<unpack>false</unpack>\r
<scope>test</scope>\r
<includes>\r
- <include>com.att.cadi:cadi-core</include>\r
+ <include>org.onap.aaf.cadi:cadi-core</include>\r
</includes>\r
</dependencySet>\r
<dependencySet>\r
<unpack>false</unpack>\r
<scope>test</scope>\r
<includes>\r
- <include>com.att.cadi:cadi-aaf</include>\r
+ <include>org.onap.aaf.cadi:cadi-aaf</include>\r
</includes>\r
</dependencySet>\r
<dependencySet>\r
<unpack>false</unpack>\r
<scope>compile</scope>\r
<includes>\r
- <include>com.att.cssa:rosetta</include>\r
+ <include>org.onap.aaf.cssa:rosetta</include>\r
</includes>\r
</dependencySet>\r
</dependencySets>\r
<unpack>true</unpack>\r
<scope>compile</scope>\r
<includes>\r
- <include>com.att.authz:authz-client</include>\r
- <include>com.att.cadi:cadi-aaf</include>\r
- <include>com.att.cadi:cadi-core</include>\r
- <include>com.att.cadi:cadi-client</include>\r
- <include>com.att.inno:env</include>\r
- <include>com.att.inno:rosetta</include>\r
+ <include>org.onap.aaf.authz:authz-client</include>\r
+ <include>org.onap.aaf.cadi:cadi-aaf</include>\r
+ <include>org.onap.aaf.cadi:cadi-core</include>\r
+ <include>org.onap.aaf.cadi:cadi-client</include>\r
+ <include>org.onap.aaf.inno:env</include>\r
+ <include>org.onap.aaf.inno:rosetta</include>\r
</includes>\r
</dependencySet>\r
\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
- xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">\r
- \r
- <id>test</id>\r
- <formats>\r
- <format>zip</format>\r
- </formats>\r
-\r
- <includeBaseDirectory>true</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>com.att.cadi:cadi-core</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>com.att.cadi:cadi-aaf</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>org.eclipse.jetty.aggregate:jetty-all</include>\r
- </includes>\r
- </dependencySet>\r
-\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>org.eclipse.jetty.orbit:javax.servlet</include>\r
- </includes>\r
- </dependencySet>\r
-\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>javax:servlet</include>\r
- </includes>\r
- </dependencySet>\r
- \r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>com.att.aft:dme2</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>com.att.aft.discovery:discovery-clt</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>compile</scope>\r
- <includes>\r
- <include>com.att.cssa:rosetta</include>\r
- </includes>\r
- </dependencySet>\r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>run</directory>\r
- <includes>\r
- <include>cadi.properties</include>\r
- <include>keyfile</include>\r
- <include>start.sh</include>\r
- </includes>\r
- </fileSet>\r
- <fileSet>\r
- <includes>\r
- <include>../cadi/target/cadi-core*tests.jar</include>\r
- </includes>\r
- </fileSet>\r
- </fileSets>\r
- \r
-</assembly>\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
- xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">\r
- \r
- <id>full</id>\r
- <formats>\r
- <format>jar</format>\r
- </formats>\r
-\r
- <includeBaseDirectory>false</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <unpack>true</unpack>\r
- <scope>compile</scope>\r
- <includes>\r
- <include>com.att.authz:authz-client</include>\r
- <include>com.att.cadi:cadi-aaf</include>\r
- <include>com.att.cadi:cadi-core</include>\r
- <include>com.att.cadi:cadi-client</include>\r
- <include>com.att.inno:env</include>\r
- <include>com.att.inno:rosetta</include>\r
- </includes>\r
- </dependencySet>\r
- \r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>src/main/xsd</directory>\r
- </fileSet>\r
- </fileSets>\r
-</assembly>\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-import com.att.rosetta.env.RosettaEnv;\r
-\r
-public class Examples {\r
- public static void main(String[] args) {\r
- if(args.length<1) {\r
- System.out.println("Usage: Examples <name> [\"optional\" - will show optional fields]");\r
- } else {\r
- boolean options = args.length>1&&"optional".equals(args[1]);\r
- try {\r
- RosettaEnv env = new RosettaEnv();\r
- System.out.println(com.att.cadi.aaf.client.Examples.print(env, args[0], options));\r
- } catch (Exception e) {\r
- System.out.println(e.getMessage());\r
- }\r
- }\r
- }\r
- \r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf;\r
-\r
-import com.att.cadi.Permission;\r
-\r
-/**\r
- * A Class that understands the AAF format of Permission (name/type/action)\r
- * or String "name|type|action"\r
- * \r
- *\r
- */\r
-public class AAFPermission implements Permission {\r
- protected String type,instance,action,key;\r
-\r
- protected AAFPermission() {}\r
-\r
- public AAFPermission(String type, String instance, String action) {\r
- this.type = type;\r
- this.instance = instance;\r
- this.action = action;\r
- key = type + '|' + instance + '|' + action;\r
- }\r
- \r
- /**\r
- * Match a Permission\r
- * if Permission is Fielded type "Permission", we use the fields\r
- * otherwise, we split the Permission with '|'\r
- * \r
- * when the type or action starts with REGEX indicator character ( ! ),\r
- * then it is evaluated as a regular expression.\r
- * \r
- * If you want a simple field comparison, it is faster without REGEX\r
- */\r
- public boolean match(Permission p) {\r
- if(p instanceof AAFPermission) {\r
- AAFPermission ap = (AAFPermission)p;\r
- // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy\r
- // Current solution is only allow direct match on Type.\r
- // 8/28/2014 - added REGEX ability\r
- if(type.equals(ap.getName())) \r
- if(PermEval.evalInstance(instance,ap.getInstance()))\r
- if(PermEval.evalAction(action,ap.getAction()))\r
- return true;\r
- } else {\r
- // Permission is concatenated together: separated by |\r
- String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);\r
- if(aaf.length>0 && type.equals(aaf[0]))\r
- if(PermEval.evalInstance(instance,aaf.length>1?aaf[1]:"*"))\r
- if(PermEval.evalAction(action,aaf.length>2?aaf[2]:"*"))\r
- return true;\r
- } \r
- return false;\r
- }\r
-\r
- \r
- public String getName() {\r
- return type;\r
- }\r
- \r
- public String getInstance() {\r
- return instance;\r
- }\r
- \r
- public String getAction() {\r
- return action;\r
- }\r
- \r
- public String getKey() {\r
- return key;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Permission#permType()\r
- */\r
- public String permType() {\r
- return "AAF";\r
- }\r
-\r
- public String toString() {\r
- return "AAFPermission:\n\tType: " + type + \r
- "\n\tInstance: " + instance +\r
- "\n\tAction: " + action +\r
- "\n\tKey: " + key;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf;\r
-\r
-import java.security.Principal;\r
-import java.util.regex.Pattern;\r
-\r
-import com.att.cadi.Transmutate;\r
-import com.att.cadi.lur.ConfigPrincipal;\r
-import com.att.cadi.principal.BasicPrincipal;\r
-import com.att.cadi.principal.CSPPrincipal_T;\r
-\r
-/**\r
- * AAFTransmutate\r
- * \r
- * Each System determines the mechanisms for which one Principal is transmutated to another, such as whether it is created\r
- * independently, etc.\r
- * \r
- * For AAF, the only important thing is that these are valid ATTUID/mechIDs, to avoid unnecessary user hits\r
- * \r
- * attUIDs look like ab1234 or AB1234 or AZ123a\r
- * mechids look like m12345\r
- * \r
- *\r
- */\r
-public final class AAFTransmutate implements Transmutate<Principal> {\r
- private Pattern pattern = Pattern.compile("[a-zA-Z]\\w\\d\\d\\d\\w");\r
-\r
- public Principal mutate(Principal p) {\r
- // Accept these three internal kinds of Principals\r
- if(p instanceof CSPPrincipal_T \r
- || p instanceof BasicPrincipal\r
- || p instanceof ConfigPrincipal) { \r
- return p;\r
- } else { \r
- String name = p.getName();\r
- final int idx = name.indexOf('@');\r
- if(idx>0) { // strip off any domain\r
- name = name.substring(0,idx); \r
- }\r
-\r
- // Check for ATTUID specs before creating CSP_T\r
- return pattern.matcher(name).matches()?\r
- new CSP_T(name):\r
- null;\r
- }\r
- }\r
-\r
- /**\r
- * Essential Principal reflecting CSP Principal\r
- * \r
- *\r
- */\r
- private final class CSP_T implements CSPPrincipal_T {\r
- private String name;\r
- public CSP_T(String name) {\r
- this.name = name;\r
- }\r
- public String getName() {\r
- return name;\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf;\r
-\r
-import com.att.inno.env.util.Split;\r
-\r
-\r
-public class PermEval {\r
- public static final char START_REGEX_CHAR = '!';\r
- public static final char START_INST_KEY_CHAR=':';\r
- public static final char ALT_START_INST_KEY_CHAR='/';\r
- \r
- public static final char LIST_SEP = ',';\r
- public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();\r
- public static final String ASTERIX = "*";\r
- \r
- /**\r
- * Evaluate Instance\r
- * \r
- * Instance can be more complex. It can be a string, a Regular Expression, or a ":" separated Key \r
- * who's parts can also be a String, Regular Expression.\r
- * \r
- * sInst = Server's Instance\r
- * In order to prevent false matches, keys must be the same length to count as equal\r
- * Changing this will break existing users, like Cassandra. 9-4-2015\r
- */\r
- public static boolean evalInstance(String sInst, String pInst) {\r
- if(ASTERIX.equals(sInst)) return true; // If Server's String is "*", then it accepts every Instance\r
- char firstChar = pInst.charAt(0);\r
- char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;\r
- switch(pInst.charAt(0)) { // First char\r
- case START_REGEX_CHAR: // Evaluate as Regular Expression\r
- String pItem = pInst.substring(1);\r
- for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," definition in Action\r
- return sItem.matches(pItem);\r
- }\r
- \r
- case START_INST_KEY_CHAR: // Evaluate a special Key field, i.e.:xyz:*:!df.*\r
- case ALT_START_INST_KEY_CHAR: // Also allow '/' as special Key Field, i.e. /xyz/*/!.*\r
- if(sInst.charAt(0)==startChar) { // To compare key-to-key, both strings must be keys\r
- String[] skeys=Split.split(startChar,sInst);\r
- String[] pkeys=Split.split(startChar,pInst);\r
- if(skeys.length!=pkeys.length) return false;\r
- \r
- boolean pass = true;\r
- for(int i=1;pass && i<skeys.length;++i) { // We start at 1, because the first one, being ":" is always ""\r
- if(ASTERIX.equals(skeys[i]))continue; // Server data accepts all for this key spot\r
- pass = false;\r
- for(String sItem : Split.split(LIST_SEP,skeys[i])) { // allow for "," definition in Action\r
- if(pkeys[i].length()==0) {\r
- if(pass=sItem.length()==0) {\r
- break; // Both Empty, keep checking\r
- }\r
-// } else if(pkeys[i].charAt(0)==START_REGEX_CHAR) { \r
-// if(pass=sItem.matches(pkeys[i].substring(1))) {\r
-// break; // Matches, keep checking\r
-// }\r
- } else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *\r
- if(pass=pkeys[i].matches(sItem.substring(1))) {\r
- break; // Matches, keep checking\r
- }\r
- } else if(skeys[i].endsWith(ASTERIX)) {\r
- if(pass=endAsterixCompare(skeys[i],pkeys[i])) {\r
- break;\r
- }\r
- } else {\r
- if(pass=sItem.equals(pkeys[i]))\r
- break; // Equal, keep checking\r
- }\r
- }\r
- }\r
- return pass; // return whether passed all key checks\r
- }\r
- return false; // if first chars aren't the same, further String compare not necessary\r
- default: // Evaluate as String Compare\r
- for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," separator //TODO is this only for actions?\r
- if(sItem.endsWith(ASTERIX)) {\r
- if(endAsterixCompare(sInst, pInst));\r
- } else if(sItem.equals(pInst)) {\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
- }\r
- \r
- private static boolean endAsterixCompare(String sInst, String pInst) {\r
- final int len = sInst.length()-1;\r
- if(pInst.length()<len) {\r
- return false;\r
- }\r
- for(int j=0;j<len;++j) {\r
- if(pInst.charAt(j)!=sInst.charAt(j)) {\r
- return false;\r
- }\r
- }\r
- return true;\r
- }\r
-\r
- /**\r
- * Evaluate Action\r
- * \r
- * sAction = Stored Action...\r
- * pAction = Present Action... the Permission to validate against.\r
- * Action is not quite as complex. But we write it in this function so it can be consistent\r
- */\r
- public static boolean evalAction(String sAction,String pAction) {\r
- if(ASTERIX.equals(sAction))return true; // If Server's String is "*", then it accepts every Action\r
- for(String sItem : Split.split(LIST_SEP,sAction)) { // allow for "," definition in Action\r
- if (pAction.charAt(0)==START_REGEX_CHAR? // First char\r
- sItem.matches(pAction.substring(1)): // Evaluate as Regular Expression\r
- sItem.equals(pAction)) // Evaluate as String Compare\r
- return true;\r
- } \r
- return false;\r
- }\r
- \r
- /**\r
- * Split.split by Char\r
- * \r
- * Note: I read the String Split.split and Pattern Split.split code, and we can do this more efficiently for a single Character\r
- */\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.client;\r
-\r
-import java.io.PrintStream;\r
-\r
-import aaf.v2_0.Error;\r
-\r
-import com.att.cadi.client.Future;\r
-import com.att.cadi.util.Vars;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.Data.TYPE;\r
-import com.att.rosetta.env.RosettaDF;\r
-import com.att.rosetta.env.RosettaEnv;\r
-\r
-public class ErrMessage {\r
- private RosettaDF<Error> errDF;\r
- \r
- public ErrMessage(RosettaEnv env) throws APIException {\r
- errDF = env.newDataFactory(Error.class);\r
- }\r
-\r
- /**\r
- * AT&T Requires a specific Error Format for RESTful Services, which AAF complies with.\r
- * \r
- * This code will create a meaningful string from this format. \r
- * \r
- * @param ps\r
- * @param df\r
- * @param r\r
- * @throws APIException\r
- */\r
- public void printErr(PrintStream ps, String attErrJson) throws APIException {\r
- StringBuilder sb = new StringBuilder();\r
- Error err = errDF.newData().in(TYPE.JSON).load(attErrJson).asObject();\r
- ps.println(toMsg(sb,err));\r
- }\r
- \r
- /**\r
- * AT&T Requires a specific Error Format for RESTful Services, which AAF complies with.\r
- * \r
- * This code will create a meaningful string from this format. \r
- * \r
- * @param sb\r
- * @param df\r
- * @param r\r
- * @throws APIException\r
- */\r
- public StringBuilder toMsg(StringBuilder sb, String attErrJson) throws APIException {\r
- return toMsg(sb,errDF.newData().in(TYPE.JSON).load(attErrJson).asObject());\r
- }\r
- \r
- public StringBuilder toMsg(Future<?> future) {\r
- return toMsg(new StringBuilder(),future);\r
- }\r
- \r
- public StringBuilder toMsg(StringBuilder sb, Future<?> future) {\r
- try {\r
- toMsg(sb,errDF.newData().in(TYPE.JSON).load(future.body()).asObject());\r
- } catch(Exception e) {\r
- //just print what we can\r
- sb.append(future.code());\r
- sb.append(": ");\r
- sb.append(future.body());\r
- }\r
- return sb;\r
- }\r
-\r
- public StringBuilder toMsg(StringBuilder sb, Error err) {\r
- sb.append(err.getMessageId());\r
- sb.append(' ');\r
- String[] vars = new String[err.getVariables().size()];\r
- err.getVariables().toArray(vars);\r
- Vars.convert(sb, err.getText(),vars);\r
- return sb;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.client;\r
-\r
-\r
-import java.lang.reflect.InvocationTargetException;\r
-import java.lang.reflect.Method;\r
-import java.util.GregorianCalendar;\r
-\r
-import aaf.v2_0.Approval;\r
-import aaf.v2_0.Approvals;\r
-import aaf.v2_0.CredRequest;\r
-import aaf.v2_0.Keys;\r
-import aaf.v2_0.NsRequest;\r
-import aaf.v2_0.Nss;\r
-import aaf.v2_0.Nss.Ns;\r
-import aaf.v2_0.Perm;\r
-import aaf.v2_0.PermKey;\r
-import aaf.v2_0.PermRequest;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Pkey;\r
-import aaf.v2_0.Request;\r
-import aaf.v2_0.Role;\r
