From: Instrumental Date: Fri, 6 Apr 2018 01:17:18 +0000 (-0500) Subject: Add Certs, Docker Build X-Git-Tag: v2.1.0~3 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=commitdiff_plain;h=924b18d7469204ceaae60d7345712ea09f75a674 Add Certs, Docker Build Issue-ID: AAF-211 Change-Id: Idc7630578155586a6e53d7af80dd16e4e0ac41ca Signed-off-by: Instrumental --- diff --git a/auth/auth-cass/docker/dinstall b/auth/auth-cass/docker/dinstall index 922e4c77..aaa507b7 100644 --- a/auth/auth-cass/docker/dinstall +++ b/auth/auth-cass/docker/dinstall @@ -1,4 +1,4 @@ - +#!/bin/bash dinstall if ["`docker ps -a | grep aaf_cass`" == ""]; then docker run --name aaf_cass -d cassandra:3.11 else diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml index cfd08ce5..5b385014 100644 --- a/auth/auth-certman/pom.xml +++ b/auth/auth-certman/pom.xml @@ -99,7 +99,8 @@ org.onap.aaf.auth.cm.AAF_CM cm - cadi_prop_files=${project.conf_dir}/org.osaaf.cm.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.cm.props + cadi_log_dir=${project.ext_root_dir}/logs/cm diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java index aee48870..5c5ab962 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java @@ -22,7 +22,6 @@ package org.onap.aaf.auth.cm; -import java.io.File; import java.lang.reflect.Constructor; import java.util.Map; import java.util.Map.Entry; @@ -52,10 +51,10 @@ import org.onap.aaf.auth.server.AbsService; import org.onap.aaf.auth.server.JettyServiceStarter; import org.onap.aaf.auth.server.Log4JLogIt; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker; @@ -229,19 +228,9 @@ public class AAF_CM extends AbsService { public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "cm"); + Log4JLogIt logIt = new Log4JLogIt(args, "cm"); PropAccess propAccess = new PropAccess(logIt,args); - + AAF_CM service = new AAF_CM(new AuthzEnv(propAccess)); JettyServiceStarter jss = new JettyServiceStarter(service); jss.start(); diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml index a7f60aea..2697c5a0 100644 --- a/auth/auth-core/pom.xml +++ b/auth/auth-core/pom.xml @@ -100,7 +100,7 @@ javax.servlet - servlet-api + javax.servlet-api diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java index 12b19d29..d8c73117 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsService.java @@ -22,6 +22,7 @@ package org.onap.aaf.auth.server; import java.security.NoSuchAlgorithmException; +import java.util.Properties; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; @@ -46,7 +47,6 @@ import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.impl.BasicEnv; public abstract class AbsService extends RServlet { - protected static final String AAF_LOG4J_PREFIX = "aaf_log4j_prefix"; public final Access access; public final ENV env; private AAFConHttp aafCon; @@ -155,14 +155,25 @@ public abstract class AbsService exte return aafCon.hman().best(new HTransferSS(p,app_name, aafCon.securityInfo()), retryable); } - protected static final String getArg(final String tag, final String args[], final String def) { - String value = def; + protected static final String loadFromArgOrSystem(final Properties props, final String tag, final String args[], final String def) { String tagEQ = tag + '='; + String value; for(String arg : args) { if(arg.startsWith(tagEQ)) { - value = arg.substring(tagEQ.length()); + props.put(tag, value=arg.substring(tagEQ.length())); + return value; } } - return value; + // check System.properties + value = System.getProperty(tag); + if(value!=null) { + props.put(tag, value); + return value; + } + + if(def!=null) { + props.put(tag,def); + } + return def; } } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java index 0b91c9fc..e295c867 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java @@ -20,6 +20,7 @@ */ package org.onap.aaf.auth.server; +import java.io.File; import java.io.IOException; import java.text.SimpleDateFormat; @@ -27,10 +28,13 @@ import org.apache.log4j.Logger; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.PropAccess.LogIt; +import org.onap.aaf.cadi.config.Config; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.log4j.LogFileNamer; public class Log4JLogIt implements LogIt { + protected static final String AAF_LOG4J_PREFIX = "aaf_log4j_prefix"; + // Sonar says cannot be static... it's ok. not too many PropAccesses created. private final SimpleDateFormat iso8601 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ"); @@ -45,7 +49,19 @@ public class Log4JLogIt implements LogIt { private final Logger ltrace; - public Log4JLogIt(final String log_dir, final String log_level, final String propsFile, final String root) throws APIException { + public Log4JLogIt(final String[] args, final String root) throws APIException { + String propsFile = getArgOrVM(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; + String log_dir = getArgOrVM(Config.CADI_LOGDIR,args,"/opt/app/osaaf/logs"); + String etc_dir = getArgOrVM(Config.CADI_ETCDIR,args,"/opt/app/osaaf/etc"); + String log_level = getArgOrVM(Config.CADI_LOGLEVEL,args,"INFO"); + File logs = new File(log_dir); + if(!logs.isDirectory()) { + logs.delete(); + } + if(!logs.exists()) { + logs.mkdirs(); + } + LogFileNamer lfn = new LogFileNamer(log_dir,root); try { service=lfn.setAppender("service"); // when name is split, i.e. authz|service, the Appender is "authz", and "service" @@ -58,12 +74,29 @@ public class Log4JLogIt implements LogIt { linit = Logger.getLogger(init); ltrace = Logger.getLogger(trace); - lfn.configure(propsFile, log_level); + lfn.configure(etc_dir,propsFile, log_level); } catch (IOException e) { throw new APIException(e); } } + private static final String getArgOrVM(final String tag, final String args[], final String def) { + String tagEQ = tag + '='; + String value; + for(String arg : args) { + if(arg.startsWith(tagEQ)) { + return arg.substring(tagEQ.length()); + } + } + // check System.properties + value = System.getProperty(tag); + if(value!=null) { + return value; + } + + return def; + } + @Override public void push(Level level, Object... elements) { switch(level) { diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 7bc56ac1..05a2b33c 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -112,7 +112,8 @@ org.onap.aaf.auth.fs.AAF_FS fs - cadi_prop_files=${project.conf_dir}/org.osaaf.fs.