X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FConfig.java;h=48f5e2d1297c216c4401adbb18ebc483bd8a68fb;hb=1338680ef142f9a33ee32a00b07c7d2ae658cb3a;hp=fc972c8cc80e68e54507a82996726c884d76b540;hpb=f83c15c4a04a26c3d57423f3c67058ea38d5302f;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index fc972c8c..48f5e2d1 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -88,10 +88,14 @@ public class Config { public static final String CADI_LOGDIR = "cadi_log_dir"; public static final String CADI_ETCDIR = "cadi_etc_dir"; public static final String CADI_LOGNAME = "cadi_logname"; +// public static final String CADI_LOGFMT="cad_logging_format"; +// public static final String CADI_LOGFMT_UTC="UTC"; +// public static final String CADI_LOGFMT_ISO8601="ISO-8601"; public static final String CADI_KEYFILE = "cadi_keyfile"; public static final String CADI_KEYSTORE = "cadi_keystore"; public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password"; public static final String CADI_ALIAS = "cadi_alias"; + public static final String CADI_CLIENT_ALIAS = "cadi_client_alias"; public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url"; public static final String CADI_LATITUDE = "cadi_latitude"; public static final String CADI_LONGITUDE = "cadi_longitude"; @@ -120,8 +124,9 @@ public class Config { public static final String CADI_TOKEN_DIR = "cadi_token_dir"; public static final String HTTPS_PROTOCOLS = "https.protocols"; - public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols"; + public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2"; + public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA," @@ -146,19 +151,15 @@ public class Config { public static final String AAF_ROOT_NS = "aaf_root_ns"; public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf"; public static final String AAF_ROOT_COMPANY = "aaf_root_company"; + /** + * Use Config.getAAFLocateUrl(access) to get correct property in/out of container + */ public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables. public static final String AAF_DEFAULT_API_VERSION = "2.1"; + public static final String AAF_DEPLOYED_VERSION="aaf_deployed_version"; public static final String AAF_API_VERSION = "aaf_api_version"; - public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration - public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_API_VERSION; - public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_API_VERSION; - public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_API_VERSION; - public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_API_VERSION; - public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_API_VERSION; - public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_API_VERSION; - public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION; - + public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; // AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability // to set these entries manually @@ -173,12 +174,18 @@ public class Config { public static final String AAF_LOCATOR_VERSION = "aaf_locator_version"; public static final String AAF_LOCATOR_PROTOCOL = "aaf_locator_protocol"; public static final String AAF_LOCATOR_SUBPROTOCOL = "aaf_locator_subprotocol"; - public static final String AAF_LOCATOR_NS = "aaf_locator_ns"; + public static final String AAF_LOCATOR_APP_NS = "aaf_locator_app_ns"; public static final String AAF_LOCATOR_ENTRIES = "aaf_locator_entries"; public static final String AAF_LOCATOR_FQDN = "aaf_locator_fqdn"; public static final String AAF_LOCATOR_NAME = "aaf_locator_name"; public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port"; - public static final String AAF_LOCATOR_PUBLIC_HOSTNAME = "aaf_locator_public_hostname"; + public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn"; + public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name"; + + // AAF Service will write to the Audit Log if a past due AAF stored Password + // is being used within # of days specified. + public static final String AAF_CRED_WARN_DAYS="aaf_cred_warn_days"; + public static final String AAF_CRED_WARN_DAYS_DFT="7"; public static final String AAF_APPID = "aaf_id"; public static final String AAF_APPPASS = "aaf_password"; @@ -213,11 +220,17 @@ public class Config { public static final String AAF_CERT_IDS = "aaf_cert_ids"; public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only. - public static final String AAF_RELEASE = "aaf_release"; - public static final String GW_URL = "gw_url"; - public