiException, APIException { - // NOTE: DME2 had Retry Logic embedded lower. - try { - return (retryable.code(rclient(initURI,ss))); - } catch (ConnectException e) { - // DME2 should catch - try { - manager.refresh(); - } catch (Exception e1) { - throw new CadiException(e1); - } - throw new CadiException(e); - } - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConHttp.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConHttp.java deleted file mode 100644 index 8a63680..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFConHttp.java +++ /dev/null @@ -1,147 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URI; -import java.security.GeneralSecurityException; -import java.security.Principal; - -import com.att.cadi.Access; -import com.att.cadi.CadiException; -import com.att.cadi.Locator; -import com.att.cadi.LocatorException; -import com.att.cadi.SecuritySetter; -import com.att.cadi.client.AbsTransferSS; -import com.att.cadi.client.Rcli; -import com.att.cadi.client.Retryable; -import com.att.cadi.config.Config; -import com.att.cadi.config.SecurityInfo; -import com.att.cadi.http.HBasicAuthSS; -import com.att.cadi.http.HMangr; -import com.att.cadi.http.HRcli; -import com.att.cadi.http.HTransferSS; -import com.att.cadi.http.HX509SS; -import com.att.cadi.principal.BasicPrincipal; -import com.att.inno.env.APIException; - -public class AAFConHttp extends AAFCon { - private final HMangr hman; - - public AAFConHttp(Access access) throws CadiException, GeneralSecurityException, IOException { - super(access,Config.AAF_URL,new SecurityInfo(access)); - hman = new HMangr(access,Config.loadLocator(access, access.getProperty(Config.AAF_URL,null))); - } - - public AAFConHttp(Access access, String tag) throws CadiException, GeneralSecurityException, IOException { - super(access,tag,new SecurityInfo(access)); - hman = new HMangr(access,Config.loadLocator(access, access.getProperty(tag,null))); - } - - public AAFConHttp(Access access, String urlTag, SecurityInfo si) throws CadiException { - super(access,urlTag,si); - hman = new HMangr(access,Config.loadLocator(access, access.getProperty(urlTag,null))); - } - - public AAFConHttp(Access access, Locator locator) throws CadiException, GeneralSecurityException, IOException { - super(access,Config.AAF_URL,new SecurityInfo(access)); - hman = new HMangr(access,locator); - } - - public AAFConHttp(Access access, Locator locator, SecurityInfo si) throws CadiException { - super(access,Config.AAF_URL,si); - hman = new HMangr(access,locator); - } - - public AAFConHttp(Access access, Locator locator, SecurityInfo si, String tag) throws CadiException { - super(access,tag,si); - hman = new HMangr(access, locator); - } - - /* (non-Javadoc) - * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuth(java.lang.String, java.lang.String) - */ - @Override - public SecuritySetter basicAuth(String user, String password) throws CadiException { - if(password.startsWith("enc:???")) { - try { - password = access.decrypt(password, true); - } catch (IOException e) { - throw new CadiException("Error decrypting password",e); - } - } - try { - return set(new HBasicAuthSS(user,password,si)); - } catch (IOException e) { - throw new CadiException("Error creating HBasicAuthSS",e); - } - } - - public SecuritySetter x509Alias(String alias) throws APIException, CadiException { - try { - return set(new HX509SS(alias,si)); - } catch (Exception e) { - throw new CadiException("Error creating X509SS",e); - } - } - - /* (non-Javadoc) - * @see com.att.cadi.aaf.v2_0.AAFCon#rclient(java.net.URI, com.att.cadi.SecuritySetter) - */ - @Override - protected Rcli rclient(URI ignoredURI, SecuritySetter ss) throws CadiException { - try { - return new HRcli(hman, hman.loc.best() ,ss); - } catch (Exception e) { - throw new CadiException(e); - } - } - - @Override - public AbsTransferSS transferSS(Principal principal) throws CadiException { - return new HTransferSS(principal, app,si); - } - - /* (non-Javadoc) - * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuthSS(java.security.Principal) - */ - @Override - public SecuritySetter basicAuthSS(BasicPrincipal principal) throws CadiException { - try { - return new HBasicAuthSS(principal,si); - } catch (IOException e) { - throw new CadiException("Error creating HBasicAuthSS",e); - } - } - - public HMangr hman() { - return hman; - } - - @Override - public RET best(Retryable retryable) throws LocatorException, CadiException, APIException { - return hman.best(ss, (Retryable)retryable); - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFLurPerm.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFLurPerm.java deleted file mode 100644 index aae79f4..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFLurPerm.java +++ /dev/null @@ -1,198 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import java.net.ConnectException; -import java.net.URISyntaxException; -import java.security.Principal; -import java.util.Map; - -import com.att.aft.dme2.api.DME2Exception; -import com.att.cadi.AbsUserCache; -import com.att.cadi.Access; -import com.att.cadi.Access.Level; -import com.att.cadi.CachedPrincipal.Resp; -import com.att.cadi.CadiException; -import com.att.cadi.Permission; -import com.att.cadi.User; -import com.att.cadi.aaf.AAFPermission; -import com.att.cadi.client.Future; -import com.att.cadi.client.Rcli; -import com.att.cadi.client.Retryable; -import com.att.inno.env.APIException; - -import aaf.v2_0.Perm; -import aaf.v2_0.Perms; - -/** - * Use AAF Service as Permission Service. - * - * This Lur goes after AAF Permissions, which are elements of Roles, not the Roles themselves. - * - * If you want a simple Role Lur, use AAFRoleLur - * - * - */ -public class AAFLurPerm extends AbsAAFLur { - /** - * Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this - * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com". - * - * The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid. - * Thus, we validate that the ID portion follows the rules before we waste time accessing AAF remotely - * @throws APIException - * @throws URISyntaxException - * @throws DME2Exception - */ - // Package on purpose - AAFLurPerm(AAFCon con) throws CadiException, DME2Exception, URISyntaxException, APIException { - super(con); - } - - // Package on purpose - AAFLurPerm(AAFCon con, AbsUserCache auc) throws DME2Exception, URISyntaxException, APIException { - super(con,auc); - } - - protected User loadUser(Principal p) { - // Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't - // have domains. We are going to make the Transitive Class (see this.transmutative) to convert - Principal principal = transmutate.mutate(p); - if(principal==null)return null; // if not a valid Transmutated credential, don't bother calling... - return loadUser(p, p.getName()); - } - - protected User loadUser(String name) { - return loadUser((Principal)null, name); - } - - private User loadUser(final Principal prin, final String name) { - - //TODO Create a dynamic way to declare domains supported. - final long start = System.nanoTime(); - final boolean[] success = new boolean[]{false}; - -// new Exception("loadUser").printStackTrace(); - try { - return aaf.best(new Retryable>() { - @Override - public User code(Rcli client) throws CadiException, ConnectException, APIException { - Future fp = client.read("/authz/perms/user/"+name,aaf.permsDF); - - // In the meantime, lookup User, create if necessary - User user = getUser(name); - Principal p; - if(prin == null) { - p = new Principal() {// Create a holder for lookups - private String n = name; - public String getName() { - return n; - } - }; - } else { - p = prin; - } - - if(user==null) { - addUser(user = new User(p,aaf.userExpires)); // no password - } - - // OK, done all we can, now get content - if(fp.get(aaf.timeout)) { - success[0]=true; - Map newMap = user.newMap(); - for(Perm perm : fp.value.getPerm()) { - user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction())); - aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\''); - } - user.setMap(newMap); - user.renewPerm(); - } else { - int code; - switch(code=fp.code()) { - case 401: - aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls"); - break; - default: - aaf.access.log(Access.Level.ERROR, code, fp.body()); - } - } - - return user; - } - }); - } catch (Exception e) { - aaf.access.log(e,"Calling","/authz/perms/user/"+name); - return null; - } finally { - float time = (System.nanoTime()-start)/1000000f; - aaf.access.log(Level.AUDIT, success[0]?"Loaded":"Load Failure",name,"from AAF in",time,"ms"); - } - } - - public Resp reload(User user) { - final String name = user.principal.getName(); - long start = System.nanoTime(); - boolean success = false; - try { - Future fp = aaf.client(AAFCon.AAF_VERSION).read( - "/authz/perms/user/"+name, - aaf.permsDF - ); - - // OK, done all we can, now get content - if(fp.get(aaf.timeout)) { - success = true; - Map newMap = user.newMap(); - for(Perm perm : fp.value.getPerm()) { - user.add(newMap, new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction())); - aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction()); - } - user.renewPerm(); - return Resp.REVALIDATED; - } else { - int code; - switch(code=fp.code()) { - case 401: - aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls"); - break; - default: - aaf.access.log(Access.Level.ERROR, code, fp.body()); - } - return Resp.UNVALIDATED; - } - } catch (Exception e) { - aaf.access.log(e,"Calling","/authz/perms/user/"+name); - return Resp.INACCESSIBLE; - } finally { - float time = (System.nanoTime()-start)/1000000f; - aaf.access.log(Level.AUDIT, success?"Reloaded":"Reload Failure",name,"from AAF in",time,"ms"); - } - } - - @Override - protected boolean isCorrectPermType(Permission pond) { - return pond instanceof AAFPermission; - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTaf.