+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
- <parent>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>parent</artifactId>\r
- <version>1.0.0-SNAPSHOT</version>\r
- <relativePath>..</relativePath>\r
- </parent>\r
-\r
- <modelVersion>4.0.0</modelVersion>\r
- <name>CADI AAF (Application Authorization Framework) LUR</name>\r
- <packaging>jar</packaging>\r
- <url>https://github.com/att/AAF</url>\r
- <description>CADI</description>\r
- <artifactId>cadi-aaf</artifactId>\r
- <properties>\r
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
- <project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion>\r
- <!-- SONAR -->\r
- <sonar.skip>true</sonar.skip>\r
- <jacoco.version>0.7.7.201606060606</jacoco.version>\r
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>\r
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>\r
- <!-- Default Sonar configuration -->\r
- <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>\r
- <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>\r
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list below -->\r
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>\r
- <nexusproxy>https://nexus.onap.org</nexusproxy>\r
- <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>\r
- <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>\r
- <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>\r
- <sitePath>/content/sites/site/org/onap/aaf/cadi/${project.artifactId}/${project.version}</sitePath>\r
- </properties>\r
- \r
- <dependencies>\r
- <dependency>\r
- <groupId>org.mockito</groupId>\r
- <artifactId>mockito-all</artifactId>\r
- <version>1.9.5</version>\r
- <scope>test</scope>\r
- </dependency>\r
- <dependency>\r
- <groupId>org.onap.aaf.authz</groupId>\r
- <artifactId>authz-client</artifactId>\r
- </dependency> \r
-\r
- <dependency>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>cadi-client</artifactId>\r
- </dependency> \r
-\r
- <dependency>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>cadi-client</artifactId>\r
- </dependency>\r
- \r
- <dependency>\r
- <groupId>com.att.aft</groupId>\r
- <artifactId>dme2</artifactId>\r
- <scope>provided</scope>\r
- </dependency>\r
- \r
- <dependency>\r
- <groupId>javax.servlet</groupId>\r
- <artifactId>javax.servlet-api</artifactId>\r
- <version>3.0.1</version>\r
- <scope>provided</scope>\r
- </dependency>\r
-\r
- <dependency>\r
- <groupId>org.slf4j</groupId>\r
- <artifactId>slf4j-log4j12</artifactId>\r
- <version>1.7.5</version>\r
- <scope>test</scope>\r
- </dependency>\r
-\r
- </dependencies>\r
- <build>\r
- <plugins> \r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-compiler-plugin</artifactId>\r
- <version>2.3.2</version>\r
- </plugin>\r
- \r
- <!-- We want to create a Jar with Rosetta built in (since I don't want \r
- a separate deployment at this time Use this one as the jar to put in SWM \r
- packages -->\r
- <plugin>\r
- <artifactId>maven-assembly-plugin</artifactId>\r
- <configuration>\r
- <classifier>tests</classifier>\r
- <archive>\r
- <manifest>\r
- <mainClass>org.onap.aaf.cadi.cm.CmAgent</mainClass>\r
- </manifest>\r
-\r
- <manifestEntries>\r
- <Sealed>true</Sealed>\r
- </manifestEntries>\r
- </archive>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>full</id>\r
- <phase>package</phase>\r
- <goals>\r
- <goal>single</goal>\r
- </goals>\r
- <configuration>\r
- <descriptors>\r
- <descriptor>src/assemble/cadi-aaf.xml</descriptor>\r
- </descriptors>\r
- </configuration>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-javadoc-plugin</artifactId>\r
- <version>2.10.4</version>\r
- <configuration>\r
- <failOnError>false</failOnError>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>attach-javadocs</id>\r
- <goals>\r
- <goal>jar</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin> \r
- \r
- \r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-source-plugin</artifactId>\r
- <version>2.2.1</version>\r
- <executions>\r
- <execution>\r
- <id>attach-sources</id>\r
- <goals>\r
- <goal>jar-no-fork</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- \r
-\r
-\r
- <plugin>\r
- <!-- Also sign "full" -->\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-jarsigner-plugin</artifactId>\r
- <configuration>\r
- <skip>true</skip>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>sign-full</id>\r
- <goals>\r
- <goal>sign</goal>\r
- </goals>\r
- <configuration>\r
- <archive>target/${project.artifactId}-${project.version}-full.jar</archive>\r
- </configuration>\r
- </execution>\r
- <execution>\r
- <id>verify-full</id>\r
- <goals>\r
- <goal>verify</goal>\r
- </goals>\r
- <configuration>\r
- <archive>target/${project.artifactId}-${project.version}-full.jar</archive>\r
- </configuration>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- <plugin>\r
- <groupId>org.sonatype.plugins</groupId>\r
- <artifactId>nexus-staging-maven-plugin</artifactId>\r
- <version>1.6.7</version>\r
- <extensions>true</extensions>\r
- <configuration>\r
- <nexusUrl>${nexusproxy}</nexusUrl>\r
- <stagingProfileId>176c31dfe190a</stagingProfileId>\r
- <serverId>ecomp-staging</serverId>\r
- </configuration>\r
- </plugin> \r
- \r
- <plugin>\r
- <groupId>org.jacoco</groupId>\r
- <artifactId>jacoco-maven-plugin</artifactId>\r
- <version>${jacoco.version}</version>\r
- <configuration>\r
- <excludes>\r
- <exclude>**/gen/**</exclude>\r
- <exclude>**/generated-sources/**</exclude>\r
- <exclude>**/yang-gen/**</exclude>\r
- <exclude>**/pax/**</exclude>\r
- </excludes>\r
- </configuration>\r
- <executions>\r
-\r
- <execution>\r
- <id>pre-unit-test</id>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>\r
- <propertyName>surefireArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
- \r
- \r
- <execution>\r
- <id>post-unit-test</id>\r
- <phase>test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>\r
- </configuration>\r
- </execution>\r
- <execution>\r
- <id>pre-integration-test</id>\r
- <phase>pre-integration-test</phase>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>\r
-\r
- <propertyName>failsafeArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
-\r
- \r
- <execution>\r
- <id>post-integration-test</id>\r
- <phase>post-integration-test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>\r
- </configuration>\r
- </execution>\r
- </executions>\r
- </plugin> \r
-\r
- </plugins>\r
- </build>\r
- <distributionManagement>\r
- <repository>\r
- <id>ecomp-releases</id>\r
- <name>AAF Release Repository</name>\r
- <url>${nexusproxy}${releaseNexusPath}</url>\r
- </repository>\r
- <snapshotRepository>\r
- <id>ecomp-snapshots</id>\r
- <name>AAF Snapshot Repository</name>\r
- <url>${nexusproxy}${snapshotNexusPath}</url>\r
- </snapshotRepository>\r
- <site>\r
- <id>ecomp-site</id>\r
- <url>dav:${nexusproxy}${sitePath}</url>\r
- </site>\r
- </distributionManagement>\r
-\r
-</project>\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
- xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">\r
- \r
- <id>test</id>\r
- <formats>\r
- <format>zip</format>\r
- </formats>\r
-\r
- <includeBaseDirectory>true</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>org.onap.aaf.cadi:cadi-core</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>org.onap.aaf.cadi:cadi-aaf</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>org.eclipse.jetty.aggregate:jetty-all</include>\r
- </includes>\r
- </dependencySet>\r
-\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>org.eclipse.jetty.orbit:javax.servlet</include>\r
- </includes>\r
- </dependencySet>\r
-\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>javax:servlet</include>\r
- </includes>\r
- </dependencySet>\r
- \r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>com.att.aft:dme2</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>test</scope>\r
- <includes>\r
- <include>com.att.aft.discovery:discovery-clt</include>\r
- </includes>\r
- </dependencySet>\r
- <dependencySet>\r
- <unpack>false</unpack>\r
- <scope>compile</scope>\r
- <includes>\r
- <include>org.onap.aaf.cssa:rosetta</include>\r
- </includes>\r
- </dependencySet>\r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>run</directory>\r
- <includes>\r
- <include>cadi.properties</include>\r
- <include>keyfile</include>\r
- <include>start.sh</include>\r
- </includes>\r
- </fileSet>\r
- <fileSet>\r
- <includes>\r
- <include>../cadi/target/cadi-core*tests.jar</include>\r
- </includes>\r
- </fileSet>\r
- </fileSets>\r
- \r
-</assembly>\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
- xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">\r
- \r
- <id>full</id>\r
- <formats>\r
- <format>jar</format>\r
- </formats>\r
-\r
- <includeBaseDirectory>false</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <unpack>true</unpack>\r
- <scope>compile</scope>\r
- <includes>\r
- <include>org.onap.aaf.authz:authz-client</include>\r
- <include>org.onap.aaf.cadi:cadi-aaf</include>\r
- <include>org.onap.aaf.cadi:cadi-core</include>\r
- <include>org.onap.aaf.cadi:cadi-client</include>\r
- <include>org.onap.aaf.inno:env</include>\r
- <include>org.onap.aaf.inno:rosetta</include>\r
- </includes>\r
- </dependencySet>\r
- \r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>src/main/xsd</directory>\r
- </fileSet>\r
- </fileSets>\r
-</assembly>\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf;\r
-\r
-import org.onap.aaf.cadi.Permission;\r
-\r
-/**\r
- * A Class that understands the AAF format of Permission (name/type/action)\r
- * or String "name|type|action"\r
- * \r
- *\r
- */\r
-public class AAFPermission implements Permission {\r
- protected String type,instance,action,key;\r
-\r
- protected AAFPermission() {}\r
-\r
- public AAFPermission(String type, String instance, String action) {\r
- this.type = type;\r
- this.instance = instance;\r
- this.action = action;\r
- key = type + '|' + instance + '|' + action;\r
- }\r
- \r
- /**\r
- * Match a Permission\r
- * if Permission is Fielded type "Permission", we use the fields\r
- * otherwise, we split the Permission with '|'\r
- * \r
- * when the type or action starts with REGEX indicator character ( ! ),\r
- * then it is evaluated as a regular expression.\r
- * \r
- * If you want a simple field comparison, it is faster without REGEX\r
- */\r
- public boolean match(Permission p) {\r
- if(p instanceof AAFPermission) {\r
- AAFPermission ap = (AAFPermission)p;\r
- // Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy\r
- // Current solution is only allow direct match on Type.\r
- // 8/28/2014 - added REGEX ability\r
- if(type.equals(ap.getName())) \r
- if(PermEval.evalInstance(instance,ap.getInstance()))\r
- if(PermEval.evalAction(action,ap.getAction()))\r
- return true;\r
- } else {\r
- // Permission is concatenated together: separated by |\r
- String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);\r
- if(aaf.length>0 && type.equals(aaf[0]))\r
- if(PermEval.evalInstance(instance,aaf.length>1?aaf[1]:"*"))\r
- if(PermEval.evalAction(action,aaf.length>2?aaf[2]:"*"))\r
- return true;\r
- } \r
- return false;\r
- }\r
-\r
- public String getName() {\r
- return type;\r
- }\r
- \r
- public String getInstance() {\r
- return instance;\r
- }\r
- \r
- public String getAction() {\r
- return action;\r
- }\r
- \r
- public String getKey() {\r
- return key;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Permission#permType()\r
- */\r
- public String permType() {\r
- return "AAF";\r
- }\r
-\r
- public String toString() {\r
- return "AAFPermission:\n\tType: " + type + \r
- "\n\tInstance: " + instance +\r
- "\n\tAction: " + action +\r
- "\n\tKey: " + key;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf;\r
-\r
-import java.security.Principal;\r
-import java.util.regex.Pattern;\r
-\r
-import org.onap.aaf.cadi.Transmutate;\r
-import org.onap.aaf.cadi.lur.ConfigPrincipal;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.principal.CSPPrincipal_T;\r
-\r
-/**\r
- * AAFTransmutate\r
- * \r
- * Each System determines the mechanisms for which one Principal is transmutated to another, such as whether it is created\r
- * independently, etc.\r
- * \r
- * For AAF, the only important thing is that these are valid ATTUID/mechIDs, to avoid unnecessary user hits\r
- * \r
- * attUIDs look like ab1234 or AB1234 or AZ123a\r
- * mechids look like m12345\r
- * \r
- *\r
- */\r
-public final class AAFTransmutate implements Transmutate<Principal> {\r
- private Pattern pattern = Pattern.compile("[a-zA-Z]\\w\\d\\d\\d\\w");\r
-\r
- public Principal mutate(Principal p) {\r
- // Accept these three internal kinds of Principals\r
- if(p instanceof CSPPrincipal_T \r
- || p instanceof BasicPrincipal\r
- || p instanceof ConfigPrincipal) { \r
- return p;\r
- } else { \r
- \r
- final String name = p.getName();\r
- final int idx = name.indexOf('@');\r
- String shortName;\r
- if(idx>0) { // strip off any domain\r
- shortName = name.substring(0,idx); \r
- } else {\r
- shortName = name;\r
- }\r
-\r
- // Check for ATTUID specs before creating CSP_T\r
- return pattern.matcher(shortName).matches()?\r
- new CSP_T(name): // Note: use REAL name, short name for CSP_T\r
- null;\r
- }\r
- }\r
-\r
- /**\r
- * Essential Principal reflecting CSP Principal\r
- * \r
- *\r
- */\r
- private final class CSP_T implements CSPPrincipal_T {\r
- private String name;\r
- public CSP_T(String name) {\r
- this.name = name;\r
- }\r
- public String getName() {\r
- return name;\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf;\r
-\r
-import java.io.IOException;\r
-import java.io.PrintStream;\r
-import java.lang.reflect.Field;\r
-import java.net.HttpURLConnection;\r
-import java.net.InetAddress;\r
-import java.net.InetSocketAddress;\r
-import java.net.Socket;\r
-import java.net.URI;\r
-import java.net.UnknownHostException;\r
-import java.util.Date;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.TrustChecker;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConDME2;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.http.HBasicAuthSS;\r
-import org.onap.aaf.cadi.http.HClient;\r
-import org.onap.aaf.cadi.http.HX509SS;\r
-import org.onap.aaf.cadi.locator.DME2Locator;\r
-import org.onap.aaf.cadi.locator.PropertyLocator;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Perms;\r
-\r
-public class ConnectivityTest {\r
- private static final String PROD = "PROD";\r
- private static final String SRV_RESOLVE = "https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=%s/routeOffer=%s";\r
- private static final String GW_RESOLVE = "https://DME2RESOLVE/service=com.att.authz.authz-gw/version=2.0/envContext=%s/routeOffer=%s";\r
- \r
- public static void main(String[] args) {\r
- if(args.length<2) {\r
- System.out.println("Usage: ConnectivityTester <TEST|IST|PROD> <cadi_prop_files>");\r
- } else {\r
- print(true,"START OF CONNECTIVITY TESTS",new Date().toString(),System.getProperty("user.name"),\r
- "Note: All API Calls are /authz/perms/user/<MechID/Alias of the caller>");\r
-\r
- final String aaf_env = args[0];\r
- args[1]=Config.CADI_PROP_FILES+'='+args[1];\r
- \r
- PropAccess pa = new PropAccess(args);\r
- String user = pa.getProperty(Config.AAF_MECHID);\r
- String pass = pa.getProperty(Config.AAF_MECHPASS);\r
- String alias = pa.getProperty(Config.CADI_ALIAS);\r
- if(user==null) {\r
- user=alias;\r
- }\r
- RosettaEnv env = new RosettaEnv(pa.getProperties());\r
- \r
- try {\r
- RosettaDF<Perms> permsDF = env.newDataFactory(Perms.class);\r
- SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(pa);\r
- HBasicAuthSS hbass = new HBasicAuthSS(pa,si);\r
- if(hbass.getID()==null) {\r
- hbass=null; // not configured with ID.\r
- }\r
- HX509SS hxss=null;\r
- AAFCon<?> aafcon;\r
- \r
- try {\r
- hxss = new HX509SS(user,si);\r
- } catch(Exception e) {\r
- e.printStackTrace();\r
- print(false,"Continuing");\r
- }\r
- String aafurl;\r
- if(user==null || (pass==null && alias==null)) {\r
- System.out.printf("ERROR: DME2 Client cannot be tested with out %s and %s properties"\r
- , Config.AAF_MECHID, Config.AAF_MECHPASS );\r
- } else {\r
- if("TEST".equals(aaf_env) || "IST".equals(aaf_env) || "PROD".equals(aaf_env)) {\r
- DME2Manager dm = null;\r
- print(false,"Attempt DME2Manager Load");\r
- if(Class.forName("com.att.aft.dme2.api.DME2Manager")==null) {\r
- print(true,"DME2 jar is not available: Skipping DME2 Tests");\r
- } else { // DME2 Client Tests\r
- pass=pa.decrypt(pass,false);\r
- // Out of the box DME2\r
- aafurl = String.format(SRV_RESOLVE, aaf_env, PROD.equals(aaf_env)?"DEFAULT":"BAU_SE");\r
- print(true,"TEST CADI Config",aafurl);\r
- aafcon = testConfig(pa,aafurl);\r
- test(aafcon,permsDF,user);\r
- \r
- print(true,"Find and TEST Connections with DME2Locator",aafurl);\r
- DME2Locator dl = new DME2Locator(pa,dm,aafurl);\r
- connectTest(dl);\r
- \r
- dm = new DME2Manager("DME2Manager",pa.getProperties());\r
- \r
- dme2RawTest(dm, aafurl,user,pass);\r
- \r
- // URL specific Variant\r
- if((aafurl = specificDME2URL(dl, aafurl))!=null) {\r
- print(true,"TEST Specific DME2 CADI Config",aafurl);\r
- aafcon = testConfig(pa,aafurl);\r
- test(aafcon,permsDF,user);\r
- \r
- dme2RawTest(dm,aafurl,user,pass);\r
- }\r
- \r
- print(true,"CADI Direct AAFConDME2 Object Usage",aafurl);\r
- try {\r
- pa.setProperty(Config.AAF_URL,aafurl);\r
- aafcon = new AAFConDME2(pa);\r
- test(aafcon,permsDF,user);\r
- } catch(Throwable t) {\r
- t.printStackTrace();\r
- }\r
- \r
- // find a direct client to code a Direct HTTP with\r
- // \r
- if(hbass!=null) {\r
- print(true,"CADI Http DME2Locator Client Coding Methodology BasicAuth",aafurl);\r
- hClientTest(dl,hbass,user);\r
- }\r
- if(hxss!=null) {\r
- print(true,"CADI Http DME2Locator Client Coding Methodology X509",aafurl);\r
- hClientTest(dl,hxss,user);\r
- }\r
- \r
- // ##### PROXY CHECKS\r
- aafurl = String.format(GW_RESOLVE, aaf_env, PROD.equals(aaf_env)?"DEFAULT":"BAU_SE");\r
- print(true,"TEST PROXY DME2 CADI Config",aafurl);\r
- aafcon = testConfig(pa,aafurl);\r
- test(aafcon,permsDF,user);\r
- \r
- \r
- dme2RawTest(dm, aafurl,user,pass);\r
- \r
- // URL specific Variant\r
- dl = new DME2Locator(pa,dm,aafurl);\r
- if((aafurl = specificDME2URL(dl, aafurl))!=null) {\r
- print(true,"TEST PROXY Specific DME2 CADI Config",aafurl);\r
- aafcon = testConfig(pa,aafurl);\r
- test(aafcon,permsDF,user);\r
- \r
- dme2RawTest(dm,aafurl,user,pass);\r
- }\r
- }\r
- }\r
-\r
- // Prop Locator\r
- PropertyLocator pl = servicePropLocator(aaf_env);\r
- connectTest(pl);\r
- URI uri = pl.get(pl.best());\r
- if(uri!=null) {\r
- aafurl = uri.toString();\r
- print(true,"TEST Service PropertyLocator based Config",aafurl);\r
- aafcon = testConfig(pa,aafurl);\r
- test(aafcon,permsDF,user);\r
- \r
- if(hbass!=null) {\r
- print(true,"CADI Service Http PropLocator Client Coding Methodology Basic Auth",aafurl);\r
- hClientTest(pl,hbass, user);\r
- print(true,"CADI Service Http PropLocator Client Coding Methodology /authn/basicAuth",aafurl);\r
- basicAuthTest(pl,hbass);\r
- }\r
- if(hxss!=null) {\r
- print(true,"CADI Service Http PropLocator Client Coding Methodology X509",aafurl);\r
- hClientTest(pl,hxss, user);\r
- }\r
- }\r
- pl = proxyPropLocator(aaf_env);\r
- connectTest(pl);\r
- uri = pl.get(pl.best());\r
- if(uri!=null) {\r
- aafurl = uri.toString();\r
- print(true,"TEST PROXY PropertyLocator based Config",aafurl);\r
- aafcon = testConfig(pa,aafurl);\r
- test(aafcon,permsDF,user);\r
- \r
- if(hbass!=null) {\r
- print(true,"CADI PROXY Http PropLocator Client Coding Methodology Basic Auth",aafurl);\r
- hClientTest(pl,hbass, user);\r
- print(true,"CADI PROXY Http PropLocator Client Coding Methodology /proxy/authn/basicAuth",aafurl);\r
- basicAuthTest(pl,hbass);\r
- }\r
- if(hxss!=null) {\r
- print(true,"CADI PROXY Http PropLocator Client Coding Methodology X509",aafurl);\r
- hClientTest(pl,hxss, user);\r
- }\r
- }\r
- }\r
- \r
- } catch(Exception e) {\r
- e.printStackTrace(System.err);\r
- } finally {\r
- print(true,"END OF TESTS");\r
- }\r
- }\r
- }\r
- \r
- private static void print(Boolean strong, String ... args) {\r
- PrintStream out = System.out;\r
- out.println();\r
- if(strong) {\r
- for(int i=0;i<70;++i) {\r
- out.print('=');\r
- }\r
- out.println();\r
- }\r
- for(String s : args) {\r
- out.print(strong?"== ":"------ ");\r
- out.print(s);\r
- if(!strong) {\r
- out.print(" ------");\r
- }\r
- out.println();\r
- }\r
- if(strong) {\r
- for(int i=0;i<70;++i) {\r
- out.print('=');\r
- }\r
- }\r
- out.println();\r
- }\r
-\r
- private static void test(AAFCon<?> aafcon,RosettaDF<Perms> permsDF,String user) {\r
- if(aafcon==null) {\r
- print(false,"AAFCon is null");\r
- } else {\r
- try {\r
- print(false,"Calling with AAFCon");\r
- Future<Perms> fp = aafcon.client("2.0").read("/authz/perms/user/"+user, Perms.class, permsDF);\r
- if(fp.get(4000)) {\r
- System.out.printf("Found %d Permission(s)\n",fp.value.getPerm().size());\r
- } else {\r
- System.out.printf("Error: %d %s\n",fp.code(),fp.body());\r
- }\r
- } catch (Throwable t) {\r
- t.printStackTrace();\r
- }\r
- }\r
- }\r
- \r
- private static AAFCon<?> testConfig(PropAccess pa, String aafurl) {\r
- try {\r
- pa.setProperty(Config.AAF_URL, aafurl);\r
- Lur lur = Config.configLur(pa);\r
- Config.configHttpTaf(pa, TrustChecker.NOTRUST, null, lur);\r
- if(lur != null) {\r
- Field f = null;\r
- try {\r
- f = lur.getClass().getField("aaf");\r
- return (AAFCon<?>)f.get(lur);\r
- } catch (Exception nsfe) {\r
- }\r
- }\r
-\r
- } catch(Throwable t) {\r
- t.printStackTrace();\r
- }\r
- return null;\r
- }\r
- \r
- private static String specificDME2URL(Locator<URI> loc, String aafurl) throws LocatorException {\r
- Item item = loc.best();\r
- if(item!=null) {\r
- URI uri = loc.get(item);\r
- return aafurl.replace("DME2RESOLVE", String.format("%s:%d",uri.getHost(),uri.getPort()));\r
- }\r
- return null;\r
- }\r
-\r
- private static void connectTest(Locator<URI> dl) throws LocatorException {\r
- URI uri;\r
- Socket socket;\r
- print(false,"TCP/IP Connect test to all Located Services");\r
- for(Item li = dl.first();li!=null;li=dl.next(li)) {\r
- if((uri = dl.get(li)) == null) {\r
- System.out.println("Locator Item empty");\r
- } else {\r
- try {\r
- socket = new Socket();\r
- socket.connect(new InetSocketAddress(uri.getHost(), uri.getPort()),3000);\r
- System.out.printf("Can Connect a Socket to %s %d\n",uri.getHost(),uri.getPort());\r
- try {\r
- socket.close();\r
- } catch (IOException e1) {\r
- System.out.printf("Could not close Socket Connection: %s\n",e1.getMessage());\r
- }\r
- } catch (IOException e) {\r
- System.out.printf("Cannot Connect a Socket to %s %d: %s\n",uri.getHost(),uri.getPort(),e.getMessage());\r
- }\r
- }\r
- }\r
- }\r
-\r
- private static PropertyLocator servicePropLocator(String env) throws LocatorException {\r
- String purls;\r
- switch(env) {\r
- case "LOCAL":\r
- try {\r
- purls="https://"+InetAddress.getLocalHost().getHostName()+":8100";\r
- } catch (UnknownHostException e) {\r
- throw new LocatorException(e);\r
- }\r
- break;\r
- case "DEV":\r
- purls="https://aaf.dev.att.com:8100,https://aaf.dev.att.com:8101";\r
- break;\r
- case "TEST":\r
- purls="https://aaftest.test.att.com:8100,https://aaftest.test.att.com:8101";\r
- break;\r
- case "IST":\r
- purls="https://aafist.test.att.com:8100,https://aafist.test.att.com:8101";\r
- break;\r
- case PROD:\r
- purls="https://aaf.it.att.com:8100,https://aaf.it.att.com:8101";\r
- break;\r
- default:\r
- if(env.contains(".")) {\r
- purls="https://"+env+":8100";\r
- } else {\r
- throw new LocatorException(ConnectivityTest.class.getSimpleName() + ": unknown Env");\r
- }\r
- }\r
- System.out.printf("Creating a PropertyLocator for %s\n",purls);\r
- return new PropertyLocator(purls);\r
- }\r
- \r
- private static PropertyLocator proxyPropLocator(String env) throws LocatorException {\r
- String purls;\r
- switch(env) {\r
- case "LOCAL":\r
- try {\r
- purls="https://"+InetAddress.getLocalHost().getHostAddress()+":8100";\r
- } catch (UnknownHostException e) {\r
- throw new LocatorException(e);\r
- }\r
- break;\r
- case "DEV":\r
- purls="https://aaf.dev.att.com:8095/proxy";\r
- break;\r
- case "TEST":\r
- purls="https://aaftest.test.att.com:8095/proxy";\r
- break;\r
- case "IST":\r
- purls="https://aafist.test.att.com:8095/proxy";\r
- break;\r
- case PROD:\r
- purls="https://aaf.it.att.com:8095/proxy";\r
- break;\r
- default:\r
- if(env.contains(".")) {\r
- purls="https://"+env+":8095/proxy";\r
- } else {\r
- throw new LocatorException(ConnectivityTest.class.getSimpleName() + ": unknown Env");\r
- }\r
-\r
- }\r
- System.out.printf("Creating a PropertyLocator for %s\n",purls);\r
- return new PropertyLocator(purls);\r
- }\r
- \r
- \r
-\r
-\r
- private static void hClientTest(Locator<URI> dl, SecuritySetter<HttpURLConnection> ss, String user) {\r
- try {\r
- URI uri = dl.get(dl.best());\r
- System.out.println("Resolved to: " + uri);\r
- HClient client = new HClient(ss, uri, 3000);\r
- client.setMethod("GET");\r
- client.setPathInfo("/authz/perms/user/"+user);\r
- client.send();\r
- Future<String> future = client.futureReadString();\r
- if(future.get(7000)) {\r
- System.out.println(future.body()); \r
- } else {\r
- System.out.println(future.code() + ":" + future.body());\r
- }\r
- } catch (CadiException | LocatorException | APIException e) {\r
- e.printStackTrace();\r
- }\r
- }\r
-\r
-\r
- private static void basicAuthTest(PropertyLocator dl, SecuritySetter<HttpURLConnection> ss) {\r
- try {\r
- URI uri = dl.get(dl.best());\r
- System.out.println("Resolved to: " + uri);\r
- HClient client = new HClient(ss, uri, 3000);\r
- client.setMethod("GET");\r
- client.setPathInfo("/authn/basicAuth");\r
- client.addHeader("Accept", "text/plain");\r
- client.send();\r
- \r
- \r
- Future<String> future = client.futureReadString();\r
- if(future.get(7000)) {\r
- System.out.println("BasicAuth Validated"); \r
- } else {\r
- System.out.println("Failure " + future.code() + ":" + future.body());\r
- }\r
- } catch (CadiException | LocatorException | APIException e) {\r
- e.printStackTrace();\r
- }\r
- }\r
-\r
- // Regular DME2Client Coding Style\r
- private static void dme2RawTest(DME2Manager dm, String aafurl, String user, String pass) {\r
- try { \r
- if(dm==null) {\r
- return;\r
- }\r
- URI uri = new URI(aafurl);\r
- print(true,"DME2 Direct Client Coding Methodology",uri.toString());\r
- DME2Client client = dm.newClient( uri, 3000);\r
- client.setMethod("GET"); // FYI, DME2 defaults to "POST"\r
- client.setContext("/authz/perms/user/"+user); // DME2 direct requires separate setting of Context from URI\r
- if(pass!=null) { // rely on Cert if no pass\r
- client.setCredentials(user, pass);\r
- }\r
- client.setPayload(""); // DME2 will not send without something\r
- String resp = client.sendAndWait(7000);\r
- System.out.println(resp);\r
- } catch(Throwable e) {\r
- e.printStackTrace();\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf;\r
-\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-\r
-public class PermEval {\r
- public static final char START_REGEX_CHAR = '!';\r
- public static final char START_INST_KEY_CHAR=':';\r
- public static final char ALT_START_INST_KEY_CHAR='/';\r
- \r
- public static final char LIST_SEP = ',';\r
- public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();\r
- public static final String ASTERIX = "*";\r
- \r
- /**\r
- * Evaluate Instance\r
- * \r
- * Instance can be more complex. It can be a string, a Regular Expression, or a ":" separated Key \r
- * who's parts can also be a String, Regular Expression.\r
- * \r
- * sInst = Server's Instance\r
- * In order to prevent false matches, keys must be the same length to count as equal\r
- * Changing this will break existing users, like Cassandra. 9-4-2015\r
- */\r
- public static boolean evalInstance(String sInst, String pInst) {\r
- if(sInst==null || pInst == null) {\r
- return false;\r
- }\r
- if(ASTERIX.equals(sInst)) {\r
- return true; // If Server's String is "*", then it accepts every Instance\r
- }\r
- char firstChar = pInst.charAt(0);\r
- char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;\r
- switch(pInst.charAt(0)) { // First char\r
- case START_REGEX_CHAR: // Evaluate as Regular Expression\r
- String pItem = pInst.substring(1);\r
- for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," definition in Action\r
- return sItem.matches(pItem);\r
- }\r
- \r
- case START_INST_KEY_CHAR: // Evaluate a special Key field, i.e.:xyz:*:!df.*\r
- case ALT_START_INST_KEY_CHAR: // Also allow '/' as special Key Field, i.e. /xyz/*/!.*\r
- if(sInst.charAt(0)==startChar) { // To compare key-to-key, both strings must be keys\r
- String[] skeys=Split.split(startChar,sInst);\r
- String[] pkeys=Split.split(startChar,pInst);\r
- if(skeys.length!=pkeys.length) return false;\r
- \r
- boolean pass = true;\r
- for(int i=1;pass && i<skeys.length;++i) { // We start at 1, because the first one, being ":" is always ""\r
- if(ASTERIX.equals(skeys[i]))continue; // Server data accepts all for this key spot\r
- pass = false;\r
- for(String sItem : Split.split(LIST_SEP,skeys[i])) { // allow for "," definition in Action\r
- if(pkeys[i].length()==0) {\r
- if(pass=sItem.length()==0) {\r
- break; // Both Empty, keep checking\r
- }\r
-// } else if(pkeys[i].charAt(0)==START_REGEX_CHAR) { \r
-// if(pass=sItem.matches(pkeys[i].substring(1))) {\r
-// break; // Matches, keep checking\r
-// }\r
- } else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *\r
- if(pass=pkeys[i].matches(sItem.substring(1))) {\r
- break; // Matches, keep checking\r
- }\r
- } else if(skeys[i].endsWith(ASTERIX)) {\r
- if(pass=endAsterixCompare(skeys[i],pkeys[i])) {\r
- break;\r
- }\r
- } else {\r
- if(pass=sItem.equals(pkeys[i]))\r
- break; // Equal, keep checking\r
- }\r
- }\r
- }\r
- return pass; // return whether passed all key checks\r
- }\r
- return false; // if first chars aren't the same, further String compare not necessary\r
- default: // Evaluate as String Compare\r
- for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," separator //TODO is this only for actions?\r
- if(sItem.endsWith(ASTERIX)) {\r
- if(endAsterixCompare(sInst, pInst));\r
- } else if(sItem.equals(pInst)) {\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
- }\r
- \r
- private static boolean endAsterixCompare(String sInst, String pInst) {\r
- final int len = sInst.length()-1;\r
- if(pInst.length()<len) {\r
- return false;\r
- }\r
- for(int j=0;j<len;++j) {\r
- if(pInst.charAt(j)!=sInst.charAt(j)) {\r
- return false;\r
- }\r
- }\r
- return true;\r
- }\r
-\r
- /**\r
- * Evaluate Action\r
- * \r
- * sAction = Stored Action...\r
- * pAction = Present Action... the Permission to validate against.\r
- * Action is not quite as complex. But we write it in this function so it can be consistent\r
- */\r
- public static boolean evalAction(String sAction,String pAction) {\r
- if(ASTERIX.equals(sAction))return true; // If Server's String is "*", then it accepts every Action\r
- for(String sItem : Split.split(LIST_SEP,sAction)) { // allow for "," definition in Action\r
- if (pAction.charAt(0)==START_REGEX_CHAR? // First char\r
- sItem.matches(pAction.substring(1)): // Evaluate as Regular Expression\r
- sItem.equals(pAction)) // Evaluate as String Compare\r
- return true;\r
- } \r
- return false;\r
- }\r
- \r
- /**\r
- * Split.split by Char\r
- * \r
- * Note: I read the String Split.split and Pattern Split.split code, and we can do this more efficiently for a single Character\r
- */\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.cert;\r
-\r
-\r
-import java.security.Principal;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.X509Certificate;\r
-import java.util.HashSet;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.Set;\r
-import java.util.Timer;\r
-import java.util.TimerTask;\r
-import java.util.TreeMap;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.xml.datatype.XMLGregorianCalendar;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Hash;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.principal.X509Principal;\r
-import org.onap.aaf.cadi.taf.cert.CertIdentity;\r
-import org.onap.aaf.cadi.taf.cert.X509Taf;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Certs.Cert;\r
-import aaf.v2_0.Users;\r
-import aaf.v2_0.Users.User;\r
-\r
-public class AAFListedCertIdentity implements CertIdentity {\r
- //TODO should 8 hours be configurable? \r
- private static final long EIGHT_HOURS = 1000*60*60*8; \r
- private static final String AAF_VERSION = "2.0";\r
- \r
- private static Map<ByteArrayHolder,String> certs = null;\r
- \r
- // Did this to add other Trust Mechanisms\r
- // Trust mechanism set by Property: \r
- private static final String[] authMechanisms = new String[] {"tguard","basicAuth","csp"};\r
- private static String[] certIDs;\r
- \r
- private static Map<String,Set<String>> trusted =null;\r
-\r
- public AAFListedCertIdentity(Access access, AAFCon<?> aafcon) throws APIException {\r
- synchronized(AAFListedCertIdentity.class) {\r
- if(certIDs==null) {\r
- String cip = access.getProperty(Config.AAF_CERT_IDS, null);\r
- if(cip!=null) {\r
- certIDs = Split.split(',',cip);\r
- }\r
- }\r
- if(certIDs!=null && certs==null) {\r
- TimerTask cu = new CertUpdate(aafcon);\r
- cu.run(); // want this to run in this thread first...\r
- new Timer("AAF Identity Refresh Timer",true).scheduleAtFixedRate(cu, EIGHT_HOURS,EIGHT_HOURS);\r
- }\r
- }\r
- }\r
-\r
- public static Set<String> trusted(String authMech) {\r
- return trusted.get(authMech);\r
- }\r
- \r
- public Principal identity(HttpServletRequest req, X509Certificate cert, byte[] certBytes) throws CertificateException {\r
- if(cert==null && certBytes==null)return null;\r
- if(certBytes==null)certBytes = cert.getEncoded();\r
- byte[] fingerprint = X509Taf.getFingerPrint(certBytes);\r
- String id = certs.get(new ByteArrayHolder(fingerprint));\r
- if(id!=null) { // Caller is Validated\r
- return new X509Principal(id,cert,certBytes);\r
- }\r
- return null;\r
- }\r
-\r
- private static class ByteArrayHolder implements Comparable<ByteArrayHolder> {\r
- private byte[] ba;\r
- public ByteArrayHolder(byte[] ba) {\r
- this.ba = ba;\r
- }\r
- public int compareTo(ByteArrayHolder b) {\r
- return Hash.compareTo(ba, b.ba);\r
- }\r
- }\r
- \r
- private class CertUpdate extends TimerTask {\r
-\r
- private AAFCon<?> aafcon;\r
- public CertUpdate(AAFCon<?> con) {\r
- aafcon = con;\r
- }\r
- \r
- @Override\r
- public void run() {\r
- try {\r
- TreeMap<ByteArrayHolder, String> newCertsMap = new TreeMap<ByteArrayHolder,String>();\r
- Map<String,Set<String>> newTrustMap = new TreeMap<String,Set<String>>();\r
- Set<String> userLookup = new HashSet<String>();\r
- for(String s : certIDs) {\r
- userLookup.add(s);\r
- }\r
- for(String authMech : authMechanisms) {\r
- Future<Users> fusr = aafcon.client(AAF_VERSION).read("/authz/users/perm/org.onap.aaf.trust/"+authMech+"/authenticate", Users.class, aafcon.usersDF);\r
- if(fusr.get(5000)) {\r
- List<User> users = fusr.value.getUser();\r
- if(users.isEmpty()) {\r
- aafcon.access.log(Level.WARN, "AAF Lookup-No IDs in Role com.att.aaf.trustForID <> "+authMech);\r
- } else {\r
- aafcon.access.log(Level.INFO,"Loading Trust Authentication Info for",authMech);\r
- Set<String> hsUser = new HashSet<String>();\r
- for(User u : users) {\r
- userLookup.add(u.getId());\r
- hsUser.add(u.getId());\r
- }\r
- newTrustMap.put(authMech,hsUser);\r
- }\r
- } else {\r
- aafcon.access.log(Level.WARN, "Could not get Users in Perm com.att.trust|tguard|authenticate",fusr.code(),fusr.body());\r
- }\r
- \r
- }\r
- \r
- for(String u : userLookup) {\r
- Future<Certs> fc = aafcon.client(AAF_VERSION).read("/authn/cert/id/"+u, Certs.class, aafcon.certsDF);\r
- XMLGregorianCalendar now = Chrono.timeStamp();\r
- if(fc.get(5000)) {\r
- List<Cert> certs = fc.value.getCert();\r
- if(certs.isEmpty()) {\r
- aafcon.access.log(Level.WARN, "No Cert Associations for",u);\r
- } else {\r
- for(Cert c : fc.value.getCert()) {\r
- XMLGregorianCalendar then =c.getExpires();\r
- if(then !=null && then.compare(now)>0) {\r
- newCertsMap.put(new ByteArrayHolder(c.getFingerprint()), c.getId());\r
- aafcon.access.log(Level.INIT,"Associating "+ c.getId() + " expiring " + Chrono.dateOnlyStamp(c.getExpires()) + " with " + c.getX500());\r
- }\r
- }\r
- }\r
- } else {\r
- aafcon.access.log(Level.WARN, "Could not get Certificates for",u);\r
- }\r
- }\r
-\r
- certs = newCertsMap;\r
- trusted = newTrustMap;\r
- } catch(Exception e) {\r
- aafcon.access.log(e, "Failure to update Certificate Identities from AAF");\r
- }\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.client;\r
-\r
-import java.io.PrintStream;\r
-\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.util.Vars;\r
-\r
-import aaf.v2_0.Error;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-public class ErrMessage {\r
- private RosettaDF<Error> errDF;\r
- \r
- public ErrMessage(RosettaEnv env) throws APIException {\r
- errDF = env.newDataFactory(Error.class);\r
- }\r
-\r
- /**\r
- * AT&T Requires a specific Error Format for RESTful Services, which AAF complies with.\r
- * \r
- * This code will create a meaningful string from this format. \r
- * \r
- * @param ps\r
- * @param df\r
- * @param r\r
- * @throws APIException\r
- */\r
- public void printErr(PrintStream ps, String attErrJson) throws APIException {\r
- StringBuilder sb = new StringBuilder();\r
- Error err = errDF.newData().in(TYPE.JSON).load(attErrJson).asObject();\r
- ps.println(toMsg(sb,err));\r
- }\r
- \r
- /**\r
- * AT&T Requires a specific Error Format for RESTful Services, which AAF complies with.\r
- * \r
- * This code will create a meaningful string from this format. \r
- * \r
- * @param sb\r
- * @param df\r
- * @param r\r
- * @throws APIException\r
- */\r
- public StringBuilder toMsg(StringBuilder sb, String attErrJson) throws APIException {\r
- return toMsg(sb,errDF.newData().in(TYPE.JSON).load(attErrJson).asObject());\r
- }\r
- \r
- public StringBuilder toMsg(Future<?> future) {\r
- return toMsg(new StringBuilder(),future);\r
- }\r
- \r
- public StringBuilder toMsg(StringBuilder sb, Future<?> future) {\r
- try {\r
- toMsg(sb,errDF.newData().in(TYPE.JSON).load(future.body()).asObject());\r
- } catch(Exception e) {\r
- //just print what we can\r
- sb.append(future.code());\r
- sb.append(": ");\r
- sb.append(future.body());\r
- }\r
- return sb;\r
- }\r
-\r
- public StringBuilder toMsg(StringBuilder sb, Error err) {\r
- sb.append(err.getMessageId());\r
- sb.append(' ');\r
- String[] vars = new String[err.getVariables().size()];\r
- err.getVariables().toArray(vars);\r
- Vars.convert(sb, err.getText(),vars);\r
- return sb;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.client;\r
-\r
-\r
-import java.lang.reflect.InvocationTargetException;\r
-import java.lang.reflect.Method;\r
-import java.util.GregorianCalendar;\r
-\r
-import aaf.v2_0.Approval;\r
-import aaf.v2_0.Approvals;\r
-import aaf.v2_0.CredRequest;\r
-import aaf.v2_0.Keys;\r
-import aaf.v2_0.NsRequest;\r
-import aaf.v2_0.Nss;\r
-import aaf.v2_0.Nss.Ns;\r
-import aaf.v2_0.Perm;\r
-import aaf.v2_0.PermKey;\r
-import aaf.v2_0.PermRequest;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Pkey;\r
-import aaf.v2_0.Request;\r
-import aaf.v2_0.Role;\r
-import aaf.v2_0.RoleKey;\r
-import aaf.v2_0.RolePermRequest;\r
-import aaf.v2_0.RoleRequest;\r
-import aaf.v2_0.Roles;\r
-import aaf.v2_0.UserRole;\r
-import aaf.v2_0.UserRoleRequest;\r
-import aaf.v2_0.UserRoles;\r
-import aaf.v2_0.Users;\r
-import aaf.v2_0.Users.User;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-public class Examples {\r
- public static <C> String print(RosettaEnv env, String nameOrContentType, boolean optional) throws APIException, SecurityException, NoSuchMethodException, IllegalArgumentException, IllegalAccessException, InvocationTargetException {\r
- // Discover ClassName\r
- String className = null;\r
- String version = null;\r
- TYPE type = TYPE.JSON; // default\r
- if(nameOrContentType.startsWith("application/")) {\r
- for(String ct : nameOrContentType.split("\\s*,\\s*")) {\r
- for(String elem : ct.split("\\s*;\\s*")) {\r
- if(elem.endsWith("+json")) {\r
- type = TYPE.JSON;\r
- className = elem.substring(elem.indexOf('/')+1, elem.length()-5);\r
- } else if(elem.endsWith("+xml")) {\r
- type = TYPE.XML;\r
- className = elem.substring(elem.indexOf('/')+1, elem.length()-4);\r
- } else if(elem.startsWith("version=")) {\r
- version = elem.substring(8);\r
- }\r
- }\r
- if(className!=null && version!=null)break;\r
- }\r
- if(className==null) {\r
- throw new APIException(nameOrContentType + " does not contain Class Information");\r
- }\r
- } else {\r
- className = nameOrContentType;\r
- }\r
- \r
- // No Void.class in aaf.v2_0 package causing errors when trying to use a newVoidv2_0\r
- // method similar to others in this class. This makes it work, but is it right?\r