-import aaf.v2_0.RoleKey;\r
-import aaf.v2_0.RolePermRequest;\r
-import aaf.v2_0.RoleRequest;\r
-import aaf.v2_0.Roles;\r
-import aaf.v2_0.UserRole;\r
-import aaf.v2_0.UserRoleRequest;\r
-import aaf.v2_0.UserRoles;\r
-import aaf.v2_0.Users;\r
-import aaf.v2_0.Users.User;\r
-\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.Data;\r
-import com.att.inno.env.Data.TYPE;\r
-import com.att.inno.env.util.Chrono;\r
-import com.att.rosetta.env.RosettaDF;\r
-import com.att.rosetta.env.RosettaEnv;\r
-\r
-public class Examples {\r
- public static <C> String print(RosettaEnv env, String nameOrContentType, boolean optional) throws APIException, SecurityException, NoSuchMethodException, IllegalArgumentException, IllegalAccessException, InvocationTargetException {\r
- // Discover ClassName\r
- String className = null;\r
- String version = null;\r
- TYPE type = TYPE.JSON; // default\r
- if(nameOrContentType.startsWith("application/")) {\r
- for(String ct : nameOrContentType.split("\\s*,\\s*")) {\r
- for(String elem : ct.split("\\s*;\\s*")) {\r
- if(elem.endsWith("+json")) {\r
- type = TYPE.JSON;\r
- className = elem.substring(elem.indexOf('/')+1, elem.length()-5);\r
- } else if(elem.endsWith("+xml")) {\r
- type = TYPE.XML;\r
- className = elem.substring(elem.indexOf('/')+1, elem.length()-4);\r
- } else if(elem.startsWith("version=")) {\r
- version = elem.substring(8);\r
- }\r
- }\r
- if(className!=null && version!=null)break;\r
- }\r
- if(className==null) {\r
- throw new APIException(nameOrContentType + " does not contain Class Information");\r
- }\r
- } else {\r
- className = nameOrContentType;\r
- }\r
- \r
- // No Void.class in aaf.v2_0 package causing errors when trying to use a newVoidv2_0\r
- // method similar to others in this class. This makes it work, but is it right?\r
- if ("Void".equals(className)) return "";\r
- \r
- if("1.1".equals(version)) {\r
- version = "v1_0";\r
- } else if(version!=null) {\r
- version = "v" + version.replace('.', '_');\r
- } else {\r
- version = "v2_0";\r
- }\r
- \r
- Class<?> cls;\r
- try {\r
- cls = Examples.class.getClassLoader().loadClass("aaf."+version+'.'+className);\r
- } catch (ClassNotFoundException e) {\r
- throw new APIException(e);\r
- }\r
- \r
- Method meth;\r
- try {\r
- meth = Examples.class.getDeclaredMethod("new"+cls.getSimpleName()+version,boolean.class);\r
- } catch (Exception e) {\r
- throw new APIException("ERROR: " + cls.getName() + " does not have an Example in Code. Request from AAF Developers");\r
- }\r
- \r
- RosettaDF<C> df = env.newDataFactory(cls);\r
- df.option(Data.PRETTY);\r
- \r
- Object data = meth.invoke(null,optional);\r
- \r
- @SuppressWarnings("unchecked")\r
- String rv = df.newData().load((C)data).out(type).asString();\r
-// Object obj = df.newData().in(type).load(rv).asObject();\r
- return rv;\r
- }\r
- \r
- /*\r
- * Set Base Class Request (easier than coding over and over)\r
- */\r
- private static void setOptional(Request req) {\r
- GregorianCalendar gc = new GregorianCalendar();\r
- req.setStart(Chrono.timeStamp(gc));\r
- gc.add(GregorianCalendar.MONTH, 6);\r
- req.setEnd(Chrono.timeStamp(gc));\r
-// req.setForce("false");\r
- \r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Request newRequestv2_0(boolean optional) {\r
- Request r = new Request();\r
- setOptional(r);\r
- return r;\r
- }\r
- @SuppressWarnings("unused")\r
- private static RolePermRequest newRolePermRequestv2_0(boolean optional) {\r
- RolePermRequest rpr = new RolePermRequest();\r
- Pkey pkey = new Pkey();\r
- pkey.setType("com.att.myns.mytype");\r
- pkey.setInstance("myInstance");\r
- pkey.setAction("myAction");\r
- rpr.setPerm(pkey);\r
- rpr.setRole("com.att.myns.myrole");\r
- if(optional)setOptional(rpr);\r
- return rpr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Roles newRolesv2_0(boolean optional) {\r
- Role r;\r
- Pkey p;\r
- Roles rs = new Roles();\r
- rs.getRole().add(r = new Role());\r
- r.setName("com.att.myns.myRole");\r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
- \r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myOtherAction");\r
- \r
- rs.getRole().add(r = new Role());\r
- r.setName("com.att.myns.myOtherRole");\r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myOtherType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
- \r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myOthertype");\r
- p.setInstance("myInstance");\r
- p.setAction("myOtherAction");\r
-\r
- return rs;\r
- }\r
- \r
- \r
- @SuppressWarnings("unused")\r
- private static PermRequest newPermRequestv2_0(boolean optional) {\r
- PermRequest pr = new PermRequest();\r
- pr.setType("com.att.myns.myType");\r
- pr.setInstance("myInstance");\r
- pr.setAction("myAction");\r
- if(optional) {\r
- pr.setDescription("Short and meaningful verbiage about the Permission");\r
- \r
- setOptional(pr);\r
- }\r
- return pr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Perm newPermv2_0(boolean optional) {\r
- Perm pr = new Perm();\r
- pr.setType("com.att.myns.myType");\r
- pr.setInstance("myInstance");\r
- pr.setAction("myAction");\r
- pr.getRoles().add("com.att.myns.myRole");\r
- pr.getRoles().add("com.att.myns.myRole2");\r
- pr.setDescription("This is my description, and I'm sticking with it");\r
- if(optional) {\r
- pr.setDescription("Short and meaningful verbiage about the Permission");\r
- }\r
- return pr;\r
- }\r
-\r
-\r
- @SuppressWarnings("unused")\r
- private static PermKey newPermKeyv2_0(boolean optional) {\r
- PermKey pr = new PermKey();\r
- pr.setType("com.att.myns.myType");\r
- pr.setInstance("myInstance");\r
- pr.setAction("myAction");\r
- return pr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Perms newPermsv2_0(boolean optional) {\r
- Perms perms = new Perms();\r
- Perm p;\r
- perms.getPerm().add(p=new Perm());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
- p.getRoles().add("com.att.myns.myRole");\r
- p.getRoles().add("com.att.myns.myRole2");\r
- \r
-\r
- perms.getPerm().add(p=new Perm());\r
- p.setType("com.att.myns.myOtherType");\r
- p.setInstance("myInstance");\r
- p.setAction("myOtherAction");\r
- p.getRoles().add("com.att.myns.myRole");\r
- p.getRoles().add("com.att.myns.myRole2");\r
-\r
- return perms;\r
- \r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static UserRoleRequest newUserRoleRequestv2_0(boolean optional) {\r
- UserRoleRequest urr = new UserRoleRequest();\r
- urr.setRole("com.att.myns.myRole");\r
- urr.setUser("ab1234@csp.att.com");\r
- if(optional) setOptional(urr);\r
- return urr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static NsRequest newNsRequestv2_0(boolean optional) {\r
- NsRequest nr = new NsRequest();\r
- nr.setName("com.att.myns");\r
- nr.getResponsible().add("ab1234@csp.att.com");\r
- nr.getResponsible().add("cd5678@csp.att.com");\r
- nr.getAdmin().add("zy9876@csp.att.com");\r
- nr.getAdmin().add("xw5432@csp.att.com"); \r
- if(optional) {\r
- nr.setDescription("This is my Namespace to set up");\r
- nr.setType("APP");\r
- setOptional(nr);\r
- }\r
- return nr;\r
- }\r
- \r
- \r
- @SuppressWarnings("unused")\r
- private static Nss newNssv2_0(boolean optional) {\r
- Ns ns;\r
- \r
- Nss nss = new Nss();\r
- nss.getNs().add(ns = new Nss.Ns());\r
- ns.setName("com.att.myns");\r
- ns.getResponsible().add("ab1234@csp.att.com");\r
- ns.getResponsible().add("cd5678@csp.att.com");\r
- ns.getAdmin().add("zy9876@csp.att.com");\r
- ns.getAdmin().add("xw5432@csp.att.com");\r
- ns.setDescription("This is my Namespace to set up");\r
- \r
- nss.getNs().add(ns = new Nss.Ns());\r
- ns.setName("com.att.myOtherNs");\r
- ns.getResponsible().add("ab1234@csp.att.com");\r
- ns.getResponsible().add("cd5678@csp.att.com");\r
- ns.getAdmin().add("zy9876@csp.att.com");\r
- ns.getAdmin().add("xw5432@csp.att.com"); \r
- \r
- return nss;\r
- }\r
- @SuppressWarnings("unused")\r
- private static RoleRequest newRoleRequestv2_0(boolean optional) {\r
- RoleRequest rr = new RoleRequest();\r
- rr.setName("com.att.myns.myRole");\r
- if(optional) {\r
- rr.setDescription("This is my Role");\r
- setOptional(rr);\r
- }\r
- return rr;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static CredRequest newCredRequestv2_0(boolean optional) {\r
- CredRequest cr = new CredRequest();\r
- cr.setId("myID@fully.qualified.domain");\r
- if(optional) {\r
- cr.setType(2);\r
- cr.setEntry("0x125AB256344CE");\r
- } else {\r
- cr.setPassword("This is my provisioned password");\r
- }\r
-\r
- return cr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Users newUsersv2_0(boolean optional) {\r
- User user;\r
- \r
- Users users = new Users();\r
- users.getUser().add(user = new Users.User());\r
- user.setId("ab1234@csp.att.com"); \r
- GregorianCalendar gc = new GregorianCalendar();\r
- user.setExpires(Chrono.timeStamp(gc));\r
- \r
- users.getUser().add(user = new Users.User());\r
- user.setId("zy9876@csp.att.com"); \r
- user.setExpires(Chrono.timeStamp(gc)); \r
- \r
- return users;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static Role newRolev2_0(boolean optional) {\r
- Role r = new Role();\r
- Pkey p;\r
- r.setName("com.att.myns.myRole");\r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
-\r
- return r;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static RoleKey newRoleKeyv2_0(boolean optional) {\r
- RoleKey r = new RoleKey();\r
- Pkey p;\r
- r.setName("com.att.myns.myRole");\r
- return r;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static Keys newKeysv2_0(boolean optional) {\r
- Keys ks = new Keys();\r
- ks.getKey().add("Reponse 1");\r
- ks.getKey().add("Response 2");\r
- return ks;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static UserRoles newUserRolesv2_0(boolean optional) {\r
- UserRoles urs = new UserRoles();\r
- UserRole ur = new UserRole();\r
- ur.setUser("xy1234");\r
- ur.setRole("com.test.myapp.myRole");\r
- ur.setExpires(Chrono.timeStamp());\r
- urs.getUserRole().add(ur);\r
- \r
- ur = new UserRole();\r
- ur.setUser("yx4321");\r
- ur.setRole("com.test.yourapp.yourRole");\r
- ur.setExpires(Chrono.timeStamp());\r
- urs.getUserRole().add(ur);\r
- return urs;\r
- }\r
-\r
-\r
- @SuppressWarnings("unused")\r
- private static Approvals newApprovalsv2_0(boolean optional) {\r
- Approvals as = new Approvals();\r
- Approval a = new Approval();\r
- a.setApprover("MyApprover");\r
- a.setId("MyID");\r
- a.setMemo("My memo (and then some)");\r
- a.setOperation("MyOperation");\r
- a.setStatus("MyStatus");\r
- a.setTicket("MyTicket");\r
- a.setType("MyType");\r
- a.setUpdated(Chrono.timeStamp());\r
- a.setUser("MyUser");\r
- as.getApprovals().add(a);\r
- a = new Approval();\r
- a.setApprover("MyApprover2");\r
- a.setId("MyID2");\r
- a.setMemo("My memo (and then some)2");\r
- a.setOperation("MyOperation2");\r
- a.setStatus("MyStatus2");\r
- a.setTicket("MyTicket2");\r
- a.setType("MyType2");\r
- a.setUpdated(Chrono.timeStamp());\r
- a.setUser("MyUser2");\r
- as.getApprovals().add(a);\r
- return as;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static Approval newApprovalv2_0(boolean optional) {\r
- Approval a = new Approval();\r
- a.setApprover("MyApprover");\r
- a.setId("MyID");\r
- a.setMemo("My memo (and then some)");\r
- a.setOperation("MyOperation");\r
- a.setStatus("MyStatus");\r
- a.setTicket("MyTicket");\r
- a.setType("MyType");\r
- a.setUpdated(Chrono.timeStamp());\r
- a.setUser("MyUser");\r
- return a;\r
- }\r
-\r
- \r
-\r
- @SuppressWarnings("unused")\r
- private static aaf.v2_0.Error newErrorv2_0(boolean optional) {\r
- aaf.v2_0.Error err = new aaf.v2_0.Error();\r
- err.setMessageId("SVC1403");\r
- err.setText("MyText %s, %s: The last three digits are usually the HTTP Code");\r
- err.getVariables().add("Variable 1");\r
- err.getVariables().add("Variable 2");\r
- return err;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.marshal;\r
-\r
-import javax.xml.datatype.XMLGregorianCalendar;\r
-\r
-import aaf.v2_0.Certs.Cert;\r
-\r
-import com.att.rosetta.marshal.FieldDateTime;\r
-import com.att.rosetta.marshal.FieldHexBinary;\r
-import com.att.rosetta.marshal.FieldString;\r
-import com.att.rosetta.marshal.ObjMarshal;\r
-\r
-public class CertMarshal extends ObjMarshal<Cert> {\r
- public CertMarshal() {\r
- add(new FieldHexBinary<Cert>("fingerprint") {\r
- @Override\r
- protected byte[] data(Cert t) {\r
- return t.getFingerprint();\r
- }\r
- });\r
-\r
- add(new FieldString<Cert>("id") {\r
- @Override\r
- protected String data(Cert t) {\r
- return t.getId();\r
- }\r
- });\r
-\r
- add(new FieldString<Cert>("x500") {\r
- @Override\r
- protected String data(Cert t) {\r
- return t.getX500();\r
- }\r
- });\r
- \r
- add(new FieldDateTime<Cert>("expires") {\r
- @Override\r
- protected XMLGregorianCalendar data(Cert t) {\r
- return t.getExpires();\r
- }\r
- });\r
-\r
-\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.marshal;\r
-\r
-import java.util.List;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Certs.Cert;\r
-\r
-import com.att.rosetta.marshal.ObjArray;\r
-import com.att.rosetta.marshal.ObjMarshal;\r
-\r
-public class CertsMarshal extends ObjMarshal<Certs> {\r
-\r
- public CertsMarshal() {\r
- add(new ObjArray<Certs,Cert>("cert",new CertMarshal()) {\r
- @Override\r
- protected List<Cert> data(Certs t) {\r
- return t.getCert();\r
- }\r
- }); \r
- }\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.cadi.AbsUserCache;\r
-import com.att.cadi.CachedPrincipal;\r
-import com.att.cadi.GetCred;\r
-import com.att.cadi.Hash;\r
-import com.att.cadi.User;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.client.Future;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.lur.ConfigPrincipal;\r
-import com.att.inno.env.APIException;\r
-\r
-public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {\r
- private AAFCon<CLIENT> con;\r
- private String realm;\r
- \r
- /**\r
- * Configure with Standard AAF properties, Stand alone\r
- * @param con\r
- * @throws Exception \r
- */\r
- // Package on purpose\r
- AAFAuthn(AAFCon<CLIENT> con) throws Exception {\r
- super(con.access,con.cleanInterval,con.highCount,con.usageRefreshTriggerCount);\r
- this.con = con;\r
-\r
- try {\r
- setRealm();\r
- } catch (APIException e) {\r
- if(e.getCause() instanceof DME2Exception) {\r
- // Can't contact AAF, assume default\r
- realm=con.access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());\r
- }\r
- }\r
- }\r
-\r
- /**\r
- * Configure with Standard AAF properties, but share the Cache (with AAF Lur)\r
- * @param con\r
- * @throws Exception \r
- */\r
- // Package on purpose\r
- AAFAuthn(AAFCon<CLIENT> con, AbsUserCache<AAFPermission> cache) throws Exception {\r
- super(cache);\r
- this.con = con;\r
- try {\r
- setRealm();\r
- } catch (Exception e) {\r
- if(e.getCause() instanceof DME2Exception) {\r
- access.log(e);\r
- // Can't contact AAF, assume default \r
- realm=con.access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());\r
- }\r
- }\r
- }\r
-\r
- private void setRealm() throws Exception {\r
- // Make a call without security set to get the 401 response, which\r
- // includes the Realm of the server\r
- // This also checks on Connectivity early on.\r
- Future<String> fp = con.client(AAFCon.AAF_VERSION).read("/authn/basicAuth", "text/plain");\r
- if(fp.get(con.timeout)) {\r
- throw new Exception("Do not preset Basic Auth Information for AAFAuthn");\r
- } else {\r
- if(fp.code()==401) {\r
- realm = fp.header("WWW-Authenticate");\r
- if(realm!=null && realm.startsWith("Basic realm=\"")) {\r
- realm = realm.substring(13, realm.length()-1);\r
