diff options
5 files changed, 267 insertions, 225 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java index 1e3a41aeb..d06321d64 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java @@ -27,7 +27,9 @@ import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; import java.util.Base64; +import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Properties; import java.util.StringTokenizer; @@ -45,145 +47,153 @@ import org.onap.policy.xacml.api.XACMLErrorConstants; import com.att.research.xacml.util.XACMLProperties; public class PDPApiAuth { - private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); + private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); - private static String environment = null; - private static Path clientPath = null; - private static Map<String,ArrayList<String>> clientMap = null; - private static Long oldModified = null; - private static AAFPolicyClient aafClient = null; + private static String environment = null; + private static Path clientPath = null; + private static Map<String,ArrayList<String>> clientMap = null; + private static Long oldModified = null; + private static AAFPolicyClient aafClient = null; - private PDPApiAuth(){ - // Private Constructor - } + private PDPApiAuth(){ + // Private Constructor + } - /* - * Set Property by reading the properties File. - */ - public static void setProperty() { - environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); - String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); - if(clientFile!=null){ - clientPath = Paths.get(clientFile); - } - try { - aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties()); - } catch (AAFPolicyException | IOException e) { - LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly."); - } - } + /* + * Set Property by reading the properties File. + */ + public static void setProperty() { + environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); + String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); + if(clientFile!=null){ + clientPath = Paths.get(clientFile); + } + try { + aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties()); + } catch (AAFPolicyException | IOException e) { + LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly."); + } + } - /* - * Return Environment value of the PDP servlet. - */ - public static String getEnvironment() { - if(environment==null){ - setProperty(); - } - return environment; - } + /* + * Return Environment value of the PDP servlet. + */ + public static String getEnvironment() { + if(environment==null){ + setProperty(); + } + return environment; + } - /* - * Security check for authentication and authorizations. - */ - public static boolean checkPermissions(String clientEncoding, String requestID, - String resource) { - try{ - String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); - if(userNamePass==null || userNamePass.length==0){ - String usernameAndPassword = null; - byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); - usernameAndPassword = new String(decodedBytes, "UTF-8"); - StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); - String username = tokenizer.nextToken(); - String password = tokenizer.nextToken(); - userNamePass= new String[]{username, password}; - } - LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); - Boolean result = false; - // Check Backward Compatibility. - try{ - result = clientAuth(userNamePass); - }catch(Exception e){ - LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); - } - if(!result){ - String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); - String aafResource = XACMLProperties.getProperty("policy.aaf.resource"); - if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ - userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace; - }else{ - LOGGER.info("No AAF NameSpace specified in properties"); - } - if(aafResource != null){ - resource = aafResource + resource; - }else{ - LOGGER.info("No AAF Resource specified in properties"); - } - LOGGER.info("Contacting AAF in : " + environment); - result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*"); - } - return result; - }catch(Exception e){ - LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); - return false; - } - } + /* + * Security check for authentication and authorizations. + */ + public static boolean checkPermissions(String clientEncoding, String requestID, + String resource) { + try{ + String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); + if(userNamePass==null || userNamePass.length==0){ + String usernameAndPassword = null; + byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); + usernameAndPassword = new String(decodedBytes, "UTF-8"); + StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); + String username = tokenizer.nextToken(); + String password = tokenizer.nextToken(); + userNamePass= new String[]{username, password}; + } + LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); + Boolean result = false; + // Check Backward Compatibility. + try{ + result = clientAuth(userNamePass); + }catch(Exception e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + } + if(!result){ + String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); + String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission"); + String type = null; + if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ + userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace); + }else{ + LOGGER.info("No AAF NameSpace specified in properties"); + } + if(aafResource != null){ + type = aafResource + "." + resource; + }else{ + LOGGER.warn("No AAF Resource specified in properties"); + return false; + } + LOGGER.info("Contacting AAF in : " + environment); + result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*"); + } + return result; + }catch(Exception e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + return false; + } + } - private static Boolean clientAuth(String[] userNamePass){ - if(clientPath==null){ - setProperty(); - } - if (!clientPath.toFile().exists()) { - return false; - }else if(clientPath.toString().endsWith(".properties")) { - try { - readProps(clientPath); - if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { - return true; - } - }catch(PolicyEngineException e){ - LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); - return false; - } - } - return false; - } + private static Boolean clientAuth(String[] userNamePass){ + if(clientPath==null){ + setProperty(); + } + if (!clientPath.toFile().exists()) { + return false; + }else if(clientPath.toString().endsWith(".properties")) { + try { + readProps(clientPath); + if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { + return true; + } + }catch(PolicyEngineException e){ + LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); + return false; + } + } + return false; + } - private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{ - if(oldModified!=null){ - Long newModified = clientPath.toFile().lastModified(); - if (newModified == oldModified) { - return clientMap; - } - } - InputStream in; - Properties clientProp = new Properties(); - try { - in = new FileInputStream(clientPath.toFile()); - clientProp.load(in); - } catch (IOException e) { - LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); - throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); - } - // Read the Properties and Load the Clients and their scopes. - clientMap = new HashMap<>(); - // - for (Object propKey : clientProp.keySet()) { - String clientID = (String)propKey; - String clientValue = clientProp.getProperty(clientID); - if (clientValue != null && clientValue.contains(",")) { - ArrayList<String> clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); - if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ - clientMap.put(clientID, clientValues); - } - } - } - if (clientMap.isEmpty()) { - LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); - throw new PolicyEngineException("Empty Client file"); - } - oldModified = clientPath.toFile().lastModified(); - return clientMap; - } + private static String reverseNamespace(String namespace) { + final List<String> components = Arrays.asList(namespace.split("\\.")); + Collections.reverse(components); + return String.join(".", components); + } + + private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{ + if(oldModified!