id: 'giri'
timezone: 'India/Bangalore'
- name: 'Huabing Zhao'
- email: 'zhao.huabing@zte.com.cn'
+ email: 'zhaohuabing@gmail.com'
company: 'ZTE'
- id: 'HuabingZhao'
+ id: 'Huabing_Zhao'
timezone: 'China/Chengdu'
- name: 'Kiran Kamineni'
email: 'kiran.k.kamineni@intel.com'
protected static final String VERSION="VERSION";
public static final String GUI_URL="GUI_URL";
- protected static final String ORA_URL="ora_url";
- protected static final String ORA_PASSWORD="ora_password";
protected final Organization org;
import com.datastax.driver.core.Statement;
public class Future implements CacheChange.Data, Comparable<Future> {
- public static final Map<UUID,Future> data = new TreeMap<UUID,Future>();
- public static final Map<String,List<Future>> byRole = new TreeMap<String,List<Future>>();
+ public static final Map<UUID,Future> data = new TreeMap<>();
+ public static final Map<String,List<Future>> byRole = new TreeMap<>();
public final FutureDAO.Data fdd;
public final String role; // derived
- private final static CacheChange<Future> cache = new CacheChange<Future>();
+ private static final CacheChange<Future> cache = new CacheChange<>();
public final UUID id() {
++count;
Future f = creator.create(row);
data.put(f.fdd.id,f);
- if(f.role!=null) {
- List<Future> lf = byRole.get(f.role);
- if(lf==null) {
- byRole.put(f.role,lf = new ArrayList<Future>());
- }
- lf.add(f);
+ if(f.role==null) {
+ continue;
}
+ List<Future> lf = byRole.get(f.role);
+ if(lf==null) {
+ lf = new ArrayList<>();
+ byRole.put(f.role,lf);
+ }
+ lf.add(f);
+
}
} finally {
tt.done();
import java.util.ArrayList;
import java.util.List;
+import java.util.SortedMap;
import java.util.TreeMap;
import org.onap.aaf.misc.env.Env;
import com.datastax.driver.core.Statement;
public class NsAttrib {
- public static final List<NsAttrib> data = new ArrayList<NsAttrib>();
- public static final TreeMap<String,List<NsAttrib>> byKey = new TreeMap<String,List<NsAttrib>>();
- public static final TreeMap<String,List<NsAttrib>> byNS = new TreeMap<String,List<NsAttrib>>();
+ public static final List<NsAttrib> data = new ArrayList<>();
+ public static final SortedMap<String,List<NsAttrib>> byKey = new TreeMap<>();
+ public static final SortedMap<String,List<NsAttrib>> byNS = new TreeMap<>();
- public final String ns,key,value;
+ public final String ns;
+ public final String key;
+ public final String value;
+ public static Creator<NsAttrib> v2_0_11 = new Creator<NsAttrib>() {
+ @Override
+ public NsAttrib create(Row row) {
+ return new NsAttrib(row.getString(0), row.getString(1), row.getString(2));
+ }
+
+ @Override
+ public String select() {
+ return "select ns,key,value from authz.ns_attrib";
+ }
+ };
public NsAttrib(String ns, String key, String value) {
this.ns = ns;
List<NsAttrib> lna = byKey.get(ur.key);
if(lna==null) {
- lna = new ArrayList<NsAttrib>();
+ lna = new ArrayList<>();
byKey.put(ur.key, lna);
}
lna.add(ur);
lna = byNS.get(ur.ns);
if(lna==null) {
- lna = new ArrayList<NsAttrib>();
+ lna = new ArrayList<>();
byNS.put(ur.ns, lna);
}
lna.add(ur);
}
}
- public static Creator<NsAttrib> v2_0_11 = new Creator<NsAttrib>() {
- @Override
- public NsAttrib create(Row row) {
- return new NsAttrib(row.getString(0), row.getString(1), row.getString(2));
- }
-
- @Override
- public String select() {
- return "select ns,key,value from authz.ns_attrib";
- }
- };
-
-
public String toString() {
return '"' + ns + "\",\"" + key + "\",\"" + value +'"';
}
public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<String>());
- private final String name,env;
+ private final String name;
+ private final String env;
private MessageDigest messageDigest;
private final String permType;
private Set<String> caIssuerDNs;
if(permType==null) {
throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
- caIssuerDNs = new HashSet<String>();
+ caIssuerDNs = new HashSet<>();
String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
access.log(Level.INFO, tag, "=",fields);
- for(RDN rdn : rdns = RDN.parse('/',fields)) {
+ rdns = RDN.parse('/',fields);
+ for(RDN rdn : rdns) {
if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
}
}
- idDomains = new ArrayList<String>();
+ idDomains = new ArrayList<>();
StringBuilder sb = null;
for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
if(s.length()>0) {
access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
}
- String data_dir = access.getProperty(CM_PUBLIC_DIR,null);
- if(data_dir!=null) {
- File data = new File(data_dir);
+ String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
+ if(dataDir!=null) {
+ File data = new File(dataDir);
byte[] bytes;
if(data.exists()) {
- String trust_cas = access.getProperty(CM_TRUST_CAS,null);
- if(trust_cas!=null) {
- for(String fname : Split.splitTrim(',', trust_cas)) {
+ String trustCas = access.getProperty(CM_TRUST_CAS,null);
+ if(trustCas!=null) {
+ for(String fname : Split.splitTrim(',', trustCas)) {
File crt = new File(data,fname);
if(crt.exists()) {
access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
static final String CA_PREFIX = "http://";
static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll";
- private final static String MS_PROFILE="1";
- private final static int MAX_RETRY=3;
+ private static final String MS_PROFILE="1";
+ private static final int MAX_RETRY=3;
public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins
// package on purpose
- private Map<String,X509ChainWithIssuer> mxcwi_s;
- private Map<Client,X509ChainWithIssuer> mxcwi_c;
+ private Map<String,X509ChainWithIssuer> mxcwiS;
+ private Map<Client,X509ChainWithIssuer> mxcwiC;
private JscepClientLocator clients;
public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException {
super(access, name, env);
- mxcwi_s = new ConcurrentHashMap<String,X509ChainWithIssuer>();
- mxcwi_c = new ConcurrentHashMap<Client,X509ChainWithIssuer>();
+ mxcwiS = new ConcurrentHashMap<>();
+ mxcwiC = new ConcurrentHashMap<>();
if(params.length<2) {
throw new CertException("No Trust Chain parameters are included");
dir = dir + '/';
}
String path;
- List<FileReader> frs = new ArrayList<FileReader>(params.length-1);
+ List<FileReader> frs = new ArrayList<>(params.length-1);
try {
for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above
path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j];
}
X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs);
addCaIssuerDN(xcwi.getIssuerDN());
- mxcwi_s.put(params[i][0],xcwi);
+ mxcwiS.put(params[i][0],xcwi);
} finally {
for(FileReader fr : frs) {
if(fr!=null) {
break;
}
}
- X509ChainWithIssuer mxcwi = mxcwi_c.get(client);
+ X509ChainWithIssuer mxcwi = mxcwiC.get(client);
return new X509ChainWithIssuer(mxcwi,x509);
-// break;
+
} else if (er.isPending()) {
