summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java278
-rw-r--r--PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java158
-rw-r--r--packages/base/src/files/etc/ssl/aaf-cadi.keyfile27
-rw-r--r--packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties26
-rw-r--r--packages/install/src/files/base.conf3
5 files changed, 267 insertions, 225 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
index 1e3a41aeb..d06321d64 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
@@ -27,7 +27,9 @@ import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
@@ -45,145 +47,153 @@ import org.onap.policy.xacml.api.XACMLErrorConstants;
import com.att.research.xacml.util.XACMLProperties;
public class PDPApiAuth {
- private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class);
+ private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class);
- private static String environment = null;
- private static Path clientPath = null;
- private static Map<String,ArrayList<String>> clientMap = null;
- private static Long oldModified = null;
- private static AAFPolicyClient aafClient = null;
+ private static String environment = null;
+ private static Path clientPath = null;
+ private static Map<String,ArrayList<String>> clientMap = null;
+ private static Long oldModified = null;
+ private static AAFPolicyClient aafClient = null;
- private PDPApiAuth(){
- // Private Constructor
- }
+ private PDPApiAuth(){
+ // Private Constructor
+ }
- /*
- * Set Property by reading the properties File.
- */
- public static void setProperty() {
- environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
- String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE);
- if(clientFile!=null){
- clientPath = Paths.get(clientFile);
- }
- try {
- aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties());
- } catch (AAFPolicyException | IOException e) {
- LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly.");
- }
- }
+ /*
+ * Set Property by reading the properties File.
+ */
+ public static void setProperty() {
+ environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
+ String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE);
+ if(clientFile!=null){
+ clientPath = Paths.get(clientFile);
+ }
+ try {
+ aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties());
+ } catch (AAFPolicyException | IOException e) {
+ LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly.");
+ }
+ }
- /*
- * Return Environment value of the PDP servlet.
- */
- public static String getEnvironment() {
- if(environment==null){
- setProperty();
- }
- return environment;
- }
+ /*
+ * Return Environment value of the PDP servlet.
+ */
+ public static String getEnvironment() {
+ if(environment==null){
+ setProperty();
+ }
+ return environment;
+ }
- /*
- * Security check for authentication and authorizations.
- */
- public static boolean checkPermissions(String clientEncoding, String requestID,
- String resource) {
- try{
- String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
- if(userNamePass==null || userNamePass.length==0){
- String usernameAndPassword = null;
- byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding);
- usernameAndPassword = new String(decodedBytes, "UTF-8");
- StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
- String username = tokenizer.nextToken();
- String password = tokenizer.nextToken();
- userNamePass= new String[]{username, password};
- }
- LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API.");
- Boolean result = false;
- // Check Backward Compatibility.
- try{
- result = clientAuth(userNamePass);
- }catch(Exception e){
- LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
- }
- if(!result){
- String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace");
- String aafResource = XACMLProperties.getProperty("policy.aaf.resource");
- if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){
- userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace;
- }else{
- LOGGER.info("No AAF NameSpace specified in properties");
- }
- if(aafResource != null){
- resource = aafResource + resource;
- }else{
- LOGGER.info("No AAF Resource specified in properties");
- }
- LOGGER.info("Contacting AAF in : " + environment);
- result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*");
- }
- return result;
- }catch(Exception e){
- LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
- return false;
- }
- }
+ /*
+ * Security check for authentication and authorizations.
+ */
+ public static boolean checkPermissions(String clientEncoding, String requestID,
+ String resource) {
+ try{
+ String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
+ if(userNamePass==null || userNamePass.length==0){
+ String usernameAndPassword = null;
+ byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ String username = tokenizer.nextToken();
+ String password = tokenizer.nextToken();
+ userNamePass= new String[]{username, password};
+ }
+ LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API.");
+ Boolean result = false;
+ // Check Backward Compatibility.
