<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
</execution>
</executions>
</plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <classifier>tests</classifier>
+ <archive>
+ <manifest>
+ <mainClass>org.onap.aaf.auth.cmd.AAFcli</mainClass>
+ </manifest>
+ <manifestEntries>
+ <Sealed>true</Sealed>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <id>full</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>src/assemble/auth-cmd.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
</build>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
--- /dev/null
+<?xml version='1.0' encoding='utf-8'?>
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+
+ <id>full</id>
+ <formats>
+ <format>jar</format>
+ </formats>
+
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <dependencySets>
+ <dependencySet>
+ <unpack>true</unpack>
+ <scope>compile</scope>
+ <includes>
+ <include>org.onap.aaf.authz:aaf-auth-cmd</include>
+ <include>org.onap.aaf.authz:aaf-auth-core</include>
+ <include>org.onap.aaf.authz:aaf-auth-client</include>
+ <include>org.onap.aaf.authz:aaf-cadi-aaf</include>
+ <include>org.onap.aaf.authz:aaf-cadi-core</include>
+ <include>org.onap.aaf.authz:aaf-cadi-client</include>
+ <include>org.onap.aaf.authz:aaf-misc-env</include>
+ <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>jline:jline</include>
+ </includes>
+ </dependencySet>
+
+ </dependencySets>
+ <fileSets>
+ <fileSet>
+ <directory>src/main/xsd</directory>
+ </fileSet>
+ </fileSets>
+</assembly>
\ No newline at end of file
import org.onap.aaf.auth.common.Define;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
import jline.console.ConsoleReader;
public class AAFcli {
- private static final String HTTPS = "https://";
protected static PrintWriter pw;
protected HMangr hman;
// Storage for last reused client. We can do this
AAFSSO aafsso = new AAFSSO(args);
try {
PropAccess access = aafsso.access();
- Define.set(access);
- AuthzEnv env = new AuthzEnv(access);
-
- StringBuilder err = aafsso.err();
- String noexit = access.getProperty("no_exit");
- if (err != null) {
- err.append("to continue...");
- System.err.println(err);
- if(noexit!=null) {
- System.exit(1);
- }
- }
-
- Reader rdr = null;
- boolean exitOnFailure = true;
- /*
- * Check for "-" options anywhere in command line
- */
- StringBuilder sb = new StringBuilder();
- for (int i = 0; i < args.length; ++i) {
- if ("-i".equalsIgnoreCase(args[i])) {
- rdr = new InputStreamReader(System.in);
- // } else if("-o".equalsIgnoreCase(args[i])) {
- // // shall we do something different? Output stream is
- // already done...
- } else if ("-f".equalsIgnoreCase(args[i])) {
- if (args.length > i + 1) {
- rdr = new FileReader(args[++i]);
- }
- } else if ("-a".equalsIgnoreCase(args[i])) {
- exitOnFailure = false;
- } else if ("-c".equalsIgnoreCase(args[i])) {
- isConsole = true;
- } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {
- access.setProperty(Cmd.STARTDATE, args[++i]);
- } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {
- access.setProperty(Cmd.ENDDATE, args[++i]);
- } else if ("-t".equalsIgnoreCase(args[i])) {
- isTest = true;
- } else if ("-d".equalsIgnoreCase(args[i])) {
- showDetails = true;
- } else if ("-n".equalsIgnoreCase(args[i])) {
- ignoreDelay = true;
- } else {
- if (sb.length() > 0) {
- sb.append(' ');
- }
- sb.append(args[i]);
- }
- }
-
- SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
- Locator<URI> loc;
- String aafUrl = access.getProperty(Config.AAF_URL);
- if(aafUrl==null) {
- aafsso.setLogDefault();
- aafsso.setStdErrDefault();
- aafUrl=AAFSSO.cons.readLine("aaf_url=%s", HTTPS);
- if(aafUrl.length()==0) {
- System.exit(0);
- } else if(!aafUrl.startsWith(HTTPS)) {
- aafUrl=HTTPS+aafUrl;
- }
- aafsso.addProp(Config.AAF_URL, aafUrl);
- }
- // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan
- if(!aafsso.loginOnly()) {
- try {
- loc = new AAFLocator(si,new URI(aafUrl));
