import java.util.Collections;
import java.util.List;
-import javax.servlet.Registration;
-
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
public static final String CADI_LOGDIR = "cadi_log_dir";
public static final String CADI_ETCDIR = "cadi_etc_dir";
public static final String CADI_LOGNAME = "cadi_logname";
+// public static final String CADI_LOGFMT="cad_logging_format";
+// public static final String CADI_LOGFMT_UTC="UTC";
+// public static final String CADI_LOGFMT_ISO8601="ISO-8601";
public static final String CADI_KEYFILE = "cadi_keyfile";
public static final String CADI_KEYSTORE = "cadi_keystore";
public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password";
public static final String CADI_ALIAS = "cadi_alias";
+ public static final String CADI_CLIENT_ALIAS = "cadi_client_alias";
public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url";
public static final String CADI_LATITUDE = "cadi_latitude";
public static final String CADI_LONGITUDE = "cadi_longitude";
public static final String CADI_TOKEN_DIR = "cadi_token_dir";
public static final String HTTPS_PROTOCOLS = "https.protocols";
- public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols";
+ public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
+ public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,"
public static final String AAF_ROOT_NS = "aaf_root_ns";
public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
public static final String AAF_ROOT_COMPANY = "aaf_root_company";
+ /**
+ * Use Config.getAAFLocateUrl(access) to get correct property in/out of container
+ */
public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
public static final String AAF_DEFAULT_API_VERSION = "2.1";
+ public static final String AAF_DEPLOYED_VERSION="aaf_deployed_version";
public static final String AAF_API_VERSION = "aaf_api_version";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
- public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.service:" + AAF_DEFAULT_API_VERSION;
- public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.gui:" + AAF_DEFAULT_API_VERSION;
- public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_API_VERSION;
- public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.fs:" + AAF_DEFAULT_API_VERSION;
- public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/AAF_NS.hello:" + AAF_DEFAULT_API_VERSION;
- public static final String OAUTH2_TOKEN_URL = "https://AAF_LOCATE_URL/AAF_NS.token:" + AAF_DEFAULT_API_VERSION;
- public static final String OAUTH2_INTROSPECT_URL = "https://AAF_LOCATE_URL/AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION;
-
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
// AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability
// to set these entries manually
public static final String AAF_LOCATOR_VERSION = "aaf_locator_version";
public static final String AAF_LOCATOR_PROTOCOL = "aaf_locator_protocol";
public static final String AAF_LOCATOR_SUBPROTOCOL = "aaf_locator_subprotocol";
- public static final String AAF_LOCATOR_NS = "aaf_locator_ns";
+ public static final String AAF_LOCATOR_APP_NS = "aaf_locator_app_ns";
public static final String AAF_LOCATOR_ENTRIES = "aaf_locator_entries";
public static final String AAF_LOCATOR_FQDN = "aaf_locator_fqdn";
public static final String AAF_LOCATOR_NAME = "aaf_locator_name";
public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port";
- public static final String AAF_LOCATOR_PUBLIC_HOSTNAME = "aaf_locator_public_hostname";
+ public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn";
+ public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name";
+
+ // AAF Service will write to the Audit Log if a past due AAF stored Password
+ // is being used within # of days specified.
+ public static final String AAF_CRED_WARN_DAYS="aaf_cred_warn_days";
+ public static final String AAF_CRED_WARN_DAYS_DFT="7";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
- public static final String AAF_RELEASE = "aaf_release";
- public static final String GW_URL = "gw_url";
- public static final String CM_URL = "cm_url";
+ public static final String AAF_URL_OAUTH = "aaf_url_oauth";
+ public static final String AAF_URL_GUI="aaf_url_gui";
+ public static final String AAF_URL_FS="aaf_url_fs";
+ public static final String AAF_URL_CM = "aaf_url_cm";
+ public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:"+AAF_DEFAULT_API_VERSION;
+ public static final String AAF_URL_HELLO = "aaf_url_hello";
public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
+ // let NS Owners choose with <ns>.certman aaf ignoreIPs" to ignoreIP Check for Configs
+ // Probably only want to allow in a DEV Env.
