From c060284812fbbc18fcf22eb628c47c251505fe50 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Mon, 2 Jul 2018 09:40:49 -0500 Subject: [PATCH] Update CM to us Local Intermediate Certs Issue-ID: AAF-384 Change-Id: Iefd36c5b9ab8011ac696cb85e74c54edb63cb40a Signed-off-by: Instrumental --- .../src/main/java/org/onap/aaf/auth/cm/ca/CA.java | 31 ++- .../main/java/org/onap/aaf/auth/cm/ca/JscepCA.java | 2 +- .../main/java/org/onap/aaf/auth/cm/ca/LocalCA.java | 50 +++-- .../onap/aaf/auth/cm/ca/X509ChainWithIssuer.java | 24 +- .../java/org/onap/aaf/auth/cm/ca/X509andChain.java | 13 +- .../java/org/onap/aaf/auth/cm/cert/BCFactory.java | 4 +- .../java/org/onap/aaf/auth/cm/cert/CSRMeta.java | 4 +- .../main/java/org/onap/aaf/auth/cm/cert/RDN.java | 2 +- .../java/org/onap/aaf/auth/cm/data/CertReq.java | 2 +- .../java/org/onap/aaf/auth/cm/data/CertResp.java | 13 +- .../org/onap/aaf/auth/cm/facade/FacadeImpl.java | 4 +- .../org/onap/aaf/auth/cm/mapper/Mapper1_0.java | 14 +- .../org/onap/aaf/auth/cm/mapper/Mapper2_0.java | 7 +- .../org/onap/aaf/auth/cm/service/CMService.java | 6 +- .../java/org/onap/aaf/auth/cm/ca/JU_AppCA.java | 3 +- .../org/onap/aaf/auth/cm/cert/JU_BCFactory.java | 2 +- .../org/onap/aaf/auth/cm/test/CertmanTest.java | 2 +- .../org/onap/aaf/auth/env/AuthzTransFilter.java | 3 +- .../java/org/onap/aaf/auth/rserv/TransFilter.java | 3 +- .../onap/aaf/auth/server/JettyServiceStarter.java | 9 +- .../onap/aaf/auth/gui/pages/CMArtifactShow.java | 2 +- .../org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java | 3 +- .../cadi/{cm/CmAgent.java => configure/Agent.java} | 248 +++++++++++++-------- .../aaf/cadi/{cm => configure}/ArtifactDir.java | 12 +- .../aaf/cadi/{cm => configure}/CertException.java | 2 +- .../onap/aaf/cadi/{cm => configure}/Factory.java | 42 +++- .../aaf/cadi/{cm => configure}/PlaceArtifact.java | 2 +- .../{cm => configure}/PlaceArtifactInFiles.java | 3 +- .../{cm => configure}/PlaceArtifactInKeystore.java | 42 ++-- .../{cm => configure}/PlaceArtifactOnStream.java | 2 +- .../{cm => configure}/PlaceArtifactScripts.java | 4 +- .../org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java | 2 +- .../onap/aaf/cadi/cm/test/JU_CertException.java | 3 +- .../java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java | 20 +- .../java/org/onap/aaf/cadi/cm/test/JU_Factory.java | 13 +- .../aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java | 2 +- .../cadi/cm/test/JU_PlaceArtifactInKeystore.java | 7 +- .../aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java | 3 +- .../aaf/cadi/cm/test/JU_PlaceArtifactScripts.java | 2 +- .../core/src/main/java/org/onap/aaf/cadi/Symm.java | 2 + .../main/java/org/onap/aaf/cadi/config/Config.java | 8 +- .../org/onap/aaf/cadi/config/SecurityInfoC.java | 8 +- .../java/org/onap/aaf/cadi/filter/CadiFilter.java | 3 +- .../org/onap/aaf/cadi/filter/CadiHTTPManip.java | 3 +- .../java/org/onap/aaf/misc/env/util/Split.java | 13 ++ 45 files changed, 407 insertions(+), 242 deletions(-) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm/CmAgent.java => configure/Agent.java} (82%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/ArtifactDir.java (95%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/CertException.java (97%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/Factory.java (94%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/PlaceArtifact.java (97%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/PlaceArtifactInFiles.java (95%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/PlaceArtifactInKeystore.java (81%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/PlaceArtifactOnStream.java (97%) rename cadi/aaf/src/main/java/org/onap/aaf/cadi/{cm => configure}/PlaceArtifactScripts.java (98%) diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index ea726480..ac3e1a54 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -36,7 +36,8 @@ import org.onap.aaf.auth.cm.cert.CSRMeta; import org.onap.aaf.auth.cm.cert.RDN; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Split; @@ -57,9 +58,9 @@ public abstract class CA { private final String env; private MessageDigest messageDigest; private final String permType; - private Set caIssuerDNs; private final ArrayList idDomains; private String[] trustedCAs; + private String[] caIssuerDNs; private List rdns; @@ -71,7 +72,7 @@ public abstract class CA { if(permType==null) { throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } - caIssuerDNs = new HashSet<>(); + caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null)); String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; @@ -112,7 +113,12 @@ public abstract class CA { String trustCas = access.getProperty(CM_TRUST_CAS,null); if(trustCas!=null) { for(String fname : Split.splitTrim(',', trustCas)) { - File crt = new File(data,fname); + File crt; + if(fname.contains("/")) { + crt = new File(fname); + } else { + crt = new File(data,fname); + } if(crt.exists()) { access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath()); bytes = new byte[(int)crt.length()]; @@ -139,7 +145,19 @@ public abstract class CA { } protected void addCaIssuerDN(String issuerDN) { - caIssuerDNs.add(issuerDN); + boolean changed = true; + for(String id : caIssuerDNs) { + if(id.equals(issuerDN)) { + changed = false; + break; + } + } + if(changed) { + String[] newsa = new String[caIssuerDNs.length+1]; + newsa[0]=issuerDN; + System.arraycopy(caIssuerDNs, 0, newsa, 1, caIssuerDNs.length); + caIssuerDNs = newsa; + } } protected synchronized void addTrustedCA(final String crtString) { @@ -161,7 +179,7 @@ public abstract class CA { trustedCAs = temp; } - public Set getCaIssuerDNs() { + public String[] getCaIssuerDNs() { return caIssuerDNs; } @@ -211,4 +229,5 @@ public abstract class CA { public CSRMeta newCSRMeta() { return new CSRMeta(rdns); } + } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index ee73dbdc..3f398381 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -48,7 +48,7 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.Locator.Item; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.cadi.locator.HotPeerLocator; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index e2287c3b..af2d2f6b 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -39,6 +39,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.GregorianCalendar; import java.util.List; @@ -64,28 +65,33 @@ import org.onap.aaf.auth.cm.cert.RDN; import org.onap.aaf.auth.env.NullTrans; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; public class LocalCA extends CA { + private final static BigInteger ONE = new BigInteger("1"); // Extensions private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, // WebServer - KeyPurposeId.id_kp_clientAuth};// WebClient - + KeyPurposeId.id_kp_clientAuth // WebClient + }; + private final PrivateKey caKey; private final X500Name issuer; private final SecureRandom random = new SecureRandom(); - private byte[] serialish; + private BigInteger serial; private final X509ChainWithIssuer x509cwi; // "Cert" is CACert - + + public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException { super(access, name, env); - serialish = new byte[24]; + + serial = new BigInteger(64,random); + if(params.length<1 || params[0].length<2) { throw new IOException("LocalCA expects cm_ca.