+ try{
+ result = clientAuth(userNamePass);
+ }catch(Exception e){
+ LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
+ }
+ if(!result){
+ String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace");
+ String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission");
+ String type = null;
+ if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){
+ userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace);
+ }else{
+ LOGGER.info("No AAF NameSpace specified in properties");
+ }
+ if(aafResource != null){
+ type = aafResource + "." + resource;
+ }else{
+ LOGGER.warn("No AAF Resource specified in properties");
+ return false;
+ }
+ LOGGER.info("Contacting AAF in : " + environment);
+ result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*");
+ }
+ return result;
+ }catch(Exception e){
+ LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
+ return false;
+ }
+ }
- private static Boolean clientAuth(String[] userNamePass){
- if(clientPath==null){
- setProperty();
- }
- if (!clientPath.toFile().exists()) {
- return false;
- }else if(clientPath.toString().endsWith(".properties")) {
- try {
- readProps(clientPath);
- if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) {
- return true;
- }
- }catch(PolicyEngineException e){
- LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
- return false;
- }
- }
- return false;
- }
+ private static Boolean clientAuth(String[] userNamePass){
+ if(clientPath==null){
+ setProperty();
+ }
+ if (!clientPath.toFile().exists()) {
+ return false;
+ }else if(clientPath.toString().endsWith(".properties")) {
+ try {
+ readProps(clientPath);
+ if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) {
+ return true;
+ }
+ }catch(PolicyEngineException e){
+ LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
+ return false;
+ }
+ }
+ return false;
+ }
- private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{
- if(oldModified!=null){
- Long newModified = clientPath.toFile().lastModified();
- if (newModified == oldModified) {
- return clientMap;
- }
- }
- InputStream in;
- Properties clientProp = new Properties();
- try {
- in = new FileInputStream(clientPath.toFile());
- clientProp.load(in);
- } catch (IOException e) {
- LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e);
- }
- // Read the Properties and Load the Clients and their scopes.
- clientMap = new HashMap<>();
- //
- for (Object propKey : clientProp.keySet()) {
- String clientID = (String)propKey;
- String clientValue = clientProp.getProperty(clientID);
- if (clientValue != null && clientValue.contains(",")) {
- ArrayList<String> clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*")));
- if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){
- clientMap.put(clientID, clientValues);
- }
- }
- }
- if (clientMap.isEmpty()) {
- LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
- throw new PolicyEngineException("Empty Client file");
- }
- oldModified = clientPath.toFile().lastModified();
- return clientMap;
- }
+ private static String reverseNamespace(String namespace) {
+ final List<String> components = Arrays.asList(namespace.split("\\."));
+ Collections.reverse(components);
+ return String.join(".", components);
+ }
+
+ private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{
+ if(oldModified!=null){
+ Long newModified = clientPath.toFile().lastModified();
+ if (newModified == oldModified) {
+ return clientMap;
+ }
+ }
+ InputStream in;
+ Properties clientProp = new Properties();
+ try {
+ in = new FileInputStream(clientPath.toFile());
+ clientProp.load(in);
+ } catch (IOException e) {
+ LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e);
+ throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e);
+ }
+ // Read the Properties and Load the Clients and their scopes.
+ clientMap = new HashMap<>();
+ //
+ for (Object propKey : clientProp.keySet()) {
+ String clientID = (String)propKey;
+ String clientValue = clientProp.getProperty(clientID);
+ if (clientValue != null && clientValue.contains(",")) {
+ ArrayList<String> clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*")));
+ if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){
+ clientMap.put(clientID, clientValues);
+ }
+ }
+ }
+ if (clientMap.isEmpty()) {
+ LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
+ throw new PolicyEngineException("Empty Client file");
+ }
+ oldModified = clientPath.toFile().lastModified();
+ return clientMap;
+ }
} \ No newline at end of file
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
index e65ac2780..1513507ca 100644
--- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
@@ -32,53 +32,41 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
-import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.locator.PropertyLocator;
import org.onap.aaf.cadi.principal.UnAuthPrincipal;
-
-
/**
- * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization.
+ * AAF Client: Generic AAF Client implementation to connect to AAF Resources to
+ * validate permissions and authorization.
*
*/
-public class AAFPolicyClientImpl implements AAFPolicyClient{
+public class AAFPolicyClientImpl implements AAFPolicyClient {
private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName());
private static final String ENVIRONMENT = "ENVIRONMENT";
-
- // Warning Please don't Change these Values. Confirm with AAF team.
- private static final String DEVL_AAF_URL = "";
- private static final String TEST_AAF_URL = "";
- private static final String PROD_AAF_URL = "";
- private static final String DEFAULT_AFT_LATITUDE = "32.780140";
- private static final String DEFAULT_AFT_LONGITUDE = "-96.800451";
- private static final String TEST_AFT_ENVIRONMENT = "AFTUAT";
- private static final String PROD_AFT_ENVIRONMENT = "AFTPRD";
- private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache
- private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache
-
private static AAFPolicyClientImpl instance = null;
-
- private static Properties props = new Properties();
+ private static Properties cadiprops = new Properties();
private static AAFCon<?> aafCon = null;
private static AAFLurPerm aafLurPerm = null;
private static AAFAuthn<?> aafAuthn = null;
private static PropAccess access = null;
- private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{
+ private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException {
setup(properties);
}
/**
- * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+ * Gets the instance of the AAFClient instance. Needs Proper properties with
+ * CLIENT_ID, CLIENT_KEY and ENVIRONMENT
*
- * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+ * @param properties
+ * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
* @return AAFClient instance.