+ public static final String CM_ALLOW_IGNORE_IPS="cm_allow_ignore_ips";
public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";
public static final String PATHFILTER_STACK = "pathfilter_stack";
public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException {
Access access = si.access;
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException e2) {
+ throw new CadiException(e2);
+ }
/////////////////////////////////////////////////////
// Setup AAFCon for any following
/////////////////////////////////////////////////////
boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs);
// IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL
- String aafURL = access.getProperty(AAF_URL,null);
+ String aafURL = logProp(rph, AAF_URL,null);
if (!hasDirectAAF && aafcon==null && aafURL!=null) {
aafcon = loadAAFConnector(si, aafURL);
}
Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF);
if (obasicCls!=null) {
try {
- String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null);
- String introspecturl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL, null);
+ String tokenurl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL, null);
+ String introspecturl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL, null);
if (tokenurl==null || introspecturl==null) {
access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled.");
}
// Configure OAuth TAF
/////////////////////////////////////////////////////
if (!hasOAuthDirectTAF) {
- String oauthTokenUrl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL,null);
+ String oauthTokenUrl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL,null);
Class<?> oadtClss;
try {
oadtClss = Class.forName(OAUTH_DIRECT_TAF);
additionalTafLurs = array;
access.log(Level.INIT,"OAuth2 Direct is enabled");
} else if (oauthTokenUrl!=null) {
- String oauthIntrospectUrl = logProp(access,Config.AAF_OAUTH2_INTROSPECT_URL,null);
+ String oauthIntrospectUrl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL,null);
@SuppressWarnings("unchecked")
Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,OAUTH_HTTP_TAF);
if (oaTCls!=null) {
}
access.log(Level.INIT, sb);
- Locator<URI> locator = loadLocator(si, logProp(access, AAF_LOCATE_URL, null));
+ Locator<URI> locator = loadLocator(si, aafURL);
taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null
String level = logProp(access, CADI_LOGLEVEL, null);
return taf;
}
+ public static String logProp(RegistrationPropHolder rph, String tag, String def) {
+ String rv = rph.access().getProperty(tag, def);
+ if (rv == null) {
+ rph.access().log(Level.INIT,tag,"is not explicitly set");
+ } else {
+ rv = rph.replacements("Config.logProp",rv, null, null);
+ rph.access().log(Level.INIT,tag,"is set to",rv);
+ }
+ return rv;
+
+ }
+
public static String logProp(Access access,String tag, String def) {
String rv = access.getProperty(tag, def);
if (rv == null) {
public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object ... additionalTafLurs) throws CadiException {
Access access = si.access;
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException e2) {
+ throw new CadiException(e2);
+ }
+
List<Priori<Lur>> lurs = new ArrayList<>();
/////////////////////////////////////////////////////
/////////////////////////////////////////////////////
// Configure the OAuth Lur (if any)
/////////////////////////////////////////////////////
- String tokenUrl = logProp(access,AAF_OAUTH2_TOKEN_URL, null);
- String introspectUrl = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null);
+ String tokenUrl = logProp(rph,AAF_OAUTH2_TOKEN_URL, null);
+ String introspectUrl = logProp(rph,AAF_OAUTH2_INTROSPECT_URL, null);
if (tokenUrl!=null && introspectUrl !=null) {
try {
Class<?> olurCls = loadClass(access, CADI_OLUR_CLASS_DEF);
/////////////////////////////////////////////////////
// Configure the AAF Lur (if any)
/////////////////////////////////////////////////////
- String aafURL = logProp(access,AAF_URL,null); // Trigger Property