=org.onap.aaf.auth.cm.ca.LocalCA,[;]+"); } @@ -180,7 +186,9 @@ public class LocalCA extends CA { } X500NameBuilder xnb = new X500NameBuilder(); - for(RDN rnd : RDN.parse(',', x509cwi.getIssuerDN())) { + List rp = RDN.parse(',', x509cwi.getIssuerDN()); + Collections.reverse(rp); + for(RDN rnd : rp) { xnb.addRDN(rnd.aoi,rnd.value); } issuer = xnb.build(); @@ -201,9 +209,10 @@ public class LocalCA extends CA { TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB); try { BigInteger bi; - synchronized(serialish) { - random.nextBytes(serialish); - bi = new BigInteger(serialish); + + synchronized(ONE) { + bi = serial; + serial = serial.add(ONE); } RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic(); @@ -225,20 +234,23 @@ public class LocalCA extends CA { JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); xcb.addExtension(Extension.basicConstraints, - false, new BasicConstraints(false)) + false, new BasicConstraints(false + )) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature - | KeyUsage.keyEncipherment)) + | KeyUsage.keyEncipherment + | KeyUsage.nonRepudiation)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(ASN_WebUsage)) - .addExtension(Extension.authorityKeyIdentifier, - false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert)) - .addExtension(Extension.subjectKeyIdentifier, - false, extUtils.createSubjectKeyIdentifier(x509cwi.cert.getPublicKey())) + false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert)) + .addExtension(Extension.subjectKeyIdentifier, + false, extUtils.createSubjectKeyIdentifier(rpk)) .addExtension(Extension.subjectAlternativeName, false, new GeneralNames(sans)) - ; +// .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType( +// NetscapeCertType.sslClient|NetscapeCertType.sslClient)) + ; x509 = new JcaX509CertificateConverter().getCertificate( xcb.build(BCFactory.contentSigner(caKey))); @@ -248,7 +260,7 @@ public class LocalCA extends CA { tt.done(); } - return new X509ChainWithIssuer(x509cwi,x509); + return new X509andChain(x509,x509cwi.trustChain); } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java index 6ba5a37f..e31b9988 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java @@ -29,13 +29,14 @@ import java.security.cert.X509Certificate; import java.util.Collection; import java.util.List; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; public class X509ChainWithIssuer extends X509andChain { private String issuerDN; + public X509Certificate caX509; - public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) { + public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) throws IOException, CertException { super(x509,orig.trustChain); issuerDN=orig.issuerDN; } @@ -48,7 +49,8 @@ public class X509ChainWithIssuer extends X509andChain { if(rdr==null) { // cover for badly formed array continue; } - byte[] bytes = Factory.decode(rdr); + + byte[] bytes = Factory.decode(rdr,null); try { certs = Factory.toX509Certificate(bytes); } catch (CertificateException e) { @@ -62,24 +64,24 @@ public class X509ChainWithIssuer extends X509andChain { } if(cert==null) { // first in Trust Chain issuerDN = subject.toString(); + cert=x509; // adding each time makes sure last one is signer. } addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. } } } public X509ChainWithIssuer(Certificate[] certs) throws IOException, CertException { X509Certificate x509; - for(Certificate c : certs) { - x509=(X509Certificate)c; + for(int i=certs.length-1; i>=0; --i) { + x509=(X509Certificate)certs[i]; Principal subject = x509.getSubjectDN(); if(subject!=null) { - if(cert==null) { // first in Trust Chain - issuerDN= subject.toString(); - } addTrustChainEntry(x509); - cert=x509; // adding each time makes sure last one is signer. + if(i==0) { // last one is signer + cert=x509; + issuerDN= subject.toString(); + } } } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java index 46a6393a..5141cc62 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java @@ -25,8 +25,8 @@ import java.security.cert.X509Certificate; import java.util.List; import org.onap.aaf.auth.env.NullTrans; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; /** @@ -45,14 +45,14 @@ public class X509andChain { trustChain = null; } - public X509andChain(X509Certificate cert, String[] trustChain) { + public X509andChain(X509Certificate cert, String[] tc) throws IOException, CertException { this.cert = cert; - this.trustChain = trustChain; + trustChain=tc; } - public X509andChain(X509Certificate cert, List chain) { + public X509andChain(X509Certificate cert, List chain) throws IOException, CertException { this.cert = cert; - trustChain = new String[chain.size()]; + trustChain = new String[chain.size()+1]; chain.toArray(trustChain); } @@ -67,6 +67,7 @@ public class X509andChain { trustChain=temp; } } + public X509Certificate getX509() { return cert; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java index 7f4590f3..70ddd438 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java @@ -37,8 +37,8 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index 2b763f7f..7d417d5f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -49,8 +49,8 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Trans; public class CSRMeta { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java index 5b55f1ca..564a4b5d 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java @@ -25,7 +25,7 @@ import java.util.List; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x500.style.BCStyle; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.cadi.util.Split; public class RDN { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java index aa0b9c26..d960945c 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java @@ -28,7 +28,7 @@ import javax.xml.datatype.XMLGregorianCalendar; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.cert.BCFactory; import org.onap.aaf.auth.cm.cert.CSRMeta; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; public class CertReq { // These cannot be null diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java index 595025e7..970bfb85 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java @@ -25,12 +25,11 @@ import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.cert.X509Certificate; -import java.util.Set; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.cert.CSRMeta; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Trans; public class CertResp { @@ -40,17 +39,15 @@ public class CertResp { private String privateKey, certString; private String[] trustChain; - private String[] trustCAs; private String[] notes; - public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] trustCAs, String[] notes) throws IOException, GeneralSecurityException, CertException { + public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] notes) throws IOException, GeneralSecurityException, CertException { keyPair = csrMeta.keypair(trans); privateKey = Factory.toString(trans, keyPair.getPrivate()); certString = Factory.toString(trans,x509); challenge=csrMeta.challenge(); this.ca = ca; this.trustChain = trustChain; - this.trustCAs = trustCAs; this.notes = notes; } @@ -76,7 +73,7 @@ public class CertResp { return notes; } - public Set caIssuerDNs() { + public String[] caIssuerDNs() { return ca.getCaIssuerDNs(); } @@ -89,6 +86,6 @@ public class CertResp { } public String[] trustCAs() { - return trustCAs; + return ca.getTrustedCAs(); } } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java index 0598ee60..51a905a4 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java @@ -58,8 +58,8 @@ import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Data; import org.onap.aaf.misc.env.Env; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java index 16517c95..c06734f4 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java @@ -31,8 +31,8 @@ import org.onap.aaf.auth.cm.data.CertReq; import org.onap.aaf.auth.cm.data.CertResp; import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.auth.dao.cass.ArtiDAO; -import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.dao.cass.ArtiDAO.Data; +import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.util.FQI; @@ -108,7 +108,9 @@ public class Mapper1_0 implements Mapper { if((value=cin.challenge())!=null) { cout.setChallenge(value); } + // In Version 1, Cert is always first cout.getCerts().add(cin.asCertString()); + // Follow with Trust Chain if(cin.trustChain()!=null) { for(String c : cin.trustChain()) { if(c!=null) { @@ -116,12 +118,15 @@ public class Mapper1_0 implements Mapper { } } } + // Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup // Certs in keystore versus Truststore. Separate in Version 2_0 if(cin.trustCAs()!=null) { for(String c : cin.trustCAs()) { if(c!=null) { - cout.getCerts().add(c); + if(!cout.getCerts().contains(c)) { + cout.getCerts().add(c); + } } } } @@ -138,7 +143,10 @@ public class Mapper1_0 implements Mapper { } cout.setNotes(sb.toString()); } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); + List caIssuerDNs = cout.getCaIssuerDNs(); + for(String s : cin.caIssuerDNs()) { + caIssuerDNs.add(s); + } cout.setEnv(cin.env()); return Result.ok(cout); diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java index 13123bdf..76f7d9be 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java @@ -127,7 +127,12 @@ public class Mapper2_0 implements Mapper { } cout.setNotes(sb.toString()); } - cout.getCaIssuerDNs().addAll(cin.caIssuerDNs()); + + List caIssuerDNs = cout.getCaIssuerDNs(); + for(String s : cin.caIssuerDNs()) { + caIssuerDNs.add(s); + } + cout.setEnv(cin.env()); return Result.ok(cout); } else { diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 4ef5472a..8d39f540 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -59,7 +59,7 @@ import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.Hash; import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.util.Chrono; @@ -317,7 +317,7 @@ public class CMService { crdd.type = CredDAO.CERT_SHA256_RSA; credDAO.create(trans, crdd); - CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(notes)); + CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes)); return Result.ok(cr); } catch (Exception e) { trans.error().log(e); @@ -398,7 +398,7 @@ public class CMService { cdd.x509=Factory.toString(trans, x509); certDAO.create(trans, cdd); - CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(null)); + CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null)); return Result.ok(cr); } catch (Exception e) { trans.error().log(e); diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java index f6d5cab1..d81ea9bc 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java @@ -52,10 +52,9 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.cert.CSRMeta; import org.onap.aaf.auth.dao.cached.CachedCertDAO; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.misc.env.Trans; //TODO: Gabe [JUnit] Import does not exist diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java index 856d09c2..337bc9ed 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java @@ -41,7 +41,7 @@ import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java index 7d3f25ca..5ec96f25 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java @@ -41,8 +41,8 @@ import org.onap.aaf.cadi.Locator.Item; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.cm.Factory; import org.onap.aaf.cadi.config.SecurityInfoC; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.cadi.http.HBasicAuthSS; import org.onap.aaf.cadi.http.HMangr; import org.onap.aaf.cadi.locator.DNSLocator; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java index cbc0737c..531e40ab 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.onap.aaf.auth.rserv.TransFilter; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Connector; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.TrustChecker; import org.onap.aaf.cadi.principal.TaggedPrincipal; import org.onap.aaf.cadi.principal.TrustPrincipal; @@ -48,7 +49,7 @@ public class AuthzTransFilter extends TransFilter { public static final int BUCKETSIZE = 2; - public AuthzTransFilter(AuthzEnv env, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { + public AuthzTransFilter(AuthzEnv env, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { super(env.access(),con, tc, additionalTafLurs); this.env = env; serviceMetric = new Metric(); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java index 400c539c..c286e507 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java @@ -37,6 +37,7 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Connector; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.TrustChecker; import org.onap.aaf.cadi.config.Config; @@ -66,7 +67,7 @@ public abstract class TransFilter implements Filter { private final String[] no_authn; - public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { + public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs); String no = access.getProperty(Config.CADI_NOAUTHN, null); if(no!