- * @throws AAFPolicyException Exceptions.
+ * @throws AAFPolicyException
+ * Exceptions.
*/
- public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{
- if(instance == null) {
+ public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException {
+ if (instance == null) {
logger.info("Creating AAFClient Instance ");
instance = new AAFPolicyClientImpl(properties);
}
@@ -87,84 +75,76 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{
// To set Property values && Connections.
private static void setup(Properties properties) throws AAFPolicyException {
- if(properties!=null && !properties.isEmpty()){
- props = System.getProperties();
- props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE));
- props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE));
- String aftEnv = TEST_AFT_ENVIRONMENT;
- props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID"));
- props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass"));
- if(properties.containsKey(Config.AAF_URL)){
- // if given a value in properties file.
- props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL));
- }else{
- // Set Default values.
- if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){
- props.setProperty(Config.AAF_URL, TEST_AAF_URL);
- }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){
- props.setProperty(Config.AAF_URL, PROD_AAF_URL);
- aftEnv = PROD_AFT_ENVIRONMENT;
- }else{
- props.setProperty(Config.AAF_URL, DEVL_AAF_URL);
- }
- }
- props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv));
- props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES));
- props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT));
- }else{
+ if (properties != null && !properties.isEmpty()) {
+ cadiprops = properties;
+ access = new PolicyAccess(cadiprops,
+ Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString())));
+ } else {
logger.error("Required Property value is missing : " + ENVIRONMENT);
throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
}
- access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString())));
setUpAAF();
}
/**
* Updates the Properties file in case if required.
*
- * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
- * @throws AAFPolicyException exceptions if any.
+ * @param properties
+ * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+ * @throws AAFPolicyException
+ * exceptions if any.
*/
@Override
- public void updateProperties(Properties properties) throws AAFPolicyException{
+ public void updateProperties(Properties properties) throws AAFPolicyException {
setup(properties);
}
/**
* Checks the Authentication and Permissions for the given values.
*
- * @param mechID MechID or ATT ID must be registered under the Name space.
- * @param pass Password pertaining to the MechID or ATTID.
- * @param type Permissions Type.
- * @param instance Permissions Instance.
- * @param action Permissions Action.
+ * @param userName
+ * Username must be registered under the Name space.
+ * @param pass
+ * Password pertaining to the Username.
+ * @param type
+ * Permissions Type.
+ * @param instance
+ * Permissions Instance.
+ * @param action
+ * Permissions Action.
* @return
*/
@Override
- public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){
- return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action);
+ public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) {
+ return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action);
}
/**
* Checks the Authentication of the UserName and Password Given.
*
- * @param userName UserName or MechID
- * @param pass Password.
+ * @param userName
+ * UserName
+ * @param pass
+ * Password.
* @return True or False.
*/
@Override
- public boolean checkAuth(String userName, String pass){
+ public boolean checkAuth(String userName, String pass) {
if (aafAuthn == null) {
return false;
}
try {
- int i=0;
- do{
- if(aafAuthn.validate(userName, pass)==null){
+ int i = 0;
+ do {
+ String aafAuthResponse = aafAuthn.validate(userName, pass);
+ if (aafAuthResponse==null) {
return true;
+ } else {
+ logger.warn("User, " + userName + ", failed to authenticate with AAF. \n"
+ + "AAF Response is " + aafAuthResponse);
}
i++;
- }while(i<2);
+ } while (i < 2);
} catch (Exception e) {
logger.error(e.getMessage() + e);
}
@@ -173,28 +153,31 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{
}
/**
- * Checks Permissions for the given UserName, Password and Type, Instance Action.
+ * Checks Permissions for the given UserName, Password and Type, Instance
+ * Action.
*
- * @param userName UserName or MechID
- * @param pass Password.
- * @param type Permissions Type.
- * @param instance Permissions Instance.
- * @param action Permissions Action.
+ * @param userName
+ * UserName
+ * @param pass
+ * Password.
+ * @param type
+ * Permissions Type.
+ * @param instance
+ * Permissions Instance.
