* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
- * Modifications Copyright (C) 2018 IBM.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* @param user
* @param target
- * @param target_key
+ * @param targetkey
* @return
*/
- public Date lastNotified(String user, String target, String target_key) {
- String key = user + '|' + target + '|' + target_key;
+ public Date lastNotified(String user, String target, String targetkey) {
+ String key = user + '|' + target + '|' + targetkey;
return lastNotified(key);
}
public Date lastNotified(String key) {
- Date rv = lastNotified.get(key);
- if(rv==null) {
- rv = never;
- lastNotified.put(key, rv);
- }
- return rv;
+ return lastNotified.computeIfAbsent(key, k -> never);
}
private Date add(ResultSet result, Map<String, Date> lastNotified, MarkDelete md) {
}
private interface MarkDelete {
- public boolean process(String fullKey, Date last);
- };
+ boolean process(String fullKey, Date last);
+ }
private void startQuery(StringBuilder query) {
query.append(SELECT + " WHERE user in (");
}
try {
- RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
- String aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS."+name, null,null);
+ String aaf_url = access.getProperty(Config.AAF_URL, null);
+ if(aaf_url==null) {
+ RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
+ aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name, null,null);
+ }
//access.getProperty("/locate/"+name+':'+version;
access.printf(Level.INIT,"Creating DirectAAFLocator to %s",aaf_url);
uri = new URI(aaf_url);
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
-import org.junit.Before;
-
-import org.onap.aaf.auth.cmd.test.HMangrStub;
-
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.io.Writer;
import java.net.URI;
import java.net.URISyntaxException;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.cmd.ns.Create;
import org.onap.aaf.auth.cmd.ns.NS;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x");
// Certificate Manager
- cmCon = new AAFConHttp(env.access(),Config.CM_URL);
+ cmCon = new AAFConHttp(env.access(),Config.AAF_URL_CM);
artifactsDF = env.newDataFactory(Artifacts.class);
certInfoDF = env.newDataFactory(CertInfo.class);
private static final String BLANK = "";
private static Slot keySlot;
private static Model model;
- private static String gw_url;
+ private static String locate_url;
public NsDetail(final AAF_GUI gui, Page ... breadcrumbs) throws APIException, IOException {
);
model.set(this);
keySlot = gui.env.slot(NAME+".ns");
- gw_url = gui.env.getProperty(Config.GW_URL);
- if (gw_url==null) {
- gw_url="";
+ locate_url = gui.env.getProperty(Config.AAF_LOCATE_URL);
+ if (locate_url==null) {
+ locate_url="";
} else {
- gw_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION;
+ locate_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION;
}
}
AbsCell label = (i==0?new TextCell(sentenceCase(field)+":","style=width:20%"):AbsCell.Null);
String perm = values.get(i);
String[] fields = perm.split("\\|");
- String grantLink = gw_url
+ String grantLink = locate_url
+ PermGrantForm.HREF
+ "?type=" + fields[0].trim()
+ "&instance=" + fields[1].trim()
package org.onap.aaf.auth.locate;
import java.net.URI;
+import java.net.UnknownHostException;
import java.util.Map;
import javax.servlet.Filter;
import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Data;
protected AAFConHttp _newAAFConHttp() throws CadiException {
try {
if (dal==null) {
- dal = AbsAAFLocator.create("%CNS.%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
+ dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
}
// utilize pre-constructed DirectAAFLocator
return new AAFConHttp(env.access(),dal);
public Locator<URI> getGUILocator() throws LocatorException {
if (gui_locator==null) {
- gui_locator = AbsAAFLocator.create("AAF_NS.gui",Config.AAF_DEFAULT_API_VERSION);
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException | CadiException e) {
+ throw new LocatorException(e);
+ }
+ gui_locator = AbsAAFLocator.create(rph.getPublicEntryName("gui", rph.default_container),
+ Config.AAF_DEFAULT_API_VERSION);
}
return gui_locator;
}
/*.jar
/*.jks
/sdnc
+/working
name: aaf-hello-vol
command: ["bash","-c","cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh place aaf@aaf.osaaf.org aaf-hello "]
env:
- - name: "AAF_ENV"
+ - name: aaf_env
value: "{{ .Values.cadi.aaf_env }}"
- - name: "AAF_FQDN"
- value: "aaf-locate.{{ .Release.Namespace }}"
+ - name: cadi_latitude
+ value: "{{ .Values.cadi.cadi_latitude }}"
+ - name: cadi_longitude
+ value: "{{ .Values.cadi.cadi_longitude }}"
+ - name: aaf_locator_container
+ value: "helm"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_app_ns
+ value: "org.osaaf.aaf"
- name: "APP_FQDN"
value: "{{ .Values.cadi.fqdn }}"
- name: "APP_FQI"
value: "{{ .Values.cadi.fqi }}"
- - name: "LATITUDE"
- value: "{{ .Values.cadi.cadi_latitude }}"
- - name: "LONGITUDE"
- value: "{{ .Values.cadi.cadi_longitude }}"
- name: "DEPLOY_FQI"
value: "deployer@people.osaaf.org"
- name: "DEPLOY_PASSWORD"
value: "demo123456!"