=null) { diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java index 4b2ca32c..cefc7a23 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java @@ -231,11 +231,16 @@ public class JettyServiceStarter ex try { register(service.registrants(port)); access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port); + server.join(); } catch(Exception e) { access().log(e,"Error registering " + service.app_name); - // Question: Should Registered Services terminate? + String doExit = access().getProperty("cadi_exitOnFailure", "true"); + if (doExit == "true") { + System.exit(1); + } else { + throw e; + } } - server.join(); } private FilterChain buildFilterChain(final AbsService as, final FilterChain doLast) throws CadiException, LocatorException { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java index 0ad73649..296e41e1 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtifactShow.java @@ -47,7 +47,7 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java index 7237cb5f..9fc38d9f 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java @@ -70,8 +70,9 @@ public class AAFConHttp extends AAFCon { } catch (IOException /*| GeneralSecurityException*/ e) { throw new CadiException(e); } + } else { + throw new CadiException("No IDs (" + Config.CADI_ALIAS + " or " + Config.AAF_APPID + ") have been identified."); } - return null; } public AAFConHttp(Access access, String tag) throws APIException, CadiException, LocatorException { diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java similarity index 82% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java index a899662b..3c8719b4 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CmAgent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java @@ -19,13 +19,14 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.PrintStream; import java.net.ConnectException; +import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.UnknownHostException; import java.nio.file.Files; @@ -53,6 +54,7 @@ import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.SecurityInfoC; import org.onap.aaf.cadi.http.HBasicAuthSS; import org.onap.aaf.cadi.locator.SingleEndpointLocator; import org.onap.aaf.cadi.sso.AAFSSO; @@ -76,8 +78,8 @@ import certman.v1_0.CertificateRequest; import locate.v1_1.Configuration; import locate.v1_1.Configuration.Props; -public class CmAgent { - private static final String HASHES = "######################"; +public class Agent { + private static final String HASHES = "################################################################"; private static final String PRINT = "print"; private static final String FILE = "file"; private static final String PKCS12 = "pkcs12"; @@ -103,25 +105,36 @@ public class CmAgent { int exitCode = 0; doExit = true; try { - AAFSSO aafsso = new AAFSSO(args, new AAFSSO.ProcessArgs() { - @Override - public Properties process(String[] args, Properties props) { - if(args.length>1) { - if(args[0].equals("validate")) { - props.put(Config.CADI_PROP_FILES, args[1]); - } else if (!args[0].equals("genkeypair")) { - props.put("aaf_id", args[1]); - } + AAFSSO aafsso; + PropAccess access; + + if(args.length>0 && args[0].equals("validate")) { + int idx = args[1].indexOf('='); + aafsso = null; + access = new PropAccess( + (idx<0?Config.CADI_PROP_FILES:args[1].substring(0, idx))+ + '='+ + (idx<0?args[1]:args[1].substring(idx+1))); + } else { + aafsso= new AAFSSO(args, new AAFSSO.ProcessArgs() { + @Override + public Properties process(String[] args, Properties props) { + if(args.length>1) { + if (!args[0].equals("genkeypair")) { + props.put("aaf_id", args[1]); + } + } + return props; } - return props; - } - }); - if(aafsso.loginOnly()) { + }); + access = aafsso.access(); + } + + if(aafsso!=null && aafsso.loginOnly()) { aafsso.setLogDefault(); aafsso.writeFiles(); System.out.println("AAF SSO information created in ~/.aaf"); } else { - PropAccess access = aafsso.access(); env = new RosettaEnv(access.getProperties()); Deque cmds = new ArrayDeque(); for(String p : args) { @@ -145,7 +158,7 @@ public class CmAgent { System.out.println(" showpass []"); System.out.println(" check []"); System.out.println(" config "); - System.out.println(" validate "); + System.out.println(" validate .props>"); System.out.println(" genkeypair"); if (doExit) { System.exit(1); @@ -174,16 +187,18 @@ public class CmAgent { trans.setProperty("oauth_token", token); } try { + if(aafsso!=null) { // show Std out again - aafsso.setLogDefault(); - aafsso.setStdErrDefault(); - - // if CM_URL can be obtained, add to sso.props, if written - String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL+": "); - if(cm_url!=null) { - aafsso.addProp(Config.CM_URL, cm_url); + aafsso.setLogDefault(); + aafsso.setStdErrDefault(); + + // if CM_URL can be obtained, add to sso.props, if written + String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL+": "); + if(cm_url!=null) { + aafsso.addProp(Config.CM_URL, cm_url); + } + aafsso.writeFiles(); } - aafsso.writeFiles(); AAFCon aafcon = new AAFConHttp(access,Config.CM_URL); @@ -214,7 +229,7 @@ public class CmAgent { initConfig(trans,access,aafcon,cmds); break; case "validate": - validate(aafsso,aafcon); + validate(access); break; case "check": try { @@ -234,7 +249,9 @@ public class CmAgent { trans.info().log("Trans Info\n",sb); } } - aafsso.close(); + if(aafsso!=null) { + aafsso.close(); + } } } catch (Exception e) { e.printStackTrace(); @@ -610,7 +627,7 @@ public class CmAgent { if(allowed) { File dir = new File(a.getDir()); Properties props = new Properties(); - FileInputStream fis = new FileInputStream(new File(dir,a.getNs()+".props")); + FileInputStream fis = new FileInputStream(new File(dir,a.getNs()+".cred.props")); try { props.load(fis); fis.close(); @@ -664,88 +681,135 @@ public class CmAgent { TimeTaken tt = trans.start("Get Configuration", Env.REMOTE); try { boolean ok=false; - File fprops = File.createTempFile(rootFile, ".tmp",dir); - PrintStream out = new PrintStream(new FileOutputStream(fprops)); - out.println(HASHES); - out.print("# Configuration File generated on "); - out.println(new Date().toString()); - out.println(HASHES); - - File fkf = new File(dir,rootFile+".keyfile"); - if(!fkf.exists()) { - CmdLine.main(new String[] {"keygen",fkf.toString()}); - } - out.print("cadi_keyfile="); - out.println(fkf.getCanonicalPath()); - - out.print(Config.AAF_APPID); - out.print('='); - out.println(fqi); - - Symm filesymm = Symm.obtain(fkf); - out.print(Config.AAF_APPPASS); - out.print("=enc:"); - String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false); - ps = filesymm.enpass(ps); - out.println(ps); - - out.print(Config.CADI_TRUSTSTORE); - out.print("="); - File origTruststore = new File(pa.getProperty(Config.CADI_TRUSTSTORE)); - File newTruststore = new File(dir,origTruststore.getName()); - if(!newTruststore.exists()) { - Files.copy(origTruststore.toPath(), newTruststore.toPath()); + File fProps = File.createTempFile(rootFile, ".tmp",dir); + File fSecureTempProps = File.createTempFile(rootFile, ".cred.tmp",dir); + File fSecureProps = new File(dir,rootFile+".cred.props"); + PrintStream psProps; + + File fLocProps = new File(dir,rootFile + ".location.props"); + if(!fLocProps.exists()) { + psProps = new PrintStream(new FileOutputStream(fLocProps)); + try { + psProps.println(HASHES); + psProps.print("# Configuration File generated on "); + psProps.println(new Date().toString()); + psProps.println(HASHES); + for(String tag : new String[] {Config.CADI_LATITUDE,Config.CADI_LONGITUDE}) { + psProps.print(tag); + psProps.print('='); + psProps.println(getProperty(pa, trans, false, tag, "%s: ",tag)); + } + } finally { + psProps.close(); + } } - out.println(newTruststore.getCanonicalPath()); - - out.print(Config.CADI_TRUSTSTORE_PASSWORD); - out.print("=enc:"); - ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false); - ps = filesymm.enpass(ps); - out.println(ps); - + psProps = new PrintStream(new FileOutputStream(fProps)); try { - Future acf = aafcon.client(new SingleEndpointLocator(locator)) - .read("/configure/"+fqi+"/aaf", configDF); - if(acf.get(TIMEOUT)) { -// out.println(acf.value.getName()); - for(Props props : acf.value.getProps()) { - out.println(props.getTag() + '=' + props.getValue()); + PrintStream psCredProps = new PrintStream(new FileOutputStream(fSecureTempProps)); + try { + psCredProps.println(HASHES); + psCredProps.print("# Configuration File generated on "); + psCredProps.println(new Date().toString()); + psCredProps.println(HASHES); + + psProps.println(HASHES); + psProps.print("# Configuration File generated on "); + psProps.println(new Date().toString()); + psProps.println(HASHES); + + psProps.print(Config.CADI_PROP_FILES); + psProps.print('='); + psProps.print(fSecureProps.getCanonicalPath()); + psProps.print(File.pathSeparatorChar); + psProps.println(fLocProps.getCanonicalPath()); + + File fkf = new File(dir,rootFile+".keyfile"); + if(!fkf.exists()) { + CmdLine.main(new String[] {"keygen",fkf.toString()}); } - ok = true; - } else if(acf.code()==401){ - trans.error().log("Bad Password sent to AAF"); - } else { - trans.error().log(errMsg.toMsg(acf)); + psCredProps.print("cadi_keyfile="); + psCredProps.println(fkf.getCanonicalPath()); + + psCredProps.print(Config.AAF_APPID); + psCredProps.print('='); + psCredProps.println(fqi); + + Symm filesymm = Symm.obtain(fkf); + psCredProps.print(Config.AAF_APPPASS); + psCredProps.print("=enc:"); + String ps = pa.decrypt(pa.getProperty(Config.AAF_APPPASS), false); + ps = filesymm.enpass(ps); + psCredProps.println(ps); + + psCredProps.print(Config.CADI_TRUSTSTORE); + psCredProps.print("="); + File origTruststore = new File(pa.getProperty(Config.CADI_TRUSTSTORE)); + File newTruststore = new File(dir,origTruststore.getName()); + if(!newTruststore.exists()) { + Files.copy(origTruststore.toPath(), newTruststore.toPath()); + } + psCredProps.println(newTruststore.getCanonicalPath()); + + psCredProps.print(Config.CADI_TRUSTSTORE_PASSWORD); + psCredProps.print("=enc:"); + ps = pa.decrypt(pa.getProperty(Config.CADI_TRUSTSTORE_PASSWORD), false); + ps = filesymm.enpass(ps); + psCredProps.println(ps); + + try { + Future acf = aafcon.client(new SingleEndpointLocator(locator)) + .read("/configure/"+fqi+"/aaf", configDF); + if(acf.get(TIMEOUT)) { + // out.println(acf.value.getName()); + for(Props props : acf.value.getProps()) { + psProps.println(props.getTag() + '=' + props.getValue()); + } + ok = true; + } else if(acf.code()==401){ + trans.error().log("Bad Password sent to AAF"); + } else { + trans.error().log(errMsg.toMsg(acf)); + } + } finally { + psProps.close(); + } + if(ok) { + File newFile = new File(dir,rootFile+".props"); + fProps.renameTo(newFile); + System.out.println("Created " + newFile.getCanonicalPath()); + fProps = newFile; + + fSecureTempProps.renameTo(fSecureProps); + System.out.println("Created " + fSecureProps.getCanonicalPath()); + fProps = newFile; + } else { + fProps.delete(); + fSecureTempProps.delete(); + } + } finally { + psCredProps.close(); } } finally { - out.close(); - } - if(ok) { - File newFile = new File(dir,rootFile+".common.props"); - fprops.renameTo(newFile); - System.out.println("Created " + newFile.getCanonicalPath()); - fprops = newFile; - } else { - fprops.delete(); + psProps.close(); } } finally { tt.done(); } } - private static void validate(final AAFSSO aafsso, final AAFCon aafcon) throws LocatorException, CadiException, APIException { + private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException { System.out.println("Validating Configuration..."); - aafcon.clone(aafsso.access().getProperty(Config.AAF_URL)).best(new Retryable() { + final AAFCon aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC(pa)); + aafcon.best(new Retryable() { @Override public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fc = client.read("/authz/perms/user/"+aafsso.user(),permDF); + Future fc = client.read("/authz/perms/user/"+aafcon.defID(),permDF); if(fc.get(aafcon.timeout)) { System.out.print("Success connecting to "); System.out.println(client.getURI()); System.out.print(" Permissions for "); - System.out.println(aafsso.user()); + System.out.println(aafcon.defID()); for(Perm p : fc.value.getPerm()) { System.out.print('\t'); System.out.print(p.getType()); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/ArtifactDir.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/ArtifactDir.java similarity index 95% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/ArtifactDir.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/ArtifactDir.java index 7259d68e..74cf4e4b 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/ArtifactDir.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/ArtifactDir.java @@ -19,7 +19,7 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; import java.io.File; import java.io.FileOutputStream; @@ -29,6 +29,7 @@ import java.io.PrintStream; import java.io.PrintWriter; import java.security.KeyStore; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -75,8 +76,8 @@ public abstract class ArtifactDir implements PlaceArtifact { // Also place cm_url and Host Name addProperty(Config.CM_URL,trans.getProperty(Config.CM_URL)); - addProperty(Config.HOSTNAME,machine); - addProperty(Config.AAF_ENV,certInfo.getEnv()); +// addProperty(Config.HOSTNAME,machine); +// addProperty(Config.AAF_ENV,certInfo.getEnv()); // Obtain Issuers boolean first = true; StringBuilder issuers = new StringBuilder(); @@ -208,10 +209,11 @@ public abstract class ArtifactDir implements PlaceArtifact { } boolean first=processed.get("dir")==null; try { - File f = new File(dir,arti.getNs()+".props"); + File f = new File(dir,arti.getNs()+".cred.props"); if(f.exists()) { if(first) { - f.delete(); + File backup = File.createTempFile(f.getName()+'.', ".backup",dir); + f.renameTo(backup); } else { f.setWritable(true); } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CertException.