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTaf.java deleted file mode 100644 index c294ed1..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTaf.java +++ /dev/null @@ -1,198 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import java.io.IOException; -import java.security.Principal; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.att.cadi.AbsUserCache; -import com.att.cadi.Access.Level; -import com.att.cadi.CachedPrincipal; -import com.att.cadi.CachedPrincipal.Resp; -import com.att.cadi.GetCred; -import com.att.cadi.Hash; -import com.att.cadi.Taf.LifeForm; -import com.att.cadi.User; -import com.att.cadi.aaf.AAFPermission; -import com.att.cadi.client.Future; -import com.att.cadi.client.Rcli; -import com.att.cadi.principal.BasicPrincipal; -import com.att.cadi.principal.CachedBasicPrincipal; -import com.att.cadi.taf.HttpTaf; -import com.att.cadi.taf.TafResp; -import com.att.cadi.taf.TafResp.RESP; -import com.att.cadi.taf.basic.BasicHttpTafResp; - -public class AAFTaf extends AbsUserCache implements HttpTaf { -// private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token"; -// private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable"; - private AAFCon aaf; - private boolean warn; - - public AAFTaf(AAFCon con, boolean turnOnWarning) { - super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount); - aaf = con; - warn = turnOnWarning; - } - - public AAFTaf(AAFCon con, boolean turnOnWarning, AbsUserCache other) { - super(other); - aaf = con; - warn = turnOnWarning; - } - - public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) { - //TODO Do we allow just anybody to validate? - - // Note: Either Carbon or Silicon based LifeForms ok - String auth = req.getHeader("Authorization"); - - System.out.println("value of auth ------1------- ++++++++++++++++++++++++++++++++++++++++++" +auth); - - if(auth == null) { - return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false); - } else { - if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel"); - - try { - CachedBasicPrincipal bp = new CachedBasicPrincipal(this,auth,aaf.getRealm(),aaf.cleanInterval); - System.out.println(" value of aaf.getRealm --------2--------- +++++++++++++++++++++++++++++++++++++++++++++" +aaf.getRealm() ); - //System.out.println(" value of bp +++++++++++++++++++++++++++++++++++++++++++" +bp.toString()); - System.out.println(" value of bp.getName() -------3----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getName().toString()); - System.out.println(" value of bp.getCred() -------4----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getCred().toString()); - - // First try Cache - User usr = getUser(bp); - - // System.out.println(" value of usr -------5-------++++++++++++++++++++++++++++++++++++++++++" +usr.toString()); - - if(usr != null && usr.principal != null) { - if(usr.principal instanceof GetCred) { - if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) { - - return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false); - } - } - } - - Miss miss = missed(bp.getName()); - System.out.println(" value of miss before if loop ---------6----- +++++++++++++++++++++++++++++++++++++" +miss ); - if(miss!=null && !miss.mayContinue(bp.getCred())) { - - System.out.println(" In if(miss!=null && !miss.mayContinue(bp.getCred())) -------7--------+++++++++++++++++++++++++++++++++++++++++++++"); - - return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req, - "User/Pass Retry limit exceeded"), - RESP.FAIL,resp,aaf.getRealm(),true); - } - - Rcli userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.basicAuthSS(bp)); - - //System.out.println("value of userAAF ------8---- +++++++++++++++++++++++" +userAAF); - //System.out.println("value of userAAF +++++++++++++++++++++++" +userAAF.); - Future fp = userAAF.read("/authn/basicAuth", "text/plain"); - - //System.out.println("value of fp --------9------ +++++++++++++++++++++++" +fp.toString()); - - if(fp.get(aaf.timeout)) { - System.out.println("In fp.get check -----10----- +++++++++++++"); - if(usr!=null)usr.principal = bp; - - else addUser(new User(bp,aaf.cleanInterval)); - return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false); - } else { - // Note: AddMiss checks for miss==null, and is part of logic - - System.out.println(" In the else part --------11--------++++++++++++++ "); - - boolean rv= addMiss(bp.getName(),bp.getCred()); - System.out.println(" value of bp.getName() and bp.getCred() before if check ----12--- ++++++++++++!!!!!!!!!!!++++++++++" +bp.getName() +"and " +bp.getCred()); - - if(rv) { - System.out.println("In if(rv) check -----13----- +++++++++++++"); - return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req, - "User/Pass combo invalid via AAF"), - RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true); - } else { - System.out.println("In if(rv) else check -----14----- +++++++++++++"); - return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req, - "User/Pass combo invalid via AAF - Retry limit exceeded"), - RESP.FAIL,resp,aaf.getRealm(),true); - } - } - } catch (IOException e) { - String msg = buildMsg(null,req,"Invalid Auth Token"); - System.out.println("In IOException catch block -----15----- +++++++++++++"); - e.getStackTrace(); - e.printStackTrace(); - aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')'); - return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true); - } catch (Exception e) { - String msg = buildMsg(null,req,"Authenticating Service unavailable"); - System.out.println("In Exception catch block -----16----- +++++++++++++"); - e.getStackTrace(); - e.printStackTrace(); - aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')'); - return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false); - } - } - } - - private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) { - StringBuilder sb = new StringBuilder(); - for(Object s : msg) { - sb.append(s.toString()); - } - if(pr!=null) { - sb.append(" for "); - sb.append(pr.getName()); - } - sb.append(" from "); - sb.append(req.getRemoteAddr()); - sb.append(':'); - sb.append(req.getRemotePort()); - return sb.toString(); - } - - - - public Resp revalidate(CachedPrincipal prin) { - // !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal - if(prin instanceof BasicPrincipal) { - Future fp; - try { - Rcli userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.transferSS(prin)); - fp = userAAF.read("/authn/basicAuth", "text/plain"); - return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED; - } catch (Exception e) { - aaf.access.log(e, "Cannot Revalidate",prin.getName()); - return Resp.INACCESSIBLE; - } - } - return Resp.NOT_MINE; - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java deleted file mode 100644 index 175f699..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AAFTrustChecker.java +++ /dev/null @@ -1,90 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import javax.servlet.http.HttpServletRequest ; - -import com.att.cadi.Lur; -import com.att.cadi.TrustChecker; -import com.att.cadi.aaf.AAFPermission; -import com.att.cadi.principal.TrustPrincipal; -import com.att.cadi.taf.TafResp; -import com.att.cadi.taf.TrustNotTafResp; -import com.att.cadi.taf.TrustTafResp; -import com.att.inno.env.util.Split; - -public class AAFTrustChecker implements TrustChecker { - private final String tag,type,instance,action; - private Lur lur; - - /** - * - * Instance will be replaced by Identity - * @param lur - * - * @param tag - * @param perm - */ - public AAFTrustChecker(final String tag, final String perm) { - this.tag = tag; - String[] split = Split.split('|', perm); - this.type = split[0]; - this.instance = split[1]; - this.action = split[2]; - } - - /* (non-Javadoc) - * @see com.att.cadi.TrustChecker#setLur(com.att.cadi.Lur) - */ - @Override - public void setLur(Lur lur) { - this.lur = lur; - } - - @Override - public TafResp mayTrust(TafResp tresp, HttpServletRequest req) { - String user_info = req.getHeader(tag); - if(user_info !