From 7e836e1ff7e918961e9003c5dc8126cf84d24da2 Mon Sep 17 00:00:00 2001 From: xg353y Date: Wed, 6 Jun 2018 15:50:33 +0200 Subject: Integrate AAF Update aaf dependency version; fix a bug in UI; remove logout page; update default certificates Issue-ID: CLAMP-103 Change-Id: I3bdd45730f616165d7a484033c5102241f872c1d Signed-off-by: xg353y --- src/main/resources/clds/aaf/org.onap.clamp.p12 | Bin 0 -> 3982 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/main/resources/clds/aaf/org.onap.clamp.p12 (limited to 'src/main/resources/clds/aaf/org.onap.clamp.p12') diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 new file mode 100644 index 000000000..5cd75944f Binary files /dev/null and b/src/main/resources/clds/aaf/org.onap.clamp.p12 differ -- cgit 1.2.3-korg From 76c74f505d71c5bcd97dfb3b3560e69f37a7a83f Mon Sep 17 00:00:00 2001 From: ChrisC Date: Tue, 26 Mar 2019 14:28:39 +0100 Subject: Update SSL certificate for Dublin Updated keystore for use with Dublin release Expiry is March 26th 2020 Issue-ID: CLAMP-337 Change-Id: Ifd044b02a94bd93fa2320281638c4b3e7daa1d9c Signed-off-by: ChrisC --- README.md | 350 ++++++++++----------- docs/index.rst | 10 +- src/main/resources/application.properties | 6 +- src/main/resources/clds/aaf/org.onap.clamp.keyfile | 54 ++-- src/main/resources/clds/aaf/org.onap.clamp.p12 | Bin 3982 -> 4107 bytes src/main/resources/clds/aaf/truststoreONAPall.jks | Bin 114865 -> 117990 bytes 6 files changed, 210 insertions(+), 210 deletions(-) (limited to 'src/main/resources/clds/aaf/org.onap.clamp.p12') diff --git a/README.md b/README.md index e5b6090f2..318d2c876 100644 --- a/README.md +++ b/README.md @@ -1,176 +1,176 @@ -# Summary - -CLAMP is a platform for designing and managing control loops. It is used to design a closed loop, configure it with specific parameters for a particular network service, then deploying and undeploying it. Once deployed, the user can also update the loop with new parameters during runtime, as well as suspending and restarting it. - -It interacts with other systems to deploy and execute the closed loop. For example, it pushes the control loop design to the SDC catalog, associating it with the VF resource. It requests from DCAE the instantiation of microservices to manage the closed loop flow. Further, it creates and updates multiple policies in the Policy Engine that define the closed loop flow. - -The ONAP CLAMP platform abstracts the details of these systems under the concept of a control loop model. The design of a control loop and its management is represented by a workflow in which all relevant system interactions take place. This is essential for a self-service model of creating and managing control loops, where no low-level user interaction with other components is required. - -At a higher level, CLAMP is about supporting and managing the broad operational life cycle of VNFs/VMs and ultimately ONAP components itself. It will offer the ability to design, test, deploy and update control loop automation - both closed and open. Automating these functions would represent a significant saving on operational costs compared to traditional methods. - -# Developer Contact -Owner: ONAP CLAMP Dev team -Mailing List : onap-discuss@lists.onap.org -Add the following prefix to Subject on the mailing list : [CLAMP] -See here to subscribe : https://wiki.onap.org/display/DW/Mailing+Lists - -# Wiki -https://wiki.onap.org/display/DW/CLAMP+Project - -# Build -Jenkins Job: ${jenkins-joblink} - -CLAMP UI: ${cockpit-link} - -Logs: ${elk-link} - -# Docker image - -## Building -You can use the following command to build the clamp docker image: -``` -mvn clean install -P docker -``` - -## Deployment -Currently, the clamp docker image can be deployed with small configuration needs. Though, you might need to make small adjustments to the configuration. As clamp is spring based, you can use the SPRING_APPLICATION_JSON environment variable to update its parameters. - -### Databases -There are two needed datasource for Clamp. By default, both will try to connect to the localhost server using the credentials available in the example SQL files. If you need to change the default database host and/or credentials, you can do it by using the following json as SPRING_APPLICATION_JSON environment variable : -Note that all others configurations can be configured in the JSON as well, - -```json -{ - "spring.datasource.cldsdb.url": "jdbc:mysql://anotherDB.onap.org:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "spring.datasource.cldsdb.username": "admin", - "spring.datasource.cldsdb.password": "password" - - "clamp.config.dcae.inventory.url": "http://dcaegen2.host:8080", - "clamp.config.dcae.dispatcher.url": "http://dcaegen2.host:8080", - "clamp.config.policy.pdpUrl1": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123", - "clamp.config.policy.pdpUrl2": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123", - "clamp.config.policy.papUrl": "https://policy-pap.host:8443/pap/ , testpap, alpha123", - "clamp.config.policy.clientKey": "5CE79532B3A2CB4D132FC0C04BF916A7" - "clamp.config.files.sdcController":"file:/opt/clamp/config/sdc-controllers-config.json" -} -``` -### SDC-Controllers config - -This file is a JSON that must be specified to Spring config, here is an example: - -```json -{ - "sdc-connections":{ - "sdc-controller1":{ - "user": "clamp", - "consumerGroup": "consumerGroup1", - "consumerId": "consumerId1", - "environmentName": "AUTO", - "sdcAddress": "localhost:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", - "pollingInterval":30, - "pollingTimeout":30, - "activateServerTLSAuth":"false", - "keyStorePassword":"", - "keyStorePath":"", - "messageBusAddresses":["dmaaphost.com"] - }, - "sdc-controller2":{ - "user": "clamp", - "consumerGroup": "consumerGroup1", - "consumerId": "consumerId1", - "environmentName": "AUTO", - "sdcAddress": "localhost:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", - "pollingInterval":30, - "pollingTimeout":30, - "activateServerTLSAuth":"false", - "keyStorePassword":"", - "keyStorePath":"", - "messageBusAddresses":["dmaaphost.com"] - } - } -} -``` -Multiple controllers can be configured so that Clamp is able to receive the notifications from different SDC servers. -Each Clamp existing in a cluster should have different consumerGroup and consumerId so that they can each consume the SDC notification. -The environmentName is normally the Dmaap Topic used by SDC. -If the sdcAddress is not specified or not available (connection failure) the messageBusAddresses will be used (Dmaap servers) - -### Docker-compose - -A [docker-compose example file](extra/docker/clamp/docker-compose.yml) can be found under the [extra/docker/clamp/ folder](extra/docker/). - -Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a prepopullated database and a clamp instance available on [http://localhost:8080/designer/index.html](http://localhost:8080/designer/index.html). - - -### Logs - -Clamp uses logback framework to generate logs. The logback.xml file cand be found under the [src/main/resources/ folder](src/main/resources). - -With the default log settings, all logs will be generated into console and into root.log file under the Clamp root folder. The root.log file is not allowed to be appended, thus restarting the clamp will result in cleaning of the old log files. - -### Api - -You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json` - - -## Clamp Credentials - -There are two mechanisms that can enabled for the authentication, one or the other never both at the same time. -They can be enabled in the application.properties. - -1. AAF CA -There is a section for SSL enablement and cadi configuration (for AAF) + one spring profile to enable - -server.port=8443 -server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 -server.ssl.key-store-password=China in the Spring -server.ssl.key-password=China