-
+#!/bin/bash dinstall
if ["`docker ps -a | grep aaf_cass`" == ""]; then
docker run --name aaf_cass -d cassandra:3.11
else
<mainClass>org.onap.aaf.auth.cm.AAF_CM</mainClass>
<name>cm</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.cm.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.cm.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/cm</commandLineArgument>
</commandLineArguments>
</program>
</programs>
package org.onap.aaf.auth.cm;
-import java.io.File;
import java.lang.reflect.Constructor;
import java.util.Map;
import java.util.Map.Entry;
import org.onap.aaf.auth.server.JettyServiceStarter;
import org.onap.aaf.auth.server.Log4JLogIt;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "cm");
+ Log4JLogIt logIt = new Log4JLogIt(args, "cm");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
AAF_CM service = new AAF_CM(new AuthzEnv(propAccess));
JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
jss.start();
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
</dependency>
<dependency>
package org.onap.aaf.auth.server;
import java.security.NoSuchAlgorithmException;
+import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.onap.aaf.misc.env.impl.BasicEnv;
public abstract class AbsService<ENV extends BasicEnv, TRANS extends Trans> extends RServlet<TRANS> {
- protected static final String AAF_LOG4J_PREFIX = "aaf_log4j_prefix";
public final Access access;
public final ENV env;
private AAFConHttp aafCon;
return aafCon.hman().best(new HTransferSS(p,app_name, aafCon.securityInfo()), retryable);
}
- protected static final String getArg(final String tag, final String args[], final String def) {
- String value = def;
+ protected static final String loadFromArgOrSystem(final Properties props, final String tag, final String args[], final String def) {
String tagEQ = tag + '=';
+ String value;
for(String arg : args) {
if(arg.startsWith(tagEQ)) {
- value = arg.substring(tagEQ.length());
+ props.put(tag, value=arg.substring(tagEQ.length()));
+ return value;
}
}
- return value;
+ // check System.properties
+ value = System.getProperty(tag);
+ if(value!=null) {
+ props.put(tag, value);
+ return value;
+ }
+
+ if(def!=null) {
+ props.put(tag,def);
+ }
+ return def;
}
}
*/
package org.onap.aaf.auth.server;
+import java.io.File;
import java.io.IOException;
import java.text.SimpleDateFormat;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.PropAccess.LogIt;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.log4j.LogFileNamer;
public class Log4JLogIt implements LogIt {
+ protected static final String AAF_LOG4J_PREFIX = "aaf_log4j_prefix";
+
// Sonar says cannot be static... it's ok. not too many PropAccesses created.
private final SimpleDateFormat iso8601 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
private final Logger ltrace;
- public Log4JLogIt(final String log_dir, final String log_level, final String propsFile, final String root) throws APIException {
+ public Log4JLogIt(final String[] args, final String root) throws APIException {
+ String propsFile = getArgOrVM(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
+ String log_dir = getArgOrVM(Config.CADI_LOGDIR,args,"/opt/app/osaaf/logs");
+ String etc_dir = getArgOrVM(Config.CADI_ETCDIR,args,"/opt/app/osaaf/etc");
+ String log_level = getArgOrVM(Config.CADI_LOGLEVEL,args,"INFO");
+ File logs = new File(log_dir);
+ if(!logs.isDirectory()) {
+ logs.delete();
+ }
+ if(!logs.exists()) {
+ logs.mkdirs();
+ }
+
LogFileNamer lfn = new LogFileNamer(log_dir,root);
try {
service=lfn.setAppender("service"); // when name is split, i.e. authz|service, the Appender is "authz", and "service"
linit = Logger.getLogger(init);
ltrace = Logger.getLogger(trace);
- lfn.configure(propsFile, log_level);
+ lfn.configure(etc_dir,propsFile, log_level);
} catch (IOException e) {
throw new APIException(e);
}
}
+ private static final String getArgOrVM(final String tag, final String args[], final String def) {
+ String tagEQ = tag + '=';
+ String value;
+ for(String arg : args) {
+ if(arg.startsWith(tagEQ)) {
+ return arg.substring(tagEQ.length());
+ }
+ }
+ // check System.properties
+ value = System.getProperty(tag);
+ if(value!=null) {
+ return value;
+ }
+
+ return def;
+ }
+
@Override
public void push(Level level, Object... elements) {
switch(level) {
<mainClass>org.onap.aaf.auth.fs.AAF_FS</mainClass>
<name>fs</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.fs.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.fs.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/fs</commandLineArgument>
</commandLineArguments>
</program>
</programs>
import static org.onap.aaf.auth.rserv.HttpMethods.GET;
-import java.io.File;
import java.io.IOException;
import javax.servlet.Filter;
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "fs");
+ Log4JLogIt logIt = new Log4JLogIt(args, "fs");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
AAF_FS service = new AAF_FS(new AuthzEnv(propAccess));
JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
jss.insecure().start();
<mainClass>org.onap.aaf.auth.gui.AAF_GUI</mainClass>
<name>gui</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.gui.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.gui.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/gui</commandLineArgument>
</commandLineArguments>
<jvmSettings>
<extraArguments>
import static org.onap.aaf.auth.rserv.HttpMethods.POST;
import static org.onap.aaf.auth.rserv.HttpMethods.PUT;
-import java.io.File;
-
import javax.servlet.Filter;
import org.onap.aaf.auth.cmd.Cmd;
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "authz");
+ Log4JLogIt logIt = new Log4JLogIt(args, "gui");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
AAF_GUI service = new AAF_GUI(new AuthzEnv(propAccess));
JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
jss.start();
<mainClass>org.onap.aaf.auth.hello.AAF_Hello</mainClass>
<name>hello</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.hello.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.hello.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/hello</commandLineArgument>
</commandLineArguments>
</program>
</programs>
package org.onap.aaf.auth.hello;
-import java.io.File;
import java.util.Map;
import javax.servlet.Filter;