- - name: "aaf_locator_container"
- value: "helm"
- - name: "aaf_locator_port"
- value: "{{ .Values.cadi.port }}"
- - name: "aaf_locator_fqdn.helm"
- value: "{{ .Values.cadi.fqdn }}.{{.Release.Namespace}}"
- - name: "aaf_locator_public_hostname"
- value: "{{ .Values.cadi.public_fqdn }}"
- - name: "aaf_locator_public_port"
- value: "{{ .Values.cadi.public_port }}"
- - name: "aaf_locator_container_ns"
- value: "{{ .Release.Namespace }}"
- - name: "aaf_locator_name"
- value: "{{.Values.cadi.app_ns}}.hello"
- - name: "aaf_locator_name.helm"
- value: "{{ .Release.Namespace}}.{{.Values.cadi.app_ns}}.hello"
+# Hello specific. Clients don't necessarily need this
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.cadi.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.cadi.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.cadi.aaf_locator_name_helm}}"
+ - name: aaf_locator_fqdn_helm
+ value: "%N.%CNS"
###
### AAF-HELLO
fqdn: "aaf-hello"
port: 8130
public_fqdn: "aaf.osaaf.org"
+# DUBLIN ONLY - for M4 compatibility with Casablanca
+ aaf_locator_name: "public.%NS.%N"
+ aaf_locator_name_helm: "%NS.%N"
+# EL ALTO and Beyond
+# aaf_locator_name: "%NS.%N"
+# aaf_locator_name_helm: "%CNS.%NS.%N"
public_port: 30086
fqi: "aaf@aaf.osaaf.org"
app_ns: "org.osaaf.aaf"
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
+ cadi_latitude: 38.0
+ cadi_longitude: -72.0
aaf_env: "DEV"
persistence: {}
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
value: "https://aaf-locate.onap:8095"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
env:
- - name: AAF_ENV
+ - name: aaf_env
value: "{{ .Values.services.aaf_env }}"
- - name: LATITUDE
+ - name: cadi_latitude
value: "{{ .Values.services.cadi_latitude }}"
- - name: LONGITUDE
+ - name: cadi_longitude
value: "{{ .Values.services.cadi_longitude }}"
- name: aaf_locator_container
value: "helm"
- name: aaf_locator_container_ns
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+ value: "{{ .Release.Namespace }}"
- name: aaf_locate_url
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
ns: "onap"
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
+# DUBLIN ONLY - for M4 compatibility with Casablanca
+ aaf_locator_name: "public.%NS.%N"
+ aaf_locator_name_helm: "%NS.%N"
+# EL ALTO and Beyond
+# aaf_locator_name: "%NS.%N"
+# aaf_locator_name_helm: "%CNS.%NS.%N"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
cass:
$JAVA_CADI digest ${1} $DOT_AAF/keyfile
}
+if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
+ mkdir -p $DOT_AAF
+ base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
+fi
# Create Deployer Info, located at /root/.aaf
if [ ! -e "$DOT_AAF/keyfile" ]; then
- mkdir -p $DOT_AAF
$JAVA_CADI keygen $DOT_AAF/keyfile
chmod 400 $DOT_AAF/keyfile
- echo cadi_latitude=${LATITUDE} > ${SSO}
- echo cadi_longitude=${LONGITUDE} >> ${SSO}
- echo aaf_id=${DEPLOY_FQI} >> ${SSO}
+
+ # Add Deployer Creds to Root's SSO
+ DEPLOY_FQI="${DEPLOY_FQI:=$app_id}"
+ echo "aaf_id=${DEPLOY_FQI}" > ${SSO}
if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
fi
- if [ ! -z "${aaf_locator_container}" ]; then
- echo "aaf_locator_container=${aaf_locator_container}" >> ${SSO}
- fi
- if [ -z "${aaf_locator_container_ns}" ]; then
- if [ !-z "${CONTAINER_NS}" ]; then
- echo "aaf_locator_container_ns=${CONTAINER_NS}" >> ${SSO}
- fi
- else
- echo "aaf_locator_container_ns=${aaf_locator_container_ns}" >> ${SSO}
- fi
- if [ ! -z "${AAF_ENV}" ]; then
- echo "aaf_env=${AAF_ENV}" >> ${SSO}
- fi
- echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO}
- echo aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO}
+ # Cover case where using app.props
+ aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS}
+
+ for E in $(env); do
+ if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then
+ # Use Deployer ID in ${SSO}
+ if [ "app_id" != "${E%=*}" ]; then
+ S="${E/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S" >> ${SSO}
+ fi
+ fi
+ done
- base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO}
echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO}
echo "Caller Properties Initialized"
INITIALIZED="true"
fi
+echo "cat SSO"
+cat ${SSO}
+echo "dog"