trans.checkpoint("Polling, waiting on CA to complete");
Thread.sleep(3000);
} else if (er.isFailure()) {
-// switch(er.getFailInfo()) {
-// case badMessageCheck:
-// throw new ClientException("Received BadMessageCheck from Jscep");
-// case badAlg:
-// case badCertId:
-// case badRequest:
-// case badTime:
-// default:
-// }
throw new CertException(clients.info(item)+':'+er.getFailInfo().toString());
}
}
- //i=MAX_RETRY;
} catch(LocatorException e) {
trans.error().log(e);
i=MAX_RETRY;
}
);
// Map URL to Client, because Client doesn't expose Connection
- mxcwi_c.put(c,mxcwi_s.get(urlinfo));
+ mxcwiC.put(c, mxcwiS.get(urlinfo));
return c;
} catch (MalformedURLException e) {
throw new LocatorException(e);
@Override
protected void _destroy(Client client) {
- mxcwi_c.remove(client);
+ mxcwiC.remove(client);
}
String fileName = f.getName();
if(fileName.endsWith(".key")) {
caKey = Factory.toPrivateKey(NullTrans.singleton(),f);
- List<FileReader> frs = new ArrayList<FileReader>(params.length-1);
+ List<FileReader> frs = new ArrayList<>(params.length-1);
try {
String dir = access.getProperty(CM_PUBLIC_DIR, "");
if(!"".equals(dir) && !dir.endsWith("/")) {
KeyStore keyStore;
FileInputStream fis = null;
if(fileName.endsWith(".pkcs11")) {
- String ksType;
- p = Factory.getSecurityProvider(ksType="PKCS11",params);
+ String ksType="PKCS11";
+ p = Factory.getSecurityProvider(ksType,params);
keyStore = KeyStore.getInstance(ksType,p);
} else if(fileName.endsWith(".jks")) {
keyStore = KeyStore.getInstance("JKS");
SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent()))
// new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded()))
);
- List<GeneralName> lsan = new ArrayList<GeneralName>();
+ List<GeneralName> lsan = new ArrayList<>();
for(String s : csrmeta.sans()) {
lsan.add(new GeneralName(GeneralName.dNSName,s));
}
Collection<? extends Certificate> certs;
X509Certificate x509;
for(Reader rdr : rdrs) {
- if(rdr!=null) { // cover for badly formed array
- byte[] bytes = Factory.decode(rdr);
- try {
- certs = Factory.toX509Certificate(bytes);
- } catch (CertificateException e) {
- throw new CertException(e);
+ if(rdr==null) { // cover for badly formed array
+ continue;
+ }
+ byte[] bytes = Factory.decode(rdr);
+ try {
+ certs = Factory.toX509Certificate(bytes);
+ } catch (CertificateException e) {
+ throw new CertException(e);
+ }
+ for(Certificate c : certs) {
+ x509=(X509Certificate)c;
+ Principal subject = x509.getSubjectDN();
+ if(subject==null) {
+ continue;
}
- for(Certificate c : certs) {
- x509=(X509Certificate)c;
- Principal subject = x509.getSubjectDN();
- if(subject!=null) {
- if(cert==null) { // first in Trust Chain
- issuerDN= subject.toString();
- }
- addTrustChainEntry(x509);
- cert=x509; // adding each time makes sure last one is signer.
- }
+ if(cert==null) { // first in Trust Chain
+ issuerDN = subject.toString();
}
+ addTrustChainEntry(x509);
+ cert=x509; // adding each time makes sure last one is signer.
}
}
}
private String email;
private String challenge;
private List<RDN> rdns;
-
- public CSRMeta(List<RDN> rdns) {
- this.rdns = rdns;
- }
-
- private ArrayList<String> sanList = new ArrayList<String>();
+ private ArrayList<String> sanList = new ArrayList<>();
private KeyPair keyPair;
private X500Name name = null;
private SecureRandom random = new SecureRandom();
- public X500Name x500Name() throws IOException {
+ public CSRMeta(List<RDN> rdns) {
+ this.rdns = rdns;
+ }
+
+ public X500Name x500Name() {
if(name==null) {
X500NameBuilder xnb = new X500NameBuilder();
xnb.addRDN(BCStyle.CN,cn);
}
int plus = email==null?0:1;
- if(sanList.size()>0) {
+ if(!sanList.isEmpty()) {
GeneralName[] gna = new GeneralName[sanList.size()+plus];
int i=-1;
for(String s : sanList) {
})
);
}
-
- if(email!=null) {
-
- }
+
try {
return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
} catch (OperatorCreationException e) {
public static void dump(PKCS10CertificationRequest csr) {
Attribute[] certAttributes = csr.getAttributes();
for (Attribute attribute : certAttributes) {
- if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
- Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
- GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
- GeneralName[] names = gns.getNames();
- for(int k=0; k < names.length; k++) {
- String title = "";
- if(names[k].getTagNo() == GeneralName.dNSName) {
- title = "dNSName";
- } else if(names[k].getTagNo() == GeneralName.iPAddress) {
- title = "iPAddress";
- // Deprecated, but I don't see anything better to use.
- names[k].toASN1Object();
- } else if(names[k].getTagNo() == GeneralName.otherName) {
- title = "otherName";
- } else if(names[k].getTagNo() == GeneralName.rfc822Name) {
- title = "email";
- }
+ if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
+ continue;
+ }
+
+ Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
+ GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
+ GeneralName[] names = gns.getNames();
+ for(int k=0; k < names.length; k++) {
+ String title = "";
+ if(names[k].getTagNo() == GeneralName.dNSName) {
+ title = "dNSName";
+ } else if(names[k].getTagNo() == GeneralName.iPAddress) {
+ title = "iPAddress";
+ // Deprecated, but I don't see anything better to use.
+ names[k].toASN1Object();
+ } else if(names[k].getTagNo() == GeneralName.otherName) {
+ title = "otherName";
+ } else if(names[k].getTagNo() == GeneralName.rfc822Name) {
+ title = "email";
+ }
- System.out.println(title + ": "+ names[k].getName());
- }
- }
+ System.out.println(title + ": "+ names[k].getName());
+ }
}
}
*/
@Override
public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException {
- if(in.isOK()) {
- CertResp cin = in.value;
- CertInfo cout = newInstance(API.CERT);
- cout.setPrivatekey(cin.privateString());
- String value;
- if((value=cin.challenge())!=null) {
- cout.setChallenge(value);
- }
- cout.getCerts().add(cin.asCertString());
- if(cin.trustChain()!=null) {
- for(String c : cin.trustChain()) {
- if(c!=null) {
- cout.getCerts().add(c);
- }
+ if(!in.isOK()) {
+ return Result.err(in);
+ }
+
+ CertResp cin = in.value;
+ CertInfo cout = newInstance(API.CERT);
+ cout.setPrivatekey(cin.privateString());
+ String value;
+ if((value=cin.challenge())!=null) {
+ cout.setChallenge(value);
+ }
+ cout.getCerts().add(cin.asCertString());
+ if(cin.trustChain()!=null) {
+ for(String c : cin.trustChain()) {
+ if(c!=null) {
+ cout.getCerts().add(c);
}
}
- // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup
- // Certs in keystore versus Truststore. Separate in Version 2_0
- if(cin.trustCAs()!=null) {
- for(String c : cin.trustCAs()) {
- if(c!=null) {
- cout.getCerts().add(c);
- }
+ }
+ // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup
+ // Certs in keystore versus Truststore. Separate in Version 2_0