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "hello");
+ Log4JLogIt logIt = new Log4JLogIt(args, "hello");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
AAF_Hello service = new AAF_Hello(new AuthzEnv(propAccess));
JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
jss.start();
<mainClass>org.onap.aaf.auth.locate.AAF_Locate</mainClass>
<id>locate</id>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.locate.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.locate.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/locate</commandLineArgument>
</commandLineArguments>
</program>
</programs>
package org.onap.aaf.auth.locate;
-import java.io.File;
import java.net.URI;
import java.util.Map;
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "locate");
+ Log4JLogIt logIt = new Log4JLogIt(args, "locate");
PropAccess propAccess = new PropAccess(logIt,args);
AAF_Locate service = new AAF_Locate(new AuthzEnv(propAccess));
<mainClass>org.onap.aaf.auth.oauth.AAF_OAuth</mainClass>
<name>oauth</name>
<commandLineArguments>
- <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.oauth.props</commandLineArgument>
+ <commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.oauth.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/oauth</commandLineArgument>
</commandLineArguments>
</program>
</programs>
package org.onap.aaf.auth.oauth;
-import java.io.File;
import java.util.Map;
import javax.servlet.Filter;
import org.onap.aaf.cadi.oauth.TokenMgr.TokenPermLoader;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.Data.TYPE;
+import org.onap.aaf.misc.env.Env;
import com.datastax.driver.core.Cluster;
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "oauth");
+ Log4JLogIt logIt = new Log4JLogIt(args, "oauth");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
AAF_OAuth service = new AAF_OAuth(new AuthzEnv(propAccess));
JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
jss.start();
<name>service</name>
<commandLineArguments>
<commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.service.props</commandLineArgument>
+ <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/service</commandLineArgument>
</commandLineArguments>
</program>
</programs>
package org.onap.aaf.auth.service;
-import java.io.File;
-
import javax.servlet.Filter;
import org.onap.aaf.auth.cache.Cache;
*/
public static void main(final String[] args) {
try {
- String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props";
- String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs");
- String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO");
- File logs = new File(log_dir);
- if(!logs.isDirectory()) {
- logs.delete();
- }
- if(!logs.exists()) {
- logs.mkdirs();
- }
- Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "authz");
+ Log4JLogIt logIt = new Log4JLogIt(args, "authz");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
AbsService<AuthzEnv, AuthzTrans> service = new AAF_Service(new AuthzEnv(propAccess));
JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
jss.start();
-USE authz;\r
-\r
-// Create Root pass\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');\r
-\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31');\r
-\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31');\r
-\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');\r
-\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31');\r
-\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');\r
-\r
-INSERT INTO cred (id,ns,type,cred,expires)\r
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');\r
-\r
-\r
-// Create 'com' root NS\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('com',1,'Root Namespace',null,1);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('com','admin',{'com.access|*|*'},'Com Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('com','owner',{'com.access|*|read'},'Com Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');\r
-\r
-// Create org root NS\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org',1,'Root Namespace Org',null,1);\r
-\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);\r
-\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org','admin',{'org.access|*|*'},'Com Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org','owner',{'org.access|*|read'},'Com Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');\r
-\r
-\r
-// Create com.att\r
-\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('com.att',2,'AT&T Namespace','com',2);\r
-\r
-INSERT INTO role(ns, name, perms,description)\r
- VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');\r
-\r
-INSERT INTO role(ns, name, perms,description)\r
- VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles,description)\r
- VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles,description)\r
- VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');\r
-\r
-// Create com.att.aaf\r
-\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');\r
-\r
-\r
-// Create org.openecomp\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.openecomp',2,'Open EComp NS','com.att',2);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');\r
-\r
-\r
-\r
-\r
-// Create org.onap\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.onap',2,'Onap NS','com.att',2);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin');\r
-\r
-\r
-\r
-// Create org.onap.appc\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.onap.appc',2,'Onap NS','com.att',2);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');\r
-\r
-\r
-\r
-// Create org.onap.portal\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.onap.portal',2,'Onap NS','com.att',2);\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'},\r
- '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'},\r
- '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'},\r
- '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'},\r
- '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'},\r
- '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator');\r
-\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');\r
-\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator');\r
-\r
-\r
-\r
-\r
-\r
-\r
-// Create org.openecomp.dmaapBC\r
-\r
-INSERT INTO ns (name,scope,description,parent,type)\r
- VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);\r
