X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fsample%2Fbin%2Fclient.sh;h=00818c995ecd72b0a2ae29c85bea6f1b9d5b7e5e;hb=HEAD;hp=e94228805b8f34eb7f7a5bcc02461bb61b302e9d;hpb=693ebced47f4211b5b6b8874b41e60cedf9dba0e;p=aaf%2Fauthz.git

diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index e9422880..00818c99 100755
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -1,122 +1,263 @@
 #!/bin/bash
+#########
+#  ============LICENSE_START====================================================
+#  org.onap.aaf
+#  ===========================================================================
+#  Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+#  ===========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END====================================================
+#
 # This script is run when starting client Container.
 #  It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
 #
-JAVA=/usr/bin/java
+
+#
+# error handling.  REQUIRED: if this script fails, it must give non-zero exit value
+#
+# We exit non-zero with an explanation echod to standard
+# out in some situations, like bad input or failed keygen.
+# We exit non-zero without explanation in other situations
+# like command not found, or file access perms error.
+#
+# exit without explaining to stdout if some error
+set -e
+
+[ -z "$JAVA_HOME" ] && { echo FAILURE: JAVA_HOME is not set; exit 1;}
+JAVA=${JAVA_HOME}/bin/java
+
+[ -e ${JAVA_HOME} ] || { echo FAILURE: java home does not exist: ${JAVA_HOME}; exit 1;}
+[ -e ${JAVA} ]      || { echo FAILURE: java executable does not exist: ${JAVA}; exit 1;}
+
 AAF_INTERFACE_VERSION=2.1
 
 # Extract Name, Domain and NS from FQI
+[ -z "$APP_FQI" ] && { echo FAILURE: APP_FQI is not set; exit 1; }
+
 FQIA=($(echo ${APP_FQI} | tr '@' '\n'))
 FQI_SHORT=${FQIA[0]}
 FQI_DOMAIN=${FQIA[1]}
+[ -z "$FQI_SHORT" ] && { echo FAILURE: malformed APP_FQI, should be like email form: name@domain; exit 1; }
+[ -z "$FQI_DOMAIN" ] && { echo FAILURE: malformed APP_FQI, should be like email form: name@domain; exit 1; }
+
 #   Reverse DOMAIN for NS
 FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n'))
 for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do
    NS=${NS}${FQIA_E[i]}'.'
 done
 NS=${NS}${FQIA_E[0]}
-CONFIG="/opt/app/aaf_config"
-OSAAF="/opt/app/osaaf"
-LOCAL="$OSAAF/local"
-DOT_AAF="$HOME/.aaf"
+CONFIG=${CONFIG:-"/opt/app/aaf_config"}
+
+#  perhaps AAF HOME? (root of aaf installation)
+OSAAF=${OSAAF:-"/opt/app/osaaf"}
+
+# this is the 'place' operation's destination
+LOCAL=${LOCAL:-"$OSAAF/local"}
+DOT_AAF=${DOT_AAF:-"${HOME}/.aaf"}
 SSO="$DOT_AAF/sso.props"
- 
-JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine"
-JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$SSO org.onap.aaf.cadi.configure.Agent"
-JAVA_AGENT_SELF="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/${NS}.props org.onap.aaf.cadi.configure.Agent"
-JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli"
 
-# Check for local dir
-if [ ! -d $LOCAL ]; then
-    mkdir -p $LOCAL
-    for D in bin logs; do
-        rsync -avzh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D
-    done
-fi
+# for *backup files
+backupDir=${BACKUP_DIR:-${LOCAL}}
 
-# Setup Bash, first time only
-if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep agent $HOME/.bash_aliases)" ]; then
-  echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases
-  echo "alias agent='$OSAAF/bin/agent.sh EMPTY \$*'" >>$HOME/.bash_aliases
-  echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases
-  chmod a+x $OSAAF/bin/agent.sh
-  . $HOME/.bash_aliases
+if [ -e "$CONFIG" ]; then
+  CONFIG_BIN="$CONFIG/bin" 
+else 
+  CONFIG_BIN="."
 fi
 
+AGENT_JAR="$CONFIG_BIN/aaf-cadi-aaf-*-full.jar"
+
+JAVA_AGENT="$JAVA -Dcadi_loglevel=DEBUG -Dcadi_etc_dir=${LOCAL} -Dcadi_log_dir=${LOCAL} -jar $AGENT_JAR "
+
+function backup() {
+  # any backup files?
+  if stat -t *.backup > /dev/null 2>&1; then
+    # move them somewhere else?
+    if [ "${backupDir}" != "${LOCAL}" ]; then
+      mkdir -p ${backupDir}
+      mv -f ${LOCAL}/*.backup ${backupDir}
+    fi
+  fi
+}
+
 # Setup SSO info for Deploy ID
 function sso_encrypt() {
-   $JAVA_CADI digest ${1} $DOT_AAF/keyfile
+   $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile || {
+      echo agent fails to digest password
+      exit 1
+   }
 }
 
