COPY logs /opt/app/aaf_config/logs
COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh
-COPY bin/aaf-cadi*full.jar /opt/app/aaf_config/bin/
+COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
COPY CA /opt/app/aaf_config/CA
COPY logs /opt/app/aaf_config/logs
COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
-COPY bin/aaf-cadi-aaf-${VERSION}-full.jar /opt/app/aaf_config/bin/
+COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
ENTRYPOINT ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
CMD []
/bin/bash $PARAMS
}
-function set_prop() {
- $DOCKER exec -t aaf_config_$USER /bin/bash /opt/app/aaf_config/bin/agent.sh NOOP setProp "$1" "$2" "$3"
-}
-
-function encrypt_it() {
- $DOCKER exec -t aaf_config_$USER /bin/bash /opt/app/aaf_config/bin/agent.sh NOOP encrypt "$1" "$2"
-}
-
-function set_it() {
- $DOCKER exec -t aaf_config_$USER /bin/bash /opt/app/aaf_config/bin/agent.sh NOOP setProp "$1" "$2"
-}
-
PARAMS="$@"
if [ "$PARAMS" != "" ]; then
run_it -it --rm
# Create the AAF Config (Security) Images
cd ..
-cp ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin
+cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
cp -Rf ../conf/CA sample
# AAF Config image (for AAF itself)
$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
# Clean up
-rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
+rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
rm -Rf sample/CA
cd -
#!/bin/bash
-# This script is run when starting aaf_config Container.
+# This script is run when starting client Container.
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
JAVA=/usr/bin/java
DOT_AAF="$HOME/.aaf"
SSO="$DOT_AAF/sso.props"
+JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine"
+JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$SSO org.onap.aaf.cadi.configure.Agent"
+JAVA_AGENT_SELF="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/${NS}.props org.onap.aaf.cadi.configure.Agent"
+JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli"
+
# Check for local dir
if [ ! -d $LOCAL ]; then
mkdir -p $LOCAL
fi
# Setup Bash, first time only
-if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep aaf_config $HOME/.bash_aliases)" ]; then
- echo "alias cadi='$OSAAF/bin/agent.sh EMPTY cadi \$*'" >>$HOME/.bash_aliases
+if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep agent $HOME/.bash_aliases)" ]; then
+ echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases
echo "alias agent='$OSAAF/bin/agent.sh EMPTY \$*'" >>$HOME/.bash_aliases
+ echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases
chmod a+x $OSAAF/bin/agent.sh
. $HOME/.bash_aliases
fi
# Setup SSO info for Deploy ID
function sso_encrypt() {
- $JAVA -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} $DOT_AAF/keyfile
+ $JAVA_CADI digest ${1} $DOT_AAF/keyfile
}
# Create Deployer Info, located at /root/.aaf
if [ ! -e "$DOT_AAF/keyfile" ]; then
mkdir -p $DOT_AAF
- $JAVA -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen $DOT_AAF/keyfile
+ $JAVA_CADI keygen $DOT_AAF/keyfile
chmod 400 $DOT_AAF/keyfile
echo cadi_latitude=${LATITUDE} > ${SSO}
echo cadi_longitude=${LONGITUDE} >> ${SSO}
# Only initialize once, automatically...
if [ ! -e $LOCAL/${NS}.props ]; then
- # setup Configs
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \
+ echo "#### Create Configuration files "
+ $JAVA_AGENT config $APP_FQI \
aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \
cadi_etc_dir=$LOCAL
cat $LOCAL/$NS.props
- # Read Certificate info (by deployer)
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar read ${APP_FQI} ${APP_FQDN} \
- cadi_prop_files=${SSO} \
- cadi_etc_dir=$LOCAL
-
- # Place Certificates (by deployer)
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN} \
+ echo
+ echo "#### Certificate Authorization Artifact"
+ TMP=$(mktemp)
+ $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \
cadi_prop_files=${SSO} \
- cadi_etc_dir=$LOCAL
-
- # Validate
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar validate \
- cadi_prop_files=$LOCAL/${NS}.props
+ cadi_etc_dir=$LOCAL > $TMP
+ cat $TMP
+ echo
+ if [ -n "$(grep 'Namespace:' $TMP)" ]; then
+ echo "#### Place Certificates (by deployer)"
+ $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \
+ cadi_prop_files=${SSO} \
+ cadi_etc_dir=$LOCAL
+
+ echo "#### Validate Configuration and Certificate with live call"
+ $JAVA_AGENT_SELF validate
+ else
+ echo "#### Certificate Authorization Artifact must be valid to continue"
+ fi
+ rm $TMP
fi
# Now run a command
CMD=$2
-if [ ! "$CMD" = "" ]; then
+if [ -z "$CMD" ]; then
+ $JAVA_AGENT
+else
shift
shift
case "$CMD" in
;;
showpass)
echo "## Show Passwords"
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar showpass ${APP_FQI} ${APP_FQDN}