# Only initialize once, automatically...
if [ ! -e $LOCAL/${NS}.props ]; then
echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity
chmod ug+x agent cadi testConnectivity
fi
+
echo "#### Create Configuration files "
$JAVA_AGENT config $APP_FQI \
- aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \
- cadi_etc_dir=$LOCAL
-# Grab all properties passed in that start with "aaf_" or "cadi_"
- for E in $(env); do
- if [[ $E == aaf_* ]] || [[ $E == cadi_* ]]; then
- if [ -z "$(grep $E $LOCAL/$NS.props)" ]; then
- echo "${E}" >> $LOCAL/$NS.props
- fi
- fi
- done
+ cadi_etc_dir=$LOCAL \
+ cadi_prop_files=$SSO
+ #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION}
cat $LOCAL/$NS.props
echo
echo "#### Certificate Authorization Artifact"
- TMP=$(mktemp)
+ # TMP=$(mktemp)
+ TMP=$LOCAL/agent.log
$JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \
cadi_prop_files=${SSO} \
- cadi_etc_dir=$LOCAL > $TMP
- cat $TMP
- echo
+ cadi_etc_dir=$LOCAL | tee $TMP
+
if [ -n "$(grep 'Namespace:' $TMP)" ]; then
echo "#### Place Certificates (by deployer)"
$JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \
echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP}
for P in `env`; do
if [[ "$P" == aaf_locator* ]]; then
- echo "$P" >> ${TMP}
+ S="${P/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S" >> ${TMP}
fi
done
# limitations under the License.\r
# ============LICENSE_END====================================================\r
#\r
-cadi_protocols=TLSv1.1,TLSv1.2\r
-\r
################################\r
# Locator info\r
#\r
aaf_locator_app_ns=%AAF_NS\r
aaf_locator_name=%NS.%N\r
aaf_locator_name.docker=%CNS.%NS.%N\r
-aaf_locator_name.helm=%CNS.%NS.%N\r
-aaf_locator_name.oom=%CNS%.%NS.%N\r
+aaf_root_ns=org.osaaf.aaf\r
+\r
+# Dublin\r
+aaf_locator_name.oom=%NS.%N\r
+aaf_locator_name.helm=%NS.%N\r
+aaf_locator_public_name.oom=public.%NS.%N\r
+aaf_locator_public_name.helm=public.%NS.%N\r
+\r
+# EL Alto and beyond\r
+# aaf_locator_name.oom=%CNS.%NS.%N\r
+# aaf_locator_name.helm=%CNS.%NS.%N\r
+\r
aaf_locator_fqdn.docker=aaf-%N\r
aaf_locator_fqdn.helm=aaf-%N.%CNS\r
aaf_locator_fqdn.oom=aaf-%N.%CNS\r
\r
-################################\r
-# AAF URLs \r
-################################\r
-aaf_locate_url=https://localhost:8095\r
-aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1\r
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/introspect\r
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/token\r
-cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1\r
-gui_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui.2.1\r
-fs_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs.2.1\r
-\r
+# initial trusted CAs\r
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US\r
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Map;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.SecurityInfoC;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.http.HBasicAuthSS;
import org.onap.aaf.cadi.http.HClient;
import org.onap.aaf.cadi.http.HX509SS;
public class TestConnectivity {
- public static void main(String[] args) {
+ private static Map<String, String> aaf_urls;
+
+
+ public static void main(String[] args) {
if (args.length<1) {
System.out.println("Usage: ConnectivityTester <cadi_prop_files> [<AAF FQDN (i.e. aaf.dev.att.com)>]");
} else {
}
PropAccess access = new PropAccess(args);
- String aaflocate;
- if (args.length>1) {
- aaflocate = "https://" + args[1];
- access.setProperty(Config.AAF_LOCATE_URL, "https://" + args[1]);
- } else {
- aaflocate = access.getProperty(Config.AAF_LOCATE_URL);
- if (aaflocate==null) {
- print(true,"Properties must contain ",Config.AAF_LOCATE_URL);
- }
- }
-
try {
SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
+ aaf_urls = Agent.loadURLs(access);
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
- String directAAFURL = access.getProperty(Config.AAF_URL,null);
- if(directAAFURL!=null && !directAAFURL.contains("AAF_LOCATE")) {
+ String directAAFURL = aaf_urls.get(Config.AAF_URL);
+ if(directAAFURL!=null && !directAAFURL.contains("/locate/")) {
print(true,"Test Connections by non-located aaf_url");
