X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfigure%2FPlaceArtifactInKeystore.java;h=67b3df099c6ba3d18608bc2d0a04d3bee9c415ab;hb=355b886d817295d2bca5af28f01576bf4a3ded18;hp=b91e8734c71ec7d156d0a787246733f44a70bd0d;hpb=7e966914050e66219689001ff4ab601a49eef0ac;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index b91e8734..67b3df09 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -50,7 +50,8 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
 
     @Override
     public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
-        File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
+    	final String ext = (kst==Agent.PKCS12?"p12":kst);
+        File fks = new File(dir,arti.getNs()+'.'+ext);
         try {
             KeyStore jks = KeyStore.getInstance(kst);
             if (fks.exists()) {
@@ -65,25 +66,41 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
             X509Certificate x509;
             List<X509Certificate> chainList = new ArrayList<>();
             Set<X509Certificate> caSet = new HashSet<>();
+            X509Certificate curr = null;
             for (Certificate c : certColl) {
                 x509 = (X509Certificate)c;
                 // Is a Root (self-signed, anyway)
                 if (x509.getSubjectDN().equals(x509.getIssuerDN())) {
                     caSet.add(x509);
                 } else {
-                    chainList.add(x509);
+                	// Expect Certs in Trust Chain Order. 
+                	if(curr==null) {
+                        chainList.add(x509);
+                        curr=x509;
+                	} else {
+                    	// Only Add Cert next on the list
+                		if(curr.getIssuerDN().equals(x509.getSubjectDN())) {
+                			chainList.add(x509);
+                			curr=x509;
+                		}
+                	}
                 }
             }
-//            chainList.addAll(caSet);
-            //Collections.reverse(chainList);
 
             // Properties, etc
             // Add CADI Keyfile Entry to Properties
-            addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getNs() + ".keyfile");
+            File keyfile = new File(arti.getDir()+'/'+arti.getNs() + ".keyfile");
+            PropHolder props = PropHolder.get(arti, "cred.props");
+            props.add(Config.CADI_KEYFILE,keyfile.getAbsolutePath());
+
             // Set Keystore Password
-            addProperty(Config.CADI_KEYSTORE,fks.getAbsolutePath());
+            props.add(Config.CADI_KEYSTORE,fks.getAbsolutePath());
             String keystorePass = Symm.randomGen(Agent.PASS_SIZE);
-            addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+            String encP = props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+            // Since there are now more than one Keystore type, the keystore password property might
+            // be overwritten, making the store useless without key. So we write it specifically
+            // as well.
+            props.add(Config.CADI_KEYSTORE_PASSWORD+'_'+ext,encP);
             char[] keystorePassArray = keystorePass.toCharArray();
             jks.load(null,keystorePassArray); // load in
             
@@ -95,8 +112,8 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
             // dictates that you live with the default, meaning, they are the same
             String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);
             PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());
-            addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);
-            addProperty(Config.CADI_ALIAS, arti.getMechid());
+            props.addEnc(Config.CADI_KEY_PASSWORD, keyPass);
+            props.add(Config.CADI_ALIAS, arti.getMechid());
 //            Set<Attribute> attribs = new HashSet<>();
 //            if (kst.equals("pkcs12")) {
 //                // Friendly Name
@@ -114,7 +131,7 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
                     pkEntry, protParam);
 
             // Write out
-            write(fks,Chmod.to400,jks,keystorePassArray);
+            write(fks,Chmod.to644,jks,keystorePassArray);
             
             // Change out to TrustStore
             // NOTE: PKCS12 does NOT support Trusted Entries.  Put in JKS Always
@@ -127,9 +144,9 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
             jks = KeyStore.getInstance(Agent.JKS);
             
             // Set Truststore Password
-            addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
+            props.add(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
             String trustStorePass = Symm.randomGen(Agent.PASS_SIZE);
-            addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);
+            props.addEnc(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);
             char[] truststorePassArray = trustStorePass.toCharArray();
             jks.load(null,truststorePassArray); // load in