-\r
-//INSERT INTO role(ns, name, perms, description)\r
-// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
-VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');\r
-\r
-//INSERT INTO role(ns, name, perms, description)\r
-//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');\r
-\r
-//INSERT INTO role(ns, name, perms, description)\r
-//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');\r
-\r
-\r
-\r
-INSERT INTO role(ns, name, perms, description)\r
- VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');\r
-\r
-INSERT INTO perm(ns, type, instance, action, roles, description)\r
- VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');\r
-\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');\r
-INSERT INTO user_role(user,role,expires,ns,rname)\r
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');\r
+USE authz;
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+
+// Create 'com' root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com',1,'Root Namespace',null,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','admin',{'com.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','owner',{'com.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
+
+// Create org root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org',1,'Root Namespace Org',null,1);
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
+
+
+// Create com.att
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att',2,'AT&T Namespace','com',2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');
+
+// Create com.att.aaf
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');
+
+
+// Create org.openecomp
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp',2,'Open EComp NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
+
+
+
+
+// Create org.onap
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.onap',2,'Onap NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin');
+
+
+
+// Create org.onap.appc
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.onap.appc',2,'Onap NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');
+
+
+
+// Create org.onap.portal
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.onap.portal',2,'Onap NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'},
+ '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'},
+ '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'},
+ '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'},
+ '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'},
+ '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator');
+
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');
+
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator');
+
+
+
+
+
+
+// Create org.openecomp.dmaapBC
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);
+
+//INSERT INTO role(ns, name, perms, description)
+// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description)
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description)
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# *\r
-#-------------------------------------------------------------------------------\r
-version: '2'\r
-services:\r
- aaf_container:\r
- image: attos/aaf\r
- ports:\r
- - "8101:8101"\r
- links:\r
- - cassandra_container\r
- volumes:\r
- # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props\r
- - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh\r
- - ./data2:/data\r
- # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh\r
- # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props\r
- # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar\r
- # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar\r
- # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar\r
- # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar\r
- # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar\r
- entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"]\r
- environment:\r
- - CASSANDRA_CLUSTER=cassandra_container\r
- \r
-\r
- cassandra_container:\r
- image: cassandra:2.1.16\r
- ports:\r
- - "7000:7000"\r
- - "7001:7001"\r
- - "9042:9042"\r
- - "9160:9160"\r
- volumes:\r
- - ./data:/data\r
- - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh\r
- entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"]\r
+#-------------------------------------------------------------------------------
+# ============LICENSE_START====================================================
+# * org.onap.aaf
+# * ===========================================================================
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# * ===========================================================================
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# * ============LICENSE_END====================================================
+# *
+# *
+#-------------------------------------------------------------------------------
+version: '2'
+services:
+ aaf_container:
+ image: attos/aaf
+ ports:
+ - "8101:8101"
+ links:
+ - cassandra_container
+ volumes:
+ # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props
+ - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
+ - ./data2:/data
+ # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh
+ # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props
+ # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar
+ # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar
+ # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar
+ # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar
+ # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar
+ entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"]
+ environment:
+ - CASSANDRA_CLUSTER=cassandra_container
+
+
+ cassandra_container:
+ image: cassandra:2.1.16
+ ports:
+ - "7000:7000"
+ - "7001:7001"
+ - "9042:9042"
+ - "9160:9160"
+ volumes:
+ - ./data:/data
+ - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
+ entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"]
LABEL description="aaf ${AAF_COMPONENT}"
LABEL version=${AAF_VERSION}
-RUN apt-get update
-RUN apt-get install -y softhsm2
-RUN apt-get install -y libsofthsm2
-RUN apt-get install -y opensc
+
+#RUN apt-get update
+#RUN apt-get install -y softhsm2
+#RUN apt-get install -y libsofthsm2
+#RUN apt-get install -y opensc
COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib
COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme
COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin
-CMD ["bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+CMD ["/bin/bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
# For Debugging installation
-# CMD ["bash"]
+#CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
# Java Debugging VM Args
# "-Xdebug",\
# "-Xnoagent",\
# TLS Debugging VM Args
# "-Djavax.net.debug","ssl", \
-
+#!/bin/bash dbuild.sh
#
# Docker Building Script. Reads all the components generated by install, on per-version basis
#
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
+# Pull in Variables from d.props
+. d.props
# TODO add ability to do DEBUG settings
if ["$1" == ""]; then
fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
+ echo Building aaf_$AAF_COMPONENT...
sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile > ../aaf_${VERSION}/Dockerfile
cd ..
docker build -t ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION}
-HOSTNAME=meriadoc.mithril.sbc.com
-HOST_IP=172.17.0.3
-CASS_HOST="cass.mithril.sbc.com:172.17.0.3"
-VERSION=2.1.0-SNAPSHOT
+#!/bin/bash drun.sh
+. d.props
if [ "$1" == "" ]; then
AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'`
fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
-
case "$AAF_COMPONENT" in
"service") PORTMAP="8100:8100";;
- "locate") PORTMAP="443:8095";;
+ "locate") PORTMAP="8095:8095";;
"oauth") PORTMAP="8140:8140";;
"gui") PORTMAP="8200:8200";;
"cm") PORTMAP="8150:8150";;
"fs") PORTMAP="80:8096";;
esac
-# if [ "`docker container ls | grep aaf_$AAF_COMPONENT:$VERSION`" == "" ]; then
- docker run \
+# if [ "`docker container ls | grep aaf_$AAF_COMPONENT:$VERSION`" == "" ]; then
+ echo Starting aaf_$AAF_COMPONENT...
+ docker run \
+ -d \
--name aaf_$AAF_COMPONENT \
--hostname="$HOSTNAME" \
--add-host="$CASS_HOST" \
--publish $PORTMAP \
- --volume=/opt/app/osaaf/etc:/opt/app/osaaf/etc \
+ --mount type=bind,source=$CONF_ROOT_DIR,target=/opt/app/osaaf \
--link aaf_cass:cassandra \
- aaf_$AAF_COMPONENT:$VERSION
+ ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
# else
#echo docker container start -ia aaf_$AAF_COMPONENT
# fi
<!-- >project.jettyVersion>9.3.22.v20171030</project.jettyVersion -->
<project.jettyVersion>9.4.8.v20171121</project.jettyVersion>
<powermock.version>1.5.1</powermock.version>
- <project.conf_dir>/opt/app/osaaf/etc</project.conf_dir>
+ <project.ext_root_dir>/opt/app/osaaf</project.ext_root_dir>
<!-- SONAR -->
<jacoco.version>0.7.7.201606060606</jacoco.version>
<sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.17</version>
<configuration>
- <skipTests>flase</skipTests>
+ <skipTests>false</skipTests>
</configuration>
<executions>
<execution>
<configuration>
<programs/> <!-- this set in projects that have programs -->
<assembleDirectory>../aaf_${project.version}</assembleDirectory>
- <copyConfigurationDirectory>false</copyConfigurationDirectory>
+ <copyConfigurationDirectory>true</copyConfigurationDirectory>
<configurationDirectory>etc</configurationDirectory>
<repositoryName>lib</repositoryName>
+ <includeConfigurationDirectoryInClasspath>false</includeConfigurationDirectoryInClasspath>
<repositoryLayout>flat</repositoryLayout>
</configuration>
</plugin>
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
+ <artifactId>javax.servlet-api</artifactId>
+ <version>3.0.1</version>
</dependency>
<dependency>
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
import java.util.Collection;
import java.util.List;
-import sun.security.pkcs11.SunPKCS11;
-
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
* @throws CertException
*/
public static synchronized Provider getSecurityProvider(String providerType, String[][] params) throws CertException {
- Provider p = null;
- switch(providerType) {
- case "PKCS12":
- p = Security.getProvider(providerType);
- break;
- case "PKCS11": // PKCS11 only known to be supported by Sun
- try {
- p = new SunPKCS11(params[0][0]);
- if (p==null) {
- throw new CertException("SunPKCS11 Provider cannot be constructed for " + params[0][0]);
+ Provider p = Security.getProvider(providerType);
+ if(p!=null) {
+ switch(providerType) {
+ case "PKCS12":
+
+ break;
+ case "PKCS11": // PKCS11 only known to be supported by Sun
+ try {
+ Class<?> clsSunPKCS11 = Class.forName("sun.security.pkcs11.SunPKCS11");
+ Constructor<?> cnst = clsSunPKCS11.getConstructor(String.class);
+ Object sunPKCS11 = cnst.newInstance(params[0][0]);
+ if (sunPKCS11==null) {
+ throw new CertException("SunPKCS11 Provider cannot be constructed for " + params[0][0]);
+ }
+ Security.addProvider((Provider)sunPKCS11);
+ } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new CertException(e);
}
- Security.addProvider(p);
- } catch (SecurityException | IllegalArgumentException e) {
- throw new CertException(e);
- }
- break;
- default:
- throw new CertException(providerType + " is not a known Security Provider for your JDK.");
+ break;
+ default:
+ throw new CertException(providerType + " is not a known Security Provider for your JDK.");
+ }
}
return p;
}
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>compile</scope>
</dependency>
</dependencies>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
public static final String HOSTNAME = "hostname";
public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)
public static final String CADI_LOGLEVEL = "cadi_loglevel";
- public static final String CADI_LOGDIR = "cadi_logdir";
+ public static final String CADI_LOGDIR = "cadi_log_dir";
+ public static final String CADI_ETCDIR = "cadi_etc_dir";
public static final String CADI_LOGNAME = "cadi_logname";
public static final String CADI_KEYFILE = "cadi_keyfile";
public static final String CADI_KEYSTORE = "cadi_keystore";
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * *\r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * *\r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static org.hamcrest.CoreMatchers.*;\r
-import static org.junit.Assert.*;\r
-import org.junit.*;\r
-\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.File;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.OutputStream;\r
-import java.io.PrintStream;\r
-import java.lang.reflect.Field;\r
-import java.nio.file.Files;\r