- if ("Void".equals(className)) return "";\r
- \r
- if("1.1".equals(version)) {\r
- version = "v1_0";\r
- } else if(version!=null) {\r
- version = "v" + version.replace('.', '_');\r
- } else {\r
- version = "v2_0";\r
- }\r
- \r
- Class<?> cls;\r
- try {\r
- cls = Examples.class.getClassLoader().loadClass("aaf."+version+'.'+className);\r
- } catch (ClassNotFoundException e) {\r
- throw new APIException(e);\r
- }\r
- \r
- Method meth;\r
- try {\r
- meth = Examples.class.getDeclaredMethod("new"+cls.getSimpleName()+version,boolean.class);\r
- } catch (Exception e) {\r
- throw new APIException("ERROR: " + cls.getName() + " does not have an Example in Code. Request from AAF Developers");\r
- }\r
- \r
- RosettaDF<C> df = env.newDataFactory(cls);\r
- df.option(Data.PRETTY);\r
- \r
- Object data = meth.invoke(null,optional);\r
- \r
- @SuppressWarnings("unchecked")\r
- String rv = df.newData().load((C)data).out(type).asString();\r
-// Object obj = df.newData().in(type).load(rv).asObject();\r
- return rv;\r
- }\r
- \r
- /*\r
- * Set Base Class Request (easier than coding over and over)\r
- */\r
- private static void setOptional(Request req) {\r
- GregorianCalendar gc = new GregorianCalendar();\r
- req.setStart(Chrono.timeStamp(gc));\r
- gc.add(GregorianCalendar.MONTH, 6);\r
- req.setEnd(Chrono.timeStamp(gc));\r
-// req.setForce("false");\r
- \r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Request newRequestv2_0(boolean optional) {\r
- Request r = new Request();\r
- setOptional(r);\r
- return r;\r
- }\r
- @SuppressWarnings("unused")\r
- private static RolePermRequest newRolePermRequestv2_0(boolean optional) {\r
- RolePermRequest rpr = new RolePermRequest();\r
- Pkey pkey = new Pkey();\r
- pkey.setType("com.att.myns.mytype");\r
- pkey.setInstance("myInstance");\r
- pkey.setAction("myAction");\r
- rpr.setPerm(pkey);\r
- rpr.setRole("com.att.myns.myrole");\r
- if(optional)setOptional(rpr);\r
- return rpr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Roles newRolesv2_0(boolean optional) {\r
- Role r;\r
- Pkey p;\r
- Roles rs = new Roles();\r
- rs.getRole().add(r = new Role());\r
- r.setName("com.att.myns.myRole");\r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
- \r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myOtherAction");\r
- \r
- rs.getRole().add(r = new Role());\r
- r.setName("com.att.myns.myOtherRole");\r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myOtherType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
- \r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myOthertype");\r
- p.setInstance("myInstance");\r
- p.setAction("myOtherAction");\r
-\r
- return rs;\r
- }\r
- \r
- \r
- @SuppressWarnings("unused")\r
- private static PermRequest newPermRequestv2_0(boolean optional) {\r
- PermRequest pr = new PermRequest();\r
- pr.setType("com.att.myns.myType");\r
- pr.setInstance("myInstance");\r
- pr.setAction("myAction");\r
- if(optional) {\r
- pr.setDescription("Short and meaningful verbiage about the Permission");\r
- \r
- setOptional(pr);\r
- }\r
- return pr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Perm newPermv2_0(boolean optional) {\r
- Perm pr = new Perm();\r
- pr.setType("com.att.myns.myType");\r
- pr.setInstance("myInstance");\r
- pr.setAction("myAction");\r
- pr.getRoles().add("com.att.myns.myRole");\r
- pr.getRoles().add("com.att.myns.myRole2");\r
- pr.setDescription("This is my description, and I'm sticking with it");\r
- if(optional) {\r
- pr.setDescription("Short and meaningful verbiage about the Permission");\r
- }\r
- return pr;\r
- }\r
-\r
-\r
- @SuppressWarnings("unused")\r
- private static PermKey newPermKeyv2_0(boolean optional) {\r
- PermKey pr = new PermKey();\r
- pr.setType("com.att.myns.myType");\r
- pr.setInstance("myInstance");\r
- pr.setAction("myAction");\r
- return pr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Perms newPermsv2_0(boolean optional) {\r
- Perms perms = new Perms();\r
- Perm p;\r
- perms.getPerm().add(p=new Perm());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
- p.getRoles().add("com.att.myns.myRole");\r
- p.getRoles().add("com.att.myns.myRole2");\r
- \r
-\r
- perms.getPerm().add(p=new Perm());\r
- p.setType("com.att.myns.myOtherType");\r
- p.setInstance("myInstance");\r
- p.setAction("myOtherAction");\r
- p.getRoles().add("com.att.myns.myRole");\r
- p.getRoles().add("com.att.myns.myRole2");\r
-\r
- return perms;\r
- \r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static UserRoleRequest newUserRoleRequestv2_0(boolean optional) {\r
- UserRoleRequest urr = new UserRoleRequest();\r
- urr.setRole("com.att.myns.myRole");\r
- urr.setUser("ab1234@csp.att.com");\r
- if(optional) setOptional(urr);\r
- return urr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static NsRequest newNsRequestv2_0(boolean optional) {\r
- NsRequest nr = new NsRequest();\r
- nr.setName("com.att.myns");\r
- nr.getResponsible().add("ab1234@csp.att.com");\r
- nr.getResponsible().add("cd5678@csp.att.com");\r
- nr.getAdmin().add("zy9876@csp.att.com");\r
- nr.getAdmin().add("xw5432@csp.att.com"); \r
- if(optional) {\r
- nr.setDescription("This is my Namespace to set up");\r
- nr.setType("APP");\r
- setOptional(nr);\r
- }\r
- return nr;\r
- }\r
- \r
- \r
- @SuppressWarnings("unused")\r
- private static Nss newNssv2_0(boolean optional) {\r
- Ns ns;\r
- \r
- Nss nss = new Nss();\r
- nss.getNs().add(ns = new Nss.Ns());\r
- ns.setName("com.att.myns");\r
- ns.getResponsible().add("ab1234@csp.att.com");\r
- ns.getResponsible().add("cd5678@csp.att.com");\r
- ns.getAdmin().add("zy9876@csp.att.com");\r
- ns.getAdmin().add("xw5432@csp.att.com");\r
- ns.setDescription("This is my Namespace to set up");\r
- \r
- nss.getNs().add(ns = new Nss.Ns());\r
- ns.setName("com.att.myOtherNs");\r
- ns.getResponsible().add("ab1234@csp.att.com");\r
- ns.getResponsible().add("cd5678@csp.att.com");\r
- ns.getAdmin().add("zy9876@csp.att.com");\r
- ns.getAdmin().add("xw5432@csp.att.com"); \r
- \r
- return nss;\r
- }\r
- @SuppressWarnings("unused")\r
- private static RoleRequest newRoleRequestv2_0(boolean optional) {\r
- RoleRequest rr = new RoleRequest();\r
- rr.setName("com.att.myns.myRole");\r
- if(optional) {\r
- rr.setDescription("This is my Role");\r
- setOptional(rr);\r
- }\r
- return rr;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static CredRequest newCredRequestv2_0(boolean optional) {\r
- CredRequest cr = new CredRequest();\r
- cr.setId("myID@fully.qualified.domain");\r
- if(optional) {\r
- cr.setType(2);\r
- cr.setEntry("0x125AB256344CE");\r
- } else {\r
- cr.setPassword("This is my provisioned password");\r
- }\r
-\r
- return cr;\r
- }\r
- \r
- @SuppressWarnings("unused")\r
- private static Users newUsersv2_0(boolean optional) {\r
- User user;\r
- \r
- Users users = new Users();\r
- users.getUser().add(user = new Users.User());\r
- user.setId("ab1234@csp.att.com"); \r
- GregorianCalendar gc = new GregorianCalendar();\r
- user.setExpires(Chrono.timeStamp(gc));\r
- \r
- users.getUser().add(user = new Users.User());\r
- user.setId("zy9876@csp.att.com"); \r
- user.setExpires(Chrono.timeStamp(gc)); \r
- \r
- return users;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static Role newRolev2_0(boolean optional) {\r
- Role r = new Role();\r
- Pkey p;\r
- r.setName("com.att.myns.myRole");\r
- r.getPerms().add(p = new Pkey());\r
- p.setType("com.att.myns.myType");\r
- p.setInstance("myInstance");\r
- p.setAction("myAction");\r
-\r
- return r;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static RoleKey newRoleKeyv2_0(boolean optional) {\r
- RoleKey r = new RoleKey();\r
- Pkey p;\r
- r.setName("com.att.myns.myRole");\r
- return r;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static Keys newKeysv2_0(boolean optional) {\r
- Keys ks = new Keys();\r
- ks.getKey().add("Reponse 1");\r
- ks.getKey().add("Response 2");\r
- return ks;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static UserRoles newUserRolesv2_0(boolean optional) {\r
- UserRoles urs = new UserRoles();\r
- UserRole ur = new UserRole();\r
- ur.setUser("xy1234");\r
- ur.setRole("com.test.myapp.myRole");\r
- ur.setExpires(Chrono.timeStamp());\r
- urs.getUserRole().add(ur);\r
- \r
- ur = new UserRole();\r
- ur.setUser("yx4321");\r
- ur.setRole("com.test.yourapp.yourRole");\r
- ur.setExpires(Chrono.timeStamp());\r
- urs.getUserRole().add(ur);\r
- return urs;\r
- }\r
-\r
-\r
- @SuppressWarnings("unused")\r
- private static Approvals newApprovalsv2_0(boolean optional) {\r
- Approvals as = new Approvals();\r
- Approval a = new Approval();\r
- a.setApprover("MyApprover");\r
- a.setId("MyID");\r
- a.setMemo("My memo (and then some)");\r
- a.setOperation("MyOperation");\r
- a.setStatus("MyStatus");\r
- a.setTicket("MyTicket");\r
- a.setType("MyType");\r
- a.setUpdated(Chrono.timeStamp());\r
- a.setUser("MyUser");\r
- as.getApprovals().add(a);\r
- a = new Approval();\r
- a.setApprover("MyApprover2");\r
- a.setId("MyID2");\r
- a.setMemo("My memo (and then some)2");\r
- a.setOperation("MyOperation2");\r
- a.setStatus("MyStatus2");\r
- a.setTicket("MyTicket2");\r
- a.setType("MyType2");\r
- a.setUpdated(Chrono.timeStamp());\r
- a.setUser("MyUser2");\r
- as.getApprovals().add(a);\r
- return as;\r
- }\r
-\r
- @SuppressWarnings("unused")\r
- private static Approval newApprovalv2_0(boolean optional) {\r
- Approval a = new Approval();\r
- a.setApprover("MyApprover");\r
- a.setId("MyID");\r
- a.setMemo("My memo (and then some)");\r
- a.setOperation("MyOperation");\r
- a.setStatus("MyStatus");\r
- a.setTicket("MyTicket");\r
- a.setType("MyType");\r
- a.setUpdated(Chrono.timeStamp());\r
- a.setUser("MyUser");\r
- return a;\r
- }\r
-\r
- \r
-\r
- @SuppressWarnings("unused")\r
- private static aaf.v2_0.Error newErrorv2_0(boolean optional) {\r
- aaf.v2_0.Error err = new aaf.v2_0.Error();\r
- err.setMessageId("SVC1403");\r
- err.setText("MyText %s, %s: The last three digits are usually the HTTP Code");\r
- err.getVariables().add("Variable 1");\r
- err.getVariables().add("Variable 2");\r
- return err;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.marshal;\r
-\r
-import javax.xml.datatype.XMLGregorianCalendar;\r
-\r
-import aaf.v2_0.Certs.Cert;\r
-\r
-import org.onap.aaf.rosetta.marshal.FieldDateTime;\r
-import org.onap.aaf.rosetta.marshal.FieldHexBinary;\r
-import org.onap.aaf.rosetta.marshal.FieldString;\r
-import org.onap.aaf.rosetta.marshal.ObjMarshal;\r
-\r
-public class CertMarshal extends ObjMarshal<Cert> {\r
- public CertMarshal() {\r
- add(new FieldHexBinary<Cert>("fingerprint") {\r
- @Override\r
- protected byte[] data(Cert t) {\r
- return t.getFingerprint();\r
- }\r
- });\r
-\r
- add(new FieldString<Cert>("id") {\r
- @Override\r
- protected String data(Cert t) {\r
- return t.getId();\r
- }\r
- });\r
-\r
- add(new FieldString<Cert>("x500") {\r
- @Override\r
- protected String data(Cert t) {\r
- return t.getX500();\r
- }\r
- });\r
- \r
- add(new FieldDateTime<Cert>("expires") {\r
- @Override\r
- protected XMLGregorianCalendar data(Cert t) {\r
- return t.getExpires();\r
- }\r
- });\r
-\r
-\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.marshal;\r
-\r
-import java.util.List;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Certs.Cert;\r
-\r
-import org.onap.aaf.rosetta.marshal.ObjArray;\r
-import org.onap.aaf.rosetta.marshal.ObjMarshal;\r
-\r
-public class CertsMarshal extends ObjMarshal<Certs> {\r
-\r
- public CertsMarshal() {\r
- add(new ObjArray<Certs,Cert>("cert",new CertMarshal()) {\r
- @Override\r
- protected List<Cert> data(Certs t) {\r
- return t.getCert();\r
- }\r
- }); \r
- }\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.GetCred;\r
-import org.onap.aaf.cadi.Hash;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.lur.ConfigPrincipal;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-public class AAFAuthn<CLIENT> extends AbsUserCache<AAFPermission> {\r
- private AAFCon<CLIENT> con;\r
- private String realm;\r
- \r
- /**\r
- * Configure with Standard AAF properties, Stand alone\r
- * @param con\r
- * @throws Exception \r
- */\r
- // Package on purpose\r
- AAFAuthn(AAFCon<CLIENT> con) throws Exception {\r
- super(con.access,con.cleanInterval,con.highCount,con.usageRefreshTriggerCount);\r
- this.con = con;\r
-\r
- try {\r
- setRealm();\r
- } catch (APIException e) {\r
- if(e.getCause() instanceof DME2Exception) {\r
- // Can't contact AAF, assume default\r
- realm=con.access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());\r
- }\r
- }\r
- }\r
-\r
- /**\r
- * Configure with Standard AAF properties, but share the Cache (with AAF Lur)\r
- * @param con\r
- * @throws Exception \r
- */\r
- // Package on purpose\r
- AAFAuthn(AAFCon<CLIENT> con, AbsUserCache<AAFPermission> cache) throws Exception {\r
- super(cache);\r
- this.con = con;\r
- try {\r
- setRealm();\r
- } catch (Exception e) {\r
- if(e.getCause() instanceof DME2Exception) {\r
- access.log(e);\r
- // Can't contact AAF, assume default \r
- realm=con.access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());\r
- }\r
- }\r
- }\r
-\r
- private void setRealm() throws Exception {\r
- // Make a call without security set to get the 401 response, which\r
- // includes the Realm of the server\r
- // This also checks on Connectivity early on.\r
- Future<String> fp = con.client(AAFCon.AAF_LATEST_VERSION).read("/authn/basicAuth", "text/plain");\r
- if(fp.get(con.timeout)) {\r
- throw new Exception("Do not preset Basic Auth Information for AAFAuthn");\r
- } else {\r
- if(fp.code()==401) {\r
- realm = fp.header("WWW-Authenticate");\r
- if(realm!=null && realm.startsWith("Basic realm=\"")) {\r
- realm = realm.substring(13, realm.length()-1);\r
- } else {\r
- realm = "unknown.com";\r
- }\r
- }\r
- }\r
- }\r
- \r
- /**\r
- * Return Native Realm of AAF Instance.\r
- * \r
- * @return\r
- */\r
- public String getRealm() {\r
- return realm;\r
- }\r
-\r
- /**\r
- * Returns null if ok, or an Error String;\r
- * \r
- * @param user\r
- * @param password\r
- * @return\r
- * @throws IOException \r
- * @throws CadiException \r
- * @throws Exception\r
- */\r
- public String validate(String user, String password) throws IOException, CadiException {\r
- User<AAFPermission> usr = getUser(user);\r
- if(password.startsWith("enc:???")) {\r
- password = access.decrypt(password, true);\r
- }\r
-\r
- byte[] bytes = password.getBytes();\r
- if(usr != null && usr.principal != null && usr.principal.getName().equals(user) \r
- && usr.principal instanceof GetCred) {\r
- \r
- if(Hash.isEqual(((GetCred)usr.principal).getCred(),bytes)) {\r
- return null;\r
- } else {\r
- remove(usr);\r
- usr = null;\r
- }\r
- }\r
- \r
- AAFCachedPrincipal cp = new AAFCachedPrincipal(this,con.app, user, bytes, con.cleanInterval);\r
- // Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch\r
- // Statement\r
- switch(cp.revalidate()) {\r
- case REVALIDATED:\r
- if(usr!=null) {\r
- usr.principal = cp;\r
- } else {\r
- addUser(new User<AAFPermission>(cp,con.timeout));\r
- }\r
- return null;\r
- case INACCESSIBLE:\r
- return "AAF Inaccessible";\r
- case UNVALIDATED:\r
- return "User/Pass combo invalid for " + user;\r
- case DENIED:\r
- return "AAF denies API for " + user;\r
- default: \r
- return "AAFAuthn doesn't handle Principal " + user;\r
- }\r
- }\r
- \r
- private class AAFCachedPrincipal extends ConfigPrincipal implements CachedPrincipal {\r
- private long expires,timeToLive;\r
-\r
- public AAFCachedPrincipal(AAFAuthn<?> aaf, String app, String name, byte[] pass, int timeToLive) {\r
- super(name,pass);\r
- this.timeToLive = timeToLive;\r
- expires = timeToLive + System.currentTimeMillis();\r
- }\r
-\r
- public Resp revalidate() {\r
- if(con.isDisabled()) {\r
- return Resp.DENIED;\r
- }\r
- try {\r
- Miss missed = missed(getName());\r
- if(missed==null || missed.mayContinue(getCred())) {\r
- Rcli<CLIENT> client = con.client(AAFCon.AAF_LATEST_VERSION).forUser(con.basicAuth(getName(), new String(getCred())));\r
- Future<String> fp = client.read(\r
- "/authn/basicAuth",\r
- "text/plain"\r
- );\r
- if(fp.get(con.timeout)) {\r
- expires = System.currentTimeMillis() + timeToLive;\r
- addUser(new User<AAFPermission>(this, expires));\r
- return Resp.REVALIDATED;\r
- } else {\r
- addMiss(getName(), getCred());\r
- return Resp.UNVALIDATED;\r
- }\r
- } else {\r
- return Resp.UNVALIDATED;\r
- }\r
- } catch (Exception e) {\r
- con.access.log(e);\r
- return Resp.INACCESSIBLE;\r
- }\r
- }\r
-\r
- public long expires() {\r
- return expires;\r
- }\r
- };\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.net.URI;\r
-import java.security.Principal;\r
-import java.util.Map;\r
-import java.util.concurrent.ConcurrentHashMap;\r
-\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CadiWrap;\r
-import org.onap.aaf.cadi.Connector;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;\r
-import org.onap.aaf.cadi.client.AbsBasicAuth;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.util.Vars;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.util.Split;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Certs;\r
-import aaf.v2_0.Error;\r
-import aaf.v2_0.Perms;\r
-import aaf.v2_0.Users;\r
-\r
-public abstract class AAFCon<CLIENT> implements Connector {\r
- public static final String AAF_LATEST_VERSION = "2.0";\r
-\r
- final public PropAccess access;\r
- // Package access\r
- final public int timeout, cleanInterval, connTimeout;\r
- final public int highCount, userExpires, usageRefreshTriggerCount;\r
- private Map<String,Rcli<CLIENT>> clients = new ConcurrentHashMap<String,Rcli<CLIENT>>();\r
- final public RosettaDF<Perms> permsDF;\r
- final public RosettaDF<Certs> certsDF;\r
- final public RosettaDF<Users> usersDF;\r
- final public RosettaDF<Error> errDF;\r
- private String realm;\r
- public final String app;\r
- protected SecuritySetter<CLIENT> ss;\r
- protected SecurityInfoC<CLIENT> si;\r
-\r
- private DisableCheck disableCheck;\r
-\r
- private AAFLurPerm lur;\r
-\r
- private RosettaEnv env;\r
- protected abstract URI initURI();\r
- protected abstract void setInitURI(String uriString) throws CadiException;\r
-\r
- /**\r
- * Use this call to get the appropriate client based on configuration (DME2, HTTP, future)\r
- * \r
- * @param apiVersion\r
- * @return\r
- * @throws CadiException\r
- */\r
- public Rcli<CLIENT> client(String apiVersion) throws CadiException {\r
- Rcli<CLIENT> client = clients.get(apiVersion);\r
- if(client==null) {\r
- client = rclient(initURI(),ss);\r
- client.apiVersion(apiVersion)\r
- .readTimeout(connTimeout);\r
- clients.put(apiVersion, client);\r
- } \r
- return client;\r
- }\r
- \r
- /**\r
- * Use this API when you have permission to have your call act as the end client's ID.\r
- * \r
- * Your calls will get 403 errors if you do not have this permission. it is a special setup, rarely given.\r
- * \r
- * @param apiVersion\r
- * @param req\r
- * @return\r
- * @throws CadiException\r
- */\r
- public Rcli<CLIENT> clientAs(String apiVersion, ServletRequest req) throws CadiException {\r
- Rcli<CLIENT> cl = client(apiVersion);\r
- return cl.forUser(transferSS(((HttpServletRequest)req).getUserPrincipal()));\r
- }\r
- \r
- protected AAFCon(AAFCon<CLIENT> copy) {\r
- access = copy.access;\r
- timeout = copy.timeout;\r
- cleanInterval = copy.cleanInterval;\r
- connTimeout = copy.connTimeout;\r
- highCount = copy.highCount;\r
- userExpires = copy.userExpires;\r
- usageRefreshTriggerCount = copy.usageRefreshTriggerCount;\r
- permsDF = copy.permsDF;\r
- certsDF = copy.certsDF;\r
- usersDF = copy.usersDF;\r
- errDF = copy.errDF;\r
- app = copy.app;\r
- ss = copy.ss;\r
- si = copy.si;\r
- env = copy.env;\r
- disableCheck = copy.disableCheck;\r
- realm = copy.realm;\r
- }\r
- \r
- protected AAFCon(PropAccess access, String tag, SecurityInfoC<CLIENT> si) throws CadiException{\r
- if(tag==null) {\r
- throw new CadiException("AAFCon cannot be constructed with a tag=null");\r
- }\r
- try {\r
- this.access = access;\r
- this.si = si;\r
- this.ss = si.defSS;\r
- if(ss==null) {\r
- String mechid = access.getProperty(Config.AAF_MECHID, null);\r
- String encpass = access.getProperty(Config.AAF_MECHPASS, null);\r
- if(encpass==null) {\r
- String alias = access.getProperty(Config.CADI_ALIAS, mechid);\r
- if(alias==null) {\r
- throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");\r
- }\r
- set(si.defSS=x509Alias(alias));\r
- } else {\r
- if(mechid!=null && encpass !=null) {\r
- set(si.defSS=basicAuth(mechid, encpass));\r
- } else {\r
- set(si.defSS=new SecuritySetter<CLIENT>() {\r
- \r
- @Override\r
- public String getID() {\r
- return "";\r
- }\r
- \r
- @Override\r
- public void setSecurity(CLIENT client) throws CadiException {\r
- throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");\r
- }\r
-\r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
- });\r
- }\r
- }\r
- }\r
- \r
- timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));\r
- cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));\r
- highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());\r
- connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());\r
- userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());\r
- usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based\r
- \r
- String str = access.getProperty(tag,null);\r
- if(str==null) {\r
- throw new CadiException(tag + " property is required.");\r
- }\r
- setInitURI(str);\r
- \r
- app=reverseDomain(ss.getID());\r
- realm="openecomp.org";\r
- \r
- env = new RosettaEnv();\r
- permsDF = env.newDataFactory(Perms.class);\r
- usersDF = env.newDataFactory(Users.class);\r
- certsDF = env.newDataFactory(Certs.class);\r
- certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling\r
- errDF = env.newDataFactory(Error.class);\r
- } catch (APIException e) {\r
- throw new CadiException("AAFCon cannot be configured",e);\r
- }\r
- }\r
- \r
- public RosettaEnv env() {\r
- return env;\r
- }\r
- \r
- /**\r
- * Return the backing AAFCon, if there is a Lur Setup that is AAF.\r
- * \r
- * If there is no AAFLur setup, it will return "null"\r
- * @param servletRequest\r
- * @return\r
- */\r
- public static final AAFCon<?> obtain(Object servletRequest) {\r
- if(servletRequest instanceof CadiWrap) {\r
- Lur lur = ((CadiWrap)servletRequest).getLur();\r
- if(lur != null) {\r
- if(lur instanceof EpiLur) {\r
- AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);\r
- if(aal!=null) {\r
- return aal.aaf;\r
- }\r
- } else {\r
- if(lur instanceof AbsAAFLur) {\r
- return ((AbsAAFLur<?>)lur).aaf;\r
- }\r
- }\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- public abstract AAFCon<CLIENT> clone(String url) throws CadiException;\r
- \r
- public AAFAuthn<CLIENT> newAuthn() throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFAuthn<CLIENT>(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- public AAFLurPerm newLur() throws CadiException {\r
- try {\r
- if(lur==null) {\r
- return new AAFLurPerm(this);\r
- } else {\r
- return new AAFLurPerm(this,lur);\r
- }\r
- } catch (CadiException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {\r
- try {\r
- return new AAFLurPerm(this,c);\r
- } catch (APIException e) {\r
- throw e;\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- /**\r
- * Take a Fully Qualified User, and get a Namespace from it.\r
- * @param user\r
- * @return\r
- */\r
- public static String reverseDomain(String user) {\r
- StringBuilder sb = null;\r
- String[] split = Split.split('.',user);\r
- int at;\r
- for(int i=split.length-1;i>=0;--i) {\r
- if(sb == null) {\r
- sb = new StringBuilder();\r
- } else {\r
- sb.append('.');\r
- }\r
-\r
- if((at = split[i].indexOf('@'))>0) {\r
- sb.append(split[i].subSequence(at+1, split[i].length()));\r
- } else {\r
- sb.append(split[i]);\r
- }\r
- }\r
- \r
- return sb==null?"":sb.toString();\r
- }\r
-\r
- protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;\r
- \r
- public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;\r
-\r
-\r
- public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;\r
- \r
- public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;\r
-\r
-\r
- public String getRealm() {\r
- return realm;\r
-\r
- }\r
-\r
- public SecuritySetter<CLIENT> set(final SecuritySetter<CLIENT> ss) {\r
- this.ss = ss;\r
- if(ss instanceof AbsBasicAuth) {\r
- disableCheck = (ss instanceof AbsBasicAuth)?\r
- new DisableCheck() {\r
- AbsBasicAuth<?> aba = (AbsBasicAuth<?>)ss;\r
- @Override\r
- public boolean isDisabled() {\r
- return aba.isDenied();\r
- }\r
- }:\r
- new DisableCheck() {\r
- @Override\r
- public boolean isDisabled() {\r
- return this.isDisabled();\r
- }\r
- };\r
- }\r
- for(Rcli<CLIENT> client : clients.values()) {\r
- client.setSecuritySetter(ss);\r
- }\r
- return ss;\r
- }\r
- \r
- public SecurityInfoC<CLIENT> securityInfo() {\r
- return si;\r
- }\r
-\r
- public String defID() {\r
- if(ss!=null) {\r
- return ss.getID();\r
- }\r
- return "unknown";\r
- }\r
- \r
- public void invalidate() throws CadiException {\r
- for(Rcli<CLIENT> client : clients.values()) {\r
- client.invalidate();\r
- clients.remove(client);\r
- }\r
- }\r
-\r
- public String readableErrMsg(Future<?> f) {\r
- String text = f.body();\r
- if(text==null || text.length()==0) {\r
- text = f.code() + ": **No Message**";\r
- } else if(text.contains("%")) {\r
- try {\r
- Error err = errDF.newData().in(TYPE.JSON).load(f.body()).asObject();\r
- return Vars.convert(err.getText(),err.getVariables());\r
- } catch (APIException e){\r
- // just return the body below\r
- }\r
- }\r
- return text;\r
- }\r
- \r
- private interface DisableCheck {\r
- public boolean isDisabled();\r
- };\r
- \r
- public boolean isDisabled() {\r
- return disableCheck.isDisabled();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-import java.net.ConnectException;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.security.GeneralSecurityException;\r
-import java.security.Principal;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.dme2.DME2BasicAuth;\r
-import org.onap.aaf.cadi.dme2.DME2TransferSS;\r
-import org.onap.aaf.cadi.dme2.DME2x509SS;\r
-import org.onap.aaf.cadi.dme2.DRcli;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-public class AAFConDME2 extends AAFCon<DME2Client>{\r
- private DME2Manager manager;\r
- private boolean isProxy;\r
- private URI initURI;\r
-\r
- public AAFConDME2(PropAccess access) throws CadiException, GeneralSecurityException, IOException{\r
- super(access,Config.AAF_URL,new SecurityInfoC<DME2Client> (access));\r
- manager = newManager(access);\r
- setIsProxy();\r
- }\r
- \r
- public AAFConDME2(PropAccess access, String url) throws CadiException, GeneralSecurityException, IOException{\r
- super(access,url,new SecurityInfoC<DME2Client> (access));\r
- manager = newManager(access);\r
- setIsProxy();\r
- }\r
-\r
- public AAFConDME2(PropAccess access, SecurityInfoC<DME2Client> si) throws CadiException {\r
- super(access,Config.AAF_URL,si);\r
- manager = newManager(access);\r
- setIsProxy();\r
- }\r
-\r
- public AAFConDME2(PropAccess access, String url, SecurityInfoC<DME2Client> si) throws CadiException {\r
- super(access,url,si);\r
- manager = newManager(access);\r
- setIsProxy();\r
- }\r
-\r
- /**\r
- * Construct a Connector based on the AAF one. This is for remote access to OTHER than AAF,\r
- * but using Credentials, etc\r
- */ \r
- private AAFConDME2(AAFCon<DME2Client> aafcon, String url) throws CadiException {\r
- super(aafcon);\r
- try {\r
- initURI = new URI(url);\r
- } catch (URISyntaxException e) {\r
- throw new CadiException(e);\r
- }\r
- manager = newManager(access);\r
- }\r
- \r
- /**\r
- * Create a Connector based on the AAF one. This is for remote access to OTHER than AAF,\r
- * but using Credentials, etc\r
- */ \r
- public AAFCon<DME2Client> clone(String url) throws CadiException {\r
- return new AAFConDME2(this,url);\r
- }\r
- \r
- private void setIsProxy() {\r
- String str;\r
- if((str=access.getProperty(Config.AAF_URL, null))!=null) {\r
- isProxy = str.contains("service=com.att.authz.authz-gw/version=");\r
- }\r
- }\r
-\r
- private DME2Manager newManager(PropAccess access) throws CadiException {\r
- Properties props = access.getDME2Properties();\r
- // Critical that TLS Settings not ignored\r
- try {\r
- return new DME2Manager("AAFCon",props);\r
- } catch (DME2Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuth(java.lang.String, java.lang.String)\r
- */\r
- @Override\r
- public SecuritySetter<DME2Client> basicAuth(String user, String password) throws CadiException {\r
- if(password.startsWith("enc:???")) {\r
- try {\r
- password = access.decrypt(password, true);\r
- } catch (IOException e) {\r
- throw new CadiException("Error Decrypting Password",e);\r
- }\r
- }\r
-\r
- try {\r
- return set(new DME2BasicAuth(user,password,si));\r
- } catch (IOException e) {\r
- throw new CadiException("Error setting up DME2BasicAuth",e);\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#rclient(java.net.URI, com.att.cadi.SecuritySetter)\r
- */\r
- @Override\r
- protected Rcli<DME2Client> rclient(URI uri, SecuritySetter<DME2Client> ss) {\r
- DRcli dc = new DRcli(uri, ss);\r
- dc.setProxy(isProxy);\r
- dc.setManager(manager);\r
- return dc;\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> transferSS(Principal principal) throws CadiException {\r
- try {\r
- return principal==null?ss:new DME2TransferSS(principal, app, si);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating DME2TransferSS",e);\r
- }\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> basicAuthSS(BasicPrincipal principal) throws CadiException {\r
- try {\r
- return new DME2BasicAuth(principal,si);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating DME2BasicAuth",e);\r
- }\r
-\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> x509Alias(String alias) throws CadiException {\r
- try {\r
- presetProps(access, alias);\r
- return new DME2x509SS(alias,si);\r
- } catch (Exception e) {\r
- throw new CadiException("Error creating DME2x509SS",e);\r
- }\r
- }\r
-\r
- @Override\r
- public <RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException {\r
- // NOTE: DME2 had Retry Logic embedded lower. \r
- try {\r
- return (retryable.code(rclient(initURI,ss)));\r
- } catch (ConnectException e) {\r
- // DME2 should catch\r
- try {\r
- manager.refresh();\r
- } catch (Exception e1) {\r
- throw new CadiException(e1);\r
- }\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- public static void presetProps(PropAccess access, String alias) throws IOException {\r
- System.setProperty(Config.AFT_DME2_CLIENT_SSL_CERT_ALIAS, alias);\r
- if(System.getProperty(Config.AFT_DME2_CLIENT_IGNORE_SSL_CONFIG)==null) {\r
- access.getDME2Properties();\r
- }\r
-\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#initURI()\r
- */\r
- @Override\r
- protected URI initURI() {\r
- return initURI;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#setInitURI(java.lang.String)\r
- */\r
- @Override\r
- protected void setInitURI(String uriString) throws CadiException {\r
- try {\r
- initURI = new URI(uriString);\r
- } catch (URISyntaxException e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-import java.net.HttpURLConnection;\r
-import java.net.URI;\r
-import java.security.GeneralSecurityException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.client.AbsTransferSS;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.http.HBasicAuthSS;\r
-import org.onap.aaf.cadi.http.HMangr;\r
-import org.onap.aaf.cadi.http.HRcli;\r
-import org.onap.aaf.cadi.http.HTransferSS;\r
-import org.onap.aaf.cadi.http.HX509SS;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-public class AAFConHttp extends AAFCon<HttpURLConnection> {\r
- private final HMangr hman;\r
-\r
- public AAFConHttp(PropAccess access) throws CadiException, GeneralSecurityException, IOException {\r
- super(access,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(access));\r
- hman = new HMangr(access,Config.loadLocator(access, access.getProperty(Config.AAF_URL,null)));\r
- }\r
-\r
- public AAFConHttp(PropAccess access, String tag) throws CadiException, GeneralSecurityException, IOException {\r
- super(access,tag,new SecurityInfoC<HttpURLConnection>(access));\r
- hman = new HMangr(access,Config.loadLocator(access, access.getProperty(tag,null)));\r
- }\r
-\r
- public AAFConHttp(PropAccess access, String urlTag, SecurityInfoC<HttpURLConnection> si) throws CadiException {\r
- super(access,urlTag,si);\r
- hman = new HMangr(access,Config.loadLocator(access, access.getProperty(urlTag,null)));\r
- }\r
-\r
- public AAFConHttp(PropAccess access, Locator<URI> locator) throws CadiException, GeneralSecurityException, IOException {\r
- super(access,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(access));\r
- hman = new HMangr(access,locator);\r
- }\r
-\r
- public AAFConHttp(PropAccess access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si) throws CadiException {\r
- super(access,Config.AAF_URL,si);\r
- hman = new HMangr(access,locator);\r
- }\r
-\r
- public AAFConHttp(PropAccess access, Locator<URI> locator, SecurityInfoC<HttpURLConnection> si, String tag) throws CadiException {\r
- super(access,tag,si);\r
- hman = new HMangr(access, locator);\r
- }\r
- \r
- private AAFConHttp(AAFCon<HttpURLConnection> aafcon, String url) {\r
- super(aafcon);\r
- hman = new HMangr(aafcon.access,Config.loadLocator(access, url));\r
- }\r
-\r
- @Override\r
- public AAFCon<HttpURLConnection> clone(String url) {\r
- return new AAFConHttp(this,url);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuth(java.lang.String, java.lang.String)\r
- */\r
- @Override\r
- public SecuritySetter<HttpURLConnection> basicAuth(String user, String password) throws CadiException {\r
- if(password.startsWith("enc:???")) {\r
- try {\r
- password = access.decrypt(password, true);\r
- } catch (IOException e) {\r
- throw new CadiException("Error decrypting password",e);\r
- }\r
- }\r
- try {\r
- return new HBasicAuthSS(user,password,si);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating HBasicAuthSS",e);\r
- }\r
- }\r
-\r
- public SecuritySetter<HttpURLConnection> x509Alias(String alias) throws APIException, CadiException {\r
- try {\r
- return set(new HX509SS(alias,si));\r
- } catch (Exception e) {\r
- throw new CadiException("Error creating X509SS",e);\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#rclient(java.net.URI, com.att.cadi.SecuritySetter)\r
- */\r
- @Override\r
- protected Rcli<HttpURLConnection> rclient(URI ignoredURI, SecuritySetter<HttpURLConnection> ss) throws CadiException {\r
- if(hman.loc==null) {\r
- throw new CadiException("No Locator set in AAFConHttp"); \r
- }\r
- try {\r
- return new HRcli(hman, hman.loc.best() ,ss);\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
- @Override\r
- public AbsTransferSS<HttpURLConnection> transferSS(Principal principal) throws CadiException {\r
- return new HTransferSS(principal, app,si);\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#basicAuthSS(java.security.Principal)\r
- */\r
- @Override\r
- public SecuritySetter<HttpURLConnection> basicAuthSS(BasicPrincipal principal) throws CadiException {\r
- try {\r
- return new HBasicAuthSS(principal,si);\r
- } catch (IOException e) {\r
- throw new CadiException("Error creating HBasicAuthSS",e);\r
- }\r
- }\r
-\r
- public HMangr hman() {\r
- return hman;\r
- }\r
-\r
- @Override\r
- public <RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException {\r
- return hman.best(ss, (Retryable<RET>)retryable);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#initURI()\r
- */\r
- @Override\r
- protected URI initURI() {\r
- try {\r
- Item item = hman.loc.best();\r
- if(item!=null) {\r
- return hman.loc.get(item);\r
- }\r
- } catch (LocatorException e) {\r
- access.log(e, "Error in AAFConHttp obtaining initial URI");\r
- }\r
- return null;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.aaf.v2_0.AAFCon#setInitURI(java.lang.String)\r
- */\r
- @Override\r
- protected void setInitURI(String uriString) throws CadiException {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.net.ConnectException;\r
-import java.net.URISyntaxException;\r
-import java.security.Principal;\r
-import java.util.Map;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-import aaf.v2_0.Perm;\r
-import aaf.v2_0.Perms;\r
-\r
-/**\r
- * Use AAF Service as Permission Service.\r
- * \r
- * This Lur goes after AAF Permissions, which are elements of Roles, not the Roles themselves.\r
- * \r
- * If you want a simple Role Lur, use AAFRoleLur\r
- * \r
- *\r
- */\r
-public class AAFLurPerm extends AbsAAFLur<AAFPermission> {\r
- /**\r
- * Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this\r
- * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com". \r
- * \r
- * The only thing that matters here for AAF is that we don't waste calls with IDs that obviously aren't valid.\r
- * Thus, we validate that the ID portion follows the rules before we waste time accessing AAF remotely\r
- * @throws APIException \r
- * @throws URISyntaxException \r
- * @throws DME2Exception \r
- */\r
- // Package on purpose\r
- AAFLurPerm(AAFCon<?> con) throws CadiException, DME2Exception, URISyntaxException, APIException {\r
- super(con);\r
- }\r
-\r
- // Package on purpose\r
- AAFLurPerm(AAFCon<?> con, AbsUserCache<AAFPermission> auc) throws DME2Exception, URISyntaxException, APIException {\r
- super(con,auc);\r
- }\r
-\r
- protected User<AAFPermission> loadUser(Principal p) {\r
- // Note: The rules for AAF is that it only stores permissions for ATTUID and MechIDs, which don't \r
- // have domains. We are going to make the Transitive Class (see this.transmutative) to convert\r
- Principal principal = transmutate.mutate(p);\r
- if(principal==null)return null; // if not a valid Transmutated credential, don't bother calling...\r
- return loadUser(p, p.getName());\r
- }\r
- \r
- protected User<AAFPermission> loadUser(String name) {\r
- return loadUser((Principal)null, name);\r
- }\r
- \r
- private User<AAFPermission> loadUser(final Principal prin, final String name) {\r
- \r
- //TODO Create a dynamic way to declare domains supported.\r
- final long start = System.nanoTime();\r
- final boolean[] success = new boolean[]{false};\r
- \r
-// new Exception("loadUser").printStackTrace();\r
- try {\r
- return aaf.best(new Retryable<User<AAFPermission>>() {\r
- @Override\r
- public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {\r
- Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF);\r
- \r
- // In the meantime, lookup User, create if necessary\r
- User<AAFPermission> user = getUser(name);\r
- Principal p;\r
- if(prin == null) {\r
- p = new Principal() {// Create a holder for lookups\r
- private String n = name;\r
- public String getName() {\r
- return n;\r
- }\r
- };\r
- } else {\r
- p = prin;\r
- }\r
- \r
- if(user==null) {\r
- addUser(user = new User<AAFPermission>(p,aaf.userExpires)); // no password\r
- }\r
- \r
- // OK, done all we can, now get content\r
- if(fp.get(aaf.timeout)) {\r
- success[0]=true;\r
- Map<String, Permission> newMap = user.newMap();\r
- boolean willLog = aaf.access.willLog(Level.DEBUG);\r
- for(Perm perm : fp.value.getPerm()) {\r
- user.add(newMap,new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction()));\r
- if(willLog) {\r
- aaf.access.log(Level.DEBUG, name,"has '",perm.getType(),'|',perm.getInstance(),'|',perm.getAction(),'\'');\r
- }\r
- }\r
- user.setMap(newMap);\r
- user.renewPerm();\r
- } else {\r
- int code;\r
- switch(code=fp.code()) {\r
- case 401:\r
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");\r
- break;\r
- default:\r
- aaf.access.log(Access.Level.ERROR, code, fp.body());\r
- }\r
- }\r
-\r
- return user;\r
- }\r
- });\r
- } catch (Exception e) {\r
- aaf.access.log(e,"Calling","/authz/perms/user/"+name);\r
- success[0]=false;\r
- return null;\r
- } finally {\r
- float time = (System.nanoTime()-start)/1000000f;\r
- aaf.access.log(Level.INFO, success[0]?"Loaded":"Load Failure",name,"from AAF in",time,"ms");\r
- }\r
- }\r
-\r
- public Resp reload(User<AAFPermission> user) {\r
- final String name = user.principal.getName();\r
- long start = System.nanoTime();\r
- boolean success = false;\r
- try {\r
- Future<Perms> fp = aaf.client(AAFCon.AAF_LATEST_VERSION).read(\r
- "/authz/perms/user/"+name,\r
- aaf.permsDF\r
- );\r
- \r
- // OK, done all we can, now get content\r
- if(fp.get(aaf.timeout)) {\r
- success = true;\r
- Map<String,Permission> newMap = user.newMap(); \r
- boolean willLog = aaf.access.willLog(Level.DEBUG);\r
- for(Perm perm : fp.value.getPerm()) {\r
- user.add(newMap, new AAFPermission(perm.getType(),perm.getInstance(),perm.getAction()));\r
- if(willLog) {\r
- aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());\r
- }\r
- }\r
- user.renewPerm();\r
- return Resp.REVALIDATED;\r
- } else {\r
- int code;\r
- switch(code=fp.code()) {\r