+ $JAVA_AGENT showpass ${APP_FQI} ${APP_FQDN}
;;
check)
- $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar check ${APP_FQI} ${APP_FQDN}
+ $JAVA_AGENT check ${APP_FQI} ${APP_FQDN}
;;
validate)
echo "## validate requested"
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar validate $LOCAL/${NS}.props
+ $JAVA_AGENT_SELF validate
;;
bash)
- #if [ ! -e $HOME/bash_aliases ]; then
- # echo "alias cadi='$JAVA -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >$HOME/bash_aliases
- # echo "alias agent='/bin/bash $CONFIG/bin/agent.sh no-op \$*'" >>$HOME/bash_aliases
- #fi
shift
cd $LOCAL || exit
/bin/bash "$@"
setProp)
cd $LOCAL || exit
FILES=$(grep -l "$1" ./*.props)
- if [ "$FILES" = "" ]; then
- FILES="$3"
+ if [ -z "$FILES" ]; then
+ if [ -z "$3" ]; then
+ FILES=${NS}.props
+ else
+ FILES="$3"
+ fi
ADD=Y
fi
for F in $FILES; do
- echo "Changing $1 in $F"
if [ "$ADD" = "Y" ]; then
- echo $2 >> $F
+ echo "Changing $1 to $F"
+ echo "$1=$2" >> $F
else
+ echo "Changing $1 in $F"
sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
fi
cat $F
else
ORIG_PW="$2"
fi
- PWD=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" $LOCAL/${NS}.keyfile)
+ PWD=$($JAVA_CADI digest "$ORIG_PW" $LOCAL/${NS}.keyfile)
if [ "$ADD" = "Y" ]; then
echo "$1=enc:$PWD" >> $F
else
;;
cadi)
echo "--- cadi Tool Comands ---"
- $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6
+ $JAVA_CADI
;;
agent)
echo "--- agent Tool Comands ---"
- $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar
+ $JAVA_AGENT
+ ;;
+ aafcli)
+ echo "--- aafcli Tool Comands ---"
+ $JAVA_AAFCLI
;;
- sample)
- echo "--- run Sample Servlet App ---"
- $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar:$CONFIG/bin/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
esac
echo ""
;;
+ ### Possible Dublin
+ # sample)
+ # echo "--- run Sample Servlet App ---"
+ # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar:$CONFIG/bin/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
+ # ;;
*)
- $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@"
+ $JAVA_AGENT "$CMD" "$@"
;;
esac
fi
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
JAVA=/usr/bin/java
-LOCAL=/opt/app/osaaf/local
-DATA=/opt/app/osaaf/data
-PUBLIC=/opt/app/osaaf/public
+
+OSAAF=/opt/app/osaaf
+LOCAL=$OSAAF/local
+DATA=$OSAAF/data
+PUBLIC=$OSAAF/public
CONFIG=/opt/app/aaf_config
+JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine"
+JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.cadi.configure.Agent"
+JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli"
+
# If doesn't exist... still create
mkdir -p /opt/app/osaaf
FILE=
# Setup Bash, first time only
-if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep aaf_config $HOME/.bash_aliases)" ]; then
- echo "alias cadi='$CONFIG/bin/agent.sh EMPTY cadi \$*'" >>$HOME/.bash_aliases
+if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep cadi $HOME/.bash_aliases)" ]; then
+ echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases
echo "alias agent='$CONFIG/bin/agent.sh EMPTY \$*'" >>$HOME/.bash_aliases
+ echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases
chmod a+x $CONFIG/bin/agent.sh
. $HOME/.bash_aliases
fi
cat $TMP
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \
+ $JAVA_AGENT config \
+ aaf@aaf.osaaf.org \
cadi_etc_dir=$LOCAL \
cadi_prop_files=$CONFIG/local/initialConfig.props:$CONFIG/local/aaf.props:${TMP}
rm ${TMP}
# Cassandra Config stuff
# Default is expect a Cassandra on same Node
CASS_HOST=${CASS_HOST:="aaf_cass"}
- CASS_PASS=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "${CASSANDRA_PASSWORD:-cassandra}" $LOCAL/org.osaaf.aaf.keyfile)
+ CASS_PASS=$($JAVA_CADI digest "${CASSANDRA_PASSWORD:-cassandra}" $LOCAL/org.osaaf.aaf.keyfile)
CASS_NAME=${CASS_HOST/:*/}
sed -i.backup -e "s/\\(cassandra.clusters=\\).*/\\1${CASSANDRA_CLUSTERS:=$CASS_HOST}/" \
-e "s/\\(cassandra.clusters.user=\\).*/\\1${CASSANDRA_USER:=cassandra}/" \
if [ -n "$CM_CA_LOCAL" ]; then
if [ -n "$CM_CA_PASS" ]; then
- CM_CA_LOCAL=$CM_CA_LOCAL$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "$CM_CA_PASS" $LOCAL/org.osaaf.aaf.keyfile)
+ CM_CA_LOCAL=$CM_CA_LOCAL$($JAVA_CADI digest "$CM_CA_PASS" $LOCAL/org.osaaf.aaf.keyfile)
fi
# Move and copy method, rather than sed, because of slashes in CM_CA_LOCAL makes too complex
FILE=$LOCAL/org.osaaf.aaf.cm.ca.props
# Now run a command
CMD=$2
-if [ ! "$CMD" = "" ]; then
+if [ -z "$CMD" ]; then
+ $JAVA_AGENT
+else
shift
shift
case "$CMD" in
;;
validate)
echo "## validate requested"
- $JAVA -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=$LOCAL/org.osaaf.aaf.props
+ $JAVA_AAFCLI perm list user aaf@aaf.osaaf.org
;;
onap)
echo Initializing ONAP configurations.
