/target/
/temp/
.metadata/
+/cadisample/
* Have to put the Cert and resulting Trust Chain together.
* Treating them separately has caused issues
*
- * @author jg1555
+ * @author JonathanGathman
*
*/
public class X509andChain {
* Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory
* utilizes only Java abstractions, and is useful in Client code.
*
- * @author jg1555
+ * @author JonathanGathman
*
*/
public class BCFactory extends Factory {
// @Override
// public Void code(Rcli<?> client) throws APIException, CadiException {
// CertificateRequest cr = new CertificateRequest();
-// cr.setMechid("m12345@aaf.att.com");
-// cr.setSponsor("jg1555");
+// cr.setMechid("a12345@org.osaaf.org");
+// cr.setSponsor("something");
// cr.getFqdns().add("mithrilcsp.sbc.com");
// cr.getFqdns().add("zld01907.vci.att.com");
// cr.getFqdns().add("aaftest.test.att.com");
} else if(desc.startsWith("{")) {
StringReader sr = new StringReader(desc);
try {
- // Note: 11-18-2013, JG1555. This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices.
+ // Note: 11-18-2013, JonathanGathman. This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices.
Error err = getDF(Error.class).newData().in(TYPE.JSON).load(sr).asObject();
sb.append(" [");
sb.append(err.getMessageId());
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile
cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
-cadi_keystore_password=enc:4L1xY_7mYTuk57SPWZetza5WlgBUYBe8pbT1-AWKO1-5PAbSTynQEc5TU7ZeomfN
+cadi_keystore_password=enc:3O7HDzEzdYatFYb83-jV69MNzN8qIW975SS70qCs7xri0b1n4r5viHo1lrM6K8om
#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
-cadi_alias=aaf@aaf.osaaf.org
+cadi_alias=aaf-authz@aaf.osaaf.org
cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12
cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np
import org.onap.aaf.cadi.Access.Level;
/**
- * We treate "roles" and "permissions" in a similar way for first pass.
+ * We treat "roles" and "permissions" in a similar way for first pass.
*
- * @author jg1555
+ * @author JonathanGathman
*
*/
public class AAFAuthorizationInfo implements AuthorizationInfo {
FQDN=$1
NAME=$FQDN
shift
+
+ echo "Enter any SANS, delimited by spaces: "
+ read SANS
+fi
+
+# Do SANs
+if [ "$SANS" = "" ]; then
+ echo no SANS
+ if [ -e $NAME.san ]; then
+ rm $NAME.san
+ fi
+ else
+ echo some SANS
+ cp ../san.conf $NAME.san
+ NUM=1
+ for D in $SANS; do
+ echo "DNS.$NUM = $D" >> $NAME.san
+ NUM=$((NUM+1))
+ done
fi
+
echo $SUBJECT
-if [ -e $FQI.csr ]; then
+if [ -e $NAME.csr ]; then
SIGN_IT=true
else
if [ "$1" = "-local" ]; then
if [ "$SIGN_IT" = "true" ]; then
# Sign it
- openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+ if [ -e $NAME.san ]; then
+ openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
-cert certs/ca.crt -keyfile private/ca.key \
-policy policy_loose \
-days 360 \
+ -extfile $NAME.san \
-infiles $NAME.csr
+ else
+ openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+ -cert certs/ca.crt -keyfile private/ca.key \
+ -policy policy_loose \
+ -days 360 \
+ -infiles $NAME.csr
+ fi
fi
-
-
-
--- /dev/null
+# SAN Extension
+# Copy, then add DNS.1 = name, etc
+#
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server, client
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
* Created on: Apr 10, 2009\r
* Created by: Jonathan\r
*\r
- * Revamped to do away with ThreadLocal 5/27/2011, JG1555\r
+ * Revamped to do away with ThreadLocal 5/27/2011, JonathanGathman\r
*\r
* (c) 2009 SBC Knowledge Ventures, L.P. All rights reserved.\r
******************************************************************* \r
* Created on: Apr 10, 2009\r
* Created by: Jonathan\r
*\r
- * Revamped to do away with ThreadLocal 5/27/2011, JG1555\r
+ * Revamped to do away with ThreadLocal 5/27/2011, JonathanGathman\r
*\r
* (c) 2009 SBC Knowledge Ventures, L.P. All rights reserved.\r
******************************************************************* \r
go(jin, jout, "{\"id\":\"Me,[}[eg[)(:x,\\\" Myself\",\"date\":1353094689100}");
// TODO: Clean out AT&T specific data
- go(jin,jout, "{\"userid\":\"jg1555\",\"timestamp\":1353097388531,\"item\":[{\"tag\":\"color\",\"value\":\"Mauve\"},{\"tag\":\"shirtsize\",\"value\":\"Xtra Large\"}]}");
+ go(jin,jout, "{\"userid\":\"xk3233\",\"timestamp\":1353097388531,\"item\":[{\"tag\":\"color\",\"value\":\"Mauve\"},{\"tag\":\"shirtsize\",\"value\":\"Xtra Large\"}]}");
//go()
- //"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><vote xmlns=\"urn:poll.att.com\"><userid>jg1555</userid><timestamp>1353082669667</timestamp></vote>");
+ //"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><vote xmlns=\"urn:poll.att.com\"><userid>xk3233</userid><timestamp>1353082669667</timestamp></vote>");
// 3/11/2015 Jonathan found a case with missing comma
go(jin,jout, "{\"start\":\"2015-03-11T18:18:05.580-05:00\",\"end\":\"2015-09-11-05:00\",\"force\":\"false\",\"perm\":{\"type\":\"org.osaaf.myns.mytype\",\"instance\":\"myInstance\",\"action\":\"myAction\"}"