=null ) { - String[] info = Split.split(',', user_info); - if(info.length>0) { - String[] flds = Split.split(':',info[0]); - if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS" - if(!tresp.getPrincipal().getName().equals(flds[0])) { // We do trust ourselves, if a trust entry is made with self - if(lur.fish(tresp.getPrincipal(), new AAFPermission(type,instance,action))) { - return new TrustTafResp(tresp, - new TrustPrincipal(tresp.getPrincipal(), flds[0]), - " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',' - ); - } else { - return new TrustNotTafResp(tresp, " " + tresp.getPrincipal().getName() + - " requested identity change to " + flds[0] + ", but does not have Authorization"); - } - } - } - } - } - - return tresp; - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java b/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java deleted file mode 100644 index 03f6c70..0000000 --- a/aaf/src/src/main/java/com/att/cadi/aaf/v2_0/AbsAAFLur.java +++ /dev/null @@ -1,274 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.v2_0; - -import java.net.URISyntaxException; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; - -import com.att.aft.dme2.api.DME2Exception; -import com.att.cadi.AbsUserCache; -import com.att.cadi.Access.Level; -import com.att.cadi.CachingLur; -import com.att.cadi.Permission; -import com.att.cadi.StrLur; -import com.att.cadi.Transmutate; -import com.att.cadi.User; -import com.att.cadi.config.Config; -import com.att.cadi.aaf.AAFPermission; -import com.att.cadi.aaf.AAFTransmutate; -import com.att.inno.env.APIException; -import com.att.inno.env.util.Split; - -public abstract class AbsAAFLur extends AbsUserCache implements StrLur, CachingLur { - protected static final byte[] BLANK_PASSWORD = new byte[0]; - protected static final Transmutate transmutate = new AAFTransmutate(); - private String[] debug = null; - public AAFCon aaf; - private String[] supports; - - public AbsAAFLur(AAFCon con) throws DME2Exception, URISyntaxException, APIException { - super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount); - aaf = con; - setLur(this); - supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*"); - } - - public AbsAAFLur(AAFCon con, AbsUserCache auc) throws DME2Exception, URISyntaxException, APIException { - super(auc); - aaf = con; - setLur(this); - supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*"); - } - - @Override - public void setDebug(String ids) { - this.debug = ids==null?null:Split.split(',', ids); - } - - protected abstract User loadUser(Principal bait); - protected abstract User loadUser(String name); - public final boolean supports(String userName) { - if(userName!=null) { - for(String s : supports) { - if(userName.endsWith(s)) - return true; - } - } - return false; - } - - protected abstract boolean isCorrectPermType(Permission pond); - - // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond" - public boolean fish(Principal bait, Permission pond) { - return fish(bait.getName(), pond); - } - - public void fishAll(Principal bait, List perms) { - fishAll(bait.getName(),perms); - } - - // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond" - public boolean fish(String bait, Permission pond) { - if(isDebug(bait)) { - boolean rv = false; - StringBuilder sb = new StringBuilder("Log for "); - sb.append(bait); - if(supports(bait)) { - User user = getUser(bait); - if(user==null) { - sb.append("\n\tUser is not in Cache"); - } else { - if(user.noPerms())sb.append("\n\tUser has no Perms"); - if(user.permExpired()) { - sb.append("\n\tUser's perm expired ["); - sb.append(new Date(user.permExpires())); - sb.append(']'); - } else { - sb.append("\n\tUser's perm expires ["); - sb.append(new Date(user.permExpires())); - sb.append(']'); - } - } - if(user==null || (user.noPerms() && user.permExpired())) { - user = loadUser(bait); - sb.append("\n\tloadUser called"); - } - if(user==null) { - sb.append("\n\tUser was not Loaded"); - } else if(user.contains(pond)) { - sb.append("\n\tUser contains "); - sb.append(pond.getKey()); - rv = true; - } else { - sb.append("\n\tUser does not contain "); - sb.append(pond.getKey()); - List perms = new ArrayList(); - user.copyPermsTo(perms); - for(Permission p : perms) { - sb.append("\n\t\t"); - sb.append(p.getKey()); - } - } - } else { - sb.append("AAF Lur does not support ["); - sb.append(bait); - sb.append("]"); - } - aaf.access.log(Level.INFO, sb); - return rv; - } else { - if(supports(bait)) { - User user = getUser(bait); - if(user==null || (user.noPerms() && user.permExpired())) { - user = loadUser(bait); - } - return user==null?false:user.contains(pond); - } - return false; - } - } - - public void fishAll(String bait, List perms) { - if(isDebug(bait)) { - StringBuilder sb = new StringBuilder("Log for "); - sb.append(bait); - if(supports(bait)) { - User user = getUser(bait); - if(user==null) { - sb.append("\n\tUser is not in Cache"); - } else { - if(user.noPerms())sb.append("\n\tUser has no Perms"); - if(user.permExpired()) { - sb.append("\n\tUser's perm expired ["); - sb.append(new Date(user.permExpires())); - sb.append(']'); - } else { - sb.append("\n\tUser's perm expires ["); - sb.append(new Date(user.permExpires())); - sb.append(']'); - } - } - if(user==null || (user.noPerms() && user.permExpired())) { - user = loadUser(bait); - sb.append("\n\tloadUser called"); - } - if(user==null) { - sb.append("\n\tUser was not Loaded"); - } else { - sb.append("\n\tCopying Perms "); - user.copyPermsTo(perms); - for(Permission p : perms) { - sb.append("\n\t\t"); - sb.append(p.getKey()); - } - } - } else { - sb.append("AAF Lur does not support ["); - sb.append(bait); - sb.append("]"); - } - aaf.access.log(Level.INFO, sb); - } else { - if(supports(bait)) { - User user = getUser(bait); - if(user==null || (user.noPerms() && user.permExpired())) user = loadUser(bait); - if(user!=null) { - user.copyPermsTo(perms); - } - } - } - } - - @Override - public void remove(String user) { - super.remove(user); - } - - private boolean isDebug(String bait) { - if(debug!=null) { - if(debug.length==1 && "all".equals(debug[0]))return true; - for(String s : debug) { - if(s.equals(bait))return true; - } - } - return false; - } - /** - * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found. - * - * @param bait - * @param obj - * @param type - * @param instance - * @param actions - */ - public void fishOneOf(String bait, A obj, String type, String instance, List> actions) { - User user = getUser(bait); - if(user==null || (user.noPerms() && user.permExpired()))user = loadUser(bait); -// return user==null?false:user.contains(pond); - if(user!=null) { - ReuseAAFPermission perm = new ReuseAAFPermission(type,instance); - for(Action action : actions) { - perm.setAction(action.getName()); - if(user.contains(perm)) { - if(action.exec(obj))return; - } - } - } - } - - public static interface Action { - public String getName(); - /** - * Return false to continue, True to end now - * @return - */ - public boolean exec(A a); - } - - private class ReuseAAFPermission extends AAFPermission { - public ReuseAAFPermission(String type, String instance) { - super(type,instance,null); - } - - public void setAction(String s) { - action = s; - } - - /** - * This function understands that AAF Keys are hierarchical, :A:B:C, - * Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit - * @return - */ -// public boolean setParentInstance() { -// int i = instance.lastIndexOf(':'); -// if(i<0) return false; -// instance = instance.substring(0, i); -// return true; -// } - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/cm/ArtifactDir.java b/aaf/src/src/main/java/com/att/cadi/cm/ArtifactDir.java deleted file mode 100644 index 8fe1f7a..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/ArtifactDir.java +++ /dev/null @@ -1,272 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.FileWriter; -import java.io.IOException; -import java.io.PrintStream; -import java.io.PrintWriter; -import java.security.KeyStore; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import com.att.cadi.CadiException; -import com.att.cadi.Symm; -import com.att.cadi.config.Config; -import com.att.cadi.util.Chmod; -import com.att.inno.env.Trans; -import com.att.inno.env.util.Chrono; - -import certman.v1_0.Artifacts.Artifact; -import certman.v1_0.CertInfo; - -public abstract class ArtifactDir implements PlaceArtifact { - - protected static final String C_R = "\n"; - protected File dir; - private List encodeds = new ArrayList(); - - private Symm symm; - // This checks for multiple passes of Dir on the same objects. Run clear after done. - protected static Map processed = new HashMap(); - - - /** - * Note: Derived Classes should ALWAYS call "super.place(cert,arti)" first, and - * then "placeProperties(arti)" just after they implement - */ - @Override - public final boolean place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { - validate(arti); - - try { - // Obtain/setup directory as required - dir = new File(arti.getDir()); - if(processed.get("dir")==null) { - if(!dir.exists()) { - Chmod.to755.chmod(dir); - if(!dir.mkdirs()) { - throw new CadiException("Could not create " + dir); - } - } - - // Also place cm_url and Host Name - addProperty(Config.CM_URL,trans.getProperty(Config.CM_URL)); - addProperty(Config.HOSTNAME,arti.getMachine()); - } - symm = (Symm)processed.get("symm"); - if(symm==null) { - // CADI Key Gen - File f = new File(dir,arti.getAppName() + ".keyfile"); - if(!f.exists()) { - write(f,Chmod.to400,Symm.baseCrypt().keygen()); - } - symm = Symm.obtain(f); - - addEncProperty("ChallengePassword", certInfo.getChallenge()); - - processed.put("symm",symm); - } - - _place(trans, certInfo,arti); - - placeProperties(arti); - - processed.put("dir",dir); - - } catch (Exception e) { - throw new CadiException(e); - } - return true; - } - - /** - * Derived Classes implement this instead, so Dir can process first, and write any Properties last - * @param cert - * @param arti - * @return - * @throws CadiException - */ - protected abstract boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException; - - protected void addProperty(String tag, String value) throws IOException { - StringBuilder sb = new StringBuilder(); - sb.append(tag); - sb.append('='); - sb.append(value); - encodeds.add(sb.toString()); - } - - protected void addEncProperty(String tag, String value) throws IOException { - StringBuilder sb = new