setProp)
cd $LOCAL || exit
FILES=$(grep -l "$1" ./*.props)
- if [ "$FILES" = "" ]; then
- FILES="$3"
+ if [ -z "$FILES" ]; then
+ if [ -z "$3" ]; then
+ FILES=org.osaaf.aaf.props
+ else
+ FILES="$3"
+ fi
ADD=Y
fi
for F in $FILES; do
- echo "Changing $1 in $F"
if [ "$ADD" = "Y" ]; then
+ echo "Changing $1 to $F"
echo "$1=$2" >> $F
else
- VALUE=${2//\//\\\/}
- sed -i.backup -e "s/\(${1}=\).*/\1${VALUE}/" $F
+ echo "Changing $1 in $F"
+ sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
fi
cat $F
done
else
ORIG_PW="$2"
fi
- PWD=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" $LOCAL/org.osaaf.aaf.keyfile)
+ PWD=$($JAVA_CADI digest "$ORIG_PW" $LOCAL/org.osaaf.aaf.keyfile)
if [ "$ADD" = "Y" ]; then
echo "$1=enc:$PWD" >> $F
else
;;
cadi)
echo "--- cadi Tool Comands ---"
- $JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6
+ $JAVA_CADI
;;
agent)
echo "--- agent Tool Comands ---"
- $JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar
+ $JAVA_AGENT
+ ;;
+ aafcli)
+ echo "--- aafcli Tool Comands ---"
+ $JAVA_AAFCLI
;;
esac
echo ""
;;
*)
- $JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@"
+ $JAVA_AGENT "$CMD" "$@" cadi_prop_files=$LOCAL/org.osaaf.aaf.props
;;
esac
fi
public Properties process(String[] args, Properties props) {
if (args.length>1) {
if (!args[0].equals("keypairgen")) {
- props.put("aaf_id", args[1]);
+ props.put(Config.AAF_APPID, args[1]);
}
}
return props;
cred.addEnc(Config.AAF_APPPASS, pa, null);
app.add(Config.AAF_LOCATE_URL, pa, null);
- app.add(Config.AAF_APPID, pa, fqi);
+ app.add(Config.AAF_APPID, fqi);
app.add(Config.AAF_URL, pa, Defaults.AAF_URL);
String cts = pa.getProperty(Config.CADI_TRUSTSTORE);
@Override
public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
+ final String ext = (kst==Agent.PKCS12?"p12":kst);
+ File fks = new File(dir,arti.getNs()+'.'+ext);
try {
KeyStore jks = KeyStore.getInstance(kst);
if (fks.exists()) {
// Set Keystore Password
props.add(Config.CADI_KEYSTORE,fks.getAbsolutePath());
String keystorePass = Symm.randomGen(Agent.PASS_SIZE);
- props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+ String encP = props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+ // Since there are now more than one Keystore type, the keystore password property might
+ // be overwritten, making the store useless without key. So we write it specifically
+ // as well.
+ props.add(Config.CADI_KEYSTORE_PASSWORD+'_'+ext,encP);
char[] keystorePassArray = keystorePass.toCharArray();
jks.load(null,keystorePassArray); // load in
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.Chmod;
import org.onap.aaf.misc.env.util.Chrono;
return keyfile.getAbsolutePath();
}
- public void add(final String tag, final String value) {
- if(value==null) {
- props.put(tag,"");
- } else {
- props.put(tag, value);
- }
+ public String add(final String tag, final String value) {
+ final String rv = value==null?"":value;
+ props.put(tag, rv);
+ return rv;
}
- public void add(final String tag, Access orig, final String def) {
- add(tag, orig.getProperty(tag, def));
+ public String add(final String tag, Access orig, final String def) {
+ return add(tag, orig.getProperty(tag, def));
}
- public void addEnc(final String tag, final String value) throws IOException {
+ public String addEnc(final String tag, final String value) throws IOException {
+ String rv;
if(value==null) {
- props.put(tag,"");
+ rv = "";
} else {
if(symm==null) { // Lazy Instantiations... on a few PropFiles have Security
symm = ArtifactDir.getSymm(keyfile);
}
- props.put(tag, "enc:"+symm.enpass(value));
+ rv = "enc:"+symm.enpass(value);
}
+ props.put(tag, rv);
+ return rv;
}
public void addEnc(final String tag, Access orig, final String def) throws IOException {
Code Review / aaf / authz.git / commitdiff