-import java.nio.file.Paths;\r
-\r
-import javax.crypto.CipherInputStream;\r
-import javax.crypto.CipherOutputStream;\r
-import javax.crypto.SecretKey;\r
-\r
-import org.onap.aaf.cadi.AES;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-public class JU_AES {\r
- private AES aes;\r
- private ByteArrayInputStream baisEncrypt;\r
- private ByteArrayInputStream baisDecrypt;\r
- private ByteArrayOutputStream baosEncrypt;\r
- private ByteArrayOutputStream baosDecrypt;\r
-\r
- private ByteArrayOutputStream errStream;\r
-\r
- @Before\r
- public void setup() throws Exception {\r
- byte[] keyBytes = new byte[AES.AES_KEY_SIZE/8];\r
- char[] codeset = Symm.base64.codeset;\r
- int offset = (Math.abs(codeset[0]) + 47) % (codeset.length - keyBytes.length);\r
- for(int i = 0; i < keyBytes.length; ++i) {\r
- keyBytes[i] = (byte)codeset[i+offset];\r
- }\r
- aes = new AES(keyBytes, 0, keyBytes.length);\r
-\r
- errStream = new ByteArrayOutputStream();\r
- System.setErr(new PrintStream(errStream));\r
- }\r
-\r
- @After\r
- public void tearDown() {\r
- System.setErr(System.err);\r
- }\r
-\r
- @Test\r
- public void newKeyTest() throws Exception {\r
- SecretKey secretKey = AES.newKey();\r
- assertThat(secretKey.getAlgorithm(), is(AES.class.getSimpleName()));\r
- }\r
-\r
- @Test\r
- public void encryptDecrpytFromBytes() throws Exception {\r
- String orig = "I'm a password, really";\r
- byte[] encrypted = aes.encrypt(orig.getBytes());\r
- byte[] decrypted = aes.decrypt(encrypted);\r
- assertThat(new String(decrypted), is(orig));\r
- \r
- Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec");\r
- aeskeySpec_field.setAccessible(true);\r
- aeskeySpec_field.set(aes, null);\r
-\r
- try {\r
- aes.encrypt(orig.getBytes());\r
- fail("Should have thrown an exception");\r
- } catch (CadiException e) {\r
- }\r
- try {\r
- aes.decrypt(encrypted);\r
- fail("Should have thrown an exception");\r
- } catch (CadiException e) {\r
- }\r
- }\r
-\r
- @Test\r
- public void saveToFileTest() throws Exception {\r
- String filePath = "test/output_key";\r
- File keyfile = new File(filePath);\r
- aes.save(keyfile);\r
- assertTrue(Files.isReadable(Paths.get(filePath)));\r
- assertFalse(Files.isWritable(Paths.get(filePath)));\r
- assertFalse(Files.isExecutable(Paths.get(filePath)));\r
- keyfile.delete();\r
- }\r
-\r
- @Test\r
- public void encryptDecryptFromInputStream() throws Exception {\r
- String orig = "I'm a password, really";\r
- byte[] b64encrypted;\r
- String output;\r
-\r
- CipherInputStream cisEncrypt;\r
- CipherInputStream cisDecrypt;\r
- \r
- // Test CipherInputStream\r
- baisEncrypt = new ByteArrayInputStream(orig.getBytes());\r
- cisEncrypt = aes.inputStream(baisEncrypt, true);\r
- baosEncrypt = new ByteArrayOutputStream();\r
- transferFromInputStreamToOutputStream(cisEncrypt, baosEncrypt);\r
- cisEncrypt.close();\r
-\r
- b64encrypted = baosEncrypt.toByteArray();\r
-\r
- baisDecrypt = new ByteArrayInputStream(b64encrypted);\r
- cisDecrypt = aes.inputStream(baisDecrypt, false);\r
- baosDecrypt = new ByteArrayOutputStream();\r
- transferFromInputStreamToOutputStream(cisDecrypt, baosDecrypt);\r
- cisDecrypt.close();\r
-\r
- output = new String(baosDecrypt.toByteArray());\r
- assertThat(output, is(orig));\r
-\r
- Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec");\r
- aeskeySpec_field.setAccessible(true);\r
- aeskeySpec_field.set(aes, null);\r
-\r
- assertNull(aes.inputStream(baisEncrypt, true));\r
- assertThat(errStream.toString(), is("Error creating Aes CipherInputStream\n"));\r
- }\r
-\r
- @Test\r
- public void encryptDecryptFromOutputStream() throws Exception {\r
- String orig = "I'm a password, really";\r
- byte[] b64encrypted;\r
- String output;\r
-\r
- CipherOutputStream cosEncrypt;\r
- CipherOutputStream cosDecrypt;\r
- \r
- // Test CipherOutputStream\r
- baisEncrypt = new ByteArrayInputStream(orig.getBytes());\r
- baosEncrypt = new ByteArrayOutputStream();\r
- cosEncrypt = aes.outputStream(baosEncrypt, true);\r
- transferFromInputStreamToOutputStream(baisEncrypt, cosEncrypt);\r
- cosEncrypt.close();\r
-\r
- b64encrypted = baosEncrypt.toByteArray();\r
-\r
- baosDecrypt = new ByteArrayOutputStream();\r
- cosDecrypt = aes.outputStream(baosDecrypt, false);\r
- baisDecrypt = new ByteArrayInputStream(b64encrypted);\r
- transferFromInputStreamToOutputStream(baisDecrypt, cosDecrypt);\r
- cosDecrypt.close();\r
-\r
- output = new String(baosDecrypt.toByteArray());\r
- assertThat(output, is(orig));\r
-\r
- Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec");\r
- aeskeySpec_field.setAccessible(true);\r
- aeskeySpec_field.set(aes, null);\r
-\r
- assertNull(aes.outputStream(baosEncrypt, true));\r
- assertThat(errStream.toString(), is("Error creating Aes CipherOutputStream\n"));\r
- }\r
-\r
- public void transferFromInputStreamToOutputStream(InputStream is, OutputStream os) throws IOException {\r
- byte[] buffer = new byte[200];\r
- int len;\r
- while ((len = is.read(buffer)) != -1) {\r
- os.write(buffer, 0, len);\r
- }\r
- }\r
- \r
-}\r
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.cadi.test;
+
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+import org.junit.*;
+
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.SecretKey;
+
+import org.onap.aaf.cadi.AES;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.Symm;
+
+public class JU_AES {
+ private AES aes;
+ private ByteArrayInputStream baisEncrypt;
+ private ByteArrayInputStream baisDecrypt;
+ private ByteArrayOutputStream baosEncrypt;
+ private ByteArrayOutputStream baosDecrypt;
+
+ private ByteArrayOutputStream errStream;
+
+ @Before
+ public void setup() throws Exception {
+ byte[] keyBytes = new byte[AES.AES_KEY_SIZE/8];
+ char[] codeset = Symm.base64.codeset;
+ int offset = (Math.abs(codeset[0]) + 47) % (codeset.length - keyBytes.length);
+ for(int i = 0; i < keyBytes.length; ++i) {
+ keyBytes[i] = (byte)codeset[i+offset];
+ }
+ aes = new AES(keyBytes, 0, keyBytes.length);
+
+ errStream = new ByteArrayOutputStream();
+ System.setErr(new PrintStream(errStream));
+ }
+
+ @After
+ public void tearDown() {
+ System.setErr(System.err);
+ }
+
+ @Test
+ public void newKeyTest() throws Exception {
+ SecretKey secretKey = AES.newKey();
+ assertThat(secretKey.getAlgorithm(), is(AES.class.getSimpleName()));
+ }
+
+ @Test