StringBuilder(); - sb.append(tag); - sb.append('='); - sb.append("enc:???"); - sb.append(symm.enpass(value)); - encodeds.add(sb.toString()); - } - - protected void write(File f, Chmod c, String ... data) throws IOException { - f.setWritable(true,true); - - FileOutputStream fos = new FileOutputStream(f); - PrintStream ps = new PrintStream(fos); - try { - for(String s : data) { - ps.print(s); - } - } finally { - ps.close(); - c.chmod(f); - } - } - - protected void write(File f, Chmod c, byte[] bytes) throws IOException { - f.setWritable(true,true); - - FileOutputStream fos = new FileOutputStream(f); - try { - fos.write(bytes); - } finally { - fos.close(); - c.chmod(f); - } - } - - protected void write(File f, Chmod c, KeyStore ks, char[] pass ) throws IOException, CadiException { - f.setWritable(true,true); - - FileOutputStream fos = new FileOutputStream(f); - try { - ks.store(fos, pass); - } catch (Exception e) { - throw new CadiException(e); - } finally { - fos.close(); - c.chmod(f); - } - } - - - private void validate(Artifact a) throws CadiException { - StringBuilder sb = new StringBuilder(); - if(a.getDir()==null) { - sb.append("File Artifacts require a path"); - } - - if(a.getAppName()==null) { - if(sb.length()>0) { - sb.append('\n'); - } - sb.append("File Artifacts require an appName"); - } - - if(sb.length()>0) { - throw new CadiException(sb.toString()); - } - } - - private boolean placeProperties(Artifact arti) throws CadiException { - if(encodeds.size()==0) { - return true; - } - boolean first=processed.get("dir")==null; - try { - File f = new File(dir,arti.getAppName()+".props"); - if(f.exists()) { - if(first) { - f.delete(); - } else { - f.setWritable(true); - } - } - // Append if not first - PrintWriter pw = new PrintWriter(new FileWriter(f,!first)); - - // Write a Header - if(first) { - for(int i=0;i<60;++i) { - pw.print('#'); - } - pw.println(); - pw.println("# Properties Generated by AT&T Certificate Manager"); - pw.print("# by "); - pw.println(System.getProperty("user.name")); - pw.print("# on "); - pw.println(Chrono.dateStamp()); - pw.println("# @copyright 2016, AT&T"); - for(int i=0;i<60;++i) { - pw.print('#'); - } - pw.println(); - for(String prop : encodeds) { - if(prop.startsWith("cm_") || prop.startsWith(Config.HOSTNAME)) { - pw.println(prop); - } - } - } - - try { - for(String prop : encodeds) { - if(prop.startsWith("cadi")) { - pw.println(prop); - } - } - } finally { - pw.close(); - } - Chmod.to400.chmod(f); - - if(first) { - // Challenge - f = new File(dir,arti.getAppName()+".chal"); - if(f.exists()) { - f.delete(); - } - pw = new PrintWriter(new FileWriter(f)); - try { - for(String prop : encodeds) { - if(prop.startsWith("Challenge")) { - pw.println(prop); - } - } - } finally { - pw.close(); - } - Chmod.to400.chmod(f); - } - } catch(Exception e) { - throw new CadiException(e); - } - return true; - } - - public static void clear() { - processed.clear(); - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/cm/CertException.java b/aaf/src/src/main/java/com/att/cadi/cm/CertException.java deleted file mode 100644 index ce38c21..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/CertException.java +++ /dev/null @@ -1,46 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -public class CertException extends Exception { - - /** - * - */ - private static final long serialVersionUID = 1373028409048516401L; - - public CertException() { - } - - public CertException(String message) { - super(message); - } - - public CertException(Throwable cause) { - super(cause); - } - - public CertException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/cm/CmAgent.java b/aaf/src/src/main/java/com/att/cadi/cm/CmAgent.java deleted file mode 100644 index fe76082..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/CmAgent.java +++ /dev/null @@ -1,786 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import java.io.BufferedReader; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.security.KeyStore; -import java.security.cert.X509Certificate; -import java.util.ArrayDeque; -import java.util.Deque; -import java.util.GregorianCalendar; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; - -import com.att.cadi.Access; -import com.att.cadi.Symm; -import com.att.cadi.aaf.client.ErrMessage; -import com.att.cadi.aaf.v2_0.AAFCon; -import com.att.cadi.aaf.v2_0.AAFConHttp; -import com.att.cadi.client.EnvAccess; -import com.att.cadi.client.Future; -import com.att.cadi.config.Config; -import com.att.cadi.http.HBasicAuthSS; -import com.att.inno.env.Data.TYPE; -import com.att.inno.env.Env; -import com.att.inno.env.TimeTaken; -import com.att.inno.env.Trans; -import com.att.inno.env.util.Chrono; -import com.att.inno.env.util.Split; -import com.att.rosetta.env.RosettaDF; -import com.att.rosetta.env.RosettaEnv; - -import certman.v1_0.Artifacts; -import certman.v1_0.Artifacts.Artifact; -import certman.v1_0.CertInfo; -import certman.v1_0.CertificateRequest; - -public class CmAgent { - private static final String PRINT = "print"; - private static final String FILE = "file"; - private static final String PKCS12 = "pkcs12"; - private static final String JKS = "jks"; - private static final String SCRIPT="script"; - - private static final String CM_VER = "1.0"; - public static final int PASS_SIZE = 24; - private static int TIMEOUT; - - private static MyConsole cons; - - private static RosettaDF reqDF; - private static RosettaDF certDF; - private static RosettaDF artifactsDF; - private static ErrMessage errMsg; - private static Map placeArtifact; - private static RosettaEnv env; - - public static void main(String[] args) { - int exitCode = 0; - env = new RosettaEnv(Config.CADI_PROP_FILES,args); - Deque cmds = new ArrayDeque(); - for(String p : args) { - if(p.indexOf('=')<0) { - cmds.add(p); - } - } - - if(cmds.size()==0) { - System.out.println("Usage: java -jar cmd []*"); - System.out.println(" create []"); - System.out.println(" read []"); - System.out.println(" update []"); - System.out.println(" delete []"); - System.out.println(" copy [,]*"); - System.out.println(" place []"); - System.out.println(" showpass []"); - System.out.println(" check []"); - System.exit(1); - } - - TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000")); - cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole(); - - try { - reqDF = env.newDataFactory(CertificateRequest.class); - artifactsDF = env.newDataFactory(Artifacts.class); - certDF = env.newDataFactory(CertInfo.class); - errMsg = new ErrMessage(env); - - placeArtifact = new HashMap(); - placeArtifact.put(JKS, new PlaceArtifactInKeystore(JKS)); - placeArtifact.put(PKCS12, new PlaceArtifactInKeystore(PKCS12)); - placeArtifact.put(FILE, new PlaceArtifactInFiles()); - placeArtifact.put(PRINT, new PlaceArtifactOnStream(System.out)); - placeArtifact.put(SCRIPT, new PlaceArtifactScripts()); - - Access access = new EnvAccess(env); - Trans trans = env.newTrans(); - try { - getProperty(env,false, Config.CM_URL,Config.CM_URL+": "); - String str=env.getProperty(Config.CADI_ALIAS); - if(str==null) { // ask for MechID pass - getProperty(env,false,Config.AAF_MECHID,"Your Identity: "); - getProperty(env,true,Config.AAF_MECHPASS,"Password: "); - } - AAFCon aafcon = new AAFConHttp(access,Config.CM_URL); - - String cmd = cmds.removeFirst(); - if("place".equals(cmd)) { - placeCerts(trans,aafcon,cmds); - } else if("create".equals(cmd)) { - createArtifact(trans, aafcon,cmds); - } else if("read".equals(cmd)) { - readArtifact(trans, aafcon, cmds); - } else if("copy".equals(cmd)) { - copyArtifact(trans, aafcon, cmds); - } else if("update".equals(cmd)) { - updateArtifact(trans, aafcon, cmds); - } else if("delete".equals(cmd)) { - deleteArtifact(trans, aafcon, cmds); - } else if("showpass".equals(cmd)) { - showPass(trans,aafcon,cmds); - } else if("check".equals(cmd)) { - try { - exitCode = check(trans,aafcon,cmds); - } catch (Exception e) { - exitCode = 1; - throw e; - } - } else { - cons.printf("Unknown command \"%s\"\n", cmd); - } - } finally { - StringBuilder sb = new StringBuilder(); - trans.auditTrail(4, sb, Trans.REMOTE); - if(sb.length()>0) { - trans.info().log("Trans Info\n",sb); - } - } - } catch (Exception e) { - e.printStackTrace(); - } - if(exitCode!=0) { - System.exit(exitCode); - } - } - - private static String getProperty(Env env, boolean secure, String tag, String prompt, Object ... def) { - String value; - if((value=env.getProperty(tag))==null) { - if(secure) { - value = new String(cons.readPassword(prompt, def)); - } else { - value = cons.readLine(prompt,def).trim(); - } - if(value!=null) { - if(value.length()>0) { - env.setProperty(tag,value); - } else if(def.length==1) { - value=def[0].toString(); - env.setProperty(tag,value); - } - } - } - return value; - } - - private interface MyConsole { - public String readLine(String fmt, Object ... args); - public char[] readPassword(String fmt, Object ... args); - public void printf(String fmt, Object ...args); - } - - private static class TheConsole implements MyConsole { - @Override - public String readLine(String fmt, Object... args) { - String rv = System.console().readLine(fmt, args); - if(args.length>0 && args[0]!=null && rv.length()==0) { - rv = args[0].toString(); - } - return rv; - } - - @Override - public char[] readPassword(String fmt, Object... args) { - return System.console().readPassword(fmt, args); - } - - public static boolean implemented() { - return System.console()!