- case 401:\r
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");\r
- break;\r
- default:\r
- aaf.access.log(Access.Level.ERROR, code, fp.body());\r
- }\r
- return Resp.UNVALIDATED;\r
- }\r
- } catch (Exception e) {\r
- aaf.access.log(e,"Calling","/authz/perms/user/"+name);\r
- return Resp.INACCESSIBLE;\r
- } finally {\r
- float time = (System.nanoTime()-start)/1000000f;\r
- aaf.access.log(Level.AUDIT, success?"Reloaded":"Reload Failure",name,"from AAF in",time,"ms");\r
- }\r
- }\r
-\r
- @Override\r
- protected boolean isCorrectPermType(Permission pond) {\r
- return pond instanceof AAFPermission;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Lur#createPerm(java.lang.String)\r
- */\r
- @Override\r
- public Permission createPerm(String p) {\r
- String[] params = Split.split('|', p);\r
- if(params.length==3) {\r
- return new AAFPermission(params[0],params[1],params[2]);\r
- } else {\r
- return new LocalPermission(p);\r
- }\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.GetCred;\r
-import org.onap.aaf.cadi.Hash;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.Taf.LifeForm;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.principal.CachedBasicPrincipal;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp;\r
-\r
-public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {\r
-// private static final String INVALID_AUTH_TOKEN = "Invalid Auth Token";\r
-// private static final String AUTHENTICATING_SERVICE_UNAVAILABLE = "Authenticating Service unavailable";\r
- private AAFCon<CLIENT> aaf;\r
- private boolean warn;\r
-\r
- public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {\r
- super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);\r
- aaf = con;\r
- warn = turnOnWarning;\r
- }\r
-\r
- public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {\r
- super(other);\r
- aaf = con;\r
- warn = turnOnWarning;\r
- }\r
-\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- //TODO Do we allow just anybody to validate?\r
-\r
- // Note: Either Carbon or Silicon based LifeForms ok\r
- String authz = req.getHeader("Authorization");\r
- if(authz != null && authz.startsWith("Basic ")) {\r
- if(warn&&!req.isSecure())aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");\r
- try {\r
- CachedBasicPrincipal bp;\r
- if(req.getUserPrincipal() instanceof CachedBasicPrincipal) {\r
- bp = (CachedBasicPrincipal)req.getUserPrincipal();\r
- } else {\r
- bp = new CachedBasicPrincipal(this,authz,aaf.getRealm(),aaf.userExpires);\r
- }\r
- // First try Cache\r
- User<AAFPermission> usr = getUser(bp);\r
- if(usr != null && usr.principal != null) {\r
- if(usr.principal instanceof GetCred) {\r
- if(Hash.isEqual(bp.getCred(),((GetCred)usr.principal).getCred())) {\r
- return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by cached AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
- }\r
- }\r
- }\r
- \r
- Miss miss = missed(bp.getName());\r
- if(miss!=null && !miss.mayContinue(bp.getCred())) {\r
- return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
- "User/Pass Retry limit exceeded"), \r
- RESP.FAIL,resp,aaf.getRealm(),true);\r
- }\r
- \r
- Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_LATEST_VERSION).forUser(aaf.basicAuthSS(bp));\r
- Future<String> fp = userAAF.read("/authn/basicAuth", "text/plain");\r
- if(fp.get(aaf.timeout)) {\r
- if(usr!=null) {\r
- usr.principal = bp;\r
- } else {\r
- addUser(new User<AAFPermission>(bp,aaf.userExpires));\r
- }\r
- return new BasicHttpTafResp(aaf.access,bp,bp.getName()+" authenticated by AAF password",RESP.IS_AUTHENTICATED,resp,aaf.getRealm(),false);\r
- } else {\r
- // Note: AddMiss checks for miss==null, and is part of logic\r
- boolean rv= addMiss(bp.getName(),bp.getCred());\r
- if(rv) {\r
- return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
- "User/Pass combo invalid via AAF"), \r
- RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),true);\r
- } else {\r
- return new BasicHttpTafResp(aaf.access,null,buildMsg(bp,req,\r
- "User/Pass combo invalid via AAF - Retry limit exceeded"), \r
- RESP.FAIL,resp,aaf.getRealm(),true);\r
- }\r
- }\r
- } catch (IOException e) {\r
- String msg = buildMsg(null,req,"Invalid Auth Token");\r
- aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');\r
- return new BasicHttpTafResp(aaf.access,null,msg, RESP.TRY_AUTHENTICATING, resp, aaf.getRealm(),true);\r
- } catch (Exception e) {\r
- String msg = buildMsg(null,req,"Authenticating Service unavailable");\r
- aaf.access.log(Level.WARN,msg,'(', e.getMessage(), ')');\r
- return new BasicHttpTafResp(aaf.access,null,msg, RESP.FAIL, resp, aaf.getRealm(),false);\r
- }\r
- }\r
- return new BasicHttpTafResp(aaf.access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,aaf.getRealm(),false);\r
- }\r
- \r
- private String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {\r
- StringBuilder sb = new StringBuilder();\r
- for(Object s : msg) {\r
- sb.append(s.toString());\r
- }\r
- if(pr!=null) {\r
- sb.append(" for ");\r
- sb.append(pr.getName());\r
- }\r
- sb.append(" from ");\r
- sb.append(req.getRemoteAddr());\r
- sb.append(':');\r
- sb.append(req.getRemotePort());\r
- return sb.toString();\r
- }\r
-\r
-\r
- \r
- public Resp revalidate(CachedPrincipal prin) {\r
- // !!!! TEST THIS.. Things may not be revalidated, if not BasicPrincipal\r
- if(prin instanceof BasicPrincipal) {\r
- Future<String> fp;\r
- try {\r
- Rcli<CLIENT> userAAF = aaf.client(AAFCon.AAF_LATEST_VERSION).forUser(aaf.transferSS(prin));\r
- fp = userAAF.read("/authn/basicAuth", "text/plain");\r
- return fp.get(aaf.timeout)?Resp.REVALIDATED:Resp.UNVALIDATED;\r
- } catch (Exception e) {\r
- aaf.access.log(e, "Cannot Revalidate",prin.getName());\r
- return Resp.INACCESSIBLE;\r
- }\r
- }\r
- return Resp.NOT_MINE;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import javax.servlet.http.HttpServletRequest ;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.TrustChecker;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.principal.TrustPrincipal;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TrustNotTafResp;\r
-import org.onap.aaf.cadi.taf.TrustTafResp;\r
-\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-public class AAFTrustChecker implements TrustChecker {\r
- private final String tag, id;\r
- private final AAFPermission perm;\r
- private Lur lur;\r
-\r
- /**\r
- * \r
- * Instance will be replaced by Identity\r
- * @param lur \r
- * \r
- * @param tag\r
- * @param perm\r
- */\r
- public AAFTrustChecker(final Env env) {\r
- tag = env.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);\r
- id = env.getProperty(Config.CADI_ALIAS,env.getProperty(Config.AAF_MECHID)); // share between components\r
- String str = env.getProperty(Config.CADI_TRUST_PERM);\r
- AAFPermission temp=null;\r
- if(str!=null) {\r
- String[] sp = Split.splitTrim('|', str);\r
- if(sp.length==3) {\r
- temp = new AAFPermission(sp[0],sp[1],sp[2]);\r
- }\r
- }\r
- perm=temp;\r
- }\r
-\r
- public AAFTrustChecker(final Access access) {\r
- tag = access.getProperty(Config.CADI_USER_CHAIN_TAG, Config.CADI_USER_CHAIN);\r
- id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_MECHID,null)); // share between components\r
- String str = access.getProperty(Config.CADI_TRUST_PERM,null);\r
- AAFPermission temp=null;\r
- if(str!=null) {\r
- String[] sp = Split.splitTrim('|', str);\r
- if(sp.length==3) {\r
- temp = new AAFPermission(sp[0],sp[1],sp[2]);\r
- }\r
- }\r
- perm=temp;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.TrustChecker#setLur(com.att.cadi.Lur)\r
- */\r
- @Override\r
- public void setLur(Lur lur) {\r
- this.lur = lur;\r
- }\r
-\r
- @Override\r
- public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {\r
- String user_info = req.getHeader(tag);\r
- if(user_info !=null ) {\r
- String[] info = Split.split(',', user_info);\r
- if(info.length>0) {\r
- String[] flds = Split.splitTrim(':',info[0]);\r
- if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS"\r
- String pn = tresp.getPrincipal().getName();\r
- if(pn.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept\r
- || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM\r
- return new TrustTafResp(tresp,\r
- new TrustPrincipal(tresp.getPrincipal(), flds[0]),\r
- " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ','\r
- );\r
- } else if(pn.equals(flds[0])) { // Ignore if same identity \r
- return tresp;\r
- } else {\r
- return new TrustNotTafResp(tresp, tresp.getPrincipal().getName() + " requested trust as "\r
- + flds[0] + ", but does not have Authorization");\r
- }\r
- }\r
- }\r
- }\r
- return tresp;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-\r
-import java.net.URISyntaxException;\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CachingLur;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.StrLur;\r
-import org.onap.aaf.cadi.Transmutate;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.AAFTransmutate;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements StrLur, CachingLur<PERM> {\r
- protected static final byte[] BLANK_PASSWORD = new byte[0];\r
- protected static final Transmutate<Principal> transmutate = new AAFTransmutate();\r
- private String[] debug = null;\r
- public AAFCon<?> aaf;\r
- private String[] supports;\r
-\r
- public AbsAAFLur(AAFCon<?> con) throws DME2Exception, URISyntaxException, APIException {\r
- super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);\r
- aaf = con;\r
- setLur(this);\r
- supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");\r
- }\r
-\r
- public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws DME2Exception, URISyntaxException, APIException {\r
- super(auc);\r
- aaf = con;\r
- setLur(this);\r
- supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");\r
- }\r
-\r
- @Override\r
- public void setDebug(String ids) {\r
- this.debug = ids==null?null:Split.split(',', ids);\r
- }\r
- \r
- protected abstract User<PERM> loadUser(Principal bait);\r
- protected abstract User<PERM> loadUser(String name);\r
- public final boolean supports(String userName) {\r
- if(userName!=null) {\r
- for(String s : supports) {\r
- if(userName.endsWith(s))\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
- \r
- protected abstract boolean isCorrectPermType(Permission pond);\r
- \r
- // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"\r
- public boolean fish(Principal bait, Permission pond) {\r
- return fish(bait.getName(), pond);\r
- }\r
-\r
- public void fishAll(Principal bait, List<Permission> perms) {\r
- fishAll(bait.getName(),perms);\r
- }\r
-\r
- // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"\r
- public boolean fish(String bait, Permission pond) {\r
- if(isDebug(bait)) {\r
- boolean rv = false;\r
- StringBuilder sb = new StringBuilder("Log for ");\r
- sb.append(bait);\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null) {\r
- sb.append("\n\tUser is not in Cache");\r
- } else {\r
- if(user.noPerms())sb.append("\n\tUser has no Perms");\r
- if(user.permExpired()) {\r
- sb.append("\n\tUser's perm expired [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- } else {\r
- sb.append("\n\tUser's perm expires [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- }\r
- }\r
- if(user==null || (user.noPerms() && user.permExpired())) {\r
- user = loadUser(bait);\r
- sb.append("\n\tloadUser called");\r
- }\r
- if(user==null) {\r
- sb.append("\n\tUser was not Loaded");\r
- } else if(user.contains(pond)) {\r
- sb.append("\n\tUser contains ");\r
- sb.append(pond.getKey());\r
- rv = true;\r
- } else {\r
- sb.append("\n\tUser does not contain ");\r
- sb.append(pond.getKey());\r
- List<Permission> perms = new ArrayList<Permission>();\r
- user.copyPermsTo(perms);\r
- for(Permission p : perms) {\r
- sb.append("\n\t\t");\r
- sb.append(p.getKey());\r
- }\r
- }\r
- } else {\r
- sb.append("AAF Lur does not support [");\r
- sb.append(bait);\r
- sb.append("]");\r
- }\r
- aaf.access.log(Level.INFO, sb);\r
- return rv;\r
- } else {\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null || (user.noPerms() && user.permExpired())) {\r
- user = loadUser(bait);\r
- }\r
- return user==null?false:user.contains(pond);\r
- }\r
- return false;\r
- }\r
- }\r
-\r
- public void fishAll(String bait, List<Permission> perms) {\r
- if(isDebug(bait)) {\r
- StringBuilder sb = new StringBuilder("Log for ");\r
- sb.append(bait);\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null) {\r
- sb.append("\n\tUser is not in Cache");\r
- } else {\r
- if(user.noPerms())sb.append("\n\tUser has no Perms");\r
- if(user.permExpired()) {\r
- sb.append("\n\tUser's perm expired [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- } else {\r
- sb.append("\n\tUser's perm expires [");\r
- sb.append(new Date(user.permExpires()));\r
- sb.append(']');\r
- }\r
- }\r
- if(user==null || (user.noPerms() && user.permExpired())) {\r
- user = loadUser(bait);\r
- sb.append("\n\tloadUser called");\r
- }\r
- if(user==null) {\r
- sb.append("\n\tUser was not Loaded");\r
- } else {\r
- sb.append("\n\tCopying Perms ");\r
- user.copyPermsTo(perms);\r
- for(Permission p : perms) {\r
- sb.append("\n\t\t");\r
- sb.append(p.getKey());\r
- }\r
- }\r
- } else {\r
- sb.append("AAF Lur does not support [");\r
- sb.append(bait);\r
- sb.append("]");\r
- }\r
- aaf.access.log(Level.INFO, sb);\r
- } else {\r
- if(supports(bait)) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null || (user.noPerms() && user.permExpired())) user = loadUser(bait);\r
- if(user!=null) {\r
- user.copyPermsTo(perms);\r
- }\r
- }\r
- }\r
- }\r
- \r
- @Override\r
- public void remove(String user) {\r
- super.remove(user);\r
- }\r
-\r
- private boolean isDebug(String bait) {\r
- if(debug!=null) {\r
- if(debug.length==1 && "all".equals(debug[0]))return true;\r
- for(String s : debug) {\r
- if(s.equals(bait))return true;\r
- }\r
- }\r
- return false;\r
- }\r
- /**\r
- * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.\r
- * \r
- * @param bait\r
- * @param obj\r
- * @param type\r
- * @param instance\r
- * @param actions\r
- */\r
- public<A> void fishOneOf(String bait, A obj, String type, String instance, List<Action<A>> actions) {\r
- User<PERM> user = getUser(bait);\r
- if(user==null || (user.noPerms() && user.permExpired()))user = loadUser(bait);\r
-// return user==null?false:user.contains(pond);\r
- if(user!=null) {\r
- ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);\r
- for(Action<A> action : actions) {\r
- perm.setAction(action.getName());\r
- if(user.contains(perm)) {\r
- if(action.exec(obj))return;\r
- }\r
- }\r
- }\r
- }\r
- \r
- public static interface Action<A> {\r
- public String getName();\r
- /**\r
- * Return false to continue, True to end now\r
- * @return\r
- */\r
- public boolean exec(A a);\r
- }\r
- \r
- private class ReuseAAFPermission extends AAFPermission {\r
- public ReuseAAFPermission(String type, String instance) {\r
- super(type,instance,null);\r
- }\r
-\r
- public void setAction(String s) {\r
- action = s;\r
- }\r
- \r
- /**\r
- * This function understands that AAF Keys are hierarchical, :A:B:C, \r
- * Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit\r
- * @return\r
- */\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.io.FileOutputStream;\r
-import java.io.FileWriter;\r
-import java.io.IOException;\r
-import java.io.PrintStream;\r
-import java.io.PrintWriter;\r
-import java.security.KeyStore;\r
-import java.util.ArrayList;\r
-import java.util.HashMap;\r
-import java.util.List;\r
-import java.util.Map;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.util.Chmod;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public abstract class ArtifactDir implements PlaceArtifact {\r
-\r
- protected static final String C_R = "\n";\r
- protected File dir;\r
- private List<String> encodeds = new ArrayList<String>();\r
- \r
- private Symm symm;\r
- // This checks for multiple passes of Dir on the same objects. Run clear after done.\r
- protected static Map<String,Object> processed = new HashMap<String,Object>();\r
-\r
-\r
- /**\r
- * Note: Derived Classes should ALWAYS call "super.place(cert,arti)" first, and \r
- * then "placeProperties(arti)" just after they implement\r
- */\r
- @Override\r
- public final boolean place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- validate(arti);\r
- \r
- try {\r
- // Obtain/setup directory as required\r
- dir = new File(arti.getDir());\r
- if(processed.get("dir")==null) {\r
- if(!dir.exists()) {\r
- Chmod.to755.chmod(dir);\r
- if(!dir.mkdirs()) {\r
- throw new CadiException("Could not create " + dir);\r
- }\r
- }\r
- \r
- // Also place cm_url and Host Name\r
- addProperty(Config.CM_URL,trans.getProperty(Config.CM_URL));\r
- addProperty(Config.HOSTNAME,arti.getMachine());\r
- //addProperty(Config.AAF_ENV,certInfo.getEnv());\r
- // Obtain Issuers\r
- boolean first = true;\r
- StringBuilder issuers = new StringBuilder();\r
-// for(String dn : certInfo.getCaIssuerDNs()) {\r
-// if(first) {\r
-// first=false;\r
-// } else {\r
-// issuers.append(':');\r
-// }\r
-// issuers.append(dn);\r
-// }\r
- addProperty(Config.CADI_X509_ISSUERS,issuers.toString());\r
- }\r
- symm = (Symm)processed.get("symm");\r
- if(symm==null) {\r
- // CADI Key Gen\r
- File f = new File(dir,arti.getAppName() + ".keyfile");\r
- if(!f.exists()) {\r
- write(f,Chmod.to400,Symm.baseCrypt().keygen());\r
- }\r
- symm = Symm.obtain(f); \r
-\r
- addEncProperty("ChallengePassword", certInfo.getChallenge());\r
- \r
- processed.put("symm",symm);\r
- }\r
-\r
- _place(trans, certInfo,arti);\r
- \r
- placeProperties(arti);\r
- \r
- processed.put("dir",dir);\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
-\r
- /**\r
- * Derived Classes implement this instead, so Dir can process first, and write any Properties last\r
- * @param cert\r
- * @param arti\r
- * @return\r
- * @throws CadiException\r
- */\r
- protected abstract boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException;\r
-\r
- protected void addProperty(String tag, String value) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append(tag);\r
- sb.append('=');\r
- sb.append(value);\r
- encodeds.add(sb.toString());\r
- }\r
-\r
- protected void addEncProperty(String tag, String value) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append(tag);\r
- sb.append('=');\r
- sb.append("enc:???");\r
- sb.append(symm.enpass(value));\r
- encodeds.add(sb.toString());\r
- }\r
-\r
- protected void write(File f, Chmod c, String ... data) throws IOException {\r
- f.setWritable(true,true);\r
- \r
- FileOutputStream fos = new FileOutputStream(f);\r
- PrintStream ps = new PrintStream(fos);\r
- try {\r
- for(String s : data) {\r
- ps.print(s);\r
- }\r
- } finally {\r
- ps.close();\r
- c.chmod(f);\r
- }\r
- }\r
-\r
- protected void write(File f, Chmod c, byte[] bytes) throws IOException {\r
- f.setWritable(true,true);\r
- \r
- FileOutputStream fos = new FileOutputStream(f);\r
- try {\r
- fos.write(bytes);\r
- } finally {\r
- fos.close();\r
- c.chmod(f);\r
- }\r
- }\r
- \r
- protected void write(File f, Chmod c, KeyStore ks, char[] pass ) throws IOException, CadiException {\r
- f.setWritable(true,true);\r
- \r
- FileOutputStream fos = new FileOutputStream(f);\r
- try {\r
- ks.store(fos, pass);\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- } finally {\r
- fos.close();\r
- c.chmod(f);\r
- }\r
- }\r
-\r
-\r
- private void validate(Artifact a) throws CadiException {\r
- StringBuilder sb = new StringBuilder();\r
- if(a.getDir()==null) {\r
- sb.append("File Artifacts require a path");\r
- }\r
-\r
- if(a.getAppName()==null) {\r
- if(sb.length()>0) {\r
- sb.append('\n');\r
- }\r
- sb.append("File Artifacts require an AAF Namespace");\r
- }\r
- \r
- if(sb.length()>0) {\r
- throw new CadiException(sb.toString());\r
- }\r
- }\r
-\r
- private boolean placeProperties(Artifact arti) throws CadiException {\r
- if(encodeds.size()==0) {\r
- return true;\r
- }\r
- boolean first=processed.get("dir")==null;\r
- try {\r
- File f = new File(dir,arti.getAppName()+".props");\r
- if(f.exists()) {\r
- if(first) {\r
- f.delete();\r
- } else {\r
- f.setWritable(true);\r
- }\r
- }\r
- // Append if not first\r
- PrintWriter pw = new PrintWriter(new FileWriter(f,!first));\r
- \r
- // Write a Header\r
- if(first) {\r
- for(int i=0;i<60;++i) {\r
- pw.print('#');\r
- }\r
- pw.println();\r
- pw.println("# Properties Generated by AT&T Certificate Manager");\r
- pw.print("# by ");\r
- pw.println(System.getProperty("user.name"));\r
- pw.print("# on ");\r
- pw.println(Chrono.dateStamp());\r
- pw.println("# @copyright 2016, AT&T");\r
- for(int i=0;i<60;++i) {\r
- pw.print('#');\r
- }\r
- pw.println();\r
- for(String prop : encodeds) {\r
- if( prop.startsWith("cm_") \r
- || prop.startsWith(Config.HOSTNAME)\r
- || prop.startsWith(Config.AAF_ENV)) {\r
- pw.println(prop);\r
- }\r
- }\r
- }\r
- \r
- try {\r
- for(String prop : encodeds) {\r
- if(prop.startsWith("cadi")) {\r
- pw.println(prop);\r
- }\r
- }\r
- } finally {\r
- pw.close();\r
- }\r
- Chmod.to644.chmod(f);\r
- \r
- if(first) {\r
- // Challenge\r
- f = new File(dir,arti.getAppName()+".chal");\r
- if(f.exists()) {\r
- f.delete();\r
- }\r
- pw = new PrintWriter(new FileWriter(f));\r
- try {\r
- for(String prop : encodeds) {\r
- if(prop.startsWith("Challenge")) {\r
- pw.println(prop);\r
- }\r
- }\r
- } finally {\r
- pw.close();\r
- }\r
- Chmod.to400.chmod(f);\r
- }\r
- } catch(Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
- \r
- public static void clear() {\r
- processed.clear();\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-public class CertException extends Exception {\r
-\r
- /**\r
- * \r
- */\r
- private static final long serialVersionUID = 1373028409048516401L;\r
-\r
- public CertException() {\r
- }\r
-\r
- public CertException(String message) {\r
- super(message);\r
- }\r
-\r
- public CertException(Throwable cause) {\r
- super(cause);\r
- }\r
-\r
- public CertException(String message, Throwable cause) {\r
- super(message, cause);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.net.InetAddress;\r
-import java.net.UnknownHostException;\r
-import java.security.KeyStore;\r
-import java.security.cert.X509Certificate;\r
-import java.util.ArrayDeque;\r
-import java.util.Deque;\r
-import java.util.GregorianCalendar;\r
-import java.util.HashMap;\r
-import java.util.Iterator;\r
-import java.util.Map;\r
-import java.util.Map.Entry;\r
-\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.aaf.client.ErrMessage;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.http.HBasicAuthSS;\r
-import org.onap.aaf.cadi.sso.AAFSSO;\r
-\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.TimeTaken;\r
-import org.onap.aaf.inno.env.Trans;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-import org.onap.aaf.inno.env.util.Split;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import certman.v1_0.Artifacts;\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-import certman.v1_0.CertificateRequest;\r
-\r
-public class CmAgent {\r
- private static final String PRINT = "print";\r
- private static final String FILE = "file";\r
- private static final String PKCS12 = "pkcs12";\r
- private static final String JKS = "jks";\r
- private static final String SCRIPT="script";\r
- \r
- private static final String CM_VER = "1.0";\r
- public static final int PASS_SIZE = 24;\r
- private static int TIMEOUT;\r
- \r
- private static RosettaDF<CertificateRequest> reqDF;\r
- private static RosettaDF<CertInfo> certDF;\r
- private static RosettaDF<Artifacts> artifactsDF;\r
- private static ErrMessage errMsg;\r
- private static Map<String,PlaceArtifact> placeArtifact;\r
- private static RosettaEnv env;\r
-\r
- public static void main(String[] args) {\r
- int exitCode = 0;\r
- try {\r
- AAFSSO aafsso = new AAFSSO(args);\r
- if(aafsso.loginOnly()) {\r
- aafsso.setLogDefault();\r
- aafsso.writeFiles();\r
- System.out.println("AAF SSO information created in ~/.aaf");\r
- } else {\r
- PropAccess access = aafsso.access();\r
- env = new RosettaEnv(access.getProperties());\r
- Deque<String> cmds = new ArrayDeque<String>();\r
- for(String p : args) {\r
- if(p.indexOf('=')<0) {\r
- cmds.add(p);\r
- }\r
- }\r
- \r
- if(cmds.size()==0) {\r
- aafsso.setLogDefault();\r
- System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");\r
- System.out.println(" create <mechID> [<machine>]");\r
- System.out.println(" read <mechID> [<machine>]");\r
- System.out.println(" update <mechID> [<machine>]");\r
- System.out.println(" delete <mechID> [<machine>]");\r
- System.out.println(" copy <mechID> <machine> <newmachine>[,<newmachine>]*");\r
- System.out.println(" place <mechID> [<machine>]");\r
- System.out.println(" showpass <mechID> [<machine>]");\r
- System.out.println(" check <mechID> [<machine>]");\r
- System.exit(1);\r
- }\r
- \r
- TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000"));\r
- \r
- reqDF = env.newDataFactory(CertificateRequest.class);\r
- artifactsDF = env.newDataFactory(Artifacts.class);\r
- certDF = env.newDataFactory(CertInfo.class);\r
- errMsg = new ErrMessage(env);\r
- \r
- placeArtifact = new HashMap<String,PlaceArtifact>();\r
- placeArtifact.put(JKS, new PlaceArtifactInKeystore(JKS));\r
- placeArtifact.put(PKCS12, new PlaceArtifactInKeystore(PKCS12));\r
- placeArtifact.put(FILE, new PlaceArtifactInFiles());\r
- placeArtifact.put(PRINT, new PlaceArtifactOnStream(System.out));\r
- placeArtifact.put(SCRIPT, new PlaceArtifactScripts());\r
- \r
- Trans trans = env.newTrans();\r
- try {\r
- // show Std out again\r
- aafsso.setLogDefault();\r
- aafsso.setStdErrDefault();\r
- \r
- // if CM_URL can be obtained, add to sso.props, if written\r
- String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL+": ");\r
- if(cm_url!=null) {\r
- aafsso.addProp(Config.CM_URL, cm_url);\r
- }\r
- aafsso.writeFiles();\r
-\r
- AAFCon<?> aafcon = new AAFConHttp(access,Config.CM_URL);\r
-\r
- String cmd = cmds.removeFirst();\r
- if("place".equals(cmd)) {\r
- placeCerts(trans,aafcon,cmds);\r
- } else if("create".equals(cmd)) {\r
- createArtifact(trans, aafcon,cmds);\r
- } else if("read".equals(cmd)) {\r
- readArtifact(trans, aafcon, cmds);\r
- } else if("copy".equals(cmd)) {\r
- copyArtifact(trans, aafcon, cmds);\r
- } else if("update".equals(cmd)) {\r
- updateArtifact(trans, aafcon, cmds);\r
- } else if("delete".equals(cmd)) {\r
- deleteArtifact(trans, aafcon, cmds);\r
- } else if("showpass".equals(cmd)) {\r
- showPass(trans,aafcon,cmds);\r
- } else if("check".equals(cmd)) {\r
- try {\r
- exitCode = check(trans,aafcon,cmds);\r
- } catch (Exception e) {\r
- exitCode = 1;\r
- throw e;\r
- }\r
- } else {\r
- AAFSSO.cons.printf("Unknown command \"%s\"\n", cmd);\r
- }\r
- } finally {\r
- StringBuilder sb = new StringBuilder();\r
- trans.auditTrail(4, sb, Trans.REMOTE);\r
- if(sb.length()>0) {\r
- trans.info().log("Trans Info\n",sb);\r
- }\r
- }\r
- aafsso.close();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- if(exitCode!=0) {\r
- System.exit(exitCode);\r
- }\r
- }\r
-\r
- private static String getProperty(PropAccess pa, Env env, boolean secure, String tag, String prompt, Object ... def) {\r
- String value;\r
- if((value=pa.getProperty(tag))==null) {\r
- if(secure) {\r
- value = new String(AAFSSO.cons.readPassword(prompt, def));\r
- } else {\r
- value = AAFSSO.cons.readLine(prompt,def).trim();\r
- }\r
- if(value!=null) {\r
- if(value.length()>0) {\r
- pa.setProperty(tag,value);\r
- env.setProperty(tag,value);\r
- } else if(def.length==1) {\r
- value=def[0].toString();\r
- pa.setProperty(tag,value);\r
- env.setProperty(tag,value);\r
- }\r
- }\r
- }\r
- return value;\r
- }\r
-\r
- private static String mechID(Deque<String> cmds) {\r
- if(cmds.size()<1) {\r
- String alias = env.getProperty(Config.CADI_ALIAS);\r
- return alias!=null?alias:AAFSSO.cons.readLine("MechID: ");\r
- }\r
- return cmds.removeFirst(); \r
- }\r
-\r
- private static String machine(Deque<String> cmds) throws UnknownHostException {\r
- if(cmds.size()>0) {\r
- return cmds.removeFirst();\r
- } else {\r
- String mach = env.getProperty(Config.HOSTNAME);\r
- return mach!=null?mach:InetAddress.getLocalHost().getHostName();\r
- }\r
- }\r
-\r
- private static String[] machines(Deque<String> cmds) {\r
- String machines;\r
- if(cmds.size()>0) {\r
- machines = cmds.removeFirst();\r
- } else {\r
- machines = AAFSSO.cons.readLine("Machines (sep by ','): ");\r
- }\r
- return Split.split(',', machines);\r
- }\r
-\r
- private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- Artifacts artifacts = new Artifacts();\r
- Artifact arti = new Artifact();\r
- artifacts.getArtifact().add(arti);\r
- arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: "));\r
- arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));\r
- arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf"));\r
- \r
- String resp = AAFSSO.cons.readLine("Types [file,jks,script] (%s): ", "jks");\r
- for(String s : Split.splitTrim(',', resp)) {\r
- arti.getType().add(s);\r
- }\r
- // Always do Script\r
- if(!resp.contains(SCRIPT)) {\r
- arti.getType().add(SCRIPT);\r
- }\r
-\r
- // Note: Sponsor is set on Creation by CM\r
- String configRootName = AAFCon.reverseDomain(arti.getMechid());\r
- arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",configRootName));\r
- arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", System.getProperty("user.dir")));\r
- arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", System.getProperty("user.name")));\r
- arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renewal Days (%s):", "30")));\r
- arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (mailto owner):", "")));\r
- \r
- TimeTaken tt = trans.start("Create Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts);\r
- if(future.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine());\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- private static String toNotification(String notification) {\r
- if(notification==null) {\r
- notification="";\r
- } else if(notification.length()>0) {\r
- if(notification.indexOf(':')<0) {\r
- notification = "mailto:" + notification;\r
- }\r
- }\r
- return notification;\r
- }\r
- \r
-\r
- private static void readArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Read Artifact", Env.SUB);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(future.get(TIMEOUT)) {\r
- boolean printed = false;\r
- for(Artifact a : future.value.getArtifact()) {\r
- AAFSSO.cons.printf("MechID: %s\n",a.getMechid()); \r
- AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor()); \r
- AAFSSO.cons.printf("Machine: %s\n",a.getMachine()); \r
- AAFSSO.cons.printf("CA: %s\n",a.getCa()); \r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(String t : a.getType()) {\r
- if(first) {first=false;}\r
- else{sb.append(',');}\r
- sb.append(t);\r
- }\r
- AAFSSO.cons.printf("Types: %s\n",sb);\r
- AAFSSO.cons.printf("Namespace: %s\n",a.getAppName()); \r
- AAFSSO.cons.printf("Directory: %s\n",a.getDir());\r
- AAFSSO.cons.printf("O/S User: %s\n",a.getOsUser());\r
- AAFSSO.cons.printf("Renew Days: %d\n",a.getRenewDays());\r
- AAFSSO.cons.printf("Notification %s\n",a.getNotification());\r
- printed = true;\r
- }\r
- if(!printed) {\r
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- private static void copyArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- String[] newmachs = machines(cmds);\r
- if(newmachs==null || newmachs == null) {\r
- trans.error().log("No machines listed to copy to");\r
- } else {\r
- TimeTaken tt = trans.start("Copy Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(future.get(TIMEOUT)) {\r
- boolean printed = false;\r
- for(Artifact a : future.value.getArtifact()) {\r
- for(String m : newmachs) {\r
- a.setMachine(m);\r
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, future.value);\r
- if(fup.get(TIMEOUT)) {\r
- trans.info().printf("Copy of %s %s successful to %s",mechID,machine,m);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(fup));\r
- }\r
- \r
- printed = true;\r
- }\r
- }\r
- if(!printed) {\r
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- }\r
-\r
- private static void updateArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Update Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> fread = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(fread.get(TIMEOUT)) {\r
- Artifacts artifacts = new Artifacts();\r
- for(Artifact a : fread.value.getArtifact()) {\r
- Artifact arti = new Artifact();\r
- artifacts.getArtifact().add(arti);\r
- \r
- AAFSSO.cons.printf("For %s on %s\n", a.getMechid(),a.getMachine());\r
- arti.setMechid(a.getMechid());\r
- arti.setMachine(a.getMachine());\r
- arti.setCa(AAFSSO.cons.readLine("CA: (%s): ",a.getCa()));\r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(String t : a.getType()) {\r
- if(first) {first=false;}\r
- else{sb.append(',');}\r
- sb.append(t);\r
- }\r
- \r
- String resp = AAFSSO.cons.readLine("Types [file,jks,pkcs12] (%s): ", sb);\r
- for(String s : Split.splitTrim(',', resp)) {\r
- arti.getType().add(s);\r
- }\r
- // Always do Script\r
- if(!resp.contains(SCRIPT)) {\r
- arti.getType().add(SCRIPT);\r
- }\r
-\r
- // Note: Sponsor is set on Creation by CM\r
- arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",a.getAppName()));\r
- arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", a.getDir()));\r
- arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", a.getOsUser()));\r
- arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renew Days (%s):", a.getRenewDays())));\r
- arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (%s):", a.getNotification())));\r
- \r
- }\r
- if(artifacts.getArtifact().size()==0) {\r
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- } else {\r
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, artifacts);\r
- if(fup.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",mechID,machine);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(fup));\r
- }\r
- }\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",\r
- errMsg.toMsg(fread),mechID,machine);\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- private static void deleteArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechid = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE);\r
- try {\r
- Future<Void> future = aafcon.client(CM_VER)\r
- .delete("/cert/artifacts/"+mechid+"/"+machine,"application/json" );\r
- \r
- if(future.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",mechid,machine);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",\r
- errMsg.toMsg(future),mechid,machine);\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- \r
-\r
- private static boolean placeCerts(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- boolean rv = false;\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Place Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- AAFSSO.cons.printf("===> There are no artifacts for %s %s", mechID, machine);\r
- } else {\r
- for(Artifact a : acf.value.getArtifact()) {\r
- String osID = System.getProperty("user.name");\r
- if(a.getOsUser().equals(osID)) {\r
- CertificateRequest cr = new CertificateRequest();\r
- cr.setMechid(a.getMechid());\r
- cr.setSponsor(a.getSponsor());\r
- cr.getFqdns().add(a.getMachine());\r
- Future<String> f = aafcon.client(CM_VER)\r
- .setQueryParams("withTrust")\r
- .updateRespondString("/cert/" + a.getCa(),reqDF, cr);\r
- if(f.get(TIMEOUT)) {\r
- CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject();\r
- for(String type : a.getType()) {\r
- PlaceArtifact pa = placeArtifact.get(type);\r
- if(pa!=null) {\r
- if(rv = pa.place(trans, capi, a)) {\r
- notifyPlaced(a,rv);\r
- }\r
- }\r
- }\r
- // Cover for the above multiple pass possibilities with some static Data, then clear per Artifact\r
- } else {\r
- trans.error().log(errMsg.toMsg(f));\r
- }\r
- } else {\r
- trans.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- return rv;\r
- }\r
- \r
- private static void notifyPlaced(Artifact a, boolean rv) {\r
- \r
- \r
- }\r
-\r
- private static void showPass(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Show Password", Env.REMOTE);\r
- try {\r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);\r
- } else {\r
- String id = aafcon.defID();\r
- boolean allowed;\r
- for(Artifact a : acf.value.getArtifact()) {\r
- allowed = id!=null && (id.equals(a.getSponsor()) ||\r
- (id.equals(a.getMechid()) \r
- && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));\r
- if(!allowed) {\r
- Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" + \r
- a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*");\r
- if(pf.get(TIMEOUT)) {\r
- allowed = true;\r
- } else {\r
- trans.error().log(errMsg.toMsg(pf));\r
- }\r
- }\r
- if(allowed) {\r
- File dir = new File(a.getDir());\r
- Properties props = new Properties();\r
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));\r
- try {\r
- props.load(fis);\r
- fis.close();\r
- fis = new FileInputStream(new File(dir,a.getAppName()+".chal"));\r
- props.load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- File f = new File(dir,a.getAppName()+".keyfile");\r
- if(f.exists()) {\r
- Symm symm = Symm.obtain(f);\r
- \r
- for(Iterator<Entry<Object,Object>> iter = props.entrySet().iterator(); iter.hasNext();) {\r
- Entry<Object,Object> en = iter.next();\r
- if(en.getValue().toString().startsWith("enc:???")) {\r
- System.out.printf("%s=%s\n", en.getKey(), symm.depass(en.getValue().toString()));\r
- }\r
- }\r
- } else {\r
- trans.error().printf("%s.keyfile must exist to read passwords for %s on %s",\r
- f.getAbsolutePath(),a.getMechid(), a.getMachine());\r
- }\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
-\r
- }\r
- \r
-\r
- /**\r
- * Check returns Error Codes, so that Scripts can know what to do\r
- * \r
- * 0 - Check Complete, nothing to do\r
- * 1 - General Error\r
- * 2 - Error for specific Artifact - read check.msg\r
- * 10 - Certificate Updated - check.msg is email content\r
- * \r
- * @param trans\r
- * @param aafcon\r
- * @param cmds\r
- * @return\r
- * @throws Exception\r
- */\r
- private static int check(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- int exitCode=1;\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Check Certificate", Env.REMOTE);\r
- try {\r
- \r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);\r
- } else {\r
- String id = aafcon.defID();\r
- GregorianCalendar now = new GregorianCalendar();\r
- for(Artifact a : acf.value.getArtifact()) {\r
- if(id.equals(a.getMechid())) {\r
- File dir = new File(a.getDir());\r
- Properties props = new Properties();\r
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));\r
- try {\r
- props.load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- String prop; \r
- File f;\r
- \r
- if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||\r
- !(f=new File(prop)).exists()) {\r
- trans.error().printf("Keyfile must exist to check Certificates for %s on %s",\r
- a.getMechid(), a.getMachine());\r
- } else {\r
- String ksf = props.getProperty(Config.CADI_KEYSTORE);\r
- String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);\r
- if(ksf==null || ksps == null) {\r
- trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",\r
- Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());\r
- } else {\r
- KeyStore ks = KeyStore.getInstance("JKS");\r
- Symm symm = Symm.obtain(f);\r
- \r
- fis = new FileInputStream(ksf);\r
- try {\r
- ks.load(fis,symm.depass(ksps).toCharArray());\r
- } finally {\r
- fis.close();\r
- }\r
- X509Certificate cert = (X509Certificate)ks.getCertificate(mechID);\r
- String msg = null;\r
-\r
- if(cert==null) {\r
- msg = String.format("X509Certificate does not exist for %s on %s in %s",\r
- a.getMechid(), a.getMachine(), ksf);\r
- trans.error().log(msg);\r
- exitCode = 2;\r
- } else {\r
- GregorianCalendar renew = new GregorianCalendar();\r
- renew.setTime(cert.getNotAfter());\r
- renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays());\r
- if(renew.after(now)) {\r
- msg = String.format("X509Certificate for %s on %s has been checked on %s. It expires on %s; it will not be renewed until %s.\n", \r
- a.getMechid(), a.getMachine(),Chrono.dateOnlyStamp(now),cert.getNotAfter(),Chrono.dateOnlyStamp(renew));\r
- trans.info().log(msg);\r
- exitCode = 0; // OK\r
- } else {\r
- trans.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n", \r
- a.getMechid(), a.getMachine(),cert.getNotAfter());\r
- cmds.offerLast(mechID);\r
- cmds.offerLast(machine);\r
- if(placeCerts(trans,aafcon,cmds)) {\r
- msg = String.format("X509Certificate for %s on %s has been renewed. Ensure services using are refreshed.\n", \r
- a.getMechid(), a.getMachine());\r
- exitCode = 10; // Refreshed\r
- } else {\r
- msg = String.format("X509Certificate for %s on %s attempted renewal, but failed. Immediate Investigation is required!\n", \r
- a.getMechid(), a.getMachine());\r