in the Spring -server.ssl.key-store-type=PKCS12 -server.ssl.key-alias=clamp@clamp.onap.org -server.ssl.client-auth=want -server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks -server.ssl.trust-store-password=changeit - -server.http-to-https-redirection.port=8080 -.... -spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller -.... -clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile -clamp.config.cadi.cadiLoglevel=DEBUG -clamp.config.cadi.cadiLatitude=37.78187 -clamp.config.cadi.cadiLongitude=-122.26147 -clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095 -clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs -clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf -clamp.config.cadi.aafEnv=DEV -clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0 -clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US - -In that case a certificate must be added in the browser and is required to login properly -Please check that section to get the certificate -https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca#ControlLoopFlowsandModelsforCasablanca-Configure - -Or it can be found in the Clamp source code folder src/main/resources/clds/aaf -(Default Password: "China in the Spring") - -2. Spring authentication -It's possible to enable the spring authentication by disabling the "clamp-aaf-authentication" profile and enabling only the "clamp-default-user" -spring.profiles.active=clamp-default,clamp-default-user,clamp-sdc-controller -In that case, the credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`. - -Passwords should be hashed using Bcrypt : -``` -# pip3 install bcrypt # if you don't have the bcrypt python lib installed, should be done once. -# python3 -c 'import bcrypt; print(bcrypt.hashpw("password".encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))' -``` - -Default credentials are admin/password and cs0008/password. - -There is a spring file that disables the AAF and enable the Spring authentication by default. -To use it just add - ---spring.config.name=application-noaaf - +# Summary + +CLAMP is a platform for designing and managing control loops. It is used to design a closed loop, configure it with specific parameters for a particular network service, then deploying and undeploying it. Once deployed, the user can also update the loop with new parameters during runtime, as well as suspending and restarting it. + +It interacts with other systems to deploy and execute the closed loop. For example, it pushes the control loop design to the SDC catalog, associating it with the VF resource. It requests from DCAE the instantiation of microservices to manage the closed loop flow. Further, it creates and updates multiple policies in the Policy Engine that define the closed loop flow. + +The ONAP CLAMP platform abstracts the details of these systems under the concept of a control loop model. The design of a control loop and its management is represented by a workflow in which all relevant system interactions take place. This is essential for a self-service model of creating and managing control loops, where no low-level user interaction with other components is required. + +At a higher level, CLAMP is about supporting and managing the broad operational life cycle of VNFs/VMs and ultimately ONAP components itself. It will offer the ability to design, test, deploy and update control loop automation - both closed and open. Automating these functions would represent a significant saving on operational costs compared to traditional methods. + +# Developer Contact +Owner: ONAP CLAMP Dev team +Mailing List : onap-discuss@lists.onap.org +Add the following prefix to Subject on the mailing list : [CLAMP] +See here to subscribe : https://wiki.onap.org/display/DW/Mailing+Lists + +# Wiki +https://wiki.onap.org/display/DW/CLAMP+Project + +# Build +Jenkins Job: ${jenkins-joblink} + +CLAMP UI: ${cockpit-link} + +Logs: ${elk-link} + +# Docker image + +## Building +You can use the following command to build the clamp docker image: +``` +mvn clean install -P docker +``` + +## Deployment +Currently, the clamp docker image can be deployed with small configuration needs. Though, you might need to make small adjustments to the configuration. As clamp is spring based, you can use the SPRING_APPLICATION_JSON environment variable to update its parameters. + +### Databases +There are two needed datasource for Clamp. By default, both will try to connect to the localhost server using the credentials available in the example SQL files. If you need to change the default database host and/or credentials, you can do it by using the following json as SPRING_APPLICATION_JSON environment variable : +Note that all others configurations can be configured in the JSON as well, + +```json +{ + "spring.datasource.cldsdb.url": "jdbc:mysql://anotherDB.onap.org:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", + "spring.datasource.cldsdb.username": "admin", + "spring.datasource.cldsdb.password": "password" + + "clamp.config.dcae.inventory.url": "http://dcaegen2.host:8080", + "clamp.config.dcae.dispatcher.url": "http://dcaegen2.host:8080", + "clamp.config.policy.pdpUrl1": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123", + "clamp.config.policy.pdpUrl2": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123", + "clamp.config.policy.papUrl": "https://policy-pap.host:8443/pap/ , testpap, alpha123", + "clamp.config.policy.clientKey": "5CE79532B3A2CB4D132FC0C04BF916A7" + "clamp.config.files.sdcController":"file:/opt/clamp/config/sdc-controllers-config.json" +} +``` +### SDC-Controllers config + +This file is a JSON that must be specified to Spring config, here is an example: + +```json +{ + "sdc-connections":{ + "sdc-controller1":{ + "user": "clamp", + "consumerGroup": "consumerGroup1", + "consumerId": "consumerId1", + "environmentName": "AUTO", + "sdcAddress": "localhost:8443", + "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "pollingInterval":30, + "pollingTimeout":30, + "activateServerTLSAuth":"false", + "keyStorePassword":"", + "keyStorePath":"", + "messageBusAddresses":["dmaaphost.com"] + }, + "sdc-controller2":{ + "user": "clamp", + "consumerGroup": "consumerGroup1", + "consumerId": "consumerId1", + "environmentName": "AUTO", + "sdcAddress": "localhost:8443", + "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "pollingInterval":30, + "pollingTimeout":30, + "activateServerTLSAuth":"false", + "keyStorePassword":"", + "keyStorePath":"", + "messageBusAddresses":["dmaaphost.com"] + } + } +} +``` +Multiple controllers can be configured so that Clamp is able to receive the notifications from different SDC servers. +Each Clamp existing in a cluster should have different consumerGroup and consumerId so that they can each consume the SDC notification. +The environmentName is normally the Dmaap Topic used by SDC. +If the sdcAddress is not specified or not available (connection failure) the messageBusAddresses will be used (Dmaap servers) + +### Docker-compose + +A [docker-compose example file](extra/docker/clamp/docker-compose.yml) can be found under the [extra/docker/clamp/ folder](extra/docker/). + +Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a prepopullated database and a clamp instance available on [http://localhost:8080/designer/index.html](http://localhost:8080/designer/index.html). + + +### Logs + +Clamp uses logback framework to generate logs. The logback.xml file cand be found under the [src/main/resources/ folder](src/main/resources). + +With the default log settings, all logs will be generated into console and into root.log file under the Clamp root folder. The root.log file is not allowed to be appended, thus restarting the clamp will result in cleaning of the old log files. + +### Api + +You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json` + + +## Clamp Credentials + +There are two mechanisms