static final String CM_URL = "cm_url"; + public static final String AAF_URL_OAUTH = "aaf_url_oauth"; + public static final String AAF_URL_GUI="aaf_url_gui"; + public static final String AAF_URL_FS="aaf_url_fs"; + public static final String AAF_URL_CM = "aaf_url_cm"; + public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:"+AAF_DEFAULT_API_VERSION; + public static final String AAF_URL_HELLO = "aaf_url_hello"; public static final String CM_TRUSTED_CAS = "cm_trusted_cas"; + // let NS Owners choose with .certman aaf ignoreIPs" to ignoreIP Check for Configs + // Probably only want to allow in a DEV Env. + public static final String CM_ALLOW_IGNORE_IPS="cm_allow_ignore_ips"; public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern"; public static final String PATHFILTER_STACK = "pathfilter_stack"; @@ -258,6 +271,12 @@ public class Config { public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException { Access access = si.access; + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException e2) { + throw new CadiException(e2); + } ///////////////////////////////////////////////////// // Setup AAFCon for any following ///////////////////////////////////////////////////// @@ -277,7 +296,7 @@ public class Config { boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs); // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL - String aafURL = access.getProperty(AAF_URL,null); + String aafURL = logProp(rph, AAF_URL,null); if (!hasDirectAAF && aafcon==null && aafURL!=null) { aafcon = loadAAFConnector(si, aafURL); } @@ -352,8 +371,8 @@ public class Config { Class obasicCls = (Class)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF); if (obasicCls!=null) { try { - String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null); - String introspecturl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL, null); + String tokenurl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL, null); + String introspecturl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL, null); if (tokenurl==null || introspecturl==null) { access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled."); } @@ -431,7 +450,7 @@ public class Config { // Configure OAuth TAF ///////////////////////////////////////////////////// if (!hasOAuthDirectTAF) { - String oauthTokenUrl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null); + String oauthTokenUrl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL,null); Class oadtClss; try { oadtClss = Class.forName(OAUTH_DIRECT_TAF); @@ -448,7 +467,7 @@ public class Config { additionalTafLurs = array; access.log(Level.INIT,"OAuth2 Direct is enabled"); } else if (oauthTokenUrl!=null) { - String oauthIntrospectUrl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null); + String oauthIntrospectUrl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL,null); @SuppressWarnings("unchecked") Class oaTCls = (Class)loadClass(access,OAUTH_HTTP_TAF); if (oaTCls!=null) { @@ -549,7 +568,7 @@ public class Config { } access.log(Level.INIT, sb); - Locator locator = loadLocator(si, logProp(access, AAF_LOCATE_URL, null)); + Locator locator = loadLocator(si, aafURL); taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null String level = logProp(access, CADI_LOGLEVEL, null); @@ -561,6 +580,18 @@ public class Config { return taf; } + public static String logProp(RegistrationPropHolder rph, String tag, String def) { + String rv = rph.access().getProperty(tag, def); + if (rv == null) { + rph.access().log(Level.INIT,tag,"is not explicitly set"); + } else { + rv = rph.replacements("Config.logProp",rv, null, null); + rph.access().log(Level.INIT,tag,"is set to",rv); + } + return rv; + + } + public static String logProp(Access access,String tag, String def) { String rv = access.getProperty(tag, def); if (rv == null) { @@ -573,6 +604,13 @@ public class Config { public static Lur configLur(SecurityInfoC si, Connector con, Object ... additionalTafLurs) throws CadiException { Access access = si.access; + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException e2) { + throw new CadiException(e2); + } + List> lurs = new ArrayList<>(); ///////////////////////////////////////////////////// @@ -601,8 +639,8 @@ public class Config { ///////////////////////////////////////////////////// // Configure the OAuth Lur (if any) ///////////////////////////////////////////////////// - String tokenUrl = logProp(access,AAF_OAUTH2_TOKEN_URL, null); - String introspectUrl = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null); + String tokenUrl = logProp(rph,AAF_OAUTH2_TOKEN_URL, null); + String introspectUrl = logProp(rph,AAF_OAUTH2_INTROSPECT_URL, null); if (tokenUrl!