From: Instrumental Date: Thu, 12 Jul 2018 16:14:10 +0000 (-0500) Subject: Configuration Agent and MS for AAF X-Git-Tag: 2.1.2~121^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=commitdiff_plain;h=9ec2895301056a9e8967eadb139e56f03776fe26 Configuration Agent and MS for AAF Issue-ID: AAF-361 Change-Id: I26f3d49e3d7eae4a932489bd677cf0b903fb7977 Signed-off-by: Instrumental --- diff --git a/auth/auth-cass/src/main/cql/init2_1.cql b/auth/auth-cass/src/main/cql/init2_1.cql index 4b9e7934..701dd774 100644 --- a/auth/auth-cass/src/main/cql/init2_1.cql +++ b/auth/auth-cass/src/main/cql/init2_1.cql @@ -1,3 +1,4 @@ +use authz; CREATE TABLE config ( name varchar, tag varchar, diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql index 67107cb0..40e79f10 100644 --- a/auth/auth-cass/src/main/cql/osaaf.cql +++ b/auth/auth-cass/src/main/cql/osaaf.cql @@ -49,6 +49,14 @@ INSERT INTO perm(ns, type, instance, action, roles, description) INSERT INTO role(ns, name, perms, description) VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); +// OSAAF Root +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('osaaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400; + + // ONAP Specific Entities // ONAP initial env Namespace INSERT INTO ns (name,description,parent,scope,type) diff --git a/auth/auth-cass/src/main/cql/temp_identity.cql b/auth/auth-cass/src/main/cql/temp_identity.cql index 7ca31203..b7415beb 100644 --- a/auth/auth-cass/src/main/cql/temp_identity.cql +++ b/auth/auth-cass/src/main/cql/temp_identity.cql @@ -1,12 +1,5 @@ USE authz; // Create Root pass INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('initial@osaaf.org','org.osaaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400; - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400; - + VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java index e6f2fc95..3fb250f9 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java @@ -50,7 +50,7 @@ public class Log4JLogIt implements LogIt { public Log4JLogIt(final String[] args, final String root) throws APIException { - String propsFile = getArgOrVM(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; + String propsFile = getArgOrVM(AAF_LOG4J_PREFIX, args, "org.osaaf.aaf")+".log4j.props"; String log_dir = getArgOrVM(Config.CADI_LOGDIR,args,"/opt/app/osaaf/logs"); String etc_dir = getArgOrVM(Config.CADI_ETCDIR,args,"/opt/app/osaaf/etc"); String log_level = getArgOrVM(Config.CADI_LOGLEVEL,args,"INFO"); diff --git a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java index 2fe12f5e..585f8d5a 100644 --- a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java +++ b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java @@ -70,12 +70,12 @@ public class JU_AAF_FS { System.setErr(new PrintStream(errStream)); value = System.setProperty(Config.CADI_LOGDIR, testDir); System.setProperty(Config.CADI_ETCDIR, testDir); - System.out.println(ClassLoader.getSystemResource("org.osaaf.log4j.props")); + System.out.println(ClassLoader.getSystemResource("org.osaaf.aaf.log4j.props")); d = new File(testDir); d.mkdirs(); fService = new File(d +"/fs-serviceTEST.log"); fService.createNewFile(); - fEtc = new File(d + "/org.osaaf.log4j.props"); + fEtc = new File(d + "/org.osaaf.aaf.log4j.props"); fEtc.createNewFile(); aEnv = new AuthzEnv(); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java index c65e7db5..7cd79dab 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeForm.java @@ -61,7 +61,7 @@ public class CMArtiChangeForm extends Page { static final String NAME = "ArtifactChange"; static final String fields[] = {"id","machine","ns","directory","ca","osuser","renewal","notify","cmd","others","types[]","sans"}; - static final String types[] = {"jks","file","script"}; + static final String types[] = {"pkcs12","jks","file","script"}; static final String UPDATE = "Update"; static final String CREATE = "Create"; static final String COPY = "Copy"; @@ -169,7 +169,7 @@ public class CMArtiChangeForm extends Page { arti.setRenewDays(30); arti.setNotification("mailto:"+user.email()); arti.getType().add(types[0]); - arti.getType().add(types[2]); + arti.getType().add(types[3]); submitText = CREATE; delete = false; } else { @@ -179,24 +179,14 @@ public class CMArtiChangeForm extends Page { arti.setNotification("mailto:"+user.email()); } } - // CSO Approval no longer required for SAN use -// final String mechID = arti.getMechid(); -// boolean maySans=gui.lur.fish(new Principal() { -// @Override -// public String getName() { -// return mechID; -// }},getPerm(arti.getCa(),"san")); -// if(!maySans) { -// arti.getSans().clear(); -// } Mark table = new Mark(TABLE); hgen.incr(table) - .input(fields[0],"MechID*",true,"value="+arti.getMechid()) + .input(fields[0],"AppID*",true,"value="+arti.getMechid()) .input("sponsor", "Sponsor",false,"value="+arti.getSponsor(),"readonly","style=border:none;background-color:white;") - .input(fields[1],"Machine*",true,"value="+arti.getMachine(),"style=width:130%;"); + .input(fields[1],"FQDN*",true,"value="+arti.getMachine(),"style=width:130%;"); // if(maySans) { hgen.incr(HTMLGen.TR).incr(HTMLGen.TD).end() - .incr(HTMLGen.TD,"class=subtext").text("Use full machine names, "); + .incr(HTMLGen.TD,"class=subtext").text("Use Fully Qualified Domain Names (that will be in DNS), "); if(!trans.fish(getPerm(arti.getCa(),"ip"))) { hgen.text("NO "); } diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore new file mode 100644 index 00000000..f08acc75 --- /dev/null +++ b/auth/docker/.gitignore @@ -0,0 +1 @@ +d.props diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config new file mode 100644 index 00000000..a5811e09 --- /dev/null +++ b/auth/docker/Dockerfile.config @@ -0,0 +1,17 @@ +FROM rmannfv/aaf-base:xenial +MAINTAINER AAF Team, AT&T 2018 +ENV VERSION=${AAF_VERSION} + +LABEL description="aaf_agent" +LABEL version=${AAF_VERSION} + +COPY data/sample.identities.dat /opt/app/aaf_config/data/ +COPY etc /opt/app/aaf_config/etc +COPY local/*.props /opt/app/aaf_config/local/ +COPY public /opt/app/aaf_config/public +COPY logs /opt/app/aaf_config/logs +COPY bin /opt/app/aaf_config/bin + +ENTRYPOINT ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] +CMD [] + diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core new file mode 100644 index 00000000..c4e8a461 --- /dev/null +++ b/auth/docker/Dockerfile.core @@ -0,0 +1,10 @@ +FROM rmannfv/aaf-base:xenial +MAINTAINER AAF Team, AT&T 2018 +ENV VERSION=${AAF_VERSION} + +LABEL description="aaf_core" +LABEL version=${AAF_VERSION} + +COPY lib /opt/app/aaf/lib +COPY bin /opt/app/aaf/bin + diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms new file mode 100644 index 00000000..121bd06c --- /dev/null +++ b/auth/docker/Dockerfile.ms @@ -0,0 +1,19 @@ +FROM onap/aaf/aaf_core:${AAF_VERSION} +MAINTAINER AAF Team, AT&T 2018 +ENV VERSION=${AAF_VERSION} + +LABEL description="aaf_${AAF_COMPONENT}" +LABEL version=${AAF_VERSION} + +CMD ["/bin/bash","-c","/opt/app/aaf/bin/${AAF_COMPONENT}"] + +# For Debugging installation +# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"] +# Java Debugging VM Args +# "-Xdebug",\ +# "-Xnoagent",\ +# "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000",\ + +# TLS Debugging VM Args +# "-Djavax.net.debug","ssl", \ + diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh new file mode 100644 index 00000000..68027947 --- /dev/null +++ b/auth/docker/agent.sh @@ -0,0 +1,9 @@ +#!/bin/bash +. ./d.props +docker run \ + -it \ + --mount 'type=volume,src=aaf_config,dst=/opt/app/osaaf,volume-driver=local' \ + --name aaf_agent_$USER \ + ${ORG}/${PROJECT}/aaf_config:${VERSION} \ + /bin/bash $* +docker container rm aaf_agent_$USER > /dev/null diff --git a/auth/docker/d.props b/auth/docker/d.props.init similarity index 72% rename from auth/docker/d.props rename to auth/docker/d.props.init index e56d4597..d65c11bb 100644 --- a/auth/docker/d.props +++ b/auth/docker/d.props.init @@ -2,9 +2,7 @@ ORG=onap PROJECT=aaf DOCKER_REPOSITORY=nexus3.onap.org:10003 -OLD_VERSION=2.1.0-SNAPSHOT -NEW_VERSION=2.1.1 -VERSION=2.1.1-SNAPSHOT +VERSION=2.1.2-SNAPSHOT CONF_ROOT_DIR=/opt/app/osaaf # Local Env info @@ -12,4 +10,3 @@ HOSTNAME= HOST_IP= CASS_HOST= - diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index ce299171..ec5cd5cb 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -3,8 +3,30 @@ # Docker Building Script. Reads all the components generated by