that can enabled for the authentication, one or the other never both at the same time. +They can be enabled in the application.properties. + +1. AAF CA +There is a section for SSL enablement and cadi configuration (for AAF) + one spring profile to enable + +server.port=8443 +server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 +server.ssl.key-store-password=34xqGdj]VnHothQ]5qCykV3X +server.ssl.key-password=34xqGdj]VnHothQ]5qCykV3X +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias=clamp@clamp.onap.org +server.ssl.client-auth=want +server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks +server.ssl.trust-store-password=changeit + +server.http-to-https-redirection.port=8080 +.... +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller +.... +clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile +clamp.config.cadi.cadiLoglevel=DEBUG +clamp.config.cadi.cadiLatitude=37.78187 +clamp.config.cadi.cadiLongitude=-122.26147 +clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095 +clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs +clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf +clamp.config.cadi.aafEnv=DEV +clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0 +clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US + +In that case a certificate must be added in the browser and is required to login properly +Please check that section to get the certificate +https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca#ControlLoopFlowsandModelsforCasablanca-Configure + +Or it can be found in the Clamp source code folder src/main/resources/clds/aaf +(Default Password: "34xqGdj]VnHothQ]5qCykV3X") + +2. Spring authentication +It's possible to enable the spring authentication by disabling the "clamp-aaf-authentication" profile and enabling only the "clamp-default-user" +spring.profiles.active=clamp-default,clamp-default-user,clamp-sdc-controller +In that case, the credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`. + +Passwords should be hashed using Bcrypt : +``` +# pip3 install bcrypt # if you don't have the bcrypt python lib installed, should be done once. +# python3 -c 'import bcrypt; print(bcrypt.hashpw("password".encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))' +``` + +Default credentials are admin/password and cs0008/password. + +There is a spring file that disables the AAF and enable the Spring authentication by default. +To use it just add + +--spring.config.name=application-noaaf + to the jvm parameters. This file is available by default in the java classpath resource folder. \ No newline at end of file diff --git a/docs/index.rst b/docs/index.rst index 03859a994..c3c6ee402 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,6 +1,6 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +.. Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. CLAMP - Closed Loop Automation Management Platform ================================================== @@ -168,8 +168,8 @@ This file is a JSON that must be specified to Spring config, here is an example: Multiple controllers can be configured so that Clamp is able to receive the notifications from different SDC servers. Each Clamp existing in a cluster should have different consumerGroup and consumerId so that they can each consume the SDC notification. -The environmentName is normally the Dmaap Topic used by SDC. -If the sdcAddress is not specified or not available (connection failure) the messageBusAddresses will be used (Dmaap servers) +The environmentName is normally the Dmaap Topic used by SDC. +If the sdcAddress is not specified or not available (connection failure) the messageBusAddresses will be used (Dmaap servers) Administration -------------- @@ -184,7 +184,7 @@ For OOM, the URL is https://:30258/designer/index.html Default password : password - With AAF enabled, the certificate p12 must be added to the browser - ca path: src/main/resources/clds/aaf/org.onap.clamp.p12, password "China in the Spring" + ca path: src/main/resources/clds/aaf/org.onap.clamp.p12, password "34xqGdj]VnHothQ]5qCykV3X" Or get it from this page : https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca Human Interfaces @@ -193,7 +193,7 @@ Human Interfaces User Interface (CLAMP Designer) - serve to configure control loop CLAMP UI is used to configure the Control Loop designed and distributed by SDC. From that UI it's possible to distribute the configuration policies and control the life-cycle of the DCAE Micro Services. - + The following actions are done using the UI: * Design a control loop flow by selecting a predefined template from a list diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 91c02ef74..d6f21d3f4 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -2,7 +2,7 @@ # ============LICENSE_START======================================================= # ONAP CLAMP # ================================================================================ -# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights # reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -58,8 +58,8 @@ server.port=8443 ## Config part for Server certificates # Can be a classpath parameter instead of file:/ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 -server.ssl.key-store-password=China in the Spring -server.ssl.key-password=China in the Spring +server.ssl.key-store-password=34xqGdj]VnHothQ]5qCykV3X +server.ssl.key-password=34xqGdj]VnHothQ]5qCykV3X server.ssl.key-store-type=PKCS12 server.ssl.key-alias=clamp@clamp.onap.org diff --git a/src/main/resources/clds/aaf/org.onap.clamp.keyfile b/src/main/resources/clds/aaf/org.onap.clamp.keyfile index 45cdcb602..4908ca7e6 100644 --- a/src/main/resources/clds/aaf/org.onap.clamp.keyfile +++ b/src/main/resources/clds/aaf/org.onap.clamp.keyfile @@ -1,27 +1,27 @@ -HTQLJHUg5Du0VM7wHY5cBMTgupk6ujhSoAgx5BTHp9wt9CoWvD72ScIciyldEH9R2QZIL9ZvpVo0 -h2o-hSQueaVjPcIFUhVIl4HWmNC6I2YAlNkwy3VMl1g9otKaOTgo3ChsFUVq7ACIrcr2977wo4B_ -FeHa0lInuaLoEjHMP1fszTWYBBx9oY3K9s-9MQQyCo6bFV-4L733sPeE60j20FWoygUwvIqxp3Pc -Bmnm1AtcrhGH0elqDg9qNjmnmC3gxZaGpGiclaEds_lVu57RIXwtTHgYyMbJzfP-Ziq3T7i8d-h3 -JZThj1l9JvDLYm2z0BEXuQ3Owvn4m98cWB9P5esJOKYEvsfIGK_Fd6uT04fzkeDT1wNV4-Swuorr -ymZQxnvHbUAp91NJEa3EtWTuBxNeoqV0cw97WkAYn95pgjH4ZVhBdczclS-EStFJyYOHtTRAs1A_ -8i36GiuUPHn3KolkRF2GvtZfwNj5AYfcUKhqULJ-T_is2KKYnGwQ2iaItX2852o4zlzkMXFMkt5C -qbsDmrU7F5zxn4HG6yShW5sIXgAcS9cyIs8IFgHtkYauDJlKZWynhzqibh3-bzPyfFmreTHxQ-Av -Lgp5sAtf1B9_1feVyE78bmQ3IMtxE-YkV8RYPDJzKw0nIdjce7j89azNq_as5JMfCCHSlYcKRs8O -Nrh8gXYun28iUL_kwEUWK0WohPgwQBb46_Hkc6a0aSYbuFA_7qgprPB9wmAlHtuqnCAb2vk8GT-h -07DB6yPGgzE-OgXUzLIWHXVzPO6SjOg3ifYpCRigOsNqkV1paBBOzje7dn2RnpgaRJS3zupTMnqF -g5N9qCgubxRlII626-Dc_i5X1OAWPzJK8UZPuxRAg3YVJNHluB3O0Q2Uo14RkO3a2Tn_Ce9XoTUJ -Jqi_qZWytIB9sHMNM7KvcRxGedLqd_230O3zV7rTa4Up0BFoMyHmnf2SZu96x_Yz_n_AWhiaALvE -ON_nTxPEOHfEfrNzo7pCwIaI5gM6eu_S24aZTf4L-5tekqH7l1PEbKr2QP4XfTZBN4FgNExgGpzG -the3zv4k7hJeWe7GbtMmnZXIQUJkZVTHBwqvHkqtN9cBWpihCNVmI3zKq6Bsy6Us0SDZ686kpeVS -s9eyrzj6uLPE65mQxCpoMt6G4HSjzMqA3HOX_7ixBBhtdVi5-X7NeTigr-uaZg67yP3cSikfFf9w -dyFuMjg29jtlaTNzOov8HFrcLq01N3fpwDkSU_2TmLndU-FMat78CMCLW5QuS1KF3hC9T8wzKWS_ -WHK2oMA3SqWyqnj_cE_T4Ql_VKL3nkvf_bzTvLso_BWodUw2A-eO-1qjtCHp3nnTdSVH06E3_eRH -BuKWEt0MLyNpm88OD0tgOC3fn7casioynQLoFatta5nlQfj4nsAXj2bD6CrohtDhjOKXqHxDU6s7 -adtNoBGyEK5FKy3HtHMC7KXsK_6wbYUluz93nCNMok696HIHojNUydGFqfr2HluQTi0S3uHnD_pS --QM8DbsFi8oIztn6Er4CFFJQ-tUuDyX6ahfY5gWLqCgRM7RzrkoHY7b4vkHxZTBLZlPGWfRtG0vc -GTSqIRNI2Z_Zte5-wW7T9vfFVBsArF0SJWOrlUqf7fGN1_2H9B9aIpLEMaHF7EEp1OP6_SNnfuhB -K31EFy0VW0eGnLezpd3HT540kznub7h_m6phZaqeZJxsle9jHEOS7qDc3T6s1hZ7DLK2Ej5RFuq8 -5LA9Cj5VrdejKMZKZJwmyWylLe224RyY4gDa0MB_lDAeC-YFdY2ClymYRJmclFFSWf7X1j5beQve -xGbsXJaWZcJpahpFu4RR-kOOyZBLPsdiyOZ7PGXz83l35NiXabmRapgjve1t7NFSuRluafihc0Lg -GKoz_-3YAFJmh4Z3bcCsz1WhCUYqzWyDsnZiD7sMQT7Oyje7RqzoxBZs5Ke1_0jtpgFrc7BcqHG7 -WpwJr6hg53o3BpWcUEopBomhbdxiDSLxZmDrePy9LDC7YNk_7-gVKIc7dZDMgw6kSRR330p0 \ No newline at end of file +dK4TahfDgZ9dafmSF971Olx2sfGYPTm7JZnfbtjWxJOWSoRXzyLnJ2C1JwfucH99_9QTF2HQc_Av +LiBCbDt1UJz8K63igFpZhKHR1RpsF-jjGWcrkSWu5z9yz52DJYru4uJ-GY0simVUvlVOn_QR2SHV +D2qknw7FzUKO8NzQd0xJSbxP2lbTEOw5bD74d3gXaVnMEA1yUrV2f5LV5F6O6zPC7s94l9G1Prxa +LS2VE1ZUY2Y2VD9bigQxw_OdtfbMk9DrDAfvYmhUZwd4MMqurHYdqwn5iuMVBT3cz4saFVGhoFNv +d_NwEmsaeGujnZWRQUwhnv5SPXslQY_QXOnTbucvItDwpIA07W8fxZk1os3D5q2XFkHjqDzhWqnq +4Snv1Bz9gw7WIHBjVIgPDHfheQfvm7gO5E5LlmSiVouBdyEp1Yc4mhdR1zs8Kt1AvUEkXVzlbR7a +rMBcASvn1lGvjcU4NqM_u8hIFg-O-w2ooMJK9UUOOVlYRI_wblAGF173Z67CfVRtWdepKb2Fv4pb +3N9w95knLUsh6xea05W4FnNYdoGwHRofRVkH3Kotd0KUoXwe4p6UpfFw33jj-8pWMaRpkkDu9-Ol +Q_B006lHZ6HnXMWnQyrpqYxPRWc0TvoYvlSPqcXVQWIOVP3K-pp6lnREFfJSJ4MPm9AgE9v5GywH +YC9Tq0fWxzKuEbNZCU9xJyXP8rrQi9O8CVwBT0oAzJ012Ztt4mEXvjByKOJsCAPVbEqB3THcL-X5 +UNnyiM7aDFiemQGFbRQgNu9fkk3CgvgU_G4MvXneFmsbJdthvqVDMDe26miUmjOsQl6tZgqKg5sN +pExhOpoApRi7YL_1J79zkeziLHLU5NC9ryRrUfQgpwivnj9nqJr0COsEYLg9381NWMM100LBm2z0 +K8BTcmp9vKKXbfTm8a3qHexjThxWw8Og-x3Qsv4YP4TpNUAaDcLn78WPc23Mpx0Ir2Z8ALRwhmpH +W_F0phywuCPH_VO0rDulT8bTIs0Ldu5CnGCswL8hGhyw5mM0ZheOymFGn6Sd7mLOyKKFIF5HcR3n +_xfv11UweRzp0M-5VoLcCD6rXxJTZK245ureyZsXtkOLvQ81yko1FkQRbaN_86ECtYrMpGbhLY9O +GUyhXLG1Ac3M6ZsgwDn6iMUckCbANKIR77GY_BEIza5aw-3GHhhCsmtU5NtoUlpFuIC_JqqxoNYH +_iAB2bqN3Py6dXvTtT0WX6gciDsyYuXchECFub3i4vw_RZe0UEfrpJM3kEjcp3AFsOrosffvS2BT +ITDQr12f9Y0-ydAlCqzB9EpSchKwW4Hn7sUA_BEbSkO3e-ujNDrvzPPXWdESiJSzkJc6WHgossJx +q8UnYkCd4XJYavt1a7XnrCxJcJ-TVyM1EVWuHZxziX3p0FCeu0Ett600WXVCYvJ2UsLYpvAJWgYx +BQnMoJyJ6Xkk7-IaedqCZLlkITul99arptcxCKrfWY12V6C2cwmbJgxjvHPoM--4iads_Kj24c_q +LTLOuyqvqHL1UIVXW5i_1ddsgYJmCUK0WjsWvI151UNlKB7N0MFNhFZlGqN9JCog2HoAtyb2bRj7 +2-0VmLeiWAysfrfxEhL_ipHB3A5iVmVC6Eq_w2G8pcTk7Ii_oqiDVIbT90sgaUZavXyb3kkGKsko +ELxkKw7wytSXLgBY6E2IqLjnWdssQIYlolA1Hmg5JWNMr2vjcQWGQiXe1R5s6j2Kfp_vID4bn3qT +Reptwp9nEJ1xVGwWu6rGPdHIwqp-KwzajjNffJQPAgv0IoDSknF_uQ3fYfY2N_CfyI8p_fCsn5xx +zYXHR8enH6e1Q3olkWgdZtl5mhIF6B4RwMB7L7h5NDLoab-OlYVqDqKBZqcoE3iQXvEUGilj1S1O +cPN8A8KB8IXUsdSy38TqAEv8j4fY6TpMnhq-dmN0RhWekDJ2v9B2Jhmdu4Wnq3UetiEW455iwd8S +nNDAVyE0JlPq9Mgt10bUUwF5fL2JfpZWehSMVIbU2E0VMTcTxggVK9nMI3wMc2n8CRWgc7kM \ No newline at end of file diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 index 5cd75944f..7003136b9 100644 Binary files a/src/main/resources/clds/aaf/org.onap.clamp.p12 and b/src/main/resources/clds/aaf/org.onap.clamp.p12 differ diff --git a/src/main/resources/clds/aaf/truststoreONAPall.jks b/src/main/resources/clds/aaf/truststoreONAPall.jks index 2da1dcc4b..ff844b109 100644 Binary files a/src/main/resources/clds/aaf/truststoreONAPall.jks and b/src/main/resources/clds/aaf/truststoreONAPall.jks differ -- cgit 1.2.3-korg From 989f40665366b23937d06ebddc5d7c42b2e75f9f Mon Sep 17 00:00:00 2001 From: ChrisC Date: Fri, 5 Apr 2019 16:24:13 +0200 Subject: Update cadi to 2.1.10 and updated keystore Updated cadi for Dublin Issue-ID: CLAMP-337 Change-Id: I71e02369e8aa0a23250c94c68fcd9cf434de4414 Signed-off-by: ChrisC --- README.md | 12 ++--- docs/index.rst | 2 +- pom.xml | 2 +- src/main/resources/application.properties | 10 ++-- src/main/resources/clds/aaf/org.onap.clamp.keyfile | 54 ++++++++++----------- src/main/resources/clds/aaf/org.onap.clamp.p12 | Bin 4107 -> 4107 bytes 6 files changed, 40 insertions(+), 40 deletions(-) (limited to 'src/main/resources/clds/aaf/org.onap.clamp.p12') diff --git a/README.md b/README.md index 318d2c876..1cbf0e3ff 100644 --- a/README.md +++ b/README.md @@ -125,8 +125,8 @@ There is a section for SSL enablement and cadi configuration (for AAF) + one spr server.port=8443 server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 -server.ssl.key-store-password=34xqGdj]VnHothQ]5qCykV3X -server.ssl.key-password=34xqGdj]VnHothQ]5qCykV3X +server.ssl.key-store-password=China in the Spring +server.ssl.key-password=China in the Spring server.ssl.key-store-type=PKCS12 server.ssl.key-alias=clamp@clamp.onap.org server.ssl.client-auth=want @@ -139,21 +139,21 @@ spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controll .... clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile clamp.config.cadi.cadiLoglevel=DEBUG -clamp.config.cadi.cadiLatitude=37.78187 -clamp.config.cadi.cadiLongitude=-122.26147 +clamp.config.cadi.cadiLatitude=10 +clamp.config.cadi.cadiLongitude=10 clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095 clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf clamp.config.cadi.aafEnv=DEV clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0 -clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US In that case a certificate must be added in the browser and is required to login properly Please check that section to get the certificate https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca#ControlLoopFlowsandModelsforCasablanca-Configure Or it can be found in the Clamp source code folder src/main/resources/clds/aaf -(Default Password: "34xqGdj]VnHothQ]5qCykV3X") +(Default Password: "China in the Spring") 2. Spring authentication It's possible to enable the spring authentication by disabling the "clamp-aaf-authentication" profile and enabling only the "clamp-default-user" diff --git a/docs/index.rst b/docs/index.rst index c3c6ee402..fc0118ac9 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -184,7 +184,7 @@ For OOM, the URL is https://:30258/designer/index.html Default password : password - With AAF enabled, the certificate p12 must be added to the browser - ca path: src/main/resources/clds/aaf/org.onap.clamp.p12, password "34xqGdj]VnHothQ]5qCykV3X" + ca path: src/main/resources/clds/aaf/org.onap.clamp.p12, password "China in the Spring" Or get it from this page : https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca Human Interfaces diff --git a/pom.xml b/pom.xml index dbe87387d..71c9f2982 100644 --- a/pom.xml +++ b/pom.xml @@ -374,7 +374,7 @@ org.onap.aaf.authz aaf-cadi-aaf - 2.1.1 + 2.1.10 javax.servlet diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b8c633566..02acf184b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -58,8 +58,8 @@ server.port=8443 ## Config part for Server certificates # Can be a classpath parameter instead of file:/ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 -server.ssl.key-store-password=34xqGdj]VnHothQ]5qCykV3X -server.ssl.key-password=34xqGdj]VnHothQ]5qCykV3X +server.ssl.key-store-password=China in the Spring +server.ssl.key-password=China in the Spring server.ssl.key-store-type=PKCS12 server.ssl.key-alias=clamp@clamp.onap.org @@ -236,8 +236,8 @@ clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Princ #AAF related parameters clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile clamp.config.cadi.cadiLoglevel=DEBUG -clamp.config.cadi.cadiLatitude=37.78187 -clamp.config.cadi.cadiLongitude=-122.26147 +clamp.config.cadi.cadiLatitude=10 +clamp.config.cadi.cadiLongitude=10 clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095 clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf @@ -245,4 +245,4 @@ clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5 #clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect clamp.config.cadi.aafEnv=DEV clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0 -clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US diff --git a/src/main/resources/clds/aaf/org.onap.clamp.keyfile b/src/main/resources/clds/aaf/org.onap.clamp.keyfile index 4908ca7e6..45cdcb602 100644 --- a/src/main/resources/clds/aaf/org.onap.clamp.keyfile +++ b/src/main/resources/clds/aaf/org.onap.clamp.keyfile @@ -1,27 +1,27 @@ -dK4TahfDgZ9dafmSF971Olx2sfGYPTm7JZnfbtjWxJOWSoRXzyLnJ2C1JwfucH99_9QTF2HQc_Av -LiBCbDt1UJz8K63igFpZhKHR1RpsF-jjGWcrkSWu5z9yz52DJYru4uJ-GY0simVUvlVOn_QR2SHV -D2qknw7FzUKO8NzQd0xJSbxP2lbTEOw5bD74d3gXaVnMEA1yUrV2f5LV5F6O6zPC7s94l9G1Prxa -LS2VE1ZUY2Y2VD9bigQxw_OdtfbMk9DrDAfvYmhUZwd4MMqurHYdqwn5iuMVBT3cz4saFVGhoFNv -d_NwEmsaeGujnZWRQUwhnv5SPXslQY_QXOnTbucvItDwpIA07W8fxZk1os3D5q2XFkHjqDzhWqnq -4Snv1Bz9gw7WIHBjVIgPDHfheQfvm7gO5E5LlmSiVouBdyEp1Yc4mhdR1zs8Kt1AvUEkXVzlbR7a -rMBcASvn1lGvjcU4NqM_u8hIFg-O-w2ooMJK9UUOOVlYRI_wblAGF173Z67CfVRtWdepKb2Fv4pb -3N9w95knLUsh6xea05W4FnNYdoGwHRofRVkH3Kotd0KUoXwe4p6UpfFw33jj-8pWMaRpkkDu9-Ol -Q_B006lHZ6HnXMWnQyrpqYxPRWc0TvoYvlSPqcXVQWIOVP3K-pp6lnREFfJSJ4MPm9AgE9v5GywH -YC9Tq0fWxzKuEbNZCU9xJyXP8rrQi9O8CVwBT0oAzJ012Ztt4mEXvjByKOJsCAPVbEqB3THcL-X5 -UNnyiM7aDFiemQGFbRQgNu9fkk3CgvgU_G4MvXneFmsbJdthvqVDMDe26miUmjOsQl6tZgqKg5sN -pExhOpoApRi7YL_1J79zkeziLHLU5NC9ryRrUfQgpwivnj9nqJr0COsEYLg9381NWMM100LBm2z0 -K8BTcmp9vKKXbfTm8a3qHexjThxWw8Og-x3Qsv4YP4TpNUAaDcLn78WPc23Mpx0Ir2Z8ALRwhmpH -W_F0phywuCPH_VO0rDulT8bTIs0Ldu5CnGCswL8hGhyw5mM0ZheOymFGn6Sd7mLOyKKFIF5HcR3n -_xfv11UweRzp0M-5VoLcCD6rXxJTZK245ureyZsXtkOLvQ81yko1FkQRbaN_86ECtYrMpGbhLY9O -GUyhXLG1Ac3M6ZsgwDn6iMUckCbANKIR77GY_BEIza5aw-3GHhhCsmtU5NtoUlpFuIC_JqqxoNYH -_iAB2bqN3Py6dXvTtT0WX6gciDsyYuXchECFub3i4vw_RZe0UEfrpJM3kEjcp3AFsOrosffvS2BT -ITDQr12f9Y0-ydAlCqzB9EpSchKwW4Hn7sUA_BEbSkO3e-ujNDrvzPPXWdESiJSzkJc6WHgossJx -q8UnYkCd4XJYavt1a7XnrCxJcJ-TVyM1EVWuHZxziX3p0FCeu0Ett600WXVCYvJ2UsLYpvAJWgYx -BQnMoJyJ6Xkk7-IaedqCZLlkITul99arptcxCKrfWY12V6C2cwmbJgxjvHPoM--4iads_Kj24c_q -LTLOuyqvqHL1UIVXW5i_1ddsgYJmCUK0WjsWvI151UNlKB7N0MFNhFZlGqN9JCog2HoAtyb2bRj7 -2-0VmLeiWAysfrfxEhL_ipHB3A5iVmVC6Eq_w2G8pcTk7Ii_oqiDVIbT90sgaUZavXyb3kkGKsko -ELxkKw7wytSXLgBY6E2IqLjnWdssQIYlolA1Hmg5JWNMr2vjcQWGQiXe1R5s6j2Kfp_vID4bn3qT -Reptwp9nEJ1xVGwWu6rGPdHIwqp-KwzajjNffJQPAgv0IoDSknF_uQ3fYfY2N_CfyI8p_fCsn5xx -zYXHR8enH6e1Q3olkWgdZtl5mhIF6B4RwMB7L7h5NDLoab-OlYVqDqKBZqcoE3iQXvEUGilj1S1O -cPN8A8KB8IXUsdSy38TqAEv8j4fY6TpMnhq-dmN0RhWekDJ2v9B2Jhmdu4Wnq3UetiEW455iwd8S -nNDAVyE0JlPq9Mgt10bUUwF5fL2JfpZWehSMVIbU2E0VMTcTxggVK9nMI3wMc2n8CRWgc7kM \ No newline at end of file +HTQLJHUg5Du0VM7wHY5cBMTgupk6ujhSoAgx5BTHp9wt9CoWvD72ScIciyldEH9R2QZIL9ZvpVo0 +h2o-hSQueaVjPcIFUhVIl4HWmNC6I2YAlNkwy3VMl1g9otKaOTgo3ChsFUVq7ACIrcr2977wo4B_ +FeHa0lInuaLoEjHMP1fszTWYBBx9oY3K9s-9MQQyCo6bFV-4L733sPeE60j20FWoygUwvIqxp3Pc +Bmnm1AtcrhGH0elqDg9qNjmnmC3gxZaGpGiclaEds_lVu57RIXwtTHgYyMbJzfP-Ziq3T7i8d-h3 +JZThj1l9JvDLYm2z0BEXuQ3Owvn4m98cWB9P5esJOKYEvsfIGK_Fd6uT04fzkeDT1wNV4-Swuorr +ymZQxnvHbUAp91NJEa3EtWTuBxNeoqV0cw97WkAYn95pgjH4ZVhBdczclS-EStFJyYOHtTRAs1A_ +8i36GiuUPHn3KolkRF2GvtZfwNj5AYfcUKhqULJ-T_is2KKYnGwQ2iaItX2852o4zlzkMXFMkt5C +qbsDmrU7F5zxn4HG6yShW5sIXgAcS9cyIs8IFgHtkYauDJlKZWynhzqibh3-bzPyfFmreTHxQ-Av +Lgp5sAtf1B9_1feVyE78bmQ3IMtxE-YkV8RYPDJzKw0nIdjce7j89azNq_as5JMfCCHSlYcKRs8O +Nrh8gXYun28iUL_kwEUWK0WohPgwQBb46_Hkc6a0aSYbuFA_7qgprPB9wmAlHtuqnCAb2vk8GT-h +07DB6yPGgzE-OgXUzLIWHXVzPO6SjOg3ifYpCRigOsNqkV1paBBOzje7dn2RnpgaRJS3zupTMnqF +g5N9qCgubxRlII626-Dc_i5X1OAWPzJK8UZPuxRAg3YVJNHluB3O0Q2Uo14RkO3a2Tn_Ce9XoTUJ +Jqi_qZWytIB9sHMNM7KvcRxGedLqd_230O3zV7rTa4Up0BFoMyHmnf2SZu96x_Yz_n_AWhiaALvE +ON_nTxPEOHfEfrNzo7pCwIaI5gM6eu_S24aZTf4L-5tekqH7l1PEbKr2QP4XfTZBN4FgNExgGpzG +the3zv4k7hJeWe7GbtMmnZXIQUJkZVTHBwqvHkqtN9cBWpihCNVmI3zKq6Bsy6Us0SDZ686kpeVS +s9eyrzj6uLPE65mQxCpoMt6G4HSjzMqA3HOX_7ixBBhtdVi5-X7NeTigr-uaZg67yP3cSikfFf9w +dyFuMjg29jtlaTNzOov8HFrcLq01N3fpwDkSU_2TmLndU-FMat78CMCLW5QuS1KF3hC9T8wzKWS_ +WHK2oMA3SqWyqnj_cE_T4Ql_VKL3nkvf_bzTvLso_BWodUw2A-eO-1qjtCHp3nnTdSVH06E3_eRH +BuKWEt0MLyNpm88OD0tgOC3fn7casioynQLoFatta5nlQfj4nsAXj2bD6CrohtDhjOKXqHxDU6s7 +adtNoBGyEK5FKy3HtHMC7KXsK_6wbYUluz93nCNMok696HIHojNUydGFqfr2HluQTi0S3uHnD_pS +-QM8DbsFi8oIztn6Er4CFFJQ-tUuDyX6ahfY5gWLqCgRM7RzrkoHY7b4vkHxZTBLZlPGWfRtG0vc +GTSqIRNI2Z_Zte5-wW7T9vfFVBsArF0SJWOrlUqf7fGN1_2H9B9aIpLEMaHF7EEp1OP6_SNnfuhB +K31EFy0VW0eGnLezpd3HT540kznub7h_m6phZaqeZJxsle9jHEOS7qDc3T6s1hZ7DLK2Ej5RFuq8 +5LA9Cj5VrdejKMZKZJwmyWylLe224RyY4gDa0MB_lDAeC-YFdY2ClymYRJmclFFSWf7X1j5beQve +xGbsXJaWZcJpahpFu4RR-kOOyZBLPsdiyOZ7PGXz83l35NiXabmRapgjve1t7NFSuRluafihc0Lg +GKoz_-3YAFJmh4Z3bcCsz1WhCUYqzWyDsnZiD7sMQT7Oyje7RqzoxBZs5Ke1_0jtpgFrc7BcqHG7 +WpwJr6hg53o3BpWcUEopBomhbdxiDSLxZmDrePy9LDC7YNk_7-gVKIc7dZDMgw6kSRR330p0 \ No newline at end of file diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 index 7003136b9..b3c69efea 100644 Binary files a/src/main/resources/clds/aaf/org.onap.clamp.p12 and b/src/main/resources/clds/aaf/org.onap.clamp.p12 differ -- cgit 1.2.3-korg From dcc4bdc4e0f8b614e36a7ef0a2d97e2b6b5e3201 Mon Sep 17 00:00:00 2001 From: sebdet Date: Tue, 15 Oct 2019 14:04:00 +0200 Subject: Update AAF certificate Update the AAF certificate as the previous one will expire soon Issue-ID: CLAMP-536 Change-Id: Ia900449fcb1b327d60ae8f9c628610151ed70f0d Signed-off-by: sebdet --- pom.xml | 4 +- .../onap/clamp/clds/filter/ClampCadiFilter.java | 7 +- src/main/resources/application.properties | 12 ++-- src/main/resources/clds/aaf/org.onap.clamp.keyfile | 54 +++++++------- src/main/resources/clds/aaf/org.onap.clamp.p12 | Bin 4107 -> 4147 bytes src/main/resources/clds/aaf/ssl/clamp.key | 54 +++++++------- src/main/resources/clds/aaf/ssl/clamp.pem | 80 +++++++-------------- version.properties | 2 +- 8 files changed, 93 insertions(+), 120 deletions(-) (limited to 'src/main/resources/clds/aaf/org.onap.clamp.p12') diff --git a/pom.xml b/pom.xml index c0f31e933..cce555d90 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ 4.0.0 org.onap.clamp clds - 4.1.3-SNAPSHOT + 4.1.4-SNAPSHOT clamp @@ -397,7 +397,7 @@ org.onap.aaf.authz aaf-cadi-aaf - 2.1.10 + 2.1.15 javax.servlet diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java index cd141ae77..68544de67 100644 --- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -46,6 +46,7 @@ import javax.servlet.http.HttpServletRequest; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.clamp.clds.util.ResourceFileUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationContext; @@ -150,13 +151,17 @@ public class ClampCadiFilter extends CadiFilter { X509Certificate cert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream( URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes())); + X509Certificate caCert = (X509Certificate) certificateFactory + .generateCertificate(new ByteArrayInputStream(ResourceFileUtil.getResourceAsString("clds/aaf/ssl/ca-certs.pem").getBytes())); + X509Certificate[] certifArray = ((X509Certificate[]) request .getAttribute("javax.servlet.request.X509Certificate")); if (certifArray == null) { - certifArray = new X509Certificate[] { cert }; + certifArray = new X509Certificate[] { cert, caCert }; request.setAttribute("javax.servlet.request.X509Certificate", certifArray); } else { certifArray[0] = cert; + certifArray[1] = caCert; } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 64121c947..3ac6fa255 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -244,11 +244,11 @@ clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile clamp.config.cadi.cadiLoglevel=DEBUG clamp.config.cadi.cadiLatitude=10 clamp.config.cadi.cadiLongitude=10 -clamp.config.cadi.aafLocateUrl=https://10.0.0.106:31111 -clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs -clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf -#clamp.config.cadi.oauthTokenUrl=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token -#clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect +clamp.config.cadi.aafLocateUrl=https://aaf-locate:8095 +clamp.config.cadi.cadiKeystorePassword=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc +clamp.config.cadi.cadiTruststorePassword=enc:iDnPBBLq_EMidXlMa1FEuBR8TZzYxrCg66vq_XfLHdJ +clamp.config.cadi.oauthTokenUrl= https://AAF_LOCATE_URL/locate/onap.org.osaaf.aaf.token:2.1/token +clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/locate/onap.org.osaaf.aaf.introspect:2.1/introspect clamp.config.cadi.aafEnv=DEV clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 -clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/src/main/resources/clds/aaf/org.onap.clamp.keyfile b/src/main/resources/clds/aaf/org.onap.clamp.keyfile index 45cdcb602..c2521fc81 100644 --- a/src/main/resources/clds/aaf/org.onap.clamp.keyfile +++ b/src/main/resources/clds/aaf/org.onap.clamp.keyfile @@ -1,27 +1,27 @@ -HTQLJHUg5Du0VM7wHY5cBMTgupk6ujhSoAgx5BTHp9wt9CoWvD72ScIciyldEH9R2QZIL9ZvpVo0 -h2o-hSQueaVjPcIFUhVIl4HWmNC6I2YAlNkwy3VMl1g9otKaOTgo3ChsFUVq7ACIrcr2977wo4B_ -FeHa0lInuaLoEjHMP1fszTWYBBx9oY3K9s-9MQQyCo6bFV-4L733sPeE60j20FWoygUwvIqxp3Pc -Bmnm1AtcrhGH0elqDg9qNjmnmC3gxZaGpGiclaEds_lVu57RIXwtTHgYyMbJzfP-Ziq3T7i8d-h3 -JZThj1l9JvDLYm2z0BEXuQ3Owvn4m98cWB9P5esJOKYEvsfIGK_Fd6uT04fzkeDT1wNV4-Swuorr -ymZQxnvHbUAp91NJEa3EtWTuBxNeoqV0cw97WkAYn95pgjH4ZVhBdczclS-EStFJyYOHtTRAs1A_ -8i36GiuUPHn3KolkRF2GvtZfwNj5AYfcUKhqULJ-T_is2KKYnGwQ2iaItX2852o4zlzkMXFMkt5C -qbsDmrU7F5zxn4HG6yShW5sIXgAcS9cyIs8IFgHtkYauDJlKZWynhzqibh3-bzPyfFmreTHxQ-Av -Lgp5sAtf1B9_1feVyE78bmQ3IMtxE-YkV8RYPDJzKw0nIdjce7j89azNq_as5JMfCCHSlYcKRs8O -Nrh8gXYun28iUL_kwEUWK0WohPgwQBb46_Hkc6a0aSYbuFA_7qgprPB9wmAlHtuqnCAb2vk8GT-h -07DB6yPGgzE-OgXUzLIWHXVzPO6SjOg3ifYpCRigOsNqkV1paBBOzje7dn2RnpgaRJS3zupTMnqF -g5N9qCgubxRlII626-Dc_i5X1OAWPzJK8UZPuxRAg3YVJNHluB3O0Q2Uo14RkO3a2Tn_Ce9XoTUJ -Jqi_qZWytIB9sHMNM7KvcRxGedLqd_230O3zV7rTa4Up0BFoMyHmnf2SZu96x_Yz_n_AWhiaALvE -ON_nTxPEOHfEfrNzo7pCwIaI5gM6eu_S24aZTf4L-5tekqH7l1PEbKr2QP4XfTZBN4FgNExgGpzG -the3zv4k7hJeWe7GbtMmnZXIQUJkZVTHBwqvHkqtN9cBWpihCNVmI3zKq6Bsy6Us0SDZ686kpeVS -s9eyrzj6uLPE65mQxCpoMt6G4HSjzMqA3HOX_7ixBBhtdVi5-X7NeTigr-uaZg67yP3cSikfFf9w -dyFuMjg29jtlaTNzOov8HFrcLq01N3fpwDkSU_2TmLndU-FMat78CMCLW5QuS1KF3hC9T8wzKWS_ -WHK2oMA3SqWyqnj_cE_T4Ql_VKL3nkvf_bzTvLso_BWodUw2A-eO-1qjtCHp3nnTdSVH06E3_eRH -BuKWEt0MLyNpm88OD0tgOC3fn7casioynQLoFatta5nlQfj4nsAXj2bD6CrohtDhjOKXqHxDU6s7 -adtNoBGyEK5FKy3HtHMC7KXsK_6wbYUluz93nCNMok696HIHojNUydGFqfr2HluQTi0S3uHnD_pS --QM8DbsFi8oIztn6Er4CFFJQ-tUuDyX6ahfY5gWLqCgRM7RzrkoHY7b4vkHxZTBLZlPGWfRtG0vc -GTSqIRNI2Z_Zte5-wW7T9vfFVBsArF0SJWOrlUqf7fGN1_2H9B9aIpLEMaHF7EEp1OP6_SNnfuhB -K31EFy0VW0eGnLezpd3HT540kznub7h_m6phZaqeZJxsle9jHEOS7qDc3T6s1hZ7DLK2Ej5RFuq8 -5LA9Cj5VrdejKMZKZJwmyWylLe224RyY4gDa0MB_lDAeC-YFdY2ClymYRJmclFFSWf7X1j5beQve -xGbsXJaWZcJpahpFu4RR-kOOyZBLPsdiyOZ7PGXz83l35NiXabmRapgjve1t7NFSuRluafihc0Lg -GKoz_-3YAFJmh4Z3bcCsz1WhCUYqzWyDsnZiD7sMQT7Oyje7RqzoxBZs5Ke1_0jtpgFrc7BcqHG7 -WpwJr6hg53o3BpWcUEopBomhbdxiDSLxZmDrePy9LDC7YNk_7-gVKIc7dZDMgw6kSRR330p0 \ No newline at end of file +kzJMxgphAoBxJz1_vYjxx-V87fahDQdYUqBIyWhZp8ojXdNpmB-96T9CvgJScJynbLcqw2Cj2CYx +wd97vFOYhlyz5zK3tSyIuydOkVGJsJ1S4PviTtjhiJvNourJNDHgtas1Y1y2fQ5_8aVxj-s4W72N +MNYhkeTinaQx_d_5hkBPABJlgCxKLnmxHo2jAJktnZYa5t5h48m7KiUx_RVEkQVtEvux-7vgXaC4 +ymTXj6zI9XoMTVxM0OAl4y7kBiUoOUaxS4tVKV34RJYNNqBjiUTQa_ag-KeUacRABk1ozfwzpvE5 +Sjz8WCy0L-LtCQnapkhKLt04ndCZtw8LDJ-Zz0ZgR2PVIPpTgs9VnVuOi5jf4LzTrtUatvOWkKB9 +drXKzp6cNXnZ0jkD3vV1BzqzhynKnZR2o_ilZv5CTTdpGUt906N_DwZuX6LfcV_7yvjX42bTfeIR +ycPtodFPXlqqn9VUyh5nOauJlnOHAQmSDzjMEgjy17nQX3Ad7s4BfvujzUl-d0MqB_HCKbaW32UT +xcY-0JfI1Y-2IdYfIkUdhVmxop6sSg0jAobWzgCRoRQkP3a2iIlKdfMyskshoWKIDVtlr-3fkDEb +x_b_o1rRoUfzUzxEdphaUAq80Sc0i77ZLT3KF9vJOhyU_pBnApYFxVk7Hkk3VRxJKS7jyL4H7k1x +2m5-2G8fB9XbYZT82xmAquNx4oBdpwj3_ncGF9YRF94K6NZgqemT5iWhpXMoelSU1blASgT3qlTm +B6YgbD5owExNHwRVd8KeRsYrOnBWUiktsIhXFhNZmDUNWMFGQ2KxEcOt1tJwsQDehJFgY_l1JQ0d +643wJ7rTJkGkYX309cydRQUX4Z0ckSQS9LhMd9stxF5XOHlvHdbW0pXNS7SaLbzKCVldUgncvI6z +KWkwrWbftrZK2RT1UZKNngQDMGOk9OhbHAs7YzhFNFARZoRNobIv5tZVDomy-YgJb9-mD1UTkRBL +WXOyoryDlgKrgFsgHclGDI1UFO5N-JfebPKxbP505f4924hxF2r8bspvVW8ZtHQo_SJmhauOX8n_ +eN_LK43LB9k53WAHZ_utvs0s6wGf7I73oj_N7DIFaHTDSm_MhDsFDLVG_wUzCpZ5FP2uL3nnqMkF +Ob-l1fywfmfOmrz1BY6g4sRPPeWXuclYTnRnDRu5VQyc7_aBEVkyt3zw0JEex0vJNFUJl3pYjS55 +GplAB6p7VbS9ceZEtc5Z3qFIVHEzKWZxT190E23t_LlMuEoQ1zaqdHynNaMs61-q_A2aHRiTqlRm +7FahVB3RX4AVLl23mu4u3A9ZDXc40nzjs9mwOVsuKlPvQ2rteDUG1njr2R1_V_MyQuoJjdfbIkPG +4eF0QzlSMdbkeprdQxSfV5YT-yPpkBxSsCMMM43sKm4Hy7_CUdvp4Iayrp3vtK3oYMuCGi6qTadz +KzxfTf8meKan3eMZW4RLByyniH5nQnX_KGfBly05AmFyVH_j0fyOg-48kDhtEKeqmDnP4C01jOID +Ip_AKaB6e0GwsHzVTLZOklHwu_qzsaTzchBOG_dJJju7bxY7qv78Pa92wZIP311gSCVbc-gxxbsR +qI555twmYEoasFm4xz10OYDOkvM1E1Rtxu3ymRLZpe6AoyFBVzEW7Dncdw7O98dKcgrp8ZlQ_8Wg +5zZH0Cic7xnIZ0bNZyQXw56CSUiXVWuwVY3e0djXP3F-FO5gP8VTxbpW4C0t6McXAOlvSEfFKxN7 +u6OBeOKwjrtHaJk2ghF8MUcpDXanhbAgHez9larGlscCkgvoRLNaRH9GIdSVgY3HtNhJRaJIq01S +OGeBjC5J4o-nTrqRFkwyDAYcPL373eYX1dBFFVHR-4q50H9m_zMxZHXETafxzV4DT3Qi8Sxh3uaS +ZX7mRaNaOE0uC1n87_IZ9WhrwIQaZng2lnd9yZ-4rx8fB8WA8KQzifzvHAcMb_HV10JWGaz5A2Rm +EXDsfexQC6CqYg5rdzzlNWDPNlHy5ubyz7fRXZ99uIwBY9aJcvCXCiEXJkC6utj3NcXQrJmk \ No newline at end of file diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 index b3c69efea..dc24567b9 100644 Binary files a/src/main/resources/clds/aaf/org.onap.clamp.p12 and b/src/main/resources/clds/aaf/org.onap.clamp.p12 differ diff --git a/src/main/resources/clds/aaf/ssl/clamp.key b/src/main/resources/clds/aaf/ssl/clamp.key index fcf68bfa2..af847d59a 100644 --- a/src/main/resources/clds/aaf/ssl/clamp.key +++ b/src/main/resources/clds/aaf/ssl/clamp.key @@ -1,32 +1,32 @@ Bag Attributes friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33 + localKeyID: 54 69 6D 65 20 31 35 37 31 30 36 38 34 31 31 38 30 37 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4nLg3HAYzgJTr -C9WdZypwz0UzcQcCFXwEUUA8StwtMwx0OahJiEJRdFY6fmydq4MzFgZ6HQt/M7dY -0l8phLHpGTVdrFMgW8yZer8bwNcSSiPVRy8j0s8lBHdR+KofG+yA19xg6lCYDX78 -yfeA2jZ52FhVWavyGHS4whWlw8T1EGbZZqXZCFgc7zHjUXuG1mo2ropppJkouf9g -WEH2Vx16YiosgZzftRW1N3KJ7JozcEtS/j4w/pNyS7HOQDWWGTDk6Us4bt8Zg4gd -1FeID0FmnEEGRKP+XscsGNwMd06MBsCAOutHkpFtS+UT3cr8xIKewL7uPq24X3ke -W148togFAgMBAAECggEATncV+R5pKFS7dteV2IvzxvTh1cZxkxoslu0t3zJ2OKPc -5D1pYK+QeGx5Be2cHru6TOlMoXRc4ZjKke8AUXY74/Y573GB91vtL0KznYkuIHDw -oALcb153eqVWTbniHMzSjcSxv2N4E9iQo8L39oVI6CrjCIvPgFuSqMCdUNJPkVTI -4nsarTfLK4fzi7IbWzi9JdE1QRNIxcCMcYJRnLZMdneMLBleR0UL82Xc2KOy5SEt -zyKYCQ8zS247FKolnOrDkhKxXI5fzdDpRK5AQSsAykUPWlYq7pzKjY/dU9rMRohx -YSltFjPZ3sQ3UKqqIqhZS+GoVuZoc925WyhViPsqtQKBgQDsL4LFfPWN8nnsusQp -VR3T7HvvwXuEVAydlaJMwZU0cRYN+L7RHHjDoXZZrNJDIDzNoWnBLKRGx3mtLmgJ -9Pa6SxN6Oc8oo6jzv2D59g1PVjNOMOYTCTb/2Xum4LMLaeeF57HkWxzeA3Ws47++ -gXwzQpbE90tp1Ys4uXD3JoivvwKBgQDIGZTwLGhLSegdAjG83WEgmdtzT1kjvx0Q -A8IR2jkgkTJHdKiuslJ8Z3/XufHEwWMWwfs1XLwxYluoo1y9eNvNeHZXjLqjL62c -I3034F9IvvTUqFcxam2WdoklXbAiSvLUo/9exPgOuVxok6Zv1imRgGb/vYV9vyG7 -86MRuQu5OwKBgQC9E3fcA6JMpY3H3uhEsngzfMDm+fyYvfRvfyezzNFWbyWZv8V6 -gBGJg0vMlFarGDa044BW/hbw9qXI5zqwpeOS1aFdGsRlo0cRAuduk/Spy7c85FZ7 -bMgT4BZmTMHo5DpNb2NxDSO59AkThCuvJde47ZjnS5WavzI6EfKGWNnZ3wKBgQCF -QiwjCp/mS/DtqLFxAsmVSYGROG231aXILYiIFRloa+ndFn7j4NP4D4FfLHErRFL2 -K/ddIUYfaU57b1fqwts26ht90LXWyYDH9AaHOMCcFLe+C+INgcA7rPNG1C7hl6JC -JHmEJo7AV4eICZSU9D44rRdrB08oYCpaHjYiLmb1UwKBgQCWCDJ4p2DrNL9hzj3K -kzvM5saXrfI4aVBXVt9rw9s1d/WG8JOpnmHcnLPb6Tj59rDktrLCLv0sVstMwNVJ -sOO+qsgn1VoZalcVhhjdONm5YvhJQgz0F7Y2xkr6g/AuMPz2YigGfm7fe/z7rc+L -q9Ua2HmUS8DDBy7W89MNZJNkDQ== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsuvJ9pjBqjrxI ++5TG2PTVRUob9Cx1uO3cUMzR01mxNodsSRdI3sq6Q2Nr+PenoT7edo8ujru8G79H +BfyUWBkNe3hJikCXzDV62cwavWtGjWIsOZHczJfj8ZrtObJ/uRpeGmbosY38zUwN +cGzT1vm2K67MPe2BazTI4JLxyGcJ0bZEZ0XGBMOup3Hqo2QOy7BaQMOTs20Ww3aB +64h7KAqaqNnblqUOtkLCUBdp6Lxa9oBXqS4Fg+C1eZqzuixLQgmWZs2ED+wl4FZD +DaIkN4gw4YTXhpxr82gauW3ro2sAYrJX63FqIzaj0rj/vqxYSy7fjzbsE1VPBxCH +yUuaHxUTAgMBAAECggEABaPlHy06D4CxrUBpz0RuWjh0/wyuFvn+6l7JEWDxYNQD +AAoy9HIx9HsW2AO9MoAVaXY9nquSfcX6LPuJD98AkmwhtWUKTuqgJG7QN19QDXG4 +bvFCTg9wNkVBZdWoens03TXHfnmtxT9+6EFvjEtMxCIRByJOixdRFe4fXj3I/40H +p6KjzscPhRqmapB5U/lWwteONoq1A4VBoqj1Qbe1NjmNGMhhXqj/d9f6B0DPGqIA +nIDubb1B3YNdbxE8LbY1YiQZEtjjA2uIyW0tRjZyhVVtNwSm814fyjVPp2oRpK43 +2OVBLbHZlxY5sFZwU71lWSyEAHhOL5yY1HORKUyCIQKBgQDwR8POilccu1fczDX7 +7jTHvknrtc5Pm689hOz+iZz8oib5MNHM57YMQJNauAHcUUDc8PEBrU44kJda7zVU +8jVgeV0kvZcmDM4AGrmbBSGLhcmyqJC4wKF20K3rVFFo5exlpTDU7dwnPkMbHeGQ +LmPzk+5BKQa81Mq+cObdJs/LpwKBgQC4B9kf+cex77OluKN9mz8D3MOEWycztDpd +XVeM+RV4cjIMaQl91GovtQDwdy9TbKCsq+sFvqWsmQNkUlDGP2c0y4PFnJt7ahzW +wqZ8bZgNcTNE+KqHUMEOcDGRVoQf65XRWZhjq0mJyCewPMOrdFgHTzva2QYOrZTK +jBIWx84otQKBgQCDjidM7D1pw8EFaOGdv/wx6KO8ZFxDBfBadG71pg7H21gPU4Vq +9OqdprWHE/wgznP/BARQcLzFB5V2+kVu7vX+jjRLK2qYMKaRNBCvKY4GQAgAw34J +SZ6d2P+AOzgfgNN/i4RC8MB61AIV1LRtJpkfAb2O+5Fuzer7fgFI0DkxPQKBgAdq +gYxxU2PPRg0KmMQKCosMTXC6/6RsweFbTpjmvL/C0lN/tBs3ASR1Bdmq4+RXv03W +C72KhkCjVeioDItAqNcO0HuZKQbbKthYtb7T58m64xcHck/LqEv9p3G069QheUMb +ejGiCG+d+kN232e8Y4O/5KiYEE9tHU7gQCZc3Oj1AoGBAI2QyoAJlM0jREsEft7c +L+5kcV+VulyMYEFycSy6KziUKxVh+VMk5Eo6UhXo6m4x37tg/D8uK/tkeJdWw00N +dXLsUcDEacZyF8UfRsrscmiBURu0+9S/5+ncSX6s18HHGL7n2io+PX/ie2neO7q1 +fj50Aj03dg1TrgMTx2g6e85Y -----END PRIVATE KEY----- diff --git a/src/main/resources/clds/aaf/ssl/clamp.pem b/src/main/resources/clds/aaf/ssl/clamp.pem index ccb0097df..22f4541a4 100644 --- a/src/main/resources/clds/aaf/ssl/clamp.pem +++ b/src/main/resources/clds/aaf/ssl/clamp.pem @@ -1,64 +1,32 @@ Bag Attributes friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33 -subject=CN = clamp, emailAddress = , OU = clamp@clamp.onap.org, OU = OSAAF, O = ONAP, C = US + localKeyID: 54 69 6D 65 20 31 35 37 31 30 36 38 34 31 31 38 30 37 +subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 -----BEGIN CERTIFICATE----- -MIIEKDCCAxCgAwIBAgIIWY+5kgf/UG4wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIETDCCAzSgAwIBAgIIGF6ukzqwlGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyMTE2MTY1OFoXDTIwMDMyMTE2MTY1OFow -bDEOMAwGA1UEAwwFY2xhbXAxDzANBgkqhkiG9w0BCQEWADEdMBsGA1UECwwUY2xh -bXBAY2xhbXAub25hcC5vcmcxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALic -uDccBjOAlOsL1Z1nKnDPRTNxBwIVfARRQDxK3C0zDHQ5qEmIQlF0Vjp+bJ2rgzMW -BnodC38zt1jSXymEsekZNV2sUyBbzJl6vxvA1xJKI9VHLyPSzyUEd1H4qh8b7IDX -3GDqUJgNfvzJ94DaNnnYWFVZq/IYdLjCFaXDxPUQZtlmpdkIWBzvMeNRe4bWajau -immkmSi5/2BYQfZXHXpiKiyBnN+1FbU3consmjNwS1L+PjD+k3JLsc5ANZYZMOTp -Szhu3xmDiB3UV4gPQWacQQZEo/5exywY3Ax3TowGwIA660eSkW1L5RPdyvzEgp7A -vu4+rbhfeR5bXjy2iAUCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE -AwIF4DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0w -S4AUgfeZWxC5yIze81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0w -CwYDVQQKDARPTkFQMQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQU+GZ6wmWDPrmq -Wd1/NtMYiCQ8Dg4wOwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVk -ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFZdhB -U6xm6l0vj4q89onLx4opTPvwGNRc0n402lifkPYXseFtphZSHIf2Sg0mFTH4KHb4 -FdMyBzq1+f5WLU+xRC1nT4eGJ0FvRR6204/fGVrzJTS67phnRnxr2WZzLPW0wPJe -K8SzN6tkUgE7/a/s0T/htE/blDxWh75+tA2jQlgj1Ri0y9A1J8wx++REKjGlHjFN -53aiipsB+wC/oEMzYL4qEPiYPI0Lr3Lsay1F7f6cvDT4+EYzBLMFuwCvpcnHgSMS -4fFj2ROmUG2+CC23B88Q0WNxjLPq/CrmHZZBsqwruPJ0cSuCQxfshTQ6uZhcjtu8 -6TRYkIcL0x9r/AHP ------END CERTIFICATE----- -Bag Attributes - friendlyName: CN=intermediateCA_9,OU=OSAAF,O=ONAP,C=US -subject=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 - -issuer=OU = OSAAF, O = ONAP, C = US - ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +bnRlcm1lZGlhdGVDQV85MB4XDTE5MTAxNDE1NTM0MVoXDTIwMTAxNDE1NTM0MVow +gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl +ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y +ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV +UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKy68n2mMGqOvEj7lMbY +9NVFShv0LHW47dxQzNHTWbE2h2xJF0jeyrpDY2v496ehPt52jy6Ou7wbv0cF/JRY +GQ17eEmKQJfMNXrZzBq9a0aNYiw5kdzMl+Pxmu05sn+5Gl4aZuixjfzNTA1wbNPW ++bYrrsw97YFrNMjgkvHIZwnRtkRnRcYEw66nceqjZA7LsFpAw5OzbRbDdoHriHso +Cpqo2duWpQ62QsJQF2novFr2gFepLgWD4LV5mrO6LEtCCZZmzYQP7CXgVkMNoiQ3 +iDDhhNeGnGvzaBq5beujawBislfrcWojNqPSuP++rFhLLt+PNuwTVU8HEIfJS5of +FRMCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUicMoQoxguo6qFb7YZ2gZn8X0BV4w +OwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVkZW1vLm9uYXAub3Jn +ggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCMDZrqzL/orHH3WoLKj/JJ ++QOt89CTYJqX5rS2TbQgX/JdjXJzJsmY21dTHxg0+AdRmAUATHBFAOg/nLEfDUOh +NX0+OshoaTYjrI2ZH4j24UsoXzGffpjqPbLMZJ1uzxy4qTTvzeJJM1NsfKD4Er0B +KDgN66pzywJrxOXkTQZpmkgGeB9FwmBoLFKP2XJjXXT9c9Wol8ttrSqu/sy5e6/Y +SZLco8lXx0isxGgG5PfF9WSuikFRlC5LCmcSn9EfxQIOeGjzJQpuB8yqN/ojE8wY +ZBhaUM/+NETQNzsh4dZxq7ErSknND60NYit8rz9lWDDrNNKVF+8iFpoTb17V8e3C -----END CERTIFICATE----- diff --git a/version.properties b/version.properties index d611b206b..941cd1d65 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=4 minor=1 -patch=3 +patch=4 base_version=${major}.${minor}.${patch} -- cgit 1.2.3-korg From 504422fe7b93714222ff53b9ee9914a26b74c091 Mon Sep 17 00:00:00 2001 From: ChrisC Date: Wed, 5 Feb 2020 13:07:40 +0100 Subject: Update SSL Certs and doc Update SSL certs for Frankfurt (expiry date Feb 2021) + fix clamp env for compose. Documentation updated to reflect what to do for cert renewal (readme). Issue-ID: CLAMP-641 Signed-off-by: ChrisC Change-Id: I24e24ee88674c3d5b399bc0f1722c61f4c54a937 --- README.md | 27 +++++++++---- extra/docker/clamp/clamp.env | 2 +- src/main/resources/clds/aaf/org.onap.clamp.p12 | Bin 4147 -> 4155 bytes src/main/resources/clds/aaf/ssl/clamp.key | 54 ++++++++++++------------- src/main/resources/clds/aaf/ssl/clamp.pem | 37 ++++++++--------- 5 files changed, 66 insertions(+), 54 deletions(-) (limited to 'src/main/resources/clds/aaf/org.onap.clamp.p12') diff --git a/README.md b/README.md index 148ff959c..65fc0530c 100644 --- a/README.md +++ b/README.md @@ -114,10 +114,10 @@ With the default log settings, all logs will be generated into console and into You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json` -## Clamp AAF +## Clamp AAF - Renew Certificates - Connect to windriver with openvpn - create a folder aaf-renewal and go to it -- create a file aaf.props with that content +- create a file aaf.props with that content (or run the agent.sh script below, it will prompt you for values at first run) VERSION=2.1.13 DOCKER_REPOSITORY=nexus3.onap.org:10001 HOSTNAME= @@ -141,13 +141,24 @@ You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/ cadi_latitude[0.000]=10.0 cadi_longitude[0.000]=10.0 - Certs should created, you can get them in /var/lib/docker/volumes/clamp_config/_data/local + If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re used) : docker volume rm clamp_config - wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar - to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi digest changeit testos.key - +- you can also use the agent.sh script to decrypt the passwords, by running the showpass commands (see wiki below) - Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key' - Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem' - Extract CA certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -cacerts -nokeys -chain > ca-certs.pem' - reference wiki: https://wiki.onap.org/display/DW/AAF+Certificate+Management+for+Dummies +- you need to place new clamp.key, clamp.pem and ca-certs.pem into src/main/resources/clds/aaf/ssl, this will be used by the FrontEnd +- you need to replace the password of the generated keystore (clamp uses the p12 keystore), we want to keep the same demo password across release + to do so, you can use keytool to update the password and set it back to 'China in the Spring' + keytool -storepasswd -keystore ./org.onap.clamp.p12 +- this will prompt for the current keystore password (the one generated by the aaf script that you can get from the above) +- you can then set it to 'China in the Spring' +- once done, you can replace : org.onap.clamp.p12 into src/main/resources/clds/aaf +- rebuild Clamp Docker containers, they should be updated with the renewed certificates + + ## Clamp Credentials There are two mechanisms that can enabled for the authentication, one or the other never both at the same time. @@ -158,17 +169,17 @@ There is a section for SSL enablement and cadi configuration (for AAF) + one spr server.port=8443 server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 -server.ssl.key-store-password=China in the Spring -server.ssl.key-password=China in the Spring +server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc +server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-store-type=PKCS12 server.ssl.key-alias=clamp@clamp.onap.org +clamp.config.