From: Jonathan Gathman Date: Wed, 25 Apr 2018 21:27:31 +0000 (+0000) Subject: Merge "Increased auth cmd to 53 percent" X-Git-Tag: Beijing-2.1.1~87 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=commitdiff_plain;h=4246fcf2c5b4f643a816aa4a7fed06b399d04511;hp=795b295fca004dae777f4d05b46c5861ac38379b Merge "Increased auth cmd to 53 percent" --- diff --git a/auth/auth-cass/docker/dbash.sh b/auth/auth-cass/docker/dbash.sh index e10afcc0..38e43dd0 100644 --- a/auth/auth-cass/docker/dbash.sh +++ b/auth/auth-cass/docker/dbash.sh @@ -1,3 +1,3 @@ -#!/bin/bash dbash +#!/bin/bash docker exec -it aaf_cass bash diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh index 7a3009db..c3e07d59 100644 --- a/auth/auth-cass/docker/dinstall.sh +++ b/auth/auth-cass/docker/dinstall.sh @@ -1,3 +1,4 @@ +#!/bin/bash if [ "`docker ps -a | grep aaf_cass`" == "" ]; then docker run --name aaf_cass -d cassandra:3.11 echo "Check for running Docker Container aaf_cass, then run again." diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 935f99bf..ac2105f6 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -680,7 +680,17 @@ public class DefaultOrg implements Organization { } @Override public boolean supportsRealm(final String r) { - return supportedRealms.contains(extractRealm(r)) || r.endsWith(realm); + if(r.endsWith(realm)) { + return true; + } else { + String erealm = extractRealm(r); + for(String sr : supportedRealms) { + if(erealm.startsWith(sr)) { + return true; + } + } + } + return false; } @Override diff --git a/auth/docker/dbash.sh b/auth/docker/dbash.sh index 642cba40..42caa592 100644 --- a/auth/docker/dbash.sh +++ b/auth/docker/dbash.sh @@ -1 +1,2 @@ +#!/bin/bash docker exec -it aaf_$1 bash diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 23fa72f5..ed99ec99 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -1,4 +1,4 @@ -#!/bin/bash dbuild.sh +#!/bin/bash # # Docker Building Script. Reads all the components generated by install, on per-version basis # diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index d83f61c8..7887b677 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -1,4 +1,4 @@ -#!/bin/bash dclean.sh +#!/bin/bash # Pull in Variables from d.props . ./d.props diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index e9805887..7aee605c 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -1,4 +1,4 @@ -#!/bin/bash drun.sh +#!/bin/bash # Pull in Variables from d.props . ./d.props diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh index 41aa6a45..0fb993ae 100644 --- a/auth/docker/dstart.sh +++ b/auth/docker/dstart.sh @@ -1,4 +1,4 @@ -#!/bin/bash dstop.sh +#!/bin/bash # Pull in Props . ./d.props diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh index 58ac0bf7..4c8d4425 100644 --- a/auth/docker/dstop.sh +++ b/auth/docker/dstop.sh @@ -1,4 +1,4 @@ -#!/bin/bash dstop.sh +#!/bin/bash # Pull in Properties . ./d.props diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index fdd704bc..dd4dbb1d 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -27,8 +27,8 @@ anne|Anne E Kopp|Anne|Kopp|512-244-4280|anne.e.kopp@att.com|e|jonathan aaf|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan a2345z|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan aaf_authz|AAF App|AAF|Application||jonathan.gathman@att.com|a|jonathan -kirankamieni|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|ramkoya -aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirankamieni +kirank|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|e|ramkoya +aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirank djtimoney|Dan Timoney|Dan|Timoney|+1 (732) 420-3226|dt5972@att.com|e|ramkoya xuegao|Xue Gao|Xue|Gao|0032479670327|xg353y@att.com|e|clefevre clamp|Clamp Application|clamp|Application||xg353y@att.com|a|xuegao @@ -36,4 +36,7 @@ dmaapbc|DMaap Bus Controller|DMaap|Bus Controller||dgl@research.att.com|a|dgfrom dglfromatt|Dominic Lunanuova|Dominic|Lunanuova|732-420-9618|dgl@research.att.com|e|ramokoya puthenpura|Sarat Puthenpura|Sarat|Puthenpura|||e|clefevre ruoyu|Ruoyu Ying|Ruoyu|Ying|13661960772|ruoyu.ying@intel.com|e|puthenpura - +sunilu|Sunil Unnava|Sunil|Unnava|6094541858|sunil.unnava@att.com|e|ramkoya +dmaapmr|DMaap Message Router|DMaap MR|Message Router||su622b@att.com|a|sunilu +oof|OOF|OOF|OOF||sarat@research.att.com|a|saratp +saratp|Sarat Puthenpura|Sarat|Puthenpura|9089012067|sarat@research.att.com|e|clefevre diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java index 46099887..456184c3 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java @@ -28,6 +28,7 @@ import java.io.OutputStream; import java.io.Reader; import java.net.HttpURLConnection; import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; @@ -121,18 +122,11 @@ public class HClient implements EClient { } pi.append(pathinfo); } - URL url = new URI( - uri.getScheme(), - uri.getUserInfo(), - uri.getHost(), - uri.getPort(), - pi==null?uri.getPath():pi.toString(), - query, - fragment).toURL(); pathinfo=null; query=null; fragment=null; - huc = (HttpURLConnection) url.openConnection(); + //huc = (HttpURLConnection) url.openConnection(); + huc = getConnection(uri, pi); huc.setRequestMethod(meth); if(ss!