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.fs.props + cadi_log_dir=${project.ext_root_dir}/logs/fs diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java index 719daaae..0359b3ef 100644 --- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java +++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java @@ -23,7 +23,6 @@ package org.onap.aaf.auth.fs; import static org.onap.aaf.auth.rserv.HttpMethods.GET; -import java.io.File; import java.io.IOException; import javax.servlet.Filter; @@ -105,19 +104,9 @@ public class AAF_FS extends AbsService { public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "fs"); + Log4JLogIt logIt = new Log4JLogIt(args, "fs"); PropAccess propAccess = new PropAccess(logIt,args); - + AAF_FS service = new AAF_FS(new AuthzEnv(propAccess)); JettyServiceStarter jss = new JettyServiceStarter(service); jss.insecure().start(); diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml index bfb65e97..838c006e 100644 --- a/auth/auth-gui/pom.xml +++ b/auth/auth-gui/pom.xml @@ -117,7 +117,8 @@ org.onap.aaf.auth.gui.AAF_GUI gui - cadi_prop_files=${project.conf_dir}/org.osaaf.gui.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.gui.props + cadi_log_dir=${project.ext_root_dir}/logs/gui diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java index 676866bb..7d2a0172 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java @@ -25,8 +25,6 @@ import static org.onap.aaf.auth.rserv.HttpMethods.GET; import static org.onap.aaf.auth.rserv.HttpMethods.POST; import static org.onap.aaf.auth.rserv.HttpMethods.PUT; -import java.io.File; - import javax.servlet.Filter; import org.onap.aaf.auth.cmd.Cmd; @@ -258,19 +256,9 @@ public class AAF_GUI extends AbsService implements State jss = new JettyServiceStarter(service); jss.start(); diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index 873ffff7..5dfca621 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -89,7 +89,8 @@ org.onap.aaf.auth.hello.AAF_Hello hello - cadi_prop_files=${project.conf_dir}/org.osaaf.hello.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.hello.props + cadi_log_dir=${project.ext_root_dir}/logs/hello diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java index b20bf168..8a85b4e8 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java @@ -22,7 +22,6 @@ package org.onap.aaf.auth.hello; -import java.io.File; import java.util.Map; import javax.servlet.Filter; @@ -119,19 +118,9 @@ public class AAF_Hello extends AbsService { public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "hello"); + Log4JLogIt logIt = new Log4JLogIt(args, "hello"); PropAccess propAccess = new PropAccess(logIt,args); - + AAF_Hello service = new AAF_Hello(new AuthzEnv(propAccess)); JettyServiceStarter jss = new JettyServiceStarter(service); jss.start(); diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 808414cc..ce3fe032 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -97,7 +97,8 @@ org.onap.aaf.auth.locate.AAF_Locate locate - cadi_prop_files=${project.conf_dir}/org.osaaf.locate.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.locate.props + cadi_log_dir=${project.ext_root_dir}/logs/locate diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java index 31f67726..1cf3afbb 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java @@ -22,7 +22,6 @@ package org.onap.aaf.auth.locate; -import java.io.File; import java.net.URI; import java.util.Map; @@ -233,17 +232,7 @@ public class AAF_Locate extends AbsService { public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "locate"); + Log4JLogIt logIt = new Log4JLogIt(args, "locate"); PropAccess propAccess = new PropAccess(logIt,args); AAF_Locate service = new AAF_Locate(new AuthzEnv(propAccess)); diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml index 18f63281..89261ad5 100644 --- a/auth/auth-oauth/pom.xml +++ b/auth/auth-oauth/pom.xml @@ -92,7 +92,8 @@ org.onap.aaf.auth.oauth.AAF_OAuth oauth - cadi_prop_files=${project.conf_dir}/org.osaaf.oauth.props + cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.oauth.props + cadi_log_dir=${project.ext_root_dir}/logs/oauth diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java index 846d1a53..ecc2ae5b 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java @@ -22,7 +22,6 @@ package org.onap.aaf.auth.oauth; -import java.io.File; import java.util.Map; import javax.servlet.Filter; @@ -59,8 +58,8 @@ import org.onap.aaf.cadi.oauth.TokenMgr; import org.onap.aaf.cadi.oauth.TokenMgr.TokenPermLoader; import org.onap.aaf.cadi.register.Registrant; import org.onap.aaf.misc.env.APIException; -import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.Data.TYPE; +import org.onap.aaf.misc.env.Env; import com.datastax.driver.core.Cluster; @@ -186,19 +185,9 @@ public class AAF_OAuth extends AbsService { public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "oauth"); + Log4JLogIt logIt = new Log4JLogIt(args, "oauth"); PropAccess propAccess = new PropAccess(logIt,args); - + AAF_OAuth service = new AAF_OAuth(new AuthzEnv(propAccess)); JettyServiceStarter jss = new JettyServiceStarter(service); jss.start(); diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml index 10e3e4e7..16592856 100644 --- a/auth/auth-service/pom.xml +++ b/auth/auth-service/pom.xml @@ -121,6 +121,7 @@ service cadi_prop_files=${project.conf_dir}/org.osaaf.service.props + cadi_log_dir=${project.ext_root_dir}/logs/service diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java index 0040912f..bdabc39e 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java @@ -21,8 +21,6 @@ package org.onap.aaf.auth.service; -import java.io.File; - import javax.servlet.Filter; import org.onap.aaf.auth.cache.Cache; @@ -216,19 +214,9 @@ public class AAF_Service extends AbsService { */ public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "authz"); + Log4JLogIt logIt = new Log4JLogIt(args, "authz"); PropAccess propAccess = new PropAccess(logIt,args); - + AbsService service = new AAF_Service(new AuthzEnv(propAccess)); JettyServiceStarter jss = new JettyServiceStarter(service); jss.start(); diff --git a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt b/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt index bf1bc3c1..a5839f30 100644 --- a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt +++ b/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt @@ -1,302 +1,302 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - - - - -// Create org.onap -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap',2,'Onap NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin'); - - - -// Create org.onap.appc -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap.appc',2,'Onap NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); - - - -// Create org.onap.portal -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap.portal',2,'Onap NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'}, - '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'}, - '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'}, - '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'}, - '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'}, - '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator'); - - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); - - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator'); - - - - - - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +USE authz; + +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + + +// Create 'com' root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com',1,'Root Namespace',null,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','admin',{'com.