+ if(cin.trustCAs()!=null) {
+ for(String c : cin.trustCAs()) {
+ if(c!=null) {
+ cout.getCerts().add(c);
}
}
- if(cin.notes()!=null) {
- boolean first = true;
- StringBuilder sb = new StringBuilder();
- for(String n : cin.notes()) {
- if(first) {
- first = false;
- } else {
- sb.append('\n');
- }
- sb.append(n);
+ }
+ if(cin.notes()!=null) {
+ boolean first = true;
+ StringBuilder sb = new StringBuilder();
+ for(String n : cin.notes()) {
+ if(first) {
+ first = false;
+ } else {
+ sb.append('\n');
}
- cout.setNotes(sb.toString());
+ sb.append(n);
}
- cout.getCaIssuerDNs().addAll(cin.caIssuerDNs());
- cout.setEnv(cin.env());
- return Result.ok(cout);
- } else {
- return Result.err(in);
+ cout.setNotes(sb.toString());
}
+ cout.getCaIssuerDNs().addAll(cin.caIssuerDNs());
+ cout.setEnv(cin.env());
+ return Result.ok(cout);
+
}
@Override
CertReq out = new CertReq();
CertmanValidator v = new CertmanValidator();
- v.isNull("CertRequest", req)
- .nullOrBlank("MechID", out.mechid=in.getMechid());
- v.nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1);
+ out.mechid=in.getMechid();
+ out.fqdns=in.getFqdns();
+ v.isNull("CertRequest", req).nullOrBlank("MechID", out.mechid);
+ v.nullBlankMin("FQDNs", out.fqdns,1);
if(v.err()) {
return Result.err(Result.ERR_BadData, v.errs());
}
*/
@Override
public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) {
- List<ArtiDAO.Data> ladd = new ArrayList<ArtiDAO.Data>();
+ List<ArtiDAO.Data> ladd = new ArrayList<>();
for(Artifact arti : artifacts.getArtifact()) {
ArtiDAO.Data data = new ArtiDAO.Data();
data.mechid = arti.getMechid();
// Derive Optional Data from Machine (Domain) if exists
if(data.machine!=null) {
- if(data.ca==null) {
- if(data.machine.endsWith(".att.com")) {
+ if(data.ca==null && data.machine.endsWith(".att.com")) {
data.ca = "aaf"; // default
- }
}
if(data.ns==null ) {
data.ns=FQI.reverseDomain(data.machine);
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
</execution>
</executions>
</plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <classifier>tests</classifier>
+ <archive>
+ <manifest>
+ <mainClass>org.onap.aaf.auth.cmd.AAFcli</mainClass>
+ </manifest>
+ <manifestEntries>
+ <Sealed>true</Sealed>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <id>full</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>src/assemble/auth-cmd.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
</build>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
--- /dev/null
+<?xml version='1.0' encoding='utf-8'?>
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+
+ <id>full</id>
+ <formats>
+ <format>jar</format>
+ </formats>
+
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <dependencySets>
+ <dependencySet>
+ <unpack>true</unpack>
+ <scope>compile</scope>
+ <includes>
+ <include>org.onap.aaf.authz:aaf-auth-cmd</include>
+ <include>org.onap.aaf.authz:aaf-auth-core</include>
+ <include>org.onap.aaf.authz:aaf-auth-client</include>
+ <include>org.onap.aaf.authz:aaf-cadi-aaf</include>
+ <include>org.onap.aaf.authz:aaf-cadi-core</include>
+ <include>org.onap.aaf.authz:aaf-cadi-client</include>
+ <include>org.onap.aaf.authz:aaf-misc-env</include>
+ <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>jline:jline</include>
+ </includes>
+ </dependencySet>
+
+ </dependencySets>
+ <fileSets>
+ <fileSet>
+ <directory>src/main/xsd</directory>
+ </fileSet>
+ </fileSets>
+</assembly>
\ No newline at end of file
import org.onap.aaf.auth.common.Define;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
import jline.console.ConsoleReader;
public class AAFcli {
- private static final String HTTPS = "https://";
protected static PrintWriter pw;
protected HMangr hman;
// Storage for last reused client. We can do this
AAFSSO aafsso = new AAFSSO(args);
try {
PropAccess access = aafsso.access();
- Define.set(access);
- AuthzEnv env = new AuthzEnv(access);
-
- StringBuilder err = aafsso.err();
- String noexit = access.getProperty("no_exit");
- if (err != null) {
- err.append("to continue...");
- System.err.println(err);
- if(noexit!=null) {
- System.exit(1);
- }
- }
-
- Reader rdr = null;
- boolean exitOnFailure = true;
- /*
- * Check for "-" options anywhere in command line
- */
- StringBuilder sb = new StringBuilder();
- for (int i = 0; i < args.length; ++i) {
- if ("-i".equalsIgnoreCase(args[i])) {
- rdr = new InputStreamReader(System.in);
- // } else if("-o".equalsIgnoreCase(args[i])) {
- // // shall we do something different? Output stream is
- // already done...
- } else if ("-f".equalsIgnoreCase(args[i])) {
- if (args.length > i + 1) {
- rdr = new FileReader(args[++i]);
- }
- } else if ("-a".equalsIgnoreCase(args[i])) {
- exitOnFailure = false;
- } else if ("-c".equalsIgnoreCase(args[i])) {
- isConsole = true;
- } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {
- access.setProperty(Cmd.STARTDATE, args[++i]);
- } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {
- access.setProperty(Cmd.ENDDATE, args[++i]);
- } else if ("-t".equalsIgnoreCase(args[i])) {
- isTest = true;
- } else if ("-d".equalsIgnoreCase(args[i])) {
- showDetails = true;
- } else if ("-n".equalsIgnoreCase(args[i])) {
- ignoreDelay = true;
- } else {
- if (sb.length() > 0) {
- sb.append(' ');
- }
- sb.append(args[i]);
- }
- }
-
- SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
- Locator<URI> loc;
- String aafUrl = access.getProperty(Config.AAF_URL);
- if(aafUrl==null) {
- aafsso.setLogDefault();
- aafsso.setStdErrDefault();
- aafUrl=AAFSSO.cons.readLine("aaf_url=%s", HTTPS);
- if(aafUrl.length()==0) {
- System.exit(0);
- } else if(!aafUrl.startsWith(HTTPS)) {
- aafUrl=HTTPS+aafUrl;
- }
- aafsso.addProp(Config.AAF_URL, aafUrl);
- }
- // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan
- if(!aafsso.loginOnly()) {
- try {
- loc = new AAFLocator(si,new URI(aafUrl));
- } catch (Throwable t) {
- aafsso.setStdErrDefault();
- throw t;
- } finally {
- // Other Access is done writing to StdOut and StdErr, reset Std out
- aafsso.setLogDefault();
- }
-
- TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
- HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion("2.0");
+ if(aafsso.ok()) {
+ Define.set(access);
+ AuthzEnv env = new AuthzEnv(access);
- if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) {
- access.log(Level.ERROR, Config.AAF_DEFAULT_REALM,"is required");
+ Reader rdr = null;
+ boolean exitOnFailure = true;
+ /*
+ * Check for "-" options anywhere in command line
+ */
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < args.length; ++i) {
+ if ("-i".equalsIgnoreCase(args[i])) {
+ rdr = new InputStreamReader(System.in);
+ // } else if("-o".equalsIgnoreCase(args[i])) {
+ // // shall we do something different? Output stream is
+ // already done...