=null) { ss.setSecurity(huc); @@ -169,10 +163,21 @@ public class HClient implements EClient { return connectTimeout; } - public abstract class HFuture extends Future { + protected HttpURLConnection getConnection(URI uri, StringBuilder pi) throws IOException, URISyntaxException { + URL url = new URI( + uri.getScheme(), + uri.getUserInfo(), + uri.getHost(), + uri.getPort(), + pi==null?uri.getPath():pi.toString(), + query, + fragment).toURL(); + return (HttpURLConnection) url.openConnection(); + } + + public abstract class HFuture extends Future { protected HttpURLConnection huc; protected int respCode; - protected String respMessage; protected IOException exception; protected StringBuilder errContent; @@ -258,10 +263,6 @@ public class HClient implements EClient { return exception; } - public String respMessage() { - return respMessage; - } - @Override public String header(String tag) { return huc.getHeaderField(tag); @@ -285,9 +286,6 @@ public class HClient implements EClient { public String body() { if (errContent != null) { return errContent.toString(); - - } else if (respMessage != null) { - return respMessage; } return ""; } @@ -314,8 +312,6 @@ public class HClient implements EClient { return value; } else if (errContent != null) { return errContent.toString(); - } else if (respMessage != null) { - return respMessage; } return ""; } @@ -346,8 +342,6 @@ public class HClient implements EClient { } } else if (errContent != null) { return errContent.toString(); - } else if (respMessage != null) { - return respMessage; } return ""; } @@ -369,8 +363,6 @@ public class HClient implements EClient { public String body() { if (errContent != null) { return errContent.toString(); - } else if (respMessage != null) { - return respMessage; } return Integer.toString(respCode); } @@ -419,7 +411,7 @@ public class HClient implements EClient { @Override public String body() { - return errContent==null?respMessage:errContent.toString(); + return errContent==null?null:errContent.toString(); } }; } diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/http/test/JU_HClient.java b/cadi/client/src/test/java/org/onap/aaf/cadi/http/test/JU_HClient.java new file mode 100644 index 00000000..0b4b8e78 --- /dev/null +++ b/cadi/client/src/test/java/org/onap/aaf/cadi/http/test/JU_HClient.java @@ -0,0 +1,323 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.http.test; + +import static org.junit.Assert.*; +import static org.mockito.Mockito.*; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.Reader; +import java.lang.reflect.Field; +import java.net.HttpURLConnection; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; + +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletResponse; + +import static org.hamcrest.CoreMatchers.*; +import org.junit.*; +import org.mockito.*; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.LocatorException; +import org.onap.aaf.cadi.SecuritySetter; +import org.onap.aaf.cadi.client.EClient.Transfer; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.http.HClient; +import org.onap.aaf.cadi.http.HClient.HFuture; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.rosetta.env.RosettaDF; +import org.onap.aaf.misc.rosetta.env.RosettaData; + +public class JU_HClient { + + @Mock private SecuritySetter ssMock; + @Mock private Transfer transferMock; + @Mock private HttpURLConnection hucMock; + @Mock private HttpServletResponse respMock; + @Mock private RosettaDF dfMock; + @Mock private RosettaData dataMock; + + private static final String uriString = "http://example.com:8080/path/to/a/file.txt"; + private static final String fragment = "fragment"; + private static final String method = "method"; + private static final String pathinfo = "pathinfo"; + private static final String queryParams = "queryParams"; + + private static final String errorString = "error string"; + private static final String successString = "success string"; + + private static final String tag1 = "tag1"; + private static final String tag2 = "tag2"; + private static final String value1 = "value1"; + private static final String value2 = "value2"; + + private URI uri; + + @Before + public void setup() throws URISyntaxException { + MockitoAnnotations.initMocks(this); + + uri = new URI(uriString); + } + + @Test + public void accessorsMutatorsTest() throws LocatorException { + HClient client = new HClient(ssMock, uri, 