+ * @param action
+ * Permissions Action.
* @return True or False.
*/
@Override
- public boolean checkPerm(String userName, String pass, String type, String instance, String action){
- int i =0;
- Boolean result= false;
- do{
- if(aafCon!=null && aafLurPerm !=null){
+ public boolean checkPerm(String userName, String pass, String type, String instance, String action) {
+ int i = 0;
+ Boolean result = false;
+ do {
+ if (aafCon != null && aafLurPerm != null) {
try {
aafCon.basicAuth(userName, pass);
- //
- // The first parameter is the namespace. At this point we will default
- // to null until we are given a namespace to use.
- //
- AAFPermission perm = new AAFPermission(null, type, instance, action);
+ AAFPermission perm = new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type,
+ instance, action);
final Principal p = new UnAuthPrincipal(userName);
result = aafLurPerm.fish(p, perm);
} catch (CadiException e) {
@@ -203,13 +186,14 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{
}
}
i++;
- }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues.
+ } while (i < 2 && !result); // Try once more to check if this can be passed. AAF has some issues.
return result;
}
- private static boolean setUpAAF(){
+ private static boolean setUpAAF() {
try {
- aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100"));
+ aafCon = new AAFConHttp(access,
+ new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100"));
aafLurPerm = aafCon.newLur();
aafAuthn = aafCon.newAuthn(aafLurPerm);
return true;
diff --git a/packages/base/src/files/etc/ssl/aaf-cadi.keyfile b/packages/base/src/files/etc/ssl/aaf-cadi.keyfile
new file mode 100644
index 000000000..59d544f3e
--- /dev/null
+++ b/packages/base/src/files/etc/ssl/aaf-cadi.keyfile
@@ -0,0 +1,27 @@
+N3INM2bAlQ8cNODnjR3Fuvo5z4GeID0KnRYlELmt-oHCFxq_XYVyepBVR591CIbJI9prNd_LLuv7
+tQD8xX_ypcNA-jQsecTwtw4GxvpqkZPhq6Q8BWNQaCegtXGDVTQ8gG2biKiQ7v-2C6Qhx4zj62b6
+bRPS5j1bfxqcAZu7082V00oQjbn40T2zFcLwCuBChZfx5DXTW49bwtLbkCbGqJSzFcIJpbGQ8gLg
+ussIoL8VE2Vee7bPJmUAdT4x9B1wrMIuvKlUMppeq0Bj-6ZJgxhM9F0WT8eEBh6NFANdK3LUgZrk
+D3kY3LrK-MT9u1TOMx13nOU7vOaVjl7_rkp5Q65gFd9VYbnJBYvJcc7asOQMsrugiSiRIoXH0Fyy
+-f9L3ROGae042J4M8qxcoOihMbcjVkEXqn6eRIFbDe0eIAlkSRYfaxg9v4tf8GbBjQcShBjzGaI2
+g6QxTA5G6Aa7p63aVRGv3ZODCHcbsbxnkyByXgmkON4cTk9vR0RbT6YYhT5t8xTU3rhqV3jeE0Bz
+KbU0c4188xTnhdq_bje2TuuLvtEvevdvDsbtAj7chQmWMOW7GMF3MnqdEpcw1NCoNRdN8wpAdE-5
+mkG-jlYHljSRh9qZK5wdEoO4IXgpFktdGj50XuzcskqqURNfDGHGb29fHznL1-ssdQK6EXcKN0AU
+nYyGLAie3VfFxWKj5dGODBs5RttvkX4PHyLcLD3kOrVgtQrz7d0PWWYCxDRqKT6qnJkLB1CUwghn
+XweEiDfoQmuUmwFEQNRDp0NGLnde5nsw7NYgLrv5VafGK8EyT4GeVhuu5Tnb6T-HalxCq2p5JaIA
+SG8zlDmRx_TykrhfQEJe7sr0pRcAMwgxEhwunG2oBiKnzdRx5jxMfqnVC8xGirumhmOQNterfnd5
+0pIsfvIuntyxRQ48yzIb2gb5kaSkfSzCaVnlqK-_jpj1T74qO86eaKVee4faQAbXDPYF2z5w06nD
+WS2dd54wBjGmkFNzi13ejTrAJeA6UzOd1CF_WSpc9XSJJPTPUGxmnfLjmGThErFBYuQxjhpH7vKN
