X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FConfig.java;h=b4e31f2f33a95f78dada07c84093b27f2cc0442b;hb=442d8fb117c9086ec2ec468f661af082becafbb8;hp=d7c7526f0bdca92d5cfc250e536315c2e01c76da;hpb=0e1fba6c952321a4c194d55efe1f1ece1f5c33a4;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index d7c7526f..b4e31f2f 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -42,7 +42,9 @@ import org.onap.aaf.cadi.CachingLur; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Connector; import org.onap.aaf.cadi.CredVal; +import org.onap.aaf.cadi.CredValDomain; import org.onap.aaf.cadi.Locator; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.Symm; @@ -110,13 +112,6 @@ public class Config { public static final String CADI_OAUTH2_URL="cadi_oauth2_url"; public static final String CADI_TOKEN_DIR = "cadi_token_dir"; - public static final String CSP_DOMAIN = "csp_domain"; - public static final String CSP_HOSTNAME = "csp_hostname"; - public static final String CSP_DEVL_LOCALHOST = "csp_devl_localhost"; - public static final String CSP_USER_HEADER = "CSP_USER"; - public static final String CSP_SYSTEMS_CONF = "CSPSystems.conf"; - public static final String CSP_SYSTEMS_CONF_FILE = "csp_systems_conf_file"; - public static final String HTTPS_PROTOCOLS = "https.protocols"; public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols"; @@ -143,6 +138,7 @@ public class Config { public static final String AAF_ENV = "aaf_env"; public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration public static final String AAF_ROOT_NS = "aaf_root_ns"; + public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf"; public static final String AAF_ROOT_COMPANY = "aaf_root_company"; public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator private static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables. @@ -224,7 +220,7 @@ public class Config { } } - public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException { + public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException { Access access = si.access; ///////////////////////////////////////////////////// // Setup AAFCon for any following @@ -263,7 +259,7 @@ public class Config { access.log(Level.INIT, "Hostname set to",hostname); // Get appropriate TAFs - ArrayList htlist = new ArrayList(); + ArrayList htlist = new ArrayList<>(); ///////////////////////////////////////////////////// // Add a Denial of Service TAF @@ -275,7 +271,7 @@ public class Config { ///////////////////////////////////////////////////// // Configure Client Cert TAF ///////////////////////////////////////////////////// - + X509Taf x509TAF = null; String truststore = logProp(access, CADI_TRUSTSTORE,null); if(truststore!=null) { String truststore_pwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD,null); @@ -288,7 +284,7 @@ public class Config { } } try { - htlist.add(new X509Taf(access,lur)); + htlist.add(x509TAF=new X509Taf(access,lur)); access.log(Level.INIT,"Certificate Authorization enabled"); } catch (SecurityException e) { access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e); @@ -337,7 +333,16 @@ public class Config { if(!basic_warn)access.log(Level.INIT,"WARNING! The basic_warn property has been set to false.", " There will be no additional warning if Basic Auth is used on an insecure channel" ); - htlist.add(new BasicHttpTaf(access, up, basic_realm, userExp, basic_warn)); + BasicHttpTaf bht = new BasicHttpTaf(access, up, basic_realm, userExp, basic_warn); + for(Object o : additionalTafLurs) { + if(o instanceof CredValDomain) { + bht.add((CredValDomain)o); + } + } + if(x509TAF!=null) { + x509TAF.add(bht); + } + htlist.add(bht); access.log(Level.INIT,"Basic Authorization is enabled"); } } else { @@ -441,8 +446,18 @@ public class Config { ///////////////////////////////////////////////////// if(additionalTafLurs!=null) { for(Object additional : additionalTafLurs) { - if(additional instanceof HttpTaf) { - htlist.add((HttpTaf)additional); + if(additional instanceof BasicHttpTaf) { + BasicHttpTaf ht = (BasicHttpTaf)additional; + for(Object cv : additionalTafLurs) { + if(cv instanceof CredValDomain) { + ht.add((CredValDomain)cv); + access.printf(Level.INIT,"%s Authentication is enabled",cv); + } + } + htlist.add(ht); + } else if(additional instanceof HttpTaf) { + HttpTaf ht = (HttpTaf)additional; + htlist.add(ht); access.printf(Level.INIT,"%s Authentication is enabled",additional.getClass().getSimpleName()); } else if(hasOAuthDirectTAF) { Class daupCls; @@ -459,6 +474,14 @@ public class Config { } } + // Add BasicAuth, if any, to x509Taf + if(x509TAF!=null) { + for( HttpTaf ht : htlist) { + if(ht instanceof BasicHttpTaf) { + x509TAF.add((BasicHttpTaf)ht); + } + } + } ///////////////////////////////////////////////////// // Create EpiTaf from configured TAFs ///////////////////////////////////////////////////// @@ -492,7 +515,7 @@ public class Config { public static Lur configLur(SecurityInfoC si, Connector con, Object ... additionalTafLurs) throws CadiException { Access access = si.access; - List lurs = new ArrayList(); + List lurs = new ArrayList<>(); ///////////////////////////////////////////////////// // Configure a Local Property Based RBAC/LUR @@ -532,7 +555,11 @@ public class Config { access.log(Level.INIT,"AAF/OAuth LUR plugin is not available."); } } catch (NoSuchMethodException| SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { - access.log(e,"AAF/OAuth LUR could not be constructed with given Constructors."); + String msg = e.getMessage(); + if(msg==null && e.getCause()!=null) { + msg = e.getCause().getMessage(); + } + access.log(Level.INIT,"AAF/OAuth LUR is not instantiated.",msg); } } else { access.log(Level.INIT, "OAuth2 Lur disabled"); @@ -652,7 +679,7 @@ public class Config { aafConClass = loadClass(access, AAF_V2_0_AAF_CON_HTTP); if (aafConClass != null) { for (Constructor c : aafConClass.getConstructors()) { - List lo = new ArrayList(); + List lo = new ArrayList<>(); for (Class pc : c.getParameterTypes()) { if (pc.equals(Access.class)) { lo.add(access); @@ -707,7 +734,7 @@ public class Config { @SuppressWarnings("unchecked") - public static Locator loadLocator(SecurityInfoC si, final String _url) { + public static Locator loadLocator(SecurityInfoC si, final String _url) throws LocatorException { Access access = si.access; Locator locator = null; if(_url==null) { @@ -716,7 +743,12 @@ public class Config { String url = _url, replacement; int idxAAF_LOCATE_URL; if((idxAAF_LOCATE_URL=_url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) { - url = replacement + "/locate" + _url.substring(idxAAF_LOCATE_URL+AAF_LOCATE_URL_TAG.length()); + StringBuilder sb = new StringBuilder(replacement); + if(!replacement.endsWith("/locate")) { + sb.append("/locate"); + } + sb.append(_url,idxAAF_LOCATE_URL+AAF_LOCATE_URL_TAG.length(),_url.length()); + url = sb.toString(); } try { @@ -743,6 +775,9 @@ public class Config { access.log(Level.INFO, "AAFLocator enabled using preloaded " + locator.getClass().getSimpleName()); } } catch (InvocationTargetException e) { + if(e.getTargetException() instanceof LocatorException) { + throw (LocatorException)e.getTargetException(); + } access.log(Level.INIT,e.getTargetException().getMessage(),"AAFLocator for",url,"could not be created.",e); } catch (Exception e) { access.log(Level.INIT,"AAFLocator for",url,"could not be created.",e);