- } catch (Throwable t) {
- aafsso.setStdErrDefault();
- throw t;
- } finally {
- // Other Access is done writing to StdOut and StdErr, reset Std out
- aafsso.setLogDefault();
- }
-
- TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
- HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion("2.0");
+ if(aafsso.ok()) {
+ Define.set(access);
+ AuthzEnv env = new AuthzEnv(access);
- if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) {
- access.log(Level.ERROR, Config.AAF_DEFAULT_REALM,"is required");
+ Reader rdr = null;
+ boolean exitOnFailure = true;
+ /*
+ * Check for "-" options anywhere in command line
+ */
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < args.length; ++i) {
+ if ("-i".equalsIgnoreCase(args[i])) {
+ rdr = new InputStreamReader(System.in);
+ // } else if("-o".equalsIgnoreCase(args[i])) {
+ // // shall we do something different? Output stream is
+ // already done...
+ } else if ("-f".equalsIgnoreCase(args[i])) {
+ if (args.length > i + 1) {
+ rdr = new FileReader(args[++i]);
+ }
+ } else if ("-a".equalsIgnoreCase(args[i])) {
+ exitOnFailure = false;
+ } else if ("-c".equalsIgnoreCase(args[i])) {
+ isConsole = true;
+ } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {
+ access.setProperty(Cmd.STARTDATE, args[++i]);
+ } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {
+ access.setProperty(Cmd.ENDDATE, args[++i]);
+ } else if ("-t".equalsIgnoreCase(args[i])) {
+ isTest = true;
+ } else if ("-d".equalsIgnoreCase(args[i])) {
+ showDetails = true;
+ } else if ("-n".equalsIgnoreCase(args[i])) {
+ ignoreDelay = true;
+ } else {
+ if (sb.length() > 0) {
+ sb.append(' ');
+ }
+ sb.append(args[i]);
+ }
}
+ SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
+ Locator<URI> loc;
- AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si,
- new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false)));
- if(!ignoreDelay) {
- File delay = new File("aafcli.delay");
- if(delay.exists()) {
- BufferedReader br = new BufferedReader(new FileReader(delay));
- try {
- globalDelay = Integer.parseInt(br.readLine());
- } catch(Exception e) {
- access.log(Level.DEBUG,e);
- } finally {
- br.close();
+ aafsso.setLogDefault();
+ aafsso.setStdErrDefault();
+
+ // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan
+ if(!aafsso.loginOnly()) {
+ try {
+ loc = new AAFLocator(si,new URI(access.getProperty(Config.AAF_URL)));
+ } catch (Throwable t) {
+ aafsso.setStdErrDefault();
+ throw t;
+ } finally {
+ // Other Access is done writing to StdOut and StdErr, reset Std out
+ aafsso.setLogDefault();
+ }
+
+ TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
+ HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion(Config.AAF_DEFAULT_VERSION);
+
+ if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) {
+ access.setProperty(Config.AAF_DEFAULT_REALM, "people.osaaf.org");
+ aafsso.addProp(Config.AAF_DEFAULT_REALM, "people.osaaf.org");
+ }
+
+
+ AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si,
+ new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false)));
+ if(!ignoreDelay) {
+ File delay = new File("aafcli.delay");
+ if(delay.exists()) {
+ BufferedReader br = new BufferedReader(new FileReader(delay));
+ try {
+ globalDelay = Integer.parseInt(br.readLine());
+ } catch(Exception e) {
+ access.log(Level.DEBUG,e);
+ } finally {
+ br.close();
+ }
}
}
- }
- try {
- if (isConsole) {
- System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");
- System.out.println("Type '?' for help with command line editing");
- System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");
-
- ConsoleReader reader = new ConsoleReader();
- try {
- reader.setPrompt("aafcli > ");
+ try {
+ if (isConsole) {
+ System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");
+ System.out.println("Type '?' for help with command line editing");
+ System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");