- exitCode = 1; // Error Renewing\r
- }\r
- }\r
- }\r
- if(msg!=null) {\r
- FileOutputStream fos = new FileOutputStream(a.getDir()+'/'+a.getAppName()+".msg");\r
- try {\r
- fos.write(msg.getBytes());\r
- } finally {\r
- fos.close();\r
- }\r
- }\r
- }\r
- \r
- }\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- exitCode=1;\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- return exitCode;\r
- }\r
-\r
-}\r
- \r
- \r
-\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.DataInputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileNotFoundException;\r
-import java.io.FileReader;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.InputStreamReader;\r
-import java.io.Reader;\r
-import java.io.StringReader;\r
-import java.security.InvalidKeyException;\r
-import java.security.Key;\r
-import java.security.KeyFactory;\r
-import java.security.KeyPair;\r
-import java.security.KeyPairGenerator;\r
-import java.security.NoSuchAlgorithmException;\r
-import java.security.PrivateKey;\r
-import java.security.PublicKey;\r
-import java.security.SecureRandom;\r
-import java.security.Signature;\r
-import java.security.SignatureException;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.CertificateEncodingException;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.CertificateFactory;\r
-import java.security.cert.X509Certificate;\r
-import java.security.spec.InvalidKeySpecException;\r
-import java.security.spec.PKCS8EncodedKeySpec;\r
-import java.security.spec.X509EncodedKeySpec;\r
-import java.util.Collection;\r
-import java.util.List;\r
-\r
-import javax.crypto.Cipher;\r
-import javax.crypto.NoSuchPaddingException;\r
-\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.TimeTaken;\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-public class Factory {\r
- private static final String PRIVATE_KEY_HEADER = "PRIVATE KEY";\r
- public static final String KEY_ALGO = "RSA";\r
- public static final String SIG_ALGO = "SHA256withRSA";\r
-\r
- public static final int KEY_LENGTH = 2048;\r
- private static final KeyPairGenerator keygen;\r
- private static final KeyFactory keyFactory;\r
- private static final CertificateFactory certificateFactory;\r
- private static final SecureRandom random;\r
- \r
- \r
- private static final Symm base64 = Symm.base64.copy(64);\r
-\r
- static {\r
- random = new SecureRandom();\r
- KeyPairGenerator tempKeygen;\r
- try {\r
- tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC");\r
- tempKeygen.initialize(KEY_LENGTH, random);\r
- } catch (NoSuchAlgorithmException e) {\r
- tempKeygen = null;\r
- e.printStackTrace(System.err);\r
- }\r
- keygen = tempKeygen;\r
-\r
- KeyFactory tempKeyFactory;\r
- try {\r
- tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC"\r
- } catch (NoSuchAlgorithmException e) {\r
- tempKeyFactory = null;\r
- e.printStackTrace(System.err);\r
- };\r
- keyFactory = tempKeyFactory;\r
- \r
- CertificateFactory tempCertificateFactory;\r
- try {\r
- tempCertificateFactory = CertificateFactory.getInstance("X.509");\r
- } catch (CertificateException e) {\r
- tempCertificateFactory = null;\r
- e.printStackTrace(System.err);\r
- }\r
- certificateFactory = tempCertificateFactory;\r
-\r
- \r
- }\r
-\r
-\r
- public static KeyPair generateKeyPair(Trans trans) {\r
- TimeTaken tt;\r
- if(trans!=null) {\r
- tt = trans.start("Generate KeyPair", Env.SUB);\r
- } else {\r
- tt = null;\r
- }\r
- try {\r
- return keygen.generateKeyPair();\r
- } finally {\r
- if(tt!=null) {\r
- tt.done();\r
- }\r
- }\r
- } \r
-\r
- private static final String LINE_END = "-----\n";\r
-\r
- protected static String textBuilder(String kind, byte[] bytes) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append("-----BEGIN ");\r
- sb.append(kind);\r
- sb.append(LINE_END);\r
-\r
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- base64.encode(bais, baos);\r
- sb.append(new String(baos.toByteArray()));\r
- \r
- if(sb.charAt(sb.length()-1)!='\n') {\r
- sb.append('\n');\r
- }\r
- sb.append("-----END ");\r
- sb.append(kind);\r
- sb.append(LINE_END);\r
- return sb.toString();\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException {\r
- byte[] bytes = decode(new StringReader(pk));\r
- return toPrivateKey(trans, bytes);\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException {\r
- TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB);\r
- try {\r
- return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));\r
- } catch (InvalidKeySpecException e) {\r
- throw new CertException("Translating Private Key from PKCS8 KeySpec",e);\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException {\r
- TimeTaken tt = trans.start("Decode Private Key File", Env.SUB);\r
- try {\r
- return toPrivateKey(trans,decode(file));\r
- }finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- public static String toString(Trans trans, PrivateKey pk) throws IOException {\r
-// PKCS8EncodedKeySpec pemContents = new PKCS8EncodedKeySpec(pk.getEncoded());\r
- trans.debug().log("Private Key to String");\r
- return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded());\r
- }\r
-\r
- public static PublicKey toPublicKey(Trans trans, String pk) throws IOException {\r
- TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB);\r
- try {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes());\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64noSplit.decode(bais, baos);\r
-\r
- return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray()));\r
- } catch (InvalidKeySpecException e) {\r
- trans.error().log(e,"Translating Public Key from X509 KeySpec");\r
- return null;\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- public static String toString(Trans trans, PublicKey pk) throws IOException {\r
- trans.debug().log("Public Key to String");\r
- return textBuilder("PUBLIC KEY",pk.getEncoded());\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(String x509) throws CertificateException {\r
- return toX509Certificate(x509.getBytes());\r
- }\r
- \r
- public static Collection<? extends Certificate> toX509Certificate(List<String> x509s) throws CertificateException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- try {\r
- for(String x509 : x509s) {\r
- baos.write(x509.getBytes());\r
- }\r
- } catch (IOException e) {\r
- throw new CertificateException(e);\r
- }\r
- return toX509Certificate(new ByteArrayInputStream(baos.toByteArray()));\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(byte[] x509) throws CertificateException {\r
- return certificateFactory.generateCertificates(new ByteArrayInputStream(x509));\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- return toX509Certificate(fis);\r
- } finally {\r
- try {\r
- fis.close();\r
- } catch (IOException e) {\r
- throw new CertificateException(e);\r
- }\r
- }\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(InputStream is) throws CertificateException {\r
- return certificateFactory.generateCertificates(is);\r
- }\r
-\r
- public static String toString(Trans trans, Certificate cert) throws IOException, CertException {\r
- if(trans.debug().isLoggable()) {\r
- StringBuilder sb = new StringBuilder("Certificate to String");\r
- if(cert instanceof X509Certificate) {\r
- sb.append(" - ");\r
- sb.append(((X509Certificate)cert).getSubjectDN());\r
- }\r
- trans.debug().log(sb);\r
- }\r
- try {\r
- if(cert==null) {\r
- throw new CertException("Certificate not built");\r
- }\r
- return textBuilder("CERTIFICATE",cert.getEncoded());\r
- } catch (CertificateEncodingException e) {\r
- throw new CertException(e);\r
- }\r
- }\r
-\r
- public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {\r
- return Cipher.getInstance(KEY_ALGO); \r
- }\r
-\r
- public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {\r
- Cipher cipher = Cipher.getInstance(KEY_ALGO);\r
- cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key);\r
- return cipher;\r
- }\r
-\r
- public static byte[] strip(Reader rdr) throws IOException {\r
- BufferedReader br = new BufferedReader(rdr);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- String line;\r
- while((line=br.readLine())!=null) {\r
- if(line.length()>0 &&\r
- !line.startsWith("-----") &&\r
- line.indexOf(':')<0) { // Header elements\r
- baos.write(line.getBytes());\r
- }\r
- }\r
- return baos.toByteArray();\r
- }\r
- \r
- public static class StripperInputStream extends InputStream {\r
- private Reader created;\r
- private BufferedReader br;\r
- private int idx;\r
- private String line;\r
-\r
- public StripperInputStream(Reader rdr) {\r
- if(rdr instanceof BufferedReader) {\r
- br = (BufferedReader)rdr;\r
- } else {\r
- br = new BufferedReader(rdr);\r
- }\r
- created = null;\r
- }\r
- \r
- public StripperInputStream(File file) throws FileNotFoundException {\r
- this(new FileReader(file));\r
- created = br;\r
- }\r
-\r
- public StripperInputStream(InputStream is) throws FileNotFoundException {\r
- this(new InputStreamReader(is));\r
- created = br;\r
- }\r
-\r
- @Override\r
- public int read() throws IOException {\r
- if(line==null || idx>=line.length()) {\r
- while((line=br.readLine())!=null) {\r
- if(line.length()>0 &&\r
- !line.startsWith("-----") &&\r
- line.indexOf(':')<0) { // Header elements\r
- break;\r
- }\r
- }\r
-\r
- if(line==null) {\r
- return -1;\r
- }\r
- idx = 0;\r
- }\r
- return line.charAt(idx++);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see java.io.InputStream#close()\r
- */\r
- @Override\r
- public void close() throws IOException {\r
- if(created!=null) {\r
- created.close();\r
- }\r
- }\r
- }\r
-\r
- public static class Base64InputStream extends InputStream {\r
- private InputStream created;\r
- private InputStream is;\r
- private byte trio[];\r
- private byte duo[];\r
- private int idx;\r
-\r
- \r
- public Base64InputStream(File file) throws FileNotFoundException {\r
- this(new FileInputStream(file));\r
- created = is;\r
- }\r
-\r
- public Base64InputStream(InputStream is) throws FileNotFoundException {\r
- this.is = is;\r
- trio = new byte[3];\r
- idx = 4;\r
- }\r
-\r
- @Override\r
- public int read() throws IOException {\r
- if(duo==null || idx>=duo.length) {\r
- int read = is.read(trio);\r
- if(read==-1) {\r
- return -1;\r
- }\r
- duo = Symm.base64.decode(trio);\r
- if(duo==null || duo.length==0) {\r
- return -1;\r
- }\r
- idx=0;\r
- }\r
- \r
- return duo[idx++];\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see java.io.InputStream#close()\r
- */\r
- @Override\r
- public void close() throws IOException {\r
- if(created!=null) {\r
- created.close();\r
- }\r
- }\r
- }\r
-\r
- public static byte[] decode(byte[] bytes) throws IOException {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.decode(bais, baos);\r
- return baos.toByteArray();\r
- }\r
- \r
- public static byte[] decode(File f) throws IOException {\r
- FileReader fr = new FileReader(f);\r
- try {\r
- return Factory.decode(fr);\r
- } finally {\r
- fr.close();\r
- }\r
-\r
- }\r
- public static byte[] decode(Reader rdr) throws IOException {\r
- return decode(strip(rdr));\r
- }\r
-\r
-\r
- public static byte[] binary(File file) throws IOException {\r
- DataInputStream dis = new DataInputStream(new FileInputStream(file));\r
- try {\r
- byte[] bytes = new byte[(int)file.length()];\r
- dis.readFully(bytes);\r
- return bytes;\r
- } finally {\r
- dis.close();\r
- }\r
- }\r
-\r
-\r
- public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {\r
- TimeTaken tt = trans.start("Sign Data", Env.SUB);\r
- try {\r
- Signature sig = Signature.getInstance(SIG_ALGO);\r
- sig.initSign(pk, random);\r
- sig.update(bytes);\r
- return sig.sign();\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- public static String toSignatureString(byte[] signed) throws IOException {\r
- return textBuilder("SIGNATURE", signed);\r
- }\r
-\r
- public static boolean verify(Trans trans, byte[] bytes, byte[] signature, PublicKey pk) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {\r
- TimeTaken tt = trans.start("Verify Data", Env.SUB);\r
- try {\r
- Signature sig = Signature.getInstance(SIG_ALGO);\r
- sig.initVerify(pk);\r
- sig.update(bytes);\r
- return sig.verify(signature);\r
- } finally {\r
- tt.done();\r
- } \r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-public interface PlaceArtifact {\r
- public boolean place(Trans trans, CertInfo cert, Artifact arti) throws CadiException;\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.util.Chmod;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-public class PlaceArtifactInFiles extends ArtifactDir {\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- try {\r
- // Setup Public Cert\r
- File f = new File(dir,arti.getAppName()+".crt");\r
- write(f,Chmod.to644,certInfo.getCerts().get(0),C_R);\r
- \r
- // Setup Private Key\r
- f = new File(dir,arti.getAppName()+".key");\r
- write(f,Chmod.to400,certInfo.getPrivatekey(),C_R);\r
- \r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
-}\r
-\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.security.KeyStore;\r
-import java.security.PrivateKey;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.X509Certificate;\r
-import java.util.Collection;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.util.Chmod;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public class PlaceArtifactInKeystore extends ArtifactDir {\r
- private String kst;\r
- //TODO get ROOT DNs or Trusted DNs from Certificate Manager.\r
-// private static String[] rootDNs = new String[]{ \r
-// "CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", // Lab. delete eventually\r
-// "CN=ATT AAF CADI TEST CA, OU=CSO, O=ATT, C=US",\r
-// "CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US"\r
-// };\r
-\r
- public PlaceArtifactInKeystore(String kst) {\r
- this.kst = kst;\r
- }\r
-\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- File fks = new File(dir,arti.getAppName()+'.'+kst);\r
- try {\r
- KeyStore jks = KeyStore.getInstance(kst);\r
- if(fks.exists()) {\r
- fks.delete();\r
- } \r
-\r
- // Get the Cert(s)... Might include Trust store\r
- Collection<? extends Certificate> certColl = Factory.toX509Certificate(certInfo.getCerts());\r
- X509Certificate[] certs = new X509Certificate[certColl.size()];\r
- certColl.toArray(certs);\r
- \r
-\r
- // Add CADI Keyfile Entry to Properties\r
- addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile");\r
- // Set Keystore Password\r
- addProperty(Config.CADI_KEYSTORE,fks.getAbsolutePath());\r
- String keystorePass = Symm.randomGen(CmAgent.PASS_SIZE);\r
- addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass);\r
- char[] keystorePassArray = keystorePass.toCharArray();\r
- jks.load(null,keystorePassArray); // load in\r
- \r
- // Add Private Key/Cert Entry for App\r
- // Note: Java SSL security classes, while having a separate key from keystore,\r
- // is documented to not actually work. \r
- // java.security.UnrecoverableKeyException: Cannot recover key\r
- // You can create a custom Key Manager to make it work, but Practicality \r
- // dictates that you live with the default, meaning, they are the same\r
- String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);\r
- PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());\r
- addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);\r
- addProperty(Config.CADI_ALIAS, arti.getMechid());\r
-// Set<Attribute> attribs = new HashSet<Attribute>();\r
-// if(kst.equals("pkcs12")) {\r
-// // Friendly Name\r
-// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getAppName()));\r
-// } \r
-// \r
- KeyStore.ProtectionParameter protParam = \r
- new KeyStore.PasswordProtection(keyPass.toCharArray());\r
- \r
- KeyStore.PrivateKeyEntry pkEntry = \r
- new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});\r
- jks.setEntry(arti.getMechid(), \r
- pkEntry, protParam);\r
- \r
- // Write out\r
- write(fks,Chmod.to400,jks,keystorePassArray);\r
- \r
- // Change out to TrustStore\r
- fks = new File(dir,arti.getAppName()+".trust."+kst);\r
- jks = KeyStore.getInstance(kst);\r
- \r
- // Set Truststore Password\r
- addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());\r
- String trustStorePass = Symm.randomGen(CmAgent.PASS_SIZE);\r
- addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);\r
- char[] truststorePassArray = trustStorePass.toCharArray();\r
- jks.load(null,truststorePassArray); // load in\r
- \r
- // Add Trusted Certificates\r
- for(int i=1; i<certs.length;++i) {\r
- jks.setCertificateEntry("cadi_root_" + arti.getCa() + '_' + i, certs[i]);\r
- }\r
- // Write out\r
- write(fks,Chmod.to644,jks,truststorePassArray);\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return false;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.PrintStream;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-public class PlaceArtifactOnStream implements PlaceArtifact {\r
- private PrintStream out;\r
-\r
- public PlaceArtifactOnStream(PrintStream printStream) {\r
- out = printStream;\r
- }\r
-\r
- @Override\r
- public boolean place(Trans trans, CertInfo capi, Artifact a) {\r
- if(capi.getNotes()!=null && capi.getNotes().length()>0) {\r
- trans.info().printf("Warning: %s\n",capi.getNotes());\r
- }\r
- out.printf("Challenge: %s\n",capi.getChallenge());\r
- out.printf("PrivateKey:\n%s\n",capi.getPrivatekey());\r
- out.println("Certificate Chain:");\r
- for(String c : capi.getCerts()) {\r
- out.println(c);\r
- }\r
- return true;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.util.Chmod;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public class PlaceArtifactScripts extends ArtifactDir {\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- try {\r
- // Setup check.sh script\r
- String filename = arti.getAppName()+".check.sh";\r
- File f1 = new File(dir,filename);\r
- String email = arti.getNotification() + '\n';\r
- if(email.startsWith("mailto:")) {\r
- email=email.substring(7);\r
- } else {\r
- email=arti.getOsUser() + '\n';\r
- }\r
- \r
- StringBuilder classpath = new StringBuilder();\r
- boolean first = true;\r
- for(String pth : Split.split(File.pathSeparatorChar, System.getProperty("java.class.path"))) {\r
- if(first) {\r
- first=false;\r
- } else {\r
- classpath.append(File.pathSeparatorChar);\r
- }\r
- File f = new File(pth);\r
- classpath.append(f.getCanonicalPath().replaceAll("[0-9]+\\.[0-9]+\\.[0-9]+","*"));\r
- }\r
- \r
- write(f1,Chmod.to644,\r
- "#!/bin/bash " + f1.getCanonicalPath()+'\n',\r
- "# Certificate Manager Check Script\n",\r
- "# Check on Certificate, and renew if needed.\n",\r
- "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',\r
- "DIR="+arti.getDir()+'\n',\r
- "APP="+arti.getAppName()+'\n',\r
- "EMAIL="+email,\r
- "CP=\""+classpath.toString()+"\"\n",\r
- checkScript\r
- );\r
- \r
- // Setup check.sh script\r
- File f2 = new File(dir,arti.getAppName()+".crontab.sh");\r
- write(f2,Chmod.to644,\r
- "#!/bin/bash " + f1.getCanonicalPath()+'\n',\r
- "# Certificate Manager Crontab Loading Script\n",\r
- "# Add/Update a Crontab entry, that adds a check on Certificate Manager generated Certificate nightly.\n",\r
- "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n',\r
- "TFILE=\"/tmp/cmcron$$.temp\"\n",\r
- "DIR=\""+arti.getDir()+"\"\n",\r
- "CF=\""+arti.getAppName()+" Certificate Check Script\"\n",\r
- "SCRIPT=\""+f1.getCanonicalPath()+"\"\n",\r
- cronScript\r
- );\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return true;\r
- }\r
- \r
- private final static String checkScript = \r
- "> $DIR/$APP.msg\n\n" +\r
- "function mailit {\n" +\r
- " printf \"$*\" | /bin/mail -s \"AAF Certman Notification for `uname -n`\" $EMAIL\n"+\r
- "}\n\n" +\r
- System.getProperty("java.home") + "/bin/" +"java -cp $CP " +\r
- CmAgent.class.getName() + \r
- " cadi_prop_files=$DIR/$APP.props check 2> $DIR/$APP.STDERR > $DIR/$APP.STDOUT\n" +\r
- "case \"$?\" in\n" +\r
- " 0)\n" +\r
- " # Note: Validation will be mailed only the first day after any modification\n" +\r
- " if [ \"`find $DIR -mtime 0 -name $APP.check.sh`\" != \"\" ] ; then\n" +\r
- " mailit `echo \"Certficate Validated:\\n\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " else\n" +\r
- " cat $DIR/$APP.msg\n" +\r
- " fi\n" +\r
- " ;;\n" +\r
- " 1) mailit \"Error with Certificate Check:\\\\n\\\\nCheck logs $DIR/$APP.STDOUT and $DIR/$APP.STDERR on `uname -n`\"\n" +\r
- " ;;\n" +\r
- " 2) mailit `echo \"Certificate Check Error\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " ;;\n" +\r
- " 10) mailit `echo \"Certificate Replaced\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " if [ -e $DIR/$APP.restart.sh ]; then\n" +\r
- " # Note: it is THIS SCRIPT'S RESPONSIBILITY to notify upon success or failure as necessary!!\n" +\r
- " /bin/sh $DIR/$APP.restart.sh\n" +\r
- " fi\n" +\r
- " ;;\n" +\r
- " *) mailit `echo \"Unknown Error code for CM Agent\\\\n\\\\n\" | cat - $DIR/$APP.msg`\n" +\r
- " ;;\n" +\r
- " esac\n\n" +\r
- " # Note: make sure to cover this sripts' exit Code\n";\r
- \r
- private final static String cronScript = \r
- "crontab -l | sed -n \"/#### BEGIN $CF/,/END $CF ####/!p\" > $TFILE\n" +\r
- "# Note: Randomize Minutes (0-60) and hours (1-4)\n" +\r
- "echo \"#### BEGIN $CF ####\" >> $TFILE\n" +\r
- "echo \"$(( $RANDOM % 60)) $(( $(( $RANDOM % 3 )) + 1 )) * * * /bin/bash $SCRIPT " +\r
- ">> $DIR/cronlog 2>&1 \" >> $TFILE\n" +\r
- "echo \"#### END $CF ####\" >> $TFILE\n" +\r
- "crontab $TFILE\n" +\r
- "rm $TFILE\n";\r
-}\r
-\r
-\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.sso;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.IOException;\r
-import java.io.PrintStream;\r
-import java.lang.reflect.InvocationTargetException;\r
-import java.lang.reflect.Method;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.util.MyConsole;\r
-import org.onap.aaf.cadi.util.SubStandardConsole;\r
-import org.onap.aaf.cadi.util.TheConsole;\r
-\r
-\r
-public class AAFSSO {\r
- public static final MyConsole cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole();\r
- \r
- private Properties diskprops = null; // use for temp storing User/Password on disk\r
- private File dot_aaf = null, sso=null; // instantiated, if ever, with diskprops\r
- \r
- boolean removeSSO=false;\r
- boolean loginOnly = false;\r
- private PropAccess access;\r
- private StringBuilder err;\r
- private String user,encrypted_pass;\r
- private boolean use_X509;\r
-\r
- private PrintStream os, stdout=null,stderr=null;\r
-\r
- private Method close;\r
-\r
- public AAFSSO(String[] args) throws IOException, CadiException {\r
- List<String> larg = new ArrayList<String>(args.length);\r
-\r
- // Cover for bash's need to escape *... (\\*)\r
- // also, remove SSO if required\r
- for (int i = 0; i < args.length; ++i) {\r
- if ("\\*".equals(args[i])) {\r
- args[i] = "*";\r
- }\r
- \r
- if("-logout".equalsIgnoreCase(args[i])) {\r
- removeSSO=true;\r
- } else if("-login".equalsIgnoreCase(args[i])) {\r
- loginOnly = true;\r
- } else {\r
- larg.add(args[i]);\r
- }\r
- }\r
- \r
- String[] nargs = new String[larg.size()];\r
- larg.toArray(nargs);\r
-\r
- dot_aaf = new File(System.getProperty("user.home")+"/.aaf");\r
- if(!dot_aaf.exists()) {\r
- dot_aaf.mkdirs();\r
- }\r
- File f = new File(dot_aaf,"sso.out");\r
- os = new PrintStream(new FileOutputStream(f,true));\r
- stdout = System.out;\r
- stderr = System.err;\r
- System.setOut(os);\r
- System.setErr(os);\r
-\r
- access = new PropAccess(os,nargs);\r
- Config.setDefaultRealm(access);\r
-\r
- user = access.getProperty(Config.AAF_MECHID);\r
- encrypted_pass = access.getProperty(Config.AAF_MECHPASS);\r
- \r
- File dot_aaf_kf = new File(dot_aaf,"keyfile");\r
- \r
- sso = new File(dot_aaf,"sso.props");\r
- if(removeSSO) {\r
- if(dot_aaf_kf.exists()) {\r
- dot_aaf_kf.setWritable(true,true);\r
- dot_aaf_kf.delete();\r
- }\r
- if(sso.exists()) {\r
- sso.delete();\r
- }\r
- System.out.println("AAF SSO information removed");\r
- System.exit(0);\r
- }\r
- \r
- if(!dot_aaf_kf.exists()) {\r
- FileOutputStream fos = new FileOutputStream(dot_aaf_kf);\r
- try {\r
- fos.write(Symm.encrypt.keygen());\r
- dot_aaf_kf.setExecutable(false,false);\r
- dot_aaf_kf.setWritable(false,false);\r
- dot_aaf_kf.setReadable(false,false);\r
- dot_aaf_kf.setReadable(true, true);\r
- } finally {\r
- fos.close();\r
- }\r
- }\r
-\r
- String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props\r
- if(keyfile==null) {\r
- access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());\r
- }\r
- \r
- String alias = access.getProperty(Config.CADI_ALIAS);\r
- if(user==null && alias!=null && access.getProperty(Config.CADI_KEYSTORE_PASSWORD)!=null) {\r
- user = alias;\r
- access.setProperty(Config.AAF_MECHID, user);\r
- use_X509 = true;\r
- } else {\r
- use_X509 = false;\r
- Symm decryptor = Symm.obtain(dot_aaf_kf);\r
- if (user==null) {\r
- if(sso.exists() && sso.lastModified()>System.currentTimeMillis()-(8*60*60*1000 /* 8 hours */)) {\r
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...\r
- FileInputStream fos = new FileInputStream(sso);\r
- try {\r
- access.load(fos);\r
- user = access.getProperty(Config.AAF_MECHID);\r
- encrypted_pass = access.getProperty(Config.AAF_MECHPASS);\r
- // decrypt with .aaf, and re-encrypt with regular Keyfile\r
- access.setProperty(Config.AAF_MECHPASS, \r
- access.encrypt(decryptor.depass(encrypted_pass)));\r
- if(cm_url!=null) { //Command line CM_URL Overwrites ssofile.\r
- access.setProperty(Config.CM_URL, cm_url);\r
- }\r
- } finally {\r
- fos.close();\r
- }\r
- } else {\r
- diskprops = new Properties();\r
- String realm = Config.getDefaultRealm();\r
- // Turn on Console Sysout\r
- System.setOut(stdout);\r
- user=cons.readLine("aaf_id(%s@%s): ",System.getProperty("user.name"),realm);\r
- if(user==null) {\r
- user = System.getProperty("user.name")+'@'+realm;\r
- } else if(user.length()==0) { // \r
- user = System.getProperty("user.name")+'@' + realm;\r
- } else if(user.indexOf('@')<0 && realm!=null) {\r
- user = user+'@'+realm;\r
- }\r
- access.setProperty(Config.AAF_MECHID,user);\r
- diskprops.setProperty(Config.AAF_MECHID,user);\r
- encrypted_pass = new String(cons.readPassword("aaf_password: "));\r
- System.setOut(os);\r
- encrypted_pass = Symm.ENC+decryptor.enpass(encrypted_pass);\r
- access.setProperty(Config.AAF_MECHPASS,encrypted_pass);\r
- diskprops.setProperty(Config.AAF_MECHPASS,encrypted_pass);\r
- diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));\r
- }\r
- }\r
- }\r
- if (user == null) {\r
- err = new StringBuilder("Add -D" + Config.AAF_MECHID + "=<id> ");\r
- }\r
- \r
- if (encrypted_pass == null && alias==null) {\r
- if (err == null) {\r
- err = new StringBuilder();\r
- } else {\r
- err.append("and ");\r
- }\r
- err.append("-D" + Config.AAF_MECHPASS + "=<passwd> ");\r
- }\r
- }\r
- \r
- public void setLogDefault() {\r
- access.setLogLevel(PropAccess.DEFAULT);\r
- if(stdout!=null) {\r
- System.setOut(stdout);\r
- }\r
- }\r
-\r
- public void setStdErrDefault() {\r
- access.setLogLevel(PropAccess.DEFAULT);\r
- if(stderr!=null) {\r
- System.setErr(stderr);\r
- }\r
- }\r
-\r
- public void setLogDefault(Level level) {\r
- access.setLogLevel(level);\r
- if(stdout!=null) {\r
- System.setOut(stdout);\r
- }\r
- }\r
- \r
- public boolean loginOnly() {\r
- return loginOnly;\r
- }\r
-\r
- public void addProp(String key, String value) {\r
- if(diskprops!=null) {\r
- diskprops.setProperty(key, value);\r
- }\r
- }\r
- \r
- public void writeFiles() throws IOException {\r
- // Store Creds, if they work \r
- if(diskprops!=null) {\r
- if(!dot_aaf.exists()) {\r
- dot_aaf.mkdirs();\r
- }\r
- FileOutputStream fos = new FileOutputStream(sso);\r
- try {\r
- diskprops.store(fos, "AAF Single Signon");\r
- } finally {\r
- fos.close();\r
- sso.setWritable(false,false);\r
- sso.setExecutable(false,false);\r
- sso.setReadable(false,false);\r
- sso.setReadable(true,true);\r
- }\r
- }\r
- if(sso!=null) {\r
- sso.setReadable(false,false);\r
- sso.setWritable(false,false);\r
- sso.setExecutable(false,false);\r
- sso.setReadable(true,true);\r
- sso.setWritable(true,true);\r
- }\r
- }\r
-\r
- public PropAccess access() {\r
- return access;\r
- }\r
-\r
- public StringBuilder err() {\r
- return err;\r
- }\r
- \r
- public String user() {\r
- return user;\r
- }\r
- \r
- public String enc_pass() {\r
- return encrypted_pass;\r
- }\r
- \r
- public boolean useX509() {\r
- return use_X509;\r
- }\r
- \r
- public void close() {\r
- if(close!=null) {\r
- try {\r
- close.invoke(null);\r
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {\r
- // nothing to do here.\r
- }\r
- close = null;\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.onap.aaf.cadi.aaf;\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-\r
-\r
-import static org.hamcrest.CoreMatchers.is;\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Mockito.when;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-public class JU_AAFPermissionTest {\r
-\r
- private static final String INSTANCE = "*";\r
- private static final String ACTION = "*";\r
- private static final String TYPE = "Auth";\r
- private static final String KEY =TYPE + '|' + INSTANCE + '|' + ACTION;\r
- \r
- private String STRINGVALUE =\r
- "AAFPermission:\n\tType: " + TYPE + \r
- "\n\tInstance: " + INSTANCE +\r
- "\n\tAction: " + ACTION +\r
- "\n\tKey: " + KEY;\r
-\r
- @Mock\r
- private LocalPermission localPermission;\r
- \r
- @Mock\r
- private LocalPermission localPermission2;\r
-\r
- @Before\r
- public void setup() {\r
- MockitoAnnotations.initMocks(this);\r
- when(localPermission.getKey()).thenReturn(TYPE);\r
- when(localPermission2.getKey()).thenReturn(TYPE+" Default");\r
- }\r
- \r
- @Test\r
- public void test() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
- \r
- @Test\r
- public void test4() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
- \r
- @Test\r
- public void test1() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
- \r
- @Test\r
- public void test2() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
-\r
- \r
- @Test\r
- public void test3() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
- \r
- @Test\r
- public void test5() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
- \r
- @Test\r
- public void test6() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
- \r
- @Test\r
- public void test7() {\r
- AAFPermission permission = new AAFPermission(TYPE, INSTANCE, ACTION);\r
- \r
- assertTrue("This should Match",permission.match(permission));\r
- \r
- assertTrue("This should Match", permission.match(localPermission));\r
- \r
- assertFalse("This should Not Match", permission.match(localPermission2));\r
- \r
- assertThat(permission.getKey(), is(KEY));\r
- \r
- assertThat(permission.permType(), is("AAF"));\r
- \r
- assertThat(permission.toString(), is(STRINGVALUE));\r
- \r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.onap.aaf.cadi.aaf;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Mockito.when;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-import org.onap.aaf.cadi.aaf.AAFTransmutate;\r
-import org.onap.aaf.cadi.lur.ConfigPrincipal;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-\r
-public class JU_AAFTransmutateTest {\r
- \r
- @Mock\r
- Principal principal ;\r
- \r
- @Before\r
- public void setup() {\r
- MockitoAnnotations.initMocks(this);\r
- when(principal.getName()).thenReturn("Value");\r
- }\r
-\r
- @Test\r
- public void testMutate() throws IOException {\r
- BasicPrincipal p = new BasicPrincipal("content", "domain");\r
- AAFTransmutate transmutate = new AAFTransmutate();\r
-// assertNotNull(transmutate.mutate(p));\r
- \r
- ConfigPrincipal cp = new ConfigPrincipal("content", "cred");\r
-// assertNotNull(transmutate.mutate(cp));\r
- \r
- assertNull(transmutate.mutate(principal));\r
- }\r
-\r
- \r
- @Test\r
- public void testMutate4() throws IOException {\r
- BasicPrincipal p = new BasicPrincipal("content", "domain");\r
- AAFTransmutate transmutate = new AAFTransmutate();\r
-// assertNotNull(transmutate.mutate(p));\r
- \r
- ConfigPrincipal cp = new ConfigPrincipal("content", "cred");\r
-// assertNotNull(transmutate.mutate(cp));\r
- \r
- assertNull(transmutate.mutate(principal));\r
- }\r
-\r
- \r
- @Test\r
- public void testMutate1() throws IOException {\r
- BasicPrincipal p = new BasicPrincipal("content", "domain");\r
- AAFTransmutate transmutate = new AAFTransmutate();\r
-// assertNotNull(transmutate.mutate(p));\r
- \r
- ConfigPrincipal cp = new ConfigPrincipal("content", "cred");\r
-// assertNotNull(transmutate.mutate(cp));\r
- \r
- assertNull(transmutate.mutate(principal));\r
- }\r
-\r
- \r
- @Test\r
- public void testMutate2() throws IOException {\r
- BasicPrincipal p = new BasicPrincipal("content", "domain");\r
- AAFTransmutate transmutate = new AAFTransmutate();\r
-// assertNotNull(transmutate.mutate(p));\r
- \r
- ConfigPrincipal cp = new ConfigPrincipal("content", "cred");\r
-// assertNotNull(transmutate.mutate(cp));\r
- \r
- assertNull(transmutate.mutate(principal));\r
- }\r
-\r
- \r
- @Test\r
- public void testMutate3() throws IOException {\r
- BasicPrincipal p = new BasicPrincipal("content", "domain");\r
- AAFTransmutate transmutate = new AAFTransmutate();\r
-// assertNotNull(transmutate.mutate(p));\r
- \r
- ConfigPrincipal cp = new ConfigPrincipal("content", "cred");\r
-// assertNotNull(transmutate.mutate(cp));\r
- \r
- assertNull(transmutate.mutate(principal));\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.onap.aaf.cadi.aaf;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.cm.CertException;\r
-\r
-public class JU_CertExceptionTest {\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- @Test\r
- public void test3() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- \r
- @Test\r
- public void test1() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- \r
- @Test\r
- public void test2() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
- @Test\r
- public void test4() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- @Test\r
- public void test5() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- @Test\r
- public void test6() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- @Test\r
- public void test7() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
-\r
- @Test\r
- public void test8() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- @Test\r
- public void test9() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
- @Test\r
- public void test10() {\r
- CertException ex = new CertException();\r
- assertNotNull(ex);\r
- \r
- ex = new CertException("Exception Message");\r
- assertNotNull(ex);\r
- assertEquals(ex.getMessage(),"Exception Message");\r
- \r
- ex = new CertException(new Throwable());\r
- assertNotNull(ex);\r
- assertNotNull(ex.getCause());\r
- \r
- ex = new CertException("Exception Message1", new Throwable());\r
- assertNotNull(ex.getCause());\r
- assertEquals(ex.getMessage(),"Exception Message1");\r
- }\r
-\r
-}
\ No newline at end of file
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.client;\r
-\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Mockito.when;\r
-\r
-import java.io.PrintStream;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Answers;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-import org.mockito.stubbing.Answer;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import aaf.v2_0.Error;\r
-\r
-public class JU_ErrMessageTest {\r
- \r
- @Mock\r
- private RosettaEnv env;\r
- \r
- @Mock(answer=Answers.RETURNS_DEEP_STUBS)\r
- private RosettaDF<Object> errDF;\r
-\r
- private ErrMessage errMessage;\r
-\r
- private String attErrJson = "key:value";\r
- \r
- private Error error;\r
-\r
- private Future<?> future;\r
- \r
- @Before\r
- public void setUp() throws Exception {\r
- MockitoAnnotations.initMocks(this);\r
- \r
- when(env.newDataFactory(Error.class)).thenReturn(errDF);\r
- \r
- future = new Future<Error>() {\r
-\r
- @Override\r
- public boolean get(int timeout) throws CadiException {\r
- return false;\r
- }\r
-\r
- @Override\r
- public int code() {\r
- return 0;\r
- }\r
-\r
- @Override\r
- public String body() {\r
- return "Body";\r
- }\r
-\r
- @Override\r
- public String header(String tag) {\r
- return "header";\r
- }\r
- };\r
- \r
- error = new Error();\r
- error.setMessageId("Error Message Id");\r
- error.setText("Error Text");\r
- errMessage = new ErrMessage(env);\r
- \r
- \r
- }\r
-\r
- @Test\r
- public void testPrintErrMessage() throws APIException {\r
- when(errDF.newData().in(TYPE.JSON).load(attErrJson).asObject()).thenReturn(error);\r
- \r
- errMessage.printErr(System.out, attErrJson);\r
- }\r
- \r
- @Test\r
- public void testToMsgJsonErrAttribute() throws APIException {\r
- when(errDF.newData().in(TYPE.JSON).load(attErrJson).asObject()).thenReturn(error);\r
- \r
- StringBuilder sb = new StringBuilder();\r
- errMessage.toMsg(sb,attErrJson);\r
- \r
- assertEquals(sb.toString(),"Error Message Id Error Text");\r
- }\r
- \r
- @Test\r
- public void testToMsgFuture() {\r
- StringBuilder sb = errMessage.toMsg(future);\r
- \r
- assertEquals(sb.toString(), "0: Body");\r
- }\r
-\r
- \r
- @Test\r
- public void testToMsgFutureWithoutException() throws APIException {\r
- when(errDF.newData().in(TYPE.JSON).load(future.body()).asObject()).thenReturn(error);\r
- \r
- StringBuilder sb = errMessage.toMsg(future);\r
- \r
- assertEquals(sb.toString(), "Error Message Id Error Text");\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.marshal;\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.rosetta.ParseException;\r
-\r
-public class JU_CertsMarshalTest {\r
-\r
- @Test\r
- public void test() throws ParseException {\r
- CertsMarshal marshal = new CertsMarshal();\r
- assertNotNull(marshal);\r
- }\r
-\r
- @Test\r
- public void test2() throws ParseException {\r
- CertsMarshal marshal = new CertsMarshal();\r
- assertNotNull(marshal);\r
- }\r
-\r
- @Test\r
- public void test3() throws ParseException {\r
- CertsMarshal marshal = new CertsMarshal();\r
- assertNotNull(marshal);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.v2_0;\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-\r
-\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Matchers.anyInt;\r
-import static org.mockito.Mockito.when;\r
-\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Answers;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-import com.att.aft.dme2.internal.jersey.api.client.Client;\r
-\r
-public class JU_AAFAuthnTest {\r
- \r
- @Mock(answer = Answers.RETURNS_DEEP_STUBS)\r
- private AAFCon<Client> con;\r
-\r
- @Mock(answer = Answers.RETURNS_DEEP_STUBS)\r
- private Future<String> fp;\r
-\r
- @Mock(answer = Answers.RETURNS_DEEP_STUBS)\r
- private AbsUserCache<AAFPermission> cache;\r
-\r
- \r
- @Before\r
- public void setup() throws APIException, CadiException {\r
- MockitoAnnotations.initMocks(this);\r
- when(con.client(AAFCon.AAF_LATEST_VERSION).read("/authn/basicAuth", "text/plain")).thenReturn(fp);\r
- }\r
- \r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENT() throws Exception {\r
- when(fp.get(anyInt())).thenReturn(false);\r
- when(fp.code()).thenReturn(401);\r
- when(fp.header("WWW-Authenticate")).thenReturn("Basic realm=\"Value\"");\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con);\r
- \r
- assertNotNull(auth.validate("NewUser", "New Password"));;\r
- }\r
-\r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission() throws Exception {\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con,cache);\r
- }\r
- \r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENT1() throws Exception {\r
- when(fp.get(anyInt())).thenReturn(false);\r
- when(fp.code()).thenReturn(401);\r
- when(fp.header("WWW-Authenticate")).thenReturn("Basic realm=\"Value\"");\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con);\r
- \r
- assertNotNull(auth.validate("NewUser1", "New Password1"));;\r
- }\r
-\r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission1() throws Exception {\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con,cache);\r
- }\r
- \r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENT2() throws Exception {\r
- when(fp.get(anyInt())).thenReturn(false);\r
- when(fp.code()).thenReturn(401);\r
- when(fp.header("WWW-Authenticate")).thenReturn("Basic realm=\"Value\"");\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con);\r
- \r
- assertNotNull(auth.validate("NewUser2", "New Password2"));;\r
- }\r
-\r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission2() throws Exception {\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con,cache);\r
- }\r
- \r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENT3() throws Exception {\r
- when(fp.get(anyInt())).thenReturn(false);\r
- when(fp.code()).thenReturn(401);\r
- when(fp.header("WWW-Authenticate")).thenReturn("Basic realm=\"Value\"");\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con);\r
- \r
- assertNotNull(auth.validate("NewUser3", "New Password3"));;\r