- } else {\r
- realm = "unknown.com";\r
- }\r
- }\r
- }\r
- }\r
- \r
- /**\r
- * Return Native Realm of AAF Instance.\r
- * \r
- * @return\r
- */\r
- public String getRealm() {\r
- return realm;\r
- }\r
-\r
- /**\r
- * Returns null if ok, or an Error String;\r
- * \r
- * @param user\r
- * @param password\r
- * @return\r
- * @throws Exception\r
- */\r
- public String validate(String user, String password) throws Exception {\r
- User<AAFPermission> usr = getUser(user);\r
- if(password.startsWith("enc:???")) {\r
- password = access.decrypt(password, true);\r
- }\r
-\r
- byte[] bytes = password.getBytes();\r
- if(usr != null && usr.principal != null && usr.principal.getName().equals(user) \r
- && usr.principal instanceof GetCred) {\r
- \r
- if(Hash.isEqual(((GetCred)usr.principal).getCred(),bytes)) {\r
- return null;\r
- } else {\r
- remove(usr);\r
- usr = null;\r
- }\r
- }\r
- \r
- AAFCachedPrincipal cp = new AAFCachedPrincipal(this,con.app, user, bytes, con.cleanInterval);\r
- // Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch\r
- // Statement\r
- switch(cp.revalidate()) {\r
- case REVALIDATED:\r
- if(usr!=null) {\r
- usr.principal = cp;\r
- } else {\r
- addUser(new User<AAFPermission>(cp,con.timeout));\r
- }\r
- return null;\r
- case INACCESSIBLE:\r
- return "AAF Inaccessible";\r
- case UNVALIDATED:\r
- return "User/Pass combo invalid";\r
- default: \r
- return "AAFAuthn doesn't handle this Principal";\r
- }\r
- }\r
- \r
- private class AAFCachedPrincipal extends ConfigPrincipal implements CachedPrincipal {\r
- private long expires,timeToLive;\r
-\r
- public AAFCachedPrincipal(AAFAuthn<?> aaf, String app, String name, byte[] pass, int timeToLive) {\r
- super(name,pass);\r
- this.timeToLive = timeToLive;\r
- expires = timeToLive + System.currentTimeMillis();\r
- }\r
-\r
- public Resp revalidate() {\r
- try {\r
- Miss missed = missed(getName());\r
- if(missed==null || missed.mayContinue(getCred())) {\r
- Rcli<CLIENT> client = con.client(AAFCon.AAF_VERSION).forUser(con.basicAuth(getName(), new String(getCred())));\r
- Future<String> fp = client.read(\r
- "/authn/basicAuth",\r
- "text/plain"\r
- );\r
- if(fp.get(con.timeout)) {\r
- expires = System.currentTimeMillis() + timeToLive;\r
- addUser(new User<AAFPermission>(this, expires));\r
- return Resp.REVALIDATED;\r
- } else {\r
- addMiss(getName(), getCred());\r
- return Resp.UNVALIDATED;\r
- }\r
- } else {\r
- return Resp.UNVALIDATED;\r
- }\r
- } catch (Exception e) {\r
- con.access.log(e);\r
- return Resp.INACCESSIBLE;\r
- }\r
- }\r
-\r
- public long expires() {\r
- return expires;\r
- }\r
- };\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.security.Principal;\r
-\r
-import com.att.cadi.AbsUserCache;\r
-import com.att.cadi.Access;\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.CadiWrap;\r
-import com.att.cadi.Connector;\r
-import com.att.cadi.LocatorException;\r
-import com.att.cadi.Lur;\r
-import com.att.cadi.SecuritySetter;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.aaf.marshal.CertsMarshal;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.client.Retryable;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.config.SecurityInfo;\r
-import com.att.cadi.lur.EpiLur;\r
-import com.att.cadi.principal.BasicPrincipal;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.util.Split;\r
-import com.att.rosetta.env.RosettaDF;\r
-import com.att.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Users;\r
-\r
-public abstract class AAFCon<CLIENT> implements Connector {\r
- public static final String AAF_VERSION = "2.0";\r
-\r
- final public Access access;\r
- // Package access\r
- final public int timeout, cleanInterval, connTimeout;\r
- final public int highCount, userExpires, usageRefreshTriggerCount;\r
- private Rcli<CLIENT> client = null;\r
- final public RosettaDF<Perms> permsDF;\r
- final public RosettaDF<Certs> certsDF;\r
- final public RosettaDF<Users> usersDF;\r
- private String realm;\r
- public final String app;\r
- protected SecuritySetter<CLIENT> ss;\r
- protected SecurityInfo<CLIENT> si;\r
- protected final URI initURI;\r
-\r
- public Rcli<CLIENT> client(String apiVersion) throws CadiException {\r
- if(client==null) {\r
- client = rclient(initURI,ss);\r
- client.apiVersion(apiVersion)\r
- .readTimeout(connTimeout);\r
- }\r
- return client;\r
- }\r
- \r
- protected AAFCon(Access access, String tag, SecurityInfo<CLIENT> si) throws CadiException{\r
- try {\r
- this.access = access;\r
- this.si = si;\r
- this.ss = si.defSS;\r
- if(ss==null) {\r
- String mechid = access.getProperty(Config.AAF_MECHID, null);\r
- String encpass = access.getProperty(Config.AAF_MECHPASS, null);\r
- if(encpass==null) {\r
- String alias = access.getProperty(Config.CADI_ALIAS, mechid);\r
- if(alias==null) {\r
- throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");\r
- }\r
- si.defSS=ss = x509Alias(alias);\r
- } else {\r
- if(mechid!=null && encpass !=null) {\r
- si.defSS=ss=basicAuth(mechid, encpass);\r
- } else {\r
- si.defSS=ss=new SecuritySetter<CLIENT>() {\r
- \r
- @Override\r
- public String getID() {\r
- return "";\r
- }\r
- \r
- @Override\r
- public void setSecurity(CLIENT client) throws CadiException {\r
- throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");\r
- }\r
- };\r
- }\r
- }\r
- }\r
- \r
- timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));\r
- cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));\r
- highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());\r
- connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());\r
- userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());\r
- usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based\r
- \r
- \r
- initURI = new URI(access.getProperty(tag,null));\r
- if(initURI==null) {\r
- throw new CadiException(tag + " property is required.");\r
- }\r
- \r
- app=reverseDomain(ss.getID());\r
- realm="openecomp.org";\r
- \r
- RosettaEnv env = new RosettaEnv();\r
- permsDF = env.newDataFactory(Perms.class);\r
- usersDF = env.newDataFactory(Users.class);\r
- certsDF = env.newDataFactory(Certs.class);\r
- certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling\r
- } catch (APIException|URISyntaxException e) {\r
- throw new CadiException("AAFCon cannot be configured",e);\r
- }\r
- }\r
- \r
- /**\r
- * Return the backing AAFCon, if there is a Lur Setup that is AAF.\r
- * \r
- * If there is no AAFLur setup, it will return "null"\r
- * @param servletRequest\r
- * @return\r
- */\r
- public static final AAFCon<?> obtain(Object servletRequest) {\r
- if(servletRequest instanceof CadiWrap) {\r
- Lur lur = ((CadiWrap)servletRequest).getLur();\r
- if(lur != null) {\r
- if(lur instanceof EpiLur) {\r
- AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);\r
- if(aal!=null) {\r
- return aal.aaf;\r
- }\r
- } else {\r
- if(lur instanceof AbsAAFLur) {\r
- return ((AbsAAFLur<?>)lur).aaf;\r
- }\r
- }\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- public AAFAuthn<CLIENT> newAuthn() throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFLurPerm newLur() throws CadiException {\r
- try {\r
- return new AAFLurPerm(this);\r
- } catch (CadiException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFLurPerm(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- /**\r
- * Take a Fully Qualified User, and get a Namespace from it.\r
- * @param user\r
- * @return\r
- */\r
- public static String reverseDomain(String user) {\r
- StringBuilder sb = null;\r
- String[] split = Split.split('.',user);\r
- int at;\r
- for(int i=split.length-1;i>=0;--i) {\r
- if(sb == null) {\r
- sb = new StringBuilder();\r
- } else {\r
- sb.append('.');\r
- }\r
-\r
- if((at = split[i].indexOf('@'))>0) {\r
- sb.append(split[i].subSequence(at+1, split[i].length()));\r
- } else {\r
- sb.append(split[i]);\r
- }\r
- }\r
- \r
- return sb==null?"":sb.toString();\r
- }\r
-\r
- protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;\r
- \r
- public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;\r
-\r
-\r
- public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;\r
-\r
-\r
- public String getRealm() {\r
- return realm;\r
-\r
- }\r
-\r
- public SecuritySetter<CLIENT> set(SecuritySetter<CLIENT> ss) {\r
- this.ss = ss;\r
- if(client!=null) {\r
- client.setSecuritySetter(ss);\r
- }\r
- return ss;\r
- }\r
- \r
- public SecurityInfo<CLIENT> securityInfo() {\r
- return si;\r
- }\r
-\r
- public String defID() {\r
- if(ss!=null) {\r
- return ss.getID();\r
- }\r
- return "unknown";\r
- }\r
- \r
- public void invalidate() throws CadiException {\r
- if(client!=null) {\r
- client.invalidate();\r
- }\r
- client = null;\r
- }\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-import java.net.ConnectException;\r
-import java.net.URI;\r
-import java.security.GeneralSecurityException;\r
-import java.security.Principal;\r
-import java.util.Properties;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import com.att.cadi.Access;\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.LocatorException;\r
-import com.att.cadi.SecuritySetter;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.client.Retryable;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.config.SecurityInfo;\r
-import com.att.cadi.dme2.DME2BasicAuth;\r
-import com.att.cadi.dme2.DME2TransferSS;\r
-import com.att.cadi.dme2.DME2x509SS;\r
-import com.att.cadi.dme2.DRcli;\r
-import com.att.cadi.principal.BasicPrincipal;\r
-import com.att.inno.env.APIException;\r
-\r
-public class AAFConDME2 extends AAFCon<DME2Client>{\r
- private DME2Manager manager;\r
-\r
- public AAFConDME2(Access access) throws CadiException, GeneralSecurityException, IOException{\r
- super(access,Config.AAF_URL,new SecurityInfo<DME2Client> (access));\r
- manager = newManager(access);\r
- }\r
- \r
- public AAFConDME2(Access access, String url) throws CadiException, GeneralSecurityException, IOException{\r
- super(access,url,new SecurityInfo<DME2Client> (access));\r
- manager = newManager(access);\r
- }\r
-\r
- public AAFConDME2(Access access, SecurityInfo<DME2Client> si) throws CadiException {\r
- super(access,Config.AAF_URL,si);\r
- manager = newManager(access);\r
- }\r
-\r
- public AAFConDME2(Access access, String url, SecurityInfo<DME2Client> si) throws CadiException {\r
- super(access,url,si);\r
- manager = newManager(access);\r
- }\r
-\r
- private DME2Manager newManager(Access access) throws CadiException {\r
- Properties props = new Properties();\r
- Config.cadiToDME2(access, props);\r
- try {\r
- return new DME2Manager("AAFCon",props);\r
- } catch (DME2Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuth(java.lang.String, java.lang.String)\r
- */\r
- @Override\r
- public SecuritySetter<DME2Client> basicAuth(String user, String password) throws CadiException {\r
- if(password.startsWith("enc:???")) {\r
- try {\r
- password = access.decrypt(password, true);\r
- } catch (IOException e) {\r
- throw new CadiException("Error Decrypting Password",e);\r
- }\r
- }\r
-\r
- try {\r
- return set(new DME2BasicAuth(user,password,si));\r
- } catch (IOException e) {\r
- throw new CadiException("Error setting up DME2BasicAuth",e);\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#rclient(java.net.URI, com.att.cadi.SecuritySetter)\r
- */\r
- @Override\r
- protected Rcli<DME2Client> rclient(URI uri, SecuritySetter<DME2Client> ss) {\r
- DRcli dc = new DRcli(uri, ss);\r
- dc.setManager(manager);\r
- return dc;\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> transferSS(Principal principal) throws CadiException {\r
- try {\r
- return principal==null?ss:new DME2TransferSS(principal, app);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating DME2TransferSS",e);\r
- }\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> basicAuthSS(BasicPrincipal principal) throws CadiException {\r
- try {\r
- return new DME2BasicAuth(principal,si);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating DME2BasicAuth",e);\r
- }\r
-\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> x509Alias(String alias) throws CadiException {\r
- try {\r
- return new DME2x509SS(alias,si);\r
- } catch (Exception e) {\r
- throw new CadiException("Error creating DME2x509SS",e);\r
- }\r
- }\r
-\r
- @Override\r
- public <RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException {\r
- // NOTE: DME2 had Retry Logic embedded lower. \r
- try {\r
- return (retryable.code(rclient(initURI,ss)));\r
- } catch (ConnectException e) {\r
- // DME2 should catch\r
- try {\r
- manager.refresh();\r
- } catch (Exception e1) {\r
- throw new CadiException(e1);\r
- }\r
- throw new CadiException(e);\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-import java.net.HttpURLConnection;\r
-import java.net.URI;\r
-import java.security.GeneralSecurityException;\r
-import java.security.Principal;\r
-\r
-import com.att.cadi.Access;\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.Locator;\r
-import com.att.cadi.LocatorException;\r
-import com.att.cadi.SecuritySetter;\r
-import com.att.cadi.client.AbsTransferSS;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.client.Retryable;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.config.SecurityInfo;\r
-import com.att.cadi.http.HBasicAuthSS;\r
-import com.att.cadi.http.HMangr;\r
-import com.att.cadi.http.HRcli;\r
-import com.att.cadi.http.HTransferSS;\r
-import com.att.cadi.http.HX509SS;\r
-import com.att.cadi.principal.BasicPrincipal;\r
-import com.att.inno.env.APIException;\r
-\r
-public class AAFConHttp extends AAFCon<HttpURLConnection> {\r
- private final HMangr hman;\r
-\r
- public AAFConHttp(Access access) throws CadiException, GeneralSecurityException, IOException {\r
- super(access,Config.AAF_URL,new SecurityInfo<HttpURLConnection>(access));\r
- hman = new HMangr(access,Config.loadLocator(access, access.getProperty(Config.AAF_URL,null)));\r
- }\r
-\r
- public AAFConHttp(Access access, String tag) throws CadiException, GeneralSecurityException, IOException {\r
- super(access,tag,new SecurityInfo<HttpURLConnection>(access));\r
- hman = new HMangr(access,Config.loadLocator(access, access.getProperty(tag,null)));\r
- }\r
-\r
- public AAFConHttp(Access access, String urlTag, SecurityInfo<HttpURLConnection> si) throws CadiException {\r
- super(access,urlTag,si);\r
- hman = new HMangr(access,Config.loadLocator(access, access.getProperty(urlTag,null)));\r
- }\r
-\r
- public AAFConHttp(Access access, Locator locator) throws CadiException, GeneralSecurityException, IOException {\r
- super(access,Config.AAF_URL,new SecurityInfo<HttpURLConnection>(access));\r
- hman = new HMangr(access,locator);\r
- }\r
-\r
- public AAFConHttp(Access access, Locator locator, SecurityInfo<HttpURLConnection> si) throws CadiException {\r
- super(access,Config.AAF_URL,si);\r
- hman = new HMangr(access,locator);\r
- }\r
-\r
- public AAFConHttp(Access access, Locator locator, SecurityInfo<HttpURLConnection> si, String tag) throws CadiException {\r
- super(access,tag,si);\r
- hman = new HMangr(access, locator);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuth(java.lang.String, java.lang.String)\r
- */\r
- @Override\r
- public SecuritySetter<HttpURLConnection> basicAuth(String user, String password) throws CadiException {\r
- if(password.startsWith("enc:???")) {\r
- try {\r
- password = access.decrypt(password, true);\r
- } catch (IOException e) {\r
- throw new CadiException("Error decrypting password",e);\r
- }\r
- }\r
- try {\r
- return set(new HBasicAuthSS(user,password,si));\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating HBasicAuthSS",e);\r