=null; - } - - @Override - public void printf(String fmt, Object... args) { - System.console().printf(fmt, args); - } - } - - // Substandard, because System.in doesn't do Passwords.. - private static class SubStandardConsole implements MyConsole { - BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); - @Override - public String readLine(String fmt, Object... args) { - String rv; - try { - System.out.printf(fmt,args); - rv = br.readLine(); - if(args.length==1 && rv.length()==0) { - rv = args[0].toString(); - } - } catch (IOException e) { - System.err.println("uh oh..."); - rv = ""; - } - return rv; - } - - @Override - public char[] readPassword(String fmt, Object... args) { - try { - System.out.printf(fmt,args); - return br.readLine().toCharArray(); - } catch (IOException e) { - System.err.println("uh oh..."); - return new char[0]; - } - } - - @Override - public void printf(String fmt, Object... args) { - System.out.printf(fmt, args); - } - } - -// private static class AutoData implements MyConsole { -//// private Env env; -// private Map data; -// -// @Override -// public String readLine(String fmt, Object... args) { -// String rv=data.get(fmt); -// return rv==null?"":rv; -// } -// -// @Override -// public char[] readPassword(String fmt, Object... args) { -// String rv=data.get(fmt); -// return rv==null?new char[0]:rv.toCharArray(); -// } -// -// @Override -// public void printf(String fmt, Object... args) { -// System.out.printf(fmt, args); -// } -// -// } -// - private static String mechID(Deque cmds) { - if(cmds.size()<1) { - String alias = env.getProperty(Config.CADI_ALIAS); - return alias!=null?alias:cons.readLine("MechID: "); - } - return cmds.removeFirst(); - } - - private static String machine(Deque cmds) throws UnknownHostException { - if(cmds.size()>0) { - return cmds.removeFirst(); - } else { - String mach = env.getProperty(Config.HOSTNAME); - return mach!=null?mach:InetAddress.getLocalHost().getHostName(); - } - } - - private static String[] machines(Deque cmds) { - String machines; - if(cmds.size()>0) { - machines = cmds.removeFirst(); - } else { - machines = cons.readLine("Machines (sep by ','): "); - } - return Split.split(',', machines); - } - - private static void createArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); - String machine = machine(cmds); - - Artifacts artifacts = new Artifacts(); - Artifact arti = new Artifact(); - artifacts.getArtifact().add(arti); - arti.setMechid(mechID!=null?mechID:cons.readLine("MechID: ")); - arti.setMachine(machine!=null?machine:cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName())); - arti.setCa(cons.readLine("CA: (%s): ","aaf")); - - String resp = cons.readLine("Types [file,jks,pkcs12] (%s): ", "jks"); - for(String s : Split.splitTrim(',', resp)) { - arti.getType().add(s); - } - // Always do Script - if(!resp.contains(SCRIPT)) { - arti.getType().add(SCRIPT); - } - - // Note: Sponsor is set on Creation by CM - String configRootName = AAFCon.reverseDomain(arti.getMechid()); - arti.setAppName(cons.readLine("AppName (%s): ",configRootName)); - arti.setDir(cons.readLine("Directory (%s): ", System.getProperty("user.dir"))); - arti.setOsUser(cons.readLine("OS User (%s): ", System.getProperty("user.name"))); - arti.setRenewDays(Integer.parseInt(cons.readLine("Renewal Days (%s):", "30"))); - arti.setNotification(toNotification(cons.readLine("Notification (mailto owner):", ""))); - - TimeTaken tt = trans.start("Create Artifact", Env.REMOTE); - try { - Future future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts); - if(future.get(TIMEOUT)) { - trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine()); - } else { - trans.error().printf("Call to AAF Certman failed, %s", - errMsg.toMsg(future)); - } - } finally { - tt.done(); - } - } - - private static String toNotification(String notification) { - if(notification==null) { - notification=""; - } else if(notification.length()>0) { - if(notification.indexOf(':')<0) { - notification = "mailto:" + notification; - } - } - return notification; - } - - - private static void readArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); - String machine = machine(cmds); - - TimeTaken tt = trans.start("Read Artifact", Env.SUB); - try { - Future future = aafcon.client(CM_VER) - .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF); - - if(future.get(TIMEOUT)) { - boolean printed = false; - for(Artifact a : future.value.getArtifact()) { - cons.printf("MechID: %s\n",a.getMechid()); - cons.printf(" Sponsor: %s\n",a.getSponsor()); - cons.printf("Machine: %s\n",a.getMachine()); - cons.printf("CA: %s\n",a.getCa()); - StringBuilder sb = new StringBuilder(); - boolean first = true; - for(String t : a.getType()) { - if(first) {first=false;} - else{sb.append(',');} - sb.append(t); - } - cons.printf("Types: %s\n",sb); - cons.printf("AppName: %s\n",a.getAppName()); - cons.printf("Directory: %s\n",a.getDir()); - cons.printf("O/S User: %s\n",a.getOsUser()); - cons.printf("Renew Days: %d\n",a.getRenewDays()); - cons.printf("Notification %s\n",a.getNotification()); - printed = true; - } - if(!printed) { - cons.printf("Artifact for %s %s does not exist", mechID, machine); - } - } else { - trans.error().log(errMsg.toMsg(future)); - } - } finally { - tt.done(); - } - } - - private static void copyArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); - String machine = machine(cmds); - String[] newmachs = machines(cmds); - if(newmachs==null || newmachs == null) { - trans.error().log("No machines listed to copy to"); - } else { - TimeTaken tt = trans.start("Copy Artifact", Env.REMOTE); - try { - Future future = aafcon.client(CM_VER) - .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF); - - if(future.get(TIMEOUT)) { - boolean printed = false; - for(Artifact a : future.value.getArtifact()) { - for(String m : newmachs) { - a.setMachine(m); - Future fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, future.value); - if(fup.get(TIMEOUT)) { - trans.info().printf("Copy of %s %s successful to %s",mechID,machine,m); - } else { - trans.error().printf("Call to AAF Certman failed, %s", - errMsg.toMsg(fup)); - } - - printed = true; - } - } - if(!printed) { - cons.printf("Artifact for %s %s does not exist", mechID, machine); - } - } else { - trans.error().log(errMsg.toMsg(future)); - } - } finally { - tt.done(); - } - } - } - - private static void updateArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); - String machine = machine(cmds); - - TimeTaken tt = trans.start("Update Artifact", Env.REMOTE); - try { - Future fread = aafcon.client(CM_VER) - .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF); - - if(fread.get(TIMEOUT)) { - Artifacts artifacts = new Artifacts(); - for(Artifact a : fread.value.getArtifact()) { - Artifact arti = new Artifact(); - artifacts.getArtifact().add(arti); - - cons.printf("For %s on %s\n", a.getMechid(),a.getMachine()); - arti.setMechid(a.getMechid()); - arti.setMachine(a.getMachine()); - arti.setCa(cons.readLine("CA: (%s): ",a.getCa())); - StringBuilder sb = new StringBuilder(); - boolean first = true; - for(String t : a.getType()) { - if(first) {first=false;} - else{sb.append(',');} - sb.append(t); - } - - String resp = cons.readLine("Types [file,jks,pkcs12] (%s): ", sb); - for(String s : Split.splitTrim(',', resp)) { - arti.getType().add(s); - } - // Always do Script - if(!resp.contains(SCRIPT)) { - arti.getType().add(SCRIPT); - } - - // Note: Sponsor is set on Creation by CM - arti.setAppName(cons.readLine("AppName (%s): ",a.getAppName())); - arti.setDir(cons.readLine("Directory (%s): ", a.getDir())); - arti.setOsUser(cons.readLine("OS User (%s): ", a.getOsUser())); - arti.setRenewDays(Integer.parseInt(cons.readLine("Renew Days (%s):", a.getRenewDays()))); - arti.setNotification(toNotification(cons.readLine("Notification (%s):", a.getNotification()))); - - } - if(artifacts.getArtifact().size()==0) { - cons.printf("Artifact for %s %s does not exist", mechID, machine); - } else { - Future fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, artifacts); - if(fup.get(TIMEOUT)) { - trans.info().printf("Call to AAF Certman successful %s, %s",mechID,machine); - } else { - trans.error().printf("Call to AAF Certman failed, %s", - errMsg.toMsg(fup)); - } - } - } else { - trans.error().printf("Call to AAF Certman failed, %s %s, %s", - errMsg.toMsg(fread),mechID,machine); - } - } finally { - tt.done(); - } - } - - private static void deleteArtifact(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechid = mechID(cmds); - String machine = mechID(cmds); - - TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE); - try { - Future future = aafcon.client(CM_VER) - .delete("/cert/artifacts/"+mechid+"/"+machine,"application/json" ); - - if(future.get(TIMEOUT)) { - trans.info().printf("Call to AAF Certman successful %s, %s",mechid,machine); - } else { - trans.error().printf("Call to AAF Certman failed, %s %s, %s", - errMsg.toMsg(future),mechid,machine); - } - } finally { - tt.done(); - } - } - - - - private static boolean placeCerts(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - boolean rv = false; - String mechID = mechID(cmds); - String machine = machine(cmds); - - TimeTaken tt = trans.start("Place Artifact", Env.REMOTE); - try { - Future acf = aafcon.client(CM_VER) - .