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','owner',{'com.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); + +// Create org root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org',1,'Root Namespace Org',null,1); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); + + +// Create com.att + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att',2,'AT&T Namespace','com',2); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); + +// Create com.att.aaf + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); + + +// Create org.openecomp +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp',2,'Open EComp NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); + + + + +// Create org.onap +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.onap',2,'Onap NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin'); + + + +// Create org.onap.appc +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.onap.appc',2,'Onap NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); + + + +// Create org.onap.portal +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.onap.portal',2,'Onap NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'}, + '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'}, + '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'}, + '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'}, + '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'}, + '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator'); + + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); + + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator'); + + + + + + +// Create org.openecomp.dmaapBC + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); + +//INSERT INTO role(ns, name, perms, description) +// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) +VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + + + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml b/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml index eedfe266..78579adc 100644 --- a/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml +++ b/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml @@ -1,56 +1,56 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * -#------------------------------------------------------------------------------- -version: '2' -services: - aaf_container: - image: attos/aaf - ports: - - "8101:8101" - links: - - cassandra_container - volumes: - # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props - - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh - - ./data2:/data - # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh - # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props - # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar - # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar - # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar - # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar - # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar - entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"] - environment: - - CASSANDRA_CLUSTER=cassandra_container - - - cassandra_container: - image: cassandra:2.1.16 - ports: - - "7000:7000" - - "7001:7001" - - "9042:9042" - - "9160:9160" - volumes: - - ./data:/data - - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh - entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"] +#------------------------------------------------------------------------------- +# ============LICENSE_START==================================================== +# * org.onap.aaf +# * =========================================================================== +# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# * =========================================================================== +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * ============LICENSE_END==================================================== +# * +# * +#------------------------------------------------------------------------------- +version: '2' +services: + aaf_container: + image: attos/aaf + ports: + - "8101:8101" + links: + - cassandra_container + volumes: + # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props + - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh + - ./data2:/data + # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh + # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props + # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar + # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar + # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar + # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar + # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar + entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"] + environment: + - CASSANDRA_CLUSTER=cassandra_container + + + cassandra_container: + image: cassandra:2.1.16 + ports: + - "7000:7000" + - "7001:7001" + - "9042:9042" + - "9160:9160" + volumes: + - ./data:/data + - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh + entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"] diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile index 60414de0..ce785d50 100644 --- a/auth/docker/Dockerfile +++ b/auth/docker/Dockerfile @@ -5,19 +5,20 @@ ENV VERSION=${AAF_VERSION} LABEL description="aaf ${AAF_COMPONENT}" LABEL version=${AAF_VERSION} -RUN apt-get update -RUN apt-get install -y softhsm2 -RUN apt-get install -y libsofthsm2 -RUN apt-get install -y opensc + +#RUN apt-get update +#RUN apt-get install -y softhsm2 +#RUN apt-get install -y libsofthsm2 +#RUN apt-get install -y opensc COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin -CMD ["bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] +CMD ["/bin/bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] # For Debugging installation -# CMD ["bash"] +#CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] # Java Debugging VM Args # "-Xdebug",\ # "-Xnoagent",\ @@ -26,4 +27,3 @@ CMD ["bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] # TLS Debugging VM Args # "-Djavax.net.debug","ssl", \ - diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index b97ef6ab..54d9926a 100644 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -1,10 +1,9 @@ +#!