- }\r
-\r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission3() throws Exception {\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con,cache);\r
- }\r
- \r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENT4() throws Exception {\r
- when(fp.get(anyInt())).thenReturn(false);\r
- when(fp.code()).thenReturn(401);\r
- when(fp.header("WWW-Authenticate")).thenReturn("Basic realm=\"Value\"");\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con);\r
- \r
- assertNotNull(auth.validate("NewUser4", "New Password4"));;\r
- }\r
-\r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission4() throws Exception {\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con,cache);\r
- }\r
- \r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENT5() throws Exception {\r
- when(fp.get(anyInt())).thenReturn(false);\r
- when(fp.code()).thenReturn(401);\r
- when(fp.header("WWW-Authenticate")).thenReturn("Basic realm=\"Value\"");\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con);\r
- \r
- assertNotNull(auth.validate("NewUser5", "New Password5"));;\r
- }\r
-\r
- @Test\r
- public void testAAFAuthnAAFConOfCLIENTAbsUserCacheOfAAFPermission5() throws Exception {\r
- AAFAuthn<Client> auth = new AAFAuthn<Client>(con,cache);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.aaf.test;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.File;\r
-import java.io.FileReader;\r
-import java.io.PrintWriter;\r
-import java.io.StringWriter;\r
-import java.net.HttpURLConnection;\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.util.Properties;\r
-\r
-import org.junit.BeforeClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFTaf;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.locator.DNSLocator;\r
-import org.onap.aaf.cadi.principal.CachedBasicPrincipal;\r
-\r
-import junit.framework.Assert;\r
-\r
-public class JU_JMeter {\r
- private static AAFConHttp aaf;\r
- private static AAFAuthn<HttpURLConnection> aafAuthn;\r
- private static AAFLurPerm aafLur;\r
- private static ArrayList<Principal> perfIDs;\r
- \r
- private static AAFTaf<HttpURLConnection> aafTaf;\r
- private static PropAccess access;\r
-\r
- @BeforeClass\r
- public static void before() throws Exception {\r
- if(aafLur==null) {\r
- Properties props = System.getProperties();\r
- props.setProperty("AFT_LATITUDE", "32.780140");\r
- props.setProperty("AFT_LONGITUDE", "-96.800451");\r
- props.setProperty("DME2_EP_REGISTRY_CLASS","DME2FS");\r
- props.setProperty("AFT_DME2_EP_REGISTRY_FS_DIR","/Volumes/Data/src/authz/dme2reg");\r
- props.setProperty("AFT_ENVIRONMENT", "AFTUAT");\r
- props.setProperty("SCLD_PLATFORM", "NON-PROD");\r
- props.setProperty(Config.AAF_URL,"https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE");\r
- props.setProperty(Config.AAF_READ_TIMEOUT, "2000");\r
- int timeToLive = 3000;\r
- props.setProperty(Config.AAF_CLEAN_INTERVAL, Integer.toString(timeToLive));\r
- props.setProperty(Config.AAF_HIGH_COUNT, "4");\r
-\r
- String aafPerfIDs = props.getProperty("AAF_PERF_IDS");\r
- perfIDs = new ArrayList<Principal>();\r
- File perfFile = null;\r
- if(aafPerfIDs!=null) {\r
- perfFile = new File(aafPerfIDs);\r
- }\r
-\r
- access = new PropAccess();\r
- aaf = new AAFConHttp(access, new DNSLocator(access,"https","localhost","8100"));\r
- aafTaf = new AAFTaf<HttpURLConnection>(aaf,false);\r
- aafLur = aaf.newLur(aafTaf);\r
- aafAuthn = aaf.newAuthn(aafTaf);\r
- aaf.basicAuth("testid@aaf.att.com", "whatever");\r
-\r
- if(perfFile==null||!perfFile.exists()) {\r
- perfIDs.add(new CachedBasicPrincipal(aafTaf, \r
- "Basic dGVzdGlkOndoYXRldmVy", \r
- "aaf.att.com",timeToLive));\r
- perfIDs.add(new Princ("ab1234@aaf.att.com")); // Example of Local ID, which isn't looked up\r
- } else {\r
- BufferedReader ir = new BufferedReader(new FileReader(perfFile));\r
- try {\r
- String line;\r
- while((line = ir.readLine())!=null) {\r
- if((line=line.trim()).length()>0)\r
- perfIDs.add(new Princ(line));\r
- }\r
- } finally {\r
- ir.close();\r
- }\r
- }\r
- Assert.assertNotNull(aafLur);\r
- }\r
- }\r
-\r
- private static class Princ implements Principal {\r
- private String name;\r
- public Princ(String name) {\r
- this.name = name;\r
- }\r
- public String getName() {\r
- return name;\r
- }\r
- \r
- };\r
- \r
- private static int index = -1;\r
- \r
- private synchronized Principal getIndex() {\r
- if(perfIDs.size()<=++index)index=0;\r
- return perfIDs.get(index);\r
- }\r
- @Test\r
- public void test() {\r
- try {\r
- aafAuthn.validate("testid@aaf.att.com", "whatever");\r
- List<Permission> perms = new ArrayList<Permission>();\r
- aafLur.fishAll(getIndex(), perms);\r
-// Assert.assertFalse(perms.isEmpty());\r
-// for(Permission p : perms) {\r
-// //access.log(Access.Level.AUDIT, p.permType());\r
-// }\r
- } catch (Exception e) {\r
- StringWriter sw = new StringWriter();\r
- e.printStackTrace(new PrintWriter(sw));\r
- Assert.assertFalse(sw.toString(),true);\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.aaf.test;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.IOException;\r
-import java.io.UnsupportedEncodingException;\r
-import java.net.HttpURLConnection;\r
-import java.security.Principal;\r
-import java.util.Collection;\r
-import java.util.Enumeration;\r
-import java.util.Locale;\r
-import java.util.Map;\r
-\r
-import javax.servlet.AsyncContext;\r
-import javax.servlet.DispatcherType;\r
-import javax.servlet.RequestDispatcher;\r
-import javax.servlet.ServletContext;\r
-import javax.servlet.ServletException;\r
-import javax.servlet.ServletInputStream;\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.ServletResponse;\r
-import javax.servlet.http.Cookie;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-import javax.servlet.http.HttpSession;\r
-import javax.servlet.http.Part;\r
-\r
-import org.junit.BeforeClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.Taf.LifeForm;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFTaf;\r
-import org.onap.aaf.cadi.locator.DNSLocator;\r
-import org.onap.aaf.cadi.lur.ConfigPrincipal;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-public class JU_Lur2_0Call {\r
- private static AAFConHttp aaf;\r
- private static PropAccess access;\r
-\r
- @BeforeClass\r
- public static void setUpBeforeClass() throws Exception {\r
- access = new PropAccess();\r
- aaf = new AAFConHttp(access,new DNSLocator(access,"https","localhost","8100"));\r
- aaf.basicAuth("testid", "whatever");\r
- }\r
-\r
- @Test \r
- public void test() throws Exception {\r
- \r
- AAFLurPerm aafLur = aaf.newLur();\r
-\r
- Principal pri = new ConfigPrincipal("testid@aaf.att.com","whatever");\r
- for (int i = 0; i < 10; ++i) {\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|write"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|kumquat|write"),false);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|read"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|kumquat|read"),true);\r
- \r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","write"),true);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","kumquat","write"),false);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","read"),true);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","kumquat","read"),true);\r
-\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!kum.*|read"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|!wr*"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance"),true);\r
-\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!kum.*","read"),true);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","!wr*"),true);\r
-\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!kum[Qq]uat|read"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!my[iI]nstance|!wr*"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!my[iI]nstance|!wr*"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|!wr*"),true);\r
-\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!kum[Qq]uat","read"),true);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!my[iI]nstance","!wr*"),true);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!my[iI]nstance","!wr*"),true);\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","!wr*"),true);\r
- \r
-\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!my.nstance|!wr*"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|my.nstance|!wr*"),false);\r
- \r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|my.nstance|!wr*"),false);\r
- \r
- //Maitrayee, aren't we going to have issues if we do RegExp with "."?\r
- //Is it too expensive to only do Reg Ex in presence of special characters, []{}*, etc? Not sure this helps for GRID.\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|kum.quat|read"),true);\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!kum..uat|read"),true);\r
- \r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance"),true); // ok if Stored Action is "*"\r
- \r
- // Key Evaluations\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|:myCluster:*:!my.*|write"),true); // ok if Stored Action is "*"\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|:myCluster:*|write"),false); // not ok if key lengths don't match "*"\r
- print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|:myCluster:*:myCF|write"),true); // ok if Stored Action is "*"\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service",":myCluster:*:!my.*","write"),true); // ok if Stored Action is "*"\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service",":myCluster:*:myCF","write"),true); // ok if Stored Action is "*"\r
- print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service",":myCluster:*","write"),false); // not ok if key lengths don't match\r
- \r
- }\r
-\r
- print(aafLur, pri, new LocalPermission("bogus"),false);\r
-\r
-// try {\r
-// Thread.sleep(7000);\r
-// } catch (InterruptedException e) {\r
-// e.printStackTrace();\r
-// }\r
- for (int i = 0; i < 10; ++i)\r
- print(aafLur, pri, new LocalPermission("supergroup"),false);\r
-\r
- System.out.println("All Done");\r
- }\r
- @Test\r
- public void testTaf() throws Exception {\r
- AAFTaf<?> aaft = new AAFTaf<HttpURLConnection>(aaf,true);\r
- \r
- TafResp resp;\r
- // No Header\r
- resp = aaft.validate(LifeForm.CBLF, new Req(), null);\r
- assertEquals(TafResp.RESP.TRY_AUTHENTICATING, resp.isAuthenticated());\r
-\r
- String auth = "Basic " + Symm.base64.encode("testid:whatever");\r
- resp = aaft.validate(LifeForm.CBLF, new Req("Authorization",auth), null);\r
- assertEquals(TafResp.RESP.IS_AUTHENTICATED, resp.isAuthenticated());\r
- \r
- }\r
-// @Test\r
-// public void testRole() throws CadiException {\r
-// TestAccess ta = new TestAccess();\r
-// AAFLurRole1_0 aafLur = new AAFLurRole1_0(\r
-// ta,\r
-//// "http://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=1.0.0/envContext=UAT/routeOffer=BAU_SE",\r
-// "http://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=1.0.0/envContext=DEV/routeOffer=D1",\r
-// "m12345", "m12345pass", 50000, // dme Time\r
-// // 5*60000); // 5 minutes User Expiration\r
-// 50000, // 5 seconds after Expiration\r
-// 200); // High Count of items.. These do not take much memory\r
-//\r
-// Principal pri = new ConfigPrincipal("xy1234","whatever");\r
-// for (int i = 0; i < 10; ++i) {\r
-//// print(aafLur, pri, new LocalPermission("*|*|*|com.att.authz"));\r
-// print(aafLur, pri, new LocalPermission("service|myInstance|write"),false);\r
-// print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|write"),false);\r
-// print(aafLur, pri, new LocalPermission("com.att.cadi"),true);\r
-// print(aafLur, pri, new LocalPermission("global"),true);\r
-// print(aafLur, pri, new LocalPermission("kumquat"),false);\r
-// }\r
-//\r
-// print(aafLur, pri, new LocalPermission("bogus"),false);\r
-//\r
-// for (int i = 0; i < 10; ++i)\r
-// print(aafLur, pri, new LocalPermission("supergroup"),false);\r
-//\r
-// System.out.println("All Done");\r
-// }\r
-\r
-\r
- private void print(Lur aafLur, Principal pri, Permission perm, boolean shouldBe)\r
- throws CadiException {\r
- long start = System.nanoTime();\r
- \r
- // The Call\r
- boolean ok = aafLur.fish(pri, perm);\r
- \r
- assertEquals(shouldBe,ok);\r
- float ms = (System.nanoTime() - start) / 1000000f;\r
- if (ok) {\r
- System.out.println("Yes, part of " + perm.getKey() + " (" + ms\r
- + "ms)");\r
- } else {\r
- System.out.println("No, not part of " + perm.getKey() + " (" + ms\r
- + "ms)");\r
- }\r
- }\r
-\r
- @SuppressWarnings("rawtypes")\r
- public class Req implements HttpServletRequest {\r
- private String[] headers;\r
-\r
- public Req(String ... headers) {\r
- this.headers = headers;\r
- }\r
-\r
- public Object getAttribute(String name) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Enumeration getAttributeNames() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getCharacterEncoding() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public void setCharacterEncoding(String env)\r
- throws UnsupportedEncodingException {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- public int getContentLength() {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-\r
- public String getContentType() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public ServletInputStream getInputStream() throws IOException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getParameter(String name) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Enumeration getParameterNames() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String[] getParameterValues(String name) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Map getParameterMap() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getProtocol() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getScheme() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getServerName() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public int getServerPort() {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-\r
- public BufferedReader getReader() throws IOException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getRemoteAddr() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getRemoteHost() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public void setAttribute(String name, Object o) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- public void removeAttribute(String name) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- public Locale getLocale() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Enumeration getLocales() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public boolean isSecure() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- public RequestDispatcher getRequestDispatcher(String path) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getRealPath(String path) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public int getRemotePort() {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-\r
- public String getLocalName() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getLocalAddr() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public int getLocalPort() {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-\r
- public String getAuthType() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public Cookie[] getCookies() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public long getDateHeader(String name) {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-\r
- public String getHeader(String name) {\r
- for(int i=1;i<headers.length;i=i+2) {\r
- if(headers[i-1].equals(name)) return headers[i];\r
- }\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Enumeration getHeaders(String name) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Enumeration getHeaderNames() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public int getIntHeader(String name) {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-\r
- public String getMethod() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getPathInfo() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getPathTranslated() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getContextPath() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getQueryString() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getRemoteUser() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public boolean isUserInRole(String role) {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- public Principal getUserPrincipal() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getRequestedSessionId() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getRequestURI() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public StringBuffer getRequestURL() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public String getServletPath() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public HttpSession getSession(boolean create) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public HttpSession getSession() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public boolean isRequestedSessionIdValid() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- public boolean isRequestedSessionIdFromCookie() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- public boolean isRequestedSessionIdFromURL() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- public boolean isRequestedSessionIdFromUrl() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- @Override\r
- public ServletContext getServletContext() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public AsyncContext startAsync() throws IllegalStateException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public AsyncContext startAsync(ServletRequest servletRequest,\r
- ServletResponse servletResponse) throws IllegalStateException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public boolean isAsyncStarted() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- @Override\r
- public boolean isAsyncSupported() {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- @Override\r
- public AsyncContext getAsyncContext() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public DispatcherType getDispatcherType() {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public boolean authenticate(HttpServletResponse response)\r
- throws IOException, ServletException {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- @Override\r
- public void login(String username, String password)\r
- throws ServletException {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- @Override\r
- public void logout() throws ServletException {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- @Override\r
- public Collection<Part> getParts() throws IOException, ServletException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public Part getPart(String name) throws IOException, ServletException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
- \r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.aaf.test;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.locator.PropertyLocator;\r
-\r
-public class JU_MultiThreadPermHit {\r
- public static void main(String args[]) {\r
- // Link or reuse to your Logging mechanism\r
- PropAccess myAccess = new PropAccess(); // \r
- \r
- // \r
- try {\r
- AAFConHttp con = new AAFConHttp(myAccess,new PropertyLocator("https://mithrilcsp.sbc.com:8100"));\r
- \r
- // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
- final AAFLurPerm aafLur = con.newLur();\r
- aafLur.setDebug("m12345@aaf.att.com");\r
-\r
- // Note: If you need both Authn and Authz construct the following:\r
- AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);\r
- \r
- // Do not set Mech ID until after you construct AAFAuthn,\r
- // because we initiate "401" info to determine the Realm of \r
- // of the service we're after.\r
- final String id = myAccess.getProperty(Config.AAF_MECHID,null);\r
- final String pass = myAccess.decrypt(myAccess.getProperty(Config.AAF_MECHPASS,null),false);\r
- if(id!=null && pass!=null) {\r
- try {\r
- \r
- // Normally, you obtain Principal from Authentication System.\r
- // // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
- // // If you use CADI as Authenticator, it will get you these Principals from\r
- // // CSP or BasicAuth mechanisms.\r
- // String id = "cluster_admin@gridcore.att.com";\r
- //\r
- // // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
- String ok;\r
- ok = aafAuthn.validate(id, pass);\r
- if(ok!=null) {\r
- System.out.println(ok);\r
- }\r
-\r
- List<Permission> pond = new ArrayList<Permission>();\r
- for(int i=0;i<20;++i) {\r
- pond.clear();\r
- aafLur.fishAll(i+id, pond);\r
- if(ok!=null && i%1000==0) {\r
- System.out.println(i + " " + ok);\r
- }\r
- }\r
-\r
- for(int i=0;i<1000000;++i) {\r
- ok = aafAuthn.validate( i+ id, "wrongPass");\r
- if(ok!=null && i%1000==0) {\r
- System.out.println(i + " " + ok);\r
- }\r
- }\r
- \r
- final AAFPermission perm = new AAFPermission("com.att.aaf.access","*","*");\r
- \r
- // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
- // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
- // instead of creating your own LUR\r
- for(int i=0;i<4;++i) {\r
- if(aafLur.fish(id, perm)) {\r
- System.out.println("Yes, " + id + " has permission for " + perm.getKey());\r
- } else {\r
- System.out.println("No, " + id + " does not have permission for " + perm.getKey());\r
- }\r
- }\r
- \r
- \r
- // Or you can all for all the Permissions available\r
- List<Permission> perms = new ArrayList<Permission>();\r
- \r
- \r
- aafLur.fishAll(id,perms);\r
- System.out.println("Perms for " + id);\r
- for(Permission prm : perms) {\r
- System.out.println(prm.getKey());\r
- }\r
- \r
- System.out.println("Press any key to continue");\r
- System.in.read();\r
- \r
- for(int j=0;j<5;++j) {\r
- new Thread(new Runnable() {\r
- @Override\r
- public void run() {\r
- for(int i=0;i<20;++i) {\r
- if(aafLur.fish(id, perm)) {\r
- System.out.println("Yes, " + id + " has permission for " + perm.getKey());\r
- } else {\r
- System.out.println("No, " + id + " does not have permission for " + perm.getKey());\r
- }\r
- }\r
- }\r
- }).start();\r
- }\r
- \r
- \r
- } finally {\r
- aafLur.destroy();\r
- }\r
- } else { // checked on IDs\r
- System.err.println(Config.AAF_MECHID + " and/or " + Config.AAF_MECHPASS + " are not set.");\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.aaf.test;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.aaf.PermEval;\r
-\r
-public class JU_PermEval {\r
-\r
- @AfterClass\r
- public static void tearDownAfterClass() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() {\r
- assertTrue(PermEval.evalInstance(":com.att.temp:role:write",":!com.att.*:role:write"));\r
- \r
- // TRUE\r
- assertTrue(PermEval.evalAction("fred","fred"));\r
- assertTrue(PermEval.evalAction("fred,wilma","fred"));\r
- assertTrue(PermEval.evalAction("barney,betty,fred,wilma","fred"));\r
- assertTrue(PermEval.evalAction("*","fred"));\r
- \r
- assertTrue(PermEval.evalInstance("fred","fred"));\r
- assertTrue(PermEval.evalInstance("fred,wilma","fred"));\r
- assertTrue(PermEval.evalInstance("barney,betty,fred,wilma","fred"));\r
- assertTrue(PermEval.evalInstance("*","fred"));\r
- \r
- assertTrue(PermEval.evalInstance(":fred:fred",":fred:fred"));\r
- assertTrue(PermEval.evalInstance(":fred:fred,wilma",":fred:fred"));\r
- assertTrue(PermEval.evalInstance(":fred:barney,betty,fred,wilma",":fred:fred"));\r
- assertTrue(PermEval.evalInstance("*","fred"));\r
- assertTrue(PermEval.evalInstance(":*:fred",":fred:fred"));\r
- assertTrue(PermEval.evalInstance(":fred:*",":fred:fred"));\r
- assertTrue(PermEval.evalInstance(":fred:fred",":!f.*:fred"));\r
- assertTrue(PermEval.evalInstance(":fred:fred",":fred:!f.*"));\r
- \r
- /// FALSE\r
- assertFalse(PermEval.evalInstance("fred","wilma"));\r
- assertFalse(PermEval.evalInstance("fred,barney,betty","wilma"));\r
- assertFalse(PermEval.evalInstance(":fred:fred",":fred:wilma"));\r
- assertFalse(PermEval.evalInstance(":fred:fred",":wilma:fred"));\r
- assertFalse(PermEval.evalInstance(":fred:fred",":wilma:!f.*"));\r
- assertFalse(PermEval.evalInstance(":fred:fred",":!f.*:wilma"));\r
- assertFalse(PermEval.evalInstance(":fred:fred",":!w.*:!f.*"));\r
- assertFalse(PermEval.evalInstance(":fred:fred",":!f.*:!w.*"));\r
-\r
- assertFalse(PermEval.evalInstance(":fred:fred",":fred:!x.*"));\r
-\r
- // MSO Tests 12/3/2015\r
- assertFalse(PermEval.evalInstance("/v1/services/features/*","/v1/services/features"));\r
- assertFalse(PermEval.evalInstance(":v1:services:features:*",":v1:services:features"));\r
- assertTrue(PermEval.evalInstance("/v1/services/features/*","/v1/services/features/api1"));\r
- assertTrue(PermEval.evalInstance(":v1:services:features:*",":v1:services:features:api2"));\r
- // MSO - Xue Gao\r
- assertTrue(PermEval.evalInstance(":v1:requests:*",":v1:requests:test0-service")); \r
-\r
-\r
- \r
- // Same tests, with Slashes\r
- assertTrue(PermEval.evalInstance("/fred/fred","/fred/fred"));\r
- assertTrue(PermEval.evalInstance("/fred/fred,wilma","/fred/fred"));\r
- assertTrue(PermEval.evalInstance("/fred/barney,betty,fred,wilma","/fred/fred"));\r
- assertTrue(PermEval.evalInstance("*","fred"));\r
- assertTrue(PermEval.evalInstance("/*/fred","/fred/fred"));\r
- assertTrue(PermEval.evalInstance("/fred/*","/fred/fred"));\r
- assertTrue(PermEval.evalInstance("/fred/fred","/!f.*/fred"));\r
- assertTrue(PermEval.evalInstance("/fred/fred","/fred/!f.*"));\r
- \r
- /// FALSE\r
- assertFalse(PermEval.evalInstance("fred","wilma"));\r
- assertFalse(PermEval.evalInstance("fred,barney,betty","wilma"));\r
- assertFalse(PermEval.evalInstance("/fred/fred","/fred/wilma"));\r
- assertFalse(PermEval.evalInstance("/fred/fred","/wilma/fred"));\r
- assertFalse(PermEval.evalInstance("/fred/fred","/wilma/!f.*"));\r
- assertFalse(PermEval.evalInstance("/fred/fred","/!f.*/wilma"));\r
- assertFalse(PermEval.evalInstance("/fred/fred","/!w.*/!f.*"));\r
- assertFalse(PermEval.evalInstance("/fred/fred","/!f.*/!w.*"));\r
-\r
- assertFalse(PermEval.evalInstance("/fred/fred","/fred/!x.*"));\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.aaf.test;\r
-\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.PrintStream;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-public class JU_TestAccess implements Access {\r
- private Symm symm;\r
- private PrintStream out;\r
-\r
- public JU_TestAccess(PrintStream out) {\r
- this.out = out;\r
- InputStream is = ClassLoader.getSystemResourceAsStream("cadi.properties");\r
- try {\r
- System.getProperties().load(is);\r
- } catch (IOException e) {\r
- e.printStackTrace(out);\r
- } finally {\r
- try {\r
- is.close();\r
- } catch (IOException e) {\r
- e.printStackTrace(out);\r
- }\r
- }\r
- \r
- String keyfile = System.getProperty(Config.CADI_KEYFILE);\r
- if(keyfile==null) {\r
- System.err.println("No " + Config.CADI_KEYFILE + " in Classpath");\r
- } else {\r
- try {\r
- is = new FileInputStream(keyfile);\r
- try {\r
- symm = Symm.obtain(is);\r
- } finally {\r
- is.close();\r
- }\r
- } catch (IOException e) {\r
- e.printStackTrace(out);\r
- }\r
- }\r
- \r
-\r
-\r
- }\r
- \r
- public void log(Level level, Object... elements) {\r
- boolean first = true;\r
- for(int i=0;i<elements.length;++i) {\r
- if(first)first = false;\r
- else out.print(' ');\r
- out.print(elements[i].toString());\r
- }\r
- out.println();\r
- }\r
-\r
- public void log(Exception e, Object... elements) {\r
- e.printStackTrace(out);\r
- log(Level.ERROR,elements);\r
- }\r
-\r
- public void setLogLevel(Level level) {\r
- \r
- }\r
-\r
- @Override\r
- public boolean willLog(Level level) {\r
- return true;\r
- }\r
-\r
- public ClassLoader classLoader() {\r
- return ClassLoader.getSystemClassLoader();\r
- }\r
-\r
- public String getProperty(String string, String def) {\r
- String rv = System.getProperty(string);\r
- return rv==null?def:rv;\r
- }\r
-\r
- public void load(InputStream is) throws IOException {\r
- \r
- }\r
-\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return (encrypted!=null && (anytext==true || encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object... elements) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.content;\r
-\r
-import java.io.StringReader;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.BeforeClass;\r
-import org.junit.Test;\r
-\r
-import aaf.v2_0.Error;\r
-\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaData;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-public class JU_Content {\r
-\r
- @BeforeClass\r
- public static void setUpBeforeClass() throws Exception {\r
- }\r
-\r
- @AfterClass\r
- public static void tearDownAfterClass() throws Exception {\r
- }\r
-\r
-\r
- @Test\r
- public void parseErrorJSON() throws Exception {\r
- final String msg = "{\"messageId\":\"SVC2000\",\"text\":\"Select which cred to delete (or 0 to delete all):" +\r
- "1) %1" +\r
- "2) %2" +\r
- "3) %3" +\r
- "4) %4" +\r
- "Run same command again with chosen entry as last parameter\"," +\r
- "\"variables\":[" +\r
- "\"m55555@jr583u.cred.test.com 1 Wed Oct 08 11:48:08 CDT 2014\"," +\r
- "\"m55555@jr583u.cred.test.com 1 Thu Oct 09 12:54:46 CDT 2014\"," +\r
- "\"m55555@jr583u.cred.test.com 1 Tue Jan 06 05:00:00 CST 2015\"," +\r
- "\"m55555@jr583u.cred.test.com 1 Wed Jan 07 05:00:00 CST 2015\"]}";\r
- \r
- Error err = new Error();\r
- err.setText("Hello");\r
- err.getVariables().add("I'm a teapot");\r
- err.setMessageId("12");\r
- \r
- \r
-// System.out.println(msg);\r
- RosettaEnv env = new RosettaEnv();\r
- RosettaDF<aaf.v2_0.Error> errDF = env.newDataFactory(aaf.v2_0.Error.class);\r
- errDF.in(RosettaData.TYPE.JSON);\r
- errDF.out(RosettaData.TYPE.JSON);\r
- RosettaData<Error> data = errDF.newData();\r
- data.load(err);\r
- System.out.println(data.asString());\r
- \r
- data.load(new StringReader(msg));\r
- err = data.asObject();\r
- System.out.println(err.getText());\r
- }\r
- \r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.example;\r
-\r
-import java.net.HttpURLConnection;\r
-import java.net.URI;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.http.HClient;\r
-import org.onap.aaf.cadi.http.HX509SS;\r
-\r
-public class JU_CadiTest {\r
- public static void main(String args[]) {\r
- Access access = new PropAccess();\r
- try {\r
- SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(access);\r
- HClient hclient = new HClient(\r
- new HX509SS(si),\r
- new URI("https://mithrilcsp.sbc.com:8085"),3000);\r
- hclient.setMethod("OPTIONS");\r
- hclient.setPathInfo("/gui/cadi/log/toggle/INFO");\r
- hclient.send();\r
- Future<String> future = hclient.futureReadString();\r
- if(future.get(5000)) {\r
- System.out.println(future.value);\r
- } else {\r
- System.out.printf("Error: %d-%s", future.code(),future.body());\r
- }\r
- \r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.example;\r
-\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.locator.DNSLocator;\r
-\r
-public class JU_ExampleAuthCheck {\r
- public static void main(String args[]) {\r
- // Link or reuse to your Logging mechanism\r
- PropAccess myAccess = new PropAccess(); // \r
- \r
- try {\r
- AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(\r
- myAccess,"https","localhost","8100"));\r
- AAFAuthn<?> authn = acon.newAuthn();\r
- long start; \r
- for (int i=0;i<10;++i) {\r
- start = System.nanoTime();\r
- String err = authn.validate("", "gritty");\r
- if(err!=null) System.err.println(err);\r
- else System.out.println("I'm ok");\r
- \r
- err = authn.validate("bogus", "gritty");\r
- if(err!=null) System.err.println(err + " (correct error)");\r
- else System.out.println("I'm ok");\r
-\r
- System.out.println((System.nanoTime()-start)/1000000f + " ms");\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.example;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConDME2;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-\r
-public class JU_ExamplePerm2_0 {\r
- public static void main(String args[]) {\r
-\r
- // Link or reuse to your Logging mechanism\r
- PropAccess myAccess = new PropAccess(); \r
- \r
- // \r
- try {\r
- AAFCon<?> acon = new AAFConDME2(myAccess);\r
- \r
- // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
- AAFLurPerm aafLur = acon.newLur();\r
- \r
- // Note: If you need both Authn and Authz construct the following:\r
- AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);\r
-\r
- // Do not set Mech ID until after you construct AAFAuthn,\r
- // because we initiate "401" info to determine the Realm of \r
- // of the service we're after.\r
- acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");\r
-\r
- try {\r
- \r
- // Normally, you obtain Principal from Authentication System.\r
- // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
- // If you use CADI as Authenticator, it will get you these Principals from\r
- // CSP or BasicAuth mechanisms.\r
- String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";\r
-\r
- // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
- String ok = aafAuthn.validate(id, "XXXXXX");\r
- if(ok!=null)System.out.println(ok);\r
- \r
- ok = aafAuthn.validate(id, "wrongPass");\r
- if(ok!=null)System.out.println(ok);\r
-\r
-\r
- // AAF Style permissions are in the form\r
- // Type, Instance, Action \r
- AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");\r
- \r
- // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
- // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
- // instead of creating your own LUR\r
- System.out.println("Does " + id + " have " + perm);\r
- if(aafLur.fish(id, perm)) {\r
- System.out.println("Yes, you have permission");\r
- } else {\r
- System.out.println("No, you don't have permission");\r
- }\r
-\r
- System.out.println("Does Bogus have " + perm);\r
- if(aafLur.fish("Bogus", perm)) {\r
- System.out.println("Yes, you have permission");\r
- } else {\r
- System.out.println("No, you don't have permission");\r
- }\r
-\r
- // Or you can all for all the Permissions available\r
- List<Permission> perms = new ArrayList<Permission>();\r
- \r
- aafLur.fishAll(id,perms);\r
- for(Permission prm : perms) {\r
- System.out.println(prm.getKey());\r
- }\r
- \r
- // It might be helpful in some cases to clear the User's identity from the Cache\r
- aafLur.remove(id);\r
- } finally {\r
- aafLur.destroy();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.example;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-import org.onap.aaf.cadi.locator.DNSLocator;\r
-\r
-public class JU_ExamplePerm2_0_DME2 {\r
- public static void main(String args[]) {\r
- // Link or reuse to your Logging mechanism\r
- PropAccess myAccess = new PropAccess(); \r
- \r
- // \r
- try {\r
- AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(\r
- myAccess,"https","localhost","8100"));\r
- \r
- // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
- AAFLurPerm aafLur = acon.newLur();\r
- \r
- // Note: If you need both Authn and Authz construct the following:\r
- AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);\r
-\r
- // Do not set Mech ID until after you construct AAFAuthn,\r
- // because we initiate "401" info to determine the Realm of \r
- // of the service we're after.\r
- acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");\r
-\r
- try {\r
- \r
- // Normally, you obtain Principal from Authentication System.\r
- // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
- // If you use CADI as Authenticator, it will get you these Principals from\r
- // CSP or BasicAuth mechanisms.\r
- String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";\r
-\r
- // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
- String ok = aafAuthn.validate(id, "XXXXXX");\r
- if(ok!=null)System.out.println(ok);\r
- \r
- ok = aafAuthn.validate(id, "wrongPass");\r
- if(ok!=null)System.out.println(ok);\r
-\r
-\r
- // AAF Style permissions are in the form\r
- // Type, Instance, Action \r
- AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");\r
- \r
- // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
- // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
- // instead of creating your own LUR\r
- System.out.println("Does " + id + " have " + perm);\r
- if(aafLur.fish(id, perm)) {\r
- System.out.println("Yes, you have permission");\r
- } else {\r
- System.out.println("No, you don't have permission");\r
- }\r
-\r
- System.out.println("Does Bogus have " + perm);\r
- if(aafLur.fish("Bogus", perm)) {\r
- System.out.println("Yes, you have permission");\r
- } else {\r
- System.out.println("No, you don't have permission");\r
- }\r
-\r
- // Or you can all for all the Permissions available\r
- List<Permission> perms = new ArrayList<Permission>();\r
- \r
- aafLur.fishAll(id,perms);\r
- for(Permission prm : perms) {\r
- System.out.println(prm.getKey());\r
- }\r
- \r
- // It might be helpful in some cases to clear the User's identity from the Cache\r
- aafLur.remove(id);\r
- } finally {\r
- aafLur.destroy();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.example;\r
-\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.locator.DNSLocator;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-public class JU_X509Test {\r
- public static void main(String args[]) {\r
- // Link or reuse to your Logging mechanism\r
- \r
- PropAccess myAccess = new PropAccess();\r
- \r
- // \r
- try {\r
- AAFConHttp con = new AAFConHttp(myAccess, \r
- new DNSLocator(myAccess,"https","mithrilcsp.sbc.com","8100"));\r
- \r
- // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
- AAFLurPerm aafLur = con.newLur();\r
- \r
- // Note: If you need both Authn and Authz construct the following:\r
-// AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);\r
- \r
- // con.x509Alias("aaf.att"); // alias in keystore\r
-\r
- try {\r
- \r
- // Normally, you obtain Principal from Authentication System.\r
-// // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
-// // If you use CADI as Authenticator, it will get you these Principals from\r
-// // CSP or BasicAuth mechanisms.\r
-// String id = "cluster_admin@gridcore.att.com";\r
-//\r
-// // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
- Future<String> fs = \r
- con.client("2.0").read("/authz/perms/com.att.aaf.ca","application/Perms+json");\r
- if(fs.get(3000)) {\r
- System.out.println(fs.value);\r
- } else {\r
- System.out.println("Error: " + fs.code() + ':' + fs.body());\r
- }\r
- \r
- // Check on Perms with LUR\r
- if(aafLur.fish(new Principal() {\r
- @Override\r
- public String getName() {\r
- return "m12345@aaf.att.com";\r
- }\r
- }, new LocalPermission("com.att.aaf.ca|aaf|request"))) {\r
- System.out.println("Has Perm");\r
- } else {\r
- System.out.println("Does NOT Have Perm");\r
- }\r
- } finally {\r
- aafLur.destroy();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-}\r
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-##\r
-## AUTHZ API (authz-service) Properties\r
-##\r
-\r
-cadi_prop_file=com.att.aaf.props;com.att.aaf.common.props\r
-\r
-#cadi_trust_all_x509=true\r
-#cadi_alias=aaf.att\r
-https.protocols=TLSv1.1,TLSv1.2\r
-\r
-cm_url=https://XXX:8150\r
-\r
-basic_realm=localized\r
-basic_warn=false\r
-localhost_deny=false\r
-\r
-cass_group_name=com.att.aaf\r
-cass_cluster_name=mithrilcsp.sbc.com\r
-aaf_default_realm=com.att.csp\r
-\r
-aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE\r
-aaf_id=???\r
-aaf_password=enc:XXX\r
-\r
-aaf_user_expires=3000\r
-aaf_clean_interval=4000\r
-\r
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-#\r
-# Licensed to the Apache Software Foundation (ASF) under one\r
-# or more contributor license agreements. See the NOTICE file\r
-# distributed with this work for additional information\r
-# regarding copyright ownership. The ASF licenses this file\r
-# to you under the Apache License, Version 2.0 (the\r
-# "License"); you may not use this file except in compliance\r
-# with the License. You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing,\r
-# software distributed under the License is distributed on an\r
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
-# KIND, either express or implied. See the License for the\r
-# specific language governing permissions and limitations\r
-# under the License.\r
-#\r
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender\r
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\r
-log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n\r
-\r
-# General Apache libraries\r
-log4j.rootLogger=WARN,stdout\r
-log4j.logger.org.apache=WARN,stdout\r
-log4j.logger.dme2=WARN,stdout\r
-log4j.logger.init=INFO,stdout\r
-log4j.logger.authz=INFO,stdout\r
-log4j.logger.audit=WARN,stdout\r
-\r
-\r
-\r
+++ /dev/null
-| ############################################################
-# Default Logging Configuration File
-#
-# You can use a different file by specifying a filename
-# with the java.util.logging.config.file system property.