+ public void encryptDecrpytFromBytes() throws Exception {
+ String orig = "I'm a password, really";
+ byte[] encrypted = aes.encrypt(orig.getBytes());
+ byte[] decrypted = aes.decrypt(encrypted);
+ assertThat(new String(decrypted), is(orig));
+
+ Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec");
+ aeskeySpec_field.setAccessible(true);
+ aeskeySpec_field.set(aes, null);
+
+ try {
+ aes.encrypt(orig.getBytes());
+ fail("Should have thrown an exception");
+ } catch (CadiException e) {
+ }
+ try {
+ aes.decrypt(encrypted);
+ fail("Should have thrown an exception");
+ } catch (CadiException e) {
+ }
+ }
+
+ @Test
+ public void saveToFileTest() throws Exception {
+ String filePath = "test/output_key";
+ File keyfile = new File(filePath);
+ aes.save(keyfile);
+ assertTrue(Files.isReadable(Paths.get(filePath)));
+ assertFalse(Files.isWritable(Paths.get(filePath)));
+ assertFalse(Files.isExecutable(Paths.get(filePath)));
+ keyfile.delete();
+ }
+
+ @Test
+ public void encryptDecryptFromInputStream() throws Exception {
+ String orig = "I'm a password, really";
+ byte[] b64encrypted;
+ String output;
+
+ CipherInputStream cisEncrypt;
+ CipherInputStream cisDecrypt;
+
+ // Test CipherInputStream
+ baisEncrypt = new ByteArrayInputStream(orig.getBytes());
+ cisEncrypt = aes.inputStream(baisEncrypt, true);
+ baosEncrypt = new ByteArrayOutputStream();
+ transferFromInputStreamToOutputStream(cisEncrypt, baosEncrypt);
+ cisEncrypt.close();
+
+ b64encrypted = baosEncrypt.toByteArray();
+
+ baisDecrypt = new ByteArrayInputStream(b64encrypted);
+ cisDecrypt = aes.inputStream(baisDecrypt, false);
+ baosDecrypt = new ByteArrayOutputStream();
+ transferFromInputStreamToOutputStream(cisDecrypt, baosDecrypt);
+ cisDecrypt.close();
+
+ output = new String(baosDecrypt.toByteArray());
+ assertThat(output, is(orig));
+
+ Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec");
+ aeskeySpec_field.setAccessible(true);
+ aeskeySpec_field.set(aes, null);
+
+ assertNull(aes.inputStream(baisEncrypt, true));
+ assertThat(errStream.toString(), is("Error creating Aes CipherInputStream\n"));
+ }
+
+ @Test
+ public void encryptDecryptFromOutputStream() throws Exception {
+ String orig = "I'm a password, really";
+ byte[] b64encrypted;
+ String output;
+
+ CipherOutputStream cosEncrypt;
+ CipherOutputStream cosDecrypt;
+
+ // Test CipherOutputStream
+ baisEncrypt = new ByteArrayInputStream(orig.getBytes());
+ baosEncrypt = new ByteArrayOutputStream();
+ cosEncrypt = aes.outputStream(baosEncrypt, true);
+ transferFromInputStreamToOutputStream(baisEncrypt, cosEncrypt);
+ cosEncrypt.close();
+
+ b64encrypted = baosEncrypt.toByteArray();
+
+ baosDecrypt = new ByteArrayOutputStream();
+ cosDecrypt = aes.outputStream(baosDecrypt, false);
+ baisDecrypt = new ByteArrayInputStream(b64encrypted);
+ transferFromInputStreamToOutputStream(baisDecrypt, cosDecrypt);
+ cosDecrypt.close();
+
+ output = new String(baosDecrypt.toByteArray());
+ assertThat(output, is(orig));
+
+ Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec");
+ aeskeySpec_field.setAccessible(true);
+ aeskeySpec_field.set(aes, null);
+
+ assertNull(aes.outputStream(baosEncrypt, true));
+ assertThat(errStream.toString(), is("Error creating Aes CipherOutputStream\n"));
+ }
+
+ public void transferFromInputStreamToOutputStream(InputStream is, OutputStream os) throws IOException {
+ byte[] buffer = new byte[200];
+ int len;
+ while ((len = is.read(buffer)) != -1) {
+ os.write(buffer, 0, len);
+ }
+ }
+
+}
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-import static org.hamcrest.CoreMatchers.is;\r
-\r
-public class JU_CadiException {\r
- @Test\r
- public void testCadiException() {\r
- CadiException exception = new CadiException();\r
- \r
- assertNotNull(exception);\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionString() {\r
- CadiException exception = new CadiException("New Exception");\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionThrowable() {\r
- CadiException exception = new CadiException(new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionStringThrowable() {\r
- CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
-\r
- }\r
- \r
- @Test\r
- public void testCadiException1() {\r
- CadiException exception = new CadiException();\r
- \r
- assertNotNull(exception);\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionString1() {\r
- CadiException exception = new CadiException("New Exception");\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionThrowable1() {\r
- CadiException exception = new CadiException(new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionStringThrowable1() {\r
- CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
-\r
- }\r
- \r
- @Test\r
- public void testCadiException2() {\r
- CadiException exception = new CadiException();\r
- \r
- assertNotNull(exception);\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionString2() {\r
- CadiException exception = new CadiException("New Exception");\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionThrowable2() {\r
- CadiException exception = new CadiException(new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionStringThrowable2() {\r
- CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
-\r
- }\r
-\r
-\r
-\r
-}\r
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.cadi.test;
+
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.onap.aaf.cadi.CadiException;
+
+import static org.hamcrest.CoreMatchers.is;
+
+public class JU_CadiException {
+ @Test
+ public void testCadiException() {
+ CadiException exception = new CadiException();
+
+ assertNotNull(exception);
+ }
+
+ @Test
+ public void testCadiExceptionString() {
+ CadiException exception = new CadiException("New Exception");
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("New Exception"));
+ }
+
+ @Test
+ public void testCadiExceptionThrowable() {
+ CadiException exception = new CadiException(new Throwable("New Exception"));
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));
+ }
+
+ @Test
+ public void testCadiExceptionStringThrowable() {
+ CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("New Exception"));
+
+ }
+
+ @Test
+ public void testCadiException1() {
+ CadiException exception = new CadiException();
+
+ assertNotNull(exception);
+ }
+