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF); - if(acf.get(TIMEOUT)) { - // Have to wait for JDK 1.7 source... - //switch(artifact.getType()) { - if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) { - cons.printf("There are no artifacts for %s %s", mechID, machine); - } else { - for(Artifact a : acf.value.getArtifact()) { - CertificateRequest cr = new CertificateRequest(); - cr.setMechid(a.getMechid()); - cr.setSponsor(a.getSponsor()); - cr.getFqdns().add(a.getMachine()); - Future f = aafcon.client(CM_VER) - .setQueryParams("withTrust") - .updateRespondString("/cert/" + a.getCa(),reqDF, cr); - if(f.get(TIMEOUT)) { - CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject(); - for(String type : a.getType()) { - PlaceArtifact pa = placeArtifact.get(type); - if(pa!=null) { - if(rv = pa.place(trans, capi, a)) { - notifyPlaced(a,rv); - } - } - } - // Cover for the above multiple pass possibilities with some static Data, then clear per Artifact - ArtifactDir.clear(); - } else { - trans.error().log(errMsg.toMsg(f)); - } - } - } - } else { - trans.error().log(errMsg.toMsg(acf)); - } - } finally { - tt.done(); - } - return rv; - } - - private static void notifyPlaced(Artifact a, boolean rv) { - - - } - - private static void showPass(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - String mechID = mechID(cmds); - String machine = machine(cmds); - - TimeTaken tt = trans.start("Show Password", Env.REMOTE); - try { - Future acf = aafcon.client(CM_VER) - .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF); - if(acf.get(TIMEOUT)) { - // Have to wait for JDK 1.7 source... - //switch(artifact.getType()) { - if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) { - cons.printf("No Artifacts found for %s on %s", mechID, machine); - } else { - String id = aafcon.defID(); - boolean allowed; - for(Artifact a : acf.value.getArtifact()) { - allowed = id!=null && (id.equals(a.getSponsor()) || - (id.equals(a.getMechid()) - && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class))); - if(!allowed) { - Future pf = aafcon.client(CM_VER).read("/cert/may/" + - a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*"); - if(pf.get(TIMEOUT)) { - allowed = true; - } else { - trans.error().log(errMsg.toMsg(pf)); - } - } - if(allowed) { - File dir = new File(a.getDir()); - Properties props = new Properties(); - FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props")); - try { - props.load(fis); - fis.close(); - fis = new FileInputStream(new File(dir,a.getAppName()+".chal")); - props.load(fis); - } finally { - fis.close(); - } - - File f = new File(dir,a.getAppName()+".keyfile"); - if(f.exists()) { - Symm symm = Symm.obtain(f); - - for(Iterator> iter = props.entrySet().iterator(); iter.hasNext();) { - Entry en = iter.next(); - if(en.getValue().toString().startsWith("enc:???")) { - System.out.printf("%s=%s\n", en.getKey(), symm.depass(en.getValue().toString())); - } - } - } else { - trans.error().printf("%s.keyfile must exist to read passwords for %s on %s", - f.getCanonicalPath(),a.getMechid(), a.getMachine()); - } - } - } - } - } else { - trans.error().log(errMsg.toMsg(acf)); - } - } finally { - tt.done(); - } - - } - - - /** - * Check returns Error Codes, so that Scripts can know what to do - * - * 0 - Check Complete, nothing to do - * 1 - General Error - * 2 - Error for specific Artifact - read check.msg - * 10 - Certificate Updated - check.msg is email content - * - * @param trans - * @param aafcon - * @param cmds - * @return - * @throws Exception - */ - private static int check(Trans trans, AAFCon aafcon, Deque cmds) throws Exception { - int exitCode=1; - String mechID = mechID(cmds); - String machine = machine(cmds); - - TimeTaken tt = trans.start("Check Certificate", Env.REMOTE); - try { - - Future acf = aafcon.client(CM_VER) - .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF); - if(acf.get(TIMEOUT)) { - // Have to wait for JDK 1.7 source... - //switch(artifact.getType()) { - if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) { - cons.printf("No Artifacts found for %s on %s", mechID, machine); - } else { - String id = aafcon.defID(); - GregorianCalendar now = new GregorianCalendar(); - for(Artifact a : acf.value.getArtifact()) { - if(id.equals(a.getMechid())) { - File dir = new File(a.getDir()); - Properties props = new Properties(); - FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props")); - try { - props.load(fis); - } finally { - fis.close(); - } - - String prop; - File f; - - if((prop=props.getProperty(Config.CADI_KEYFILE))==null || - !(f=new File(prop)).exists()) { - trans.error().printf("Keyfile must exist to check Certificates for %s on %s", - a.getMechid(), a.getMachine()); - } else { - String ksf = props.getProperty(Config.CADI_KEYSTORE); - String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD); - if(ksf==null || ksps == null) { - trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s", - Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine()); - } else { - KeyStore ks = KeyStore.getInstance("JKS"); - Symm symm = Symm.obtain(f); - - fis = new FileInputStream(ksf); - try { - ks.load(fis,symm.depass(ksps).toCharArray()); - } finally { - fis.close(); - } - X509Certificate cert = (X509Certificate)ks.getCertificate(mechID); - String msg = null; - - if(cert==null) { - msg = String.format("X509Certificate does not exist for %s on %s in %s", - a.getMechid(), a.getMachine(), ksf); - trans.error().log(msg); - exitCode = 2; - } else { - GregorianCalendar renew = new GregorianCalendar(); - renew.setTime(cert.getNotAfter()); - renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays()); - if(renew.after(now)) { - msg = String.format("As of %s, X509Certificate for %s on %s, expiration %s is still within %d renewal days.\n", - Chrono.dateOnlyStamp(), a.getMechid(), a.getMachine(), cert.getNotAfter(),a.getRenewDays()); - trans.info().log(msg); - exitCode = 0; // OK - } else { - trans.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n", - a.getMechid(), a.getMachine(),cert.getNotAfter()); - cmds.offerLast(mechID); - cmds.offerLast(machine); - if(placeCerts(trans,aafcon,cmds)) { - msg = String.format("X509Certificate for %s on %s has been renewed. Ensure services using are refreshed.\n", - a.getMechid(), a.getMachine()); - exitCode = 10; // Refreshed - } else { - msg = String.format("X509Certificate for %s on %s attempted renewal, but failed. Immediate Investigation is required!\n", - a.getMechid(), a.getMachine()); - exitCode = 1; // Error Renewing - } - } - } - if(msg!=null) { - FileOutputStream fos = new FileOutputStream(a.getDir()+'/'+a.getAppName()+".msg"); - try { - fos.write(msg.getBytes()); - } finally { - fos.close(); - } - } - } - - } - } - } - } - } else { - trans.error().log(errMsg.toMsg(acf)); - exitCode=1; - } - } finally { - tt.done(); - } - return exitCode; - } - -} - - - - diff --git a/aaf/src/src/main/java/com/att/cadi/cm/Factory.java b/aaf/src/src/main/java/com/att/cadi/cm/Factory.java deleted file mode 100644 index 20b77d3..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/Factory.java +++ /dev/null @@ -1,446 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.Reader; -import java.io.StringReader; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Collection; -import java.util.List; - -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; - -import com.att.cadi.Symm; -import com.att.inno.env.Env; -import com.att.inno.env.TimeTaken; -import com.att.inno.env.Trans; - -public class Factory { - public static final String KEY_ALGO = "RSA"; - private static final String PRIVATE_KEY_HEADER = KEY_ALGO + " PRIVATE KEY"; - public static final String SIG_ALGO = "SHA256withRSA"; - - public static final int KEY_LENGTH = 2048; - private static final KeyPairGenerator keygen; - private static final KeyFactory keyFactory; - private static final CertificateFactory certificateFactory; - private static final SecureRandom random; - - - private static final Symm base64 = Symm.base64.copy(64); - - static { - random = new SecureRandom(); - KeyPairGenerator tempKeygen; - try { - tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC"); - tempKeygen.initialize(KEY_LENGTH, random); - } catch (NoSuchAlgorithmException e) { - tempKeygen = null; - e.printStackTrace(System.err); - } - keygen = tempKeygen; - - KeyFactory tempKeyFactory; - try { - tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC" - } catch (NoSuchAlgorithmException e) { - tempKeyFactory = null; - e.printStackTrace(System.err); - }; - keyFactory = tempKeyFactory; - - CertificateFactory tempCertificateFactory; - try { - tempCertificateFactory = CertificateFactory.getInstance("X.509"); - } catch (CertificateException e) { - tempCertificateFactory = null; - e.printStackTrace(System.err); - } - certificateFactory = tempCertificateFactory; - - - } - - - public static KeyPair generateKeyPair(Trans trans) { - TimeTaken tt; - if(trans!=null) { - tt = trans.start("Generate KeyPair", Env.SUB); - } else { - tt = null; - } - try { - return keygen.generateKeyPair(); - } finally { - if(tt!=null) { - tt.done(); - } - } - } - - private static final String LINE_END = "-----\n"; - - protected static String textBuilder(String kind, byte[] bytes) throws IOException { - StringBuilder sb = new StringBuilder(); - sb.append("-----BEGIN "); - sb.append(kind); - sb.append(LINE_END); - - ByteArrayInputStream bais = new ByteArrayInputStream(bytes); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - base64.encode(bais, baos); - sb.append(new String(baos.toByteArray())); - - if(sb.charAt(sb.length()-1)!