=null && introspectUrl !=null) { try { Class olurCls = loadClass(access, CADI_OLUR_CLASS_DEF); @@ -631,7 +669,7 @@ public class Config { ///////////////////////////////////////////////////// // Configure the AAF Lur (if any) ///////////////////////////////////////////////////// - String aafURL = logProp(access,AAF_URL,null); // Trigger Property + String aafURL = logProp(rph,AAF_URL,null); // Trigger Property String aafEnv = access.getProperty(AAF_ENV,null); if (aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL int ec = aafURL.indexOf("envContext="); @@ -815,59 +853,65 @@ public class Config { if (_url==null) { access.log(Level.INIT,"No URL passed to 'loadLocator'. Disabled"); } else { + try { + Class aalCls = Class.forName("org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator"); + Method aalMth = aalCls.getMethod("create", String.class,String.class); + int colon = _url.lastIndexOf(':'); + if(colon>=0) { + int slash = _url.indexOf('/',colon); + String version; + if(slash<0) { + version = _url.substring(colon+1); + } else { + version = _url.substring(colon+1,slash); + } + slash = _url.lastIndexOf('/',colon); + if(slash>=0) { + Object aal = aalMth.invoke(null/*static*/, _url.substring(slash+1, colon),version); + return (Locator)aal; + } + } + } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { + String msg; + char quote; + if(e.getCause()!=null) { + msg=e.getCause().getMessage(); + quote='"'; + } else { + msg = "-"; + quote=' '; + } + access.printf(Level.DEBUG, "Configured AbsAAFLocator not found%c%s%cContinuing Locator creation ",quote,msg,quote); + } // String url = _url.replace("/AAF_NS.", "/%C%CID%AAF_NS."); // String root_ns = access.getProperty(Config.AAF_ROOT_NS, null); String url; RegistrationPropHolder rph; try { rph = new RegistrationPropHolder(access, 0); - url = rph.replacements(_url, null, null); + url = rph.replacements("Config.loadLocator",_url, null, null); + access.printf(Level.INFO, "loadLocator URL is %s",url); } catch (UnknownHostException | CadiException e1) { throw new LocatorException(e1); } - -// if(url.indexOf('%')>=0) { -// String str = access.getProperty(Config.AAF_LOCATOR_CONTAINER_ID, null); -// if(str==null) { -// url = url.replace("%CID",""); -// } else { -// url = url.replace("%CID",str+'.'); -// } -// str = access.getProperty(Config.AAF_LOCATOR_CONTAINER, null); -// if(str==null) { -// url = url.replace("%C",""); -// } else { -// url = url.replace("%C",str+'.'); -// } -// -// if (root_ns==null) { -// url = url.replace("%AAF_NS",""); -// } else { -// url = url.replace("%AAF_NS",root_ns); -// } -// } - String replacement; - int idxAAFLocateUrl; - if ((idxAAFLocateUrl=url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) { - StringBuilder sb = new StringBuilder(replacement); - if (!replacement.endsWith("/locate")) { - sb.append("/locate"); - } - sb.append(url,idxAAFLocateUrl+AAF_LOCATE_URL_TAG.length(),url.length()); - url = sb.toString(); + + String aaf_locator_class; + if(_url.equals(url) && !url.contains("/locate/")) { + aaf_locator_class = "org.onap.aaf.cadi.locator.DNSLocator"; + } else { + aaf_locator_class = AAF_LOCATOR_CLASS_DEF; } - try { - Class lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF); + Class lcls = loadClass(access,aaf_locator_class); if (lcls==null) { throw new CadiException("Need to include aaf-cadi-aaf jar for AAFLocator"); } // First check for preloaded try { - Method meth = lcls.getMethod("create",String.class); - locator = (Locator)meth.invoke(null,url); + Method meth = lcls.getMethod("create",Access.class,String.class); + locator = (Locator)meth.invoke(null,access,url); } catch (Exception e) { - access.log(Level.DEBUG, "(Not fatal) Cannot load by create(String)", e); + access.log(Level.NONE, "(Not fatal) Cannot load by create(String)", e); } if (locator==null) { URI locatorURI = new URI(url); @@ -897,6 +941,18 @@ public class Config { public static String getDefaultRealm() { return defaultRealm; } + + public static String getAAFLocateUrl(Access access) { + String rv = null; + String cont = access.getProperty(AAF_LOCATOR_CONTAINER,null); + if(cont!=null) { + rv = access.getProperty(AAF_LOCATE_URL + '.' +cont, null); + } + if(rv==null) { + rv = access.getProperty(AAF_LOCATE_URL, null); + } + return rv; + } private static class Priori implements Comparable> { public final T t;