Locator<URI> locator = new SingleEndpointLocator(directAAFURL);
connectTest(locator,new URI(directAAFURL));
} else {
/////////
print(true,"Test Connections driven by AAFLocator");
- URI serviceURI = uri(access,"service");
+ String serviceURI = aaf_urls.get(Config.AAF_URL);
- for (URI uri : new URI[] {
+ for (String url : new String[] {
serviceURI,
- uri(access,"token"),
- uri(access,"introspect"),
- uri(access,"cm"),
- uri(access,"gui"),
- uri(access,"fs"),
- uri(access,"hello")
+ aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL),
+ aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL),
+ aaf_urls.get(Config.AAF_URL_CM),
+ aaf_urls.get(Config.AAF_URL_GUI),
+ aaf_urls.get(Config.AAF_URL_FS),
+ aaf_urls.get(Config.AAF_URL_HELLO)
}) {
+ URI uri = new URI(url);
Locator<URI> locator = new AAFLocator(si, uri);
try {
connectTest(locator, uri);
/////////
print(true,"Test Service for Perms driven by AAFLocator");
- Locator<URI> locator = new AAFLocator(si,serviceURI);
+ Locator<URI> locator = new AAFLocator(si,new URI(serviceURI));
for (SecuritySetter<HttpURLConnection> ss : lss) {
permTest(locator,ss);
}
for (SecuritySetter<HttpURLConnection> ss : lss) {
if (ss instanceof HBasicAuthSS) {
hasBath=true;
- basicAuthTest(new AAFLocator(si, serviceURI),ss);
+ basicAuthTest(new AAFLocator(si, new URI(serviceURI)),ss);
}
}
if(!hasBath) {
}
}
- private static URI uri(PropAccess access, String ms) throws URISyntaxException {
- String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
- String aaf_api_version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION);
- String aaf_locate_url = access.getProperty(Config.AAF_LOCATE_URL,Defaults.AAF_LOCATE_CONST);
- String aaf_container = access.getProperty(Config.AAF_LOCATOR_CONTAINER,null);
- if(aaf_container!=null) {
- String ns = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS+'.'+aaf_container,null);
- if(ns==null) {
- ns = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS,null);
- }
- if(ns!=null) {
- aaf_root_ns=ns + '.' + aaf_root_ns;
- }
- }
- if("cm".equals(ms) && "2.0".equals(aaf_api_version)) {
- ms = "certman";
- }
- return new URI(aaf_locate_url + "/locate/" + aaf_root_ns + '.' + ms + ':' + aaf_api_version);
- }
private static List<SecuritySetter<HttpURLConnection>> loadSetters(PropAccess access, SecurityInfoC<HttpURLConnection> si) {
print(true,"Load Security Setters from Configuration Information");
access.log(Level.INFO, "X509 (Client certificate) Security Setter constructor threw exception: \"",e.getMessage(),"\". X509 tests will not be performed");
}
- String tokenURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL);
- String locateURL=access.getProperty(Config.AAF_LOCATE_URL);
- if (tokenURL==null || (tokenURL.contains("/locate/") && locateURL!=null)) {
- tokenURL=Config.OAUTH2_TOKEN_URL_DEF;
- }
-
+ String tokenURL = aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL);
try {
HRenewingTokenSS hrtss = new HRenewingTokenSS(access, tokenURL);
if ((uri = dl.get(li)) == null) {
System.out.println("Locator Item empty");
} else {
+ System.out.printf("Located %s using %s\n",uri.toString(), locatorURI.toString());
socket = new Socket();
try {
FixURIinfo fui = new FixURIinfo(uri);
protected HClient createClient(SecuritySetter<HttpURLConnection> ss, URI uri, int connectTimeout) throws LocatorException {
return new HClient(ss, uri, connectTimeout);
}
+
}
protected String myhostname;
protected int myport;
protected final String aaf_locator_host;
- protected final URI aaf_locator_uri;
+ protected URI aaf_locator_uri;
private long earliest;
private final long refreshWait;
return rv;
}
+ protected void clear() {
+ epList.clear();
+ earliest=0L;
+ }
+
}
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.cadi.config.SecurityInfoC;
import org.onap.aaf.cadi.http.HBasicAuthSS;
import org.onap.aaf.cadi.locator.SingleEndpointLocator;
Config.CADI_TRUSTSTORE,Config.CADI_TRUSTSTORE_PASSWORD,
Config.CADI_ALIAS, Config.CADI_X509_ISSUERS
});
+ private static List<String> LOC_TAGS = Arrays.asList(new String[] {
+ Config.CADI_LATITUDE, Config.CADI_LONGITUDE
+ });
+ // Note: This is set by loadURLs. Use that function as singleton, not directly.