='\n') { - sb.append('\n'); - } - sb.append("-----END "); - sb.append(kind); - sb.append(LINE_END); - return sb.toString(); - } - - public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException { - byte[] bytes = decode(new StringReader(pk)); - return toPrivateKey(trans, bytes); - } - - public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException { - TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB); - try { - return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes)); - } catch (InvalidKeySpecException e) { - throw new CertException("Translating Private Key from PKCS8 KeySpec",e); - } finally { - tt.done(); - } - } - - public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException { - TimeTaken tt = trans.start("Decode Private Key File", Env.SUB); - try { - return toPrivateKey(trans,decode(file)); - }finally { - tt.done(); - } - } - - - public static String toString(Trans trans, PrivateKey pk) throws IOException { - trans.debug().log("Private Key to String"); - return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded()); - } - - public static PublicKey toPublicKey(Trans trans, String pk) throws IOException { - TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB); - try { - ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes()); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - Symm.base64noSplit.decode(bais, baos); - - return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray())); - } catch (InvalidKeySpecException e) { - trans.error().log(e,"Translating Public Key from X509 KeySpec"); - return null; - } finally { - tt.done(); - } - } - - public static String toString(Trans trans, PublicKey pk) throws IOException { - trans.debug().log("Public Key to String"); - return textBuilder("PUBLIC KEY",pk.getEncoded()); - } - - public static Collection toX509Certificate(Trans trans, String x509) throws CertificateException { - return toX509Certificate(trans, x509.getBytes()); - } - - public static Collection toX509Certificate(Trans trans, List x509s) throws CertificateException { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - try { - for(String x509 : x509s) { - baos.write(x509.getBytes()); - } - } catch (IOException e) { - throw new CertificateException(e); - } - return toX509Certificate(trans, new ByteArrayInputStream(baos.toByteArray())); - } - - public static Collection toX509Certificate(Trans trans, byte[] x509) throws CertificateException { - return certificateFactory.generateCertificates(new ByteArrayInputStream(x509)); - } - - public static Collection toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException { - FileInputStream fis = new FileInputStream(file); - try { - return toX509Certificate(trans,fis); - } finally { - try { - fis.close(); - } catch (IOException e) { - throw new CertificateException(e); - } - } - } - - public static Collection toX509Certificate(Trans trans, InputStream is) throws CertificateException { - TimeTaken tt=trans.start("Reconstitute Certificates", Env.SUB); - try { - return certificateFactory.generateCertificates(is); - } finally { - tt.done(); - } - } - - - - public static String toString(Trans trans, Certificate cert) throws IOException, CertException { - if(trans.debug().isLoggable()) { - StringBuilder sb = new StringBuilder("Certificate to String"); - if(cert instanceof X509Certificate) { - sb.append(" - "); - sb.append(((X509Certificate)cert).getSubjectDN()); - } - trans.debug().log(sb); - } - try { - if(cert==null) { - throw new CertException("Certificate not built"); - } - return textBuilder("CERTIFICATE",cert.getEncoded()); - } catch (CertificateEncodingException e) { - throw new CertException(e); - } - } - - public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException { - return Cipher.getInstance(KEY_ALGO); - } - - public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - Cipher cipher = Cipher.getInstance(KEY_ALGO); - cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key); - return cipher; - } - - public static byte[] strip(Reader rdr) throws IOException { - BufferedReader br = new BufferedReader(rdr); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - String line; - while((line=br.readLine())!=null) { - if(line.length()>0 && - !line.startsWith("-----") && - line.indexOf(':')<0) { // Header elements - baos.write(line.getBytes()); - } - } - return baos.toByteArray(); - } - - public static class StripperInputStream extends InputStream { - private Reader created; - private BufferedReader br; - private int idx; - private String line; - - public StripperInputStream(Reader rdr) { - if(rdr instanceof BufferedReader) { - br = (BufferedReader)rdr; - } else { - br = new BufferedReader(rdr); - } - created = null; - } - - public StripperInputStream(File file) throws FileNotFoundException { - this(new FileReader(file)); - created = br; - } - - public StripperInputStream(InputStream is) throws FileNotFoundException { - this(new InputStreamReader(is)); - created = br; - } - - @Override - public int read() throws IOException { - if(line==null || idx>=line.length()) { - while((line=br.readLine())!=null) { - if(line.length()>0 && - !line.startsWith("-----") && - line.indexOf(':')<0) { // Header elements - break; - } - } - - if(line==null) { - return -1; - } - idx = 0; - } - return line.charAt(idx++); - } - - /* (non-Javadoc) - * @see java.io.InputStream#close() - */ - @Override - public void close() throws IOException { - if(created!=null) { - created.close(); - } - } - } - - public static class Base64InputStream extends InputStream { - private InputStream created; - private InputStream is; - private byte trio[]; - private byte duo[]; - private int idx; - - - public Base64InputStream(File file) throws FileNotFoundException { - this(new FileInputStream(file)); - created = is; - } - - public Base64InputStream(InputStream is) throws FileNotFoundException { - this.is = is; - trio = new byte[3]; - idx = 4; - } - - @Override - public int read() throws IOException { - if(duo==null || idx>=duo.length) { - int read = is.read(trio); - if(read==-1) { - return -1; - } - duo = Symm.base64.decode(trio); - if(duo==null || duo.length==0) { - return -1; - } - idx=0; - } - - return duo[idx++]; - } - - /* (non-Javadoc) - * @see java.io.InputStream#close() - */ - @Override - public void close() throws IOException { - if(created!=null) { - created.close(); - } - } - } - - public static byte[] decode(byte[] bytes) throws IOException { - ByteArrayInputStream bais = new ByteArrayInputStream(bytes); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - Symm.base64.decode(bais, baos); - return baos.toByteArray(); - } - - public static byte[] decode(File f) throws IOException { - FileReader fr = new FileReader(f); - try { - return Factory.decode(fr); - } finally { - fr.close(); - } - - } - public static byte[] decode(Reader rdr) throws IOException { - return decode(strip(rdr)); - } - - - public static byte[] binary(File file) throws IOException { - DataInputStream dis = new DataInputStream(new FileInputStream(file)); - try { - byte[] bytes = new byte[(int)file.length()]; - dis.readFully(bytes); - return bytes; - } finally { - dis.close(); - } - } - - - public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { - TimeTaken tt = trans.start("Sign Data", Env.SUB); - try { - Signature sig = Signature.getInstance(SIG_ALGO); - sig.initSign(pk, random); - sig.update(bytes); - return sig.sign(); - } finally { - tt.done(); - } - } - - // TODO IMPLEMENT! - public static void getSignature(byte[] signed) { - // TODO Auto-generated method stub - - } - -} diff --git a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifact.java b/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifact.java deleted file mode 100644 index 60434c3..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifact.java +++ /dev/null @@ -1,33 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import certman.v1_0.Artifacts.Artifact; -import certman.v1_0.CertInfo; - -import com.att.cadi.CadiException; -import com.att.inno.env.Trans; - -public interface PlaceArtifact { - public boolean place(Trans trans, CertInfo cert, Artifact arti) throws CadiException; -} diff --git a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInFiles.java b/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInFiles.java deleted file mode 100644 index c9145ec..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInFiles.java +++ /dev/null @@ -1,53 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import java.io.File; - -import certman.v1_0.Artifacts.Artifact; -import certman.v1_0.CertInfo; - -import com.att.cadi.CadiException; -import com.att.cadi.util.Chmod; -import com.att.inno.env.Trans; - -public class PlaceArtifactInFiles extends ArtifactDir { - @Override - public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { - try { - // Setup Public Cert - File f = new File(dir,arti.getAppName()+".crt"); - write(f,Chmod.to644,certInfo.getCerts().get(0),C_R); - - // Setup Private Key - f = new File(dir,arti.getAppName()+".key"); - write(f,Chmod.to400,certInfo.getPrivatekey(),C_R); - - } catch (Exception e) { - throw new CadiException(e); - } - return true; - } -} - - diff --git a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInKeystore.java b/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInKeystore.java deleted file mode 100644 index c1c8c89..