- }\r
- }\r
-\r
- public SecuritySetter<HttpURLConnection> x509Alias(String alias) throws APIException, CadiException {\r
- try {\r
- return set(new HX509SS(alias,si));\r
- } catch (Exception e) {\r
- throw new CadiException("Error creating X509SS",e);\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#rclient(java.net.URI, com.att.cadi.SecuritySetter)\r
- */\r
- @Override\r
- protected Rcli<HttpURLConnection> rclient(URI ignoredURI, SecuritySetter<HttpURLConnection> ss) throws CadiException {\r
- try {\r
- return new HRcli(hman, hman.loc.best() ,ss);\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
- @Override\r
- public AbsTransferSS<HttpURLConnection> transferSS(Principal principal) throws CadiException {\r
- return new HTransferSS(principal, app,si);\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuthSS(java.security.Principal)\r
- */\r
- @Override\r
- public SecuritySetter<HttpURLConnection> basicAuthSS(BasicPrincipal principal) throws CadiException {\r
- try {\r
- return new HBasicAuthSS(principal,si);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating HBasicAuthSS",e);\r
- }\r
- }\r
-\r
- public HMangr hman() {\r
- return hman;\r
- }\r
-\r
- @Override\r
- public <RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException {\r
- return hman.best(ss, (Retryable<RET>)retryable);\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.net.ConnectException;\r
-import java.net.URISyntaxException;\r
-import java.security.Principal;\r
-import java.util.Map;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.cadi.AbsUserCache;\r
-import com.att.cadi.Access;\r
-import com.att.cadi.Access.Level;\r
-import com.att.cadi.CachedPrincipal.Resp;\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.Permission;\r
-import com.att.cadi.User;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.client.Future;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.client.Retryable;\r
-import com.att.inno.env.APIException;\r
-\r
-import aaf.v2_0.Perm;\r
-import aaf.v2_0.Perms;\r
-\r
-/**\r
- * Use AAF Service as Permission Service.\r
- * \r
- * This Lur goes after AAF Permissions, which are elements of Roles, not the Roles themselves.\r
- * \r
- * If you want a simple Role Lur, use AAFRoleLur\r
- * \r
- *\r
- */\r
-public class AAFLurPerm extends AbsAAFLur<AAFPermission> {\r
- /**\r
- * Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this\r
- * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com". \r
- * \r
- * The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.\r
- * Thus, we validate that the ID portion follows the rules before we waste time accessing AAF remotely\r
- * @throws APIException \r
- * @throws URISyntaxException \r
- * @throws DME2Exception \r
- */\r
- // Package on purpose\r
- AAFLurPerm(AAFCon<?> con) throws CadiException, DME2Exception, URISyntaxException, APIException {\r
- super(con);\r
- }\r
-\r
- // Package on purpose\r
- AAFLurPerm(AAFCon<?> con, AbsUserCache<AAFPermission> auc) throws DME2Exception, URISyntaxException, APIException {\r
- super(con,auc);\r
- }\r
-\r
- protected User<AAFPermission> loadUser(Principal p) {\r
- // Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't \r
- // have domains. We are going to make the Transitive Class (see this.transmutative) to convert\r
- Principal principal = transmutate.mutate(p);\r
- if(principal==null)return null; // if not a valid Transmutated credential, don't bother calling...\r
- return loadUser(p, p.getName());\r
- }\r
- \r
- protected User<AAFPermission> loadUser(String name) {\r
- return loadUser((Principal)null, name);\r
- }\r
- \r
- private User<AAFPermission> loadUser(final Principal prin, final String name) {\r
- \r
- //TODO Create a dynamic way to declare domains supported.\r
- final long start = System.nanoTime();\r
- final boolean[] success = new boolean[]{false};\r
- \r
-// new Exception("loadUser").printStackTrace();\r
- try {\r
- return aaf.best(new Retryable<User<AAFPermission>>() {\r
- @Override\r
- public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
- Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF);\r
- \r
- // In the meantime, lookup User, create if necessary\r
- User<AAFPermission> user = getUser(name);\r
- Principal p;\r
- if(prin == null) {\r
- p = new Principal() {// Create a holder for lookups\r
- private String n = name;\r
- public String getName() {\r
- return n;\r
- }\r
- };\r
- } else {\r
- p = prin;\r
- }\r
- \r
- if(user==null) {\r
- addUser(user = new User<AAFPermission>(p,aaf.userExpires)); // no password\r
- }\r
- \r
- // OK, done all we can, now get content\r
- if(fp.get(aaf.timeout)) {\r
- success[0]=true;\r
- Map<String, Permission> newMap = user.newMap();\r
- for(Perm perm : fp.value.getPerm()) {\r
- user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction()));\r
- aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');\r
- }\r
- user.setMap(newMap);\r
- user.renewPerm();\r
- } else {\r
- int code;\r
- switch(code=fp.code()) {\r
- case 401:\r
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");\r
- break;\r
- default:\r
- aaf.access.log(Access.Level.ERROR, code, fp.body());\r
- }\r
- }\r
-\r
- return user;\r
- }\r
- });\r
- } catch (Exception e) {\r
- aaf.access.log(e,"Calling","/authz/perms/user/"+name);\r
- return null;\r
- } finally {\r
- float time = (System.nanoTime()-start)/1000000f;\r
- aaf.access.log(Level.AUDIT, success[0]?"Loaded":"Load Failure",name,"from AAF in",time,"ms");\r
- }\r
- }\r
-\r
- public Resp reload(User<AAFPermission> user) {\r
- final String name = user.principal.getName();\r
- long start = System.nanoTime();\r
- boolean success = false;\r
- try {\r
- Future<Perms> fp = aaf.client(AAFCon.AAF_VERSION).read(\r
- "/authz/perms/user/"+name,\r
- aaf.permsDF\r
- );\r
- \r
- // OK, done all we can, now get content\r
- if(fp.get(aaf.timeout)) {\r
- success = true;\r
- Map<String,Permission> newMap = user.newMap(); \r
- for(Perm perm : fp.value.getPerm()) {\r
- user.add(newMap, new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction()));\r
- aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());\r
- }\r
- user.renewPerm();\r
- return Resp.REVALIDATED;\r
- } else {\r
- int code;\r
- switch(code=fp.code()) {\r
- case 401:\r
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");\r
- break;\r
- default:\r
- aaf.access.log(Access.Level.ERROR, code, fp.body());\r
- }\r
- return Resp.UNVALIDATED;\r
- }\r
- } catch (Exception e) {\r
- aaf.access.log(e,"Calling","/authz/perms/user/"+name);\r
- return Resp.INACCESSIBLE;\r
- } finally {\r
- float time = (System.nanoTime()-start)/1000000f;\r
- aaf.access.log(Level.AUDIT, success?"Reloaded":"Reload Failure",name,"from AAF in",time,"ms");\r
- }\r
- }\r
-\r
- @Override\r
- protected boolean isCorrectPermType(Permission pond) {\r
- return pond instanceof AAFPermission;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import com.att.cadi.AbsUserCache;\r
-import com.att.cadi.Access.Level;\r
-import com.att.cadi.CachedPrincipal;\r
-import com.att.cadi.CachedPrincipal.Resp;\r
-import com.att.cadi.GetCred;\r
-import com.att.cadi.Hash;\r
-import com.att.cadi.Taf.LifeForm;\r
-import com.att.cadi.User;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.client.Future;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.principal.BasicPrincipal;\r
-import com.att.cadi.principal.CachedBasicPrincipal;\r
-import com.att.cadi.taf.HttpTaf;\r
-import com.att.cadi.taf.TafResp;\r
-import com.att.cadi.taf.TafResp.RESP;\r
-import com.att.cadi.taf.basic.BasicHttpTafResp;\r
-\r
-public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {\r
-// private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token";\r
-// private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable";\r
- private AAFCon<CLIENT> aaf;\r
- private boolean warn;\r
-\r
- public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {\r
- super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);\r
- aaf = con;\r
- warn = turnOnWarning;\r
- }\r
-\r
- public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {\r
- super(other);\r
- aaf = con;\r
- warn = turnOnWarning;\r
- }\r
-\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- //TODO Do we allow just anybody to validate?\r
-\r
- // Note: Either Carbon or Silicon based LifeForms ok\r
- String auth = req.getHeader("Authorization");\r
- \r
- System.out.println("value of auth ------1------- ++++++++++++++++++++++++++++++++++++++++++" +auth);\r
- \r
- if(auth == null) {\r
- return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);\r
- } else {\r
- if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");\r
- \r
- try {\r
- CachedBasicPrincipal bp = new CachedBasicPrincipal(this,auth,aaf.getRealm(),aaf.cleanInterval);\r
- System.out.println(" value of aaf.getRealm --------2--------- +++++++++++++++++++++++++++++++++++++++++++++" +aaf.getRealm() );\r
- //System.out.println(" value of bp +++++++++++++++++++++++++++++++++++++++++++" +bp.toString());\r
- System.out.println(" value of bp.getName() -------3----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getName().toString());\r
- System.out.println(" value of bp.getCred() -------4----- +++++++++++++++++++++++++++++++++++++++++++" +bp.getCred().toString());\r
- \r
- // First try Cache\r
- User<AAFPermission> usr = getUser(bp);\r
- \r
- // System.out.println(" value of usr -------5-------++++++++++++++++++++++++++++++++++++++++++" +usr.toString());\r
- \r
- if(usr != null && usr.principal != null) {\r
- if(usr.principal instanceof GetCred) {\r
- if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {\r
- \r
- return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
- }\r
- }\r
- }\r
- \r
- Miss miss = missed(bp.getName());\r
- System.out.println(" value of miss before if loop ---------6----- +++++++++++++++++++++++++++++++++++++" +miss );\r
- if(miss!=null && !miss.mayContinue(bp.getCred())) {\r
- \r
- System.out.println(" In if(miss!=null && !miss.mayContinue(bp.getCred())) -------7--------+++++++++++++++++++++++++++++++++++++++++++++");\r
- \r
- return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
- "User/Pass Retry limit exceeded"), \r
- RESP.FAIL,resp,aaf.getRealm(),true);\r
- }\r
- \r
- Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.basicAuthSS(bp));\r
- \r
- //System.out.println("value of userAAF ------8---- +++++++++++++++++++++++" +userAAF);\r
- //System.out.println("value of userAAF +++++++++++++++++++++++" +userAAF.);\r
- Future<String> fp = userAAF.read("/authn/basicAuth", "text/plain");\r
- \r
- //System.out.println("value of fp --------9------ +++++++++++++++++++++++" +fp.toString());\r
- \r
- if(fp.get(aaf.timeout)) {\r
- System.out.println("In fp.get check -----10----- +++++++++++++");\r
- if(usr!=null)usr.principal = bp;\r
-\r
- else addUser(new User<AAFPermission>(bp,aaf.cleanInterval));\r
- return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
- } else {\r
- // Note: AddMiss checks for miss==null, and is part of logic\r
- \r
- System.out.println(" In the else part --------11--------++++++++++++++ ");\r
- \r
- boolean rv= addMiss(bp.getName(),bp.getCred());\r
- System.out.println(" value of bp.getName() and bp.getCred() before if check ----12--- ++++++++++++!!!!!!!!!!!++++++++++" +bp.getName() +"and " +bp.getCred());\r
-\r
- if(rv) {\r
- System.out.println("In if(rv) check -----13----- +++++++++++++");\r
- return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
- "User/Pass combo invalid via AAF"), \r
- RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);\r
- } else {\r
- System.out.println("In if(rv) else check -----14----- +++++++++++++");\r
- return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
- "User/Pass combo invalid via AAF - Retry limit exceeded"), \r
- RESP.FAIL,resp,aaf.getRealm(),true);\r
- }\r
- }\r
- } catch (IOException e) {\r
- String msg = buildMsg(null,req,"Invalid Auth Token");\r
- System.out.println("In IOException catch block -----15----- +++++++++++++");\r
- e.getStackTrace();\r
- e.printStackTrace();\r
- aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');\r
- return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);\r
- } catch (Exception e) {\r
- String msg = buildMsg(null,req,"Authenticating Service unavailable");\r
- System.out.println("In Exception catch block -----16----- +++++++++++++");\r
- e.getStackTrace();\r
- e.printStackTrace();\r
- aaf.access.log(Level.INFO,msg,'(', e.getMessage(), ')');\r
- return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);\r
- }\r
- }\r
- }\r
- \r
- private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {\r
- StringBuilder sb = new StringBuilder();\r
- for(Object s : msg) {\r
- sb.append(s.toString());\r
- }\r
- if(pr!=null) {\r
- sb.append(" for ");\r
- sb.append(pr.getName());\r
- }\r
- sb.append(" from ");\r
- sb.append(req.getRemoteAddr());\r
- sb.append(':');\r
- sb.append(req.getRemotePort());\r
- return sb.toString();\r
- }\r
-\r
-\r
- \r
- public Resp revalidate(CachedPrincipal prin) {\r
- // !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal\r
- if(prin instanceof BasicPrincipal) {\r
- Future<String> fp;\r
- try {\r
- Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_VERSION).forUser(aaf.transferSS(prin));\r
- fp = userAAF.read("/authn/basicAuth", "text/plain");\r
- return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;\r
- } catch (Exception e) {\r
- aaf.access.log(e, "Cannot Revalidate",prin.getName());\r
- return Resp.INACCESSIBLE;\r
- }\r
- }\r
- return Resp.NOT_MINE;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import javax.servlet.http.HttpServletRequest ;\r
-\r
-import com.att.cadi.Lur;\r
-import com.att.cadi.TrustChecker;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.principal.TrustPrincipal;\r
-import com.att.cadi.taf.TafResp;\r
-import com.att.cadi.taf.TrustNotTafResp;\r
-import com.att.cadi.taf.TrustTafResp;\r
-import com.att.inno.env.util.Split;\r
-\r
-public class AAFTrustChecker implements TrustChecker {\r
- private final String tag,type,instance,action;\r
- private Lur lur;\r
-\r
- /**\r
- * \r
- * Instance will be replaced by Identity\r
- * @param lur \r
- * \r
- * @param tag\r
- * @param perm\r
- */\r
- public AAFTrustChecker(final String tag, final String perm) {\r
- this.tag = tag;\r
- String[] split = Split.split('|', perm);\r
- this.type = split[0];\r
- this.instance = split[1];\r
- this.action = split[2];\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.TrustChecker#setLur(com.att.cadi.Lur)\r
- */\r
- @Override\r
- public void setLur(Lur lur) {\r
- this.lur = lur;\r
- }\r
-\r
- @Override\r
- public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {\r
- String user_info = req.getHeader(tag);\r
- if(user_info !=null ) {\r
- String[] info = Split.split(',', user_info);\r
- if(info.length>0) {\r
- String[] flds = Split.split(':',info[0]);\r
- if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS"\r
- if(!tresp.getPrincipal().getName().equals(flds[0])) { // We do trust ourselves, if a trust entry is made with self\r
- if(lur.fish(tresp.getPrincipal(), new AAFPermission(type,instance,action))) {\r
- return new TrustTafResp(tresp,\r
- new TrustPrincipal(tresp.getPrincipal(), flds[0]),\r
- " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ','\r
- );\r
- } else {\r
- return new TrustNotTafResp(tresp, " " + tresp.getPrincipal().getName() + \r
- " requested identity change to " + flds[0] + ", but does not have Authorization");\r