+# Setup Bash, first time only, Agent only
+if [ ! -f "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then
+  echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >> $HOME/.bashrc
+  chmod a+x $CONFIG_BIN/agent.sh
+  . $HOME/.bashrc
+fi
+
+if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
+    mkdir -p $DOT_AAF
+    base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
+fi
 
 # Create Deployer Info, located at /root/.aaf
 if [ ! -e "$DOT_AAF/keyfile" ]; then
-    mkdir -p $DOT_AAF
-    $JAVA_CADI keygen $DOT_AAF/keyfile
+
+    $JAVA_AGENT cadi keygen $DOT_AAF/keyfile || {
+       echo "Cannot create $DOT_AAF/keyfile"
+       exit 1
+    }
+
     chmod 400 $DOT_AAF/keyfile
-    echo cadi_latitude=${LATITUDE} > ${SSO}
-    echo cadi_longitude=${LONGITUDE} >> ${SSO}
-    echo aaf_id=${DEPLOY_FQI} >> ${SSO}
+
+fi
+
+if [ ! -e "${SSO}" ]; then
+    echo Creating and adding content to ${SSO}
+    echo "cadi_keyfile=$DOT_AAF/keyfile" > ${SSO}
+
+    # Add Deployer Creds to Root's SSO
+    DEPLOY_FQI="${DEPLOY_FQI:=$app_id}"
+    echo "aaf_id=${DEPLOY_FQI}" >> ${SSO}
     if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
        echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
     fi
-    echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO}
-    echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO}
+    
+    # Cover case where using app.props
+    aaf_locator_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS}
+    if [ "$aaf_locator_container" = "docker" ]; then
+        echo "aaf_locate_url=https://aaf-locate:8095" >> ${SSO}
+        echo "aaf_url_cm=https://aaf-cm:8150" >> ${SSO}
+        echo "aaf_url=https://aaf-service:8100" >> ${SSO}
+    else 
+        echo "aaf_locate_url=https://${aaf_locator_fqdn}:8095" >> ${SSO}
+        echo "aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1" >> ${SSO}
+        echo "aaf_url=https://AAF_LOCATE_URL/%CNS.%NS.service:2.1" >> ${SSO}
+    fi
 
-    base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
     echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO}
-    echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO}
+    echo "cadi_truststore_password=changeit" >> ${SSO}
+    echo "cadi_latitude=${LATITUDE}" >> ${SSO}
+    echo "cadi_longitude=${LONGITUDE}" >> ${SSO}
+    echo "hostname=${aaf_locator_fqdn}" >> ${SSO}
+
+    # Push in all AAF and CADI properties to SSO
+    for E in $(env); do
+        if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then
+           # Use Deployer ID in ${SSO}
+           if [ "app_id" != "${E%=*}" ]; then
+              S="${E/_helm/.helm}"
+              S="${S/_oom/.oom}"
+             echo "$S" >> ${SSO}
+           fi
+        fi
+    done
+
+    . ${SSO}
     echo "Caller Properties Initialized"
-    INITIALIZED="true"
+    echo "cat SSO"
+    cat ${SSO}
 fi
 
+# Check for local dir
+if [ -d $LOCAL ]; then
+    echo "$LOCAL exists"
+else
+    mkdir -p $LOCAL
+    echo "Created $LOCAL"
+fi
+
+cd $LOCAL
+echo "Existing files in $LOCAL"
+ls -l
+
+# Should we refresh the client version??
+if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then
+  echo "Clean up directory ${LOCAL}"
+  rm -Rf ${LOCAL}/*
+
+  echo "${VERSION}" > $LOCAL/VERSION
+  cp $AGENT_JAR $LOCAL
+  echo "#!/bin/bash" > $LOCAL/agent
+     echo 'java -jar aaf-cadi-aaf-*-full.jar $*' >> $LOCAL/agent
+  echo "#!/bin/bash" > $LOCAL/cadi
+     echo 'java -jar aaf-cadi-aaf-*-full.jar cadi $*' >> $LOCAL/cadi
+  chmod 755 $LOCAL/agent $LOCAL/cadi
+fi
+
+echo "Namespace is ${NS}"
+
 # Only initialize once, automatically...
-if [ ! -e $LOCAL/${NS}.props ]; then
+if [ ! -f $LOCAL/${NS}.props ]; then
+    [ -z "$APP_FQDN" ] && { echo FAILURE: APP_FQDN is not set; exit 1; }
+
     echo "#### Create Configuration files "
-    $JAVA_AGENT config $APP_FQI \
-	aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \
-        cadi_etc_dir=$LOCAL
+    > $LOCAL/$NS
+    $JAVA_AGENT config $APP_FQI $APP_FQDN --nopasswd || {
+        echo Cannot create config files
+        exit 1
+    }
     cat $LOCAL/$NS.props
 