-# For example java -Djava.util.logging.config.file=myfile
-############################################################
-
-############################################################
-# Global properties
-############################################################
-
-# "handlers" specifies a comma separated list of log Handler
-# classes. These handlers will be installed during VM startup.
-# Note that these classes must be on the system classpath.
-# By default we only configure a ConsoleHandler, which will only
-# show messages at the INFO and above levels.
-handlers=java.util.logging.FileHandler
-
-# Default global logging level.
-# This specifies which kinds of events are logged across
-# all loggers. For any given facility this global level
-# can be overriden by a facility specific level
-# Note that the ConsoleHandler also has a separate level
-# setting to limit messages printed to the console.
-.level=INFO
-
-############################################################
-# Handler specific properties.
-# Describes specific configuration info for Handlers.
-############################################################
-java.util.logging.FileHandler.properties=autoFlush,fileName,dataPattern,name
-java.util.logging.FileHandler.fileName=%h/.aaf/dme2.log
-java.util.logging.FileHandlerFileHandler.autoFlush=true
-java.util.logging.FileHandlerFileHandler.name=DailyRollingFileHandler
-java.util.logging.FileHandlerFileHandler.datePattern='.'yyyy-MM-dd
-com.att.aft.dme2.events.server.summary=INFO
-
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-##\r
-## AUTHZ API (authz-service) Properties\r
-##\r
-\r
-## DISCOVERY (DME2) Parameters on the Command Line\r
-AFT_LATITUDE=38.627345\r
-AFT_LONGITUDE=-90.193774\r
-AFT_ENVIRONMENT=AFTUAT\r
-\r
-# CADI \r
-cadi_keyfile=/opt/app/aaf/common/com.att.aaf.keyfile\r
-cadi_loglevel=WARN\r
-\r
-# CASSANDRA Required for APP\r
-cass_group_name=com.att.aaf\r
-\r
-# CASSANDRA Optional\r
-cass_cluster_name=mithril\r
-\r
-# AAF Required for APP\r
-aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE\r
-DME2_EP_REGISTRY_CLASS=DME2FS\r
-AFT_DME2_EP_REGISTRY_FS_DIR=/Volumes/Data/src/authz/dme2reg\r
-\r
-aaf_default_realm=aaf.localized\r
-aaf_id=XX@NS\r
-aaf_password=enc:\r
-cadi_loglevel=DEBUG\r
-\r
-# AAF Optional\r
-# Connection Time Out (milliseconds)\r
-aaf_conn_timeout=10000\r
-# User Cache Expiration (milliseconds)\r
-aaf_user_expires=600000\r
-# High count... Rough top number of objects held in Cache per cycle. If high is reached, more are\r
-# recycled next time. \r
-aaf_high_count=1000\r
-\r
-##\r
-## Localized Passwords\r
-##\r
-basic_realm=aaf.localized\r
-local_users=root@aaf.localized%<PASS>:/dbname\r
+++ /dev/null
-<!-- ============LICENSE_START==================================================== \r
- * org.onap.aaf * =========================================================================== \r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved. * =========================================================================== \r
- * Licensed under the Apache License, Version 2.0 (the "License"); * you may \r
- not use this file except in compliance with the License. * You may obtain \r
- a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * \r
- * Unless required by applicable law or agreed to in writing, software * distributed \r
- under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES \r
- OR CONDITIONS OF ANY KIND, either express or implied. * See the License for \r
- the specific language governing permissions and * limitations under the License. \r
- * ============LICENSE_END==================================================== \r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property. \r
- * -->\r
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\r
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
- <parent>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>parent</artifactId>\r
- <version>1.0.0-SNAPSHOT</version>\r
- <relativePath>..</relativePath>\r
- </parent>\r
-\r
- <modelVersion>4.0.0</modelVersion>\r
- <name>CADI Cassandra Plugin</name>\r
- <packaging>jar</packaging>\r
- <url>https://github.com/att/AAF</url>\r
- <description>CADI</description>\r
- <artifactId>cadi-cass</artifactId>\r
- <properties>\r
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
- <project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion>\r
- <!-- SONAR -->\r
- <sonar.skip>true</sonar.skip>\r
- <jacoco.version>0.7.7.201606060606</jacoco.version>\r
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>\r
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>\r
- <!-- Default Sonar configuration -->\r
- <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>\r
- <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>\r
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list \r
- below -->\r
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>\r
- <nexusproxy>https://nexus.onap.org</nexusproxy>\r
- <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>\r
- <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>\r
- <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>\r
- <sitePath>/content/sites/site/org/onap/aaf/cadi/${project.artifactId}/${project.version}</sitePath>\r
- </properties>\r
- <dependencies>\r
- <dependency>\r
- <groupId>ch.qos.logback</groupId>\r
- <artifactId>logback-classic</artifactId>\r
- <version>1.2.0</version>\r
- </dependency>\r
- <dependency>\r
- <groupId>org.apache.httpcomponents</groupId>\r
- <artifactId>httpclient</artifactId>\r
- <version>4.5.3</version>\r
- </dependency>\r
- <dependency>\r
- <groupId>io.netty</groupId>\r
- <artifactId>netty-all</artifactId>\r
- <version>4.0.37.Final</version>\r
- </dependency>\r
- <dependency>\r
- <groupId>org.mockito</groupId>\r
- <artifactId>mockito-all</artifactId>\r
- <version>1.9.5</version>\r
- <scope>test</scope>\r
- </dependency>\r
- <dependency>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>cadi-aaf</artifactId>\r
- </dependency>\r
-\r
- <dependency>\r
- <groupId>org.apache.cassandra</groupId>\r
- <artifactId>cassandra-all</artifactId>\r
- <version>2.1.14</version>\r
- <scope>compile</scope>\r
- <exclusions>\r
- <exclusion>\r
- <groupId>org.slf4j</groupId>\r
- <artifactId>slf4j-log4j12</artifactId>\r
- </exclusion>\r
- <exclusion>\r
- <groupId>log4j</groupId>\r
- <artifactId>log4j</artifactId>\r
- </exclusion>\r
- <exclusion>\r
- <groupId>org.codehaus.jackson</groupId>\r
- <artifactId>jackson-mapper-asl</artifactId>\r
- </exclusion>\r
- </exclusions>\r
- </dependency>\r
-\r
- </dependencies>\r
- <build>\r
- <plugins>\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-jarsigner-plugin</artifactId>\r
- </plugin>\r
-\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-javadoc-plugin</artifactId>\r
- <version>2.10.4</version>\r
- <configuration>\r
- <failOnError>false</failOnError>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>attach-javadocs</id>\r
- <goals>\r
- <goal>jar</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin>\r
-\r
-\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-source-plugin</artifactId>\r
- <version>2.2.1</version>\r
- <executions>\r
- <execution>\r
- <id>attach-sources</id>\r
- <goals>\r
- <goal>jar-no-fork</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- <plugin>\r
- <groupId>org.sonatype.plugins</groupId>\r
- <artifactId>nexus-staging-maven-plugin</artifactId>\r
- <version>1.6.7</version>\r
- <extensions>true</extensions>\r
- <configuration>\r
- <nexusUrl>${nexusproxy}</nexusUrl>\r
- <stagingProfileId>176c31dfe190a</stagingProfileId>\r
- <serverId>ecomp-staging</serverId>\r
- </configuration>\r
- </plugin>\r
-\r
- <plugin>\r
- <groupId>org.jacoco</groupId>\r
- <artifactId>jacoco-maven-plugin</artifactId>\r
- <version>${jacoco.version}</version>\r
- <configuration>\r
- <excludes>\r
- <exclude>**/gen/**</exclude>\r
- <exclude>**/generated-sources/**</exclude>\r
- <exclude>**/yang-gen/**</exclude>\r
- <exclude>**/pax/**</exclude>\r
- </excludes>\r
- </configuration>\r
- <executions>\r
-\r
- <execution>\r
- <id>pre-unit-test</id>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>\r
- <propertyName>surefireArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
-\r
-\r
- <execution>\r
- <id>post-unit-test</id>\r
- <phase>test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>\r
- </configuration>\r
- </execution>\r
- <execution>\r
- <id>pre-integration-test</id>\r
- <phase>pre-integration-test</phase>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>\r
-\r
- <propertyName>failsafeArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
-\r
-\r
- <execution>\r
- <id>post-integration-test</id>\r
- <phase>post-integration-test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>\r
- </configuration>\r
- </execution>\r
- </executions>\r
- </plugin>\r
-\r
-\r
- </plugins>\r
- </build>\r
- <distributionManagement>\r
- <repository>\r
- <id>ecomp-releases</id>\r
- <name>AAF Release Repository</name>\r
- <url>${nexusproxy}${releaseNexusPath}</url>\r
- </repository>\r
- <snapshotRepository>\r
- <id>ecomp-snapshots</id>\r
- <name>AAF Snapshot Repository</name>\r
- <url>${nexusproxy}${snapshotNexusPath}</url>\r
- </snapshotRepository>\r
- <site>\r
- <id>ecomp-site</id>\r
- <url>dav:${nexusproxy}${sitePath}</url>\r
- </site>\r
- </distributionManagement>\r
-\r
-</project>\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.cass;\r
-\r
-import java.security.Principal;\r
-\r
-import org.apache.cassandra.auth.AuthenticatedUser;\r
-import org.onap.aaf.cadi.Access;\r
-\r
-public class AAFAuthenticatedUser extends AuthenticatedUser implements Principal {\r
- private boolean anonymous = false, supr=false, local=false;\r
- private String fullName;\r
-// private Access access;\r
-\r
- public AAFAuthenticatedUser(Access access, String name) {\r
- super(name);\r
-// this.access = access;\r
- int endIndex = name.indexOf("@");\r
- if(endIndex >= 0) {\r
- fullName = name;\r
- } else {\r
- fullName = name + '@' + AAFBase.default_realm;\r
- }\r
- }\r
- \r
- public String getFullName() {\r
- return fullName;\r
- }\r
- \r
- public String getName() {\r
- return fullName;\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see org.apache.cassandra.auth.AuthenticatedUser#isAnonymous()\r
- */\r
- @Override\r
- public boolean isAnonymous() {\r
- return anonymous;\r
- }\r
-\r
- public void setAnonymous(boolean anon) {\r
- anonymous = anon;\r
- }\r
-\r
- public boolean getAnonymous() {\r
- return anonymous;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see org.apache.cassandra.auth.AuthenticatedUser#isSuper()\r
- */\r
- @Override\r
- public boolean isSuper() {\r
- return supr;\r
- }\r
-\r
- public void setSuper(boolean supr) {\r
- this.supr = supr;\r
- }\r
-\r
- public boolean getSuper() {\r
- return supr;\r
- }\r
-\r
- /**\r
- * We check Local so we can compare with the right Lur. This is AAF Plugin only.\r
- * @return\r
- */\r
- public boolean isLocal() {\r
- return local;\r
- }\r
- \r
- public void setLocal(boolean val) {\r
- local = val;\r
- }\r
-\r
- @Override\r
- public boolean equals(Object o) {\r
- if (this == o) return true;\r
- if (!(o instanceof AAFAuthenticatedUser)) return false;\r
- return ((AuthenticatedUser)o).getName().equals(this.getName());\r
- }\r
-\r
- @Override\r
- public int hashCode() {\r
- //access.log(Level.DEBUG, "AAFAuthentication hashcode ",getName().hashCode());\r
- return getName().hashCode();\r
- } \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.cass;\r
-\r
-import java.io.IOException;\r
-import java.io.UnsupportedEncodingException;\r
-import java.util.Arrays;\r
-import java.util.HashMap;\r
-import java.util.Map;\r
-\r
-import org.apache.cassandra.auth.AuthenticatedUser;\r
-import org.apache.cassandra.auth.IAuthenticator;\r
-import org.apache.cassandra.auth.ISaslAwareAuthenticator;\r
-import org.apache.cassandra.exceptions.AuthenticationException;\r
-import org.apache.cassandra.exceptions.InvalidRequestException;\r
-import org.apache.cassandra.exceptions.RequestExecutionException;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CredVal.Type;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-public class AAFAuthenticator extends AAFBase implements ISaslAwareAuthenticator {\r
-\r
- public boolean requireAuthentication() {\r
- return true;\r
- }\r
- \r
- /**\r
- * Invoked to authenticate an user\r
- */\r
- public AuthenticatedUser authenticate(Map<String, String> credentials) throws AuthenticationException {\r
- String username = (String)credentials.get("username");\r
- if (username == null) {\r
- throw new AuthenticationException("'username' is missing");\r
- }\r
- \r
- AAFAuthenticatedUser aau = new AAFAuthenticatedUser(access,username);\r
- String fullName=aau.getFullName();\r
- access.log(Level.DEBUG, "Authenticating", aau.getName(),"(", fullName,")");\r
- \r
- String password = (String)credentials.get("password");\r
- if (password == null) {\r
- throw new AuthenticationException("'password' is missing");\r
- } else if(password.startsWith("bsf:")) {\r
- try {\r
- password = Symm.base64noSplit.depass(password);\r
- } catch (IOException e) {\r
- throw new AuthenticationException("AAF bnf: Password cannot be decoded");\r
- }\r
- } else if(password.startsWith("enc:???")) {\r
- try {\r
- password = access.decrypt(password, true);\r
- } catch (IOException e) {\r
- throw new AuthenticationException("AAF Encrypted Password cannot be decrypted");\r
- }\r
- }\r
- \r
- if(localLur!=null) {\r
- access.log(Level.DEBUG, "Validating",fullName, "with LocalTaf", password); \r
- if(localLur.validate(fullName, Type.PASSWORD, password.getBytes())) {\r
- aau.setAnonymous(true);\r
- aau.setLocal(true);\r
- access.log(Level.DEBUG, fullName, "is authenticated locally"); \r
- return aau;\r
- }\r
- }\r
- \r
- String aafResponse;\r
- try {\r
- access.log(Level.DEBUG, "Validating",fullName, "with AAF");//, password); \r
- aafResponse = aafAuthn.validate(fullName, password);\r
- if(aafResponse != null) { // Reason for failing.\r
- access.log(Level.AUDIT, "AAF reports ",fullName,":",aafResponse);\r
- throw new AuthenticationException(aafResponse);\r
- }\r
- access.log(Level.AUDIT, fullName, "is authenticated"); //,password);\r
- // This tells Cassandra to skip checking it's own tables for User Entries.\r
- aau.setAnonymous(true);\r
- } catch (AuthenticationException ex) {\r
- throw ex;\r
- } catch(Exception ex) {\r
- access.log(ex,"Exception validating user"); \r
- throw new AuthenticationException("Exception validating user");\r
- }\r
- \r
- return aau; \r
- }\r
- \r
- public void create(String username, Map<IAuthenticator.Option, Object> options) throws InvalidRequestException, RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to create user");\r
- }\r
- \r
- public void alter(String username, Map<IAuthenticator.Option, Object> options) throws RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to alter user");\r
- }\r
- \r
- public void drop(String username) throws RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to delete user");\r
- }\r
- \r
- public SaslAuthenticator newAuthenticator() {\r
- return new ISaslAwareAuthenticator.SaslAuthenticator() {\r
- private boolean complete = false;\r
- private Map<String, String> credentials;\r
-\r
- public byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationException {\r
- this.credentials = decodeCredentials(clientResponse);\r
- this.complete = true;\r
- return null;\r
- }\r
-\r
- public boolean isComplete() {\r
- return this.complete;\r
- }\r
-\r
- public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException {\r
- return AAFAuthenticator.this.authenticate(this.credentials);\r
- }\r
-\r
- private Map<String, String> decodeCredentials(byte[] bytes) throws AuthenticationException {\r
- access.log(Level.DEBUG,"Decoding credentials from client token");\r
- byte[] user = null;\r
- byte[] pass = null;\r
- int end = bytes.length;\r
- for (int i = bytes.length - 1; i >= 0; i--)\r
- {\r
- if (bytes[i] != 0)\r
- continue;\r
- if (pass == null)\r
- pass = Arrays.copyOfRange(bytes, i + 1, end);\r
- else if (user == null)\r
- user = Arrays.copyOfRange(bytes, i + 1, end);\r
- end = i;\r
- }\r
-\r
- if (user == null)\r
- throw new AuthenticationException("Authentication ID must not be null");\r
- if (pass == null) {\r
- throw new AuthenticationException("Password must not be null");\r
- }\r
- Map<String,String> credentials = new HashMap<String,String>();\r
- try {\r
- credentials.put(IAuthenticator.USERNAME_KEY, new String(user, Config.UTF_8));\r
- credentials.put(IAuthenticator.PASSWORD_KEY, new String(pass, Config.UTF_8));\r
- } catch (UnsupportedEncodingException e) {\r
- throw new AuthenticationException(e.getMessage());\r
- }\r
- return credentials;\r
- }\r
- }; \r
- }\r
-\r
-}\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.cass;\r
-\r
-import java.util.ArrayList;\r
-import java.util.HashSet;\r
-import java.util.Set;\r
-\r
-import org.apache.cassandra.auth.AuthenticatedUser;\r
-import org.apache.cassandra.auth.IAuthorizer;\r
-import org.apache.cassandra.auth.IResource;\r
-import org.apache.cassandra.auth.Permission;\r
-import org.apache.cassandra.auth.PermissionDetails;\r
-import org.apache.cassandra.exceptions.RequestExecutionException;\r
-import org.apache.cassandra.exceptions.RequestValidationException;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-public class AAFAuthorizer extends AAFBase implements IAuthorizer {\r
- // Returns every permission on the resource granted to the user.\r
- public Set<Permission> authorize(AuthenticatedUser user, IResource resource) {\r
- String uname, rname;\r
- access.log(Level.DEBUG,"Authorizing",uname=user.getName(),"for",rname=resource.getName());\r
-\r
- Set<Permission> permissions;\r
-\r
- if(user instanceof AAFAuthenticatedUser) {\r
- AAFAuthenticatedUser aafUser = (AAFAuthenticatedUser) user;\r
- aafUser.setAnonymous(false);\r
- \r
- if(aafUser.isLocal()) {\r
- permissions = checkPermissions(aafUser, new LocalPermission(\r
- rname.replaceFirst("data", cluster_name)\r
- ));\r
- } else {\r
- permissions = checkPermissions(\r
- aafUser,\r
- perm_type,\r
- ':'+rname.replaceFirst("data", cluster_name).replace('/', ':'));\r
- }\r
- } else {\r
- permissions = Permission.NONE;\r
- }\r
- \r
- access.log(Level.INFO,"Permissions on",rname,"for",uname,':', permissions);\r
-\r
- return permissions;\r
- }\r
- \r
- /**\r
- * Check only for Localized IDs (see cadi.properties)\r
- * @param aau\r
- * @param perm\r
- * @return\r
- */\r
- private Set<Permission> checkPermissions(AAFAuthenticatedUser aau, LocalPermission perm) {\r
- if(localLur.fish(aau.getFullName(), perm)) {\r
-// aau.setSuper(true);\r
- return Permission.ALL;\r
- } else {\r
- return Permission.NONE;\r
- }\r
- }\r
- \r
- /**\r
- * Check remoted AAF Permissions\r
- * @param aau\r
- * @param type\r
- * @param instance\r
- * @return\r
- */\r
- private Set<Permission> checkPermissions(AAFAuthenticatedUser aau, String type, String instance) {\r
- // Can perform ALL actions\r
- String fullName = aau.getFullName();\r
- PermHolder ph = new PermHolder(aau);\r
- aafLur.fishOneOf(fullName, ph,type,instance,actions);\r
- return ph.permissions;\r
- } \r
-\r
- private class PermHolder {\r
- private AAFAuthenticatedUser aau;\r
- public PermHolder(AAFAuthenticatedUser aau) {\r
- this.aau = aau;\r
- }\r
- public Set<Permission> permissions = Permission.NONE;\r
- public void mutable() {\r
- if(permissions==Permission.NONE) {\r
- permissions = new HashSet<Permission>();\r
- }\r
- }\r
- };\r
- \r
- /**\r
- * This specialty List avoid extra Object Creation, and allows the Lur to do a Vistor on all appropriate Perms\r
- */\r
- private static final ArrayList<AbsAAFLur.Action<PermHolder>> actions = new ArrayList<AbsAAFLur.Action<PermHolder>>();\r
- static {\r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "*";\r
- }\r
- \r
- public boolean exec(PermHolder a) {\r
- a.aau.setSuper(true);\r
- a.permissions = Permission.ALL;\r
- return true;\r
- }\r
- });\r
- \r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "SELECT";\r
- }\r
- \r
- public boolean exec(PermHolder ph) {\r
- ph.mutable();\r
- ph.permissions.add(Permission.SELECT);\r
- return false;\r
- }\r
- });\r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "MODIFY";\r
- }\r
- \r
- public boolean exec(PermHolder ph) {\r
- ph.mutable();\r
- ph.permissions.add(Permission.MODIFY);\r
- return false;\r
- }\r
- });\r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "CREATE";\r
- }\r
- \r
- public boolean exec(PermHolder ph) {\r
- ph.mutable();\r
- ph.permissions.add(Permission.CREATE);\r
- return false;\r
- }\r
- });\r
-\r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "ALTER";\r
- }\r
- \r
- public boolean exec(PermHolder ph) {\r
- ph.mutable();\r
- ph.permissions.add(Permission.ALTER);\r
- return false;\r
- }\r
- });\r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "DROP";\r
- }\r
- \r
- public boolean exec(PermHolder ph) {\r
- ph.mutable();\r
- ph.permissions.add(Permission.DROP);\r
- return false;\r
- }\r
- });\r
- actions.add(new AbsAAFLur.Action<PermHolder>() {\r
- public String getName() {\r
- return "AUTHORIZE";\r
- }\r
- \r
- public boolean exec(PermHolder ph) {\r
- ph.mutable();\r
- ph.permissions.add(Permission.AUTHORIZE);\r
- return false;\r
- }\r
- });\r
-\r
-\r
- }; \r
- \r
- \r
- public void grant(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String to) throws RequestExecutionException {\r
- access.log(Level.INFO, "Use AAF CLI to grant permission(s) to user/role");\r
- }\r
-\r
- public void revoke(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String from) throws RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role");\r
- }\r
-\r
- public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of) throws RequestValidationException, RequestExecutionException {\r
- access.log(Level.INFO,"Use AAF CLI to find the list of permissions");\r
- return null;\r
- }\r
-\r
- // Called prior to deleting the user with DROP USER query. Internal hook, so no permission checks are needed here.\r
- public void revokeAll(String droppedUser) {\r
- access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role");\r
- }\r
-\r
- // Called after a resource is removed (DROP KEYSPACE, DROP TABLE, etc.).\r
- public void revokeAll(IResource droppedResource) {\r
- access.log(Level.INFO,"Use AAF CLI to delete the unused permission", droppedResource.getName());\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.aaf.cass;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.InputStream;\r
-import java.net.URL;\r
-import java.util.HashSet;\r
-import java.util.Properties;\r
-import java.util.Set;\r
-\r
-import org.apache.cassandra.auth.DataResource;\r
-import org.apache.cassandra.auth.IAuthenticator;\r
-import org.apache.cassandra.config.DatabaseDescriptor;\r
-import org.apache.cassandra.exceptions.ConfigurationException;\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.SLF4JAccess;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.aaf.AAFPermission;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.lur.LocalLur;\r
-\r
-public abstract class AAFBase {\r
- protected static final Set<IAuthenticator.Option> options;\r
- protected static final Set<DataResource> dataResource;\r
-\r
- static {\r
- options = new HashSet<IAuthenticator.Option>();\r
- options.add(IAuthenticator.Option.PASSWORD);\r
- \r
- dataResource = new HashSet<DataResource>();\r
- dataResource.add(DataResource.columnFamily("system_auth", "credentials"));\r
- }\r
- \r
- protected static Access access;\r
- protected static LocalLur localLur;\r
- protected static AAFCon<?> aafcon;\r
- protected static AAFAuthn<?> aafAuthn;\r
- protected static AbsAAFLur<AAFPermission> aafLur;\r
- protected static String default_realm;\r
- protected static String cluster_name;\r
- protected static String perm_type;\r
- private static boolean props_ok = false;\r
- \r
- /**\r
- * If you use your own Access Class, this must be called before \r
- * "setup()" is invoked by Cassandra.\r
- * \r
- * Otherwise, it will default to reading Properties CADI style.\r
- * \r
- * @param access\r
- */\r
- public static void setAccess(Access access) {\r
- AAFBase.access = access;\r
- }\r
-\r
- \r
- public void validateConfiguration() throws ConfigurationException {\r
- setup();\r
- if(!props_ok) {\r
- throw new ConfigurationException("AAF not initialized");\r
- }\r
- }\r
- \r
- @SuppressWarnings("unchecked")\r
- public synchronized void setup() {\r
- if(aafAuthn == null) {\r
- try {\r
- if(access==null) {\r
- String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties");\r
- Properties initial = new Properties();\r
- URL cadi_props = ClassLoader.getSystemResource(value);\r
- if(cadi_props == null) {\r
- File cp = new File(value);\r
- if(cp.exists()) {\r
- InputStream is = new FileInputStream(cp);\r
- try {\r
- initial.load(is);\r
- } finally {\r
- is.close();\r
- }\r
- } else {\r
- System.out.printf("%s does not exist as File or in Classpath\n",value);\r
- initial.setProperty(Config.CADI_PROP_FILES, value);\r
- }\r
- } else {\r
- InputStream is = cadi_props.openStream();\r
- try {\r
- initial.load(is);\r
- } finally {\r
- is.close();\r
- }\r
- }\r
- access = new SLF4JAccess(initial);\r
- }\r
- props_ok = true;\r
- if((perm_type = Config.logProp(access, "cass_group_name",null))==null) {\r
- props_ok=false;\r
- } else {\r
- perm_type = perm_type + ".cass";\r
- }\r
- \r
- if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) {\r
- if((cluster_name = DatabaseDescriptor.getClusterName())==null) {\r
- props_ok=false;\r
- }\r
- }\r
-\r
- if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) {\r
- props_ok=false;\r
- }\r
- \r
- if(props_ok==false) {\r
- return;\r
- }\r
-\r
- // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
- Lur lur = Config.configLur(access);\r
- // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon\r
- if(lur instanceof EpiLur) {\r
- EpiLur elur = (EpiLur)lur;\r
- for(int i=0; (lur = elur.get(i))!=null;++i) {\r
- if(lur instanceof AbsAAFLur) {\r
- aafLur=(AbsAAFLur<AAFPermission>)lur;\r
- aafcon = aafLur.aaf;\r
- aafAuthn = aafLur.aaf.newAuthn(aafLur);\r
- break;\r
- } else if(lur instanceof LocalLur) {\r
- localLur = (LocalLur)lur;\r
- }\r
- }\r
- } else if(lur instanceof AbsAAFLur) {\r
- aafLur=(AbsAAFLur<AAFPermission>)lur;\r
- aafcon = aafLur.aaf;\r
- aafAuthn = aafLur.aaf.newAuthn(aafLur);\r
- }\r
- if(aafAuthn==null) {\r
- access.log(Level.INIT,"Failed to instantiate full AAF access");\r
- props_ok = false;\r
- }\r
- } catch (Exception e) {\r
- aafAuthn=null;\r
- if(access!=null)access.log(e, "Failed to initialize AAF");\r
- props_ok = false;\r
- }\r
- } \r
- }\r
-\r
- public Set<DataResource> protectedResources() {\r
- access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty");\r
- return dataResource;\r
- }\r
- \r
- public Set<IAuthenticator.Option> supportedOptions() {\r
- access.log(Level.DEBUG, "supportedOptions() called");\r
- return options;\r
- }\r
- \r
- public Set<IAuthenticator.Option> alterableOptions() {\r
- access.log(Level.DEBUG, "alterableOptions() called");\r
- return options;\r
- }\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cass;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.apache.cassandra.auth.AuthenticatedUser;\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.aaf.cass.AAFAuthenticatedUser;\r
-\r
-public class JU_AAFAuthenticatedUserTest {\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() {\r
- AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "User1@aaf");\r
- assertEquals(user.getFullName(),"User1@aaf");\r
- assertEquals(user.getName(),"User1@aaf");\r
- assertFalse(user.isAnonymous());\r
- assertFalse(user.isSuper());\r
- assertFalse(user.isLocal());\r
- \r
- \r
- \r
- }\r
- \r
- @Test\r
- public void testone() {\r
- AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "User2@aaf");\r
- assertEquals(user.getFullName(),"User2@aaf");\r
- assertEquals(user.getName(),"User2@aaf");\r
- assertFalse(user.isAnonymous());\r
- assertFalse(user.isSuper());\r
- assertFalse(user.isLocal());\r
- \r
- \r
- \r
- }\r
-\r
- @Test\r
- public void testtwo() {\r
- AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "onap@aaf");\r
- assertEquals(user.getFullName(),"onap@aaf");\r
- assertEquals(user.getName(),"onap@aaf");\r
- assertFalse(user.isAnonymous());\r
- assertFalse(user.isSuper());\r
- assertFalse(user.isLocal());\r
- \r
- \r
- \r
- }\r
- \r
- @Test\r
- public void testthree() {\r
- AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "openecomp@aaf");\r
- assertEquals(user.getFullName(),"openecomp@aaf");\r
- assertEquals(user.getName(),"openecomp@aaf");\r
- assertFalse(user.isAnonymous());\r
- assertFalse(user.isSuper());\r
- assertFalse(user.isLocal());\r
- \r
- \r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cass;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-import org.junit.After;\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import static org.junit.Assert.*;\r
-\r
-public class JU_AAFAuthorizerTest\r
-{\r
- \r
-\r
- @Before\r
- public void setUp()\r
- {\r
- \r
- }\r
-\r
- @After\r
- public void tearDown()\r
- {\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (user instanceof AAFAuthenticatedUser), if: (aafUser.isLocal())\r
- */\r
- @Test\r
- public void test_method_authorize_0_branch_0()\r
- {\r
- System.out.println("Now Testing Method:authorize Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (user instanceof AAFAuthenticatedUser), else: Not (aafUser.isLocal())\r
- */\r
- @Test\r
- public void test_method_authorize_0_branch_1()\r
- {\r
- System.out.println("Now Testing Method:authorize Branch:1");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): else: Not (user instanceof AAFAuthenticatedUser)\r
- */\r
- @Test\r
- public void test_method_authorize_0_branch_2()\r
- {\r
- System.out.println("Now Testing Method:authorize Branch:2");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_PermHolder_1_branch_0()\r
- {\r
- System.out.println("Now Testing Method:PermHolder Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_PermHolder_2_branch_0()\r
- {\r
- System.out.println("Now Testing Method:PermHolder Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (permissions==Permission.NONE)\r
- */\r
- @Test\r
- public void test_method_mutable_3_branch_0()\r
- {\r
- System.out.println("Now Testing Method:mutable Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): else: Not (permissions==Permission.NONE)\r
- */\r
- @Test\r
- public void test_method_mutable_3_branch_1()\r
- {\r
- System.out.println("Now Testing Method:mutable Branch:1");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_mutable_4_branch_0()\r
- {\r
- System.out.println("Now Testing Method:mutable Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_mutable_5_branch_0()\r
- {\r
- System.out.println("Now Testing Method:mutable Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_6_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_7_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_8_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_9_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_10_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_11_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_12_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_13_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_14_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_15_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_16_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_17_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_getName_18_branch_0()\r
- {\r
- System.out.println("Now Testing Method:getName Branch:0");\r
- \r
- //Constructor\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_exec_19_branch_0()\r
- {\r
- System.out.println("Now Testing Method:exec Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_grant_20_branch_0()\r
- {\r
- System.out.println("Now Testing Method:grant Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_revoke_21_branch_0()\r
- {\r
- System.out.println("Now Testing Method:revoke Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_list_22_branch_0()\r
- {\r
- System.out.println("Now Testing Method:list Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_revokeAll_23_branch_0()\r
- {\r
- System.out.println("Now Testing Method:revokeAll Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_revokeAll_24_branch_0()\r
- {\r
- System.out.println("Now Testing Method:revokeAll Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cass;\r
-\r
-import org.junit.After;\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.aaf.cass.AAFBase;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-public class JU_AAFBaseTest\r
-{\r
- \r
-\r
- @Before\r
- public void setUp()\r
- {\r
- \r
- }\r
-\r
- @After\r
- public void tearDown()\r
- {\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_setAccess_0_branch_0()\r
- {\r
- System.out.println("Now Testing Method:setAccess Branch:0");\r
- \r
- //Call Method\r
- AAFBase.setAccess(null);\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (!props_ok)\r
- */\r
- @Test\r
- public void test_method_validateConfiguration_1_branch_0()\r
- {\r
- System.out.println("Now Testing Method:validateConfiguration Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): else: Not (!props_ok)\r
- */\r
- @Test\r
- public void test_method_validateConfiguration_1_branch_1()\r
- {\r
- System.out.println("Now Testing Method:validateConfiguration Branch:1");\r
- \r
- \r
- \r
- //Call Method\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (access==null), if: (cadi_props == null), if: (cp.exists())\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_0()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:0");\r
- \r
-\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (access==null), if: (cadi_props == null), else: Not (cp.exists())\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_1()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:1");\r
- \r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (access==null), else: Not (cadi_props == null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_2()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:2");\r
- \r
-\r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not (access==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_3()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:3");\r
- \r
-\r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: ((perm_type = Config.logProp(access, "cass_group_name",null))==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_4()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:4");\r
- \r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not ((perm_type = Config.logProp(access, "cass_group_name",null))==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_5()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:5");\r
- \r
-\r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: ((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null), if: ((cluster_name = DatabaseDescriptor.getClusterName())==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_6()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:6");\r
- \r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: ((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null), else: Not ((cluster_name = DatabaseDescriptor.getClusterName())==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_7()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:7");\r
- \r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not ((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_8()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:8");\r
- \r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: ((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_9()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:9");\r
- \r
-\r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not ((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_10()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:10");\r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (props_ok==false)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_11()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:11");\r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not (props_ok==false)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_12()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:12");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (lur instanceof EpiLur), for: (int i=0; (lur = elur.get(i))!=null;++i), if: (lur instanceof AbsAAFLur)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_13()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:13");\r
- \r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (lur instanceof EpiLur), for: (int i=0; (lur = elur.get(i))!=null;++i), else: Not (lur instanceof AbsAAFLur), if: (lur instanceof LocalLur)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_14()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:14");\r
- \r
-\r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (lur instanceof EpiLur), for: (int i=0; (lur = elur.get(i))!=null;++i), else: Not (lur instanceof AbsAAFLur), else: Not (lur instanceof LocalLur)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_15()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:15");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (lur instanceof EpiLur), for: Not (int i=0; (lur = elur.get(i))!=null;++i)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_16()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:16");\r
-\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not (lur instanceof EpiLur), if: (lur instanceof AbsAAFLur)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_17()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:17");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not (lur instanceof EpiLur), else: Not (lur instanceof AbsAAFLur)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_18()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:18");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (aafAuthn==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_19()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:19");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not (aafAuthn==null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_20()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:20");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), if: (access!=null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_21()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:21");\r
- \r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): if: (aafAuthn == null), else: Not (access!=null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_22()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:22");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): else: Not (aafAuthn == null)\r