+ private static Map<String,String> aaf_urls = null;
public static void main(String[] args) {
aafsso.setLogDefault();
aafsso.setStdErrDefault();
- // if CM_URL can be obtained, add to sso.props, if written
- String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL_DEF);
- if (cm_url!=null) {
- aafsso.addProp(Config.CM_URL, cm_url);
- }
+ Map<String, String> aaf_urls = loadURLs(access);
+ aafsso.addProp(Config.AAF_URL_CM, aaf_urls.get(Config.AAF_URL_CM));
aafsso.writeFiles();
}
}
}
- private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException {
+ public synchronized static Map<String,String> loadURLs(Access access) throws UnknownHostException, CadiException {
+ if(aaf_urls==null) {
+ Map<String,String> rv = new HashMap<>();
+ RegistrationPropHolder rph = new RegistrationPropHolder(access, 0);
+ String dot_le = access.getProperty(Config.AAF_LOCATOR_CONTAINER,null);
+ dot_le=dot_le==null?"":'.'+dot_le;
+ String version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION);
+ for(String u : new String[] {"aaf","locate","oauth","cm","gui","fs","hello","token","introspect"}) {
+ String proto = "fs".equals(u)?"http://":"https://";
+ String lhost;
+ if("locate".equals(u)) {
+ lhost=rph.default_fqdn;
+ } else {
+ lhost=Config.AAF_LOCATE_URL_TAG;
+ }
+ String value = rph.replacements("Agent:loadURLs",
+ proto + lhost + "/AAF_NS." + ("aaf".equals(u)?"service":u) + ':' + version,
+ null,dot_le);
+ switch(u) {
+ case "aaf": rv.put(Config.AAF_URL, value); break;
+ case "locate": rv.put(Config.AAF_LOCATE_URL, value); break;
+ case "token": rv.put(Config.AAF_OAUTH2_TOKEN_URL, value); break;
+ case "introspect": rv.put(Config.AAF_OAUTH2_INTROSPECT_URL, value); break;
+ case "cm": rv.put(Config.AAF_URL_CM, value); break;
+ case "gui": rv.put(Config.AAF_URL_GUI, value); break;
+ case "fs": rv.put(Config.AAF_URL_FS, value); break;
+ case "hello": rv.put(Config.AAF_URL_HELLO, value); break;
+ default:
+ rv.put("aaf_url_" + u, value);
+ }
+ };
+ aaf_urls = rv;
+ }
+ return aaf_urls;
+ }
+
+ public static void fillMissing(PropAccess access, Map<String, String> map) {
+ for(Entry<String, String> es : map.entrySet()) {
+ if(access.getProperty(es.getKey())==null) {
+ access.setProperty(es.getKey(),es.getValue());
+ }
+ }
+ }
+
+ private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException {
if (aafcon==null) {
- aafcon = new AAFConHttp(access,Config.CM_URL);
+ aafcon = new AAFConHttp(access,Config.AAF_URL_CM);
}
return aafcon;
}
Artifact arti = new Artifact();
arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, "."));
arti.setNs(FQI.reverseDomain(fqi));
-
PropHolder loc = PropHolder.get(arti, "location.props");
PropHolder cred = PropHolder.get(arti,"cred.props");
PropHolder app= PropHolder.get(arti,"props");
}
}
+ // load all properties that are already setup.