- }\r
- }\r
- }\r
- }\r
- }\r
-\r
- return tresp;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf.v2_0;\r
-\r
-import java.net.URISyntaxException;\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.List;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.cadi.AbsUserCache;\r
-import com.att.cadi.Access.Level;\r
-import com.att.cadi.CachingLur;\r
-import com.att.cadi.Permission;\r
-import com.att.cadi.StrLur;\r
-import com.att.cadi.Transmutate;\r
-import com.att.cadi.User;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.aaf.AAFPermission;\r
-import com.att.cadi.aaf.AAFTransmutate;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.util.Split;\r
-\r
-public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements StrLur, CachingLur<PERM> {\r
- protected static final byte[] BLANK_PASSWORD = new byte[0];\r
- protected static final Transmutate<Principal> transmutate = new AAFTransmutate();\r
- private String[] debug = null;\r
- public AAFCon<?> aaf;\r
- private String[] supports;\r
-\r
- public AbsAAFLur(AAFCon<?> con) throws DME2Exception, URISyntaxException, APIException {\r
- super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);\r
- aaf = con;\r
- setLur(this);\r
- supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");\r
- }\r
-\r
- public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws DME2Exception, URISyntaxException, APIException {\r
- super(auc);\r
- aaf = con;\r
- setLur(this);\r
- supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");\r
- }\r
-\r
- @Override\r
- public void setDebug(String ids) {\r
- this.debug = ids==null?null:Split.split(',', ids);\r
- }\r
- \r
- protected abstract User<PERM> loadUser(Principal bait);\r
- protected abstract User<PERM> loadUser(String name);\r
- public final boolean supports(String userName) {\r
- if(userName!=null) {\r
- for(String s : supports) {\r
- if(userName.endsWith(s))\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
- \r
- protected abstract boolean isCorrectPermType(Permission pond);\r
- \r
- // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"\r
- public boolean fish(Principal bait, Permission pond) {\r
- return fish(bait.getName(), pond);\r
- }\r
-\r
- public void fishAll(Principal bait, List<Permission> perms) {\r
- fishAll(bait.getName(),perms);\r
- }\r
-\r
- // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"\r
- public boolean fish(String bait, Permission pond) {\r
- if(isDebug(bait)) {\r
- boolean rv = false;\r
- StringBuilder sb = new StringBuilder("Log for ");\r
- sb.append(bait);\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null) {\r
- sb.append("\n\tUser is not in Cache");\r
- } else {\r
- if(user.noPerms())sb.append("\n\tUser has no Perms");\r
- if(user.permExpired()) {\r
- sb.append("\n\tUser's perm expired [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- } else {\r
- sb.append("\n\tUser's perm expires [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- }\r
- }\r
- if(user==null || (user.noPerms() && user.permExpired())) {\r
- user = loadUser(bait);\r
- sb.append("\n\tloadUser called");\r
- }\r
- if(user==null) {\r
- sb.append("\n\tUser was not Loaded");\r
- } else if(user.contains(pond)) {\r
- sb.append("\n\tUser contains ");\r
- sb.append(pond.getKey());\r
- rv = true;\r
- } else {\r
- sb.append("\n\tUser does not contain ");\r
- sb.append(pond.getKey());\r
- List<Permission> perms = new ArrayList<Permission>();\r
- user.copyPermsTo(perms);\r
- for(Permission p : perms) {\r
- sb.append("\n\t\t");\r
- sb.append(p.getKey());\r
- }\r
- }\r
- } else {\r
- sb.append("AAF Lur does not support [");\r
- sb.append(bait);\r
- sb.append("]");\r
- }\r
- aaf.access.log(Level.INFO, sb);\r
- return rv;\r
- } else {\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null || (user.noPerms() && user.permExpired())) {\r
- user = loadUser(bait);\r
- }\r
- return user==null?false:user.contains(pond);\r
- }\r
- return false;\r
- }\r
- }\r
-\r
- public void fishAll(String bait, List<Permission> perms) {\r
- if(isDebug(bait)) {\r
- StringBuilder sb = new StringBuilder("Log for ");\r
- sb.append(bait);\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null) {\r
- sb.append("\n\tUser is not in Cache");\r
- } else {\r
- if(user.noPerms())sb.append("\n\tUser has no Perms");\r
- if(user.permExpired()) {\r
- sb.append("\n\tUser's perm expired [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- } else {\r
- sb.append("\n\tUser's perm expires [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- }\r
- }\r
- if(user==null || (user.noPerms() && user.permExpired())) {\r
- user = loadUser(bait);\r
- sb.append("\n\tloadUser called");\r
- }\r
- if(user==null) {\r
- sb.append("\n\tUser was not Loaded");\r
- } else {\r
- sb.append("\n\tCopying Perms ");\r
- user.copyPermsTo(perms);\r
- for(Permission p : perms) {\r
- sb.append("\n\t\t");\r
- sb.append(p.getKey());\r
- }\r
- }\r
- } else {\r
- sb.append("AAF Lur does not support [");\r
- sb.append(bait);\r
- sb.append("]");\r
- }\r
- aaf.access.log(Level.INFO, sb);\r
- } else {\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null || (user.noPerms() && user.permExpired())) user = loadUser(bait);\r
- if(user!=null) {\r
- user.copyPermsTo(perms);\r
- }\r
- }\r
- }\r
- }\r
- \r
- @Override\r
- public void remove(String user) {\r
- super.remove(user);\r
- }\r
-\r
- private boolean isDebug(String bait) {\r
- if(debug!=null) {\r
- if(debug.length==1 && "all".equals(debug[0]))return true;\r
- for(String s : debug) {\r
- if(s.equals(bait))return true;\r
- }\r
- }\r
- return false;\r
- }\r
- /**\r
- * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.\r
- * \r
- * @param bait\r
- * @param obj\r
- * @param type\r
- * @param instance\r
- * @param actions\r
- */\r
- public<A> void fishOneOf(String bait, A obj, String type, String instance, List<Action<A>> actions) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null || (user.noPerms() && user.permExpired()))user = loadUser(bait);\r
-// return user==null?false:user.contains(pond);\r
- if(user!=null) {\r
- ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);\r
- for(Action<A> action : actions) {\r
- perm.setAction(action.getName());\r
- if(user.contains(perm)) {\r
- if(action.exec(obj))return;\r
- }\r
- }\r
- }\r
- }\r
- \r
- public static interface Action<A> {\r
- public String getName();\r
- /**\r
- * Return false to continue, True to end now\r
- * @return\r
- */\r
- public boolean exec(A a);\r
- }\r
- \r
- private class ReuseAAFPermission extends AAFPermission {\r
- public ReuseAAFPermission(String type, String instance) {\r
- super(type,instance,null);\r
- }\r
-\r
- public void setAction(String s) {\r
- action = s;\r
- }\r
- \r
- /**\r
- * This function understands that AAF Keys are hierarchical, :A:B:C, \r
- * Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit\r
- * @return\r
- */\r
-// public boolean setParentInstance() {\r
-// int i = instance.lastIndexOf(':');\r
-// if(i<0) return false;\r
-// instance = instance.substring(0, i);\r
-// return true;\r
-// }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.io.FileOutputStream;\r
-import java.io.FileWriter;\r
-import java.io.IOException;\r
-import java.io.PrintStream;\r
-import java.io.PrintWriter;\r
-import java.security.KeyStore;\r
-import java.util.ArrayList;\r
-import java.util.HashMap;\r
-import java.util.List;\r
-import java.util.Map;\r
-\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.Symm;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.util.Chmod;\r
-import com.att.inno.env.Trans;\r
-import com.att.inno.env.util.Chrono;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public abstract class ArtifactDir implements PlaceArtifact {\r
-\r
- protected static final String C_R = "\n";\r
- protected File dir;\r
- private List<String> encodeds = new ArrayList<String>();\r
- \r
- private Symm symm;\r
- // This checks for multiple passes of Dir on the same objects. Run clear after done.\r
- protected static Map<String,Object> processed = new HashMap<String,Object>();\r
-\r
-\r
- /**\r
- * Note: Derived Classes should ALWAYS call "super.place(cert,arti)" first, and \r
- * then "placeProperties(arti)" just after they implement\r
- */\r
- @Override\r
- public final boolean place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- validate(arti);\r
- \r
- try {\r
- // Obtain/setup directory as required\r
- dir = new File(arti.getDir());\r
- if(processed.get("dir")==null) {\r
- if(!dir.exists()) {\r
- Chmod.to755.chmod(dir);\r
- if(!dir.mkdirs()) {\r
- throw new CadiException("Could not create " + dir);\r
- }\r
- }\r
- \r
- // Also place cm_url and Host Name\r
- addProperty(Config.CM_URL,trans.getProperty(Config.CM_URL));\r
- addProperty(Config.HOSTNAME,arti.getMachine());\r
- }\r
- symm = (Symm)processed.get("symm");\r
- if(symm==null) {\r
- // CADI Key Gen\r
- File f = new File(dir,arti.getAppName() + ".keyfile");\r
- if(!f.exists()) {\r
- write(f,Chmod.to400,Symm.baseCrypt().keygen());\r
- }\r
- symm = Symm.obtain(f); \r
-\r
- addEncProperty("ChallengePassword", certInfo.getChallenge());\r
- \r
- processed.put("symm",symm);\r
- }\r
-\r
- _place(trans, certInfo,arti);\r
- \r
- placeProperties(arti);\r
- \r
- processed.put("dir",dir);\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
-\r
- /**\r
- * Derived Classes implement this instead, so Dir can process first, and write any Properties last\r
- * @param cert\r
- * @param arti\r
- * @return\r
- * @throws CadiException\r
- */\r
- protected abstract boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException;\r
-\r
- protected void addProperty(String tag, String value) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append(tag);\r
- sb.append('=');\r
- sb.append(value);\r
- encodeds.add(sb.toString());\r
- }\r
-\r
- protected void addEncProperty(String tag, String value) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append(tag);\r
- sb.append('=');\r
- sb.append("enc:???");\r
- sb.append(symm.enpass(value));\r
- encodeds.add(sb.toString());\r
- }\r
-\r
- protected void write(File f, Chmod c, String ... data) throws IOException {\r
- f.setWritable(true,true);\r
- \r
- FileOutputStream fos = new FileOutputStream(f);\r
- PrintStream ps = new PrintStream(fos);\r
- try {\r
- for(String s : data) {\r
- ps.print(s);\r
- }\r
- } finally {\r
- ps.close();\r
- c.chmod(f);\r
- }\r
- }\r
-\r
- protected void write(File f, Chmod c, byte[] bytes) throws IOException {\r
- f.setWritable(true,true);\r
- \r
- FileOutputStream fos = new FileOutputStream(f);\r
- try {\r
- fos.write(bytes);\r
- } finally {\r
- fos.close();\r
- c.chmod(f);\r
- }\r
- }\r
- \r
- protected void write(File f, Chmod c, KeyStore ks, char[] pass ) throws IOException, CadiException {\r
- f.setWritable(true,true);\r
- \r
- FileOutputStream fos = new FileOutputStream(f);\r
- try {\r
- ks.store(fos, pass);\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- } finally {\r
- fos.close();\r
- c.chmod(f);\r
- }\r
- }\r
-\r
-\r
- private void validate(Artifact a) throws CadiException {\r
- StringBuilder sb = new StringBuilder();\r
- if(a.getDir()==null) {\r
- sb.append("File Artifacts require a path");\r
- }\r
-\r
- if(a.getAppName()==null) {\r
- if(sb.length()>0) {\r
- sb.append('\n');\r
- }\r
- sb.append("File Artifacts require an appName");\r
- }\r
- \r
- if(sb.length()>0) {\r
- throw new CadiException(sb.toString());\r
- }\r
- }\r
-\r
- private boolean placeProperties(Artifact arti) throws CadiException {\r
- if(encodeds.size()==0) {\r
- return true;\r
- }\r
- boolean first=processed.get("dir")==null;\r
- try {\r
- File f = new File(dir,arti.getAppName()+".props");\r
- if(f.exists()) {\r
- if(first) {\r
- f.delete();\r
- } else {\r
- f.setWritable(true);\r
- }\r
- }\r
- // Append if not first\r
- PrintWriter pw = new PrintWriter(new FileWriter(f,!first));\r
- \r
- // Write a Header\r
- if(first) {\r
- for(int i=0;i<60;++i) {\r
- pw.print('#');\r
- }\r
- pw.println();\r
- pw.println("# Properties Generated by AT&T Certificate Manager");\r
- pw.print("# by ");\r
- pw.println(System.getProperty("user.name"));\r
- pw.print("# on ");\r
- pw.println(Chrono.dateStamp());\r
- pw.println("# @copyright 2016, AT&T");\r
- for(int i=0;i<60;++i) {\r
- pw.print('#');\r
- }\r
- pw.println();\r
- for(String prop : encodeds) {\r
- if(prop.startsWith("cm_") || prop.startsWith(Config.HOSTNAME)) {\r
- pw.println(prop);\r
- }\r
- }\r
- }\r
- \r
- try {\r
- for(String prop : encodeds) {\r
- if(prop.startsWith("cadi")) {\r
- pw.println(prop);\r
- }\r
- }\r
- } finally {\r
- pw.close();\r
- }\r
- Chmod.to400.chmod(f);\r
- \r
- if(first) {\r
- // Challenge\r
- f = new File(dir,arti.getAppName()+".chal");\r
- if(f.exists()) {\r
- f.delete();\r
- }\r
- pw = new PrintWriter(new FileWriter(f));\r
- try {\r
- for(String prop : encodeds) {\r
- if(prop.startsWith("Challenge")) {\r
- pw.println(prop);\r
- }\r
- }\r
- } finally {\r
- pw.close();\r
- }\r
- Chmod.to400.chmod(f);\r
- }\r
- } catch(Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
- \r
- public static void clear() {\r
- processed.clear();\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-public class CertException extends Exception {\r
-\r
- /**\r
- * \r
- */\r
- private static final long serialVersionUID = 1373028409048516401L;\r
-\r
- public CertException() {\r
- }\r
-\r
- public CertException(String message) {\r
- super(message);\r
- }\r
-\r
- public CertException(Throwable cause) {\r
- super(cause);\r
- }\r
-\r
- public CertException(String message, Throwable cause) {\r
- super(message, cause);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.IOException;\r
-import java.io.InputStreamReader;\r
-import java.net.InetAddress;\r
-import java.net.UnknownHostException;\r
-import java.security.KeyStore;\r
-import java.security.cert.X509Certificate;\r
-import java.util.ArrayDeque;\r
-import java.util.Deque;\r
-import java.util.GregorianCalendar;\r
-import java.util.HashMap;\r
-import java.util.Iterator;\r
-import java.util.Map;\r
-import java.util.Map.Entry;\r
-import java.util.Properties;\r
-\r
-import com.att.cadi.Access;\r
-import com.att.cadi.Symm;\r
-import com.att.cadi.aaf.client.ErrMessage;\r
-import com.att.cadi.aaf.v2_0.AAFCon;\r
-import com.att.cadi.aaf.v2_0.AAFConHttp;\r
-import com.att.cadi.client.EnvAccess;\r
-import com.att.cadi.client.Future;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.http.HBasicAuthSS;\r
-import com.att.inno.env.Data.TYPE;\r
-import com.att.inno.env.Env;\r
-import com.att.inno.env.TimeTaken;\r
-import com.att.inno.env.Trans;\r
-import com.att.inno.env.util.Chrono;\r
-import com.att.inno.env.util.Split;\r
-import com.att.rosetta.env.RosettaDF;\r
-import com.att.rosetta.env.RosettaEnv;\r
-\r
-import certman.v1_0.Artifacts;\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-import certman.v1_0.CertificateRequest;\r
-\r
-public class CmAgent {\r
- private static final String PRINT = "print";\r
- private static final String FILE = "file";\r
- private static final String PKCS12 = "pkcs12";\r
- private static final String JKS = "jks";\r
- private static final String SCRIPT="script";\r
- \r
- private static final String CM_VER = "1.0";\r
- public static final int PASS_SIZE = 24;\r
- private static int TIMEOUT;\r
- \r
- private static MyConsole cons;\r
- \r
- private static RosettaDF<CertificateRequest> reqDF;\r
- private static RosettaDF<CertInfo> certDF;\r
- private static RosettaDF<Artifacts> artifactsDF;\r
- private static ErrMessage errMsg;\r