/bin/bash dbuild.sh # # Docker Building Script. Reads all the components generated by install, on per-version basis # -ORG=onap -PROJECT=aaf -DOCKER_REPOSITORY=nexus3.onap.org:10003 -VERSION=2.1.0-SNAPSHOT +# Pull in Variables from d.props +. d.props # TODO add ability to do DEBUG settings if ["$1" == ""]; then @@ -14,6 +13,7 @@ else fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do + echo Building aaf_$AAF_COMPONENT... sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile > ../aaf_${VERSION}/Dockerfile cd .. docker build -t ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 601feaf3..775c0c45 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -1,7 +1,5 @@ -HOSTNAME=meriadoc.mithril.sbc.com -HOST_IP=172.17.0.3 -CASS_HOST="cass.mithril.sbc.com:172.17.0.3" -VERSION=2.1.0-SNAPSHOT +#!/bin/bash drun.sh +. d.props if [ "$1" == "" ]; then AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'` @@ -10,10 +8,9 @@ else fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do - case "$AAF_COMPONENT" in "service") PORTMAP="8100:8100";; - "locate") PORTMAP="443:8095";; + "locate") PORTMAP="8095:8095";; "oauth") PORTMAP="8140:8140";; "gui") PORTMAP="8200:8200";; "cm") PORTMAP="8150:8150";; @@ -21,15 +18,17 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do "fs") PORTMAP="80:8096";; esac -# if [ "`docker container ls | grep aaf_$AAF_COMPONENT:$VERSION`" == "" ]; then - docker run \ +# if [ "`docker container ls | grep aaf_$AAF_COMPONENT:$VERSION`" == "" ]; then + echo Starting aaf_$AAF_COMPONENT... + docker run \ + -d \ --name aaf_$AAF_COMPONENT \ --hostname="$HOSTNAME" \ --add-host="$CASS_HOST" \ --publish $PORTMAP \ - --volume=/opt/app/osaaf/etc:/opt/app/osaaf/etc \ + --mount type=bind,source=$CONF_ROOT_DIR,target=/opt/app/osaaf \ --link aaf_cass:cassandra \ - aaf_$AAF_COMPONENT:$VERSION + ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} # else #echo docker container start -ia aaf_$AAF_COMPONENT # fi diff --git a/auth/pom.xml b/auth/pom.xml index f9a6c7c1..11c8c032 100644 --- a/auth/pom.xml +++ b/auth/pom.xml @@ -42,7 +42,7 @@ 9.4.8.v20171121 1.5.1 - /opt/app/osaaf/etc + /opt/app/osaaf 0.7.7.201606060606 3.2 @@ -137,7 +137,7 @@ maven-failsafe-plugin 2.17 - flase + false @@ -166,9 +166,10 @@ ../aaf_${project.version} - false + true etc lib + false flat @@ -467,8 +468,8 @@ javax.servlet - servlet-api - 2.5 + javax.servlet-api + 3.0.1 diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml index c2fd0b2d..5b05f3a0 100644 --- a/cadi/aaf/pom.xml +++ b/cadi/aaf/pom.xml @@ -110,7 +110,7 @@ javax.servlet - servlet-api + javax.servlet-api provided diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java index b7c085b0..e969fab3 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java @@ -60,8 +60,6 @@ import java.security.spec.X509EncodedKeySpec; import java.util.Collection; import java.util.List; -import sun.security.pkcs11.SunPKCS11; - import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; @@ -460,24 +458,28 @@ public class Factory { * @throws CertException */ public static synchronized Provider getSecurityProvider(String providerType, String[][] params) throws CertException { - Provider p = null; - switch(providerType) { - case "PKCS12": - p = Security.getProvider(providerType); - break; - case "PKCS11": // PKCS11 only known to be supported by Sun - try { - p = new SunPKCS11(params[0][0]); - if (p==null) { - throw new CertException("SunPKCS11 Provider cannot be constructed for " + params[0][0]); + Provider p = Security.getProvider(providerType); + if(p!=null) { + switch(providerType) { + case "PKCS12": + + break; + case "PKCS11": // PKCS11 only known to be supported by Sun + try { + Class clsSunPKCS11 = Class.forName("sun.security.pkcs11.SunPKCS11"); + Constructor cnst = clsSunPKCS11.getConstructor(String.class); + Object sunPKCS11 = cnst.newInstance(params[0][0]); + if (sunPKCS11==null) { + throw new CertException("SunPKCS11 Provider cannot be constructed for " + params[0][0]); + } + Security.addProvider((Provider)sunPKCS11); + } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { + throw new CertException(e); } - Security.addProvider(p); - } catch (SecurityException | IllegalArgumentException e) { - throw new CertException(e); - } - break; - default: - throw new CertException(providerType + " is not a known Security Provider for your JDK."); + break; + default: + throw new CertException(providerType + " is not a known Security Provider for your JDK."); + } } return p; } diff --git a/cadi/client/pom.xml b/cadi/client/pom.xml index 46a83677..43c20215 100644 --- a/cadi/client/pom.xml +++ b/cadi/client/pom.xml @@ -98,7 +98,7 @@ javax.servlet - servlet-api + javax.servlet-api compile diff --git a/cadi/core/pom.xml b/cadi/core/pom.xml index c458fc98..ff1e3455 100644 --- a/cadi/core/pom.xml +++ b/cadi/core/pom.xml @@ -79,7 +79,7 @@ javax.servlet - servlet-api + javax.servlet-api provided diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 0de6f4ef..0871a205 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -73,7 +73,8 @@ public class Config { public static final String HOSTNAME = "hostname"; public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;) public static final String CADI_LOGLEVEL = "cadi_loglevel"; - public static final String CADI_LOGDIR = "cadi_logdir"; + public static final String CADI_LOGDIR = "cadi_log_dir"; + public static final String CADI_ETCDIR = "cadi_etc_dir"; public static final String CADI_LOGNAME = "cadi_logname"; public static final String CADI_KEYFILE = "cadi_keyfile"; public static final String CADI_KEYSTORE = "cadi_keystore"; diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AES.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AES.java index fc960be8..f872a56b 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AES.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AES.java @@ -1,194 +1,194 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * - ******************************************************************************/ -package org.onap.aaf.cadi.test; - -import static org.hamcrest.CoreMatchers.*; -import static org.junit.Assert.*; -import org.junit.*; - - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.PrintStream; -import java.lang.reflect.Field; -import java.nio.file.Files; -import java.nio.file.Paths; - -import javax.crypto.CipherInputStream; -import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKey; - -import org.onap.aaf.cadi.AES; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.Symm; - -public class JU_AES { - private AES aes; - private ByteArrayInputStream baisEncrypt; - private ByteArrayInputStream baisDecrypt; - private ByteArrayOutputStream baosEncrypt; - private ByteArrayOutputStream baosDecrypt; - - private ByteArrayOutputStream errStream; - - @Before - public void setup() throws Exception { - byte[] keyBytes = new byte[AES.AES_KEY_SIZE/8]; - char[] codeset = Symm.base64.codeset; - int offset = (Math.abs(codeset[0]) + 47) % (codeset.length - keyBytes.length); - for(int i = 0; i < keyBytes.length; ++i) { - keyBytes[i] = (byte)codeset[i+offset]; - } - aes = new AES(keyBytes, 0, keyBytes.length); - - errStream = new ByteArrayOutputStream(); - System.setErr(new PrintStream(errStream)); - } - - @After - public void tearDown() { - System.setErr(System.err); - } - - @Test - public void newKeyTest() throws Exception { - SecretKey secretKey = AES.newKey(); - assertThat(secretKey.getAlgorithm(), is(AES.class.getSimpleName())); - } - - @Test - public void encryptDecrpytFromBytes() throws Exception { - String orig = "I'm a password, really"; - byte[] encrypted = aes.encrypt(orig.getBytes()); - byte[] decrypted = aes.decrypt(encrypted); - assertThat(new String(decrypted), is(orig)); - - Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec"); - aeskeySpec_field.setAccessible(true); - aeskeySpec_field.set(aes, null); - - try { - aes.encrypt(orig.getBytes()); - fail("Should have thrown an exception"); - } catch (CadiException e) { - } - try { - aes.decrypt(encrypted); - fail("Should have thrown an exception"); - } catch (CadiException e) { - } - } - - @Test - public void saveToFileTest() throws Exception { - String filePath = "test/output_key"; - File keyfile = new File(filePath); - aes.save(keyfile); - assertTrue(Files.isReadable(Paths.get(filePath))); - assertFalse(Files.isWritable(Paths.get(filePath))); - assertFalse(Files.isExecutable(Paths.get(filePath))); - keyfile.delete(); - } - - @Test - public void encryptDecryptFromInputStream() throws Exception { - String orig = "I'm a password, really"; - byte[] b64encrypted; - String output; - - CipherInputStream cisEncrypt; - CipherInputStream cisDecrypt; - - // Test CipherInputStream - baisEncrypt = new ByteArrayInputStream(orig.getBytes()); - cisEncrypt = aes.inputStream(baisEncrypt, true); - baosEncrypt = new ByteArrayOutputStream(); - transferFromInputStreamToOutputStream(cisEncrypt, baosEncrypt); - cisEncrypt.close(); - - b64encrypted = baosEncrypt.toByteArray(); - - baisDecrypt = new ByteArrayInputStream(b64encrypted); - cisDecrypt = aes.inputStream(baisDecrypt, false); - baosDecrypt = new ByteArrayOutputStream(); - transferFromInputStreamToOutputStream(cisDecrypt, baosDecrypt); - cisDecrypt.close(); - - output = new String(baosDecrypt.toByteArray()); - assertThat(output, is(orig)); - - Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec"); - aeskeySpec_field.setAccessible(true); - aeskeySpec_field.set(aes, null); - - assertNull(aes.inputStream(baisEncrypt, true)); - assertThat(errStream.toString(), is("Error creating Aes CipherInputStream\n")); - } - - @Test - public void encryptDecryptFromOutputStream() throws Exception { - String orig = "I'm a password, really"; - byte[] b64encrypted; - String output; - - CipherOutputStream cosEncrypt; - CipherOutputStream cosDecrypt; - - // Test CipherOutputStream - baisEncrypt = new ByteArrayInputStream(orig.getBytes()); - baosEncrypt = new ByteArrayOutputStream(); - cosEncrypt = aes.outputStream(baosEncrypt, true); - transferFromInputStreamToOutputStream(baisEncrypt, cosEncrypt); - cosEncrypt.close(); - - b64encrypted = baosEncrypt.toByteArray(); - - baosDecrypt = new ByteArrayOutputStream(); - cosDecrypt = aes.outputStream(baosDecrypt, false); - baisDecrypt = new ByteArrayInputStream(b64encrypted); - transferFromInputStreamToOutputStream(baisDecrypt, cosDecrypt); - cosDecrypt.close(); - - output = new String(baosDecrypt.toByteArray()); - assertThat(output, is(orig)); - - Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec"); - aeskeySpec_field.setAccessible(true); - aeskeySpec_field.set(aes, null); - - assertNull(aes.outputStream(baosEncrypt, true)); - assertThat(errStream.toString(), is("Error creating Aes CipherOutputStream\n")); - } - - public void transferFromInputStreamToOutputStream(InputStream is, OutputStream os) throws IOException { - byte[] buffer = new byte[200]; - int len; - while ((len = is.read(buffer)) != -1) { - os.write(buffer, 0, len); - } - } - -} +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * + ******************************************************************************/ +package org.onap.aaf.cadi.test; + +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; +import org.junit.*; + + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintStream; +import java.lang.reflect.Field; +import java.nio.file.Files; +import java.nio.file.Paths; + +import javax.crypto.CipherInputStream; +import javax.crypto.CipherOutputStream; +import javax.crypto.SecretKey; + +import org.onap.aaf.cadi.AES; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.Symm; + +public class JU_AES { + private AES aes; + private ByteArrayInputStream baisEncrypt; + private ByteArrayInputStream baisDecrypt; + private ByteArrayOutputStream baosEncrypt; + private ByteArrayOutputStream baosDecrypt; + + private ByteArrayOutputStream errStream; + + @Before + public void setup() throws Exception { + byte[] keyBytes = new byte[AES.AES_KEY_SIZE/8]; + char[] codeset = Symm.base64.codeset; + int offset = (Math.abs(codeset[0]) + 47) % (codeset.length - keyBytes.length); + for(int i = 0; i < keyBytes.length; ++i) { + keyBytes[i] = (byte)codeset[i+offset]; + } + aes = new AES(keyBytes, 0, keyBytes.length); + + errStream = new ByteArrayOutputStream(); + System.setErr(new PrintStream(errStream)); + } + + @After + public void tearDown() { + System.setErr(System.err); + } + + @Test + public void newKeyTest() throws Exception { + SecretKey secretKey = AES.newKey(); + assertThat(secretKey.getAlgorithm(), is(AES.class.getSimpleName())); + } + + @Test + public void encryptDecrpytFromBytes() throws Exception { + String orig = "I'm a password, really"; + byte[] encrypted = aes.encrypt(orig.getBytes()); + byte[] decrypted = aes.decrypt(encrypted); + assertThat(new String(decrypted), is(orig)); + + Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec"); + aeskeySpec_field.setAccessible(true); + aeskeySpec_field.set(aes, null); + + try { + aes.encrypt(orig.getBytes()); + fail("Should have thrown an exception"); + } catch (CadiException e) { + } + try { + aes.decrypt(encrypted); + fail("Should have thrown an exception"); + } catch (CadiException e) { + } + } + + @Test + public void saveToFileTest() throws Exception { + String filePath = "test/output_key"; + File keyfile = new File(filePath); + aes.save(keyfile); + assertTrue(Files.isReadable(Paths.get(filePath))); + assertFalse(Files.isWritable(Paths.get(filePath))); + assertFalse(Files.isExecutable(Paths.get(filePath))); + keyfile.delete(); + } + + @Test + public void encryptDecryptFromInputStream() throws Exception { + String orig = "I'm a password, really"; + byte[] b64encrypted; + String output; + + CipherInputStream