+ } else if ("-f".equalsIgnoreCase(args[i])) {
+ if (args.length > i + 1) {
+ rdr = new FileReader(args[++i]);
+ }
+ } else if ("-a".equalsIgnoreCase(args[i])) {
+ exitOnFailure = false;
+ } else if ("-c".equalsIgnoreCase(args[i])) {
+ isConsole = true;
+ } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {
+ access.setProperty(Cmd.STARTDATE, args[++i]);
+ } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {
+ access.setProperty(Cmd.ENDDATE, args[++i]);
+ } else if ("-t".equalsIgnoreCase(args[i])) {
+ isTest = true;
+ } else if ("-d".equalsIgnoreCase(args[i])) {
+ showDetails = true;
+ } else if ("-n".equalsIgnoreCase(args[i])) {
+ ignoreDelay = true;
+ } else {
+ if (sb.length() > 0) {
+ sb.append(' ');
+ }
+ sb.append(args[i]);
+ }
}
+ SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
+ Locator<URI> loc;
- AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si,
- new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false)));
- if(!ignoreDelay) {
- File delay = new File("aafcli.delay");
- if(delay.exists()) {
- BufferedReader br = new BufferedReader(new FileReader(delay));
- try {
- globalDelay = Integer.parseInt(br.readLine());
- } catch(Exception e) {
- access.log(Level.DEBUG,e);
- } finally {
- br.close();
+ aafsso.setLogDefault();
+ aafsso.setStdErrDefault();
+
+ // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan
+ if(!aafsso.loginOnly()) {
+ try {
+ loc = new AAFLocator(si,new URI(access.getProperty(Config.AAF_URL)));
+ } catch (Throwable t) {
+ aafsso.setStdErrDefault();
+ throw t;
+ } finally {
+ // Other Access is done writing to StdOut and StdErr, reset Std out
+ aafsso.setLogDefault();
+ }
+
+ TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
+ HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion(Config.AAF_DEFAULT_VERSION);
+
+ if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) {
+ access.setProperty(Config.AAF_DEFAULT_REALM, "people.osaaf.org");
+ aafsso.addProp(Config.AAF_DEFAULT_REALM, "people.osaaf.org");
+ }
+
+
+ AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si,
+ new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false)));
+ if(!ignoreDelay) {
+ File delay = new File("aafcli.delay");
+ if(delay.exists()) {
+ BufferedReader br = new BufferedReader(new FileReader(delay));
+ try {
+ globalDelay = Integer.parseInt(br.readLine());
+ } catch(Exception e) {
+ access.log(Level.DEBUG,e);
+ } finally {
+ br.close();
+ }
}
}
- }
- try {
- if (isConsole) {
- System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");
- System.out.println("Type '?' for help with command line editing");
- System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");
-
- ConsoleReader reader = new ConsoleReader();
- try {
- reader.setPrompt("aafcli > ");
+ try {
+ if (isConsole) {
+ System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");
+ System.out.println("Type '?' for help with command line editing");
+ System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");
+ ConsoleReader reader = new ConsoleReader();
+ try {
+ reader.setPrompt("aafcli > ");
+
+ String line;
+ while ((line = reader.readLine()) != null) {
+ showDetails = (line.contains("-d"))?true:false;
+
+ if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {
+ break;
+ } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d")
+ || line.equalsIgnoreCase("help")) {
+ line = "--help";
+ } else if (line.equalsIgnoreCase("cls")) {
+ reader.clearScreen();
+ continue;
+ } else if (line.equalsIgnoreCase("?")) {
+ keyboardHelp();
+ continue;
+ }
+ try {
+ aafcli.eval(line);
+ pw.flush();
+ } catch (Exception e) {
+ pw.println(e.getMessage());
+ pw.flush();
+ }
+ }
+ } finally {
+ reader.close();
+ }
+ } else if (rdr != null) {
+ BufferedReader br = new BufferedReader(rdr);
String line;
- while ((line = reader.readLine()) != null) {
- showDetails = (line.contains("-d"))?true:false;
-
- if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {
+ while ((line = br.readLine()) != null) {
+ if (!aafcli.eval(line) && exitOnFailure) {
+ rv = 1;
break;
- } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d")
- || line.equalsIgnoreCase("help")) {
- line = "--help";
- } else if (line.equalsIgnoreCase("cls")) {
- reader.clearScreen();
- continue;
- } else if (line.equalsIgnoreCase("?")) {
- keyboardHelp();
- continue;
- }
- try {
- aafcli.eval(line);
- pw.flush();
- } catch (Exception e) {
- pw.println(e.getMessage());
- pw.flush();
}
}
- } finally {
- reader.close();
- }
- } else if (rdr != null) {
- BufferedReader br = new BufferedReader(rdr);
- String line;
- while ((line = br.readLine()) != null) {
- if (!aafcli.eval(line) && exitOnFailure) {
- rv = 1;
- break;
+ } else { // just run the command line
+ aafcli.verbose(false);
+ if (sb.length() == 0) {
+ sb.append("--help");
}
+ rv = aafcli.eval(sb.toString()) ? 0 : 1;
}
- } else { // just run the command line
- aafcli.verbose(false);
- if (sb.length() == 0) {
- sb.append("--help");
+
+ } finally {
+ aafcli.close();
+
+ // Don't close if No Reader, or it's a Reader of Standard In
+ if (rdr != null && !(rdr instanceof InputStreamReader)) {
+ rdr.close();
}
- rv = aafcli.eval(sb.toString()) ? 0 : 1;
- }
-
- } finally {
- aafcli.close();
-
- // Don't close if No Reader, or it's a Reader of Standard In
- if (rdr != null && !(rdr instanceof InputStreamReader)) {
- rdr.close();
}
}
}
- aafsso.writeFiles();
} finally {
aafsso.close();
+ StringBuilder err = aafsso.err();
+ String noexit = aafsso.access().getProperty("no_exit");
+ if (err != null) {
+ err.append("to continue...");
+ System.err.println(err);
+ }
+ if(noexit==null) {
+ return;
+ }
+
}
-
} catch (MessageException e) {
System.out.println("MessageException caught");
}
public static void set(Access access) throws CadiException {
- ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.onap.aaf");
+ ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.osaaf.aaf");
ROOT_COMPANY = access.getProperty(Config.AAF_ROOT_COMPANY,null);
if(ROOT_COMPANY==null) {
int last = ROOT_NS.lastIndexOf('.');
Assert.assertTrue(Organization.NULL.getPasswordRules() instanceof String[]);
}
-
}
assertEquals(response.name(), "OK");
}
-
+
+ @Test
+ public void testDefOrgPasswords() {
+ assertEquals(defaultOrg.isValidPassword(authzTransMock, null, "new2You!", "Pilgrim"),"");
+ assertNotSame(defaultOrg.isValidPassword(authzTransMock, null, "new2you!", "Pilgrim"),"");
+
+ }
@Test
public void testDefOrgNotifyPasswordExpiration_returnResponseOK() {
@Override
public Cells get(final AuthzTrans trans, final AAF_GUI gui) {
final String userParam = trans.get(sUser, null);
- ArrayList<AbsCell[]> rv = new ArrayList<AbsCell[]>();
+ ArrayList<AbsCell[]> rv = new ArrayList<>();
String msg = null;
TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE);
try {
- final List<Approval> pendingApprovals = new ArrayList<Approval>();
- final List<Integer> beginIndicesPerApprover = new ArrayList<Integer>();
+ final List<Approval> pendingApprovals = new ArrayList<>();
+ final List<Integer> beginIndicesPerApprover = new ArrayList<>();
int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException {
if(fa.value!=null) {
for (Approval appr : fa.value.getApprovals()) {
- if (appr.getStatus().equals("pending")) {
- if (userParam!=null) {
- if (!appr.getUser().equalsIgnoreCase(userParam)) {
+ if ("pending".equals(appr.getStatus())) {
+ if (userParam!=null && !appr.getUser().equalsIgnoreCase(userParam)) {
numLeft++;
continue;
- }
}
pendingApprovals.add(appr);
}
}
});
- if (pendingApprovals.size() > 0) {
+ if (!pendingApprovals.isEmpty()) {