install, on per-version basis # # Pull in Variables from d.props +if [ ! -e ./d.props ]; then + cp d.props.init d.props +fi + . ./d.props -# TODO add ability to do DEBUG settings + +# Create the Config (Security) Image +sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.config > ../sample/Dockerfile +cd .. +cp ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin +docker build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample +rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar +cd - + +exit + +# Second, build a core Docker Image +echo Building aaf_$AAF_COMPONENT... +# Apply currrent Properties to Docker file, and put in place. +sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.core > ../aaf_${VERSION}/Dockerfile +cd .. +docker build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION} +rm aaf_${VERSION}/Dockerfile +cd - if ["$1" == ""]; then AAF_COMPONENTS=`ls ../aaf_*HOT/bin | grep -v '\.'` @@ -14,11 +36,9 @@ fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do echo Building aaf_$AAF_COMPONENT... - sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile > ../aaf_${VERSION}/Dockerfile + sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.ms > ../aaf_${VERSION}/Dockerfile cd .. - docker build -t ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} - docker tag ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION} - docker tag ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION} + docker build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} rm aaf_${VERSION}/Dockerfile cd - done diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh index 7887b677..163272d0 100644 --- a/auth/docker/dclean.sh +++ b/auth/docker/dclean.sh @@ -8,8 +8,10 @@ else AAF_COMPONENTS=$1 fi +docker image rm $ORG/$PROJECT/aaf_core:${VERSION} + echo "Y" | docker container prune for AAF_COMPONENT in ${AAF_COMPONENTS}; do - docker image rm $DOCKER_REPOSITORY/$ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION} + docker image rm $ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION} done echo "Y" | docker image prune diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 7aee605c..a7378b75 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -2,6 +2,18 @@ # Pull in Variables from d.props . ./d.props +# Create Volumes, if not exist already +for VOL in aaf_config aaf_cass_data; do + HAS_VOLUME=`docker volume ls | grep $VOL` + if [ "$HAS_VOLUME" = "" ]; then + docker volume create --name $VOL + fi +done + docker run \ + -d \ + --name aaf_config \ + --mount 'type=volume,src=aaf_config,dst=/opt/app/osaaf,volume-driver=local' \ + ${ORG}/${PROJECT}/aaf_agent:${VERSION} if [ "$1" == "" ]; then AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'` @@ -49,5 +61,5 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do ${LINKS} \ --publish $PORTMAP \ --mount type=bind,source=$CONF_ROOT_DIR,target=/opt/app/osaaf \ - ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} + ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} done diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh index 0fb993ae..ae6ed02d 100644 --- a/auth/docker/dstart.sh +++ b/auth/docker/dstart.sh @@ -2,6 +2,7 @@ # Pull in Props . ./d.props + if [ "$1" == "" ]; then AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'` else diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh new file mode 100644 index 00000000..b4ea272e --- /dev/null +++ b/auth/sample/bin/agent.sh @@ -0,0 +1,85 @@ +# This script is run when starting aaf_config Container. +# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) +# +JAVA=/usr/bin/java + +# Only load Identities once +if [ ! -e /opt/app/osaaf/data/identities.dat ]; then + mkdir -p /opt/app/osaaf/data + cp /opt/app/aaf_config/data/sample.identities.dat /opt/app/osaaf/data/identities.dat +fi + +# Only initialize once, automatically... +if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then + for D in local; do + rsync -avzh /opt/app/aaf_config/$D/org.osaaf.aaf* /opt/app/osaaf/$D + done + for D in public etc logs; do + rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D + done + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \ + cadi_etc_dir=/opt/app/osaaf/local \ + cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \ + cadi_latitude=38.4329 \ + cadi_longitude=-90.43248 + #cp /opt/app/aaf_config/ +else + CMD=$2 + shift + if [ "$CMD" = "" ]; then + echo "AAF already configured for this Volume" + else + case "$CMD" in + ls) + echo ls requested + find /opt/app/osaaf -depth + ;; + cat) + if [ "$1" = "" ]; then + echo "usage: cat " + else + if [[ $1 == *.props ]]; then + echo + echo "## CONTENTS OF $3" + echo + cat $1 + else + echo "### ERROR ####" + echo " \"cat\" may only be used with files ending with \".props\"" + fi + fi + ;; + update) + for D in public data etc local logs; do + rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D /opt/app/osaaf + done + ;; + validate) + echo "## validate requested" + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props + ;; + bash) + if [ ! "grep aaf_config ~/.bashrc" == "" ]; then + echo "alias cadi='/bin/bash /opt/app/aaf_config/bin/agent.sh $*'" >> ~/.bashrc + . ~/.bashrc + fi + shift + /bin/bash $* + ;; + encrypt) + echo $1 $2 $3 + cd /opt/app/osaaf/local + + for F in `grep -l $2 *.props`; do + echo "Changing $F" + PWD=`$JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest $3 /opt/app/osaaf/local/org.osaaf.aaf.keyfile` + sed -i.old -e "s/\($2=\).*/\1enc=$PWD/" /opt/app/osaaf/local/org.osaaf.aaf.cred.props + cat $F + done + ;; + *) + $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar $* + esac + fi +fi + diff --git a/auth/sample/etc/org.osaaf.aaf.cm.props b/auth/sample/etc/org.osaaf.aaf.cm.props new file mode 100644 index 00000000..1fa13fe3 --- /dev/null +++ b/auth/sample/etc/org.osaaf.aaf.cm.props @@ -0,0 +1,14 @@ +## +## org.osaaf.aaf.cm.props +## AAF Certificate Manager properties +## Note: Link to CA Properties in "local" dir +## +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props +aaf_component=AAF_NS.cm:2.1.0.0 +port=8150 + +#Certman +cm_public_dir=/opt/app/osaaf/public +cm_trust_cas=AAF_RootCA.cer + + diff --git a/auth/sample/etc/org.osaaf.aaf.fs.props b/auth/sample/etc/org.osaaf.aaf.fs.props new file mode 100644 index 00000000..7307f626 --- /dev/null +++ b/auth/sample/etc/org.osaaf.aaf.fs.props @@ -0,0 +1,9 @@ +## +## org.osaaf.aaf.fs +## AAF Fileserver Properties +## +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props +aaf_component=AAF_NS.fs:2.1.0.0 +port=8096 + +aaf_public_dir=/opt/app/osaaf/public diff --git a/auth/sample/etc/org.osaaf.gui.props b/auth/sample/etc/org.osaaf.aaf.gui.props similarity index 86% rename from auth/sample/etc/org.osaaf.gui.props rename to auth/sample/etc/org.osaaf.aaf.gui.props index 66a3f4c7..619d60f5 100644 --- a/auth/sample/etc/org.osaaf.gui.props +++ b/auth/sample/etc/org.osaaf.aaf.gui.props @@ -1,8 +1,8 @@ ## -## org.osaaf.locator -## AAF Locator Properties +## org.osaaf.aaf.gui +## AAF GUI Properties ## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props aaf_component=AAF_NS.gui:2.1.0.0 port=8200 diff --git a/auth/sample/etc/org.osaaf.aaf.hello.props b/auth/sample/etc/org.osaaf.aaf.hello.props new file mode 100644 index 00000000..d26c1049 --- /dev/null +++ b/auth/sample/etc/org.osaaf.aaf.hello.props @@ -0,0 +1,8 @@ +## +## org.osaaf.aaf.hello +## AAF Hello Properties +## +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props +aaf_component=AAF_NS.hello:2.1.0.0 +port=8130 + diff --git a/auth/sample/etc/org.osaaf.aaf.locate.props b/auth/sample/etc/org.osaaf.aaf.locate.props new file mode 100644 index 00000000..521d63b7 --- /dev/null +++ b/auth/sample/etc/org.osaaf.aaf.locate.props @@ -0,0 +1,8 @@ +## +## org.osaaf.aaf.locate +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props +aaf_component=AAF_NS.locator:2.1.0.0 +port=8095 + diff --git a/auth/sample/etc/org.osaaf.log4j.props b/auth/sample/etc/org.osaaf.aaf.log4j.props similarity index 100% rename from auth/sample/etc/org.osaaf.log4j.props rename to auth/sample/etc/org.osaaf.aaf.log4j.props diff --git a/auth/sample/etc/org.osaaf.aaf.oauth.props b/auth/sample/etc/org.osaaf.aaf.oauth.props new file mode 100644 index 00000000..ce67de4d --- /dev/null +++ b/auth/sample/etc/org.osaaf.aaf.oauth.props @@ -0,0 +1,8 @@ +## +## org.osaaf.aaf.oauth +## AAF OAuth2 Properties +## +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props +aaf_component=AAF_NS.oauth:2.1.0.0 +port=8140 + diff --git a/auth/sample/etc/org.osaaf.orgs.props b/auth/sample/etc/org.osaaf.aaf.orgs.props similarity index 100% rename from auth/sample/etc/org.osaaf.orgs.props rename to auth/sample/etc/org.osaaf.aaf.orgs.props diff --git a/auth/sample/etc/org.osaaf.aaf.service.props b/auth/sample/etc/org.osaaf.aaf.service.props new file mode 100644 index 00000000..5472d820 --- /dev/null +++ b/auth/sample/etc/org.osaaf.aaf.service.props @@ -0,0 +1,8 @@ +## +## org.osaaf.aaf.service +## AAF Service Properties +## +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props +aaf_component=AAF_NS.service:2.1.0.0 +port=8100 + diff --git a/auth/sample/etc/org.osaaf.cm.props b/auth/sample/etc/org.osaaf.cm.props deleted file mode 100644 index da5ea872..00000000 --- a/auth/sample/etc/org.osaaf.cm.props +++ /dev/null @@ -1,14 +0,0 @@ -## -## org.osaaf.cm.props -## AAF Certificate Manager properties -## Note: Link to CA Properties in "local" dir -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props -aaf_component=AAF_NS.cm:2.1.0.0 -port=8150 - -#Certman -cm_public_dir=/opt/app/osaaf/public -cm_trust_cas=AAF_RootCA.cer - - diff --git a/auth/sample/etc/org.osaaf.common.props b/auth/sample/etc/org.osaaf.common.props deleted file mode 100644 index 459d7d7c..00000000 --- a/auth/sample/etc/org.osaaf.common.props +++ /dev/null @@ -1,30 +0,0 @@ -############################################################ -# Common properties for all AAF Components -# on 2018-03-02 06:59.628-0500 -############################################################ -# Pull in Global Coordinates and Certificate Information -aaf_root_ns=org.osaaf.aaf -aaf_trust_perm=org.osaaf.aaf|org.onap|trust - -cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.props -cadi_protocols=TLSv1.1,TLSv1.2 - -aaf_locate_url=https://aaf.osaaf.org:8095 -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 -cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login - -# Standard for this App/Machine -aaf_env=DEV -aaf_data_dir=/opt/app/osaaf/data -cadi_loglevel=DEBUG - -# Domain Support (which will accept) -aaf_domain_support=.com:.org - -# Basic Auth -aaf_default_realm=people.osaaf.org - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect - diff --git a/auth/sample/etc/org.osaaf.fs.props b/auth/sample/etc/org.osaaf.fs.props deleted file mode 100644 index 96d91f9d..00000000 --- a/auth/sample/etc/org.osaaf.fs.props +++ /dev/null @@ -1,10 +0,0 @@ -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props -aaf_component=AAF_NS.fs:2.1.0.0 -port=8096 - - -aaf_public_dir=/opt/app/osaaf/public diff --git a/auth/sample/etc/org.osaaf.hello.props b/auth/sample/etc/org.osaaf.hello.props deleted file mode 100644 index 9f77986e..00000000 --- a/auth/sample/etc/org.osaaf.hello.props +++ /dev/null @@ -1,8 +0,0 @@ -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props -aaf_component=AAF_NS.hello:2.1.0.0 -port=8130 - diff --git a/auth/sample/etc/org.osaaf.locate.props b/auth/sample/etc/org.osaaf.locate.props deleted file mode 100644 index d85c735e..00000000 --- a/auth/sample/etc/org.osaaf.locate.props +++ /dev/null @@ -1,8 +0,0 @@ -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props -aaf_component=AAF_NS.locator:2.1.0.0 -port=8095 - diff --git a/auth/sample/etc/org.osaaf.oauth.props b/auth/sample/etc/org.osaaf.oauth.props deleted file mode 100644 index 5be90174..00000000 --- a/auth/sample/etc/org.osaaf.oauth.props +++ /dev/null @@ -1,8 +0,0 @@ -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props -aaf_component=AAF_NS.oauth:2.1.0.0 -port=8140 - diff --git a/auth/sample/etc/org.osaaf.service.props b/auth/sample/etc/org.osaaf.service.props deleted file mode 100644 index 1b4df0e8..00000000 --- a/auth/sample/etc/org.osaaf.service.props +++ /dev/null @@ -1,8 +0,0 @@ -## -## org.osaaf.service -## AAF Service Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props -aaf_component=AAF_NS.service:2.1.0.0 -port=8100 - diff --git a/auth/sample/local/.gitignore b/auth/sample/local/.gitignore new file mode 100644 index 00000000..362863ac --- /dev/null +++ b/auth/sample/local/.gitignore @@ -0,0 +1,2 @@ +truststoreONAPall.jks +org.osaaf.aaf.signer.p12 diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props new file mode 100644 index 00000000..6b08d9a0 --- /dev/null +++ b/auth/sample/local/aaf.props @@ -0,0 +1,18 @@ +# +# Special AAF specific Properties... for AAF Init only +# +# Controlling NS +aaf_root_ns=org.osaaf.aaf +aaf_trust_perm=org.osaaf.aaf|org.onap|trust + +# Domains and Realms +aaf_domain_support=.com:.org +aaf_default_realm=people.osaaf.org + +# Initial Passwords and such +aaf_password=osaaf_admin +cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks +cadi_truststore_password=changeit + +# Other +aaf_data_dir=/opt/app/osaaf/data diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props new file mode 100644 index 00000000..f9ad077a --- /dev/null +++ b/auth/sample/local/initialConfig.props @@ -0,0 +1,10 @@ +aaf_env=DEV +aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 +gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 diff --git a/auth/sample/local/org.osaaf.cassandra.props b/auth/sample/local/org.osaaf.aaf.cassandra.props similarity index 94% rename from auth/sample/local/org.osaaf.cassandra.props rename to auth/sample/local/org.osaaf.aaf.cassandra.props index 4489a36b..692e57f9 100644 --- a/auth/sample/local/org.osaaf.cassandra.props +++ b/auth/sample/local/org.osaaf.aaf.cassandra.props @@ -7,7 +7,7 @@ cassandra.clusters=cass.aaf.osaaf.org cassandra.clusters.port=9042 #need this to be fully qualified name when REAL AAF integration cassandra.clusters.user=cassandra -cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV +cassandra.clusters.password=enc: # Name for exception that has happened in the past cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" @@ -27,3 +27,4 @@ cassandra.writeConsistency.role=ONE cassandra.writeConsistency.user_role=ONE cassandra.writeConsistency.cred=ONE cassandra.writeConsistency.ns_attrib=ONE + diff --git a/auth/sample/local/org.osaaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props similarity index 53% rename from auth/sample/local/org.osaaf.cm.ca.props rename to auth/sample/local/org.osaaf.aaf.cm.ca.props index 8843705c..59242995 100644 --- a/auth/sample/local/org.osaaf.cm.ca.props +++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props @@ -1,10 +1,10 @@ ## -## org.osaaf.cm.ca.props -## Properties to access Certifiate Authority +## org.osaaf.aaf.cm.ca.props +## Properties to access Certificate Authority ## #Certman -cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc: cm_ca.local.idDomains=org.osaaf cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US cm_ca.local.perm_type=org.osaaf.aaf.ca diff --git a/auth/sample/local/org.osaaf.aaf.cm.p12 b/auth/sample/local/org.osaaf.aaf.cm.p12 deleted file mode 100644 index 63aedd25..00000000 Binary files a/auth/sample/local/org.osaaf.aaf.cm.p12 and /dev/null differ diff --git a/auth/sample/local/org.osaaf.aaf.keyfile b/auth/sample/local/org.osaaf.aaf.keyfile deleted file mode 100644 index 7206ad93..00000000 --- a/auth/sample/local/org.osaaf.aaf.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0 -sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng -tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF -Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz -AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb -yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By -qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL -y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco -6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj -4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz --KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f -Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC -kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR -PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3 -YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg -yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN -jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_ -biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1 -ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My -c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf -GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE -G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw -BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS -acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d -QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_ -2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im -3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a \ No newline at end of file diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12 deleted file mode 100644 index ac1dece8..00000000 Binary files a/auth/sample/local/org.osaaf.aaf.p12 and /dev/null differ diff --git a/auth/sample/local/org.osaaf.aaf.props b/auth/sample/local/org.osaaf.aaf.props deleted file mode 100644 index 975f80cc..00000000 --- a/auth/sample/local/org.osaaf.aaf.props +++ /dev/null @@ -1,17 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by jg1555 -# on 2018-02-21T10:28:08.909-0600 -# @copyright 2016, AT&T -############################################################ -cm_url=https://aaf.osaaf.org:8150 -#hostname=aaf.osaaf.org -aaf_env=DEV -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile -cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 -cadi_keystore_password=enc:3O7HDzEzdYatFYb83-jV69MNzN8qIW975SS70qCs7xri0b1n4r5viHo1lrM6K8om -#cadi_key_password=enc: -cadi_alias=aaf-authz@aaf.osaaf.org -cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12 -cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np diff --git a/auth/sample/local/org.osaaf.aaf.trust.p12 b/auth/sample/local/org.osaaf.aaf.trust.p12 deleted file mode 100644 index 1e037def..00000000 Binary files a/auth/sample/local/org.osaaf.aaf.trust.p12 and /dev/null differ diff --git a/auth/sample/local/org.osaaf.location.props b/auth/sample/local/org.osaaf.location.props deleted file mode 100644 index d6d04ef4..00000000 --- a/auth/sample/local/org.osaaf.location.props +++ /dev/null @@ -1,12 +0,0 @@ -## -## org.osaaf.location.props -## -## Localized Machine Information -## -# Almeda California -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org -cadi_trust_masks=10.12.6/24 - diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean new file mode 100644 index 00000000..e92e1bd3 --- /dev/null +++ b/auth/sample/logs/clean @@ -0,0 +1,6 @@ +for D in `find . -type d`; do + if [ "$D" != "./" ]; then + rm -f $D/*.log + fi +done + diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog new file mode 100644 index 00000000..b4482d09 --- /dev/null +++ b/auth/sample/logs/taillog @@ -0,0 +1 @@ +tail -f `find . -name *service*.log -ctime 0` diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml index aa3899aa..2a7cd058 100644 --- a/cadi/aaf/pom.xml +++ b/cadi/aaf/pom.xml @@ -194,7 +194,7 @@ tests - org.onap.aaf.cadi.cm.CmAgent + org.onap.aaf.cadi.configure.Agent true diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java index 09f5ed7e..a86649db 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java @@ -176,7 +176,7 @@ public class Agent { System.out.println(" check []"); System.out.println(" keypairgen "); System.out.println(" config "); - System.out.println(" validate .props>"); + System.out.println(" validate .props>"); System.out.println(" --- Additional Tool Access ---"); System.out.println(" ** Type with no params for Tool Help"); System.out.println(" ** If using with Agent, preface with \"cadi\""); @@ -251,7 +251,13 @@ public class Agent { keypairGen(trans, access, cmds); break; case "config": - config(trans,access,aafcon(access),cmds); + if(access.getProperty(Config.CADI_PROP_FILES)!=null) { + // Get Properties from initialization Prop Files + config(trans,access,null,cmds); + } else { + // Get Properties from existing AAF Instance + config(trans,access,aafcon(access),cmds); + } break; case "validate": validate(access); @@ -721,7 +727,6 @@ public class Agent { private static void config(Trans trans, PropAccess pa, AAFCon aafcon, Deque cmds) throws Exception { final String fqi = fqi(cmds); - final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); final String rootFile = FQI.reverseDomain(fqi); final File dir = new File(pa.getProperty(Config.CADI_ETCDIR, ".")); if(dir.exists()) { @@ -796,35 +801,115 @@ public class Agent { String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false); ps = filesymm.enpass(ps); psCredProps.println(ps); - - psCredProps.print(Config.CADI_TRUSTSTORE); - psCredProps.print("="); - File origTruststore = new File(pa.getProperty(Config.CADI_TRUSTSTORE)); - File newTruststore = new File(dir,origTruststore.getName()); - if(!newTruststore.exists()) { - Files.copy(origTruststore.toPath(), newTruststore.toPath()); - } - psCredProps.println(newTruststore.getCanonicalPath()); + + String cts = pa.getProperty(Config.CADI_TRUSTSTORE); + if(cts!