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/CertException.java similarity index 97% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CertException.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/CertException.java index 5c525ff2..4ea5e335 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/CertException.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/CertException.java @@ -19,7 +19,7 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; public class CertException extends Exception { diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Factory.java similarity index 94% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Factory.java index e969fab3..5bb99131 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/Factory.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Factory.java @@ -19,7 +19,7 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -64,6 +64,7 @@ import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; import org.onap.aaf.cadi.Symm; +import org.onap.aaf.cadi.client.Holder; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -155,10 +156,10 @@ public class Factory { } public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException { - byte[] bytes = decode(new StringReader(pk)); + byte[] bytes = decode(new StringReader(pk), null); return toPrivateKey(trans, bytes); } - + public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException { TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB); try { @@ -169,11 +170,12 @@ public class Factory { tt.done(); } } - + public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException { TimeTaken tt = trans.start("Decode Private Key File", Env.SUB); try { - return toPrivateKey(trans,decode(file)); + Holder firstLine = new Holder(null); + return toPrivateKey(trans,decode(file,firstLine)); }finally { tt.done(); } @@ -190,7 +192,7 @@ public class Factory { try { ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes()); ByteArrayOutputStream baos = new ByteArrayOutputStream(); - Symm.base64noSplit.decode(bais, baos); + Symm.base64noSplit.decode(new StripperInputStream(bais), baos); return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray())); } catch (InvalidKeySpecException e) { @@ -273,10 +275,25 @@ public class Factory { } public static byte[] strip(Reader rdr) throws IOException { + return strip(rdr,null); + } + + public static byte[] strip(Reader rdr, Holder hs) throws IOException { BufferedReader br = new BufferedReader(rdr); ByteArrayOutputStream baos = new ByteArrayOutputStream(); String line; + boolean notStarted = true; while((line=br.readLine())!=null) { + if(notStarted) { + if(line.startsWith("-----")) { + notStarted = false; + if(hs!=null) { + hs.set(line); + } + } else { + continue; + } + } if(line.length()>0 && !line.startsWith("-----") && line.indexOf(':')<0) { // Header elements @@ -285,7 +302,7 @@ public class Factory { } return baos.toByteArray(); } - + public static class StripperInputStream extends InputStream { private Reader created; private BufferedReader br; @@ -395,17 +412,18 @@ public class Factory { return baos.toByteArray(); } - public static byte[] decode(File f) throws IOException { + public static byte[] decode(File f, Holder hs) throws IOException { FileReader fr = new FileReader(f); try { - return Factory.decode(fr); + return Factory.decode(fr,hs); } finally { fr.close(); } - } - public static byte[] decode(Reader rdr) throws IOException { - return decode(strip(rdr)); + + + public static byte[] decode(Reader rdr,Holder hs) throws IOException { + return decode(strip(rdr,hs)); } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifact.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifact.java similarity index 97% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifact.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifact.java index 369f48d0..4b200c04 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifact.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifact.java @@ -19,7 +19,7 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; import certman.v1_0.Artifacts.Artifact; import certman.v1_0.CertInfo; diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInFiles.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInFiles.java similarity index 95% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInFiles.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInFiles.java index f419577b..25fe776c 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInFiles.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInFiles.java @@ -19,7 +19,7 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; import java.io.File; @@ -36,6 +36,7 @@ public class PlaceArtifactInFiles extends ArtifactDir { try { // Setup Public Cert File f = new File(dir,arti.getNs()+".crt"); + // In Version 1.0, App Cert is first write(f,Chmod.to644,certInfo.getCerts().get(0),C_R); // Setup Private Key diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java similarity index 81% rename from cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java rename to cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java index 2b498d4f..2a522bc1 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/cm/PlaceArtifactInKeystore.