cisEncrypt; + CipherInputStream cisDecrypt; + + // Test CipherInputStream + baisEncrypt = new ByteArrayInputStream(orig.getBytes()); + cisEncrypt = aes.inputStream(baisEncrypt, true); + baosEncrypt = new ByteArrayOutputStream(); + transferFromInputStreamToOutputStream(cisEncrypt, baosEncrypt); + cisEncrypt.close(); + + b64encrypted = baosEncrypt.toByteArray(); + + baisDecrypt = new ByteArrayInputStream(b64encrypted); + cisDecrypt = aes.inputStream(baisDecrypt, false); + baosDecrypt = new ByteArrayOutputStream(); + transferFromInputStreamToOutputStream(cisDecrypt, baosDecrypt); + cisDecrypt.close(); + + output = new String(baosDecrypt.toByteArray()); + assertThat(output, is(orig)); + + Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec"); + aeskeySpec_field.setAccessible(true); + aeskeySpec_field.set(aes, null); + + assertNull(aes.inputStream(baisEncrypt, true)); + assertThat(errStream.toString(), is("Error creating Aes CipherInputStream\n")); + } + + @Test + public void encryptDecryptFromOutputStream() throws Exception { + String orig = "I'm a password, really"; + byte[] b64encrypted; + String output; + + CipherOutputStream cosEncrypt; + CipherOutputStream cosDecrypt; + + // Test CipherOutputStream + baisEncrypt = new ByteArrayInputStream(orig.getBytes()); + baosEncrypt = new ByteArrayOutputStream(); + cosEncrypt = aes.outputStream(baosEncrypt, true); + transferFromInputStreamToOutputStream(baisEncrypt, cosEncrypt); + cosEncrypt.close(); + + b64encrypted = baosEncrypt.toByteArray(); + + baosDecrypt = new ByteArrayOutputStream(); + cosDecrypt = aes.outputStream(baosDecrypt, false); + baisDecrypt = new ByteArrayInputStream(b64encrypted); + transferFromInputStreamToOutputStream(baisDecrypt, cosDecrypt); + cosDecrypt.close(); + + output = new String(baosDecrypt.toByteArray()); + assertThat(output, is(orig)); + + Field aeskeySpec_field = AES.class.getDeclaredField("aeskeySpec"); + aeskeySpec_field.setAccessible(true); + aeskeySpec_field.set(aes, null); + + assertNull(aes.outputStream(baosEncrypt, true)); + assertThat(errStream.toString(), is("Error creating Aes CipherOutputStream\n")); + } + + public void transferFromInputStreamToOutputStream(InputStream is, OutputStream os) throws IOException { + byte[] buffer = new byte[200]; + int len; + while ((len = is.read(buffer)) != -1) { + os.write(buffer, 0, len); + } + } + +} diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiException.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiException.java index fa3b5cc4..bfcaeeab 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiException.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiException.java @@ -1,121 +1,121 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * - ******************************************************************************/ -package org.onap.aaf.cadi.test; - -import static org.junit.Assert.*; - -import org.junit.Test; -import org.onap.aaf.cadi.CadiException; - -import static org.hamcrest.CoreMatchers.is; - -public class JU_CadiException { - @Test - public void testCadiException() { - CadiException exception = new CadiException(); - - assertNotNull(exception); - } - - @Test - public void testCadiExceptionString() { - CadiException exception = new CadiException("New Exception"); - assertNotNull(exception); - assertThat(exception.getMessage(), is("New Exception")); - } - - @Test - public void testCadiExceptionThrowable() { - CadiException exception = new CadiException(new Throwable("New Exception")); - assertNotNull(exception); - assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception")); - } - - @Test - public void testCadiExceptionStringThrowable() { - CadiException exception = new CadiException("New Exception",new Throwable("New Exception")); - assertNotNull(exception); - assertThat(exception.getMessage(), is("New Exception")); - - } - - @Test - public void testCadiException1() { - CadiException exception = new CadiException(); - - assertNotNull(exception); - } - - @Test - public void testCadiExceptionString1() { - CadiException exception = new CadiException("New Exception"); - assertNotNull(exception); - assertThat(exception.getMessage(), is("New Exception")); - } - - @Test - public void testCadiExceptionThrowable1() { - CadiException exception = new CadiException(new Throwable("New Exception")); - assertNotNull(exception); - assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception")); - } - - @Test - public void testCadiExceptionStringThrowable1() { - CadiException exception = new CadiException("New Exception",new Throwable("New Exception")); - assertNotNull(exception); - assertThat(exception.getMessage(), is("New Exception")); - - } - - @Test - public void testCadiException2() { - CadiException exception = new CadiException(); - - assertNotNull(exception); - } - - @Test - public void testCadiExceptionString2() { - CadiException exception = new CadiException("New Exception"); - assertNotNull(exception); - assertThat(exception.getMessage(), is("New Exception")); - } - - @Test - public void testCadiExceptionThrowable2() { - CadiException exception = new CadiException(new Throwable("New Exception")); - assertNotNull(exception); - assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception")); - } - - @Test - public void testCadiExceptionStringThrowable2() { - CadiException exception = new CadiException("New Exception",new Throwable("New Exception")); - assertNotNull(exception); - assertThat(exception.getMessage(), is("New Exception")); - - } - - - -} +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * + ******************************************************************************/ +package org.onap.aaf.cadi.test; + +import static org.junit.Assert.*; + +import org.junit.Test; +import org.onap.aaf.cadi.CadiException; + +import static org.hamcrest.CoreMatchers.is; + +public class JU_CadiException { + @Test + public void testCadiException() { + CadiException exception = new CadiException(); + + assertNotNull(exception); + } + + @Test + public void testCadiExceptionString() { + CadiException exception = new CadiException("New Exception"); + assertNotNull(exception); + assertThat(exception.getMessage(), is("New Exception")); + } + + @Test + public void testCadiExceptionThrowable() { + CadiException exception = new CadiException(new Throwable("New Exception")); + assertNotNull(exception); + assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception")); + } + + @Test + public void testCadiExceptionStringThrowable() { + CadiException exception = new CadiException("New Exception",new Throwable("New Exception")); + assertNotNull(exception); + assertThat(exception.getMessage(), is("New Exception")); + + } + + @Test + public void testCadiException1() { + CadiException exception = new CadiException(); + + assertNotNull(exception); + } + + @Test + public void testCadiExceptionString1() { + CadiException exception = new CadiException("New Exception"); + assertNotNull(exception); + assertThat(exception.getMessage(), is("New Exception")); + } + + @Test + public void testCadiExceptionThrowable1() { + CadiException exception = new CadiException(new Throwable("New Exception")); + assertNotNull(exception); + assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception")); + } + + @Test + public void testCadiExceptionStringThrowable1() { + CadiException exception = new CadiException("New Exception",new Throwable("New Exception")); + assertNotNull(exception); + assertThat(exception.getMessage(), is("New Exception")); + + } + + @Test + public void testCadiException2() { + CadiException exception = new CadiException(); + + assertNotNull(exception); + } + + @Test + public void testCadiExceptionString2() { + CadiException exception = new CadiException("New Exception"); + assertNotNull(exception); + assertThat(exception.getMessage(), is("New Exception")); + } + + @Test + public void testCadiExceptionThrowable2() { + CadiException exception = new CadiException(new Throwable("New Exception")); + assertNotNull(exception); + assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception")); + } + + @Test + public void testCadiExceptionStringThrowable2() { + CadiException exception = new CadiException("New Exception",new Throwable("New Exception")); + assertNotNull(exception); + assertThat(exception.getMessage(), is("New Exception")); + + } + + + +} diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java index 8bcb6329..d9a4437c 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CadiWrap.java @@ -1,161 +1,161 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * - ******************************************************************************/ -package org.onap.aaf.cadi.test; - -import org.junit.*; -import org.mockito.Mock; -import org.mockito.MockitoAnnotations; - -import static org.junit.Assert.*; -import static org.mockito.Matchers.*; -import static org.mockito.Mockito.*; - -import java.io.ByteArrayOutputStream; -import java.io.PrintStream; -import java.security.Principal; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.CachingLur; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.CadiWrap; -import org.onap.aaf.cadi.Lur; -import org.onap.aaf.cadi.Permission; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.User; -import org.onap.aaf.cadi.CachedPrincipal.Resp; -import org.onap.aaf.cadi.filter.MapPermConverter; -import org.onap.aaf.cadi.lur.EpiLur; -import org.onap.aaf.cadi.principal.TaggedPrincipal; -import org.onap.aaf.cadi.taf.TafResp; - -public class JU_CadiWrap { - - @Mock - private HttpServletRequest request; - - @Mock - private TafResp tafResp; - - @Mock - private TaggedPrincipal principle; - - @Mock - private Lur lur; - - @Before - public void setUp() throws Exception { - MockitoAnnotations.initMocks(this); - - System.setOut(new PrintStream(new ByteArrayOutputStream())); - } - - @After - public void tearDown() { - System.setOut(System.out); - } - - @SuppressWarnings("unchecked") - @Test - public void testInstantiate() throws CadiException { - Access a = new PropAccess(); - when(tafResp.getAccess()).thenReturn(a); - - lur.fishAll(isA(Principal.class), (List)isA(List.class)); - - EpiLur lur1 = new EpiLur(lur); - - CadiWrap wrap = new CadiWrap(request, tafResp, lur1); - - assertNull(wrap.getUserPrincipal()); - assertNull(wrap.getRemoteUser()); - assertNull(wrap.getUser()); - assertEquals(wrap.getPermissions(principle).size(), 0); - assertTrue(wrap.access() instanceof PropAccess); - - byte[] arr = {'1','2'}; - wrap.setCred(arr); - - assertEquals(arr, wrap.getCred()); - - wrap.setUser("User1"); - assertEquals("User1", wrap.getUser()); - - wrap.invalidate("1"); - - assertFalse(wrap.isUserInRole(null)); - - wrap.set(tafResp, lur); - - wrap.invalidate("2"); - - assertFalse(wrap.isUserInRole("User1")); - } - - @Test - public void testInstantiateWithPermConverter() throws CadiException { - Access a = new PropAccess(); - when(tafResp.getAccess()).thenReturn(a); - when(tafResp.getPrincipal()).thenReturn(principle); - - // Anonymous object for testing purposes - CachingLur lur1 = new CachingLur() { - @Override public Permission createPerm(String p) { return null; } - @Override public boolean fish(Principal bait, Permission pond) { return true; } - @Override public void fishAll(Principal bait, List permissions) { } - @Override public void destroy() { } - @Override public boolean handlesExclusively(Permission pond) { return false; } - @Override public boolean handles(Principal principal) { return false; } - @Override public void remove(String user) { } - @Override public Resp reload(User user) { return null; } - @Override public void setDebug(String commaDelimIDsOrNull) { } - @Override public void clear(Principal p, StringBuilder sb) { } - }; - - MapPermConverter pc = new MapPermConverter(); - - CadiWrap wrap = new CadiWrap(request, tafResp, lur1, pc); - - assertNotNull(wrap.getUserPrincipal()); - assertNull(wrap.getRemoteUser()); - assertNull(wrap.getUser()); - - byte[] arr = {'1','2'}; - wrap.setCred(arr); - - assertEquals(arr, wrap.getCred()); - - wrap.setUser("User1"); - assertEquals("User1", wrap.getUser()); - - wrap.invalidate("1"); - wrap.setPermConverter(new MapPermConverter()); - - assertTrue(wrap.getLur() instanceof CachingLur); - assertTrue(wrap.isUserInRole("User1")); - - wrap.set(tafResp, lur); - assertFalse(wrap.isUserInRole("Perm1")); - } -} +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * + ******************************************************************************/ +package org.onap.aaf.cadi.test; + +import org.junit.*; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import static org.junit.Assert.*; +import static org.mockito.Matchers.