import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Connector;
import org.onap.aaf.cadi.CredVal;
+import org.onap.aaf.cadi.CredValDomain;
import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF";
-
public static final String UTF_8 = "UTF-8";
// Property Names associated with configurations.
// As of 1.0.2, these have had the dots removed so as to be compatible with JavaBean style
// configurations as well as property list style.
public static final String HOSTNAME = "hostname";
- public static final String CADI_REGISTRATION_HOSTNAME = "cadi_registration_hostname";
public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)
public static final String CADI_LOGLEVEL = "cadi_loglevel";
public static final String CADI_LOGDIR = "cadi_log_dir";
public static final String CADI_OAUTH2_URL="cadi_oauth2_url";
public static final String CADI_TOKEN_DIR = "cadi_token_dir";
- public static final String CSP_DOMAIN = "csp_domain";
- public static final String CSP_HOSTNAME = "csp_hostname";
- public static final String CSP_DEVL_LOCALHOST = "csp_devl_localhost";
- public static final String CSP_USER_HEADER = "CSP_USER";
- public static final String CSP_SYSTEMS_CONF = "CSPSystems.conf";
- public static final String CSP_SYSTEMS_CONF_FILE = "csp_systems_conf_file";
-
public static final String HTTPS_PROTOCOLS = "https.protocols";
public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols";
public static final String OAUTH_CLIENT_SECRET="client_secret";
public static final String AAF_ENV = "aaf_env";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_ROOT_NS = "aaf_root_ns";
+ public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
public static final String AAF_ROOT_COMPANY = "aaf_root_company";
public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
+ public static final String AAF_DEFAULT_VERSION = "2.1";
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
+ public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_VERSION;
+ public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_VERSION;
+ public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_VERSION;
+ public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_VERSION;
+ public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_VERSION;
+ public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_VERSION;
+
+ public static final String AAF_REGISTER_AS = "aaf_register_as";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_LUR_CLASS = "aaf_lur_class";
public static final String AAF_COMPONENT = "aaf_component";
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
- public static final String AAF_DEFAULT_VERSION = "2.0";
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
}
}
- public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException {
+ public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException {
Access access = si.access;
/////////////////////////////////////////////////////
// Setup AAFCon for any following
access.log(Level.INIT, "Hostname set to",hostname);
// Get appropriate TAFs
- ArrayList<HttpTaf> htlist = new ArrayList<HttpTaf>();
+ ArrayList<HttpTaf> htlist = new ArrayList<>();
/////////////////////////////////////////////////////
// Add a Denial of Service TAF
/////////////////////////////////////////////////////
// Configure Client Cert TAF
/////////////////////////////////////////////////////
-
+ X509Taf x509TAF = null;
String truststore = logProp(access, CADI_TRUSTSTORE,null);
if(truststore!=null) {
String truststore_pwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD,null);
}
}
try {
- htlist.add(new X509Taf(access,lur));
+ htlist.add(x509TAF=new X509Taf(access,lur));
access.log(Level.INIT,"Certificate Authorization enabled");
} catch (SecurityException e) {
access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e);
if(!basic_warn)access.log(Level.INIT,"WARNING! The basic_warn property has been set to false.",
" There will be no additional warning if Basic Auth is used on an insecure channel"
);
- htlist.add(new BasicHttpTaf(access, up, basic_realm, userExp, basic_warn));
+ BasicHttpTaf bht = new BasicHttpTaf(access, up, basic_realm, userExp, basic_warn);
+ for(Object o : additionalTafLurs) {
+ if(o instanceof CredValDomain) {
+ bht.add((CredValDomain)o);
+ }
+ }
+ if(x509TAF!=null) {
+ x509TAF.add(bht);
+ }
+ htlist.add(bht);
access.log(Level.INIT,"Basic Authorization is enabled");
}
} else {
/////////////////////////////////////////////////////
if(additionalTafLurs!=null) {
for(Object additional : additionalTafLurs) {
- if(additional instanceof HttpTaf) {
- htlist.add((HttpTaf)additional);
+ if(additional instanceof BasicHttpTaf) {
+ BasicHttpTaf ht = (BasicHttpTaf)additional;
+ for(Object cv : additionalTafLurs) {
+ if(cv instanceof CredValDomain) {
+ ht.add((CredValDomain)cv);
+ access.printf(Level.INIT,"%s Authentication is enabled",cv);
+ }
+ }
+ htlist.add(ht);
+ } else if(additional instanceof HttpTaf) {
+ HttpTaf ht = (HttpTaf)additional;
+ htlist.add(ht);
access.printf(Level.INIT,"%s Authentication is enabled",additional.getClass().getSimpleName());
} else if(hasOAuthDirectTAF) {
Class<?> daupCls;
}
}
+ // Add BasicAuth, if any, to x509Taf
+ if(x509TAF!=null) {
+ for( HttpTaf ht : htlist) {
+ if(ht instanceof BasicHttpTaf) {
+ x509TAF.add((BasicHttpTaf)ht);
+ }
+ }
+ }
/////////////////////////////////////////////////////
// Create EpiTaf from configured TAFs
/////////////////////////////////////////////////////
public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object ... additionalTafLurs) throws CadiException {
Access access = si.access;
- List<Lur> lurs = new ArrayList<Lur>();
+ List<Lur> lurs = new ArrayList<>();
/////////////////////////////////////////////////////
// Configure a Local Property Based RBAC/LUR
aafConClass = loadClass(access, AAF_V2_0_AAF_CON_HTTP);
if (aafConClass != null) {
for (Constructor<?> c : aafConClass.getConstructors()) {
- List<Object> lo = new ArrayList<Object>();
+ List<Object> lo = new ArrayList<>();
for (Class<?> pc : c.getParameterTypes()) {
if (pc.equals(Access.class)) {
lo.add(access);
@SuppressWarnings("unchecked")
- public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url) {
+ public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url) throws LocatorException {
Access access = si.access;
Locator<URI> locator = null;
if(_url==null) {
access.log(Level.INFO, "AAFLocator enabled using preloaded " + locator.getClass().getSimpleName());
}
} catch (InvocationTargetException e) {
+ if(e.getTargetException() instanceof LocatorException) {
+ throw (LocatorException)e.getTargetException();
+ }
access.log(Level.INIT,e.getTargetException().getMessage(),"AAFLocator for",url,"could not be created.",e);
} catch (Exception e) {
access.log(Level.INIT,"AAFLocator for",url,"could not be created.",e);