import java.util.Collections;
import java.util.List;
-import javax.servlet.Registration;
-
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
public static final String CADI_KEYSTORE = "cadi_keystore";
public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password";
public static final String CADI_ALIAS = "cadi_alias";
+ public static final String CADI_CLIENT_ALIAS = "cadi_client_alias";
public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url";
public static final String CADI_LATITUDE = "cadi_latitude";
public static final String CADI_LONGITUDE = "cadi_longitude";
public static final String CADI_TOKEN_DIR = "cadi_token_dir";
public static final String HTTPS_PROTOCOLS = "https.protocols";
- public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols";
+ public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
+ public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,"
public static final String AAF_DEFAULT_API_VERSION = "2.1";
public static final String AAF_API_VERSION = "aaf_api_version";
public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
- public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_API_VERSION;
- public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_API_VERSION;
- public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_API_VERSION;
- public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_API_VERSION;
- public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_API_VERSION;
- public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_API_VERSION;
- public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION;
+ public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:" + AAF_DEFAULT_API_VERSION;
+ public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:" + AAF_DEFAULT_API_VERSION;
+ public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:" + AAF_DEFAULT_API_VERSION;
+ public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:" + AAF_DEFAULT_API_VERSION;
+ public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.hello:" + AAF_DEFAULT_API_VERSION;
+ public static final String OAUTH2_TOKEN_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token";
+ public static final String OAUTH2_INTROSPECT_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";;
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
// AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability
public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException {
Access access = si.access;
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException e2) {
+ throw new CadiException(e2);
+ }
/////////////////////////////////////////////////////
// Setup AAFCon for any following
/////////////////////////////////////////////////////
boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs);
// IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL
- String aafURL = access.getProperty(AAF_URL,null);
+ String aafURL = logProp(rph, AAF_URL,null);
if (!hasDirectAAF && aafcon==null && aafURL!=null) {
aafcon = loadAAFConnector(si, aafURL);
}
Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF);
if (obasicCls!=null) {
try {
- String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null);
- String introspecturl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL, null);
+ String tokenurl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL, null);
+ String introspecturl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL, null);
if (tokenurl==null || introspecturl==null) {
access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled.");
}
// Configure OAuth TAF
/////////////////////////////////////////////////////
if (!hasOAuthDirectTAF) {
- String oauthTokenUrl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null);
+ String oauthTokenUrl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL,null);
Class<?> oadtClss;
try {
oadtClss = Class.forName(OAUTH_DIRECT_TAF);
additionalTafLurs = array;
access.log(Level.INIT,"OAuth2 Direct is enabled");
} else if (oauthTokenUrl!=null) {
- String oauthIntrospectUrl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null);
+ String oauthIntrospectUrl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL,null);
@SuppressWarnings("unchecked")
Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,OAUTH_HTTP_TAF);
if (oaTCls!=null) {
}
access.log(Level.INIT, sb);
- Locator<URI> locator = loadLocator(si, logProp(access, AAF_LOCATE_URL, null));
+ Locator<URI> locator = loadLocator(si, logProp(rph, AAF_LOCATE_URL, null));
taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null
String level = logProp(access, CADI_LOGLEVEL, null);
return taf;
}
+ public static String logProp(RegistrationPropHolder rph, String tag, String def) {
+ String rv = rph.access().getProperty(tag, def);
+ if (rv == null) {
+ rph.access().log(Level.INIT,tag,"is not explicitly set");
+ } else {
+ rv = rph.replacements(rv, null, null);
+ rph.access().log(Level.INIT,tag,"is set to",rv);
+ }
+ return rv;
+
+ }
+
public static String logProp(Access access,String tag, String def) {
String rv = access.getProperty(tag, def);
if (rv == null) {
public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object ... additionalTafLurs) throws CadiException {
Access access = si.access;
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException e2) {
+ throw new CadiException(e2);
+ }
+
List<Priori<Lur>> lurs = new ArrayList<>();
/////////////////////////////////////////////////////
/////////////////////////////////////////////////////
// Configure the OAuth Lur (if any)
/////////////////////////////////////////////////////
- String tokenUrl = logProp(access,AAF_OAUTH2_TOKEN_URL, null);
- String introspectUrl = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null);
+ String tokenUrl = logProp(rph,AAF_OAUTH2_TOKEN_URL, null);
+ String introspectUrl = logProp(rph,AAF_OAUTH2_INTROSPECT_URL, null);
if (tokenUrl!=null && introspectUrl !=null) {
try {
Class<?> olurCls = loadClass(access, CADI_OLUR_CLASS_DEF);
/////////////////////////////////////////////////////
// Configure the AAF Lur (if any)
/////////////////////////////////////////////////////
- String aafURL = logProp(access,AAF_URL,null); // Trigger Property
+ String aafURL = logProp(rph,AAF_URL,null); // Trigger Property
String aafEnv = access.getProperty(AAF_ENV,null);
if (aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL
int ec = aafURL.indexOf("envContext=");
try {
rph = new RegistrationPropHolder(access, 0);
url = rph.replacements(_url, null, null);
+ access.printf(Level.INFO, "loadLocator URL is %s",url);
} catch (UnknownHostException | CadiException e1) {
throw new LocatorException(e1);
}
-// if(url.indexOf('%')>=0) {
-// String str = access.getProperty(Config.AAF_LOCATOR_CONTAINER_ID, null);
-// if(str==null) {
-// url = url.replace("%CID","");
-// } else {
-// url = url.replace("%CID",str+'.');
-// }
-// str = access.getProperty(Config.AAF_LOCATOR_CONTAINER, null);
-// if(str==null) {
-// url = url.replace("%C","");
-// } else {
-// url = url.replace("%C",str+'.');
-// }
-//
-// if (root_ns==null) {
-// url = url.replace("%AAF_NS","");
-// } else {
-// url = url.replace("%AAF_NS",root_ns);
-// }
-// }
- String replacement;
- int idxAAFLocateUrl;
- if ((idxAAFLocateUrl=url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) {
- StringBuilder sb = new StringBuilder(replacement);
- if (!replacement.endsWith("/locate")) {
- sb.append("/locate");
- }
- sb.append(url,idxAAFLocateUrl+AAF_LOCATE_URL_TAG.length(),url.length());
- url = sb.toString();
- }
-
try {
Class<?> lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF);
if (lcls==null) {
Code Review / aaf / authz.git / blobdiff