*; +import static org.mockito.Mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.security.Principal; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.CachingLur; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.CadiWrap; +import org.onap.aaf.cadi.Lur; +import org.onap.aaf.cadi.Permission; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.User; +import org.onap.aaf.cadi.CachedPrincipal.Resp; +import org.onap.aaf.cadi.filter.MapPermConverter; +import org.onap.aaf.cadi.lur.EpiLur; +import org.onap.aaf.cadi.principal.TaggedPrincipal; +import org.onap.aaf.cadi.taf.TafResp; + +public class JU_CadiWrap { + + @Mock + private HttpServletRequest request; + + @Mock + private TafResp tafResp; + + @Mock + private TaggedPrincipal principle; + + @Mock + private Lur lur; + + @Before + public void setUp() throws Exception { + MockitoAnnotations.initMocks(this); + + System.setOut(new PrintStream(new ByteArrayOutputStream())); + } + + @After + public void tearDown() { + System.setOut(System.out); + } + + @SuppressWarnings("unchecked") + @Test + public void testInstantiate() throws CadiException { + Access a = new PropAccess(); + when(tafResp.getAccess()).thenReturn(a); + + lur.fishAll(isA(Principal.class), (List)isA(List.class)); + + EpiLur lur1 = new EpiLur(lur); + + CadiWrap wrap = new CadiWrap(request, tafResp, lur1); + + assertNull(wrap.getUserPrincipal()); + assertNull(wrap.getRemoteUser()); + assertNull(wrap.getUser()); + assertEquals(wrap.getPermissions(principle).size(), 0); + assertTrue(wrap.access() instanceof PropAccess); + + byte[] arr = {'1','2'}; + wrap.setCred(arr); + + assertEquals(arr, wrap.getCred()); + + wrap.setUser("User1"); + assertEquals("User1", wrap.getUser()); + + wrap.invalidate("1"); + + assertFalse(wrap.isUserInRole(null)); + + wrap.set(tafResp, lur); + + wrap.invalidate("2"); + + assertFalse(wrap.isUserInRole("User1")); + } + + @Test + public void testInstantiateWithPermConverter() throws CadiException { + Access a = new PropAccess(); + when(tafResp.getAccess()).thenReturn(a); + when(tafResp.getPrincipal()).thenReturn(principle); + + // Anonymous object for testing purposes + CachingLur lur1 = new CachingLur() { + @Override public Permission createPerm(String p) { return null; } + @Override public boolean fish(Principal bait, Permission pond) { return true; } + @Override public void fishAll(Principal bait, List permissions) { } + @Override public void destroy() { } + @Override public boolean handlesExclusively(Permission pond) { return false; } + @Override public boolean handles(Principal principal) { return false; } + @Override public void remove(String user) { } + @Override public Resp reload(User user) { return null; } + @Override public void setDebug(String commaDelimIDsOrNull) { } + @Override public void clear(Principal p, StringBuilder sb) { } + }; + + MapPermConverter pc = new MapPermConverter(); + + CadiWrap wrap = new CadiWrap(request, tafResp, lur1, pc); + + assertNotNull(wrap.getUserPrincipal()); + assertNull(wrap.getRemoteUser()); + assertNull(wrap.getUser()); + + byte[] arr = {'1','2'}; + wrap.setCred(arr); + + assertEquals(arr, wrap.getCred()); + + wrap.setUser("User1"); + assertEquals("User1", wrap.getUser()); + + wrap.invalidate("1"); + wrap.setPermConverter(new MapPermConverter()); + + assertTrue(wrap.getLur() instanceof CachingLur); + assertTrue(wrap.isUserInRole("User1")); + + wrap.set(tafResp, lur); + assertFalse(wrap.isUserInRole("Perm1")); + } +} diff --git a/cadi/pom.xml b/cadi/pom.xml index b6f12625..dbf692b3 100644 --- a/cadi/pom.xml +++ b/cadi/pom.xml @@ -260,8 +260,8 @@ javax.servlet - servlet-api - 2.5 + javax.servlet-api + 3.0.1 diff --git a/conf/CA/clean.sh b/conf/CA/clean.sh index 3df61082..593a0a6c 100644 --- a/conf/CA/clean.sh +++ b/conf/CA/clean.sh @@ -1 +1 @@ -rm -Rf private certs newcerts index* serial* intermediateCAs +rm -Rf private certs newcerts index* serial* intermediate.serial intermediate_* diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index bb891759..eb391591 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -35,7 +35,7 @@ EOF chmod 400 private/$FQI.key SIGN_IT=true else - echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' + echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' echo chmod 400 $FQI.key echo "# All done, print result" echo openssl req -verify -text -noout -in $FQI.csr @@ -46,7 +46,8 @@ if [ "$SIGN_IT" = "true" ]; then # Sign it openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ -cert certs/ca.crt -keyfile private/ca.key \ - -policy policy_loose \ + -policy policy_loose \ + -days 360 \ -infiles $FQI.csr fi diff --git a/conf/CA/p12.sh b/conf/CA/p12.sh index f490b187..53184e2f 100644 --- a/conf/CA/p12.sh +++ b/conf/CA/p12.sh @@ -12,9 +12,8 @@ fi # Add Cert AND Intermediate CAs (Clients will have Root CAs (or not)) cat $MACH.crt > $MACH.chain - for CA in `ls intermediateCAs`; do - cat "intermediateCAs/$CA" >> $MACH.chain - done + # Add THIS Intermediate CA into chain + cat "certs/ca.crt" >> $MACH.chain # Make a pkcs12 keystore, a jks keystore and a pem keystore rm -f $MACH.p12 diff --git a/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java b/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java index ff7b43f0..cc4c8a96 100644 --- a/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java +++ b/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java @@ -67,19 +67,19 @@ public class LogFileNamer { }; f.createNewFile(); System.setProperty( - "LOG4J_FILENAME_"+(appender), + "LOG4J_FILENAME_"+appender, filename); return appender; } - public void configure(final String props, final String log_level) throws IOException { - String fname; - if(new File(fname="etc/"+props).exists()) { - org.apache.log4j.PropertyConfigurator.configureAndWatch(fname,60*1000L); + public void configure(final String path, final String fname, final String log_level) throws IOException { + final String fullPath=path+'/'+fname; + if(new File(fullPath).exists()) { + org.apache.log4j.PropertyConfigurator.configureAndWatch(fullPath,60*1000L); } else { - URL rsrc = ClassLoader.getSystemResource(props); + URL rsrc = ClassLoader.getSystemResource(fname); if(rsrc==null) { - String msg = "Neither File: " + fname + " or resource on Classpath " + props + " exist" ; + String msg = "Neither File: " + path + '/' + fname + " nor resource on Classpath " + fname + " exist" ; throw new IOException(msg); } org.apache.log4j.PropertyConfigurator.configure(rsrc); diff --git a/version.properties b/version.properties index c5683938..26d89e3e 100644 --- a/version.properties +++ b/version.properties @@ -1,36 +1,36 @@ -### -# ============LICENSE_START======================================================= -# ONAP AAF -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -### - -# Versioning variables -# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) -# because they are used in Jenkins, whose plug-in doesn't support - -major=2 -minor=1 -patch=0 - -base_version=${major}.${minor}.${patch} - -# Release must be completed with git revision # in Jenkins -release_version=${base_version} +### +# ============LICENSE_START======================================================= +# ONAP AAF +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +### + +# Versioning variables +# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) +# because they are used in Jenkins, whose plug-in doesn't support + +major=2 +minor=1 +patch=0 + +base_version=${major}.${minor}.${patch} + +# Release must be completed with git revision # in Jenkins +release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT \ No newline at end of file