+ ConsoleReader reader = new ConsoleReader();
+ try {
+ reader.setPrompt("aafcli > ");
+
+ String line;
+ while ((line = reader.readLine()) != null) {
+ showDetails = (line.contains("-d"))?true:false;
+
+ if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {
+ break;
+ } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d")
+ || line.equalsIgnoreCase("help")) {
+ line = "--help";
+ } else if (line.equalsIgnoreCase("cls")) {
+ reader.clearScreen();
+ continue;
+ } else if (line.equalsIgnoreCase("?")) {
+ keyboardHelp();
+ continue;
+ }
+ try {
+ aafcli.eval(line);
+ pw.flush();
+ } catch (Exception e) {
+ pw.println(e.getMessage());
+ pw.flush();
+ }
+ }
+ } finally {
+ reader.close();
+ }
+ } else if (rdr != null) {
+ BufferedReader br = new BufferedReader(rdr);
String line;
- while ((line = reader.readLine()) != null) {
- showDetails = (line.contains("-d"))?true:false;
-
- if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {
+ while ((line = br.readLine()) != null) {
+ if (!aafcli.eval(line) && exitOnFailure) {
+ rv = 1;
break;
- } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d")
- || line.equalsIgnoreCase("help")) {
- line = "--help";
- } else if (line.equalsIgnoreCase("cls")) {
- reader.clearScreen();
- continue;
- } else if (line.equalsIgnoreCase("?")) {
- keyboardHelp();
- continue;
- }
- try {
- aafcli.eval(line);
- pw.flush();
- } catch (Exception e) {
- pw.println(e.getMessage());
- pw.flush();
}
}
- } finally {
- reader.close();
- }
- } else if (rdr != null) {
- BufferedReader br = new BufferedReader(rdr);
- String line;
- while ((line = br.readLine()) != null) {
- if (!aafcli.eval(line) && exitOnFailure) {
- rv = 1;
- break;
+ } else { // just run the command line
+ aafcli.verbose(false);
+ if (sb.length() == 0) {
+ sb.append("--help");
}
+ rv = aafcli.eval(sb.toString()) ? 0 : 1;
}
- } else { // just run the command line
- aafcli.verbose(false);
- if (sb.length() == 0) {
- sb.append("--help");
+
+ } finally {
+ aafcli.close();
+
+ // Don't close if No Reader, or it's a Reader of Standard In
+ if (rdr != null && !(rdr instanceof InputStreamReader)) {
+ rdr.close();
}
- rv = aafcli.eval(sb.toString()) ? 0 : 1;
- }
-
- } finally {
- aafcli.close();
-
- // Don't close if No Reader, or it's a Reader of Standard In
- if (rdr != null && !(rdr instanceof InputStreamReader)) {
- rdr.close();
}
}
}
- aafsso.writeFiles();
} finally {
aafsso.close();
+ StringBuilder err = aafsso.err();
+ String noexit = aafsso.access().getProperty("no_exit");
+ if (err != null) {
+ err.append("to continue...");
+ System.err.println(err);
+ }
+ if(noexit==null) {
+ return;
+ }
+
}
-
} catch (MessageException e) {
System.out.println("MessageException caught");
}
public static void set(Access access) throws CadiException {
- ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.onap.aaf");
+ ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.osaaf.aaf");
ROOT_COMPANY = access.getProperty(Config.AAF_ROOT_COMPANY,null);
if(ROOT_COMPANY==null) {
int last = ROOT_NS.lastIndexOf('.');
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.io.PrintStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map.Entry;
import java.util.Properties;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
public class AAFSSO {
public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole();
- private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
+// private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
- private Properties diskprops = null; // use for temp storing User/Password on disk
+ private Properties diskprops;
+ private boolean touchDiskprops;
private File dot_aaf = null;
private File sso = null; // instantiated, if ever, with diskprops
private PrintStream os;
private Method close;
+ private final PrintStream stdOutOrig;
+ private final PrintStream stdErrOrig;
+ private boolean ok;
public AAFSSO(String[] args) throws IOException, CadiException {
