Update Certificate for all FQDNs

Issue-ID: AAF-114
Change-Id: I0b73d55b471e0438bb4beb901a992be88e1e5f11
Signed-off-by: Instrumental <jonathan.gathman@att.com>

diff --git a/.gitignore b/.gitignore
index f0ac2df..5ca6890 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 /target/
 /temp/
 .metadata/
+/cadisample/

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
index 24416c9..46a6393 100644 (file)
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
@@ -33,7 +33,7 @@ import org.onap.aaf.cadi.cm.Factory;
  * Have to put the Cert and resulting Trust Chain together. 
  * Treating them separately has caused issues
  * 
- * @author jg1555
+ * @author JonathanGathman
  *
  */
 public class X509andChain {

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
index 4fdac6a..7f4590f 100644 (file)
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
@@ -48,7 +48,7 @@ import org.onap.aaf.misc.env.Trans;
  * Additional Factory mechanisms for CSRs, and BouncyCastle.  The main Factory
  * utilizes only Java abstractions, and is useful in Client code.
  * 
- * @author jg1555
+ * @author JonathanGathman
  *
  */
 public class BCFactory extends Factory {

diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java
index 3faa5bb..7d3f25c 100644 (file)
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java
@@ -120,8 +120,8 @@ public class CertmanTest {
 //                     @Override
 //                     public Void code(Rcli<?> client) throws APIException, CadiException {
 //                             CertificateRequest cr = new CertificateRequest();
-//                             cr.setMechid("m12345@aaf.att.com");
-//                             cr.setSponsor("jg1555");
+//                             cr.setMechid("a12345@org.osaaf.org");
+//                             cr.setSponsor("something");
 //                             cr.getFqdns().add("mithrilcsp.sbc.com");
 //                             cr.getFqdns().add("zld01907.vci.att.com");
 //                             cr.getFqdns().add("aaftest.test.att.com");

diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
index 896cbb3..7f41650 100644 (file)
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
@@ -228,7 +228,7 @@ public abstract class Cmd {
                } else if(desc.startsWith("{")) {
                        StringReader sr = new StringReader(desc);
                        try {
-                               // Note: 11-18-2013, JG1555.  This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices.
+                               // Note: 11-18-2013, JonathanGathman.  This rather convoluted Message Structure required by TSS Restful Specs, reflecting "Northbound" practices.
                                Error err = getDF(Error.class).newData().in(TYPE.JSON).load(sr).asObject();
                                sb.append(" [");
                                sb.append(err.getMessageId());

diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12
index e4d3392..f40a755 100644 (file)
Binary files a/auth/sample/local/org.osaaf.aaf.p12 and b/auth/sample/local/org.osaaf.aaf.p12 differ

diff --git a/auth/sample/local/org.osaaf.aaf.props b/auth/sample/local/org.osaaf.aaf.props
index f5970b0..975f80c 100644 (file)
--- a/auth/sample/local/org.osaaf.aaf.props
+++ b/auth/sample/local/org.osaaf.aaf.props
@@ -10,8 +10,8 @@ aaf_env=DEV
 cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
 cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile
 cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
-cadi_keystore_password=enc:4L1xY_7mYTuk57SPWZetza5WlgBUYBe8pbT1-AWKO1-5PAbSTynQEc5TU7ZeomfN
+cadi_keystore_password=enc:3O7HDzEzdYatFYb83-jV69MNzN8qIW975SS70qCs7xri0b1n4r5viHo1lrM6K8om
 #cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
-cadi_alias=aaf@aaf.osaaf.org
+cadi_alias=aaf-authz@aaf.osaaf.org
 cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12
 cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np

diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
index 9093590..bfdc6bf 100644 (file)
--- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
+++ b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
@@ -31,9 +31,9 @@ import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.Access.Level;
 
 /**
- * We treate "roles" and "permissions" in a similar way for first pass.
+ * We treat "roles" and "permissions" in a similar way for first pass.
  * 
- * @author jg1555
+ * @author JonathanGathman
  *
  */
 public class AAFAuthorizationInfo implements AuthorizationInfo {

diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh
index 7b75fbc..00a23ec 100644 (file)
--- a/conf/CA/manual.sh
+++ b/conf/CA/manual.sh
@@ -13,10 +13,30 @@ else
   FQDN=$1
   NAME=$FQDN
   shift
+
+  echo "Enter any SANS, delimited by spaces: "
+  read SANS
+fi
+
+# Do SANs
+if [ "$SANS" = "" ]; then
+   echo no SANS
+    if [ -e $NAME.san ]; then 
+      rm $NAME.san
+    fi
+  else
+   echo some SANS
+    cp ../san.conf $NAME.san
+    NUM=1
+    for D in $SANS; do 
+        echo "DNS.$NUM = $D" >> $NAME.san
+       NUM=$((NUM+1))
+    done
 fi
+
 echo $SUBJECT
 