- */\r
- @Test\r
- public void test_method_setup_2_branch_23()\r
- {\r
- System.out.println("Now Testing Method:setup Branch:23");\r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_protectedResources_3_branch_0()\r
- {\r
- System.out.println("Now Testing Method:protectedResources Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_supportedOptions_4_branch_0()\r
- {\r
- System.out.println("Now Testing Method:supportedOptions Branch:0");\r
- \r
- \r
- }\r
-\r
- /*\r
- * Testing Conditon(s): Default\r
- */\r
- @Test\r
- public void test_method_alterableOptions_5_branch_0()\r
- {\r
- System.out.println("Now Testing Method:alterableOptions Branch:0");\r
- \r
- \r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cass;\r
-\r
-import java.util.HashMap;\r
-import java.util.Map;\r
-import java.util.Set;\r
-\r
-import org.apache.cassandra.auth.AuthenticatedUser;\r
-import org.apache.cassandra.auth.IResource;\r
-import org.apache.cassandra.auth.Permission;\r
-import org.junit.AfterClass;\r
-import org.junit.Assert;\r
-import org.junit.BeforeClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.aaf.cass.AAFAuthenticator;\r
-import org.onap.aaf.cadi.aaf.cass.AAFAuthorizer;\r
-\r
-public class JU_CASS {\r
-\r
- private static AAFAuthenticator aa;\r
- private static AAFAuthorizer an;\r
-\r
- @BeforeClass\r
- public static void setUpBeforeClass() throws Exception {\r
- System.setProperty("cadi_prop_files", "etc/cadi.properties");\r
- \r
- aa = new AAFAuthenticator();\r
- an = new AAFAuthorizer();\r
-\r
- aa.setup();\r
- an.setup(); // does nothing after aa.\r
- \r
- aa.validateConfiguration();\r
- \r
- }\r
-\r
- @AfterClass\r
- public static void tearDownAfterClass() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() throws Exception {\r
- Map<String,String> creds = new HashMap<String,String>();\r
- creds.put("username", "XXX@NS");\r
- creds.put("password", "enc:???");\r
- AuthenticatedUser aaf = aa.authenticate(creds);\r
-\r
- // Test out "aaf_default_domain\r
- creds.put("username", "XX");\r
- aaf = aa.authenticate(creds);\r
- \r
- IResource resource = new IResource() {\r
- public String getName() {\r
- return "data/authz";\r
- }\r
-\r
- public IResource getParent() {\r
- return null;\r
- }\r
-\r
- public boolean hasParent() {\r
- return false;\r
- }\r
-\r
- public boolean exists() {\r
- return true;\r
- }\r
- \r
- };\r
- \r
- Set<Permission> perms = an.authorize(aaf, resource);\r
- \r
- // Test out "AAF" access\r
- creds.put("username", "XXX@NS");\r
- creds.put("password", "enc:???");\r
- aaf = aa.authenticate(creds);\r
- perms = an.authorize(aaf, resource);\r
- Assert.assertFalse(perms.isEmpty());\r
-\r
- perms = an.authorize(aaf, resource);\r
- Assert.assertFalse(perms.isEmpty());\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
-<parent>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>parent</artifactId>\r
- <version>1.0.0-SNAPSHOT</version>\r
- <relativePath>..</relativePath>\r
- </parent>\r
- \r
- <name>CADI Client</name>\r
- <artifactId>cadi-client</artifactId>\r
- <packaging>jar</packaging>\r
- <url>https://github.com/att/AAF</url>\r
- <description>CADI</description>\r
- <modelVersion>4.0.0</modelVersion>\r
-<properties>\r
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
- <project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion>\r
- <!-- SONAR -->\r
- <sonar.skip>true</sonar.skip>\r
- <jacoco.version>0.7.7.201606060606</jacoco.version>\r
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>\r
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>\r
- <!-- Default Sonar configuration -->\r
- <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>\r
- <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>\r
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list below -->\r
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>\r
- <nexusproxy>https://nexus.onap.org</nexusproxy>\r
- <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>\r
- <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>\r
- <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>\r
- <sitePath>/content/sites/site/org/onap/aaf/cadi/${project.artifactId}/${project.version}</sitePath>\r
- </properties>\r
- <dependencies>\r
- <dependency>\r
- <groupId>org.onap.aaf.inno</groupId>\r
- <artifactId>rosetta</artifactId>\r
- </dependency>\r
- <dependency>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>cadi-core</artifactId>\r
- </dependency>\r
- <dependency>\r
- <groupId>com.att.aft</groupId>\r
- <artifactId>dme2</artifactId>\r
- <scope>compile</scope>\r
- </dependency>\r
- <dependency>\r
- <groupId>org.mockito</groupId>\r
- <artifactId>mockito-all</artifactId>\r
- <version>1.9.5</version>\r
- <scope>test</scope>\r
- </dependency>\r
- </dependencies>\r
-\r
- <build>\r
- <plugins>\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-jarsigner-plugin</artifactId>\r
- </plugin>\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-javadoc-plugin</artifactId>\r
- <version>2.10.4</version>\r
- <configuration>\r
- <failOnError>false</failOnError>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>attach-javadocs</id>\r
- <goals>\r
- <goal>jar</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin> \r
- \r
- \r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-source-plugin</artifactId>\r
- <version>2.2.1</version>\r
- <executions>\r
- <execution>\r
- <id>attach-sources</id>\r
- <goals>\r
- <goal>jar-no-fork</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- \r
- <plugin>\r
- <groupId>org.sonatype.plugins</groupId>\r
- <artifactId>nexus-staging-maven-plugin</artifactId>\r
- <version>1.6.7</version>\r
- <extensions>true</extensions>\r
- <configuration>\r
- <nexusUrl>${nexusproxy}</nexusUrl>\r
- <stagingProfileId>176c31dfe190a</stagingProfileId>\r
- <serverId>ecomp-staging</serverId>\r
- </configuration>\r
- </plugin>\r
-\r
-<plugin>\r
- <groupId>org.jacoco</groupId>\r
- <artifactId>jacoco-maven-plugin</artifactId>\r
- <version>${jacoco.version}</version>\r
- <configuration>\r
- <excludes>\r
- <exclude>**/gen/**</exclude>\r
- <exclude>**/generated-sources/**</exclude>\r
- <exclude>**/yang-gen/**</exclude>\r
- <exclude>**/pax/**</exclude>\r
- </excludes>\r
- </configuration>\r
- <executions>\r
-\r
- <execution>\r
- <id>pre-unit-test</id>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>\r
- <propertyName>surefireArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
- \r
- \r
- <execution>\r
- <id>post-unit-test</id>\r
- <phase>test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>\r
- </configuration>\r
- </execution>\r
- <execution>\r
- <id>pre-integration-test</id>\r
- <phase>pre-integration-test</phase>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>\r
-\r
- <propertyName>failsafeArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
-\r
- \r
- <execution>\r
- <id>post-integration-test</id>\r
- <phase>post-integration-test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>\r
- </configuration>\r
- </execution>\r
- </executions>\r
- </plugin> \r
-\r
-\r
- </plugins>\r
- </build>\r
- <distributionManagement>\r
- <repository>\r
- <id>ecomp-releases</id>\r
- <name>AAF Release Repository</name>\r
- <url>${nexusproxy}${releaseNexusPath}</url>\r
- </repository>\r
- <snapshotRepository>\r
- <id>ecomp-snapshots</id>\r
- <name>AAF Snapshot Repository</name>\r
- <url>${nexusproxy}${snapshotNexusPath}</url>\r
- </snapshotRepository>\r
- <site>\r
- <id>ecomp-site</id>\r
- <url>dav:${nexusproxy}${sitePath}</url>\r
- </site>\r
- </distributionManagement>\r
-\r
-</project>\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.net.HttpURLConnection;\r
-import java.util.HashMap;\r
-import java.util.Map;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.http.HBasicAuthSS;\r
-import org.onap.aaf.cadi.http.HMangr;\r
-import org.onap.aaf.cadi.locator.DME2Locator;\r
-\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-public class AAFClient {\r
- private RosettaEnv env;\r
- private Map<Class<?>,RosettaDF<?>> map = new HashMap<Class<?>,RosettaDF<?>>();\r
- HMangr hman;\r
- HBasicAuthSS ss;\r
-\r
- public AAFClient(RosettaEnv env) throws Exception {\r
- this.env = env;\r
- Access access = new EnvAccess(env);\r
- String user = access.getProperty(Config.AAF_MECHID,null);\r
- String password = access.decrypt(access.getProperty(Config.AAF_MECHPASS,null), true);\r
- \r
- SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(access);\r
- DME2Manager dm = new DME2Manager("APIclient DME2Manager", System.getProperties());\r
- DME2Locator loc = new DME2Locator(access, dm, access.getProperty(Config.AAF_URL,null));\r
-\r
- int TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, "30000"));\r
-\r
- hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion("2.0");\r
- ss = new HBasicAuthSS(user, password, si);\r
- }\r
-\r
- public AAFClient(RosettaEnv env, DME2Manager dm) throws Exception {\r
- this.env = env;\r
- Access access = new EnvAccess(env);\r
- String user = access.getProperty(Config.AAF_MECHID,null);\r
- String password = access.decrypt(access.getProperty(Config.AAF_MECHPASS,null), true);\r
- \r
- SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(access);\r
- DME2Locator loc = new DME2Locator(access, dm, access.getProperty(Config.AAF_URL,null));\r
-\r
- int TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, "30000"));\r
-\r
- hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion("2.0");\r
- ss = new HBasicAuthSS(user, password, si);\r
- }\r
- \r
- @SuppressWarnings("unchecked")\r
- private synchronized<T> RosettaDF<T> getDF(Class<T> cls) throws APIException {\r
- RosettaDF<?> rdf;\r
- synchronized (env) {\r
- rdf = map.get(cls);\r
- if(rdf==null) {\r
- rdf = env.newDataFactory(cls);\r
- map.put(cls, rdf);\r
- }\r
- }\r
- return (RosettaDF<T>)rdf;\r
- }\r
-\r
- // Package on purpose\r
- static class Call<T> {\r
- protected final static String VOID_CONTENT_TYPE="application/Void+json;version=2.0";\r
- \r
- protected RosettaDF<T> df;\r
- protected AAFClient client;\r
-\r
- public Call(AAFClient ac, RosettaDF<T> df) {\r
- this.client = ac;\r
- this.df = df;\r
- }\r
- }\r
- \r
-\r
- /////////// Calls /////////////////\r
- /**\r
- * Returns a Get Object... same as "get"\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Get<T> read(Class<T> cls) throws APIException {\r
- return new Get<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Get Object... same as "read"\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Get<T> get(Class<T> cls) throws APIException {\r
- return new Get<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Post Object... same as "create"\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Post<T> post(Class<T> cls) throws APIException {\r
- return new Post<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Post Object... same as "post"\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Post<T> create(Class<T> cls) throws APIException {\r
- return new Post<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Put Object... same as "update"\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Put<T> put(Class<T> cls) throws APIException {\r
- return new Put<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Put Object... same as "put"\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Put<T> update(Class<T> cls) throws APIException {\r
- return new Put<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Delete Object\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public<T> Delete<T> delete(Class<T> cls) throws APIException {\r
- return new Delete<T>(this,getDF(cls));\r
- }\r
-\r
- /**\r
- * Returns a Delete Object\r
- * \r
- * @param cls\r
- * @return\r
- * @throws APIException\r
- */\r
- public Delete<Void> delete() throws APIException {\r
- return new Delete<Void>(this,null);\r
- }\r
-\r
- public Put<Void> put() {\r
- return new Put<Void>(this,null); \r
- }\r
- \r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.io.IOException;\r
-\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-\r
-public abstract class AbsBasicAuth<CLIENT> implements SecuritySetter<CLIENT> {\r
- protected static final String REPEAT_OFFENDER="This call is aborted because of repeated usage of invalid Passwords";\r
- private static final int MAX_TEMP_COUNT = 10;\r
- private static final int MAX_SPAM_COUNT = 10000;\r
- private static final long WAIT_TIME = 1000*60*4;\r
- \r
- protected final String headValue;\r
- protected SecurityInfoC<CLIENT> securityInfo;\r
- protected String user;\r
- private long lastMiss;\r
- private int count;\r
-\r
- public AbsBasicAuth(String user, String pass, SecurityInfoC<CLIENT> si) throws IOException {\r
- this.user = user;\r
- headValue = "Basic " + Symm.base64.encode(user + ':' + pass);\r
- securityInfo = si;\r
- lastMiss=0L;\r
- count=0;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.SecuritySetter#getID()\r
- */\r
- @Override\r
- public String getID() {\r
- return user;\r
- }\r
- \r
- public boolean isDenied() {\r
- if(lastMiss>0 && lastMiss>System.currentTimeMillis()) {\r
- return true;\r
- } else {\r
- lastMiss=0L;\r
- return false;\r
- }\r
- }\r
- \r
- public synchronized int setLastResponse(int httpcode) {\r
- if(httpcode == 401) {\r
- ++count;\r
- if(lastMiss==0L && count>MAX_TEMP_COUNT) {\r
- lastMiss=System.currentTimeMillis()+WAIT_TIME;\r
- }\r
-// if(count>MAX_SPAM_COUNT) {\r
-// System.err.printf("Your service has %d consecutive bad service logins to AAF. \nIt will now exit\n",\r
-// count);\r
-// System.exit(401);\r
-// }\r
- if(count%1000==0) {\r
- System.err.printf("Your service has %d consecutive bad service logins to AAF. AAF Access will be disabled after %d\n",\r
- count,MAX_SPAM_COUNT);\r
- }\r
-\r
- } else {\r
- lastMiss=0;\r
- }\r
- return count;\r
- }\r
- \r
- public int count() {\r
- return count;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.principal.TGuardPrincipal;\r
-import org.onap.aaf.cadi.principal.TrustPrincipal;\r
-\r
-public abstract class AbsTransferSS<CLIENT> implements SecuritySetter<CLIENT> {\r
- protected String value;\r
- protected SecurityInfoC<CLIENT> securityInfo;\r
- protected SecuritySetter<CLIENT> defSS;\r
- private Principal principal;\r
-\r
- //Format:<ID>:<APP>:<protocol>[:AS][,<ID>:<APP>:<protocol>]*\r
- public AbsTransferSS(Principal principal, String app) {\r
- init(principal, app);\r
- }\r
-\r
- public AbsTransferSS(Principal principal, String app, SecurityInfoC<CLIENT> si) {\r
- init(principal,app);\r
- securityInfo = si;\r
- this.defSS = si.defSS;\r
- }\r
-\r
- private void init(Principal principal, String app) {\r
- this.principal=principal;\r
- if(principal==null) {\r
- return;\r
- } else if(principal instanceof BasicPrincipal) {\r
- value = principal.getName() + ':' + app + ":BasicAuth:AS";\r
- } else if(principal instanceof TrustPrincipal) {\r
- TrustPrincipal tp = (TrustPrincipal)principal;\r
- // recursive\r
- init(tp.original(),app);\r
- value += principal.getName() + ':' + app + ":Trust:AS" + ',' + tp.userChain();\r
- } else if(principal instanceof TGuardPrincipal) {\r
- value = principal.getName() + ':' + app + ":TGUARD:AS";\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.SecuritySetter#getID()\r
- */\r
- @Override\r
- public String getID() {\r
- return principal==null?"":principal.getName();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-public class Delete<T> extends AAFClient.Call<T> {\r
- public Delete(AAFClient ac, RosettaDF<T> df) {\r
- super(ac,df);\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public Result<T> delete(final String pathInfo, final T t) throws Exception {\r
- if(t==null) {\r
- return (Result<T>)delete(pathInfo);\r
- }\r
- return client.hman.best(client.ss, \r
- new Retryable<Result<T>>() {\r
- @Override\r
- public Result<T> code(Rcli<?> client) throws APIException, CadiException {\r
- Future<T> ft = client.delete(pathInfo,df,t); \r
- if(ft.get(client.readTimeout)) {\r
- return Result.ok(ft.code(),ft.value);\r
- } else {\r
- return Result.err(ft.code(),ft.body());\r
- }\r
- }\r
- });\r
- }\r
-\r
- public Result<Void> delete(final String pathInfo) throws Exception {\r
- return client.hman.best(client.ss, \r
- new Retryable<Result<Void>>() {\r
- @Override\r
- public Result<Void> code(Rcli<?> client) throws APIException, CadiException {\r
- Future<Void> ft = client.delete(pathInfo,VOID_CONTENT_TYPE); \r
- if(ft.get(client.readTimeout)) {\r
- return Result.ok(ft.code(),ft.value);\r
- } else {\r
- return Result.err(ft.code(),ft.body());\r
- }\r
- }\r
- });\r
- }\r
-\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.io.IOException;\r
-import java.io.OutputStream;\r
-\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-\r
-public interface EClient<CT> {\r
- public void setMethod(String meth);\r
- public void setPathInfo(String pathinfo);\r
- public void setPayload(Transfer transfer);\r
- public void addHeader(String tag, String value);\r
- public void setQueryParams(String q);\r
- public void setFragment(String f);\r
- public void send() throws APIException;\r
- public<T> Future<T> futureCreate(Class<T> t);\r
- public Future<String> futureReadString();\r
- public<T> Future<T> futureRead(RosettaDF<T> df,Data.TYPE type);\r
- public<T> Future<T> future(T t);\r
- public Future<Void> future(HttpServletResponse resp, int expected) throws APIException;\r
- \r
- public interface Transfer {\r
- public void transfer(OutputStream os) throws IOException, APIException;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.util.Map.Entry;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.inno.env.Decryptor;\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.impl.BasicEnv;\r
-\r
-public class EnvAccess implements Access {\r
- private Env env;\r
-\r
- /**\r
- * String Property tag for files/resources that may contain properties. Can be null.\r
- * Resources of ClassLoader will be checked first, if exist. Can be null.\r
- * @param env\r
- * @param tag\r
- * @param cl\r
- * @throws IOException\r
- */\r
- public EnvAccess(BasicEnv env, ClassLoader cl) throws IOException {\r
- this.env = env;\r
- final Symm s = Symm.obtain(this);\r
- env.set(new Decryptor() {\r
- private Symm symm = s;\r
- @Override\r
- public String decrypt(String encrypted) {\r
- try {\r
- return (encrypted!=null && (encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- } catch (IOException e) {\r
- return "";\r
- }\r
- }\r
- }\r
- );\r
- }\r
-\r
- \r
- /**\r
- * Construct with the Classloader of Env and CADI_PROP_FILES, if possible\r
- * \r
- * @param env\r
- * @throws IOException\r
- */\r
- public EnvAccess(BasicEnv env) throws IOException {\r
- this(env, env.getClass().getClassLoader());\r
- }\r
- \r
- @Override\r
- public void log(Level level, Object... elements) {\r
- switch(level) {\r
- case AUDIT:\r
- env.audit().log(elements);\r
- break;\r
- case DEBUG:\r
- env.debug().log(elements);\r
- break;\r
- case ERROR:\r
- env.error().log(elements);\r
- break;\r
- case INFO:\r
- env.info().log(elements);\r
- break;\r
- case INIT:\r
- env.init().log(elements);\r
- break;\r
- case WARN:\r
- env.warn().log(elements);\r
- break;\r
- default:\r
- break;\r
- }\r
- \r
- }\r
-\r
- @Override\r
- public void log(Exception e, Object... elements) {\r
- env.error().log(e,elements);\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object... elements) {\r
- if(willLog(level)) {\r
- log(level,String.format(fmt, elements));\r
- }\r
- }\r
-\r
-\r
- @Override\r
- public boolean willLog(Level level) {\r
- switch(level) {\r
- case AUDIT:\r
- return env.audit().isLoggable();\r
- case DEBUG:\r
- return env.debug().isLoggable();\r
- case ERROR:\r
- return env.error().isLoggable();\r
- case INFO:\r
- return env.info().isLoggable();\r
- case INIT:\r
- return env.init().isLoggable();\r
- case WARN:\r
- return env.warn().isLoggable();\r
- default:\r
- return false;\r
- }\r
- }\r
-\r
-\r
- @Override\r
- public void setLogLevel(Level level) {\r
- // unused\r
- }\r
-\r
- @Override\r
- public ClassLoader classLoader() {\r
- return env.getClass().getClassLoader();\r
- }\r
-\r
- @Override\r
- public String getProperty(String string, String def) {\r
- return env.getProperty(string, def);\r
- }\r
- \r
- @Override\r
- public void load(InputStream is) throws IOException {\r
- Properties props = new Properties();\r
- props.load(is);\r
- for(Entry<Object, Object> es :props.entrySet()) {\r
- env.setProperty(es.getKey().toString(), es.getValue().toString());\r
- }\r
- }\r
-\r
- @Override\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return env.decryptor().decrypt(encrypted);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-public abstract class Future<T> {\r
- public T value;\r
- public abstract boolean get(int timeout) throws CadiException;\r
- \r
- public abstract int code();\r
- public abstract String body();\r
- public abstract String header(String tag);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-public class Get<T> extends AAFClient.Call<T> {\r
- public Get(AAFClient ac, RosettaDF<T> df) {\r
- super(ac,df);\r
- }\r
- \r
- public Result<T> read(final String pathInfo) throws Exception {\r
- return client.hman.best(client.ss, \r
- new Retryable<Result<T>>() {\r
- @Override\r
- public Result<T> code(Rcli<?> client) throws APIException, CadiException {\r
- Future<T> ft = client.read(pathInfo,df); \r
- if(ft.get(client.readTimeout)) {\r
- return Result.ok(ft.code(),ft.value);\r
- } else {\r
- return Result.err(ft.code(),ft.body());\r
- }\r
- }\r
- });\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-/**\r
- * Use to set Variables outside of Anonymous classes.\r
- *\r
- *\r
- * @param <T>\r
- */\r
-public class Holder<T> {\r
- private T value;\r
- public Holder(T t) {\r
- value = t;\r
- }\r
- public void set(T t) {\r
- value = t;\r
- }\r
- \r
- public T get() {\r
- return value;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.LocatorException;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-public class Post<T> extends AAFClient.Call<T> {\r
- public Post(AAFClient ac, RosettaDF<T> df) {\r
- super(ac,df);\r
- }\r
- \r
- public Result<T> create(final String pathInfo, final T t) throws APIException, CadiException, LocatorException {\r
- return client.hman.best(client.ss, \r
- new Retryable<Result<T>>() {\r
- @Override\r
- public Result<T> code(Rcli<?> client) throws APIException, CadiException {\r
- Future<T> ft = client.create(pathInfo,df,t); \r
- if(ft.get(client.readTimeout)) {\r
- return Result.ok(ft.code(),ft.value);\r
- } else {\r
- return Result.err(ft.code(),ft.body());\r
- }\r
- }\r
- });\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.util.Random;\r
-\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-\r
-public class PropertyLocator implements Locator {\r
- private final URI [] orig;\r
- private PLItem[] current;\r
- private int end;\r
- private final Random random;\r
- \r
- /**\r
- * comma delimited root url list\r
- * \r
- * @param locList\r
- * @throws LocatorException\r
- */\r
- public PropertyLocator(String locList) throws LocatorException {\r
- if(locList==null)throw new LocatorException("No Location List given for PropertyLocator");\r
- String[] locarray = locList.split("\\s*,\\s*");\r
- orig = new URI[locarray.length];\r
- \r
- random = new Random();\r
- \r
- for(int i=0;i<locarray.length;++i) {\r
- try {\r
- orig[i] = new URI(locarray[i]);\r
- } catch (URISyntaxException e) {\r
- throw new LocatorException(e);\r
- }\r
- }\r
-\r
- current = new PLItem[orig.length];\r
- refresh();\r
- }\r
-\r
- @Override\r
- public URI get(Item item) throws LocatorException {\r
- return orig[((PLItem)item).idx];\r
- }\r
-\r
- @Override\r
- public Item first() throws LocatorException {\r
- return end>0?current[0]:null;\r
- }\r
-\r
- @Override\r
- public boolean hasItems() {\r
- return end>0;\r
- }\r
-\r
- @Override\r
- public Item next(Item item) throws LocatorException {\r
- int spot;\r
- if((spot=(((PLItem)item).order+1))>=end)return null;\r
- return current[spot];\r
- }\r
-\r
- @Override\r
- public synchronized void invalidate(Item item) throws LocatorException {\r
- if(--end<=0)return;\r
- PLItem pli = (PLItem)item;\r
- int i,order;\r
- for(i=0;i<end;++i) {\r
- if(pli==current[i])break;\r
- }\r
- order = current[i].order;\r
- for(;i<end;++i) {\r
- current[i]=current[i+1];\r
- current[i].order=order++;\r
- }\r
- current[end]=pli;\r
- }\r
-\r
- @Override\r
- public Item best() throws LocatorException {\r
- switch(current.length) {\r
- case 0:\r
- return null;\r
- case 1:\r
- return current[0];\r
- default:\r
- return current[Math.abs(random.nextInt())%end];\r
- }\r
- }\r
-\r
- @Override\r
- public synchronized boolean refresh() {\r
- end = orig.length;\r
- \r
- // Build up list\r
- for(int i = 0; i < end ; ++i) {\r
- if(current[i]==null)current[i]=new PLItem(i);\r
- else current[i].idx=current[i].order=i;\r
- }\r
- return true;\r
- }\r
- \r
- private class PLItem implements Item {\r
- public int idx,order;\r
- \r
- public PLItem(int i) {\r
- idx = order =i;\r
- }\r
- \r
- public String toString() {\r
- return "Item: " + idx + " order: " + order;\r
- }\r
- }\r
-\r
- @Override\r
- public void destroy() {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-public class Put<T> extends AAFClient.Call<T> {\r
- public Put(AAFClient ac, RosettaDF<T> df) {\r
- super(ac,df);\r
- }\r
- \r
- public Result<T> update(final String pathInfo, final T t) throws Exception {\r
- return client.hman.best(client.ss, \r
- new Retryable<Result<T>>() {\r
- @Override\r
- public Result<T> code(Rcli<?> client) throws APIException, CadiException {\r
- Future<T> ft = client.update(pathInfo,df,t); \r
- if(ft.get(client.readTimeout)) {\r
- return Result.ok(ft.code(),ft.value);\r
- } else {\r
- return Result.err(ft.code(),ft.body());\r
- }\r
- }\r
- });\r
- }\r
- \r
- public Result<Void> update(final String pathInfo) throws Exception {\r
- return client.hman.best(client.ss, \r
- new Retryable<Result<Void>>() {\r
- @Override\r
- public Result<Void> code(Rcli<?> client) throws APIException, CadiException {\r
- Future<Void> ft = client.update(pathInfo); \r
- if(ft.get(client.readTimeout)) {\r
- return Result.ok(ft.code(),ft.value);\r
- } else {\r
- return Result.err(ft.code(),ft.body());\r
- }\r
- }\r
- });\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.PrintStream;\r
-import java.net.URI;\r
-\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-\r
-public abstract class RawClient {\r
- protected static String aafid, aafpass, aafurl;\r
- protected static Symm symm;\r
- \r
- protected static boolean init(PrintStream out) {\r
- try {\r
- String propfile = System.getProperty(Config.CADI_PROP_FILES);\r
- if(propfile==null) {\r
- propfile = "raw.props";\r
- }\r
- File pfile = new File(propfile);\r
- if(!pfile.exists()) {\r
- if(propfile.equals("raw.props")) {\r
- out.println("Creating 'raw.props'. Edit for proper values, then run again. Alternatively, set "\r
- + Config.CADI_PROP_FILES+" to a cadi properties file");\r
- FileOutputStream fos = new FileOutputStream(pfile);\r
- PrintStream ps = new PrintStream(fos);\r
- try {\r
- ps.println("# Use http://www.bing.com/maps to figure out LAT/LONG of an Address");\r
- ps.println("AFT_LATITUDE=38.432930");\r
- ps.println("AFT_LONGITUDE=-90.432480");\r
- ps.println("AFT_ENVIRONMENT=AFTUAT");\r
- ps.print(Config.AAF_URL);\r
- ps.println("=aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE");\r
- ps.print(Config.CADI_KEYFILE);\r
- ps.println("=<keyfile. use java -jar cadi-core*.jar in lib dir>");\r
- ps.println(Config.AAF_MECHID);\r
- ps.print("=<your id>");\r
- ps.println(Config.AAF_MECHPASS);\r
- ps.print("=<your encrypted password. use java -jar cadi-core*.jar in lib dir>");\r
- } finally {\r
- ps.close();\r
- }\r
- }\r
- } else {\r
- FileInputStream fis = new FileInputStream(propfile);\r
- try {\r
- System.getProperties().load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- String cadiKeyFile = System.getProperty(Config.CADI_KEYFILE);\r
- aafid = System.getProperty(Config.AAF_MECHID);\r
- aafpass = System.getProperty(Config.AAF_MECHPASS);\r
- aafurl = System.getProperty(Config.AAF_URL);\r
- out.println("Contacting: " + aafurl);\r
-\r
- if(cadiKeyFile==null || aafid==null || aafpass==null || aafurl==null ) {\r
- out.print(Config.CADI_KEYFILE);\r
- out.print(", ");\r
- out.print(Config.CADI_KEYFILE);\r
- out.print(", ");\r
- out.print(Config.CADI_KEYFILE);\r
- out.print(", ");\r
- out.print(Config.CADI_KEYFILE);\r
- out.print(" need to be set in ");\r
- out.println(propfile);\r
- } else {\r
- fis = new FileInputStream(cadiKeyFile);\r
- try {\r
- symm = Symm.obtain(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- }\r
- return true;\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace(out);\r
- }\r
- return false;\r
-\r
- }\r
- \r
- public abstract String call(final PrintStream out, final String meth, final String path) throws Exception;\r
- \r
- public static void main(String[] args) {\r
- // Sonar idiocy\r
- PrintStream out = System.out;\r
-\r
- try {\r
- if(init(out)) {\r
- if(args.length<2) {\r
- System.out.println("Parameters: <Method> <path>");\r
- } else {\r
- RawClient client = new DME2();\r
- out.println(client.call(out,args[0],args[1]));\r
- }\r
- } \r
- } catch (Exception e) {\r
- e.printStackTrace(out);\r
- }\r
- }\r
- \r
- protected static class DME2 extends RawClient {\r
-\r
- public String call(final PrintStream out, final String meth, final String path) {\r
- try {\r
- DME2Client client = new DME2Client(new URI(aafurl),10000);\r
- client.setCredentials(aafid, symm.depass(aafpass));\r
- client.setMethod(meth);\r
- client.setContext(path);\r
- \r
- if("GET".equalsIgnoreCase(meth) ||\r
- "DELETE".equalsIgnoreCase(meth)) {\r
- client.setPayload("");\r
- } else if("POST".equalsIgnoreCase(meth) ||\r
- "PUT".equalsIgnoreCase(meth)) {\r
- int c;\r
- StringBuilder sb = new StringBuilder();\r
- while((c=System.in.read()) >=0) {\r
- sb.append((char)c);\r
- }\r
- client.setPayload(sb.toString());\r
- }\r
- return client.sendAndWait(10000);\r
- } catch (Exception e) {\r
- e.printStackTrace(out);\r
- return "";\r
- }\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.io.IOException;\r
-import java.io.OutputStream;\r
-import java.net.URI;\r
-import java.util.Enumeration;\r
-\r
-import javax.servlet.ServletInputStream;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.util.Pool;\r
-import org.onap.aaf.inno.env.util.Pool.Pooled;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-public abstract class Rcli<CT> {\r
- public static final String BLANK = "";\r
- public static final String CONTENT_TYPE = "Content-Type";\r
- public static final String ACCEPT = "Accept";\r
-\r
- protected static final String POST = "POST";\r
- protected static final String GET = "GET";\r
- protected static final String PUT = "PUT";\r
- protected static final String DELETE = "DELETE";\r
- protected TYPE type;\r
- protected String apiVersion;\r
- protected int readTimeout = 5000;\r
- protected int connectionTimeout = 3000;\r
- protected URI uri;\r
- private String queryParams, fragment;\r
- public static Pool<byte[]> buffPool = new Pool<byte[]>(new Pool.Creator<byte[]>() {\r
- @Override\r
- public byte[] create() throws APIException {\r
- return new byte[1024];\r
- }\r
-\r
- @Override\r
- public void destroy(byte[] t) {\r
- }\r
-\r
- @Override\r
- public boolean isValid(byte[] t) {\r
- return true;\r
- }\r
-\r
- @Override\r
- public void reuse(byte[] t) {\r
- }\r
- });\r
-\r
-\r
- public Rcli() {\r
- super();\r
- }\r
-\r
- public abstract void setSecuritySetter(SecuritySetter<CT> ss);\r
- public abstract SecuritySetter<CT> getSecuritySetter();\r
-\r
-\r
- public Rcli<CT> forUser(SecuritySetter<CT> ss) {\r
- Rcli<CT> rv = clone(uri==null?this.uri:uri,ss);\r
- setSecuritySetter(ss);\r
- rv.type = type;\r
- rv.apiVersion = apiVersion;\r
- return rv;\r
- }\r
- \r
- protected abstract Rcli<CT> clone(URI uri, SecuritySetter<CT> ss);\r
- \r
- public abstract void invalidate() throws CadiException;\r
-\r
- public Rcli<CT> readTimeout(int millis) {\r
- readTimeout = millis;\r
- return this;\r
- }\r
-\r
- public Rcli<CT> connectionTimeout(int millis) {\r
- connectionTimeout = millis;\r
- return this;\r
- }\r
-\r
- public Rcli<CT> type(TYPE type) {\r
- this.type=type;\r
- return this;\r
- }\r
-\r
- public Rcli<CT> apiVersion(String apiVersion) {\r
- this.apiVersion = apiVersion;\r
- return this;\r
- }\r
- \r
- public boolean isApiVersion(String prospective) {\r
- return apiVersion.equals(prospective);\r
- }\r
-\r
-\r
- public String typeString(Class<?> cls) {\r
- return "application/"+cls.getSimpleName()+"+"+type.name().toLowerCase()+\r
- (apiVersion==null?BLANK:";version="+apiVersion);\r
- }\r
-\r
- protected abstract EClient<CT> client() throws CadiException;\r
-\r
-\r
- public<T> Future<T> create(String pathinfo, String contentType, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
- EClient<CT> client = client();\r
- client.setMethod(POST);\r
- client.addHeader(CONTENT_TYPE,contentType);\r
- client.setPathInfo(pathinfo);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureCreate(df.getTypeClass());\r
- }\r
-\r
- public<T> Future<T> create(String pathinfo, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
- EClient<CT> client = client();\r
- client.setMethod(POST);\r
- client.addHeader(CONTENT_TYPE,typeString(df.getTypeClass()));\r
- client.setPathInfo(pathinfo);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureCreate(df.getTypeClass());\r
- }\r
-\r
- public<T> Future<T> create(String pathinfo, Class<?> cls, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(POST);\r
- client.addHeader(CONTENT_TYPE,typeString(cls));\r
- client.setPathInfo(pathinfo);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureCreate(df.getTypeClass());\r
- }\r
-\r
- public<T> Future<T> create(String pathinfo, Class<T> cls) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(POST);\r
- client.addHeader(CONTENT_TYPE,typeString(cls));\r
- client.setPathInfo(pathinfo);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureCreate(cls);\r
- }\r
-\r
- public Future<Void> create(String pathinfo, String contentType) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(POST);\r
- client.addHeader(CONTENT_TYPE,contentType);\r
- client.setPathInfo(pathinfo);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureCreate(Void.class);\r
- }\r
-\r
-\r
- public Future<String> read(String pathinfo, String accept, String ... headers) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(GET);\r
- client.addHeader(ACCEPT, accept);\r
- \r
- for(int i=1;i<headers.length;i=i+2) {\r
- client.addHeader(headers[i-1],headers[i]);\r
- }\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
-\r
- client.setPathInfo(pathinfo);\r
- \r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureReadString();\r
- }\r
-\r
- public<T> Future<T> read(String pathinfo, String accept, RosettaDF<T> df, String ... headers) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(GET);\r
- client.addHeader(ACCEPT, accept);\r
- for(int i=1;i<headers.length;i=i+2) {\r
- client.addHeader(headers[i-1],headers[i]);\r
- }\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- \r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureRead(df,type);\r
- }\r
-\r
- public<T> Future<T> read(String pathinfo, RosettaDF<T> df,String ... headers) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(GET);\r
- client.addHeader(ACCEPT, typeString(df.getTypeClass()));\r
- for(int i=1;i<headers.length;i=i+2) {\r
- client.addHeader(headers[i-1],headers[i]);\r
- }\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- \r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureRead(df,type);\r
- }\r
-\r
- public<T> Future<T> read(String pathinfo, Class<?> cls, RosettaDF<T> df) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(GET);\r
- client.addHeader(ACCEPT, typeString(cls));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- \r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureRead(df,type);\r
- }\r
-\r
- public<T> Future<T> update(String pathinfo, String contentType, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(PUT);\r
- client.addHeader(CONTENT_TYPE,contentType);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(t);\r
- }\r
- \r
- public<T> Future<String> updateRespondString(String pathinfo, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(PUT);\r
- client.addHeader(CONTENT_TYPE, typeString(df.getTypeClass()));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.futureReadString();\r
- }\r
-\r
-\r
- public<T> Future<T> update(String pathinfo, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(PUT);\r
- client.addHeader(CONTENT_TYPE, typeString(df.getTypeClass()));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(t);\r
- }\r
- \r
- public<T> Future<T> update(String pathinfo, Class<?> cls, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(PUT);\r
- client.addHeader(CONTENT_TYPE, typeString(cls));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(t);\r
- }\r
-\r
- /**\r
- * A method to update with a VOID\r
- * @param pathinfo\r
- * @param resp\r
- * @param expected\r
- * @return\r
- * @throws APIException\r
- * @throws CadiException\r
- */\r
- public<T> Future<Void> update(String pathinfo) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(PUT);\r
- client.addHeader(CONTENT_TYPE, typeString(Void.class));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
-// client.setPayload(new EClient.Transfer() {\r
-// @Override\r
-// public void transfer(OutputStream os) throws IOException, APIException {\r
-// }\r
-// });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(null);\r
- }\r
-\r
- public<T> Future<T> delete(String pathinfo, String contentType, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(DELETE);\r
- client.addHeader(CONTENT_TYPE, contentType);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(t);\r
- }\r
-\r
- public<T> Future<T> delete(String pathinfo, Class<?> cls, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(DELETE);\r
- client.addHeader(CONTENT_TYPE, typeString(cls));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(t);\r
- }\r
-\r
- public<T> Future<T> delete(String pathinfo, final RosettaDF<T> df, final T t) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(DELETE);\r
- client.addHeader(CONTENT_TYPE, typeString(df.getTypeClass()));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- df.newData().out(type).direct(t,os);\r
- }\r
- });\r
-\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(t);\r
- }\r
-\r
-\r
- public<T> Future<T> delete(String pathinfo, Class<T> cls) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(DELETE);\r
- client.addHeader(CONTENT_TYPE, typeString(cls));\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future((T)null);\r
- }\r
-\r
