X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FConfig.java;h=26305e914764bd9828bc8658b4ff58cd6f05c979;hb=a174f8ddbc5eb78a648fb68b33ef18cb64d81fda;hp=664919599695c35c1a49fcda59c61f71818f8fee;hpb=502e3991f592b334f8ffb12780eccebbbaf2e261;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 66491959..26305e91 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -92,6 +92,7 @@ public class Config { public static final String CADI_KEYSTORE = "cadi_keystore"; public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password"; public static final String CADI_ALIAS = "cadi_alias"; + public static final String CADI_CLIENT_ALIAS = "cadi_client_alias"; public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url"; public static final String CADI_LATITUDE = "cadi_latitude"; public static final String CADI_LONGITUDE = "cadi_longitude"; @@ -120,8 +121,9 @@ public class Config { public static final String CADI_TOKEN_DIR = "cadi_token_dir"; public static final String HTTPS_PROTOCOLS = "https.protocols"; - public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols"; + public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2"; + public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA," @@ -156,8 +158,8 @@ public class Config { public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:" + AAF_DEFAULT_API_VERSION; public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:" + AAF_DEFAULT_API_VERSION; public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.hello:" + AAF_DEFAULT_API_VERSION; - public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token"; - public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";; + public static final String OAUTH2_TOKEN_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token"; + public static final String OAUTH2_INTROSPECT_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";; public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; // AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability @@ -258,6 +260,12 @@ public class Config { public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException { Access access = si.access; + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException e2) { + throw new CadiException(e2); + } ///////////////////////////////////////////////////// // Setup AAFCon for any following ///////////////////////////////////////////////////// @@ -277,7 +285,7 @@ public class Config { boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs); // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL - String aafURL = access.getProperty(AAF_URL,null); + String aafURL = logProp(rph, AAF_URL,null); if (!hasDirectAAF && aafcon==null && aafURL!=null) { aafcon = loadAAFConnector(si, aafURL); } @@ -352,8 +360,8 @@ public class Config { Class obasicCls = (Class)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF); if (obasicCls!=null) { try { - String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null); - String introspecturl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL, null); + String tokenurl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL, null); + String introspecturl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL, null); if (tokenurl==null || introspecturl==null) { access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled."); } @@ -431,7 +439,7 @@ public class Config { // Configure OAuth TAF ///////////////////////////////////////////////////// if (!hasOAuthDirectTAF) { - String oauthTokenUrl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null); + String oauthTokenUrl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL,null); Class oadtClss; try { oadtClss = Class.forName(OAUTH_DIRECT_TAF); @@ -448,7 +456,7 @@ public class Config { additionalTafLurs = array; access.log(Level.INIT,"OAuth2 Direct is enabled"); } else if (oauthTokenUrl!=null) { - String oauthIntrospectUrl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null); + String oauthIntrospectUrl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL,null); @SuppressWarnings("unchecked") Class oaTCls = (Class)loadClass(access,OAUTH_HTTP_TAF); if (oaTCls!=null) { @@ -549,7 +557,7 @@ public class Config { } access.log(Level.INIT, sb); - Locator locator = loadLocator(si, logProp(access, AAF_LOCATE_URL, null)); + Locator locator = loadLocator(si, logProp(rph, AAF_LOCATE_URL, null)); taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null String level = logProp(access, CADI_LOGLEVEL, null); @@ -561,6 +569,18 @@ public class Config { return taf; } + public static String logProp(RegistrationPropHolder rph, String tag, String def) { + String rv = rph.access().getProperty(tag, def); + if (rv == null) { + rph.access().log(Level.INIT,tag,"is not explicitly set"); + } else { + rv = rph.replacements(rv, null, null); + rph.access().log(Level.INIT,tag,"is set to",rv); + } + return rv; + + } + public static String logProp(Access access,String tag, String def) { String rv = access.getProperty(tag, def); if (rv == null) { @@ -573,6 +593,13 @@ public class Config { public static Lur configLur(SecurityInfoC si, Connector con, Object ... additionalTafLurs) throws CadiException { Access access = si.access; + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException e2) { + throw new CadiException(e2); + } + List> lurs = new ArrayList<>(); ///////////////////////////////////////////////////// @@ -601,8 +628,8 @@ public class Config { ///////////////////////////////////////////////////// // Configure the OAuth Lur (if any) ///////////////////////////////////////////////////// - String tokenUrl = logProp(access,AAF_OAUTH2_TOKEN_URL, null); - String introspectUrl = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null); + String tokenUrl = logProp(rph,AAF_OAUTH2_TOKEN_URL, null); + String introspectUrl = logProp(rph,AAF_OAUTH2_INTROSPECT_URL, null); if (tokenUrl!=null && introspectUrl !=null) { try { Class olurCls = loadClass(access, CADI_OLUR_CLASS_DEF); @@ -631,7 +658,7 @@ public class Config { ///////////////////////////////////////////////////// // Configure the AAF Lur (if any) ///////////////////////////////////////////////////// - String aafURL = logProp(access,AAF_URL,null); // Trigger Property + String aafURL = logProp(rph,AAF_URL,null); // Trigger Property String aafEnv = access.getProperty(AAF_ENV,null); if (aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL int ec = aafURL.indexOf("envContext="); @@ -822,41 +849,11 @@ public class Config { try { rph = new RegistrationPropHolder(access, 0); url = rph.replacements(_url, null, null); + access.printf(Level.INFO, "loadLocator URL is %s",url); } catch (UnknownHostException | CadiException e1) { throw new LocatorException(e1); } -// if(url.indexOf('%')>=0) { -// String str = access.getProperty(Config.AAF_LOCATOR_CONTAINER_ID, null); -// if(str==null) { -// url = url.replace("%CID",""); -// } else { -// url = url.replace("%CID",str+'.'); -// } -// str = access.getProperty(Config.AAF_LOCATOR_CONTAINER, null); -// if(str==null) { -// url = url.replace("%C",""); -// } else { -// url = url.replace("%C",str+'.'); -// } -// -// if (root_ns==null) { -// url = url.replace("%AAF_NS",""); -// } else { -// url = url.replace("%AAF_NS",root_ns); -// } -// } - String replacement; - int idxAAFLocateUrl; - if ((idxAAFLocateUrl=url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) { - StringBuilder sb = new StringBuilder(replacement); - if (!replacement.endsWith("/locate")) { - sb.append("/locate"); - } - sb.append(url,idxAAFLocateUrl+AAF_LOCATE_URL_TAG.length(),url.length()); - url = sb.toString(); - } - try { Class lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF); if (lcls==null) {