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile server.ssl.client-auth=want server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks -server.ssl.trust-store-password=changeit - +server.ssl.trust-store-password=enc:iDnPBBLq_EMidXlMa1FEuBR8TZzYxrCg66vq_XfLHdJ server.http-to-https-redirection.port=8080 .... -spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller-new,clamp-ssl-config .... clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile clamp.config.cadi.cadiLoglevel=DEBUG diff --git a/extra/docker/clamp/clamp.env b/extra/docker/clamp/clamp.env index ae6dbec11..06381f941 100644 --- a/extra/docker/clamp/clamp.env +++ b/extra/docker/clamp/clamp.env @@ -1,2 +1,2 @@ ### Be careful, this must be in one line only ### -SPRING_APPLICATION_JSON={"spring.datasource.cldsdb.url":"jdbc:mariadb:sequential://db:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3","spring.profiles.active":"clamp-default,clamp-default-user,clamp-sdc-controller-new","clamp.config.policy.api.url":"http4://third-party-proxy:8085","clamp.config.policy.pap.url":"http4://third-party-proxy:8085","clamp.config.dcae.inventory.url":"http://third-party-proxy:8085","clamp.config.dcae.deployment.url":"http4://third-party-proxy:8085"} +SPRING_APPLICATION_JSON={"spring.datasource.cldsdb.url":"jdbc:mariadb:sequential://db:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3","spring.profiles.active":"clamp-default,clamp-default-user,clamp-sdc-controller-new,clamp-ssl-config","clamp.config.policy.api.url":"http4://third-party-proxy:8085","clamp.config.policy.pap.url":"http4://third-party-proxy:8085","clamp.config.dcae.inventory.url":"http://third-party-proxy:8085","clamp.config.dcae.deployment.url":"http4://third-party-proxy:8085"} diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 index dc24567b9..268aa1a3c 100644 Binary files a/src/main/resources/clds/aaf/org.onap.clamp.p12 and b/src/main/resources/clds/aaf/org.onap.clamp.p12 differ diff --git a/src/main/resources/clds/aaf/ssl/clamp.key b/src/main/resources/clds/aaf/ssl/clamp.key index af847d59a..bcbb9f17e 100644 --- a/src/main/resources/clds/aaf/ssl/clamp.key +++ b/src/main/resources/clds/aaf/ssl/clamp.key @@ -1,32 +1,32 @@ Bag Attributes friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 37 31 30 36 38 34 31 31 38 30 37 + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsuvJ9pjBqjrxI -+5TG2PTVRUob9Cx1uO3cUMzR01mxNodsSRdI3sq6Q2Nr+PenoT7edo8ujru8G79H -BfyUWBkNe3hJikCXzDV62cwavWtGjWIsOZHczJfj8ZrtObJ/uRpeGmbosY38zUwN -cGzT1vm2K67MPe2BazTI4JLxyGcJ0bZEZ0XGBMOup3Hqo2QOy7BaQMOTs20Ww3aB -64h7KAqaqNnblqUOtkLCUBdp6Lxa9oBXqS4Fg+C1eZqzuixLQgmWZs2ED+wl4FZD -DaIkN4gw4YTXhpxr82gauW3ro2sAYrJX63FqIzaj0rj/vqxYSy7fjzbsE1VPBxCH -yUuaHxUTAgMBAAECggEABaPlHy06D4CxrUBpz0RuWjh0/wyuFvn+6l7JEWDxYNQD -AAoy9HIx9HsW2AO9MoAVaXY9nquSfcX6LPuJD98AkmwhtWUKTuqgJG7QN19QDXG4 -bvFCTg9wNkVBZdWoens03TXHfnmtxT9+6EFvjEtMxCIRByJOixdRFe4fXj3I/40H -p6KjzscPhRqmapB5U/lWwteONoq1A4VBoqj1Qbe1NjmNGMhhXqj/d9f6B0DPGqIA -nIDubb1B3YNdbxE8LbY1YiQZEtjjA2uIyW0tRjZyhVVtNwSm814fyjVPp2oRpK43 -2OVBLbHZlxY5sFZwU71lWSyEAHhOL5yY1HORKUyCIQKBgQDwR8POilccu1fczDX7 -7jTHvknrtc5Pm689hOz+iZz8oib5MNHM57YMQJNauAHcUUDc8PEBrU44kJda7zVU -8jVgeV0kvZcmDM4AGrmbBSGLhcmyqJC4wKF20K3rVFFo5exlpTDU7dwnPkMbHeGQ -LmPzk+5BKQa81Mq+cObdJs/LpwKBgQC4B9kf+cex77OluKN9mz8D3MOEWycztDpd -XVeM+RV4cjIMaQl91GovtQDwdy9TbKCsq+sFvqWsmQNkUlDGP2c0y4PFnJt7ahzW -wqZ8bZgNcTNE+KqHUMEOcDGRVoQf65XRWZhjq0mJyCewPMOrdFgHTzva2QYOrZTK -jBIWx84otQKBgQCDjidM7D1pw8EFaOGdv/wx6KO8ZFxDBfBadG71pg7H21gPU4Vq -9OqdprWHE/wgznP/BARQcLzFB5V2+kVu7vX+jjRLK2qYMKaRNBCvKY4GQAgAw34J -SZ6d2P+AOzgfgNN/i4RC8MB61AIV1LRtJpkfAb2O+5Fuzer7fgFI0DkxPQKBgAdq -gYxxU2PPRg0KmMQKCosMTXC6/6RsweFbTpjmvL/C0lN/tBs3ASR1Bdmq4+RXv03W -C72KhkCjVeioDItAqNcO0HuZKQbbKthYtb7T58m64xcHck/LqEv9p3G069QheUMb -ejGiCG+d+kN232e8Y4O/5KiYEE9tHU7gQCZc3Oj1AoGBAI2QyoAJlM0jREsEft7c -L+5kcV+VulyMYEFycSy6KziUKxVh+VMk5Eo6UhXo6m4x37tg/D8uK/tkeJdWw00N -dXLsUcDEacZyF8UfRsrscmiBURu0+9S/5+ncSX6s18HHGL7n2io+PX/ie2neO7q1 -fj50Aj03dg1TrgMTx2g6e85Y +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk +vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn +8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2 ++qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF +JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE +10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2 ++5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv +5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M +jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF +pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9 +sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90 +J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K +61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/ +/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ +avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs +f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85 +YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h +Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9 +941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al +tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz +5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY +dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW +5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I +TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6 +tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4 +Bn3vC5WUeKhW6v6kD4AigqE= -----END PRIVATE KEY----- diff --git a/src/main/resources/clds/aaf/ssl/clamp.pem b/src/main/resources/clds/aaf/ssl/clamp.pem index 22f4541a4..a01b587a5 100644 --- a/src/main/resources/clds/aaf/ssl/clamp.pem +++ b/src/main/resources/clds/aaf/ssl/clamp.pem @@ -1,32 +1,33 @@ Bag Attributes friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 37 31 30 36 38 34 31 31 38 30 37 + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 -----BEGIN CERTIFICATE----- -MIIETDCCAzSgAwIBAgIIGF6ukzqwlGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MTAxNDE1NTM0MVoXDTIwMTAxNDE1NTM0MVow +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV -UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKy68n2mMGqOvEj7lMbY -9NVFShv0LHW47dxQzNHTWbE2h2xJF0jeyrpDY2v496ehPt52jy6Ou7wbv0cF/JRY -GQ17eEmKQJfMNXrZzBq9a0aNYiw5kdzMl+Pxmu05sn+5Gl4aZuixjfzNTA1wbNPW -+bYrrsw97YFrNMjgkvHIZwnRtkRnRcYEw66nceqjZA7LsFpAw5OzbRbDdoHriHso -Cpqo2duWpQ62QsJQF2novFr2gFepLgWD4LV5mrO6LEtCCZZmzYQP7CXgVkMNoiQ3 -iDDhhNeGnGvzaBq5beujawBislfrcWojNqPSuP++rFhLLt+PNuwTVU8HEIfJS5of -FRMCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs +6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd +foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf +uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu +emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY +AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y +v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze 81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUicMoQoxguo6qFb7YZ2gZn8X0BV4w -OwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVkZW1vLm9uYXAub3Jn -ggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCMDZrqzL/orHH3WoLKj/JJ -+QOt89CTYJqX5rS2TbQgX/JdjXJzJsmY21dTHxg0+AdRmAUATHBFAOg/nLEfDUOh -NX0+OshoaTYjrI2ZH4j24UsoXzGffpjqPbLMZJ1uzxy4qTTvzeJJM1NsfKD4Er0B -KDgN66pzywJrxOXkTQZpmkgGeB9FwmBoLFKP2XJjXXT9c9Wol8ttrSqu/sy5e6/Y -SZLco8lXx0isxGgG5PfF9WSuikFRlC5LCmcSn9EfxQIOeGjzJQpuB8yqN/ojE8wY -ZBhaUM/+NETQNzsh4dZxq7ErSknND60NYit8rz9lWDDrNNKVF+8iFpoTb17V8e3C +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw +RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk +ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW +XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S +0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E +VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A +0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH +1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx +G7A61/KGTsLZlvxb -----END CERTIFICATE----- -- cgit 1.2.3-korg