- String[] nargs = parseArgs(args);
+ ok = true;
+ List<String> nargs = parseArgs(args);
+ diskprops = new Properties();
+ touchDiskprops = false;
dot_aaf = new File(System.getProperty("user.home") + "/.aaf");
if (!dot_aaf.exists()) {
dot_aaf.mkdirs();
}
+ stdOutOrig = System.out;
+ stdErrOrig = System.err;
File f = new File(dot_aaf, "sso.out");
os = new PrintStream(new FileOutputStream(f, true));
System.setOut(os);
System.setErr(os);
- access = new PropAccess(os, nargs);
- Config.setDefaultRealm(access);
-
- user = access.getProperty(Config.AAF_APPID);
- encrypted_pass = access.getProperty(Config.AAF_APPPASS);
-
+ sso = new File(dot_aaf, "sso.props");
+ if(sso.exists()) {
+ InputStream propStream = new FileInputStream(sso);
+ try {
+ diskprops.load(propStream);
+ } finally {
+ propStream.close();
+ }
+ }
+
+// String keyfile = diskprops.getProperty(Config.CADI_KEYFILE);
+// if(keyfile==null) {
+// keyfile = dot_aaf.getCanonicalPath()+".keyfile";
+// touchDiskprops=true;
+// }
File dot_aaf_kf = new File(dot_aaf, "keyfile");
- sso = new File(dot_aaf, "sso.props");
if (removeSSO) {
if (dot_aaf_kf.exists()) {
dot_aaf_kf.setWritable(true, true);
dot_aaf_kf.delete();
}
if (sso.exists()) {
- sso.delete();
+ Properties temp = new Properties();
+ // Keep only these
+ for(Entry<Object, Object> es : diskprops.entrySet()) {
+ if(Config.CADI_LATITUDE.equals(es.getKey()) ||
+ Config.CADI_LONGITUDE.equals(es.getKey()) ||
+ Config.AAF_DEFAULT_REALM.equals(es.getKey())) {
+ temp.setProperty(es.getKey().toString(), es.getValue().toString());
+ }
+ }
+ diskprops = temp;
+ touchDiskprops = true;
}
+ String[] naargs = new String[nargs.size()];
+ nargs.toArray(naargs);
+ access = new PropAccess(os, naargs);
+ ok = false;
+ setLogDefault();
System.out.println("AAF SSO information removed");
- if (doExit) {
- System.exit(0);
+ } else {
+ // Config.setDefaultRealm(access);
+
+ if (!dot_aaf_kf.exists()) {
+ FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
+ try {
+ fos.write(Symm.keygen());
+ setReadonly(dot_aaf_kf);
+ } finally {
+ fos.close();
+ }
}
- }
- if (!dot_aaf_kf.exists()) {
- FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
- try {
- fos.write(Symm.keygen());
- setReadonly(dot_aaf_kf);
- } finally {
- fos.close();
+ for(Entry<Object, Object> es : diskprops.entrySet()) {
+ nargs.add(es.getKey().toString() + '=' + es.getValue().toString());
}
- }
-
- String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props
- if (keyfile == null) {
- access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
- }
-
- String alias = access.getProperty(Config.CADI_ALIAS);
- if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) {
- user = alias;
- access.setProperty(Config.AAF_APPID, user);
- use_X509 = true;
- } else {
- use_X509 = false;
- Symm decryptor = Symm.obtain(dot_aaf_kf);
- if (user == null) {
- if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) {
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
- FileInputStream fos = new FileInputStream(sso);
- try {
- access.load(fos);
- user = access.getProperty(Config.AAF_APPID);
- encrypted_pass = access.getProperty(Config.AAF_APPPASS);
- // decrypt with .aaf, and re-encrypt with regular Keyfile
- access.setProperty(Config.AAF_APPPASS,
- access.encrypt(decryptor.depass(encrypted_pass)));
- if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
- access.setProperty(Config.CM_URL, cm_url);
+ String[] naargs = new String[nargs.size()];
+ nargs.toArray(naargs);
+ access = new PropAccess(os, naargs);
+
+ if(loginOnly) {
+ for(String tag : new String[] {Config.AAF_APPID, Config.AAF_APPPASS,
+ Config.CADI_ALIAS, Config.CADI_KEYSTORE,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) {
+ access.getProperties().remove(tag);
+ diskprops.remove(tag);
+ }
+ touchDiskprops=true;
+// TODO Do we want to require reset of Passwords at least every Eight Hours.