     echo
     echo "#### Certificate Authorization Artifact"
-    TMP=$(mktemp)
-    $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \
-        cadi_prop_files=${SSO} \
-        cadi_etc_dir=$LOCAL > $TMP
-    cat $TMP
-    echo
+    # TMP=$(mktemp)
+    TMP=$LOCAL/agent.log
+
+
+    $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} | tee $TMP ;  [ ${PIPESTATUS[0]} -eq 0 ] || {
+        echo Cannot read artificate;
+        exit 1;
+    }
+
+
     if [ -n "$(grep 'Namespace:' $TMP)" ]; then
         echo "#### Place Certificates (by deployer)"
-        $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \
-            cadi_prop_files=${SSO} \
-            cadi_etc_dir=$LOCAL
+        $JAVA_AGENT place $APP_FQI $APP_FQDN || {
+          echo Failed to obtain new certificate
+          exit 1
+
+        }
     
-        echo "#### Validate Configuration and Certificate with live call"
-        $JAVA_AGENT_SELF validate 
-        echo "Obtained Certificates"
-        INITIALIZED="true"
+        if [ -z "$(grep cadi_alias ${LOCAL}/$NS.cred.props)" ]; then
+	  echo "FAILED to get Certificate, cadi_alias is not defined."
+          exit 1
+        else 
+          echo "Obtained Certificates"
+          echo "#### Validate Configuration and Certificate with live call"
+          $JAVA_AGENT validate cadi_prop_files=${NS}.props || {
+              echo Failed to validate new certificate
+              exit 1
+          }
+        fi
     else
 	echo "#### Certificate Authorization Artifact must be valid to continue"
     fi
     rm $TMP    
+else
+    INITIALIZED="true"
 fi
 
-# Now run a command
-CMD=$2
-if [ -z "$CMD" ]; then
-    if [ -n "$INITIALIZED" ]; then
-      echo "Initialization complete"
-    else
-      $JAVA_AGENT
-    fi
+if [ -z "$*" ]; then
+    echo "Initialization complete"
 else 
-    shift
+    # Now run a command
+    CMD=$1
     shift
     case "$CMD" in
     ls)
         echo ls requested
-        find /opt/app/osaaf -depth
+        find ${OSAAF} -depth
         ;;
     cat)
         if [ "$1" = "" ]; then
@@ -133,26 +274,55 @@ else
             fi
         fi
         ;;
-    update)
-        for D in bin logs; do
-            rsync -uh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D
-        done
+    read)
+        echo "## Read Artifacts"
+        $JAVA_AGENT read $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=INFO || {
+           echo Command faile, cannot read artifacts
+           exit 1
+        }
         ;;
     showpass)
         echo "## Show Passwords"
-        $JAVA_AGENT showpass ${APP_FQI} ${APP_FQDN}
+        $JAVA_AGENT showpass $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=ERROR || {
+           echo Failure showing password
+           exit 1
+        }
         ;;
     check)
-        $JAVA_AGENT check ${APP_FQI} ${APP_FQDN}
+        echo "## Check Certificate"
+        echo "$JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props"
+	# inspects and repots on certificate validation and renewal date
+        $JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props || {
+           echo Checking certificate fails.
+           exit 1
+        }
         ;;
     validate)
         echo "## validate requested"
-        $JAVA_AGENT_SELF validate 
+	# attempt to send request to aaf; authenticate with this local certificate
+        $JAVA_AGENT validate $APP_FQI $APP_FQDN || {
+           echo Validation fails.
+           exit 1
+        }
+        ;;
+    place)
+        echo "## Renew Certificate"
+        $JAVA_AGENT place $APP_FQI $APP_FQDN cadi_prop_files=${SSO} || {
+           echo Placing certificate fails.
+           exit 1
+        }
+        ;;
+    renew)
+        echo "## Renew Certificate"
+        $JAVA_AGENT place $APP_FQI $APP_FQDN || {
+           echo Failure renewing certificate
+           exit 1
+        }
         ;;
     bash)
         shift
         cd $LOCAL || exit
-        /bin/bash "$@"
+        exec bash "$@" 
         ;;
     setProp)
         cd $LOCAL || exit
@@ -206,7 +376,14 @@ else
         done
         ;;
     taillog) 
-	sh /opt/app/osaaf/logs/taillog
+	sh ${OSAAF}/logs/taillog
+	;;
+    testConnectivity|testconnectivity)
+        echo "--- Test Connectivity ---"
+        $JAVA -cp $AGENT_JAR org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/${NS}.props  || {
+           echo Failure while testing connectivity
+           exit 1
+        }
 	;;
     --help | -?)
         case "$1" in
@@ -242,10 +419,12 @@ else
     ### Possible Dublin
     # sample)
     #    echo "--- run Sample Servlet App ---"
-    #    $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar:$CONFIG/bin/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
+    #    $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $AGENT_JAR:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
     #    ;;
     *)
         $JAVA_AGENT "$CMD" "$@"
         ;;
     esac
 fi
+
+backup