X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FConfig.java;h=66fbe847b07e426ede8ec273deff6af998c608c0;hb=dbec47530c91b6cd586fb05b44fd27444301e04a;hp=664919599695c35c1a49fcda59c61f71818f8fee;hpb=05e268a2061beccd5bceb88a716aeafadb6dcc71;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 66491959..66fbe847 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -88,10 +88,14 @@ public class Config { public static final String CADI_LOGDIR = "cadi_log_dir"; public static final String CADI_ETCDIR = "cadi_etc_dir"; public static final String CADI_LOGNAME = "cadi_logname"; +// public static final String CADI_LOGFMT="cad_logging_format"; +// public static final String CADI_LOGFMT_UTC="UTC"; +// public static final String CADI_LOGFMT_ISO8601="ISO-8601"; public static final String CADI_KEYFILE = "cadi_keyfile"; public static final String CADI_KEYSTORE = "cadi_keystore"; public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password"; public static final String CADI_ALIAS = "cadi_alias"; + public static final String CADI_CLIENT_ALIAS = "cadi_client_alias"; public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url"; public static final String CADI_LATITUDE = "cadi_latitude"; public static final String CADI_LONGITUDE = "cadi_longitude"; @@ -120,8 +124,9 @@ public class Config { public static final String CADI_TOKEN_DIR = "cadi_token_dir"; public static final String HTTPS_PROTOCOLS = "https.protocols"; - public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols"; + public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2"; + public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA," @@ -146,19 +151,14 @@ public class Config { public static final String AAF_ROOT_NS = "aaf_root_ns"; public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf"; public static final String AAF_ROOT_COMPANY = "aaf_root_company"; + /** + * Use Config.getAAFLocateUrl(access) to get correct property in/out of container + */ public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables. public static final String AAF_DEFAULT_API_VERSION = "2.1"; public static final String AAF_API_VERSION = "aaf_api_version"; - public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration - public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:" + AAF_DEFAULT_API_VERSION; - public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:" + AAF_DEFAULT_API_VERSION; - public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:" + AAF_DEFAULT_API_VERSION; - public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:" + AAF_DEFAULT_API_VERSION; - public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.hello:" + AAF_DEFAULT_API_VERSION; - public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token"; - public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";; - + public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; // AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability // to set these entries manually @@ -173,12 +173,18 @@ public class Config { public static final String AAF_LOCATOR_VERSION = "aaf_locator_version"; public static final String AAF_LOCATOR_PROTOCOL = "aaf_locator_protocol"; public static final String AAF_LOCATOR_SUBPROTOCOL = "aaf_locator_subprotocol"; - public static final String AAF_LOCATOR_NS = "aaf_locator_ns"; + public static final String AAF_LOCATOR_APP_NS = "aaf_locator_app_ns"; public static final String AAF_LOCATOR_ENTRIES = "aaf_locator_entries"; public static final String AAF_LOCATOR_FQDN = "aaf_locator_fqdn"; public static final String AAF_LOCATOR_NAME = "aaf_locator_name"; public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port"; - public static final String AAF_LOCATOR_PUBLIC_HOSTNAME = "aaf_locator_public_hostname"; + public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn"; + public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name"; + + // AAF Service will write to the Audit Log if a past due AAF stored Password + // is being used within # of days specified. + public static final String AAF_CRED_WARN_DAYS="aaf_cred_warn_days"; + public static final String AAF_CRED_WARN_DAYS_DFT="7"; public static final String AAF_APPID = "aaf_id"; public static final String AAF_APPPASS = "aaf_password"; @@ -215,8 +221,11 @@ public class Config { public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only. public static final String AAF_RELEASE = "aaf_release"; - public static final String GW_URL = "gw_url"; - public static final String CM_URL = "cm_url"; + public static final String AAF_URL_GUI="aaf_url_gui"; + public static final String AAF_URL_FS="aaf_url_fs"; + public static final String AAF_URL_CM = "aaf_url_cm"; + public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:"+AAF_DEFAULT_API_VERSION; + public static final String AAF_URL_HELLO = "aaf_url_hello"; public static final String CM_TRUSTED_CAS = "cm_trusted_cas"; public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern"; @@ -258,6 +267,12 @@ public class Config { public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException { Access access = si.access; + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException e2) { + throw new CadiException(e2); + } ///////////////////////////////////////////////////// // Setup AAFCon for any following ///////////////////////////////////////////////////// @@ -277,7 +292,7 @@ public class Config { boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs); // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL - String aafURL = access.getProperty(AAF_URL,null); + String aafURL = logProp(rph, AAF_URL,null); if (!hasDirectAAF && aafcon==null && aafURL!=null) { aafcon = loadAAFConnector(si, aafURL); } @@ -352,8 +367,8 @@ public class Config { Class obasicCls = (Class)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF); if (obasicCls!