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java @@ -19,7 +19,7 @@ * */ -package org.onap.aaf.cadi.cm; +package org.onap.aaf.cadi.configure; import java.io.File; import java.security.KeyStore; @@ -28,7 +28,10 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Set; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Symm; @@ -52,7 +55,8 @@ public class PlaceArtifactInKeystore extends ArtifactDir { try { KeyStore jks = KeyStore.getInstance(kst); if(fks.exists()) { - fks.delete(); + File backup = File.createTempFile(fks.getName()+'.', ".backup",dir); + fks.renameTo(backup); } // Get the Cert(s)... Might include Trust store @@ -60,29 +64,26 @@ public class PlaceArtifactInKeystore extends ArtifactDir { // find where the trusts end in 1.0 API X509Certificate x509; - List certList = new ArrayList(); - Certificate[] trustChain = null; - Certificate[] trustCAs; + List chainList = new ArrayList(); + Set caSet = new HashSet(); for(Certificate c : certColl) { x509 = (X509Certificate)c; - if(trustChain==null && x509.getSubjectDN().equals(x509.getIssuerDN())) { - trustChain = new Certificate[certList.size()]; - certList.toArray(trustChain); - certList.clear(); // reuse + // Is a Root (self-signed, anyway) + if(x509.getSubjectDN().equals(x509.getIssuerDN())) { + caSet.add(x509); + } else { + chainList.add(x509); } - certList.add(x509); } - - // remainder should be Trust CAs - trustCAs = new Certificate[certList.size()]; - certList.toArray(trustCAs); +// chainList.addAll(caSet); + //Collections.reverse(chainList); // Properties, etc // Add CADI Keyfile Entry to Properties addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getNs() + ".keyfile"); // Set Keystore Password addProperty(Config.CADI_KEYSTORE,fks.getAbsolutePath()); - String keystorePass = Symm.randomGen(CmAgent.PASS_SIZE); + String keystorePass = Symm.randomGen(Agent.PASS_SIZE); addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass); char[] keystorePassArray = keystorePass.toCharArray(); jks.load(null,keystorePassArray); // load in @@ -106,6 +107,8 @@ public class PlaceArtifactInKeystore extends ArtifactDir { KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(keyPass.toCharArray()); + Certificate[] trustChain = new Certificate[chainList.size()]; + chainList.toArray(trustChain); KeyStore.PrivateKeyEntry pkEntry = new KeyStore.PrivateKeyEntry(pk, trustChain); jks.setEntry(arti.getMechid(), @@ -116,16 +119,23 @@ public class PlaceArtifactInKeystore extends ArtifactDir { // Change out to TrustStore fks = new File(dir,arti.getNs()+".trust."+kst); + if(fks.exists()) { + File backup = File.createTempFile(fks.getName()+'.', ".backup",dir); + fks.renameTo(backup); + } + jks = KeyStore.getInstance(kst); // Set Truststore Password addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath()); - String trustStorePass = Symm.randomGen(CmAgent.PASS_SIZE); + String trustStorePass = Symm.randomGen(Agent.PASS_SIZE); addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass); char[] truststorePassArray = trustStorePass.toCharArray(); jks.load(null,truststorePassArray); // load in // Add Trusted Certificates, but PKCS12 doesn't support + Certificate[] trustCAs = new Certificate[caSet.size()]; + caSet.toArray(trustCAs); for(int i=0; i $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" + "case \"$?\" in\n" + " 0)\n" + diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java index d0d67e23..ed23179a 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_ArtifactDir.java @@ -42,7 +42,7 @@ import org.junit.Test; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.cm.ArtifactDir; +import org.onap.aaf.cadi.configure.ArtifactDir; import org.onap.aaf.cadi.util.Chmod; import org.onap.aaf.misc.env.Trans; diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java index aa12d7c6..a973bc22 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java @@ -24,8 +24,7 @@ package org.onap.aaf.cadi.cm.test; import static org.junit.Assert.*; import static org.hamcrest.CoreMatchers.*; import org.junit.*; - -import org.onap.aaf.cadi.cm.CertException; +import org.onap.aaf.cadi.configure.CertException; public class JU_CertException { diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java index fbeb360f..b50c5a5e 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CmAgent.java @@ -28,7 +28,7 @@ import java.io.File; import org.junit.After; import org.junit.Before; import org.junit.Test; -import org.onap.aaf.cadi.cm.CmAgent; +import org.onap.aaf.cadi.configure.Agent; public class JU_CmAgent { @@ -58,62 +58,62 @@ public class JU_CmAgent { "-login", "-noExit", }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "place", "-noExit", }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", "create" }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", "read" }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", "copy" }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", "update" }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", "delete" }; - CmAgent.main(args); + Agent.main(args); inStream.reset(); args = new String[] { "-noExit", "showpass" }; - CmAgent.main(args); + Agent.main(args); } diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java index fb186b89..b47abe2c 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java @@ -57,11 +57,10 @@ import java.util.List; import javax.crypto.Cipher; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; -import org.onap.aaf.cadi.cm.Factory.Base64InputStream; -import org.onap.aaf.cadi.cm.Factory.StripperInputStream; - +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; +import org.onap.aaf.cadi.configure.Factory.Base64InputStream; +import org.onap.aaf.cadi.configure.Factory.StripperInputStream; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.TimeTaken; @@ -162,8 +161,8 @@ public class JU_Factory { assertThat(privateKeyString.startsWith("-----BEGIN PRIVATE KEY-----"), is(true)); assertThat(privateKeyString.endsWith("-----END PRIVATE KEY-----\n"), is(true)); - PublicKey publicKey = Factory.toPublicKey(transMock, cleanupString(publicKeyString)); - PrivateKey privateKey = Factory.toPrivateKey(transMock, cleanupString(privateKeyString)); + PublicKey publicKey = Factory.toPublicKey(transMock, publicKeyString); + PrivateKey privateKey = Factory.toPrivateKey(transMock, privateKeyString); Cipher encryptor = Factory.pkCipher(publicKey, true); Cipher decryptor = Factory.pkCipher(privateKey, false); diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java index 3c83112c..7afb4cf4 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInFiles.java @@ -32,7 +32,7 @@ import java.util.List; import org.junit.*; import org.mockito.*; import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.cm.PlaceArtifactInFiles; +import org.onap.aaf.cadi.configure.PlaceArtifactInFiles; import org.onap.aaf.misc.env.Trans; import certman.v1_0.Artifacts.Artifact; diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java index d146f631..0b086f11 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactInKeystore.java @@ -39,7 +39,7 @@ import java.security.cert.CertificateException; import org.junit.*; import org.mockito.