+ @Test
+ public void testCadiExceptionString1() {
+ CadiException exception = new CadiException("New Exception");
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("New Exception"));
+ }
+
+ @Test
+ public void testCadiExceptionThrowable1() {
+ CadiException exception = new CadiException(new Throwable("New Exception"));
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));
+ }
+
+ @Test
+ public void testCadiExceptionStringThrowable1() {
+ CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("New Exception"));
+
+ }
+
+ @Test
+ public void testCadiException2() {
+ CadiException exception = new CadiException();
+
+ assertNotNull(exception);
+ }
+
+ @Test
+ public void testCadiExceptionString2() {
+ CadiException exception = new CadiException("New Exception");
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("New Exception"));
+ }
+
+ @Test
+ public void testCadiExceptionThrowable2() {
+ CadiException exception = new CadiException(new Throwable("New Exception"));
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));
+ }
+
+ @Test
+ public void testCadiExceptionStringThrowable2() {
+ CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));
+ assertNotNull(exception);
+ assertThat(exception.getMessage(), is("New Exception"));
+
+ }
+
+
+
+}
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import org.junit.*;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Matchers.*;\r
-import static org.mockito.Mockito.*;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.PrintStream;\r
-import java.security.Principal;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachingLur;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CadiWrap;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.filter.MapPermConverter;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.principal.TaggedPrincipal;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-public class JU_CadiWrap {\r
- \r
- @Mock\r
- private HttpServletRequest request;\r
- \r
- @Mock\r
- private TafResp tafResp;\r
- \r
- @Mock\r
- private TaggedPrincipal principle;\r
-\r
- @Mock\r
- private Lur lur;\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- MockitoAnnotations.initMocks(this);\r
-\r
- System.setOut(new PrintStream(new ByteArrayOutputStream()));\r
- }\r
-\r
- @After\r
- public void tearDown() {\r
- System.setOut(System.out);\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- @Test\r
- public void testInstantiate() throws CadiException {\r
- Access a = new PropAccess();\r
- when(tafResp.getAccess()).thenReturn(a);\r
- \r
- lur.fishAll(isA(Principal.class), (List<Permission>)isA(List.class));\r
- \r
- EpiLur lur1 = new EpiLur(lur);\r
- \r
- CadiWrap wrap = new CadiWrap(request, tafResp, lur1);\r
- \r
- assertNull(wrap.getUserPrincipal());\r
- assertNull(wrap.getRemoteUser());\r
- assertNull(wrap.getUser());\r
- assertEquals(wrap.getPermissions(principle).size(), 0);\r
- assertTrue(wrap.access() instanceof PropAccess);\r
- \r
- byte[] arr = {'1','2'};\r
- wrap.setCred(arr);\r
- \r
- assertEquals(arr, wrap.getCred());\r
- \r
- wrap.setUser("User1");\r
- assertEquals("User1", wrap.getUser());\r
- \r
- wrap.invalidate("1");\r
-\r
- assertFalse(wrap.isUserInRole(null));\r
- \r
- wrap.set(tafResp, lur);\r
- \r
- wrap.invalidate("2");\r
- \r
- assertFalse(wrap.isUserInRole("User1"));\r
- }\r
-\r
- @Test\r
- public void testInstantiateWithPermConverter() throws CadiException {\r
- Access a = new PropAccess();\r
- when(tafResp.getAccess()).thenReturn(a);\r
- when(tafResp.getPrincipal()).thenReturn(principle);\r
- \r
- // Anonymous object for testing purposes\r
- CachingLur<Permission> lur1 = new CachingLur<Permission>() {\r
- @Override public Permission createPerm(String p) { return null; }\r
- @Override public boolean fish(Principal bait, Permission pond) { return true; }\r
- @Override public void fishAll(Principal bait, List<Permission> permissions) { }\r
- @Override public void destroy() { }\r
- @Override public boolean handlesExclusively(Permission pond) { return false; }\r
- @Override public boolean handles(Principal principal) { return false; }\r
- @Override public void remove(String user) { }\r
- @Override public Resp reload(User<Permission> user) { return null; }\r
- @Override public void setDebug(String commaDelimIDsOrNull) { }\r
- @Override public void clear(Principal p, StringBuilder sb) { }\r
- };\r
- \r
- MapPermConverter pc = new MapPermConverter();\r
- \r
- CadiWrap wrap = new CadiWrap(request, tafResp, lur1, pc);\r
- \r
- assertNotNull(wrap.getUserPrincipal());\r
- assertNull(wrap.getRemoteUser());\r
- assertNull(wrap.getUser());\r
- \r
- byte[] arr = {'1','2'};\r
- wrap.setCred(arr);\r
- \r
- assertEquals(arr, wrap.getCred());\r
- \r
- wrap.setUser("User1");\r
- assertEquals("User1", wrap.getUser());\r
- \r
- wrap.invalidate("1");\r
- wrap.setPermConverter(new MapPermConverter());\r
- \r
- assertTrue(wrap.getLur() instanceof CachingLur);\r
- assertTrue(wrap.isUserInRole("User1"));\r
- \r
- wrap.set(tafResp, lur);\r
- assertFalse(wrap.isUserInRole("Perm1"));\r
- }\r
-}\r
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.cadi.test;
+
+import org.junit.*;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CachingLur;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.CadiWrap;
+import org.onap.aaf.cadi.Lur;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.User;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
+import org.onap.aaf.cadi.filter.MapPermConverter;
+import org.onap.aaf.cadi.lur.EpiLur;
+import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.taf.TafResp;
+
+public class JU_CadiWrap {
+
+ @Mock
+ private HttpServletRequest request;
+
+ @Mock
+ private TafResp tafResp;
+
+ @Mock
+ private TaggedPrincipal principle;
+
+ @Mock
+ private Lur lur;
+
+ @Before
+ public void setUp() throws Exception {
+ MockitoAnnotations.initMocks(this);
+
+ System.setOut(new PrintStream(new ByteArrayOutputStream()));
+ }
+
+ @After
+ public void tearDown() {
+ System.setOut(System.out);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
+ public void testInstantiate() throws CadiException {
+ Access a = new PropAccess();
+ when(tafResp.getAccess()).thenReturn(a);
+
+ lur.fishAll(isA(Principal.class), (List<Permission>)isA(List.class));
+
+ EpiLur lur1 = new EpiLur(lur);