+// } else if (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS)) {
+// for(String tag : new String[] {Config.AAF_APPPASS,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) {
+// access.getProperties().remove(tag);
+// diskprops.remove(tag);
+// }
+// touchDiskprops=true;
+ }
+
+ String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case its CertificateMan props
+ if (keyfile == null) {
+ access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
+ addProp(Config.CADI_KEYFILE,dot_aaf_kf.getAbsolutePath());
+ }
+
+
+ String alias, appID;
+ alias = access.getProperty(Config.CADI_ALIAS);
+ if(alias==null) {
+ appID = access.getProperty(Config.AAF_APPID);
+ user=appID;
+ } else {
+ user=alias;
+ appID=null;
+ }
+
+ String keystore=access.getProperty(Config.CADI_KEYSTORE);
+ String keystore_pass=access.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+
+ if(user==null || (alias!=null && (keystore==null || keystore_pass==null))) {
+ String select = null;
+ String name;
+ for (File tsf : dot_aaf.listFiles()) {
+ name = tsf.getName();
+ if (!name.contains("trust") && (name.endsWith(".jks") || name.endsWith(".p12"))) {
+ select = cons.readLine("Use %s for Identity? (y/n): ",tsf.getName());
+ if("y".equalsIgnoreCase(select)) {
+ keystore = tsf.getCanonicalPath();
+ access.setProperty(Config.CADI_KEYSTORE, keystore);
+ addProp(Config.CADI_KEYSTORE, keystore);
+ char[] password = cons.readPassword("Keystore Password: ");
+ encrypted_pass= access.encrypt(new String(password));
+ access.setProperty(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass);
+ addProp(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass);
+
+ // TODO READ Aliases out of Keystore?