0); + client.setFragment(fragment); + client.setMethod(method); + client.setPathInfo(pathinfo); + client.setPayload(transferMock); + client.setQueryParams(queryParams); + assertThat(client.getURI(), is(uri)); + assertThat(client.timeout(), is(0)); + assertThat(client.toString(), is("HttpURLConnection Client configured to " + uri.toString())); + } + + @Test + public void sendTest() throws LocatorException, APIException, URISyntaxException { + HClientStub client; + client = new HClientStub(ssMock, uri, 0, null); + client.send(); + + client.setPathInfo("/pathinfo"); + client.send(); + + client.setPathInfo("pathinfo"); + client.send(); + + client = new HClientStub(null, uri, 0, null); + client.send(); + + client.addHeader(tag1, value1); + client.addHeader(tag2, value2); + client.send(); + + client.setPayload(transferMock); + client.send(); + } + + @Test(expected = APIException.class) + public void sendThrows1Test() throws APIException, LocatorException, URISyntaxException { + HClientStub client = new HClientStub(ssMock, new URI("mailto:me@domain.com"), 0, null); + client.send(); + } + + @Test(expected = APIException.class) + public void sendThrows2Test() throws APIException, LocatorException, URISyntaxException { + HClientStub client = new HClientStub(ssMock, new URI("mailto:me@domain.com"), 0, null); + client.addHeader(tag1, value1); + client.addHeader(tag2, value2); + client.send(); + } + + @Test + public void futureCreateTest() throws LocatorException, CadiException, IOException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + HFuture future = (HFuture) client.futureCreate(HttpURLConnection.class); + + // Test a bad response code (default 0) without output + assertThat(future.get(0), is(false)); + assertThat(future.body().length(), is(0)); + + // Test a bad response code (default 0) with output + ByteArrayInputStream bais = new ByteArrayInputStream(errorString.getBytes()); + when(hucMock.getInputStream()).thenReturn(bais); + assertThat(future.get(0), is(false)); + assertThat(future.body(), is(errorString)); + + // Test a good response code + when(hucMock.getResponseCode()).thenReturn(201); + assertThat(future.get(0), is(true)); + } + + @Test + public void futureReadStringTest() throws LocatorException, CadiException, IOException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + Future future = client.futureReadString(); + + // Test a bad response code (default 0) without output + assertThat(future.get(0), is(false)); + assertThat(future.body().length(), is(0)); + + // Test a bad response code (default 0) with output + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(errorString.getBytes())); + assertThat(future.get(0), is(false)); + assertThat(future.body(), is(errorString)); + + // Test a good response code + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(successString.getBytes())); + when(hucMock.getResponseCode()).thenReturn(200); + assertThat(future.get(0), is(true)); + assertThat(future.body(), is(successString)); + } + + @Test + public void futureReadTest() throws LocatorException, CadiException, IOException, APIException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + Future future = client.futureRead(dfMock, null); + + // Test a bad response code (default 0) without output + assertThat(future.get(0), is(false)); + assertThat(future.body().length(), is(0)); + + // Test a bad response code (default 0) with output + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(errorString.getBytes())); + assertThat(future.get(0), is(false)); + assertThat(future.body(), is(errorString)); + + // Test a good response code + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(successString.getBytes())); + when(dfMock.newData()).thenReturn(dataMock); + when(dataMock.in(null)).thenReturn(dataMock); + when(dataMock.load((InputStream)any())).thenReturn(dataMock); + when(dataMock.asObject()).thenReturn(hucMock); + when(dataMock.asString()).thenReturn(successString); + when(hucMock.getResponseCode()).thenReturn(200); + assertThat(future.get(0), is(true)); + assertThat(future.body(), is(successString)); + } + + @Test + public void future1Test() throws LocatorException, CadiException, IOException, APIException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + Future future = client.future(hucMock); + + // Test a good response code + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(successString.getBytes())); + when(hucMock.getResponseCode()).thenReturn(200); + assertThat(future.get(0), is(true)); + assertThat(future.body(), is("200")); + + // Test a bad response code + when(hucMock.getResponseCode()).thenReturn(0); + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(errorString.getBytes())); + assertThat(future.get(0), is(false)); + assertThat(future.body(), is(errorString)); + } + + @Test + public void