+uZgokkIXX78rVcO3zpfa5kTYWjE8lk9y3WA7sGNtTWfG8bR3WLWNLPCnrzxtKZdhq2JsQYC0gwW7
+ZgJSXhgPoaC_RrtCn7haj1_601G_MkD-jcUEsO-4XOBVicsCgG8hn7B-SpgKspqv8gulbeKoORqa
+CkrtiFPlXEqdNuaBSHcQ0MWJ3tpXzWtIPM3ouEFOR32xVfptfz4sRPOkM_PNiVXxQtLOn_z3uC7K
+VVJCKZxVaavQ6QiZvRRANS9_GD3kDILX15EnbEvh-2DfycDrEo330vMwvNJP7i9eM5vo0YADe--G
+r5UDqctmFjl1ulc1yAQkDBGWGxT92x-hhLqCnCXcYPu_aeWssfDpRj573PHPaTiM0SYxJixjszRD
+6-AMC1DqugkjiGA5_enQORn-G_H4ZVtoQ_zebizEfIxKv5-8uRdyZDHGG3mDu6_nasEffry-UyVu
+STU3oJMycZ1qf5GR1evRJ7gxkrtPXHWKNnVgxfrBC72ON6wJnr7KaY-l9L44epIsk1pEmXm3YQu1
+N0NxiAwdus9OnCXQ7GgZPRXCpxjJPNs7EIKFrYjKJfdtSzT85ZrTpHQtjim2L1ZP9iIlq2QVKD1v
+bKSjCwjtb9ztjrV-Bw1BHcAApPcfpXHLhYkJ7iL1XUhxjXp_DGUkD7ZN9S5tuyrsMXz5hh6wMfcq
+NPR_XqHaS2ur-ONNrHuFFCmY7Ehc5FArFzb_Xn1JTpOQJTcy6_3r3u3B_euT8GmXHahtVN1Rv8RM
+kAD5m_UBx-nHoZDVDYZkfR9k4hF2Sz5rfrWs6Zrl0r8FBrVFtU1j2vOTvTGwrkO9yZvgIqOkX_eq
+TnGIpM4paHxEGTP8H8A3Y0ZpsvLttmh0rT_OwzBPa1Mof3RQKhyTzfbptxuUJyVxU0Ln-9f--5Mk
+wEFqhuSrgssI6b1iMqm97PqFQMYrWX3SV8l0V-PKxFxDM1bguHq4mOXEtmZBUtMBepwSsI96 \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
index f05f9e951..ad27cd09e 100644
--- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
+++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
@@ -136,10 +136,28 @@ javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
ENVIRONMENT=${{ENVIRONMENT}}
xacml.rest.pep.idfile = client.properties
-#AAF Policy Name space
-#Required only, when we use AAF
-policy.aaf.namespace = ${{POLICY_AAF_NAMESPACE}}
-policy.aaf.resource = ${{POLICY_AAF_RESOURCE}}
+#AAF cadi properties
+policy.aaf.namespace = ${{AAF_NAMESPACE}}
+policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx
+cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1
+cadi_latitude=38.000
+cadi.longitude=72.000
+cadi_alias=policy@policy.onap.org
+cadi_loglevel=DEBUG
+cadi_keyfile=${{POLICY_HOME}}/etc/ssl/aaf-cadi.keyfile
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore
+cadi_keystore_password=${{KEYSTORE_PASSWD}}
+cadi_key_password=${{KEYSTORE_PASSWD}}
+aaf_env=DEV
+aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1
+aaf_fqdn=${{AAF_HOST}}
+aaf_oauth2_introspect_url=https://${{AAF_HOST}}:8095/AAF_NS.introspect:2.1/introspect
+aaf_oauth2_token_url=https://${{AAF_HOST}}:8095/AAF_NS.token:2.1/token
+fs_url=https://${{AAF_HOST}}:8095/AAF_NS.fs.2.1
+gui_url=https://${{AAF_HOST}}:8095/AAF_NS.gui.2.1
+
# Decision Response settings.
# can be either PERMIT or DENY.
decision.indeterminate.response=${{DECISION_INDETERMINATE_RESPONSE}}
diff --git a/packages/install/src/files/base.conf b/packages/install/src/files/base.conf
index dbf5da79c..2bc01c8b1 100644
--- a/packages/install/src/files/base.conf
+++ b/packages/install/src/files/base.conf
@@ -38,4 +38,7 @@ write_fpc_interval=5
max_fpc_update_interval=60
test_via_jmx=false
+AAF_NAMESPACE=org.onap.policy
+AAF_HOST=aaf-onap-test.osaaf.org
+
ENVIRONMENT=TEST