=null) { + File origTruststore = new File(cts); + if(!origTruststore.exists()) { + // Try same directory as cadi_prop_files + String cpf = pa.getProperty(Config.CADI_PROP_FILES); + if(cpf!=null) { + for(String f : Split.split(File.pathSeparatorChar, cpf)) { + File fcpf = new File(f); + if(fcpf.exists()) { + int lastSep = cts.lastIndexOf(File.pathSeparator); + origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts); + if(origTruststore.exists()) { + break; + } + } + } + if(!origTruststore.exists()) { + throw new CadiException(cts + "does not exist"); + } + } + + } + File newTruststore = new File(dir,origTruststore.getName()); + if(!newTruststore.exists()) { + Files.copy(origTruststore.toPath(), newTruststore.toPath()); + } + psCredProps.print(Config.CADI_TRUSTSTORE); + psCredProps.print("="); + psCredProps.println(newTruststore.getCanonicalPath()); - psCredProps.print(Config.CADI_TRUSTSTORE_PASSWORD); - psCredProps.print("=enc:"); - ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false); - ps = filesymm.enpass(ps); - psCredProps.println(ps); + psCredProps.print(Config.CADI_TRUSTSTORE_PASSWORD); + psCredProps.print("=enc:"); + ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false); + ps = filesymm.enpass(ps); + psCredProps.println(ps); + } + +// String cadi_x509_issuers = pa.getProperty(Config.CADI_X509_ISSUERS); +// if(cadi_x509_issuers!=null) { +// psCredProps.print(Config.CADI_X509_ISSUERS); +// psCredProps.print('='); +// psCredProps.println(cadi_x509_issuers); +// } + try { - Future acf = aafcon.client(new SingleEndpointLocator(locator)) - .read("/configure/"+fqi+"/aaf", configDF); - if(acf.get(TIMEOUT)) { - // out.println(acf.value.getName()); - for(Props props : acf.value.getProps()) { - psProps.println(props.getTag() + '=' + props.getValue()); + if(aafcon!=null) { // get Properties from Remote AAF + final String locator = getProperty(pa,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "); + + Future acf = aafcon.client(new SingleEndpointLocator(locator)) + .read("/configure/"+fqi+"/aaf", configDF); + if(acf.get(TIMEOUT)) { + PrintStream pstemp; + for(Props props : acf.value.getProps()) { + if(Config.CADI_X509_ISSUERS.equals(props.getTag())) { + pstemp=psCredProps; + } else { + pstemp = psProps; + } + pstemp.print(props.getTag()); + pstemp.print('='); + pstemp.println(props.getValue()); + } + ok = true; + } else if(acf.code()==401){ + trans.error().log("Bad Password sent to AAF"); + } else { + trans.error().log(errMsg.toMsg(acf)); } - ok = true; - } else if(acf.code()==401){ - trans.error().log("Bad Password sent to AAF"); } else { - trans.error().log(errMsg.toMsg(acf)); + String cpf = pa.getProperty(Config.CADI_PROP_FILES); + if(cpf!=null){ + for(String f : Split.split(File.pathSeparatorChar, cpf)) { + System.out.format("Reading %s\n",f); + FileInputStream fis = new FileInputStream(f); + try { + Properties props = new Properties(); + props.load(fis); + PrintStream pstemp; + String key,value; + for(Entry prop : props.entrySet()) { + key = prop.getKey().toString(); + if(Config.CADI_X509_ISSUERS.equals(key)) { + pstemp=psCredProps; + value = prop.getValue().toString(); + } else if(key.endsWith("_password")){ + if(Config.AAF_APPPASS.equals(key) || Config.CADI_TRUSTSTORE_PASSWORD.equals(key)) { + continue; + } + value = "enc:" + filesymm.enpass(prop.getValue().toString()); + pstemp = psCredProps; + } else if(Config.CADI_TRUSTSTORE.equals(key)) { + continue; + } else { + value = prop.getValue().toString(); + pstemp = psProps; + } + pstemp.print(key); + pstemp.print('='); + pstemp.println(value); + } + } finally { + fis.close(); + } + } + } + ok = true; } } finally { psProps.close();