-if [ -e $FQI.csr ]; then
+if [ -e $NAME.csr ]; then
   SIGN_IT=true
 else 
   if [ "$1" = "-local" ]; then
@@ -46,13 +66,19 @@ fi
 
 if [ "$SIGN_IT" = "true" ]; then
   # Sign it
-  openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+  if [ -e $NAME.san ]; then
+    openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
        -cert certs/ca.crt -keyfile private/ca.key \
        -policy policy_loose \
        -days 360 \
+       -extfile $NAME.san \
        -infiles $NAME.csr
+  else 
+    openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+       -cert certs/ca.crt -keyfile private/ca.key \
+       -policy policy_loose \
+       -days 360 \
+       -infiles $NAME.csr
+  fi
 fi
 
-
-
-

diff --git a/conf/CA/san.conf b/conf/CA/san.conf
new file mode 100644 (file)
index 0000000..de9f62f
--- /dev/null
+++ b/conf/CA/san.conf
@@ -0,0 +1,15 @@
+# SAN Extension
+# Copy, then add DNS.1 = name, etc
+#
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server, client
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[ alt_names ]

diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java
index cca3e68..127eb15 100644 (file)
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBmar.java
@@ -25,7 +25,7 @@
  * Created on: Apr 10, 2009\r
  * Created by: Jonathan\r
  *\r
- * Revamped to do away with ThreadLocal 5/27/2011, JG1555\r
+ * Revamped to do away with ThreadLocal 5/27/2011, JonathanGathman\r
  *\r
  * (c) 2009 SBC Knowledge Ventures, L.P. All rights reserved.\r
  ******************************************************************* \r

diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java
index 94e9ba8..74072aa 100644 (file)
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBumar.java
@@ -25,7 +25,7 @@
  * Created on: Apr 10, 2009\r
  * Created by: Jonathan\r
  *\r
- * Revamped to do away with ThreadLocal 5/27/2011, JG1555\r
+ * Revamped to do away with ThreadLocal 5/27/2011, JonathanGathman\r
  *\r
  * (c) 2009 SBC Knowledge Ventures, L.P. All rights reserved.\r
  ******************************************************************* \r

diff --git a/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java b/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java
index 2a48edc..080fc97 100644 (file)
--- a/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java
+++ b/misc/rosetta/src/test/java/org/onap/aaf/misc/rosetta/test/JU_JSON.java
@@ -58,9 +58,9 @@ public class JU_JSON {
                go(jin, jout, "{\"id\":\"Me,[}[eg[)(:x,\\\" Myself\",\"date\":1353094689100}");
                
                // TODO: Clean out AT&T specific data
-               go(jin,jout, "{\"userid\":\"jg1555\",\"timestamp\":1353097388531,\"item\":[{\"tag\":\"color\",\"value\":\"Mauve\"},{\"tag\":\"shirtsize\",\"value\":\"Xtra Large\"}]}");
+               go(jin,jout, "{\"userid\":\"xk3233\",\"timestamp\":1353097388531,\"item\":[{\"tag\":\"color\",\"value\":\"Mauve\"},{\"tag\":\"shirtsize\",\"value\":\"Xtra Large\"}]}");
                //go()
-               //"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><vote xmlns=\"urn:poll.att.com\"><userid>jg1555</userid><timestamp>1353082669667</timestamp></vote>");
+               //"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><vote xmlns=\"urn:poll.att.com\"><userid>xk3233</userid><timestamp>1353082669667</timestamp></vote>");
                
                // 3/11/2015 Jonathan found a case with missing comma
                go(jin,jout, "{\"start\":\"2015-03-11T18:18:05.580-05:00\",\"end\":\"2015-09-11-05:00\",\"force\":\"false\",\"perm\":{\"type\":\"org.osaaf.myns.mytype\",\"instance\":\"myInstance\",\"action\":\"myAction\"}"