- private static Map<String,PlaceArtifact> placeArtifact;\r
- private static RosettaEnv env;\r
-\r
- public static void main(String[] args) {\r
- int exitCode = 0;\r
- env = new RosettaEnv(Config.CADI_PROP_FILES,args);\r
- Deque<String> cmds = new ArrayDeque<String>();\r
- for(String p : args) {\r
- if(p.indexOf('=')<0) {\r
- cmds.add(p);\r
- }\r
- }\r
- \r
- if(cmds.size()==0) {\r
- System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");\r
- System.out.println(" create <mechID> [<machine>]");\r
- System.out.println(" read <mechID> [<machine>]");\r
- System.out.println(" update <mechID> [<machine>]");\r
- System.out.println(" delete <mechID> [<machine>]");\r
- System.out.println(" copy <mechID> <machine> <newmachine>[,<newmachine>]*");\r
- System.out.println(" place <mechID> [<machine>]");\r
- System.out.println(" showpass <mechID> [<machine>]");\r
- System.out.println(" check <mechID> [<machine>]");\r
- System.exit(1);\r
- }\r
- \r
- TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000"));\r
- cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole();\r
-\r
- try {\r
- reqDF = env.newDataFactory(CertificateRequest.class);\r
- artifactsDF = env.newDataFactory(Artifacts.class);\r
- certDF = env.newDataFactory(CertInfo.class);\r
- errMsg = new ErrMessage(env);\r
-\r
- placeArtifact = new HashMap<String,PlaceArtifact>();\r
- placeArtifact.put(JKS, new PlaceArtifactInKeystore(JKS));\r
- placeArtifact.put(PKCS12, new PlaceArtifactInKeystore(PKCS12));\r
- placeArtifact.put(FILE, new PlaceArtifactInFiles());\r
- placeArtifact.put(PRINT, new PlaceArtifactOnStream(System.out));\r
- placeArtifact.put(SCRIPT, new PlaceArtifactScripts());\r
- \r
- Access access = new EnvAccess(env);\r
- Trans trans = env.newTrans();\r
- try {\r
- getProperty(env,false, Config.CM_URL,Config.CM_URL+": ");\r
- String str=env.getProperty(Config.CADI_ALIAS);\r
- if(str==null) { // ask for MechID pass\r
- getProperty(env,false,Config.AAF_MECHID,"Your Identity: ");\r
- getProperty(env,true,Config.AAF_MECHPASS,"Password: ");\r
- }\r
- AAFCon<?> aafcon = new AAFConHttp(access,Config.CM_URL);\r
- \r
- String cmd = cmds.removeFirst();\r
- if("place".equals(cmd)) {\r
- placeCerts(trans,aafcon,cmds);\r
- } else if("create".equals(cmd)) {\r
- createArtifact(trans, aafcon,cmds);\r
- } else if("read".equals(cmd)) {\r
- readArtifact(trans, aafcon, cmds);\r
- } else if("copy".equals(cmd)) {\r
- copyArtifact(trans, aafcon, cmds);\r
- } else if("update".equals(cmd)) {\r
- updateArtifact(trans, aafcon, cmds);\r
- } else if("delete".equals(cmd)) {\r
- deleteArtifact(trans, aafcon, cmds);\r
- } else if("showpass".equals(cmd)) {\r
- showPass(trans,aafcon,cmds);\r
- } else if("check".equals(cmd)) {\r
- try {\r
- exitCode = check(trans,aafcon,cmds);\r
- } catch (Exception e) {\r
- exitCode = 1;\r
- throw e;\r
- }\r
- } else {\r
- cons.printf("Unknown command \"%s\"\n", cmd);\r
- }\r
- } finally {\r
- StringBuilder sb = new StringBuilder();\r
- trans.auditTrail(4, sb, Trans.REMOTE);\r
- if(sb.length()>0) {\r
- trans.info().log("Trans Info\n",sb);\r
- }\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- if(exitCode!=0) {\r
- System.exit(exitCode);\r
- }\r
- }\r
-\r
- private static String getProperty(Env env, boolean secure, String tag, String prompt, Object ... def) {\r
- String value;\r
- if((value=env.getProperty(tag))==null) {\r
- if(secure) {\r
- value = new String(cons.readPassword(prompt, def));\r
- } else {\r
- value = cons.readLine(prompt,def).trim();\r
- }\r
- if(value!=null) {\r
- if(value.length()>0) {\r
- env.setProperty(tag,value);\r
- } else if(def.length==1) {\r
- value=def[0].toString();\r
- env.setProperty(tag,value);\r
- }\r
- }\r
- }\r
- return value;\r
- }\r
-\r
- private interface MyConsole {\r
- public String readLine(String fmt, Object ... args);\r
- public char[] readPassword(String fmt, Object ... args);\r
- public void printf(String fmt, Object ...args);\r
- }\r
-\r
- private static class TheConsole implements MyConsole {\r
- @Override\r
- public String readLine(String fmt, Object... args) {\r
- String rv = System.console().readLine(fmt, args);\r
- if(args.length>0 && args[0]!=null && rv.length()==0) {\r
- rv = args[0].toString();\r
- }\r
- return rv;\r
- }\r
-\r
- @Override\r
- public char[] readPassword(String fmt, Object... args) {\r
- return System.console().readPassword(fmt, args);\r
- }\r
- \r
- public static boolean implemented() {\r
- return System.console()!=null;\r
- }\r
-\r
- @Override\r
- public void printf(String fmt, Object... args) {\r
- System.console().printf(fmt, args);\r
- }\r
- }\r
- \r
- // Substandard, because System.in doesn't do Passwords..\r
- private static class SubStandardConsole implements MyConsole {\r
- BufferedReader br = new BufferedReader(new InputStreamReader(System.in));\r
- @Override\r
- public String readLine(String fmt, Object... args) {\r
- String rv;\r
- try {\r
- System.out.printf(fmt,args);\r
- rv = br.readLine();\r
- if(args.length==1 && rv.length()==0) {\r
- rv = args[0].toString();\r
- }\r
- } catch (IOException e) {\r
- System.err.println("uh oh...");\r
- rv = "";\r
- }\r
- return rv;\r
- }\r
-\r
- @Override\r
- public char[] readPassword(String fmt, Object... args) {\r
- try {\r
- System.out.printf(fmt,args);\r
- return br.readLine().toCharArray();\r
- } catch (IOException e) {\r
- System.err.println("uh oh...");\r
- return new char[0];\r
- }\r
- }\r
-\r
- @Override\r
- public void printf(String fmt, Object... args) {\r
- System.out.printf(fmt, args);\r
- }\r
- }\r
-\r
-// private static class AutoData implements MyConsole {\r
-//// private Env env;\r
-// private Map<String,String> data;\r
-//\r
-// @Override\r
-// public String readLine(String fmt, Object... args) {\r
-// String rv=data.get(fmt);\r
-// return rv==null?"":rv;\r
-// }\r
-//\r
-// @Override\r
-// public char[] readPassword(String fmt, Object... args) {\r
-// String rv=data.get(fmt);\r
-// return rv==null?new char[0]:rv.toCharArray();\r
-// }\r
-// \r
-// @Override\r
-// public void printf(String fmt, Object... args) {\r
-// System.out.printf(fmt, args);\r
-// }\r
-//\r
-// }\r
-// \r
- private static String mechID(Deque<String> cmds) {\r
- if(cmds.size()<1) {\r
- String alias = env.getProperty(Config.CADI_ALIAS);\r
- return alias!=null?alias:cons.readLine("MechID: ");\r
- }\r
- return cmds.removeFirst(); \r
- }\r
-\r
- private static String machine(Deque<String> cmds) throws UnknownHostException {\r
- if(cmds.size()>0) {\r
- return cmds.removeFirst();\r
- } else {\r
- String mach = env.getProperty(Config.HOSTNAME);\r
- return mach!=null?mach:InetAddress.getLocalHost().getHostName();\r
- }\r
- }\r
-\r
- private static String[] machines(Deque<String> cmds) {\r
- String machines;\r
- if(cmds.size()>0) {\r
- machines = cmds.removeFirst();\r
- } else {\r
- machines = cons.readLine("Machines (sep by ','): ");\r
- }\r
- return Split.split(',', machines);\r
- }\r
-\r
- private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- Artifacts artifacts = new Artifacts();\r
- Artifact arti = new Artifact();\r
- artifacts.getArtifact().add(arti);\r
- arti.setMechid(mechID!=null?mechID:cons.readLine("MechID: "));\r
- arti.setMachine(machine!=null?machine:cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));\r
- arti.setCa(cons.readLine("CA: (%s): ","aaf"));\r
- \r
- String resp = cons.readLine("Types [file,jks,pkcs12] (%s): ", "jks");\r
- for(String s : Split.splitTrim(',', resp)) {\r
- arti.getType().add(s);\r
- }\r
- // Always do Script\r
- if(!resp.contains(SCRIPT)) {\r
- arti.getType().add(SCRIPT);\r
- }\r
-\r
- // Note: Sponsor is set on Creation by CM\r
- String configRootName = AAFCon.reverseDomain(arti.getMechid());\r
- arti.setAppName(cons.readLine("AppName (%s): ",configRootName));\r
- arti.setDir(cons.readLine("Directory (%s): ", System.getProperty("user.dir")));\r
- arti.setOsUser(cons.readLine("OS User (%s): ", System.getProperty("user.name")));\r
- arti.setRenewDays(Integer.parseInt(cons.readLine("Renewal Days (%s):", "30")));\r
- arti.setNotification(toNotification(cons.readLine("Notification (mailto owner):", "")));\r
- \r
- TimeTaken tt = trans.start("Create Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts);\r
- if(future.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine());\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- private static String toNotification(String notification) {\r
- if(notification==null) {\r
- notification="";\r
- } else if(notification.length()>0) {\r
- if(notification.indexOf(':')<0) {\r
- notification = "mailto:" + notification;\r
- }\r
- }\r
- return notification;\r
- }\r
- \r
-\r
- private static void readArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Read Artifact", Env.SUB);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(future.get(TIMEOUT)) {\r
- boolean printed = false;\r
- for(Artifact a : future.value.getArtifact()) {\r
- cons.printf("MechID: %s\n",a.getMechid()); \r
- cons.printf(" Sponsor: %s\n",a.getSponsor()); \r
- cons.printf("Machine: %s\n",a.getMachine()); \r
- cons.printf("CA: %s\n",a.getCa()); \r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(String t : a.getType()) {\r
- if(first) {first=false;}\r
- else{sb.append(',');}\r
- sb.append(t);\r
- }\r
- cons.printf("Types: %s\n",sb);\r
- cons.printf("AppName: %s\n",a.getAppName()); \r
- cons.printf("Directory: %s\n",a.getDir());\r
- cons.printf("O/S User: %s\n",a.getOsUser());\r
- cons.printf("Renew Days: %d\n",a.getRenewDays());\r
- cons.printf("Notification %s\n",a.getNotification());\r
- printed = true;\r
- }\r
- if(!printed) {\r
- cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- private static void copyArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- String[] newmachs = machines(cmds);\r
- if(newmachs==null || newmachs == null) {\r
- trans.error().log("No machines listed to copy to");\r
- } else {\r
- TimeTaken tt = trans.start("Copy Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(future.get(TIMEOUT)) {\r
- boolean printed = false;\r
- for(Artifact a : future.value.getArtifact()) {\r
- for(String m : newmachs) {\r
- a.setMachine(m);\r
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, future.value);\r
- if(fup.get(TIMEOUT)) {\r
- trans.info().printf("Copy of %s %s successful to %s",mechID,machine,m);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(fup));\r
- }\r
- \r
- printed = true;\r
- }\r
- }\r
- if(!printed) {\r
- cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- }\r
-\r
- private static void updateArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Update Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> fread = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(fread.get(TIMEOUT)) {\r
- Artifacts artifacts = new Artifacts();\r
- for(Artifact a : fread.value.getArtifact()) {\r
- Artifact arti = new Artifact();\r
- artifacts.getArtifact().add(arti);\r
- \r
- cons.printf("For %s on %s\n", a.getMechid(),a.getMachine());\r
- arti.setMechid(a.getMechid());\r
- arti.setMachine(a.getMachine());\r
- arti.setCa(cons.readLine("CA: (%s): ",a.getCa()));\r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(String t : a.getType()) {\r
- if(first) {first=false;}\r
- else{sb.append(',');}\r
- sb.append(t);\r
- }\r
- \r
- String resp = cons.readLine("Types [file,jks,pkcs12] (%s): ", sb);\r
- for(String s : Split.splitTrim(',', resp)) {\r
- arti.getType().add(s);\r
- }\r
- // Always do Script\r
- if(!resp.contains(SCRIPT)) {\r
- arti.getType().add(SCRIPT);\r
- }\r
-\r
- // Note: Sponsor is set on Creation by CM\r
- arti.setAppName(cons.readLine("AppName (%s): ",a.getAppName()));\r
- arti.setDir(cons.readLine("Directory (%s): ", a.getDir()));\r
- arti.setOsUser(cons.readLine("OS User (%s): ", a.getOsUser()));\r
- arti.setRenewDays(Integer.parseInt(cons.readLine("Renew Days (%s):", a.getRenewDays())));\r
- arti.setNotification(toNotification(cons.readLine("Notification (%s):", a.getNotification())));\r
- \r
- }\r
- if(artifacts.getArtifact().size()==0) {\r
- cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- } else {\r
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, artifacts);\r
- if(fup.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",mechID,machine);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(fup));\r
- }\r
- }\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",\r
- errMsg.toMsg(fread),mechID,machine);\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- private static void deleteArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechid = mechID(cmds);\r
- String machine = mechID(cmds);\r
- \r
- TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE);\r
- try {\r
- Future<Void> future = aafcon.client(CM_VER)\r
- .delete("/cert/artifacts/"+mechid+"/"+machine,"application/json" );\r
- \r
- if(future.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",mechid,machine);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",\r
- errMsg.toMsg(future),mechid,machine);\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- \r
-\r
- private static boolean placeCerts(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- boolean rv = false;\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Place Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- cons.printf("There are no artifacts for %s %s", mechID, machine);\r
- } else {\r
- for(Artifact a : acf.value.getArtifact()) {\r
- CertificateRequest cr = new CertificateRequest();\r
- cr.setMechid(a.getMechid());\r
- cr.setSponsor(a.getSponsor());\r
- cr.getFqdns().add(a.getMachine());\r
- Future<String> f = aafcon.client(CM_VER)\r
- .setQueryParams("withTrust")\r
- .updateRespondString("/cert/" + a.getCa(),reqDF, cr);\r
- if(f.get(TIMEOUT)) {\r
- CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject();\r
- for(String type : a.getType()) {\r
- PlaceArtifact pa = placeArtifact.get(type);\r
- if(pa!=null) {\r
- if(rv = pa.place(trans, capi, a)) {\r
- notifyPlaced(a,rv);\r
- }\r
- }\r
- }\r
- // Cover for the above multiple pass possibilities with some static Data, then clear per Artifact\r
- ArtifactDir.clear();\r
- } else {\r
- trans.error().log(errMsg.toMsg(f));\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- return rv;\r
- }\r
- \r
- private static void notifyPlaced(Artifact a, boolean rv) {\r
- \r
- \r
- }\r
-\r
- private static void showPass(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Show Password", Env.REMOTE);\r
- try {\r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- cons.printf("No Artifacts found for %s on %s", mechID, machine);\r
- } else {\r
- String id = aafcon.defID();\r
- boolean allowed;\r
- for(Artifact a : acf.value.getArtifact()) {\r
- allowed = id!=null && (id.equals(a.getSponsor()) ||\r
- (id.equals(a.getMechid()) \r
- && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));\r
- if(!allowed) {\r
- Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" + \r
- a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*");\r
- if(pf.get(TIMEOUT)) {\r
- allowed = true;\r
- } else {\r
- trans.error().log(errMsg.toMsg(pf));\r
- }\r
- }\r
- if(allowed) {\r
- File dir = new File(a.getDir());\r
- Properties props = new Properties();\r
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));\r
- try {\r
- props.load(fis);\r
- fis.close();\r
- fis = new FileInputStream(new File(dir,a.getAppName()+".chal"));\r
- props.load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- File f = new File(dir,a.getAppName()+".keyfile");\r