// Only add select all links if we have approvals
AbsCell[] selectAllRow = new AbsCell[] {
AbsCell.Null,
int line=-1;
- while (beginIndicesPerApprover.size() > 0) {
+ while (!beginIndicesPerApprover.isEmpty()) {
int beginIndex = beginIndicesPerApprover.remove(0);
int endIndex = (beginIndicesPerApprover.isEmpty()?pendingApprovals.size():beginIndicesPerApprover.get(0));
List<Approval> currApproverList = pendingApprovals.subList(beginIndex, endIndex);
} else {
Identity au = org.getIdentity(trans, user);
if(au!=null) {
- if(au.type().equals("MECHID")) {
+ if("MECHID".equals(au.type())) {
Identity managedBy = au.responsibleTo();
if(managedBy==null) {
title ="title=" + au.type();
title="title=Not a User at " + org.getName();
}
}
- userCell = new RefCell(prevUser=user,
+ prevUser=user;
+ userCell = new RefCell(prevUser,
TODO_ILM_INFO+user.substring(0, user.length()-DOMAIN_OF_USER.length()),
true,
title);
} else {
- userCell = new TextCell(prevUser=user);
+ userCell = new TextCell(prevUser);
}
AbsCell[] sa = new AbsCell[] {
userCell,
if(numLeft>0) {
msg = "After these, there will be " + numLeft + " approvals left to process";
}
- if(rv.size()==0) {
+ if(rv.isEmpty()) {
if (numLeft>0) {
msg = "No Approvals to process at this time for user " + userParam +". You have "
+ numLeft + " other approvals to process.";
String user = i.getUser();
AbsCell userCell = new TextCell(user);
+ String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>");
rv.add(new AbsCell[] {
new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
userCell,
- new TextCell(i.getMemo())
+ new TextCell(memo)
});
}
} finally {
for (Item i : histItems) {
String user = i.getUser();
AbsCell userCell = new TextCell(user);
-
+ String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>");
rv.add(new AbsCell[] {
new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
userCell,
- new TextCell(i.getMemo())
+ new TextCell(memo)
});
}
Future<Roles> fr = client.read("/authz/roles/"+pRole+"?ns",gui.getDF(Roles.class));
Future<UserRoles> fur = client.read("/authz/userRoles/role/"+pRole,gui.getDF(UserRoles.class));
if(fr.get(AAF_GUI.TIMEOUT)) {
- Role role = fr.value.getRole().get(0);
- trans.put(sRole, role);
- Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write"));
- trans.put(sMayWrite,mayWrite);
- Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve"));
- trans.put(sMayApprove, mayApprove);
-
- if(mayWrite || mayApprove) {
- Mark js = new Mark();
- Mark fn = new Mark();
- hgen.js(js)
- .function(fn,"touchedDesc")
- .li("d=document.getElementById('descText');",
- "if (d.orig == undefined ) {",
- " d.orig = d.value;",
- " d.addEventListener('keyup',changedDesc);",
- " d.removeEventListener('keypress',touchedDesc);",
- "}").end(fn)
- .function(fn,"changedDesc")
- .li(
- "dcb=document.getElementById('descCB');",
- "d=document.getElementById('descText');",
- "dcb.checked= (d.orig != d.value)"
- ).end(fn)
- .end(js);
-
- Mark mark = new Mark();
- hgen.incr(mark,"form","method=post");
- trans.put(sMark, mark);
+ List<Role> roles = fr.value.getRole();
+ if(!roles.isEmpty()) {
+ Role role = fr.value.getRole().get(0);
+ trans.put(sRole, role);
+ Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write"));
+ trans.put(sMayWrite,mayWrite);
+ Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve"));
+ trans.put(sMayApprove, mayApprove);
+
+ if(mayWrite || mayApprove) {
+ Mark js = new Mark();
+ Mark fn = new Mark();
+ hgen.js(js)
+ .function(fn,"touchedDesc")
+ .li("d=document.getElementById('descText');",
+ "if (d.orig == undefined ) {",
+ " d.orig = d.value;",
+ " d.addEventListener('keyup',changedDesc);",
+ " d.removeEventListener('keypress',touchedDesc);",
+ "}").end(fn)
+ .function(fn,"changedDesc")
+ .li(
+ "dcb=document.getElementById('descCB');",
+ "d=document.getElementById('descText');",
+ "dcb.checked= (d.orig != d.value)"
+ ).end(fn)
+ .end(js);
+
+ Mark mark = new Mark();
+ hgen.incr(mark,"form","method=post");
+ trans.put(sMark, mark);
+ }
}
} else {
trans.error().printf("Error calling AAF for Roles in GUI, Role Detail %d: %s",fr.code(),fr.body());
import org.onap.aaf.auth.gui.Table;
import org.onap.aaf.auth.gui.Table.Cells;
import org.onap.aaf.auth.gui.table.AbsCell;
-import org.onap.aaf.auth.gui.table.RefCell;
import org.onap.aaf.auth.gui.table.TableData;
import org.onap.aaf.auth.gui.table.TextCell;
import org.onap.aaf.cadi.CadiException;
for (Item i : histItems) {
String user = i.getUser();
AbsCell userCell = new TextCell(user);
-
+
+ String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>");
rv.add(new AbsCell[] {
new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
userCell,
- new TextCell(i.getMemo())
+ new TextCell(memo)
});
}
} else {
}
// Look up data
- Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, role);
+ int query = role.indexOf('?');
+ Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query));
if(rlrd.isOK()) {
// Note: Mapper will restrict what can be viewed
ROLES roles = mapper.newInstance(API.ROLES);
}
if(org.supportsRealm(cd.id)) {
- if(isNew && (str=org.isValidID(trans, str)).length()>0) {
+ String resp = org.isValidID(trans, str);
+ if(isNew && (resp!=null && resp.length()>0)) {
msg(cd.id,str);
}
}
int connectTimeout = Integer.parseInt(si.access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
try {
String[] path = Split.split('/',locatorURI.getPath());
- if(path.length>2 && "locate".equals(path[1])) {
+ String host = locatorURI.getHost();
+ if(host==null) {
+ host = locatorURI.getAuthority(); // this happens when no port
+ }
+ if("AAF_LOCATE_URL".equals(host)) {
+ URI uri = new URI(
+ locatorURI.getScheme(),
+ locatorURI.getUserInfo(),
+ aaf_locator_uri.getHost(),
+ aaf_locator_uri.getPort(),
+ "/locate"+locatorURI.getPath(),
+ null,
+ null
+ );
+ client = createClient(ss, uri, connectTimeout);
+ } else if(path.length>1 && "locate".equals(path[1])) {
StringBuilder sb = new StringBuilder();
for(int i=3;i<path.length;++i) {
sb.append('/');
sb.append(path[i]);
}
setPathInfo(sb.toString());
- String host = locatorURI.getHost();
- if(aaf_locator_host!=null && (host==null || "AAF_LOCATOR_URL".equals(host))) {
- int slash = aaf_locator_host.lastIndexOf("//");
- host = aaf_locator_host.substring(slash+2);
- }
URI uri = new URI(
locatorURI.getScheme(),
locatorURI.getUserInfo(),
- host,
+ locatorURI.getHost(),
locatorURI.getPort(),
"/locate/"+name + '/' + version,
null,
client = new HClient(ss, locatorURI, connectTimeout);
}
epsDF = env.newDataFactory(Endpoints.class);
- refresh();
} catch (APIException | URISyntaxException e) {
throw new LocatorException(e);
}
protected String myhostname;
protected int myport;
protected final String aaf_locator_host;
+ protected final URI aaf_locator_uri;
private long earliest;
private final long refreshWait;
public AbsAAFLocator(Access access, String name, final long refreshMin) throws LocatorException {
aaf_locator_host = access.getProperty(Config.AAF_LOCATE_URL, null);
+ if(aaf_locator_host==null) {
+ aaf_locator_uri = null;
+ } else {
+ try {
+ aaf_locator_uri = new URI(aaf_locator_host);
+ } catch (URISyntaxException e) {
+ throw new LocatorException(e);
+ }
+ }
epList = new LinkedList<EP>();
refreshWait = refreshMin;
protected AbsOTafLur(final PropAccess access, final String token_url, final String introspect_url) throws CadiException {
this.access = access;
- if((client_id = access.getProperty(Config.AAF_APPID,null))==null) {
- throw new CadiException(Config.AAF_APPID + REQUIRED_FOR_OAUTH2);
+ String ci;
+ if((ci = access.getProperty(Config.AAF_APPID,null))==null) {