+ user = alias = cons.readLine("Keystore alias: ");
+ access.setProperty(Config.CADI_ALIAS, user);
+ addProp(Config.CADI_ALIAS, user);
+ break;
}
- } finally {
- fos.close();
- }
- } else {
- diskprops = new Properties();
- String realm = Config.getDefaultRealm();
- // Turn on Console Sysout
- System.setOut(System.out);
- user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
- if (user == null) {
- user = System.getProperty("user.name") + '@' + realm;
- } else if (user.length() == 0) { //
- user = System.getProperty("user.name") + '@' + realm;
- } else if ((user.indexOf('@') < 0) && (realm != null)) {
- user = user + '@' + realm;
}
- access.setProperty(Config.AAF_APPID, user);
- diskprops.setProperty(Config.AAF_APPID, user);
- encrypted_pass = new String(cons.readPassword("aaf_password: "));
- System.setOut(os);
- encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ }
+ if(alias==null) {
+ user = appID = cons.readLine(Config.AAF_APPID + ": ");
+ access.setProperty(Config.AAF_APPID, appID);
+ addProp(Config.AAF_APPID, appID);
+ char[] password = cons.readPassword(Config.AAF_APPPASS + ": ");
+ encrypted_pass= access.encrypt(new String(password));
access.setProperty(Config.AAF_APPPASS, encrypted_pass);
- diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
- diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
+ addProp(Config.AAF_APPPASS, encrypted_pass);
+ }
+ } else {
+ encrypted_pass = access.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+ if(encrypted_pass == null) {
+ keystore_pass = null;
+ encrypted_pass = access.getProperty(Config.AAF_APPPASS);
+ } else {
+ keystore_pass = encrypted_pass;
}
}
- }
- if (user == null) {
- err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
- }
-
- if (encrypted_pass == null && alias == null) {
- if (err == null) {
- err = new StringBuilder();
+
+
+ if (alias!=null) {
+ use_X509 = true;
} else {
- err.append("and ");
+ use_X509 = false;
+ Symm decryptor = Symm.obtain(dot_aaf_kf);
+ if (user == null) {
+ if (sso.exists()) {
+ String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
+ FileInputStream fos = new FileInputStream(sso);
+ try {
+ access.load(fos);
+ user = access.getProperty(Config.AAF_APPID);
+ encrypted_pass = access.getProperty(Config.AAF_APPPASS);
+ // decrypt with .aaf, and re-encrypt with regular Keyfile
+ access.setProperty(Config.AAF_APPPASS,
+ access.encrypt(decryptor.depass(encrypted_pass)));
+ if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
+ access.setProperty(Config.CM_URL, cm_url);
+ }
+ } finally {
+ fos.close();
+ }
+ } else {
+ diskprops = new Properties();
+ String realm = Config.getDefaultRealm();
+ // Turn on Console Sysout
+ System.setOut(System.out);
+ user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
+ if (user == null) {
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if (user.length() == 0) { //
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if ((user.indexOf('@') < 0) && (realm != null)) {
+ user = user + '@' + realm;
+ }
+ access.setProperty(Config.AAF_APPID, user);
+ diskprops.setProperty(Config.AAF_APPID, user);
+ encrypted_pass = new String(cons.readPassword("aaf_password: "));
+ System.setOut(os);
+ encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ access.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
+ }
+ }
+ }
+ if (user == null) {
+ err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
+ }
+
+ if (encrypted_pass == null && alias == null) {
+ if (err == null) {
+ err = new StringBuilder();
+ } else {
+ err.append("and ");
+ }
+ err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
+ }
+
+ String locateUrl = access.getProperty(Config.AAF_LOCATE_URL);
+ if(locateUrl==null) {
+ locateUrl=AAFSSO.cons.readLine("AAF Locator FQDN/machine[:port]=https://");
+ if(locateUrl==null || locateUrl.length()==0) {
+ err = new StringBuilder(Config.AAF_LOCATE_URL);
+ err.append(" is required.");
+ ok = false;
+ return;
+ } else {
+ locateUrl="https://"+locateUrl+"/locate";
+ }
+ access.setProperty(Config.AAF_LOCATE_URL, locateUrl);
+ addProp(Config.AAF_LOCATE_URL, locateUrl);