+
+ CadiWrap wrap = new CadiWrap(request, tafResp, lur1);
+
+ assertNull(wrap.getUserPrincipal());
+ assertNull(wrap.getRemoteUser());
+ assertNull(wrap.getUser());
+ assertEquals(wrap.getPermissions(principle).size(), 0);
+ assertTrue(wrap.access() instanceof PropAccess);
+
+ byte[] arr = {'1','2'};
+ wrap.setCred(arr);
+
+ assertEquals(arr, wrap.getCred());
+
+ wrap.setUser("User1");
+ assertEquals("User1", wrap.getUser());
+
+ wrap.invalidate("1");
+
+ assertFalse(wrap.isUserInRole(null));
+
+ wrap.set(tafResp, lur);
+
+ wrap.invalidate("2");
+
+ assertFalse(wrap.isUserInRole("User1"));
+ }
+
+ @Test
+ public void testInstantiateWithPermConverter() throws CadiException {
+ Access a = new PropAccess();
+ when(tafResp.getAccess()).thenReturn(a);
+ when(tafResp.getPrincipal()).thenReturn(principle);
+
+ // Anonymous object for testing purposes
+ CachingLur<Permission> lur1 = new CachingLur<Permission>() {
+ @Override public Permission createPerm(String p) { return null; }
+ @Override public boolean fish(Principal bait, Permission pond) { return true; }
+ @Override public void fishAll(Principal bait, List<Permission> permissions) { }
+ @Override public void destroy() { }
+ @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handles(Principal principal) { return false; }
+ @Override public void remove(String user) { }
+ @Override public Resp reload(User<Permission> user) { return null; }
+ @Override public void setDebug(String commaDelimIDsOrNull) { }
+ @Override public void clear(Principal p, StringBuilder sb) { }
+ };
+
+ MapPermConverter pc = new MapPermConverter();
+
+ CadiWrap wrap = new CadiWrap(request, tafResp, lur1, pc);
+
+ assertNotNull(wrap.getUserPrincipal());
+ assertNull(wrap.getRemoteUser());
+ assertNull(wrap.getUser());
+
+ byte[] arr = {'1','2'};
+ wrap.setCred(arr);
+
+ assertEquals(arr, wrap.getCred());
+
+ wrap.setUser("User1");
+ assertEquals("User1", wrap.getUser());
+
+ wrap.invalidate("1");
+ wrap.setPermConverter(new MapPermConverter());
+
+ assertTrue(wrap.getLur() instanceof CachingLur);
+ assertTrue(wrap.isUserInRole("User1"));
+
+ wrap.set(tafResp, lur);
+ assertFalse(wrap.isUserInRole("Perm1"));
+ }
+}
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
+ <artifactId>javax.servlet-api</artifactId>
+ <version>3.0.1</version>
</dependency>
<dependency>
-rm -Rf private certs newcerts index* serial* intermediateCAs
+rm -Rf private certs newcerts index* serial* intermediate.serial intermediate_*
chmod 400 private/$FQI.key
SIGN_IT=true
else
- echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
+ echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
echo chmod 400 $FQI.key
echo "# All done, print result"
echo openssl req -verify -text -noout -in $FQI.csr
# Sign it
openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
-cert certs/ca.crt -keyfile private/ca.key \
- -policy policy_loose \
+ -policy policy_loose \
+ -days 360 \
-infiles $FQI.csr
fi
# Add Cert AND Intermediate CAs (Clients will have Root CAs (or not))
cat $MACH.crt > $MACH.chain
- for CA in `ls intermediateCAs`; do
- cat "intermediateCAs/$CA" >> $MACH.chain
- done
+ # Add THIS Intermediate CA into chain
+ cat "certs/ca.crt" >> $MACH.chain
# Make a pkcs12 keystore, a jks keystore and a pem keystore
rm -f $MACH.p12
};
f.createNewFile();
System.setProperty(
- "LOG4J_FILENAME_"+(appender),
+ "LOG4J_FILENAME_"+appender,
filename);
return appender;
}
- public void configure(final String props, final String log_level) throws IOException {
- String fname;
- if(new File(fname="etc/"+props).exists()) {
- org.apache.log4j.PropertyConfigurator.configureAndWatch(fname,60*1000L);
+ public void configure(final String path, final String fname, final String log_level) throws IOException {
+ final String fullPath=path+'/'+fname;
+ if(new File(fullPath).exists()) {
+ org.apache.log4j.PropertyConfigurator.configureAndWatch(fullPath,60*1000L);
} else {
- URL rsrc = ClassLoader.getSystemResource(props);
+ URL rsrc = ClassLoader.getSystemResource(fname);
if(rsrc==null) {
- String msg = "Neither File: " + fname + " or resource on Classpath " + props + " exist" ;
+ String msg = "Neither File: " + path + '/' + fname + " nor resource on Classpath " + fname + " exist" ;
throw new IOException(msg);
}
org.apache.log4j.PropertyConfigurator.configure(rsrc);
-###\r
-# ============LICENSE_START=======================================================\r
-# ONAP AAF\r
-# ================================================================================\r
-# Copyright (C) 2017 AT&T Intellectual Property. All rights\r
-# reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License"); \r
-# you may not use this file except in compliance with the License. \r
-# You may obtain a copy of the License at\r
-# \r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-# \r
-# Unless required by applicable law or agreed to in writing, software \r
-# distributed under the License is distributed on an "AS IS" BASIS, \r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. \r
-# See the License for the specific language governing permissions and \r
-# limitations under the License.\r
-# ============LICENSE_END============================================\r
-# ===================================================================\r
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-###\r
-\r
-# Versioning variables\r
-# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )\r
-# because they are used in Jenkins, whose plug-in doesn't support\r
-\r
-major=2\r
-minor=1\r
-patch=0\r
-\r
-base_version=${major}.${minor}.${patch}\r
-\r
-# Release must be completed with git revision # in Jenkins\r
-release_version=${base_version}\r
+###
+# ============LICENSE_START=======================================================
+# ONAP AAF
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights
+# reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+###
+
+# Versioning variables
+# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
+# because they are used in Jenkins, whose plug-in doesn't support
+
+major=2
+minor=1
+patch=0
+
+base_version=${major}.${minor}.${patch}
+
+# Release must be completed with git revision # in Jenkins
+release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT
\ No newline at end of file