+ if((ci = access.getProperty(Config.CADI_ALIAS,null))==null) {
+ throw new CadiException(Config.AAF_APPID + REQUIRED_FOR_OAUTH2);
+ }
}
+ client_id = ci;
synchronized(access) {
if(tokenClientPool==null) {
} catch(IOException | NoSuchAlgorithmException e) {
throw new CadiException(e);
}
+ } else {
+ ss = new GetSetter() {
+ @Override
+ public <CLIENT> SecuritySetter<CLIENT> get(AAFCon<CLIENT> con) throws CadiException {
+ try {
+ return con.x509Alias(client_id);// no password, assume Cert
+ } catch (APIException e) {
+ throw new CadiException(e);
+ }
+ }
+ };
+ authn_method = AUTHN_METHOD.client_credentials;
}
}
if(locatorURL==null) {
throw new LocatorException("Cannot have a null locatorURL in bestLocator");
}
- if(locatePattern.matcher(locatorURL).matches()) {
+ if(locatorURL.startsWith("https://AAF_LOCATE_URL/") || locatePattern.matcher(locatorURL).matches()) {
return new AAFLocator(hsi,new URI(locatorURL));
- } else if(locatorURL.contains("//DME2RESOLVE/")) {
- throw new LocatorException("DME2Locator doesn't exist. Use DME2 specific Clients");
} else {
return new PropertyLocator(locatorURL);
}
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.io.PrintStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map.Entry;
import java.util.Properties;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
public class AAFSSO {
public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole();
- private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
+// private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
- private Properties diskprops = null; // use for temp storing User/Password on disk
+ private Properties diskprops;
+ private boolean touchDiskprops;
private File dot_aaf = null;
private File sso = null; // instantiated, if ever, with diskprops
private PrintStream os;
private Method close;
+ private final PrintStream stdOutOrig;
+ private final PrintStream stdErrOrig;
+ private boolean ok;
public AAFSSO(String[] args) throws IOException, CadiException {
- String[] nargs = parseArgs(args);
+ ok = true;
+ List<String> nargs = parseArgs(args);
+ diskprops = new Properties();
+ touchDiskprops = false;
dot_aaf = new File(System.getProperty("user.home") + "/.aaf");
if (!dot_aaf.exists()) {
dot_aaf.mkdirs();
}
+ stdOutOrig = System.out;
+ stdErrOrig = System.err;
File f = new File(dot_aaf, "sso.out");
os = new PrintStream(new FileOutputStream(f, true));
System.setOut(os);
System.setErr(os);
- access = new PropAccess(os, nargs);
- Config.setDefaultRealm(access);
-
- user = access.getProperty(Config.AAF_APPID);
- encrypted_pass = access.getProperty(Config.AAF_APPPASS);
-
+ sso = new File(dot_aaf, "sso.props");
+ if(sso.exists()) {
+ InputStream propStream = new FileInputStream(sso);
+ try {
+ diskprops.load(propStream);
+ } finally {
+ propStream.close();
+ }
+ }
+
+// String keyfile = diskprops.getProperty(Config.CADI_KEYFILE);
+// if(keyfile==null) {
+// keyfile = dot_aaf.getCanonicalPath()+".keyfile";
+// touchDiskprops=true;
+// }
File dot_aaf_kf = new File(dot_aaf, "keyfile");
- sso = new File(dot_aaf, "sso.props");
if (removeSSO) {
if (dot_aaf_kf.exists()) {
dot_aaf_kf.setWritable(true, true);
dot_aaf_kf.delete();
}
if (sso.exists()) {
- sso.delete();
+ Properties temp = new Properties();
+ // Keep only these
+ for(Entry<Object, Object> es : diskprops.entrySet()) {
+ if(Config.CADI_LATITUDE.equals(es.getKey()) ||
+ Config.CADI_LONGITUDE.equals(es.getKey()) ||
+ Config.AAF_DEFAULT_REALM.equals(es.getKey())) {
+ temp.setProperty(es.getKey().toString(), es.getValue().toString());
+ }
+ }
+ diskprops = temp;
+ touchDiskprops = true;
}
+ String[] naargs = new String[nargs.size()];
+ nargs.toArray(naargs);
+ access = new PropAccess(os, naargs);
+ ok = false;
+ setLogDefault();
System.out.println("AAF SSO information removed");
- if (doExit) {
- System.exit(0);
+ } else {
+ // Config.setDefaultRealm(access);
+
+ if (!dot_aaf_kf.exists()) {
+ FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
+ try {
+ fos.write(Symm.keygen());
+ setReadonly(dot_aaf_kf);
+ } finally {
+ fos.close();
+ }
}
- }
- if (!dot_aaf_kf.exists()) {
- FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
- try {
- fos.write(Symm.keygen());
- setReadonly(dot_aaf_kf);
- } finally {
- fos.close();
+ for(Entry<Object, Object> es : diskprops.entrySet()) {
+ nargs.add(es.getKey().toString() + '=' + es.getValue().toString());
}
- }
-
- String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props
- if (keyfile == null) {
- access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
- }
-
- String alias = access.getProperty(Config.CADI_ALIAS);
- if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) {
- user = alias;
- access.setProperty(Config.AAF_APPID, user);
- use_X509 = true;
- } else {
- use_X509 = false;
- Symm decryptor = Symm.obtain(dot_aaf_kf);
- if (user == null) {
- if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) {
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
- FileInputStream fos = new FileInputStream(sso);
- try {
- access.load(fos);
- user = access.getProperty(Config.AAF_APPID);
- encrypted_pass = access.getProperty(Config.AAF_APPPASS);
- // decrypt with .aaf, and re-encrypt with regular Keyfile
- access.setProperty(Config.AAF_APPPASS,
- access.encrypt(decryptor.depass(encrypted_pass)));
- if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
- access.setProperty(Config.CM_URL, cm_url);
+ String[] naargs = new String[nargs.size()];
+ nargs.toArray(naargs);
+ access = new PropAccess(os, naargs);
+
+ if(loginOnly) {
+ for(String tag : new String[] {Config.AAF_APPID, Config.AAF_APPPASS,
+ Config.CADI_ALIAS, Config.CADI_KEYSTORE,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) {
+ access.getProperties().remove(tag);
+ diskprops.remove(tag);
+ }
+ touchDiskprops=true;
+// TODO Do we want to require reset of Passwords at least every Eight Hours.
+// } else if (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS)) {
+// for(String tag : new String[] {Config.AAF_APPPASS,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) {
+// access.getProperties().remove(tag);
+// diskprops.remove(tag);
+// }
+// touchDiskprops=true;
+ }
+
+ String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case its CertificateMan props
+ if (keyfile == null) {
+ access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
+ addProp(Config.CADI_KEYFILE,dot_aaf_kf.getAbsolutePath());
+ }
+
+
+ String alias, appID;
+ alias = access.getProperty(Config.CADI_ALIAS);
+ if(alias==null) {
+ appID = access.getProperty(Config.AAF_APPID);
+ user=appID;
+ } else {
+ user=alias;
+ appID=null;
+ }
+
+ String keystore=access.getProperty(Config.CADI_KEYSTORE);
+ String keystore_pass=access.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+
+ if(user==null || (alias!=null && (keystore==null || keystore_pass==null))) {
+ String select = null;
+ String name;
+ for (File tsf : dot_aaf.listFiles()) {
+ name = tsf.getName();
+ if (!name.contains("trust") && (name.endsWith(".jks") || name.endsWith(".p12"))) {
+ select = cons.readLine("Use %s for Identity? (y/n): ",tsf.getName());
+ if("y".equalsIgnoreCase(select)) {
+ keystore = tsf.getCanonicalPath();
+ access.setProperty(Config.CADI_KEYSTORE, keystore);
+ addProp(Config.CADI_KEYSTORE, keystore);
+ char[] password = cons.readPassword("Keystore Password: ");
+ encrypted_pass= access.encrypt(new String(password));
+ access.setProperty(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass);
+ addProp(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass);
+
+ // TODO READ Aliases out of Keystore?