+ Map<String, String> aaf_urls = loadURLs(propAccess);
+ for(Entry<String, String> es : aaf_urls.entrySet()) {
+ app.add(es.getKey(), es.getValue());
+ }
+
app.add(Config.AAF_LOCATE_URL, propAccess, null);
for(Entry<Object, Object> aaf_loc_prop : propAccess.getProperties().entrySet()) {
String key = aaf_loc_prop.getKey().toString();
- if(key.startsWith("aaf_locator")) {
+ if("aaf_env".equals(key) || key.startsWith("aaf_locator")) {
app.add(key, aaf_loc_prop.getValue().toString());
}
}
app.add(Config.AAF_APPID, fqi);
- app.add(Config.AAF_URL, propAccess, Config.AAF_URL_DEF);
String cts = propAccess.getProperty(Config.CADI_TRUSTSTORE);
+ System.out.println("Passed in Truststore is " + cts);
if (cts!=null) {
File origTruststore = new File(cts);
- if (!origTruststore.exists()) {
- // Try same directory as cadi_prop_files
- String cpf = propAccess.getProperty(Config.CADI_PROP_FILES);
- if (cpf!=null) {
- for (String f : Split.split(File.pathSeparatorChar, cpf)) {
- File fcpf = new File(f);
- if (fcpf.exists()) {
- int lastSep = cts.lastIndexOf(File.pathSeparator);
- origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts);
- if (origTruststore.exists()) {
- break;
- }
- }
- }
- if (!origTruststore.exists()) {
- throw new CadiException(cts + " does not exist");
- }
- }
-
- }
File newTruststore = new File(app.getDir(),origTruststore.getName());
- if (!newTruststore.exists()) {
- Files.copy(origTruststore.toPath(), newTruststore.toPath());
+ if(!newTruststore.exists()) {
+ if (!origTruststore.exists()) {
+ // Try same directory as cadi_prop_files
+ String cpf = propAccess.getProperty(Config.CADI_PROP_FILES);
+ if (cpf!=null) {
+ for (String f : Split.split(File.pathSeparatorChar, cpf)) {
+ File fcpf = new File(f);
+ if (fcpf.exists()) {
+ int lastSep = cts.lastIndexOf(File.pathSeparator);
+ origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts);
+ if (origTruststore.exists()) {
+ break;
+ }
+ }
+ }
+ if (!origTruststore.exists()) {
+ throw new CadiException(cts + " does not exist");
+ }
+ }
+
+ }
+ if (!newTruststore.exists() && origTruststore.exists()) {
+ Files.copy(origTruststore.toPath(), newTruststore.toPath());
+ }
}
-
- cred.add(Config.CADI_TRUSTSTORE, propAccess, newTruststore.getCanonicalPath());
- cred.addEnc(Config.CADI_TRUSTSTORE_PASSWORD, propAccess, "changeit" /* Java default */);
+
+ System.out.println("New Truststore is " + newTruststore);
+ cred.add(Config.CADI_TRUSTSTORE, newTruststore.getCanonicalPath());
+ cred.add(Config.CADI_TRUSTSTORE_PASSWORD, "changeit" /* Java default */);
String cpf = propAccess.getProperty(Config.CADI_PROP_FILES);
if (cpf!=null){
- for (String f : Split.split(File.pathSeparatorChar, cpf)) {
+ String[] propFiles = Split.splitTrim(File.pathSeparatorChar, cpf);
+ for (int pfi = propFiles.length-1;pfi>=0;--pfi) {
+ String f = propFiles[pfi];
System.out.format("Reading %s\n",f);
FileInputStream fis = new FileInputStream(f);
try {
for (Entry<Object, Object> prop : props.entrySet()) {
boolean lower = true;
String key = prop.getKey().toString();
+ if(LOC_TAGS.contains(key)) {
+ break;
+ }
for(int i=0;lower && i<key.length();++i) {
if(Character.isUpperCase(key.charAt(i))) {
lower = false;
}
- private static List<String> LOC_TAGS = Arrays.asList(new String[] {Config.CADI_LATITUDE, Config.CADI_LONGITUDE});
-
private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
System.out.println("Validating Configuration...");
final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa));
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.SecurityInfoC;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.locator.PropertyLocator;
import org.onap.aaf.cadi.locator.SingleEndpointLocator;
import org.onap.aaf.cadi.oauth.TokenClient.AUTHN_METHOD;
private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException {
super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
-
+ Map<String, String> aaf_urls = Agent.loadURLs(pa);
if (access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Config.OAUTH2_TOKEN_URL_DEF); // Default to AAF
+ access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL)); // Default to AAF
}
if (access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Config.OAUTH2_INTROSPECT_URL_DEF); // Default to AAF);
+ access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL)); // Default to AAF);
}
symm = Symm.encrypt.obtain();
Symm decryptor = ArtifactDir.getSymm(dot_aaf_kf);
if (user == null) {
if (sso.exists()) {
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
+ String cm_url = access.getProperty(Config.AAF_URL_CM); // SSO might overwrite...