- if(f.exists()) {\r
- Symm symm = Symm.obtain(f);\r
- \r
- for(Iterator<Entry<Object,Object>> iter = props.entrySet().iterator(); iter.hasNext();) {\r
- Entry<Object,Object> en = iter.next();\r
- if(en.getValue().toString().startsWith("enc:???")) {\r
- System.out.printf("%s=%s\n", en.getKey(), symm.depass(en.getValue().toString()));\r
- }\r
- }\r
- } else {\r
- trans.error().printf("%s.keyfile must exist to read passwords for %s on %s",\r
- f.getCanonicalPath(),a.getMechid(), a.getMachine());\r
- }\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
-\r
- }\r
- \r
-\r
- /**\r
- * Check returns Error Codes, so that Scripts can know what to do\r
- * \r
- * 0 - Check Complete, nothing to do\r
- * 1 - General Error\r
- * 2 - Error for specific Artifact - read check.msg\r
- * 10 - Certificate Updated - check.msg is email content\r
- * \r
- * @param trans\r
- * @param aafcon\r
- * @param cmds\r
- * @return\r
- * @throws Exception\r
- */\r
- private static int check(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- int exitCode=1;\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Check Certificate", Env.REMOTE);\r
- try {\r
- \r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- cons.printf("No Artifacts found for %s on %s", mechID, machine);\r
- } else {\r
- String id = aafcon.defID();\r
- GregorianCalendar now = new GregorianCalendar();\r
- for(Artifact a : acf.value.getArtifact()) {\r
- if(id.equals(a.getMechid())) {\r
- File dir = new File(a.getDir());\r
- Properties props = new Properties();\r
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));\r
- try {\r
- props.load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- String prop; \r
- File f;\r
- \r
- if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||\r
- !(f=new File(prop)).exists()) {\r
- trans.error().printf("Keyfile must exist to check Certificates for %s on %s",\r
- a.getMechid(), a.getMachine());\r
- } else {\r
- String ksf = props.getProperty(Config.CADI_KEYSTORE);\r
- String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);\r
- if(ksf==null || ksps == null) {\r
- trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",\r
- Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());\r
- } else {\r
- KeyStore ks = KeyStore.getInstance("JKS");\r
- Symm symm = Symm.obtain(f);\r
- \r
- fis = new FileInputStream(ksf);\r
- try {\r
- ks.load(fis,symm.depass(ksps).toCharArray());\r
- } finally {\r
- fis.close();\r
- }\r
- X509Certificate cert = (X509Certificate)ks.getCertificate(mechID);\r
- String msg = null;\r
-\r
- if(cert==null) {\r
- msg = String.format("X509Certificate does not exist for %s on %s in %s",\r
- a.getMechid(), a.getMachine(), ksf);\r
- trans.error().log(msg);\r
- exitCode = 2;\r
- } else {\r
- GregorianCalendar renew = new GregorianCalendar();\r
- renew.setTime(cert.getNotAfter());\r
- renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays());\r
- if(renew.after(now)) {\r
- msg = String.format("As of %s, X509Certificate for %s on %s, expiration %s is still within %d renewal days.\n", \r
- Chrono.dateOnlyStamp(), a.getMechid(), a.getMachine(), cert.getNotAfter(),a.getRenewDays());\r
- trans.info().log(msg);\r
- exitCode = 0; // OK\r
- } else {\r
- trans.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n", \r
- a.getMechid(), a.getMachine(),cert.getNotAfter());\r
- cmds.offerLast(mechID);\r
- cmds.offerLast(machine);\r
- if(placeCerts(trans,aafcon,cmds)) {\r
- msg = String.format("X509Certificate for %s on %s has been renewed. Ensure services using are refreshed.\n", \r
- a.getMechid(), a.getMachine());\r
- exitCode = 10; // Refreshed\r
- } else {\r
- msg = String.format("X509Certificate for %s on %s attempted renewal, but failed. Immediate Investigation is required!\n", \r
- a.getMechid(), a.getMachine());\r
- exitCode = 1; // Error Renewing\r
- }\r
- }\r
- }\r
- if(msg!=null) {\r
- FileOutputStream fos = new FileOutputStream(a.getDir()+'/'+a.getAppName()+".msg");\r
- try {\r
- fos.write(msg.getBytes());\r
- } finally {\r
- fos.close();\r
- }\r
- }\r
- }\r
- \r
- }\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- exitCode=1;\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- return exitCode;\r
- }\r
-\r
-}\r
- \r
- \r
-\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.DataInputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileNotFoundException;\r
-import java.io.FileReader;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.InputStreamReader;\r
-import java.io.Reader;\r
-import java.io.StringReader;\r
-import java.security.InvalidKeyException;\r
-import java.security.Key;\r
-import java.security.KeyFactory;\r
-import java.security.KeyPair;\r
-import java.security.KeyPairGenerator;\r
-import java.security.NoSuchAlgorithmException;\r
-import java.security.PrivateKey;\r
-import java.security.PublicKey;\r
-import java.security.SecureRandom;\r
-import java.security.Signature;\r
-import java.security.SignatureException;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.CertificateEncodingException;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.CertificateFactory;\r
-import java.security.cert.X509Certificate;\r
-import java.security.spec.InvalidKeySpecException;\r
-import java.security.spec.PKCS8EncodedKeySpec;\r
-import java.security.spec.X509EncodedKeySpec;\r
-import java.util.Collection;\r
-import java.util.List;\r
-\r
-import javax.crypto.Cipher;\r
-import javax.crypto.NoSuchPaddingException;\r
-\r
-import com.att.cadi.Symm;\r
-import com.att.inno.env.Env;\r
-import com.att.inno.env.TimeTaken;\r
-import com.att.inno.env.Trans;\r
-\r
-public class Factory {\r
- public static final String KEY_ALGO = "RSA";\r
- private static final String PRIVATE_KEY_HEADER = KEY_ALGO + " PRIVATE KEY";\r
- public static final String SIG_ALGO = "SHA256withRSA";\r
-\r
- public static final int KEY_LENGTH = 2048;\r
- private static final KeyPairGenerator keygen;\r
- private static final KeyFactory keyFactory;\r
- private static final CertificateFactory certificateFactory;\r
- private static final SecureRandom random;\r
- \r
- \r
- private static final Symm base64 = Symm.base64.copy(64);\r
-\r
- static {\r
- random = new SecureRandom();\r
- KeyPairGenerator tempKeygen;\r
- try {\r
- tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC");\r
- tempKeygen.initialize(KEY_LENGTH, random);\r
- } catch (NoSuchAlgorithmException e) {\r
- tempKeygen = null;\r
- e.printStackTrace(System.err);\r
- }\r
- keygen = tempKeygen;\r
-\r
- KeyFactory tempKeyFactory;\r
- try {\r
- tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC"\r
- } catch (NoSuchAlgorithmException e) {\r
- tempKeyFactory = null;\r
- e.printStackTrace(System.err);\r
- };\r
- keyFactory = tempKeyFactory;\r
- \r
- CertificateFactory tempCertificateFactory;\r
- try {\r
- tempCertificateFactory = CertificateFactory.getInstance("X.509");\r
- } catch (CertificateException e) {\r
- tempCertificateFactory = null;\r
- e.printStackTrace(System.err);\r
- }\r
- certificateFactory = tempCertificateFactory;\r
-\r
- \r
- }\r
-\r
-\r
- public static KeyPair generateKeyPair(Trans trans) {\r
- TimeTaken tt;\r
- if(trans!=null) {\r
- tt = trans.start("Generate KeyPair", Env.SUB);\r
- } else {\r
- tt = null;\r
- }\r
- try {\r
- return keygen.generateKeyPair();\r
- } finally {\r
- if(tt!=null) {\r
- tt.done();\r
- }\r
- }\r
- } \r
-\r
- private static final String LINE_END = "-----\n";\r
-\r
- protected static String textBuilder(String kind, byte[] bytes) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append("-----BEGIN ");\r
- sb.append(kind);\r
- sb.append(LINE_END);\r
-\r
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- base64.encode(bais, baos);\r
- sb.append(new String(baos.toByteArray()));\r
- \r
- if(sb.charAt(sb.length()-1)!='\n') {\r
- sb.append('\n');\r
- }\r
- sb.append("-----END ");\r
- sb.append(kind);\r
- sb.append(LINE_END);\r
- return sb.toString();\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException {\r
- byte[] bytes = decode(new StringReader(pk));\r
- return toPrivateKey(trans, bytes);\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException {\r
- TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB);\r
- try {\r
- return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));\r
- } catch (InvalidKeySpecException e) {\r
- throw new CertException("Translating Private Key from PKCS8 KeySpec",e);\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException {\r
- TimeTaken tt = trans.start("Decode Private Key File", Env.SUB);\r
- try {\r
- return toPrivateKey(trans,decode(file));\r
- }finally {\r
- tt.done();\r
- }\r
- }\r
-\r
-\r
- public static String toString(Trans trans, PrivateKey pk) throws IOException {\r
- trans.debug().log("Private Key to String");\r
- return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded());\r
- }\r
-\r
- public static PublicKey toPublicKey(Trans trans, String pk) throws IOException {\r
- TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB);\r
- try {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes());\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64noSplit.decode(bais, baos);\r
-\r
- return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray()));\r
- } catch (InvalidKeySpecException e) {\r
- trans.error().log(e,"Translating Public Key from X509 KeySpec");\r
- return null;\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- public static String toString(Trans trans, PublicKey pk) throws IOException {\r
- trans.debug().log("Public Key to String");\r
- return textBuilder("PUBLIC KEY",pk.getEncoded());\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, String x509) throws CertificateException {\r
- return toX509Certificate(trans, x509.getBytes());\r
- }\r
- \r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, List<String> x509s) throws CertificateException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- try {\r
- for(String x509 : x509s) {\r
- baos.write(x509.getBytes());\r
- }\r
- } catch (IOException e) {\r
- throw new CertificateException(e);\r
- }\r
- return toX509Certificate(trans, new ByteArrayInputStream(baos.toByteArray()));\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, byte[] x509) throws CertificateException {\r
- return certificateFactory.generateCertificates(new ByteArrayInputStream(x509));\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- return toX509Certificate(trans,fis);\r
- } finally {\r
- try {\r
- fis.close();\r
- } catch (IOException e) {\r
- throw new CertificateException(e);\r
- }\r
- }\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, InputStream is) throws CertificateException {\r
- TimeTaken tt=trans.start("Reconstitute Certificates", Env.SUB);\r
- try {\r
- return certificateFactory.generateCertificates(is);\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- \r
-\r
- public static String toString(Trans trans, Certificate cert) throws IOException, CertException {\r
- if(trans.debug().isLoggable()) {\r
- StringBuilder sb = new StringBuilder("Certificate to String");\r
- if(cert instanceof X509Certificate) {\r
- sb.append(" - ");\r
- sb.append(((X509Certificate)cert).getSubjectDN());\r
- }\r
- trans.debug().log(sb);\r
- }\r
- try {\r
- if(cert==null) {\r
- throw new CertException("Certificate not built");\r
- }\r
- return textBuilder("CERTIFICATE",cert.getEncoded());\r
- } catch (CertificateEncodingException e) {\r
- throw new CertException(e);\r
- }\r
- }\r
-\r
- public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {\r
- return Cipher.getInstance(KEY_ALGO); \r
- }\r
-\r
- public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {\r
- Cipher cipher = Cipher.getInstance(KEY_ALGO);\r
- cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key);\r
- return cipher;\r
- }\r
-\r
- public static byte[] strip(Reader rdr) throws IOException {\r
- BufferedReader br = new BufferedReader(rdr);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- String line;\r
- while((line=br.readLine())!=null) {\r
- if(line.length()>0 &&\r
- !line.startsWith("-----") &&\r
- line.indexOf(':')<0) { // Header elements\r
- baos.write(line.getBytes());\r
- }\r
- }\r
- return baos.toByteArray();\r
- }\r
- \r
- public static class StripperInputStream extends InputStream {\r
- private Reader created;\r
- private BufferedReader br;\r
- private int idx;\r
- private String line;\r
-\r
- public StripperInputStream(Reader rdr) {\r
- if(rdr instanceof BufferedReader) {\r
- br = (BufferedReader)rdr;\r
- } else {\r
- br = new BufferedReader(rdr);\r
- }\r
- created = null;\r
- }\r
- \r
- public StripperInputStream(File file) throws FileNotFoundException {\r
- this(new FileReader(file));\r
- created = br;\r
- }\r
-\r
- public StripperInputStream(InputStream is) throws FileNotFoundException {\r
- this(new InputStreamReader(is));\r
- created = br;\r
- }\r
-\r
- @Override\r
- public int read() throws IOException {\r
- if(line==null || idx>=line.length()) {\r
- while((line=br.readLine())!=null) {\r
- if(line.length()>0 &&\r
- !line.startsWith("-----") &&\r
- line.indexOf(':')<0) { // Header elements\r
- break;\r
- }\r
- }\r
-\r
- if(line==null) {\r
- return -1;\r
- }\r
- idx = 0;\r
- }\r
- return line.charAt(idx++);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see java.io.InputStream#close()\r
- */\r
- @Override\r
- public void close() throws IOException {\r
- if(created!=null) {\r
- created.close();\r
- }\r
- }\r
- }\r
-\r
- public static class Base64InputStream extends InputStream {\r
- private InputStream created;\r
- private InputStream is;\r
- private byte trio[];\r
- private byte duo[];\r
- private int idx;\r
-\r
- \r
- public Base64InputStream(File file) throws FileNotFoundException {\r
- this(new FileInputStream(file));\r
- created = is;\r
- }\r
-\r
- public Base64InputStream(InputStream is) throws FileNotFoundException {\r
- this.is = is;\r
- trio = new byte[3];\r
- idx = 4;\r
- }\r
-\r
- @Override\r
- public int read() throws IOException {\r
- if(duo==null || idx>=duo.length) {\r
- int read = is.read(trio);\r
- if(read==-1) {\r
- return -1;\r
- }\r
- duo = Symm.base64.decode(trio);\r
- if(duo==null || duo.length==0) {\r
- return -1;\r
- }\r
- idx=0;\r
- }\r
- \r
- return duo[idx++];\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see java.io.InputStream#close()\r
- */\r
- @Override\r
- public void close() throws IOException {\r
- if(created!=null) {\r
- created.close();\r
- }\r
- }\r
- }\r
-\r
- public static byte[] decode(byte[] bytes) throws IOException {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.decode(bais, baos);\r
- return baos.toByteArray();\r
- }\r
- \r
- public static byte[] decode(File f) throws IOException {\r
- FileReader fr = new FileReader(f);\r
- try {\r
- return Factory.decode(fr);\r
- } finally {\r
- fr.close();\r
- }\r
-\r
- }\r
- public static byte[] decode(Reader rdr) throws IOException {\r
- return decode(strip(rdr));\r
- }\r
-\r
-\r
- public static byte[] binary(File file) throws IOException {\r
- DataInputStream dis = new DataInputStream(new FileInputStream(file));\r
- try {\r
- byte[] bytes = new byte[(int)file.length()];\r
- dis.readFully(bytes);\r
- return bytes;\r
- } finally {\r
- dis.close();\r
- }\r
- }\r
-\r
-\r
- public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {\r
- TimeTaken tt = trans.start("Sign Data", Env.SUB);\r
- try {\r
- Signature sig = Signature.getInstance(SIG_ALGO);\r
- sig.initSign(pk, random);\r
- sig.update(bytes);\r
- return sig.sign();\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- // TODO IMPLEMENT!\r
