Move jsonRepresentation

[clamp.git] / README.md

diff --git a/README.md b/README.md
index 318d2c8..148ff95 100644 (file)
--- a/README.md
+++ b/README.md
@@ -106,7 +106,7 @@ Once the image has been built and is available locally, you can use the `docker-
 
 ### Logs
 
-Clamp uses logback framework to generate logs. The logback.xml file cand be found under the [src/main/resources/ folder](src/main/resources). 
+Clamp uses logback framework to generate logs. The logback.xml file can be found under the [src/main/resources/ folder](src/main/resources). 
 
 With the default log settings, all logs will be generated into console and into root.log file under the Clamp root folder. The root.log file is not allowed to be appended, thus restarting the clamp will result in cleaning of the old log files.
 
@@ -114,7 +114,40 @@ With the default log settings, all logs will be generated into console and into
 
 You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
 
-
+## Clamp AAF
+- Connect to windriver with openvpn
+- create a folder aaf-renewal and go to it
+- create a file aaf.props with that content
+    VERSION=2.1.13
+    DOCKER_REPOSITORY=nexus3.onap.org:10001
+    HOSTNAME=
+    CONTAINER_NS=onap
+    AAF_FQDN=aaf-onap-test.osaaf.org
+    AAF_FQDN_IP=10.12.5.145
+    DEPLOY_FQI=deployer@people.osaaf.org
+    APP_FQDN=clamp
+    APP_FQI=clamp@clamp.onap.org
+    VOLUME=clamp_config
+    DRIVER=local
+    LATITUDE=10
+    LONGITUDE=10
+- wget -O agent.sh 'https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=blob_plain;f=auth/docker/agent.sh;h=32910874e01ad13865510091ddd4ef9ae5966410;hb=refs/heads/elalto'
+- wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-auth-cmd/2.1.13/aaf-auth-cmd-2.1.13-full.jar
+- bash agent.sh bash
+    It's going to ask some questions:
+    Password for deployer@people.osaaf.org: demo123456!
+    AAF Locator URL=https://aaf-onap-test.osaaf.org:8095 
+    # If you do not know your Global Coordinates, we suggest bing.com/maps
+    cadi_latitude[0.000]=10.0
+    cadi_longitude[0.000]=10.0
+- Certs should created, you can get them in /var/lib/docker/volumes/clamp_config/_data/local
+- wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar
+- to encrypt or decrypt the store passwords:  java -jar aaf-cadi-aaf-2.1.13-full.jar cadi digest changeit testos.key
+
+- Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key'
+- Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem'
+- Extract CA certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -cacerts -nokeys -chain > ca-certs.pem'
+- reference wiki: https://wiki.onap.org/display/DW/AAF+Certificate+Management+for+Dummies
 ## Clamp Credentials
 
 There are two mechanisms that can enabled for the authentication, one or the other never both at the same time. 
@@ -125,8 +158,8 @@ There is a section for SSL enablement and cadi configuration (for AAF) + one spr
 
 server.port=8443
 server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
-server.ssl.key-store-password=34xqGdj]VnHothQ]5qCykV3X
-server.ssl.key-password=34xqGdj]VnHothQ]5qCykV3X
+server.ssl.key-store-password=China in the Spring
+server.ssl.key-password=China in the Spring
 server.ssl.key-store-type=PKCS12
 server.ssl.key-alias=clamp@clamp.onap.org
 server.ssl.client-auth=want
@@ -139,21 +172,21 @@ spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controll
 ....
 clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile
 clamp.config.cadi.cadiLoglevel=DEBUG
-clamp.config.cadi.cadiLatitude=37.78187
-clamp.config.cadi.cadiLongitude=-122.26147
+clamp.config.cadi.cadiLatitude=10
+clamp.config.cadi.cadiLongitude=10
 clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095
 clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs
 clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf
 clamp.config.cadi.aafEnv=DEV
 clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0
-clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
+clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
 
 In that case a certificate must be added in the browser and is required to login properly
 Please check that section to get the certificate
 https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca#ControlLoopFlowsandModelsforCasablanca-Configure
 
 Or it can be found in the Clamp source code folder src/main/resources/clds/aaf
-(Default Password: "34xqGdj]VnHothQ]5qCykV3X")
+(Default Password: "China in the Spring")
 
 2. Spring authentication
 It's possible to enable the spring authentication by disabling the "clamp-aaf-authentication" profile and enabling only the "clamp-default-user"
@@ -173,4 +206,4 @@ To use it just add
 
 --spring.config.name=application-noaaf
 
-to the jvm parameters. This file is available by default in the java classpath resource folder. 
\ No newline at end of file
+to the jvm parameters. This file is available by default in the java classpath resource folder.