FileInputStream fos = new FileInputStream(sso);
try {
access.load(fos);
access.setProperty(Config.AAF_APPPASS,
access.encrypt(decryptor.depass(encrypted_pass)));
if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
- access.setProperty(Config.CM_URL, cm_url);
+ access.setProperty(Config.AAF_URL_CM, cm_url);
}
} finally {
fos.close();
access.setProperty(Config.AAF_URL, locateRoot+".service:"+apiVersion);
}
- if(access.getProperty(Config.CM_URL)==null) {
- access.setProperty(Config.CM_URL, locateRoot+".cm:"+apiVersion);
+ if(access.getProperty(Config.AAF_URL_CM)==null) {
+ access.setProperty(Config.AAF_URL_CM, locateRoot+".cm:"+apiVersion);
}
String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
if (cadiLatitude==null) {
System.setOut(new PrintStream(outStream));
access = new PropAccess();
+ access.setProperty(Config.CADI_LATITUDE, "38");
+ access.setProperty(Config.CADI_LONGITUDE, "-72");
try {
tcf = TokenClientFactory.instance(access);
} catch (Exception e) {
PropAccess pa = new PropAccess();
pa.setProperty(Config.CADI_LATITUDE, "32.7");
pa.setProperty(Config.CADI_LONGITUDE, "-72.0");
+ pa.setProperty(Config.AAF_LOCATOR_NAME, "");
try {
String hostname = Inet4Address.getLocalHost().getHostName();
public URI getURI() {
return uri;
}
+
+ public void setURI(URI uri) {
+ this.uri = uri;
+ }
public int timeout() {
return connectTimeout;
public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
public static final String AAF_DEFAULT_API_VERSION = "2.1";
public static final String AAF_API_VERSION = "aaf_api_version";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
- public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:" + AAF_DEFAULT_API_VERSION;
- public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:" + AAF_DEFAULT_API_VERSION;
- public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:" + AAF_DEFAULT_API_VERSION;
- public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:" + AAF_DEFAULT_API_VERSION;
- public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.hello:" + AAF_DEFAULT_API_VERSION;
- public static final String OAUTH2_TOKEN_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token";
- public static final String OAUTH2_INTROSPECT_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";;
-
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
// AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability
// to set these entries manually
public static final String AAF_LOCATOR_NAME = "aaf_locator_name";
public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port";
public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn";
+ public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
public static final String AAF_RELEASE = "aaf_release";
- public static final String GW_URL = "gw_url";
- public static final String CM_URL = "cm_url";
+ public static final String AAF_URL_GUI="aaf_url_gui";
+ public static final String AAF_URL_FS="aaf_url_fs";
+ public static final String AAF_URL_CM = "aaf_url_cm";
+ public static final String AAF_URL_HELLO = "aaf_url_hello";
public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";
import java.net.UnknownHostException;
import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.util.Split;
public class RegistrationPropHolder {
if(firstlog) {
access.printf(Level.INIT, REGI,"public_fqdn",public_fqdn);
}
-
- default_name = access.getProperty(Config.AAF_LOCATOR_NAME, PUBLIC_NAME);
+
+ // Allow Container to reset the standard name for public
+ String container_public_name = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+'.'+default_container, null);
+ if(container_public_name==null) {
+ container_public_name = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME, null);
+ if(container_public_name==null) {
+ container_public_name = access.getProperty(Config.AAF_LOCATOR_NAME, PUBLIC_NAME);
+ }
+ }
+ default_name = container_public_name;
+
if(firstlog) {
access.printf(Level.INIT, REGI,"default_name",default_name);
}
return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le);
}
+ public String getPublicEntryName(final String entry, final String dot_le) {
+ String str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+dot_le, null);
+ if(str==null) {
+ str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME,null);
+ }
+ if(str==null) {
+ str = default_name;
+ }
+ return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le);
+ }
+
private String getNS(String dot_le) {
String ns;
ns = access.getProperty(Config.AAF_LOCATOR_APP_NS+dot_le,null);
if(ns==null) {
- ns = access.getProperty(Config.AAF_LOCATOR_APP_NS, "");
+ ns = access.getProperty(Config.AAF_LOCATOR_APP_NS, "AAF_NS");
}
return ns;
}
if(!str.endsWith("/locate/")) {
str+="locate/";
}
- value = value.replace("https://AAF_LOCATE_URL/", str);
+ if(value.startsWith("http:")) {
+ value = value.replace("http://AAF_LOCATE_URL/", str);
+ } else {
+ value = value.replace("https://AAF_LOCATE_URL/", str);
+
+ }
}
}
}
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.GregorianCalendar;
+import java.util.Map;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.oauth.TimedToken;
import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenClientFactory;
// Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files"
- String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,Config.OAUTH2_TOKEN_URL_DEF); // Default to AAF
- String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,Config.OAUTH2_INTROSPECT_URL_DEF); // Default to AAF);
- // Get Hello Service
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Config.HELLO_URL_DEF);
-
- final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
-
try {
+ Map<String, String> aaf_urls = Agent.loadURLs(access);
+ Agent.fillMissing(access, aaf_urls);
+ String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL); // Default to AAF
+ String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL); // Default to AAF);
+ // Get Hello Service
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL);
+
+ final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
+
//////////////////////////////////////////////////////////////////////
// Scenario 1:
// Get and use an OAuth Client, which understands Token Management
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.GregorianCalendar;
+import java.util.Map;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.oauth.TimedToken;
import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenClientFactory;
// Property Access
// This method will allow you to set "cadi_prop_files" (or any other property) on Command line
access = new PropAccess(args);
-
- // access = PropAccess();
// Note: This style will load "cadi_prop_files" from VM Args
-
- // Token aware Client Factory
+ // access = PropAccess();
try {
+ Map<String, String> aaf_urls = Agent.loadURLs(access);
+ Agent.fillMissing(access, aaf_urls);
+
+ // Token aware Client Factory
tcf = TokenClientFactory.instance(access);
} catch (APIException | GeneralSecurityException | IOException | CadiException e1) {
access.log(e1, "Unable to setup OAuth Client Factory, Fail Fast");
// Use this Token in your client calls with "Tokenized Client" (TzClient)
// These should NOT be used cross thread.
// Get Hello Service URL... roll your own in your own world.
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Config.HELLO_URL_DEF);
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL);
TzClient helloClient = tcf.newTzClient(endServicesURL);
Computer Identity
-----------------
-Whether or not you follow Science Fiction stories about Robots, are facinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores.
+Whether or not you follow Science Fiction stories about Robots, are fascinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine has with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores.
An Application still must be named, and the name must be controlled within the Context of the Organization defining the name. Where the Application can affect Organzation Resources (i.e. Data), it must have the Authorization to do what it is doing, the question of being sentiently driven need not come up. (sorry sci-fi fans).
Sum of Parts
------------
-For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is no discernable difference
-n whether the person is still the person.
+For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is usually no doubt that the person is still the person.
-Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, do they need to stand on their own as an Identity or not.
+Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, he/she must decide if these parts need to stand on their own as an Identity or not.
The trick is, as an Architect, is to determine whether these individual components really are separate, or can be considered as a part of the whole.
-As a rule of thumb, look at you App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each.
+As a rule of thumb, look at your App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each.
-A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate.
+A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate.
Enjoy stretching your mind
--------------------------
- HTTP/S provides the core Encryption whenever used, so all of AAF Components require HTTP/S to the current protocol standards (current is TLS 1.1+ as of Nov 2016)
- HTTP/S requires X.509 certificates at least on the Server at minimum. (in this mode, 1 way, a client Certificate is generated)
- - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access are not needed
+ - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access is not needed
- These same certificates can be used for identifying the Application during the HTTP/S transaction, making a separate UserID/Password unnecessary for Authentication.
- Authentication - In order to tie generated certificates to a specific Application Identity, AAF Certificate Manager embeds a ILM AppID in the Subject. These are created by AT&T specific Internal Certificate Authority, which only generates certificates for AAF Certman. Since AAF Certman validates the Sponsorship of the AppID with requests (automatically), the end user can depend on the AppID embedded in the Subject to be valid without resorting to external calls or passwords.
Code Review / aaf / authz.git / commitdiff