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactInKeystore.java +++ /dev/null @@ -1,149 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import java.io.File; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.Collection; - -import com.att.cadi.CadiException; -import com.att.cadi.Symm; -import com.att.cadi.config.Config; -import com.att.cadi.util.Chmod; -import com.att.inno.env.Trans; - -import certman.v1_0.Artifacts.Artifact; -import certman.v1_0.CertInfo; - -public class PlaceArtifactInKeystore extends ArtifactDir { - private String kst; - //TODO get ROOT DNs or Trusted DNs from Certificate Manager. - private static String[] rootDNs = new String[]{ - "CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", - "CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US" - }; - - public PlaceArtifactInKeystore(String kst) { - this.kst = kst; - } - - @Override - public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { - File fks = new File(dir,arti.getAppName()+'.'+kst); - try { - KeyStore jks = KeyStore.getInstance(kst); - if(fks.exists()) { - fks.delete(); - } - - // Get the Cert(s)... Might include Trust store - Collection certColl = Factory.toX509Certificate(trans, certInfo.getCerts()); - Certificate[] certs = new Certificate[certColl.size()]; - certColl.toArray(certs); - - boolean first = true; - StringBuilder issuers = new StringBuilder(); - for(Certificate c : certs) { - if(c instanceof X509Certificate) { - X509Certificate xc = (X509Certificate)c; - String issuer = xc.getIssuerDN().toString(); - for(String root : rootDNs) { - if(root.equals(issuer)) { - if(first) { - first=false; - } else { - issuers.append(":"); - } - if(xc.getSubjectDN().toString().contains("Issuing CA")) { - issuers.append(xc.getSubjectDN()); - } - } - } - } - } - addProperty(Config.CADI_X509_ISSUERS,issuers.toString()); - - // Add CADI Keyfile Entry to Properties - addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile"); - // Set Keystore Password - addProperty(Config.CADI_KEYSTORE,fks.getCanonicalPath()); - String keystorePass = Symm.randomGen(CmAgent.PASS_SIZE); - addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass); - char[] keystorePassArray = keystorePass.toCharArray(); - jks.load(null,keystorePassArray); // load in - - // Add Private Key/Cert Entry for App - // Note: Java SSL security classes, while having a separate key from keystore, - // is documented to not actually work. - // java.security.UnrecoverableKeyException: Cannot recover key - // You can create a custom Key Manager to make it work, but Practicality - // dictates that you live with the default, meaning, they are the same - String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE); - PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey()); - addEncProperty(Config.CADI_KEY_PASSWORD, keyPass); - addProperty(Config.CADI_ALIAS, arti.getMechid()); -// Set attribs = new HashSet(); -// if(kst.equals("pkcs12")) { -// // Friendly Name -// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getAppName())); -// } -// - KeyStore.ProtectionParameter protParam = - new KeyStore.PasswordProtection(keyPass.toCharArray()); - - KeyStore.PrivateKeyEntry pkEntry = - new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]}); - jks.setEntry(arti.getMechid(), - pkEntry, protParam); - - // Write out - write(fks,Chmod.to400,jks,keystorePassArray); - - // Change out to TrustStore - fks = new File(dir,arti.getAppName()+".trust."+kst); - jks = KeyStore.getInstance(kst); - - // Set Truststore Password - addProperty(Config.CADI_TRUSTSTORE,fks.getCanonicalPath()); - String trustStorePass = Symm.randomGen(CmAgent.PASS_SIZE); - addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass); - char[] truststorePassArray = trustStorePass.toCharArray(); - jks.load(null,truststorePassArray); // load in - - // Add Trusted Certificates - for(int i=1; i0) { - trans.info().printf("Warning: %s\n",capi.getNotes()); - } - out.printf("Challenge: %s\n",capi.getChallenge()); - out.printf("PrivateKey:\n%s\n",capi.getPrivatekey()); - out.println("Certificate Chain:"); - for(String c : capi.getCerts()) { - out.println(c); - } - return true; - } -} diff --git a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactScripts.java b/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactScripts.java deleted file mode 100644 index f09e0bf..0000000 --- a/aaf/src/src/main/java/com/att/cadi/cm/PlaceArtifactScripts.java +++ /dev/null @@ -1,123 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.cm; - -import java.io.File; - -import com.att.cadi.CadiException; -import com.att.cadi.util.Chmod; -import com.att.inno.env.Trans; -import com.att.inno.env.util.Chrono; - -import certman.v1_0.Artifacts.Artifact; -import certman.v1_0.CertInfo; - -public class PlaceArtifactScripts extends ArtifactDir { - @Override - public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { - try { - // Setup check.sh script - String filename = arti.getAppName()+".check.sh"; - File f1 = new File(dir,filename); - String email = arti.getNotification() + '\n'; - if(email.startsWith("mailto:")) { - email=email.substring(7); - } else { - email=arti.getOsUser() + '\n'; - } - write(f1,Chmod.to644, - "#!/bin/bash " + f1.getCanonicalPath()+'\n', - "# Certificate Manager Check Script\n", - "# Check on Certificate, and renew if needed.\n", - "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n', - "DIR="+arti.getDir()+'\n', - "APP="+arti.getAppName()+'\n', - "EMAIL="+email, - checkScript - ); - - // Setup check.sh script - File f2 = new File(dir,arti.getAppName()+".crontab.sh"); - write(f2,Chmod.to644, - "#!/bin/bash " + f1.getCanonicalPath()+'\n', - "# Certificate Manager Crontab Loading Script\n", - "# Add/Update a Crontab entry, that adds a check on Certificate Manager generated Certificate nightly.\n", - "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n', - "TFILE=\"/tmp/cmcron$$.temp\"\n", - "DIR=\""+arti.getDir()+"\"\n", - "CF=\""+arti.getAppName()+" Certificate Check Script\"\n", - "SCRIPT=\""+f1.getCanonicalPath()+"\"\n", - cronScript - ); - - } catch (Exception e) { - throw new CadiException(e); - } - return true; - } - - private final static String checkScript = - "> $DIR/$APP.msg\n\n" + - "function mailit {\n" + - " printf \"$*\" | /bin/mail -s \"AAF Certman Notification for `uname -n`\" $EMAIL\n"+ - "}\n\n" + - System.getProperty("java.home") + "/bin/" +"java -jar " + - System.getProperty("java.class.path") + - " cadi_prop_files=$DIR/$APP.props check 2> $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" + - "case \"$?\" in\n" + - " 0)\n" + - " # Note: Validation will be mailed only the first day after any modification\n" + - " if [ \"`find $DIR -mtime 0 -name $APP.check.sh`\" != \"\" ] ; then\n" + - " mailit `echo \"Certficate Validated:\\n\\n\" | cat - $DIR/$APP.msg`\n" + - " else\n" + - " cat $DIR/$APP.msg\n" + - " fi\n" + - " ;;\n" + - " 1) mailit \"Error with Certificate Check:\\\\n\\\\nCheck logs $DIR/$APP.STDOUT and $DIR/$APP.STDERR on `uname -n`\"\n" + - " ;;\n" + - " 2) mailit `echo \"Certificate Check Error\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" + - " ;;\n" + - " 10) mailit `echo \"Certificate Replaced\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" + - " if [ -e $DIR/$APP.restart.sh ]; then\n" + - " # Note: it is THIS SCRIPT'S RESPONSIBILITY to notify upon success or failure as necessary!!\n" + - " /bin/sh $DIR/$APP.restart.sh\n" + - " fi\n" + - " ;;\n" + - " *) mailit `echo \"Unknown Error code for CM Agent\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" + - " ;;\n" + - " esac\n\n" + - " # Note: make sure to cover this sripts' exit Code\n"; - - private final static String cronScript = - "crontab -l | sed -n \"/#### BEGIN $CF/,/END $CF ####/!p\" > $TFILE\n" + - "# Note: Randomize Minutes (0-60) and hours (1-4)\n" + - "echo \"#### BEGIN $CF ####\" >> $TFILE\n" + - "echo \"$(( $RANDOM % 60)) $(( $(( $RANDOM % 3 )) + 1 )) * * * /bin/bash $SCRIPT " + - ">> $DIR/cronlog 2>&1 \" >> $TFILE\n" + - "echo \"#### END $CF ####\" >> $TFILE\n" + - "crontab $TFILE\n" + - "rm $TFILE\n"; -} - - - diff --git a/aaf/src/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java b/aaf/src/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java deleted file mode 100644 index 7afb25e..0000000 --- a/aaf/src/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java +++ /dev/null @@ -1,116 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.lur.aaf.test; - -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.PrintStream; - -import com.att.cadi.Access; -import com.att.cadi.Symm; -import com.att.cadi.config.Config; - -public class TestAccess implements Access { - private Symm symm; - private PrintStream out; - - public TestAccess(PrintStream out) { - this.out = out; - InputStream is = ClassLoader.getSystemResourceAsStream("cadi.properties"); - try { - System.getProperties().load(is); - } catch (IOException e) { - e.printStackTrace(out); - } finally { - try { - is.close(); - } catch (IOException e) { - e.printStackTrace(out); - } - } - - String keyfile = System.getProperty(Config.CADI_KEYFILE); - if(keyfile==null) { - System.err.println("No " + Config.CADI_KEYFILE + " in Classpath"); - } else { - try { - is = new FileInputStream(keyfile); - try { - symm = Symm.obtain(is); - } finally { - is.close(); - } - } catch (IOException e) { - e.printStackTrace(out); - } - } - - - - } - - public void log(Level level, Object... elements) { - boolean first = true; - for(int i=0;i