future2Test() throws LocatorException, CadiException, IOException, APIException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + Future future = client.future(respMock, 200); + + ServletOutputStream sos = new ServletOutputStream() { + @Override public void write(int arg0) throws IOException { } + }; + when(respMock.getOutputStream()).thenReturn(sos); + + // Test a good response code + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(successString.getBytes())); + when(hucMock.getResponseCode()).thenReturn(200); + assertThat(future.get(0), is(true)); + assertThat(future.body(), is(nullValue())); + + // Test a bad response code + when(hucMock.getResponseCode()).thenReturn(0); + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(errorString.getBytes())); + assertThat(future.get(0), is(false)); + assertThat(future.body(), is("")); + } + + @Test + public void hfutureTest() throws CadiException, IOException, LocatorException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + HFutureStub future = new HFutureStub(client, hucMock); + assertThat(future.get(0), is(false)); + + // Test a bad response code (default 0) with output + when(hucMock.getInputStream()).thenReturn(new ByteArrayInputStream(errorString.getBytes())); + assertThat(future.get(0), is(false)); + + assertThat(future.get(0), is(false)); + + when(hucMock.getResponseCode()).thenReturn(200); + assertThat(future.get(0), is(true)); + + StringBuilder sb = future.inputStreamToString(new ByteArrayInputStream(errorString.getBytes())); + assertThat(sb.toString(), is(errorString)); + + assertThat(future.code(), is(200)); + assertThat(future.huc(), is(hucMock)); + + assertThat(future.exception(), is(nullValue())); + assertThat(future.header("string"), is(nullValue())); + + // coverage... + future.setHuc(null); + future.close(); + } + + @Test + public void headerTest() throws LocatorException { + HClient client = new HClientStub(ssMock, uri, 0, hucMock); + String tag1 = "tag1"; + String tag2 = "tag2"; + String value1 = "value1"; + String value2 = "value2"; + client.addHeader(tag1, value1); + client.addHeader(tag2, value2); + } + + @Test(expected = LocatorException.class) + public void throws1Test() throws LocatorException { + @SuppressWarnings("unused") + HClient client = new HClient(ssMock, null, 0); + } + + private class HClientStub extends HClient { + public HClientStub(SecuritySetter ss, URI uri, int connectTimeout, HttpURLConnection huc) throws LocatorException { + super(ss, uri, connectTimeout); + setHuc(huc); + } + public void setHuc(HttpURLConnection huc) { + Field field; + try { + field = HClient.class.getDeclaredField("huc"); + field.setAccessible(true); + field.set(this, huc); + field.setAccessible(false); + } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) { + e.printStackTrace(); + fail("Caught an exception: " + e.getMessage()); + } + } + @Override + public HttpURLConnection getConnection(URI uri, StringBuilder pi) throws IOException { + return hucMock; + } + } + + private class HFutureStub extends HFuture { + public HFutureStub(HClient hClient, HttpURLConnection huc) { + hClient.super(huc); + } + + @Override public String body() { return null; } + public void setHuc(HttpURLConnection huc) { this.huc = huc; } + } + +} diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index eb391591..7b75fbc9 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -6,10 +6,12 @@ read FQI if [ "$1" = "" -o "$1" = "-local" ]; then echo "Personal Certificate" SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" + NAME=$FQI else echo "Application Certificate" SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" - FQI=$1 + FQDN=$1 + NAME=$FQDN shift fi echo $SUBJECT @@ -25,30 +27,30 @@ else `stty echo` # remove any previous Private key - rm private/$FQI.key + rm private/$NAME.key # Create j regaular rsa encrypted key - openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ - -out $FQI.csr -outform PEM -subj "$SUBJECT" \ + openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \ + -out $NAME.csr -outform PEM -subj "$SUBJECT" \ -passout stdin << EOF $PASSPHRASE EOF - chmod 400 private/$FQI.key + chmod 400 private/$NAME.key SIGN_IT=true else - echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' - echo chmod 400 $FQI.key + echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"' + echo chmod 400 $NAME.key echo "# All done, print result" - echo openssl req -verify -text -noout -in $FQI.csr + echo openssl req -verify -text -noout -in $NAME.csr fi fi if [ "$SIGN_IT" = "true" ]; then # Sign it - openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ + openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ -cert certs/ca.crt -keyfile private/ca.key \ -policy policy_loose \ -days 360 \ - -infiles $FQI.csr + -infiles $NAME.csr fi