+ }
+
+ String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service/2.0";
+ access.setProperty(Config.AAF_URL, aafUrl);
+ access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm/2.0");
+ String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
+ if(cadiLatitude==null) {
+ System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
+ cadiLatitude=AAFSSO.cons.readLine("cadi_latitude[0.000]=");
+ if(cadiLatitude==null || cadiLatitude.isEmpty()) {
+ cadiLatitude="0.000";
+ }
+ access.setProperty(Config.CADI_LATITUDE, cadiLatitude);
+ addProp(Config.CADI_LATITUDE, cadiLatitude);
+
}
- err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
+ String cadiLongitude = access.getProperty(Config.CADI_LONGITUDE);
+ if(cadiLongitude==null) {
+ cadiLongitude=AAFSSO.cons.readLine("cadi_longitude[0.000]=");
+ if(cadiLongitude==null || cadiLongitude.isEmpty()) {
+ cadiLongitude="0.000";
+ }
+ access.setProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ addProp(Config.CADI_LONGITUDE, cadiLongitude);
+ }
+
+ String cadi_truststore = access.getProperty(Config.CADI_TRUSTSTORE);
+ if(cadi_truststore==null) {
+ String name;
+ String select;
+ for (File tsf : dot_aaf.listFiles()) {
+ name = tsf.getName();
+ if (name.contains("trust") &&
+ (name.endsWith(".jks") || name.endsWith(".p12"))) {
+ select = cons.readLine("Use %s for TrustStore? (y/n):",tsf.getName());
+ if("y".equalsIgnoreCase(select)) {
+ cadi_truststore=tsf.getCanonicalPath();
+ access.setProperty(Config.CADI_TRUSTSTORE, cadi_truststore);
+ addProp(Config.CADI_TRUSTSTORE, cadi_truststore);
+ break;
+ }
+ }
+ }
+ }
+ if(cadi_truststore!=null) {
+ if(cadi_truststore.indexOf(File.separatorChar)<0) {
+ cadi_truststore=dot_aaf.getPath()+File.separator+cadi_truststore;
+ }
+ String cadi_truststore_password = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD);
+ if(cadi_truststore_password==null) {
+ cadi_truststore_password=AAFSSO.cons.readLine("cadi_truststore_password[%s]=","changeit");
+ cadi_truststore_password = access.encrypt(cadi_truststore_password);
+ access.setProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password);
+ addProp(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password);
+ }
+ }
+ ok = err==null;
}
+ writeFiles();
}
public void setLogDefault() {
this.setLogDefault(PropAccess.DEFAULT);
+ System.setOut(stdOutOrig);
}
public void setStdErrDefault() {
access.setLogLevel(PropAccess.DEFAULT);
- System.setErr(System.err);
+ System.setOut(stdErrOrig);
}
public void setLogDefault(Level level) {
- access.setLogLevel(level);
- System.setOut(System.out);
+ if(access!=null) {
+ access.setLogLevel(level);
+ }
+ System.setOut(stdOutOrig);
}
public boolean loginOnly() {
}
public void addProp(String key, String value) {
- if (diskprops != null) {
- diskprops.setProperty(key, value);
+ if(key==null || value==null) {
+ return;
}
+ touchDiskprops=true;
+ diskprops.setProperty(key, value);
}
public void writeFiles() throws IOException {
- // Store Creds, if they work
- if (diskprops != null) {
- if (!dot_aaf.exists()) {
- dot_aaf.mkdirs();
+ if(touchDiskprops) {
+ // Store Creds, if they work
+ if (diskprops != null) {
+ if (!dot_aaf.exists()) {
+ dot_aaf.mkdirs();
+ }
+ FileOutputStream fos = new FileOutputStream(sso);
+ try {
+ diskprops.store(fos, "AAF Single Signon");
+ } finally {
+ fos.close();
+ setReadonly(sso);
+ }
}
- FileOutputStream fos = new FileOutputStream(sso);
- try {
- diskprops.store(fos, "AAF Single Signon");
- } finally {
- fos.close();
+ if (sso != null) {
setReadonly(sso);
+ sso.setWritable(true, true);
}
}
- if (sso != null) {
- setReadonly(sso);
- sso.setWritable(true, true);
- }
}
public PropAccess access() {
}
}
- private String[] parseArgs(String[] args)
+ private List<String> parseArgs(String[] args)
{
List<String> larg = new ArrayList<String>(args.length);
larg.add(args[i]);
}
}
- String[] nargs = new String[larg.size()];
- larg.toArray(nargs);
- return nargs;
+ return larg;
}
private void setReadonly(File file) {
file.setReadable(false, false);
file.setReadable(true, true);
}
+