- public static void getSignature(byte[] signed) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-import com.att.cadi.CadiException;\r
-import com.att.inno.env.Trans;\r
-\r
-public interface PlaceArtifact {\r
- public boolean place(Trans trans, CertInfo cert, Artifact arti) throws CadiException;\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.File;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.util.Chmod;\r
-import com.att.inno.env.Trans;\r
-\r
-public class PlaceArtifactInFiles extends ArtifactDir {\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- try {\r
- // Setup Public Cert\r
- File f = new File(dir,arti.getAppName()+".crt");\r
- write(f,Chmod.to644,certInfo.getCerts().get(0),C_R);\r
- \r
- // Setup Private Key\r
- f = new File(dir,arti.getAppName()+".key");\r
- write(f,Chmod.to400,certInfo.getPrivatekey(),C_R);\r
- \r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
-}\r
-\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.security.KeyStore;\r
-import java.security.PrivateKey;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.X509Certificate;\r
-import java.util.Collection;\r
-\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.Symm;\r
-import com.att.cadi.config.Config;\r
-import com.att.cadi.util.Chmod;\r
-import com.att.inno.env.Trans;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public class PlaceArtifactInKeystore extends ArtifactDir {\r
- private String kst;\r
- //TODO get ROOT DNs or Trusted DNs from Certificate Manager.\r
- private static String[] rootDNs = new String[]{ \r
- "CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", \r
- "CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US"\r
- };\r
-\r
- public PlaceArtifactInKeystore(String kst) {\r
- this.kst = kst;\r
- }\r
-\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- File fks = new File(dir,arti.getAppName()+'.'+kst);\r
- try {\r
- KeyStore jks = KeyStore.getInstance(kst);\r
- if(fks.exists()) {\r
- fks.delete();\r
- } \r
-\r
- // Get the Cert(s)... Might include Trust store\r
- Collection<? extends Certificate> certColl = Factory.toX509Certificate(trans, certInfo.getCerts());\r
- Certificate[] certs = new Certificate[certColl.size()];\r
- certColl.toArray(certs);\r
- \r
- boolean first = true;\r
- StringBuilder issuers = new StringBuilder();\r
- for(Certificate c : certs) {\r
- if(c instanceof X509Certificate) {\r
- X509Certificate xc = (X509Certificate)c;\r
- String issuer = xc.getIssuerDN().toString();\r
- for(String root : rootDNs) {\r
- if(root.equals(issuer)) {\r
- if(first) {\r
- first=false;\r
- } else {\r
- issuers.append(":");\r
- }\r
- if(xc.getSubjectDN().toString().contains("Issuing CA")) {\r
- issuers.append(xc.getSubjectDN());\r
- }\r
- }\r
- }\r
- }\r
- }\r
- addProperty(Config.CADI_X509_ISSUERS,issuers.toString());\r
-\r
- // Add CADI Keyfile Entry to Properties\r
- addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile");\r
- // Set Keystore Password\r
- addProperty(Config.CADI_KEYSTORE,fks.getCanonicalPath());\r
- String keystorePass = Symm.randomGen(CmAgent.PASS_SIZE);\r
- addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass);\r
- char[] keystorePassArray = keystorePass.toCharArray();\r
- jks.load(null,keystorePassArray); // load in\r
- \r
- // Add Private Key/Cert Entry for App\r
- // Note: Java SSL security classes, while having a separate key from keystore,\r
- // is documented to not actually work. \r
- // java.security.UnrecoverableKeyException: Cannot recover key\r
- // You can create a custom Key Manager to make it work, but Practicality \r
- // dictates that you live with the default, meaning, they are the same\r
- String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);\r
- PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());\r
- addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);\r
- addProperty(Config.CADI_ALIAS, arti.getMechid());\r
-// Set<Attribute> attribs = new HashSet<Attribute>();\r
-// if(kst.equals("pkcs12")) {\r
-// // Friendly Name\r
-// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getAppName()));\r
-// } \r
-// \r
- KeyStore.ProtectionParameter protParam = \r
- new KeyStore.PasswordProtection(keyPass.toCharArray());\r
- \r
- KeyStore.PrivateKeyEntry pkEntry = \r
- new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});\r
- jks.setEntry(arti.getMechid(), \r
- pkEntry, protParam);\r
- \r
- // Write out\r
- write(fks,Chmod.to400,jks,keystorePassArray);\r
- \r
- // Change out to TrustStore\r
- fks = new File(dir,arti.getAppName()+".trust."+kst);\r
- jks = KeyStore.getInstance(kst);\r
- \r
- // Set Truststore Password\r
- addProperty(Config.CADI_TRUSTSTORE,fks.getCanonicalPath());\r
- String trustStorePass = Symm.randomGen(CmAgent.PASS_SIZE);\r
- addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);\r
- char[] truststorePassArray = trustStorePass.toCharArray();\r
- jks.load(null,truststorePassArray); // load in\r
- \r
- // Add Trusted Certificates\r
- for(int i=1; i<certs.length;++i) {\r
- jks.setCertificateEntry("cadi_" + arti.getCa() + '_' + i, certs[i]);\r
- }\r
- // Write out\r
- write(fks,Chmod.to400,jks,truststorePassArray);\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return false;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.PrintStream;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-import com.att.inno.env.Trans;\r
-\r
-public class PlaceArtifactOnStream implements PlaceArtifact {\r
- private PrintStream out;\r
-\r
- public PlaceArtifactOnStream(PrintStream printStream) {\r
- out = printStream;\r
- }\r
-\r
- @Override\r
- public boolean place(Trans trans, CertInfo capi, Artifact a) {\r
- if(capi.getNotes()!=null && capi.getNotes().length()>0) {\r
- trans.info().printf("Warning: %s\n",capi.getNotes());\r
- }\r
- out.printf("Challenge: %s\n",capi.getChallenge());\r
- out.printf("PrivateKey:\n%s\n",capi.getPrivatekey());\r
- out.println("Certificate Chain:");\r
- for(String c : capi.getCerts()) {\r
- out.println(c);\r
- }\r
- return true;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.cm;\r
-\r
-import java.io.File;\r
-\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.util.Chmod;\r
-import com.att.inno.env.Trans;\r
-import com.att.inno.env.util.Chrono;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public class PlaceArtifactScripts extends ArtifactDir {\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- try {\r
- // Setup check.sh script\r
- String filename = arti.getAppName()+".check.sh";\r
- File f1 = new File(dir,filename);\r
- String email = arti.getNotification() + '\n';\r
- if(email.startsWith("mailto:")) {\r
- email=email.substring(7);\r
- } else {\r
- email=arti.getOsUser() + '\n';\r
- }\r
- write(f1,Chmod.to644,\r
- "#!/bin/bash " + f1.getCanonicalPath()+'\n',\r
- "# Certificate Manager Check Script\n",\r
- "# Check on Certificate, and renew if needed.\n",\r
- "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',\r
- "DIR="+arti.getDir()+'\n',\r
- "APP="+arti.getAppName()+'\n',\r
- "EMAIL="+email,\r
- checkScript\r
- );\r
- \r
- // Setup check.sh script\r
- File f2 = new File(dir,arti.getAppName()+".crontab.sh");\r
- write(f2,Chmod.to644,\r
- "#!/bin/bash " + f1.getCanonicalPath()+'\n',\r
- "# Certificate Manager Crontab Loading Script\n",\r
- "# Add/Update a Crontab entry, that adds a check on Certificate Manager generated Certificate nightly.\n",\r
- "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',\r
- "TFILE=\"/tmp/cmcron$$.temp\"\n",\r
- "DIR=\""+arti.getDir()+"\"\n",\r
- "CF=\""+arti.getAppName()+" Certificate Check Script\"\n",\r
- "SCRIPT=\""+f1.getCanonicalPath()+"\"\n",\r
- cronScript\r
- );\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
- \r
- private final static String checkScript = \r
- "> $DIR/$APP.msg\n\n" +\r
- "function mailit {\n" +\r
- " printf \"$*\" | /bin/mail -s \"AAF Certman Notification for `uname -n`\" $EMAIL\n"+\r
- "}\n\n" +\r
- System.getProperty("java.home") + "/bin/" +"java -jar " +\r
- System.getProperty("java.class.path") +\r
- " cadi_prop_files=$DIR/$APP.props check 2> $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +\r
- "case \"$?\" in\n" +\r
- " 0)\n" +\r
- " # Note: Validation will be mailed only the first day after any modification\n" +\r
- " if [ \"`find $DIR -mtime 0 -name $APP.check.sh`\" != \"\" ] ; then\n" +\r
- " mailit `echo \"Certficate Validated:\\n\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " else\n" +\r
- " cat $DIR/$APP.msg\n" +\r
- " fi\n" +\r
- " ;;\n" +\r
- " 1) mailit \"Error with Certificate Check:\\\\n\\\\nCheck logs $DIR/$APP.STDOUT and $DIR/$APP.STDERR on `uname -n`\"\n" +\r
- " ;;\n" +\r
- " 2) mailit `echo \"Certificate Check Error\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " ;;\n" +\r
- " 10) mailit `echo \"Certificate Replaced\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " if [ -e $DIR/$APP.restart.sh ]; then\n" +\r
- " # Note: it is THIS SCRIPT'S RESPONSIBILITY to notify upon success or failure as necessary!!\n" +\r
- " /bin/sh $DIR/$APP.restart.sh\n" +\r
- " fi\n" +\r
- " ;;\n" +\r
- " *) mailit `echo \"Unknown Error code for CM Agent\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " ;;\n" +\r
- " esac\n\n" +\r
- " # Note: make sure to cover this sripts' exit Code\n";\r
- \r
- private final static String cronScript = \r
- "crontab -l | sed -n \"/#### BEGIN $CF/,/END $CF ####/!p\" > $TFILE\n" +\r
- "# Note: Randomize Minutes (0-60) and hours (1-4)\n" +\r
- "echo \"#### BEGIN $CF ####\" >> $TFILE\n" +\r
- "echo \"$(( $RANDOM % 60)) $(( $(( $RANDOM % 3 )) + 1 )) * * * /bin/bash $SCRIPT " +\r
- ">> $DIR/cronlog 2>&1 \" >> $TFILE\n" +\r
- "echo \"#### END $CF ####\" >> $TFILE\n" +\r
- "crontab $TFILE\n" +\r
- "rm $TFILE\n";\r
-}\r
-\r
-\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.lur.aaf.test;\r
-\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.PrintStream;\r
-\r
-import com.att.cadi.Access;\r
-import com.att.cadi.Symm;\r
-import com.att.cadi.config.Config;\r
-\r
-public class TestAccess implements Access {\r
- private Symm symm;\r
- private PrintStream out;\r
-\r
- public TestAccess(PrintStream out) {\r
- this.out = out;\r
- InputStream is = ClassLoader.getSystemResourceAsStream("cadi.properties");\r
- try {\r
- System.getProperties().load(is);\r
- } catch (IOException e) {\r
- e.printStackTrace(out);\r
- } finally {\r
- try {\r
- is.close();\r
- } catch (IOException e) {\r
- e.printStackTrace(out);\r
- }\r
- }\r
- \r
- String keyfile = System.getProperty(Config.CADI_KEYFILE);\r
- if(keyfile==null) {\r
- System.err.println("No " + Config.CADI_KEYFILE + " in Classpath");\r
- } else {\r
- try {\r
- is = new FileInputStream(keyfile);\r
- try {\r
- symm = Symm.obtain(is);\r
- } finally {\r
- is.close();\r
- }\r
- } catch (IOException e) {\r
- e.printStackTrace(out);\r
- }\r
- }\r
- \r
-\r
-\r
- }\r
- \r
- public void log(Level level, Object... elements) {\r
- boolean first = true;\r
- for(int i=0;i<elements.length;++i) {\r
- if(first)first = false;\r
- else out.print(' ');\r
- out.print(elements[i].toString());\r
- }\r
- out.println();\r
- }\r
-\r
- public void log(Exception e, Object... elements) {\r
- e.printStackTrace(out);\r
- log(Level.ERROR,elements);\r
- }\r
-\r
- public void setLogLevel(Level level) {\r
- \r
- }\r
-\r
- @Override\r
- public boolean willLog(Level level) {\r
- return true;\r
- }\r
-\r
- public ClassLoader classLoader() {\r
- return ClassLoader.getSystemClassLoader();\r
- }\r
-\r
- public String getProperty(String string, String def) {\r
- String rv = System.getProperty(string);\r
- return rv==null?def:rv;\r
- }\r
-\r
- public void load(InputStream is) throws IOException {\r
- \r
- }\r
-\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return (encrypted!=null && (anytext==true || encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- }\r
-\r
-}\r
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-##\r
-## AUTHZ API (authz-service) Properties\r
-##\r
-\r
-cadi_prop_file=com.att.aaf.props;com.att.aaf.common.props\r
-\r
-#cadi_trust_all_x509=true\r
-#cadi_alias=aaf.att\r
-https.protocols=TLSv1.1,TLSv1.2\r
-\r
-cm_url=https://XXX:8150\r
-\r
-basic_realm=localized\r
-basic_warn=false\r
-localhost_deny=false\r
-\r
-cass_group_name=com.att.aaf\r
-cass_cluster_name=mithrilcsp.sbc.com\r
-aaf_default_realm=com.att.csp\r
-\r
-aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE\r
-aaf_id=???\r
-aaf_password=enc:XXX\r
-\r
-aaf_user_expires=3000\r
-aaf_clean_interval=4000\r
-\r
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-#\r
-# Licensed to the Apache Software Foundation (ASF) under one\r
-# or more contributor license agreements. See the NOTICE file\r
-# distributed with this work for additional information\r
-# regarding copyright ownership. The ASF licenses this file\r
-# to you under the Apache License, Version 2.0 (the\r
-# "License"); you may not use this file except in compliance\r
-# with the License. You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing,\r
-# software distributed under the License is distributed on an\r
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
-# KIND, either express or implied. See the License for the\r
-# specific language governing permissions and limitations\r
-# under the License.\r
-#\r
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender\r
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\r
-log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n\r
-\r
-# General Apache libraries\r
-log4j.rootLogger=WARN,stdout\r
-log4j.logger.org.apache=WARN,stdout\r
-log4j.logger.dme2=WARN,stdout\r
-log4j.logger.init=INFO,stdout\r
-log4j.logger.authz=INFO,stdout\r
-log4j.logger.audit=WARN,stdout\r
-\r
-\r
-\r
+++ /dev/null
-| ############################################################
-# Default Logging Configuration File
-#
-# You can use a different file by specifying a filename
-# with the java.util.logging.config.file system property.
-# For example java -Djava.util.logging.config.file=myfile
-############################################################
-
-############################################################
-# Global properties
-############################################################
-
-# "handlers" specifies a comma separated list of log Handler
-# classes. These handlers will be installed during VM startup.
-# Note that these classes must be on the system classpath.
-# By default we only configure a ConsoleHandler, which will only
-# show messages at the INFO and above levels.
-handlers=java.util.logging.FileHandler
-
-# Default global logging level.
-# This specifies which kinds of events are logged across
-# all loggers. For any given facility this global level
-# can be overriden by a facility specific level
-# Note that the ConsoleHandler also has a separate level
-# setting to limit messages printed to the console.
-.level=INFO
-
-############################################################
-# Handler specific properties.
-# Describes specific configuration info for Handlers.
-############################################################
-java.util.logging.FileHandler.properties=autoFlush,fileName,dataPattern,name
-java.util.logging.FileHandler.fileName=%h/.aaf/dme2.log
-java.util.logging.FileHandlerFileHandler.autoFlush=true
-java.util.logging.FileHandlerFileHandler.name=DailyRollingFileHandler
-java.util.logging.FileHandlerFileHandler.datePattern='.'yyyy-MM-dd
-com.att.aft.dme2.events.server.summary=INFO
-