=null){ + Long newModified = clientPath.toFile().lastModified(); + if (newModified == oldModified) { + return clientMap; + } + } + InputStream in; + Properties clientProp = new Properties(); + try { + in = new FileInputStream(clientPath.toFile()); + clientProp.load(in); + } catch (IOException e) { + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); + throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); + } + // Read the Properties and Load the Clients and their scopes. + clientMap = new HashMap<>(); + // + for (Object propKey : clientProp.keySet()) { + String clientID = (String)propKey; + String clientValue = clientProp.getProperty(clientID); + if (clientValue != null && clientValue.contains(",")) { + ArrayList<String> clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); + if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ + clientMap.put(clientID, clientValues); + } + } + } + if (clientMap.isEmpty()) { + LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); + throw new PolicyEngineException("Empty Client file"); + } + oldModified = clientPath.toFile().lastModified(); + return clientMap; + } }
\ No newline at end of file diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java index e65ac2780..1513507ca 100644 --- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java +++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java @@ -32,53 +32,41 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.locator.PropertyLocator; import org.onap.aaf.cadi.principal.UnAuthPrincipal; - - /** - * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization. + * AAF Client: Generic AAF Client implementation to connect to AAF Resources to + * validate permissions and authorization. * */ -public class AAFPolicyClientImpl implements AAFPolicyClient{ +public class AAFPolicyClientImpl implements AAFPolicyClient { private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName()); private static final String ENVIRONMENT = "ENVIRONMENT"; - - // Warning Please don't Change these Values. Confirm with AAF team. - private static final String DEVL_AAF_URL = ""; - private static final String TEST_AAF_URL = ""; - private static final String PROD_AAF_URL = ""; - private static final String DEFAULT_AFT_LATITUDE = "32.780140"; - private static final String DEFAULT_AFT_LONGITUDE = "-96.800451"; - private static final String TEST_AFT_ENVIRONMENT = "AFTUAT"; - private static final String PROD_AFT_ENVIRONMENT = "AFTPRD"; - private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache - private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache - private static AAFPolicyClientImpl instance = null; - - private static Properties props = new Properties(); + private static Properties cadiprops = new Properties(); private static AAFCon<?> aafCon = null; private static AAFLurPerm aafLurPerm = null; private static AAFAuthn<?> aafAuthn = null; private static PropAccess access = null; - private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{ + private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException { setup(properties); } /** - * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * Gets the instance of the AAFClient instance. Needs Proper properties with + * CLIENT_ID, CLIENT_KEY and ENVIRONMENT * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT * @return AAFClient instance. - * @throws AAFPolicyException Exceptions. + * @throws AAFPolicyException + * Exceptions. */ - public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{ - if(instance == null) { + public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException { + if (instance == null) { logger.info("Creating AAFClient Instance "); instance = new AAFPolicyClientImpl(properties); } @@ -87,84 +75,76 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ // To set Property values && Connections. private static void setup(Properties properties) throws AAFPolicyException { - if(properties!=null && !properties.isEmpty()){ - props = System.getProperties(); - props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE)); - props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE)); - String aftEnv = TEST_AFT_ENVIRONMENT; - props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID")); - props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass")); - if(properties.containsKey(Config.AAF_URL)){ - // if given a value in properties file. - props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL)); - }else{ - // Set Default values. - if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){ - props.setProperty(Config.AAF_URL, TEST_AAF_URL); - }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){ - props.setProperty(Config.AAF_URL, PROD_AAF_URL); - aftEnv = PROD_AFT_ENVIRONMENT; - }else{ - props.setProperty(Config.AAF_URL, DEVL_AAF_URL); - } - } - props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv)); - props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES)); - props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT)); - }else{ + if (properties != null && !properties.isEmpty()) { + cadiprops = properties; + access = new PolicyAccess(cadiprops, + Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString()))); + } else { logger.error("Required Property value is missing : " + ENVIRONMENT); throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT); } - access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString()))); setUpAAF(); } /** * Updates the Properties file in case if required. * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT - * @throws AAFPolicyException exceptions if any. + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @throws AAFPolicyException + * exceptions if any. */ @Override - public void updateProperties(Properties properties) throws AAFPolicyException{ + public void updateProperties(Properties properties) throws AAFPolicyException { setup(properties); } /** * Checks the Authentication and Permissions for the given values. * - * @param mechID MechID or ATT ID must be registered under the Name space. - * @param pass Password pertaining to the MechID or ATTID. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * Username must be registered under the Name space. + * @param pass + * Password pertaining to the Username. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return */ @Override - public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){ - return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action); + public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) { + return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action); } /** * Checks the Authentication of the UserName and Password Given. * - * @param userName UserName or MechID - * @param pass Password. + * @param userName + * UserName + * @param pass + * Password. * @return True or False. */ @Override - public boolean checkAuth(String userName, String pass){ + public boolean checkAuth(String userName, String pass) { if (aafAuthn == null) { return false; } try { - int i=0; - do{ - if(aafAuthn.validate(userName, pass)==null){ + int i = 0; + do { + String aafAuthResponse = aafAuthn.validate(userName, pass); + if (aafAuthResponse==null) { return true; + } else { + logger.warn("User, " + userName + ", failed to authenticate with AAF. \n" + + "AAF Response is " + aafAuthResponse); } i++; - }while(i<2); + } while (i < 2); } catch (Exception e) { logger.error(e.getMessage() + e); } @@ -173,28 +153,31 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } /** - * Checks Permissions for the given UserName, Password and Type, Instance Action. + * Checks Permissions for the given UserName, Password and Type, Instance + * Action. * - * @param userName UserName or MechID - * @param pass Password. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * UserName + * @param pass + * Password. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return True or False. */ @Override - public boolean checkPerm(String userName, String pass, String type, String instance, String action){ - int i =0; - Boolean result= false; - do{ - if(aafCon!=null && aafLurPerm !=null){ + public boolean checkPerm(String userName, String pass, String type, String instance, String action) { + int i = 0; + Boolean result = false; + do { + if (aafCon != null && aafLurPerm != null) { try { aafCon.basicAuth(userName, pass); - // - // The first parameter is the namespace. At this point we will default - // to null until we are given a namespace to use. - // - AAFPermission perm = new AAFPermission(null, type, instance, action); + AAFPermission perm = new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type, + instance, action); final Principal p = new UnAuthPrincipal(userName); result = aafLurPerm.fish(p, perm); } catch (CadiException e) { @@ -203,13 +186,14 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } } i++; - }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues. + } while (i < 2 && !result); // Try once more to check if this can be passed. AAF has some issues. return result; } - private static boolean setUpAAF(){ + private static boolean setUpAAF() { try { - aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100")); + aafCon = new AAFConHttp(access, + new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100")); aafLurPerm = aafCon.newLur(); aafAuthn = aafCon.newAuthn(aafLurPerm); return true; diff --git a/packages/base/src/files/etc/ssl/aaf-cadi.keyfile b/packages/base/src/files/etc/ssl/aaf-cadi.keyfile new file mode 100644 index 000000000..59d544f3e --- /dev/null +++ b/packages/base/src/files/etc/ssl/aaf-cadi.keyfile @@ -0,0 +1,27 @@ +N3INM2bAlQ8cNODnjR3Fuvo5z4GeID0KnRYlELmt-oHCFxq_XYVyepBVR591CIbJI9prNd_LLuv7 +tQD8xX_ypcNA-jQsecTwtw4GxvpqkZPhq6Q8BWNQaCegtXGDVTQ8gG2biKiQ7v-2C6Qhx4zj62b6 +bRPS5j1bfxqcAZu7082V00oQjbn40T2zFcLwCuBChZfx5DXTW49bwtLbkCbGqJSzFcIJpbGQ8gLg +ussIoL8VE2Vee7bPJmUAdT4x9B1wrMIuvKlUMppeq0Bj-6ZJgxhM9F0WT8eEBh6NFANdK3LUgZrk +D3kY3LrK-MT9u1TOMx13nOU7vOaVjl7_rkp5Q65gFd9VYbnJBYvJcc7asOQMsrugiSiRIoXH0Fyy +-f9L3ROGae042J4M8qxcoOihMbcjVkEXqn6eRIFbDe0eIAlkSRYfaxg9v4tf8GbBjQcShBjzGaI2 +g6QxTA5G6Aa7p63aVRGv3ZODCHcbsbxnkyByXgmkON4cTk9vR0RbT6YYhT5t8xTU3rhqV3jeE0Bz +KbU0c4188xTnhdq_bje2TuuLvtEvevdvDsbtAj7chQmWMOW7GMF3MnqdEpcw1NCoNRdN8wpAdE-5 +mkG-jlYHljSRh9qZK5wdEoO4IXgpFktdGj50XuzcskqqURNfDGHGb29fHznL1-ssdQK6EXcKN0AU +nYyGLAie3VfFxWKj5dGODBs5RttvkX4PHyLcLD3kOrVgtQrz7d0PWWYCxDRqKT6qnJkLB1CUwghn +XweEiDfoQmuUmwFEQNRDp0NGLnde5nsw7NYgLrv5VafGK8EyT4GeVhuu5Tnb6T-HalxCq2p5JaIA +SG8zlDmRx_TykrhfQEJe7sr0pRcAMwgxEhwunG2oBiKnzdRx5jxMfqnVC8xGirumhmOQNterfnd5 +0pIsfvIuntyxRQ48yzIb2gb5kaSkfSzCaVnlqK-_jpj1T74qO86eaKVee4faQAbXDPYF2z5w06nD +WS2dd54wBjGmkFNzi13ejTrAJeA6UzOd1CF_WSpc9XSJJPTPUGxmnfLjmGThErFBYuQxjhpH7vKN +uZgokkIXX78rVcO3zpfa5kTYWjE8lk9y3WA7sGNtTWfG8bR3WLWNLPCnrzxtKZdhq2JsQYC0gwW7 +ZgJSXhgPoaC_RrtCn7haj1_601G_MkD-jcUEsO-4XOBVicsCgG8hn7B-SpgKspqv8gulbeKoORqa +CkrtiFPlXEqdNuaBSHcQ0MWJ3tpXzWtIPM3ouEFOR32xVfptfz4sRPOkM_PNiVXxQtLOn_z3uC7K +VVJCKZxVaavQ6QiZvRRANS9_GD3kDILX15EnbEvh-2DfycDrEo330vMwvNJP7i9eM5vo0YADe--G +r5UDqctmFjl1ulc1yAQkDBGWGxT92x-hhLqCnCXcYPu_aeWssfDpRj573PHPaTiM0SYxJixjszRD +6-AMC1DqugkjiGA5_enQORn-G_H4ZVtoQ_zebizEfIxKv5-8uRdyZDHGG3mDu6_nasEffry-UyVu +STU3oJMycZ1qf5GR1evRJ7gxkrtPXHWKNnVgxfrBC72ON6wJnr7KaY-l9L44epIsk1pEmXm3YQu1 +N0NxiAwdus9OnCXQ7GgZPRXCpxjJPNs7EIKFrYjKJfdtSzT85ZrTpHQtjim2L1ZP9iIlq2QVKD1v +bKSjCwjtb9ztjrV-Bw1BHcAApPcfpXHLhYkJ7iL1XUhxjXp_DGUkD7ZN9S5tuyrsMXz5hh6wMfcq +NPR_XqHaS2ur-ONNrHuFFCmY7Ehc5FArFzb_Xn1JTpOQJTcy6_3r3u3B_euT8GmXHahtVN1Rv8RM +kAD5m_UBx-nHoZDVDYZkfR9k4hF2Sz5rfrWs6Zrl0r8FBrVFtU1j2vOTvTGwrkO9yZvgIqOkX_eq +TnGIpM4paHxEGTP8H8A3Y0ZpsvLttmh0rT_OwzBPa1Mof3RQKhyTzfbptxuUJyVxU0Ln-9f--5Mk +wEFqhuSrgssI6b1iMqm97PqFQMYrWX3SV8l0V-PKxFxDM1bguHq4mOXEtmZBUtMBepwSsI96
\ No newline at end of file diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties index f05f9e951..ad27cd09e 100644 --- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties +++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties @@ -136,10 +136,28 @@ javax.persistence.jdbc.password=${{JDBC_PASSWORD}} ENVIRONMENT=${{ENVIRONMENT}} xacml.rest.pep.idfile = client.properties -#AAF Policy Name space -#Required only, when we use AAF -policy.aaf.namespace = ${{POLICY_AAF_NAMESPACE}} -policy.aaf.resource = ${{POLICY_AAF_RESOURCE}} +#AAF cadi properties +policy.aaf.namespace = ${{AAF_NAMESPACE}} +policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx +cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1 +cadi_latitude=38.000 +cadi.longitude=72.000 +cadi_alias=policy@policy.onap.org +cadi_loglevel=DEBUG +cadi_keyfile=${{POLICY_HOME}}/etc/ssl/aaf-cadi.keyfile +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US +cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore +cadi_keystore_password=${{KEYSTORE_PASSWD}} +cadi_key_password=${{KEYSTORE_PASSWD}} +aaf_env=DEV +aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1 +aaf_fqdn=${{AAF_HOST}} +aaf_oauth2_introspect_url=https://${{AAF_HOST}}:8095/AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://${{AAF_HOST}}:8095/AAF_NS.token:2.1/token +fs_url=https://${{AAF_HOST}}:8095/AAF_NS.fs.2.1 +gui_url=https://${{AAF_HOST}}:8095/AAF_NS.gui.2.1 + # Decision Response settings. # can be either PERMIT or DENY. decision.indeterminate.response=${{DECISION_INDETERMINATE_RESPONSE}} diff --git a/packages/install/src/files/base.conf b/packages/install/src/files/base.conf index dbf5da79c..2bc01c8b1 100644 --- a/packages/install/src/files/base.conf +++ b/packages/install/src/files/base.conf @@ -38,4 +38,7 @@ write_fpc_interval=5 max_fpc_update_interval=60 test_via_jmx=false +AAF_NAMESPACE=org.onap.policy +AAF_HOST=aaf-onap-test.osaaf.org + ENVIRONMENT=TEST |