=null) { try { - String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null); - String introspecturl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL, null); + String tokenurl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL, null); + String introspecturl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL, null); if (tokenurl==null || introspecturl==null) { access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled."); } @@ -431,7 +446,7 @@ public class Config { // Configure OAuth TAF ///////////////////////////////////////////////////// if (!hasOAuthDirectTAF) { - String oauthTokenUrl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null); + String oauthTokenUrl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL,null); Class oadtClss; try { oadtClss = Class.forName(OAUTH_DIRECT_TAF); @@ -448,7 +463,7 @@ public class Config { additionalTafLurs = array; access.log(Level.INIT,"OAuth2 Direct is enabled"); } else if (oauthTokenUrl!=null) { - String oauthIntrospectUrl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null); + String oauthIntrospectUrl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL,null); @SuppressWarnings("unchecked") Class oaTCls = (Class)loadClass(access,OAUTH_HTTP_TAF); if (oaTCls!=null) { @@ -549,7 +564,7 @@ public class Config { } access.log(Level.INIT, sb); - Locator locator = loadLocator(si, logProp(access, AAF_LOCATE_URL, null)); + Locator locator = loadLocator(si, logProp(rph, Config.getAAFLocateUrl(access), null)); taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null String level = logProp(access, CADI_LOGLEVEL, null); @@ -561,6 +576,18 @@ public class Config { return taf; } + public static String logProp(RegistrationPropHolder rph, String tag, String def) { + String rv = rph.access().getProperty(tag, def); + if (rv == null) { + rph.access().log(Level.INIT,tag,"is not explicitly set"); + } else { + rv = rph.replacements("Config.logProp",rv, null, null); + rph.access().log(Level.INIT,tag,"is set to",rv); + } + return rv; + + } + public static String logProp(Access access,String tag, String def) { String rv = access.getProperty(tag, def); if (rv == null) { @@ -573,6 +600,13 @@ public class Config { public static Lur configLur(SecurityInfoC si, Connector con, Object ... additionalTafLurs) throws CadiException { Access access = si.access; + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException e2) { + throw new CadiException(e2); + } + List> lurs = new ArrayList<>(); ///////////////////////////////////////////////////// @@ -601,8 +635,8 @@ public class Config { ///////////////////////////////////////////////////// // Configure the OAuth Lur (if any) ///////////////////////////////////////////////////// - String tokenUrl = logProp(access,AAF_OAUTH2_TOKEN_URL, null); - String introspectUrl = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null); + String tokenUrl = logProp(rph,AAF_OAUTH2_TOKEN_URL, null); + String introspectUrl = logProp(rph,AAF_OAUTH2_INTROSPECT_URL, null); if (tokenUrl!=null && introspectUrl !=null) { try { Class olurCls = loadClass(access, CADI_OLUR_CLASS_DEF); @@ -631,7 +665,7 @@ public class Config { ///////////////////////////////////////////////////// // Configure the AAF Lur (if any) ///////////////////////////////////////////////////// - String aafURL = logProp(access,AAF_URL,null); // Trigger Property + String aafURL = logProp(rph,AAF_URL,null); // Trigger Property String aafEnv = access.getProperty(AAF_ENV,null); if (aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL int ec = aafURL.indexOf("envContext="); @@ -821,53 +855,29 @@ public class Config { RegistrationPropHolder rph; try { rph = new RegistrationPropHolder(access, 0); - url = rph.replacements(_url, null, null); + url = rph.replacements("Config.loadLocator",_url, null, null); + access.printf(Level.INFO, "loadLocator URL is %s",url); } catch (UnknownHostException | CadiException e1) { throw new LocatorException(e1); } - -// if(url.indexOf('%')>=0) { -// String str = access.getProperty(Config.AAF_LOCATOR_CONTAINER_ID, null); -// if(str==null) { -// url = url.replace("%CID",""); -// } else { -// url = url.replace("%CID",str+'.'); -// } -// str = access.getProperty(Config.AAF_LOCATOR_CONTAINER, null); -// if(str==null) { -// url = url.replace("%C",""); -// } else { -// url = url.replace("%C",str+'.'); -// } -// -// if (root_ns==null) { -// url = url.replace("%AAF_NS",""); -// } else { -// url = url.replace("%AAF_NS",root_ns); -// } -// } - String replacement; - int idxAAFLocateUrl; - if ((idxAAFLocateUrl=url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) { - StringBuilder sb = new StringBuilder(replacement); - if (!replacement.endsWith("/locate")) { - sb.append("/locate"); - } - sb.append(url,idxAAFLocateUrl+AAF_LOCATE_URL_TAG.length(),url.length()); - url = sb.toString(); + + String aaf_locator_class; + if(_url.equals(url) && !url.contains("/locate/")) { + aaf_locator_class = "org.onap.aaf.cadi.locator.DNSLocator"; + } else { + aaf_locator_class = AAF_LOCATOR_CLASS_DEF; } - try { - Class lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF); + Class lcls = loadClass(access,aaf_locator_class); if (lcls==null) { throw new CadiException("Need to include aaf-cadi-aaf jar for AAFLocator"); } // First check for preloaded try { - Method meth = lcls.getMethod("create",String.class); - locator = (Locator)meth.invoke(null,url); + Method meth = lcls.getMethod("create",Access.class,String.class); + locator = (Locator)meth.invoke(null,access,url); } catch (Exception e) { - access.log(Level.DEBUG, "(Not fatal) Cannot load by create(String)", e); + access.log(Level.TRACE, "(Not fatal) Cannot load by create(String)", e); } if (locator==null) { URI locatorURI = new URI(url); @@ -897,6 +907,18 @@ public class Config { public static String getDefaultRealm() { return defaultRealm; } + + public static String getAAFLocateUrl(Access access) { + String rv = null; + String cont = access.getProperty(AAF_LOCATOR_CONTAINER,null); + if(cont!=null) { + rv = access.getProperty(AAF_LOCATE_URL + '.' +cont, null); + } + if(rv==null) { + rv = access.getProperty(AAF_LOCATE_URL, null); + } + return rv; + } private static class Priori implements Comparable> { public final T t;