### Logs
-Clamp uses logback framework to generate logs. The logback.xml file cand be found under the [src/main/resources/ folder](src/main/resources).
+Clamp uses logback framework to generate logs. The logback.xml file can be found under the [src/main/resources/ folder](src/main/resources).
With the default log settings, all logs will be generated into console and into root.log file under the Clamp root folder. The root.log file is not allowed to be appended, thus restarting the clamp will result in cleaning of the old log files.
You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
-
+## Clamp AAF
+- Connect to windriver with openvpn
+- create a folder aaf-renewal and go to it
+- create a file aaf.props with that content
+ VERSION=2.1.13
+ DOCKER_REPOSITORY=nexus3.onap.org:10001
+ HOSTNAME=
+ CONTAINER_NS=onap
+ AAF_FQDN=aaf-onap-test.osaaf.org
+ AAF_FQDN_IP=10.12.5.145
+ DEPLOY_FQI=deployer@people.osaaf.org
+ APP_FQDN=clamp
+ APP_FQI=clamp@clamp.onap.org
+ VOLUME=clamp_config
+ DRIVER=local
+ LATITUDE=10
+ LONGITUDE=10
+- wget -O agent.sh 'https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=blob_plain;f=auth/docker/agent.sh;h=32910874e01ad13865510091ddd4ef9ae5966410;hb=refs/heads/elalto'
+- wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-auth-cmd/2.1.13/aaf-auth-cmd-2.1.13-full.jar
+- bash agent.sh bash
+ It's going to ask some questions:
+ Password for deployer@people.osaaf.org: demo123456!
+ AAF Locator URL=https://aaf-onap-test.osaaf.org:8095
+ # If you do not know your Global Coordinates, we suggest bing.com/maps
+ cadi_latitude[0.000]=10.0
+ cadi_longitude[0.000]=10.0
+- Certs should created, you can get them in /var/lib/docker/volumes/clamp_config/_data/local
+- wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar
+- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi digest changeit testos.key
+
+- Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key'
+- Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem'
+- Extract CA certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -cacerts -nokeys -chain > ca-certs.pem'
+- reference wiki: https://wiki.onap.org/display/DW/AAF+Certificate+Management+for+Dummies
## Clamp Credentials
There are two mechanisms that can enabled for the authentication, one or the other never both at the same time.
server.port=8443
server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
-server.ssl.key-store-password=34xqGdj]VnHothQ]5qCykV3X
-server.ssl.key-password=34xqGdj]VnHothQ]5qCykV3X
+server.ssl.key-store-password=China in the Spring
+server.ssl.key-password=China in the Spring
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=clamp@clamp.onap.org
server.ssl.client-auth=want
....
clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile
clamp.config.cadi.cadiLoglevel=DEBUG
-clamp.config.cadi.cadiLatitude=37.78187
-clamp.config.cadi.cadiLongitude=-122.26147
+clamp.config.cadi.cadiLatitude=10
+clamp.config.cadi.cadiLongitude=10
clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095
clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs
clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf
clamp.config.cadi.aafEnv=DEV
clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0
-clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
+clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
In that case a certificate must be added in the browser and is required to login properly
Please check that section to get the certificate
https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca#ControlLoopFlowsandModelsforCasablanca-Configure
Or it can be found in the Clamp source code folder src/main/resources/clds/aaf
-(Default Password: "34xqGdj]VnHothQ]5qCykV3X")
+(Default Password: "China in the Spring")
2. Spring authentication
It's possible to enable the spring authentication by disabling the "clamp-aaf-authentication" profile and enabling only the "clamp-default-user"
--spring.config.name=application-noaaf
-to the jvm parameters. This file is available by default in the java classpath resource folder.
\ No newline at end of file
+to the jvm parameters. This file is available by default in the java classpath resource folder.