*; import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.cm.PlaceArtifactInKeystore; +import org.onap.aaf.cadi.configure.PlaceArtifactInKeystore; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -102,8 +102,9 @@ public class JU_PlaceArtifactInKeystore { certs.add(x509String); certs.add(x509Chain); assertThat(placer.place(transMock, certInfoMock, artiMock, "machine"), is(true)); - for (String ext : new String[] {"chal", "keyfile", "jks", "props", "trust.jks"}) { - assertThat(new File(dirName + '/' + nsName + '.' + ext).exists(), is(true)); + for (String ext : new String[] {"chal", "keyfile", "jks", "trust.jks", "cred.props"}) { + File f = new File(dirName + '/' + nsName + '.' + ext); + assertThat(f.exists(), is(true)); } // coverage diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java index 6e390bed..3d8f41c6 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactOnStream.java @@ -32,8 +32,7 @@ import java.util.List; import org.junit.*; import org.mockito.*; - -import org.onap.aaf.cadi.cm.PlaceArtifactOnStream; +import org.onap.aaf.cadi.configure.PlaceArtifactOnStream; import org.onap.aaf.misc.env.LogTarget; import org.onap.aaf.misc.env.Trans; diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java index 0ed29e10..682606c0 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_PlaceArtifactScripts.java @@ -30,7 +30,7 @@ import java.io.File; import org.junit.*; import org.mockito.*; import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.cm.PlaceArtifactScripts; +import org.onap.aaf.cadi.configure.PlaceArtifactScripts; import org.onap.aaf.misc.env.Trans; import certman.v1_0.Artifacts.Artifact; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java index ea3891f9..5a3fe825 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java @@ -450,9 +450,11 @@ public class Symm { this.range = range; } public int convert(int read) throws IOException { + // System.out.print((char)read); switch(read) { case -1: case '=': + case ' ': case '\n': case '\r': return -1; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index c79c5cce..9a0a53cf 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -43,6 +43,7 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Connector; import org.onap.aaf.cadi.CredVal; import org.onap.aaf.cadi.Locator; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.Symm; @@ -225,7 +226,7 @@ public class Config { } } - public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException { + public static HttpTaf configHttpTaf(Connector con, SecurityInfoC si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException { Access access = si.access; ///////////////////////////////////////////////////// // Setup AAFCon for any following @@ -712,7 +713,7 @@ public class Config { @SuppressWarnings("unchecked") - public static Locator loadLocator(SecurityInfoC si, final String _url) { + public static Locator loadLocator(SecurityInfoC si, final String _url) throws LocatorException { Access access = si.access; Locator locator = null; if(_url==null) { @@ -753,6 +754,9 @@ public class Config { access.log(Level.INFO, "AAFLocator enabled using preloaded " + locator.getClass().getSimpleName()); } } catch (InvocationTargetException e) { + if(e.getTargetException() instanceof LocatorException) { + throw (LocatorException)e.getTargetException(); + } access.log(Level.INIT,e.getTargetException().getMessage(),"AAFLocator for",url,"could not be created.",e); } catch (Exception e) { access.log(Level.INIT,"AAFLocator for",url,"could not be created.",e); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java index 33aef6c9..cc366c27 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfoC.java @@ -34,7 +34,7 @@ public class SecurityInfoC extends SecurityInfo { private static Map,SecurityInfoC> sicMap = new HashMap,SecurityInfoC>(); public SecuritySetter defSS; - private SecurityInfoC(Access access) throws CadiException { + public SecurityInfoC(Access access) throws CadiException { super(access); defSS = new SecuritySetter() { @Override @@ -54,14 +54,14 @@ public class SecurityInfoC extends SecurityInfo { }; } - @SuppressWarnings("unchecked") public static synchronized SecurityInfoC instance(Access access, Class cls) throws CadiException { - SecurityInfoC sic = sicMap.get(cls); + @SuppressWarnings("unchecked") + SecurityInfoC sic = (SecurityInfoC) sicMap.get(cls); if(sic==null) { sic = new SecurityInfoC(access); sicMap.put(cls, sic); } - return (SecurityInfoC)sic; + return sic; } public SecurityInfoC set(SecuritySetter defSS) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java index 8577d55c..1f302c64 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java @@ -38,6 +38,7 @@ import javax.servlet.http.HttpServletResponse; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.ServletContextAccess; @@ -188,7 +189,7 @@ public class CadiFilter implements Filter { } try { httpChecker = new CadiHTTPManip(access,null /*reuseable Con*/,tc, additionalTafLurs); - } catch (CadiException e1) { + } catch (CadiException | LocatorException e1) { throw new ServletException(e1); } } else if(access==null) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java index 006d6b4e..0cc52203 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java @@ -32,6 +32,7 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Connector; import org.onap.aaf.cadi.CredVal; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.Taf; import org.onap.aaf.cadi.TrustChecker; @@ -70,7 +71,7 @@ public class CadiHTTPManip { public static final Object[] noAdditional = new Object[0]; // CadiFilter can be created each call in some systems - public CadiHTTPManip(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { + public CadiHTTPManip(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { synchronized(LOCK) { this.access = access; // Get getter = new AccessGetter(access); diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/util/Split.java b/misc/env/src/main/java/org/onap/aaf/misc/env/util/Split.java index 57e60091..efb68120 100644 --- a/misc/env/src/main/java/org/onap/aaf/misc/env/util/Split.java +++ b/misc/env/src/main/java/org/onap/aaf/misc/env/util/Split.java @@ -30,7 +30,13 @@ package org.onap.aaf.misc.env.util; */ public class Split { + private static final String[] BLANK = new String[0]; + public static String[] split(char c, String value) { + if(value==null) { + return BLANK; + } + // Count items to preallocate Array (memory alloc is more expensive than counting twice) int count,idx; for(count=1,idx=value.indexOf(c);idx>=0;idx=value.indexOf(c,++idx),++count); @@ -50,6 +56,9 @@ public class Split { } public static String[] splitTrim(char c, String value) { + if(value==null) { + return BLANK; + } // Count items to preallocate Array (memory alloc is more expensive than counting twice) int count,idx; for(count=1,idx=value.indexOf(c);idx>=0;idx=value.indexOf(c,++idx),++count); @@ -69,6 +78,10 @@ public class Split { } public static String[] splitTrim(char c, String value, int size) { + if(value==null) { + return BLANK; + } + int idx; String[] rv = new String[size]; if(size==1) { -- 2.16.6