+ user = alias = cons.readLine("Keystore alias: ");
+ access.setProperty(Config.CADI_ALIAS, user);
+ addProp(Config.CADI_ALIAS, user);
+ break;
}
- } finally {
- fos.close();
- }
- } else {
- diskprops = new Properties();
- String realm = Config.getDefaultRealm();
- // Turn on Console Sysout
- System.setOut(System.out);
- user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
- if (user == null) {
- user = System.getProperty("user.name") + '@' + realm;
- } else if (user.length() == 0) { //
- user = System.getProperty("user.name") + '@' + realm;
- } else if ((user.indexOf('@') < 0) && (realm != null)) {
- user = user + '@' + realm;
}
- access.setProperty(Config.AAF_APPID, user);
- diskprops.setProperty(Config.AAF_APPID, user);
- encrypted_pass = new String(cons.readPassword("aaf_password: "));
- System.setOut(os);
- encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ }
+ if(alias==null) {
+ user = appID = cons.readLine(Config.AAF_APPID + ": ");
+ access.setProperty(Config.AAF_APPID, appID);
+ addProp(Config.AAF_APPID, appID);
+ char[] password = cons.readPassword(Config.AAF_APPPASS + ": ");
+ encrypted_pass= access.encrypt(new String(password));
access.setProperty(Config.AAF_APPPASS, encrypted_pass);
- diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
- diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
+ addProp(Config.AAF_APPPASS, encrypted_pass);
+ }
+ } else {
+ encrypted_pass = access.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+ if(encrypted_pass == null) {
+ keystore_pass = null;
+ encrypted_pass = access.getProperty(Config.AAF_APPPASS);
+ } else {
+ keystore_pass = encrypted_pass;
}
}
- }
- if (user == null) {
- err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
- }
-
- if (encrypted_pass == null && alias == null) {
- if (err == null) {
- err = new StringBuilder();
+
+
+ if (alias!=null) {
+ use_X509 = true;
} else {
- err.append("and ");
+ use_X509 = false;
+ Symm decryptor = Symm.obtain(dot_aaf_kf);
+ if (user == null) {
+ if (sso.exists()) {
+ String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
+ FileInputStream fos = new FileInputStream(sso);
+ try {
+ access.load(fos);
+ user = access.getProperty(Config.AAF_APPID);
+ encrypted_pass = access.getProperty(Config.AAF_APPPASS);
+ // decrypt with .aaf, and re-encrypt with regular Keyfile
+ access.setProperty(Config.AAF_APPPASS,
+ access.encrypt(decryptor.depass(encrypted_pass)));
+ if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
+ access.setProperty(Config.CM_URL, cm_url);
+ }
+ } finally {
+ fos.close();
+ }
+ } else {
+ diskprops = new Properties();
+ String realm = Config.getDefaultRealm();
+ // Turn on Console Sysout
+ System.setOut(System.out);
+ user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
+ if (user == null) {
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if (user.length() == 0) { //
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if ((user.indexOf('@') < 0) && (realm != null)) {
+ user = user + '@' + realm;
+ }
+ access.setProperty(Config.AAF_APPID, user);
+ diskprops.setProperty(Config.AAF_APPID, user);
+ encrypted_pass = new String(cons.readPassword("aaf_password: "));
+ System.setOut(os);
+ encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ access.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
+ }
+ }
+ }
+ if (user == null) {
+ err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
+ }
+
+ if (encrypted_pass == null && alias == null) {
+ if (err == null) {
+ err = new StringBuilder();
+ } else {
+ err.append("and ");
+ }
+ err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
+ }
+
+ String locateUrl = access.getProperty(Config.AAF_LOCATE_URL);
+ if(locateUrl==null) {
+ locateUrl=AAFSSO.cons.readLine("AAF Locator FQDN/machine[:port]=https://");
+ if(locateUrl==null || locateUrl.length()==0) {
+ err = new StringBuilder(Config.AAF_LOCATE_URL);
+ err.append(" is required.");
+ ok = false;
+ return;
+ } else {
+ locateUrl="https://"+locateUrl+"/locate";
+ }
+ access.setProperty(Config.AAF_LOCATE_URL, locateUrl);
+ addProp(Config.AAF_LOCATE_URL, locateUrl);
+ }
+
+ String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service/2.0";
+ access.setProperty(Config.AAF_URL, aafUrl);
+ access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm/2.0");
+ String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
+ if(cadiLatitude==null) {
+ System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
+ cadiLatitude=AAFSSO.cons.readLine("cadi_latitude[0.000]=");
+ if(cadiLatitude==null || cadiLatitude.isEmpty()) {
+ cadiLatitude="0.000";
+ }
+ access.setProperty(Config.CADI_LATITUDE, cadiLatitude);
+ addProp(Config.CADI_LATITUDE, cadiLatitude);
+
}
- err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
+ String cadiLongitude = access.getProperty(Config.CADI_LONGITUDE);
+ if(cadiLongitude==null) {
+ cadiLongitude=AAFSSO.cons.readLine("cadi_longitude[0.000]=");
+ if(cadiLongitude==null || cadiLongitude.isEmpty()) {
+ cadiLongitude="0.000";
+ }
+ access.setProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ addProp(Config.CADI_LONGITUDE, cadiLongitude);
+ }
+
+ String cadi_truststore = access.getProperty(Config.CADI_TRUSTSTORE);
+ if(cadi_truststore==null) {
+ String name;
+ String select;
+ for (File tsf : dot_aaf.listFiles()) {
+ name = tsf.getName();
+ if (name.contains("trust") &&
+ (name.endsWith(".jks") || name.endsWith(".p12"))) {
+ select = cons.readLine("Use %s for TrustStore? (y/n):",tsf.getName());
+ if("y".equalsIgnoreCase(select)) {
+ cadi_truststore=tsf.getCanonicalPath();
+ access.setProperty(Config.CADI_TRUSTSTORE, cadi_truststore);
+ addProp(Config.CADI_TRUSTSTORE, cadi_truststore);
+ break;
+ }
+ }
+ }
+ }
+ if(cadi_truststore!=null) {
+ if(cadi_truststore.indexOf(File.separatorChar)<0) {
+ cadi_truststore=dot_aaf.getPath()+File.separator+cadi_truststore;
+ }
+ String cadi_truststore_password = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD);
+ if(cadi_truststore_password==null) {
+ cadi_truststore_password=AAFSSO.cons.readLine("cadi_truststore_password[%s]=","changeit");
+ cadi_truststore_password = access.encrypt(cadi_truststore_password);
+ access.setProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password);
+ addProp(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password);
+ }
+ }
+ ok = err==null;
}
+ writeFiles();
}
public void setLogDefault() {
this.setLogDefault(PropAccess.DEFAULT);
+ System.setOut(stdOutOrig);
}
public void setStdErrDefault() {
access.setLogLevel(PropAccess.DEFAULT);
- System.setErr(System.err);
+ System.setOut(stdErrOrig);
}
public void setLogDefault(Level level) {
- access.setLogLevel(level);
- System.setOut(System.out);
+ if(access!=null) {
+ access.setLogLevel(level);
+ }
+ System.setOut(stdOutOrig);
}
public boolean loginOnly() {
}
public void addProp(String key, String value) {
- if (diskprops != null) {
- diskprops.setProperty(key, value);
+ if(key==null || value==null) {
+ return;
}
+ touchDiskprops=true;
+ diskprops.setProperty(key, value);
}
public void writeFiles() throws IOException {
- // Store Creds, if they work
- if (diskprops != null) {
- if (!dot_aaf.exists()) {
- dot_aaf.mkdirs();
+ if(touchDiskprops) {
+ // Store Creds, if they work
+ if (diskprops != null) {
+ if (!dot_aaf.exists()) {
+ dot_aaf.mkdirs();
+ }
+ FileOutputStream fos = new FileOutputStream(sso);
+ try {
+ diskprops.store(fos, "AAF Single Signon");
+ } finally {
+ fos.close();
+ setReadonly(sso);
+ }
}
- FileOutputStream fos = new FileOutputStream(sso);
- try {
- diskprops.store(fos, "AAF Single Signon");
- } finally {
- fos.close();
+ if (sso != null) {
setReadonly(sso);
+ sso.setWritable(true, true);
}
}
- if (sso != null) {
- setReadonly(sso);
- sso.setWritable(true, true);