+ String aafURL = logProp(rph,AAF_URL,null); // Trigger Property
String aafEnv = access.getProperty(AAF_ENV,null);
if (aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL
int ec = aafURL.indexOf("envContext=");
if (_url==null) {
access.log(Level.INIT,"No URL passed to 'loadLocator'. Disabled");
} else {
+ try {
+ Class<?> aalCls = Class.forName("org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator");
+ Method aalMth = aalCls.getMethod("create", String.class,String.class);
+ int colon = _url.lastIndexOf(':');
+ if(colon>=0) {
+ int slash = _url.indexOf('/',colon);
+ String version;
+ if(slash<0) {
+ version = _url.substring(colon+1);
+ } else {
+ version = _url.substring(colon+1,slash);
+ }
+ slash = _url.lastIndexOf('/',colon);
+ if(slash>=0) {
+ Object aal = aalMth.invoke(null/*static*/, _url.substring(slash+1, colon),version);
+ return (Locator<URI>)aal;
+ }
+ }
+ } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ String msg;
+ char quote;
+ if(e.getCause()!=null) {
+ msg=e.getCause().getMessage();
+ quote='"';
+ } else {
+ msg = "-";
+ quote=' ';
+ }
+ access.printf(Level.DEBUG, "Configured AbsAAFLocator not found%c%s%cContinuing Locator creation ",quote,msg,quote);
+ }
// String url = _url.replace("/AAF_NS.", "/%C%CID%AAF_NS.");
// String root_ns = access.getProperty(Config.AAF_ROOT_NS, null);
String url;
RegistrationPropHolder rph;
try {
rph = new RegistrationPropHolder(access, 0);
- url = rph.replacements(_url, null, null);
+ url = rph.replacements("Config.loadLocator",_url, null, null);
+ access.printf(Level.INFO, "loadLocator URL is %s",url);
} catch (UnknownHostException | CadiException e1) {
throw new LocatorException(e1);
}
-
-// if(url.indexOf('%')>=0) {
-// String str = access.getProperty(Config.AAF_LOCATOR_CONTAINER_ID, null);
-// if(str==null) {
-// url = url.replace("%CID","");
-// } else {
-// url = url.replace("%CID",str+'.');
-// }
-// str = access.getProperty(Config.AAF_LOCATOR_CONTAINER, null);
-// if(str==null) {
-// url = url.replace("%C","");
-// } else {
-// url = url.replace("%C",str+'.');
-// }
-//
-// if (root_ns==null) {
-// url = url.replace("%AAF_NS","");
-// } else {
-// url = url.replace("%AAF_NS",root_ns);
-// }
-// }
- String replacement;
- int idxAAFLocateUrl;
- if ((idxAAFLocateUrl=url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) {
- StringBuilder sb = new StringBuilder(replacement);
- if (!replacement.endsWith("/locate")) {
- sb.append("/locate");
- }
- sb.append(url,idxAAFLocateUrl+AAF_LOCATE_URL_TAG.length(),url.length());
- url = sb.toString();
+
+ String aaf_locator_class;
+ if(_url.equals(url) && !url.contains("/locate/")) {
+ aaf_locator_class = "org.onap.aaf.cadi.locator.DNSLocator";
+ } else {
+ aaf_locator_class = AAF_LOCATOR_CLASS_DEF;
}
-
try {
- Class<?> lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF);
+ Class<?> lcls = loadClass(access,aaf_locator_class);
if (lcls==null) {
throw new CadiException("Need to include aaf-cadi-aaf jar for AAFLocator");
}
// First check for preloaded
try {
- Method meth = lcls.getMethod("create",String.class);
- locator = (Locator<URI>)meth.invoke(null,url);
+ Method meth = lcls.getMethod("create",Access.class,String.class);
+ locator = (Locator<URI>)meth.invoke(null,access,url);
} catch (Exception e) {
- access.log(Level.DEBUG, "(Not fatal) Cannot load by create(String)", e);
+ access.log(Level.NONE, "(Not fatal) Cannot load by create(String)", e);
}
if (locator==null) {
URI locatorURI = new URI(url);
public static String getDefaultRealm() {
return defaultRealm;
}
+
+ public static String getAAFLocateUrl(Access access) {
+ String rv = null;
+ String cont = access.getProperty(AAF_LOCATOR_CONTAINER,null);
+ if(cont!=null) {
+ rv = access.getProperty(AAF_LOCATE_URL + '.' +cont, null);
+ }
+ if(rv==null) {
+ rv = access.getProperty(AAF_LOCATE_URL, null);
+ }
+ return rv;
+ }
private static class Priori<T> implements Comparable<Priori<T>> {
public final T t;
Code Review / aaf / authz.git / blobdiff