+ public boolean ok() {
+ return ok;
+ }
}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.oauth.test;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.security.GeneralSecurityException;
+
+import org.junit.Test;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.locator.PropertyLocator;
+import org.onap.aaf.cadi.oauth.TokenClientFactory;
+import org.onap.aaf.misc.env.APIException;
+
+import junit.framework.Assert;
+
+public class JU_TokenClientFactoryTest {
+
+ /**
+ * Acceptable Locator Patterns for choosing AAFLocator over others
+ */
+ @Test
+ public void testLocatorString() {
+ /*
+ PropAccess access = new PropAccess();
+ access.setProperty(Config.AAF_LOCATE_URL, "https://xytz.sbbc.dd:8095/locate");
+ access.setProperty(Config.CADI_LATITUDE, "39.000");
+ access.setProperty(Config.CADI_LONGITUDE, "-72.000");
+ TokenClientFactory tcf;
+ try {
+ System.out.println("one");
+ tcf = TokenClientFactory.instance(access);
+ System.out.println("two");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd/locate/hello") instanceof AAFLocator);
+ System.out.println("three");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate/hello") instanceof AAFLocator);
+ System.out.println("four");
+ Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/hello") instanceof AAFLocator);
+ System.out.println("five");
+ Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/AAF_FS.hello/2.0") instanceof AAFLocator);
+ System.out.println("six");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate") instanceof PropertyLocator);
+ System.out.println("seven");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/Something") instanceof PropertyLocator);
+ } catch (APIException | GeneralSecurityException | IOException | CadiException | LocatorException | URISyntaxException e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
+ */
+ }
+
+}
assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
assertThat(sso.loginOnly(), is(true));
-
- assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(false));
- sso.writeFiles();
- assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
+
+// Not necessarily true
+// assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
sso.setLogDefault();
sso.setStdErrDefault();
assertThat(new File(aafDir).exists(), is(true));
assertThat(new File(aafDir + "/.aaf").exists(), is(true));
- assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(false));
assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
assertThat(sso.loginOnly(), is(false));
assertThat(sso.useX509(), is(false));
sso.close();
- sso.close();
}
private void recursiveDelete(File file) {
pl.destroy();
pl = new PropertyLocator(uris);
+
}
@Test(expected=LocatorException.class)
private static char passChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+!@#$%^&*(){}[]?:;,.".toCharArray();
-
+ private static Symm internalOnly = null;
+
/**
* Use this to create special case Case Sets and/or Line breaks
*
* @throws CadiException
*/
public static Symm obtain(Access access) throws CadiException {
- Symm symm = Symm.baseCrypt();
-
String keyfile = access.getProperty(Config.CADI_KEYFILE,null);
if(keyfile!=null) {
+ Symm symm = Symm.baseCrypt();
+
File file = new File(keyfile);
try {
access.log(Level.INIT, Config.CADI_KEYFILE,"points to",file.getCanonicalPath());
}
throw new CadiException("ERROR: " + filename + " does not exist!");
}
+ return symm;
+ } else {
+ try {
+ return internalOnly();
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
}
- return symm;
}
/**
* Create a new random key
return newSymm;
}
+
+ /**
+ * This Symm is generated for internal JVM use. It has no external keyfile, but can be used
+ * for securing Memory, as it remains the same ONLY of the current JVM
+ * @return
+ * @throws IOException
+ */
+ public static synchronized Symm internalOnly() throws IOException {
+ if(internalOnly==null) {
+ ByteArrayInputStream baos = new ByteArrayInputStream(keygen());
+ try {
+ internalOnly = Symm.obtain(baos);
+ } finally {
+ baos.close();
+ }
+ }
+ return internalOnly;
+ }
}
Code Review / aaf / authz.git / commitdiff