- }
}
public PropAccess access() {
}
}
- private String[] parseArgs(String[] args)
+ private List<String> parseArgs(String[] args)
{
List<String> larg = new ArrayList<String>(args.length);
larg.add(args[i]);
}
}
- String[] nargs = new String[larg.size()];
- larg.toArray(nargs);
- return nargs;
+ return larg;
}
private void setReadonly(File file) {
file.setReadable(false, false);
file.setReadable(true, true);
}
+
+ public boolean ok() {
+ return ok;
+ }
}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.oauth.test;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.security.GeneralSecurityException;
+
+import org.junit.Test;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.locator.PropertyLocator;
+import org.onap.aaf.cadi.oauth.TokenClientFactory;
+import org.onap.aaf.misc.env.APIException;
+
+import junit.framework.Assert;
+
+public class JU_TokenClientFactoryTest {
+
+ /**
+ * Acceptable Locator Patterns for choosing AAFLocator over others
+ */
+ @Test
+ public void testLocatorString() {
+ /*
+ PropAccess access = new PropAccess();
+ access.setProperty(Config.AAF_LOCATE_URL, "https://xytz.sbbc.dd:8095/locate");
+ access.setProperty(Config.CADI_LATITUDE, "39.000");
+ access.setProperty(Config.CADI_LONGITUDE, "-72.000");
+ TokenClientFactory tcf;
+ try {
+ System.out.println("one");
+ tcf = TokenClientFactory.instance(access);
+ System.out.println("two");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd/locate/hello") instanceof AAFLocator);
+ System.out.println("three");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate/hello") instanceof AAFLocator);
+ System.out.println("four");
+ Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/hello") instanceof AAFLocator);
+ System.out.println("five");
+ Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/AAF_FS.hello/2.0") instanceof AAFLocator);
+ System.out.println("six");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate") instanceof PropertyLocator);
+ System.out.println("seven");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/Something") instanceof PropertyLocator);
+ } catch (APIException | GeneralSecurityException | IOException | CadiException | LocatorException | URISyntaxException e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
+ */
+ }
+
+}
@Test
public void test() throws CadiException, LocatorException, APIException, IOException {
- TzHClient client = new TzHClient(access, "tag");
+ TzHClient client;
+ try {
+ client = new TzHClient(access, "tag");
+ } catch (Exception e) {
+ throw e;
+ }
try {
client.best(retryableMock);
fail("Should've thrown an exception");
assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
assertThat(sso.loginOnly(), is(true));
-
- assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(false));
- sso.writeFiles();
- assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
+
+// Not necessarily true
+// assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
sso.setLogDefault();
sso.setStdErrDefault();
assertThat(new File(aafDir).exists(), is(true));
assertThat(new File(aafDir + "/.aaf").exists(), is(true));
- assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(false));
assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
assertThat(sso.loginOnly(), is(false));
assertThat(sso.useX509(), is(false));
sso.close();
- sso.close();
}
private void recursiveDelete(File file) {
pl.destroy();
pl = new PropertyLocator(uris);
+
}
@Test(expected=LocatorException.class)
private static char passChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+!@#$%^&*(){}[]?:;,.".toCharArray();
-
+ private static Symm internalOnly = null;
+
/**
* Use this to create special case Case Sets and/or Line breaks
*
* @throws CadiException
*/
public static Symm obtain(Access access) throws CadiException {
- Symm symm = Symm.baseCrypt();
-
String keyfile = access.getProperty(Config.CADI_KEYFILE,null);
if(keyfile!=null) {
+ Symm symm = Symm.baseCrypt();
+
File file = new File(keyfile);
try {
access.log(Level.INIT, Config.CADI_KEYFILE,"points to",file.getCanonicalPath());
}
throw new CadiException("ERROR: " + filename + " does not exist!");
}
+ return symm;
+ } else {
+ try {
+ return internalOnly();
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
}
- return symm;
}
/**
* Create a new random key
return newSymm;
}
+
+ /**
+ * This Symm is generated for internal JVM use. It has no external keyfile, but can be used
+ * for securing Memory, as it remains the same ONLY of the current JVM
+ * @return
+ * @throws IOException
+ */
+ public static synchronized Symm internalOnly() throws IOException {
+ if(internalOnly==null) {
+ ByteArrayInputStream baos = new ByteArrayInputStream(keygen());
+ try {
+ internalOnly = Symm.obtain(baos);
+ } finally {
+ baos.close();
+ }
+ }
+ return internalOnly;
+ }
}
access.log(Level.INIT,"AAF/OAuth LUR plugin is not available.");
}
} catch (NoSuchMethodException| SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- access.log(e,"AAF/OAuth LUR could not be constructed with given Constructors.");
+ String msg = e.getMessage();
+ if(msg==null && e.getCause()!=null) {
+ msg = e.getCause().getMessage();
+ }
+ access.log(Level.INIT,"AAF/OAuth LUR is not instantiated.",msg);
}
} else {
access.log(Level.INIT, "OAuth2 Lur disabled");
/.settings/
/target/
/.project
+tokens/
// Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files"
- String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL);
- String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL);
-
-
- // Get Properties
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL);
+ String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,
+ "https://AAF_LOCATE_URL/AAF_NS.token/2.0"); // Default to AAF
+ String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,
+ "https://AAF_LOCATE_URL/AAF_NS.introspect/2.0"); // Default to AAF);
+ // Get Hello Service
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,
+ "https://AAF_LOCATE_URL/AAF_NS.hello/2.0");
final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
// If AAF Token server, then its just the same as your other AAF MechID creds
// If it is the Alternate OAUTH, you'll need THOSE credentials. See that tool's Onboarding procedures.
String client_id = access.getProperty(Config.AAF_APPID);
+ if(client_id==null) {
+ // For AAF, client_id CAN be Certificate. This is not necessarily true elsewhere
+ client_id = access.getProperty(Config.CADI_ALIAS);
+ }
String client_secret = access.getProperty(Config.AAF_APPPASS);
tc.client_creds(client_id, client_secret);
String rv = helloClient.best(new Retryable<String>() {
@Override
public String code(Rcli<?> client) throws CadiException, ConnectException, APIException {
- Future<String> future = client.read(null,"text/plain");
+ Future<String> future = client.read("hello","text/plain");
// The "future" calling method allows you to do other processing, such as call more than one backend
// client before picking up the result
// If "get" matches the HTTP Code for the method (i.e. read HTTP Return value is 200), then
+ "\tUserName:\t%s\n"
+ "\tExpires: \t%d (%s)\n"
+ "\tScope:\t\t%s\n"
- + "\tContent:\t\t%s\n",
+ + "\tContent:\t%s\n",
ti.getAccessToken(),
ti.getClientId(),
ti.getClientType(),
import java.util.List;\r
\r
public class Imports implements Thematic{\r
- List<String> css,js;\r
+ List<String> css;\r
+ List<String> js;\r
public final int backdots;\r
-// public final File webDir;\r
private String theme;\r
\r
public Imports(int backdots) {\r
-// this.webDir = webDir;\r
\r
- css = new ArrayList<String>();\r
- js = new ArrayList<String>();\r
+ css = new ArrayList<>();\r
+ js = new ArrayList<>();\r
this.backdots = backdots;\r
theme = "";\r
}\r
Code Review / aaf / authz.git / commitdiff