- public Future<Void> delete(String pathinfo, String contentType) throws APIException, CadiException {\r
- final int idx = pathinfo.indexOf('?');\r
- final String qp; \r
- if(idx>=0) {\r
- qp=pathinfo.substring(idx+1);\r
- pathinfo=pathinfo.substring(0,idx);\r
- } else {\r
- qp=queryParams;\r
- }\r
-\r
- EClient<CT> client = client();\r
- client.setMethod(DELETE);\r
- client.addHeader(CONTENT_TYPE, contentType);\r
- client.setQueryParams(qp);\r
- client.setFragment(fragment);\r
- client.setPathInfo(pathinfo);\r
- client.setPayload(null);\r
- client.send();\r
- queryParams = fragment = null;\r
- return client.future(null);\r
- }\r
-\r
- public Future<Void> transfer(final HttpServletRequest req, final HttpServletResponse resp, final String pathParam, final int expected) throws CadiException, APIException {\r
- EClient<CT> client = client();\r
- URI uri;\r
- try {\r
- uri = new URI(req.getRequestURI());\r
- } catch (Exception e) {\r
- throw new CadiException("Invalid incoming URI",e);\r
- }\r
- String name;\r
- for(Enumeration<String> en = req.getHeaderNames();en.hasMoreElements();) {\r
- name = en.nextElement();\r
- client.addHeader(name,req.getHeader(name));\r
- }\r
- client.setQueryParams(req.getQueryString());\r
- client.setFragment(uri.getFragment());\r
- client.setPathInfo(pathParam);\r
- String meth = req.getMethod();\r
- client.setMethod(meth);\r
- if(!"GET".equals(meth)) {\r
- client.setPayload(new EClient.Transfer() {\r
- @Override\r
- public void transfer(OutputStream os) throws IOException, APIException {\r
- final ServletInputStream is = req.getInputStream();\r
- int read;\r
- // reuse Buffers\r
- Pooled<byte[]> pbuff = buffPool.get();\r
- try { \r
- while((read=is.read(pbuff.content))>=0) {\r
- os.write(pbuff.content,0,read);\r
- }\r
- } finally {\r
- pbuff.done();\r
- }\r
- }\r
- });\r
- }\r
- client.send();\r
- return client.future(resp, expected);\r
- }\r
-\r
- public String toString() {\r
- return uri.toString();\r
- }\r
-\r
- /**\r
- * @param queryParams the queryParams to set\r
- * @return \r
- */\r
- public Rcli<CT> setQueryParams(String queryParams) {\r
- this.queryParams = queryParams;\r
- return this;\r
- }\r
- \r
-\r
- /**\r
- * @param fragment the fragment to set\r
- * @return \r
- */\r
- public Rcli<CT> setFragment(String fragment) {\r
- this.fragment = fragment;\r
- return this;\r
- }\r
-\r
- public URI getURI() {\r
- return uri;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-public class Result<T> {\r
- public final int code;\r
- public final T value;\r
- public final String error;\r
-\r
- private Result(int code, T value, String error) {\r
- this.code = code;\r
- this.value = value;\r
- this.error = error;\r
- }\r
-\r
- public static<T> Result<T> ok(int code,T t) {\r
- return new Result<T>(code,t,null);\r
- }\r
- \r
- public static<T> Result<T> err(int code,String body) {\r
- return new Result<T>(code,null,body);\r
- }\r
- \r
- public boolean isOK() {\r
- return error==null;\r
- }\r
- \r
- public String toString() {\r
- StringBuilder sb = new StringBuilder("Code: ");\r
- sb.append(code);\r
- if(error!=null) {\r
- sb.append(" = ");\r
- sb.append(error);\r
- }\r
- return sb.toString();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.client;\r
-\r
-import java.net.ConnectException;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Locator;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-/**\r
- * \r
- *\r
- * @param <RT>\r
- * @param <RET>\r
- */\r
-public abstract class Retryable<RET> {\r
- // be able to hold state for consistent Connections. Not required for all connection types.\r
- public Rcli<?> lastClient;\r
- private Locator.Item item;\r
- \r
- public Retryable() {\r
- lastClient = null;\r
- item = null;\r
- }\r
-\r
- public Retryable(Retryable<?> ret) {\r
- lastClient = ret.lastClient;\r
- item = ret.item;\r
- }\r
-\r
- public Locator.Item item(Locator.Item item) {\r
- lastClient = null;\r
- this.item = item;\r
- return item;\r
- }\r
- public Locator.Item item() {\r
- return item;\r
- }\r
- \r
- public abstract RET code(Rcli<?> client) throws CadiException, ConnectException, APIException;\r
-\r
- /**\r
- * Note, Retryable is tightly coupled to the Client Utilizing. It will not be the wrong type.\r
- * @return\r
- */\r
- @SuppressWarnings("unchecked")\r
- public <CLIENT> Rcli<CLIENT> lastClient() {\r
- return (Rcli<CLIENT>)lastClient;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.net.URI;\r
-\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.client.EClient;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import com.att.aft.dme2.handler.DME2RestfulHandler;\r
-import com.att.aft.dme2.handler.DME2RestfulHandler.ResponseInfo;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-public class DEClient implements EClient<DME2Client> {\r
- private DME2Client client;\r
- private DME2RestfulHandler replyHandler;\r
- private EClient.Transfer payload;\r
- private boolean isProxy;\r
- private SecuritySetter<DME2Client> ss;\r
- \r
- public DEClient(DME2Manager manager, SecuritySetter<DME2Client> ss, URI uri, long timeout) throws DME2Exception, CadiException {\r
- client = new DME2Client(manager,uri,timeout);\r
- client.setAllowAllHttpReturnCodes(true);\r
- this.ss = ss;\r
- ss.setSecurity(client);\r
- replyHandler = new DME2RestfulHandler(Rcli.BLANK);\r
- client.setReplyHandler(replyHandler);\r
- }\r
-\r
- @Override\r
- public void setMethod(String meth) {\r
- client.setMethod(meth);\r
- }\r
-\r
- /**\r
- * DME2 can't handle having QueryParams on the URL line, but it is the most natural way, so...\r
- * \r
- * Also, DME2 can't handle "/proxy" as part of Context in the main URI line, so we add it when we see authz-gw to "isProxy"\r
- */\r
- public void setPathInfo(String pathinfo) {\r
- int qp = pathinfo.indexOf('?');\r
- if(qp<0) {\r
- client.setContext(isProxy?("/proxy"+pathinfo):pathinfo);\r
- } else {\r
- client.setContext(isProxy?("/proxy"+pathinfo.substring(0,qp)):pathinfo.substring(0,qp));\r
- client.setQueryParams(pathinfo.substring(qp+1));\r
- }\r
- }\r
-\r
- @Override\r
- public void setPayload(EClient.Transfer transfer) {\r
- payload = transfer;\r
- }\r
-\r
- @Override\r
- public void addHeader(String tag, String value) {\r
- client.addHeader(tag, value);\r
- }\r
-\r
-\r
- @Override\r
- public void setQueryParams(String q) {\r
- client.setQueryParams(q);\r
- }\r
-\r
- @Override\r
- public void setFragment(String f) {\r
- // DME2 does not implement this\r
- }\r
-\r
- @Override\r
- public void send() throws APIException {\r
- try {\r
- if(payload!=null) {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- payload.transfer(baos);\r
- client.setPayload(new String(baos.toByteArray()));\r
- } else {\r
- client.setPayload("");\r
- }\r
- client.send();\r
- } catch (DME2Exception e) {\r
- throw new APIException(e);\r
- } catch (IOException e) {\r
- throw new APIException(e);\r
- }\r
- }\r
-\r
- \r
- public class DFuture<T> extends Future<T> {\r
- protected final DME2RestfulHandler reply;\r
- protected ResponseInfo info;\r
- \r
- public DFuture(DME2RestfulHandler reply) {\r
- this.reply = reply;\r
- }\r
- \r
- protected boolean evalInfo() throws APIException{\r
- //return info.getCode()==200;\r
- return true;\r
- };\r
- \r
- public final boolean get(int timeout) throws CadiException {\r
- try {\r
- info = reply.getResponse(timeout);\r
- ss.setLastResponse(info.getCode());\r
- return evalInfo();\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
- @Override\r
- public int code() {\r
- return info.getCode();\r
- }\r
-\r
- @Override\r
- public String body() {\r
- return info.getBody();\r
- }\r
-\r
- @Override\r
- public String header(String tag) {\r
- return info.header(tag);\r
- }\r
-\r
- }\r
-\r
- @Override\r
- public <T> Future<T> futureCreate(Class<T> t) {\r
- return new DFuture<T>(replyHandler) {\r
- public boolean evalInfo() throws APIException {\r
- \r
- return info.getCode()==201;\r
- }\r
- };\r
- }\r
- \r
-\r
- @Override\r
- public Future<String> futureReadString() {\r
- return new DFuture<String>(replyHandler) {\r
- public boolean evalInfo() throws APIException {\r
- if(info.getCode()==200) {\r
- value = info.getBody();\r
- return true;\r
- }\r
- return false;\r
- }\r
- };\r
- }\r
- \r
- @Override\r
- public<T> Future<T> futureRead(final RosettaDF<T> df, final Data.TYPE type) {\r
- return new DFuture<T>(replyHandler) {\r
- public boolean evalInfo() throws APIException {\r
- if(info.getCode()==200) {\r
- value = df.newData().in(type).load(info.getBody()).asObject();\r
- return true;\r
- }\r
- return false;\r
- }\r
- };\r
- }\r
-\r
- @Override\r
- public <T> Future<T> future(final T t) {\r
- return new DFuture<T>(replyHandler) {\r
- public boolean evalInfo() {\r
- if(info.getCode()==200) {\r
- value = t;\r
- return true;\r
- }\r
- return false;\r
- }\r
- };\r
- }\r
-\r
- @Override\r
- public Future<Void> future(HttpServletResponse resp,int expected) throws APIException {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- public void setProxy(boolean isProxy) {\r
- this.isProxy=isProxy;\r
- }\r
-\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import java.io.IOException;\r
-import java.security.GeneralSecurityException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.client.AbsBasicAuth;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-\r
-public class DME2BasicAuth extends AbsBasicAuth<DME2Client> {\r
- public DME2BasicAuth(String user, String pass, SecurityInfoC<DME2Client> si) throws IOException {\r
- super(user,pass,si);\r
- }\r
-\r
- public DME2BasicAuth(Access access, SecurityInfoC<DME2Client> si) throws IOException {\r
- super(access.getProperty(Config.AAF_MECHID, null),\r
- access.decrypt(access.getProperty(Config.AAF_MECHPASS, null), false),\r
- si);\r
- }\r
-\r
- public DME2BasicAuth(BasicPrincipal bp,SecurityInfoC<DME2Client> si) throws IOException {\r
- super(bp.getName(),new String(bp.getCred()),si);\r
- }\r
-\r
- public DME2BasicAuth(Access access) throws IOException, GeneralSecurityException {\r
- super(access.getProperty(Config.AAF_MECHID, null),\r
- access.decrypt(access.getProperty(Config.AAF_MECHPASS, null), false),\r
- new SecurityInfoC<DME2Client>(access));\r
- }\r
-\r
- public void setSecurity(DME2Client client) throws CadiException {\r
- if(isDenied()) {\r
- throw new CadiException(REPEAT_OFFENDER);\r
- }\r
- client.addHeader("Authorization", headValue);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import java.io.IOException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Access.Level;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-\r
-public class DME2ClientSS implements SecuritySetter<DME2Client> {\r
- private Access access;\r
- private String user,crd;\r
- \r
- public DME2ClientSS(Access access, String user, String pass) throws IOException {\r
- this.access = access;\r
- this.user = user;\r
- this.crd = pass;\r
- }\r
- \r
- @Override\r
- public void setSecurity(DME2Client client) {\r
- try {\r
- client.setCredentials(user, access.decrypt(crd, false));\r
- } catch (IOException e) {\r
- access.log(Level.ERROR,e,"Error decrypting DME2 Password");\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.SecuritySetter#getID()\r
- */\r
- @Override\r
- public String getID() {\r
- return user;\r
- }\r
-\r
- @Override\r
- public int setLastResponse(int respCode) {\r
- // TODO Auto-generated method stub\r
- return 0;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-\r
-import java.net.InetAddress;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.net.UnknownHostException;\r
-import java.util.Arrays;\r
-import java.util.Comparator;\r
-import java.util.Random;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Access.Level;\r
-\r
-//\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import com.att.aft.dme2.api.DME2Server;\r
-import com.att.aft.dme2.manager.registry.DME2Endpoint;\r
-\r
-public class DME2Locator implements Locator {\r
- private DME2Manager dm;\r
- private DME2Endpoint[] endpoints;\r
- private Access access;\r
- private String service;\r
- private String version;\r
- private String routeOffer;\r
- private String envContext;\r
- private String thisMachine;\r
- private String pathInfo;\r
- private int thisPort;\r
- private boolean removeSelf;\r
- private final static Random random = new Random();\r
-\r
- // Default is to not bother trying to remove self\r
- public DME2Locator(Access access, DME2Manager dm, String service, String version, String envContext, String routeOffer) throws DME2Exception, UnknownHostException, LocatorException {\r
- this(access,dm,service,version,envContext,routeOffer,false);\r
- }\r
- \r
- public DME2Locator(Access access, DME2Manager dm, String service, String version, String envContext, String routeOffer, boolean removeSelf) throws DME2Exception, UnknownHostException, LocatorException {\r
- this.access = access;\r
- if(dm==null) {\r
- this.dm = new DME2Manager("DME2Locator created DME2Manager",System.getProperties());\r
- } else {\r
- this.dm = dm;\r
- }\r
- this.service = service;\r
- this.version = version;\r
- this.envContext = envContext;\r
- this.routeOffer = routeOffer;\r
- refresh();\r
- DME2Server server = dm.getServer(); \r
- if(server == null) {\r
- thisMachine = InetAddress.getLocalHost().getHostName();\r
- thisPort = 0;\r
- } else {\r
- try {\r
- thisMachine = server.getServerProperties().getHostname();\r
- //thisPort = server.getPort();\r
- thisPort = server.getServerProperties().getPort();\r
- } catch(NullPointerException np) { // BAD BOY, DME2...\r
- access.log(Level.ERROR, "WARNING: DME2 threw a NullPointer Exception getting Server Machine and Port");\r
- thisMachine = InetAddress.getLocalHost().getHostName();\r
- thisPort = 0;\r
- }\r
- }\r
- this.removeSelf = removeSelf;\r
- }\r
-\r
- // Default is to not bother trying to remove self\r
- public DME2Locator(Access access, DME2Manager dm, String aafurl) throws DME2Exception, UnknownHostException, LocatorException {\r
- this(access,dm,aafurl,false);\r
- }\r
- \r
- public DME2Locator(Access access, DME2Manager dm, String aafurl, boolean removeSelf) throws DME2Exception, UnknownHostException, LocatorException {\r
- if(aafurl==null) throw new LocatorException("URL is null");\r
- this.access = access;\r
- if(dm==null) {\r
- dm = this.dm = new DME2Manager("DME2Locator created DME2Manager",System.getProperties());\r
- } else {\r
- this.dm = dm;\r
- }\r
- String[] split = aafurl.split("/");\r
- StringBuilder sb = new StringBuilder();\r
- boolean dme2Entered = false;\r
- for(String s : split) {\r
- if(s.startsWith( "service=")) this.service = s.substring(8);\r
- else if(s.startsWith("version=")) this.version = s.substring(8);\r
- else if(s.startsWith("envContext=")) this.envContext = s.substring(11);\r
- else if(s.startsWith("routeOffer=")) {\r
- this.routeOffer = s.substring(11);\r
- dme2Entered = true;\r
- }\r
- else if(dme2Entered) {\r
- sb.append('/');\r
- sb.append(s);\r
- }\r
- pathInfo = sb.toString();\r
- }\r
- DME2Server server = dm.getServer(); \r
- if(server == null) {\r
- thisMachine = InetAddress.getLocalHost().getHostName();\r
- thisPort = 0;\r
- } else {\r
- thisMachine = server.getServerProperties().getHostname();\r
- if(thisMachine==null) { // even if server !=null, apparently, it can be uninitialized\r
- thisMachine = InetAddress.getLocalHost().getHostName();\r
- thisPort = 0;\r
- } else {\r
- try {\r
- thisPort = server.getServerProperties().getPort();\r
- } catch (Exception e) {\r
- thisPort = 0;\r
- }\r
- } \r
- }\r
- this.removeSelf=removeSelf;\r
- refresh();\r
- }\r
- \r
- @Override\r
- public boolean refresh() {\r
- try {\r
- dm.refresh();\r
- endpoints = dm.findEndpoints(service, version, envContext, routeOffer, true);\r
- if(removeSelf) {\r
- for(int i=0;i<endpoints.length;++i) {\r
- if(endpoints[i].getPort()==thisPort && endpoints[i].getHost().equals(thisMachine))\r
- endpoints[i]=null;\r
- }\r
- }\r
- return endpoints.length!=0;\r
- } catch (Exception e) {\r
- access.log(Level.ERROR, e.getMessage());\r
- }\r
- return false;\r
- }\r
-\r
- private String noEndpointsString() {\r
- StringBuilder sb = new StringBuilder("No DME2 Endpoints found for ");\r
- sb.append(service);\r
- sb.append('/');\r
- sb.append(version);\r
- sb.append('/');\r
- sb.append(envContext);\r
- sb.append('/');\r
- sb.append(routeOffer);\r
- return sb.toString();\r
- }\r
-\r
- @Override\r
- public URI get(Locator.Item item) throws LocatorException {\r
- if(!hasItems()) \r
- throw new LocatorException(noEndpointsString());\r
- if(item == null) \r
- return null;\r
-\r
- Item li = ((Item)item);\r
- // if URI has been created, use it\r
- if(li.uri!=null)return li.uri;\r
- \r
- // URI not created, create it\r
- if(li.idx<endpoints.length) {\r
- DME2Endpoint de = endpoints[li.idx];\r
- if(de!=null) {\r
- try {\r
- return li.uri=new URI(de.getProtocol(),null,de.getHost(),de.getPort(),pathInfo,null,null);\r
- } catch (URISyntaxException e) {\r
- throw new LocatorException(e);\r
- }\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- @Override\r
- public boolean hasItems() {\r
- return endpoints!=null && endpoints.length>0;\r
- }\r
-\r
- @Override\r
- public void invalidate(Locator.Item item) throws LocatorException {\r
- if(item instanceof Item) {\r
- int idx = ((Item)item).idx;\r
- if(idx<endpoints.length) {\r
- DME2Endpoint uhoh = endpoints[idx]; // Sometimes, DME2Endpoint, at least on File system, returns bogus entries.\r
- endpoints[idx]=null;\r
- boolean noneLeft=true;\r
- for(int i=0;i<endpoints.length && noneLeft;++i) {\r
- noneLeft = endpoints[i]==null;\r
- }\r
- if(noneLeft && refresh()) { // make sure DME2 isn't giving us the same invalidated entry...\r
- for(int i=0;i<endpoints.length && noneLeft;++i) {\r
- DME2Endpoint ep = endpoints[i];\r
- if(ep != null && \r
- ep.getHost().equals(uhoh.getHost()) &&\r
- ep.getPort()==uhoh.getPort()) {\r
- endpoints[i]=null;\r
- }\r
- }\r
- }\r
- \r
- }\r
- }\r
- }\r
-\r
- public class Item implements Locator.Item {\r
- private final int idx;\r
- private URI uri;\r
- private Item(int i) {\r
- idx = i;\r
- uri = null;\r
- }\r
- }\r
-\r
- @Override\r
- public Item best() throws LocatorException {\r
- if(!hasItems()) // checks endpoints\r
- if(!refresh()) throw new LocatorException("No DME2 Endpoints Available");\r
- \r
- // Some endpoints in Array are null. Need sub array of usable endpoints\r
- int usable[] = new int[endpoints.length];\r
- int count=0;\r
- for(int i=0;i<endpoints.length;++i) {\r
- if(endpoints[i]!=null) {\r
- usable[count++] = i;\r
- }\r
- }\r
- switch(count) {\r
- case 0: refresh(); return null;\r
- case 1: return new Item(usable[0]);\r
- default:\r
- int samemach[] = new int[count];\r
- int samecount = 0,closecount=0;\r
- // has to be sortable\r
- Integer closemach[] = new Integer[count];\r
- \r
- // Analyze for Same Machine or Remote machines\r
- for(int i=0;i<count;++i) {\r
- DME2Endpoint ep = endpoints[usable[i]];\r
- String host = ep.getHost();\r
- if(thisMachine.equalsIgnoreCase(host)) {\r
- samemach[samecount++] = usable[i];\r
- } else {\r
- closemach[closecount++] = usable[i];\r
- }\r
- }\r
- \r
- switch(samecount) {\r
- case 0: break;\r
- case 1: return new Item(samemach[0]);\r
- default: // return randomized is multiple Endpoints on local machine.\r
- int i = random.nextInt();\r
- return new Item(usable[Math.abs(i%samecount)]);\r
- }\r
- \r
- // Analyze for closest remote\r
- switch(closecount) {\r
- case 0: return null;\r
- case 1: return new Item(closemach[0]);\r
- default: // return closest machine\r
- DoubIndex remote[] = new DoubIndex[closecount];\r
- int remotecount = 0;\r
- for(int i=0;i<closecount;++i) {\r
- DME2Endpoint de = endpoints[usable[i]];\r
- remote[remotecount++] = new DoubIndex(de.getDistance(),i);\r
- }\r
- Arrays.sort(remote,new Comparator<DoubIndex> () {\r
- @Override\r
- public int compare(DoubIndex a, DoubIndex b) {\r
- if(a.d<b.d) return -1;\r
- if(a.d>b.d) return 1;\r
- return (random.nextInt()%1)==0?1:0;// randomize if the same\r
- }\r
- \r
- });\r
- return new Item(remote[0].idx);\r
- }\r
- }\r
- }\r
- \r
- private class DoubIndex {\r
- public final double d;\r
- public final int idx;\r
- \r
- public DoubIndex(double doub, int i) {\r
- d = doub;\r
- idx = i;\r
- }\r
- }\r
- @Override\r
- public Item first() {\r
- if(endpoints==null)return null;\r
- for(int i=0;i<endpoints.length;++i) {\r
- if(endpoints[i]!=null)\r
- return new Item(i); \r
- }\r
- return null;\r
- }\r
-\r
- @Override\r
- public Item next(Locator.Item item) throws LocatorException {\r
- if(endpoints==null || endpoints.length==0 || !(item instanceof Item))return null;\r
- int idx = ((Item)item).idx +1;\r
- for(int i=idx;i<endpoints.length;++i) {\r
- if(endpoints[i]!=null)\r
- return new Item(i); \r
- }\r
-// This is a mistake.. will start infinite loops\r
-// // Did not have any at end... try beginning\r
-// for(int i=0;i<idx-1;++i) {\r
-// if(endpoints[i]!=null)\r
-// return new Item(i); \r
-// }\r
-// // If still nothing, refresh\r
-// refresh();\r
- return null;\r
- }\r
-\r
- @Override\r
- public void destroy() {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.client.AbsTransferSS;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-\r
-public class DME2TransferSS extends AbsTransferSS<DME2Client> {\r
-\r
- public DME2TransferSS(Principal principal, String app, SecurityInfoC<DME2Client> si) throws IOException {\r
- super(principal, app, si);\r
- }\r
-\r
- @Override\r
- public void setSecurity(DME2Client client) throws CadiException {\r
- if(value!=null) {\r
- if(defSS==null) {\r
- throw new CadiException("Need App Credentials to send message");\r
- }\r
- defSS.setSecurity(client);\r
- client.addHeader(Config.CADI_USER_CHAIN, value);\r
- }\r
- }\r
-\r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import java.io.IOException;\r
-import java.security.cert.CertificateEncodingException;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-\r
-public class DME2x509SS implements SecuritySetter<DME2Client> {\r
- private String alias;\r
-\r
- public DME2x509SS(final String sendAlias, SecurityInfoC<DME2Client> si) throws APIException, IOException, CertificateEncodingException {\r
- if((alias=sendAlias) == null) {\r
- if(si.default_alias == null) {\r
- throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias");\r
- } else {\r
- alias = si.default_alias;\r
- }\r
- }\r
- }\r
-\r
- @Override\r
- public void setSecurity(DME2Client dme2) throws CadiException {\r
- // DME2Client has to have properties set before creation to work.\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.SecuritySetter#getID()\r
- */\r
- @Override\r
- public String getID() {\r
- return alias;\r
- }\r
-\r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import java.net.MalformedURLException;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.client.EClient;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import com.att.aft.dme2.manager.registry.DME2Endpoint;\r
-import com.att.aft.dme2.request.DmeUniformResource;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-\r
-/**\r
- * DME2 Rosetta Client\r
- * \r
- * JAXB defined JSON or XML over DME2 middleware\r
- * \r
- *\r
- * @param <T>\r
- */\r
-public class DRcli extends Rcli<DME2Client> {\r
- // Can be more efficient if tied to manager, apparently. Can pass in null.\r
- DME2Manager manager=null;\r
- private SecuritySetter<DME2Client> ss;\r
- private boolean isProxy;\r
- \r
- public DRcli(URI uri, SecuritySetter<DME2Client> secSet) {\r
- this.uri = uri;\r
- type = TYPE.JSON;\r
- apiVersion = null;\r
- ss=secSet;\r
- }\r
- \r
- @Override\r
- protected DRcli clone(URI uri, SecuritySetter<DME2Client> ss) {\r
- return new DRcli(uri,ss);\r
- }\r
-\r
-\r
-\r
- /**\r
- * Note from Thaniga on 11/5. DME2Client is not expected to be reused... need a fresh one\r
- * on each transaction, which is expected to cover the Async aspects.\r
- * \r
- * @return\r
- * @throws APIException \r
- * @throws DME2Exception \r
- */\r
- protected EClient<DME2Client> client() throws CadiException {\r
- try {\r
- DEClient dc = new DEClient(manager,getSecuritySetter(),uri,readTimeout);\r
- dc.setProxy(isProxy);\r
- return dc;\r
- } catch (DME2Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
- public DRcli setManager(DME2Manager dme2Manager) {\r
- manager = dme2Manager;\r
- return this;\r
- }\r
-\r
- public List<DRcli> all() throws DME2Exception, APIException {\r
- ArrayList<DRcli> al = new ArrayList<DRcli>();\r
- \r
- if(manager == null) {\r
- manager = DME2Manager.getDefaultInstance();\r
- }\r
- try {\r
- DME2Endpoint[] endp = manager.getEndpoints(new DmeUniformResource(manager.getConfig(),uri));\r
- // Convert Searchable Endpoints to Direct Endpoints\r
- for(DME2Endpoint de : endp) {\r
- al.add(new DRcli(\r
- new URI(uri.getScheme(),null,de.getHost(),de.getPort(),null,null,null),ss)\r
-// new URI(uri.getScheme(),null,de.getHost(),de.getPort(),uri.getPath(),null,null),ss)\r
- .setManager(manager)\r
- );\r
- }\r
- } catch (MalformedURLException e) {\r
- throw new APIException("Invalid URL",e);\r
- } catch (URISyntaxException e) {\r
- throw new APIException("Invalid URI",e);\r
- }\r
- return al;\r
- }\r
-\r
- @Override\r
- public void invalidate() throws CadiException {\r
- try {\r
- manager.refresh();\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
-\r
- @Override\r
- public void setSecuritySetter(SecuritySetter<DME2Client> ss) {\r
- this.ss = ss;\r
- }\r
-\r
- @Override\r
- public SecuritySetter<DME2Client> getSecuritySetter() {\r
- return ss;\r
- }\r
-\r
- public void setProxy(boolean isProxy) {\r
- this.isProxy = isProxy;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dnsloc;\r
-\r
-import java.io.IOException;\r
-import java.net.InetAddress;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Access.Level;\r
-\r
-public class DNSLocator implements Locator {\r
- private static enum Status {UNTRIED, OK, INVALID, SLOW};\r
- private static final int CHECK_TIME = 3000;\r
- \r
- private String host, protocol;\r
- private Access access;\r
- private Host[] hosts;\r
- private int startPort, endPort;\r
- private String suffix;\r
- \r
- public DNSLocator(Access access, String protocol, String host, String range) {\r
- this.host = host;\r
- this.protocol = protocol;\r
- this.access = access;\r
- int dash = range.indexOf('-');\r
- if(dash<0) {\r
- startPort = endPort = Integer.parseInt(range);\r
- } else {\r
- startPort = Integer.parseInt(range.substring(0,dash));\r
- endPort = Integer.parseInt(range.substring(dash + 1));\r
- }\r
- refresh();\r
- }\r
-\r
- @Override\r
- public URI get(Item item) throws LocatorException {\r
- return hosts[((DLItem)item).cnt].uri;\r
- }\r
-\r
- @Override\r
- public boolean hasItems() {\r
- for(Host h : hosts) {\r
- if(h.status==Status.OK) {\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
-\r
- @Override\r
- public void invalidate(Item item) {\r
- DLItem di = (DLItem)item;\r
- hosts[di.cnt].status = Status.INVALID;\r
- }\r
-\r
- @Override\r
- public Item best() throws LocatorException {\r
- // not a good "best"\r
- for(int i=0;i<hosts.length;++i) {\r
- switch(hosts[i].status) {\r
- case OK:\r
- return new DLItem(i);\r
- case INVALID:\r
- break;\r
- case SLOW:\r
- break;\r
- case UNTRIED:\r
- try {\r
- if(hosts[i].ia.isReachable(CHECK_TIME)) {\r
- hosts[i].status = Status.OK;\r
- return new DLItem(i);\r
- }\r
- } catch (IOException e) {\r
- throw new LocatorException(e);\r
- }\r
- break;\r
- default:\r
- break;\r
- }\r
- }\r
- throw new LocatorException("No Available URIs for " + host);\r
- }\r
-\r
- @Override\r
- public Item first() throws LocatorException {\r
- return new DLItem(0);\r
- }\r
-\r
- @Override\r
- public Item next(Item item) throws LocatorException {\r
- DLItem di = (DLItem)item;\r
- if(++di.cnt<hosts.length) {\r
- return di;\r
- } else {\r
- return null;\r
- }\r
- }\r
-\r
- @Override\r
- public boolean refresh() {\r
- try {\r
- InetAddress[] ias = InetAddress.getAllByName(host);\r
- Host[] temp = new Host[ias.length * (1 + endPort - startPort)];\r
- int cnt = -1;\r
- for(int j=startPort; j<=endPort; ++j) {\r
- for(int i=0;i<ias.length;++i) {\r
- temp[++cnt] = new Host(ias[i], j, suffix);\r
- }\r
- }\r
- hosts = temp;\r
- return true;\r
- } catch (Exception e) {\r
- access.log(Level.ERROR, e);\r
- }\r
- return false;\r
- }\r
-\r
- private class Host {\r
- private URI uri;\r
- private InetAddress ia;\r
- private Status status;\r
- \r
- public Host(InetAddress inetAddress, int port, String suffix) throws URISyntaxException {\r
- ia = inetAddress;\r
- uri = new URI(protocol,null,inetAddress.getHostAddress(),port,suffix,null,null);\r
- status = Status.UNTRIED;\r
- }\r
- }\r
- \r
- private class DLItem implements Item {\r
- public DLItem(int i) {\r
- cnt = i;\r
- }\r
-\r
- private int cnt;\r
- }\r
-\r
- @Override\r
- public void destroy() {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.io.IOException;\r
-import java.net.HttpURLConnection;\r
-\r
-import javax.net.ssl.HttpsURLConnection;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.client.AbsBasicAuth;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-\r
-public class HBasicAuthSS extends AbsBasicAuth<HttpURLConnection> {\r
- public HBasicAuthSS(Access access, SecurityInfoC<HttpURLConnection> si) throws IOException {\r
- super(access.getProperty(Config.AAF_MECHID, null),\r
- access.decrypt(access.getProperty(Config.AAF_MECHPASS, null), false),\r
- si);\r
- }\r
-\r
- public HBasicAuthSS(String user, String pass, SecurityInfoC<HttpURLConnection> si) throws IOException {\r
- super(user,pass,si);\r
- }\r
-\r
- public HBasicAuthSS(String user, String pass, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws IOException {\r
- super(user,pass,si);\r
- if(asDefault) {\r
- si.set(this);\r
- }\r
- }\r
- \r
- public HBasicAuthSS(BasicPrincipal bp, SecurityInfoC<HttpURLConnection> si) throws IOException {\r
- super(bp.getName(),new String(bp.getCred()),si);\r
- }\r
- \r
- public HBasicAuthSS(BasicPrincipal bp, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws IOException {\r
- super(bp.getName(),new String(bp.getCred()),si);\r
- if(asDefault) {\r
- si.set(this);\r
- }\r
- }\r
-\r
- @Override\r
- public void setSecurity(HttpURLConnection huc) throws CadiException {\r
- if(isDenied()) {\r
- throw new CadiException(REPEAT_OFFENDER);\r
- }\r
- huc.addRequestProperty("Authorization" , headValue);\r
- if(securityInfo!=null && huc instanceof HttpsURLConnection) {\r
- securityInfo.setSocketFactoryOn((HttpsURLConnection)huc);\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.InputStreamReader;\r
-import java.io.OutputStream;\r
-import java.io.Reader;\r
-import java.net.HttpURLConnection;\r
-import java.net.URI;\r
-import java.net.URL;\r
-import java.util.ArrayList;\r
-\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.client.EClient;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.util.Pool.Pooled;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-\r
-/**\r
- * Low Level Http Client Mechanism. Chances are, you want the high level "HRcli"\r
- * for Rosetta Object Translation\r
- * \r
- *\r
- */\r
-public class HClient implements EClient<HttpURLConnection> {\r
- private URI uri;\r
- private ArrayList<Header> headers;\r
- private String meth;\r
- private String pathinfo;\r
- private String query;\r
- private String fragment;\r
- private Transfer transfer;\r
- private SecuritySetter<HttpURLConnection> ss;\r
- private HttpURLConnection huc;\r
- private int connectTimeout;\r
-\r
- public HClient(SecuritySetter<HttpURLConnection> ss, URI uri,int connectTimeout) throws LocatorException {\r
- if (uri == null) {\r
- throw new LocatorException("No Service available to call");\r
- }\r
- this.uri = uri;\r
- this.ss = ss;\r
- this.connectTimeout = connectTimeout;\r
- pathinfo = query = fragment = ""; \r
- }\r
-\r
- @Override\r
- public void setMethod(String meth) {\r
- this.meth = meth;\r
- }\r
-\r
- @Override\r
- public void setPathInfo(String pathinfo) {\r
- this.pathinfo = pathinfo;\r
- }\r
-\r
- @Override\r
- public void setPayload(Transfer transfer) {\r
- this.transfer = transfer;\r
- }\r
- \r
- @Override\r
- public void addHeader(String tag, String value) {\r
- if (headers == null)\r
- headers = new ArrayList<Header>();\r
- headers.add(new Header(tag, value));\r
- }\r
-\r
- @Override\r
- public void setQueryParams(String q) {\r
- query = q;\r
- }\r
-\r
- @Override\r
- public void setFragment(String f) {\r
- fragment = f;\r
- }\r
-\r
- @Override\r
- public void send() throws APIException {\r
- try {\r
- // Build URL from given URI plus current Settings\r
- if(uri.getPath()==null) {\r
- throw new APIException("Invalid URL entered for HClient");\r
- }\r
- StringBuilder pi = new StringBuilder(uri.getPath());\r
- if(!pathinfo.startsWith("/")) {\r
- pi.append('/');\r
- }\r
- pi.append(pathinfo);\r
- URL url = new URI(\r
- uri.getScheme(), \r
- uri.getUserInfo(),\r
- uri.getHost(), \r
- uri.getPort(), \r
- pi.toString(), \r
- query,\r
- fragment).toURL();\r
- pathinfo=null;\r
- query=null;\r
- fragment=null;\r
- huc = (HttpURLConnection) url.openConnection();\r
- if(ss!=null) {\r
- ss.setSecurity(huc); \r
- }\r
- huc.setRequestMethod(meth);\r
- if (headers != null)\r
- for (Header d : headers) {\r
- huc.addRequestProperty(d.tag, d.value);\r
- }\r
- huc.setDoInput(true);\r
- huc.setDoOutput(true);\r
- huc.setUseCaches(false);\r
- huc.setConnectTimeout(connectTimeout);\r
- huc.connect();\r
- if (transfer != null) {\r
- transfer.transfer(huc.getOutputStream());\r
- }\r
- // TODO other settings? There's a bunch here.\r
- } catch (Exception e) {\r
- throw new APIException(e);\r
- } finally { // ensure all these are reset after sends\r
- meth=pathinfo=null;\r
- if(headers!=null) {\r
- headers.clear();\r
- }\r
- pathinfo = query = fragment = "";\r
- }\r
- }\r
-\r
- public abstract class HFuture<T> extends Future<T> {\r
- protected HttpURLConnection huc;\r
- protected int respCode;\r
- protected String respMessage;\r
- protected IOException exception;\r
- protected StringBuilder errContent;\r
- \r
- public HFuture(final HttpURLConnection huc) {\r
- this.huc = huc;\r
- }\r
- \r
- protected boolean evalInfo(HttpURLConnection huc) throws APIException, IOException{\r
- return respCode == 200;\r
- };\r
- \r
- @Override\r
- public final boolean get(int timeout) throws CadiException {\r
- try {\r
- huc.setReadTimeout(timeout);\r
- respCode = huc.getResponseCode();\r
- ss.setLastResponse(respCode);\r
- if(evalInfo(huc)) {\r
- return true;\r
- } else {\r
- extractError();\r
- return false;\r
- }\r
- } catch (IOException | APIException e) {\r
- throw new CadiException(e);\r
- } finally {\r
- close();\r
- }\r
- }\r
- \r
- private void extractError() {\r
- InputStream is = huc.getErrorStream();\r
- try {\r
- if(is==null) {\r
- is = huc.getInputStream();\r
- }\r
- if(is!=null) {\r
- errContent = new StringBuilder();\r
- int c;\r
- while((c=is.read())>=0) {\r
- errContent.append((char)c);\r
- }\r
- }\r
- } catch (IOException e) {\r
- exception = e;\r
- }\r
- }\r
- \r
- // Typically only used by Read\r
- public StringBuilder inputStreamToString(InputStream is) {\r
- // Avoids Carriage returns, and is reasonably efficient, given\r
- // the buffer reads.\r
- try {\r
- StringBuilder sb = new StringBuilder();\r
- Reader rdr = new InputStreamReader(is);\r
- try {\r
- char[] buf = new char[256];\r
- int read;\r
- while ((read = rdr.read(buf)) >= 0) {\r
- sb.append(buf, 0, read);\r
- }\r
- } finally {\r
- rdr.close();\r
- }\r
- return sb;\r
- } catch (IOException e) {\r
- exception = e;\r
- return null;\r
- }\r
- }\r
- \r
- \r
- @Override\r
- public int code() {\r
- return respCode;\r
- }\r
- \r
- public HttpURLConnection huc() {\r
- return huc;\r
- }\r
- \r
- public IOException exception() {\r
- return exception;\r
- }\r
- \r
- public String respMessage() {\r
- return respMessage;\r
- }\r
- \r
- @Override\r
- public String header(String tag) {\r
- return huc.getHeaderField(tag);\r
- }\r
- \r
- public void close() {\r
- if(huc!=null) {\r
- huc.disconnect();\r
- }\r
- }\r
- }\r
-\r
- @Override\r
- public <T> Future<T> futureCreate(Class<T> t) {\r
- return new HFuture<T>(huc) {\r
- public boolean evalInfo(HttpURLConnection huc) {\r
- return respCode==201;\r
- }\r
-\r
- @Override\r
- public String body() {\r
- if (errContent != null) {\r
- return errContent.toString();\r
- \r
- } else if (respMessage != null) {\r
- return respMessage;\r
- }\r
- return "";\r
- }\r
- };\r
- }\r
-\r
- @Override\r
- public Future<String> futureReadString() {\r
- return new HFuture<String>(huc) {\r
- public boolean evalInfo(HttpURLConnection huc) throws IOException {\r
- if (respCode == 200) {\r
- StringBuilder sb = inputStreamToString(huc.getInputStream());\r
- if (sb != null) {\r
- value = sb.toString();\r
- }\r
- return true;\r
- }\r
- return false;\r
- }\r
-\r
- @Override\r
- public String body() {\r
- if (value != null) {\r
- return value;\r
- } else if (errContent != null) {\r
- return errContent.toString();\r
- } else if (respMessage != null) {\r
- return respMessage;\r
- }\r
- return "";\r
- }\r
-\r
- };\r
- }\r
-\r
- @Override\r
- public <T> Future<T> futureRead(final RosettaDF<T> df, final TYPE type) {\r
- return new HFuture<T>(huc) {\r
- private Data<T> data;\r
-\r
- public boolean evalInfo(HttpURLConnection huc) throws APIException, IOException {\r
- if (respCode == 200) {\r
- data = df.newData().in(type).load(huc.getInputStream());\r
- value = data.asObject();\r
- return true;\r
- }\r
- return false;\r
- }\r
-\r
- @Override\r
- public String body() {\r
- if (data != null) {\r
- try {\r
- return data.asString();\r
- } catch (APIException e) {\r
- }\r
- } else if (errContent != null) {\r
- return errContent.toString();\r
- } else if (respMessage != null) {\r
- return respMessage;\r
- }\r
- return "";\r
- }\r
- };\r
- }\r
-\r
- @Override\r
- public <T> Future<T> future(final T t) {\r
- return new HFuture<T>(huc) {\r
- public boolean evalInfo(HttpURLConnection huc) {\r
- if (respCode == 200) {\r
- value = t;\r
- return true;\r
- }\r
- return false;\r
- }\r
-\r
- @Override\r
- public String body() {\r
- if (errContent != null) {\r
- return errContent.toString();\r
- } else if (respMessage != null) {\r
- return respMessage;\r
- }\r
- return Integer.toString(respCode);\r
- }\r
- };\r
- }\r
-\r
- @Override\r
- public Future<Void> future(final HttpServletResponse resp, final int expected) throws APIException {\r
- return new HFuture<Void>(huc) {\r
- public boolean evalInfo(HttpURLConnection huc) throws IOException, APIException {\r
- resp.setStatus(respCode);\r
- int read;\r
- InputStream is;\r
- OutputStream os = resp.getOutputStream();\r
- if(respCode==expected) {\r
- is = huc.getInputStream();\r
- // reuse Buffers\r
- Pooled<byte[]> pbuff = Rcli.buffPool.get();\r
- try { \r
- while((read=is.read(pbuff.content))>=0) {\r
- os.write(pbuff.content,0,read);\r
- }\r
- } finally {\r
- pbuff.done();\r
- }\r
- return true;\r
- } else {\r
- is = huc.getErrorStream();\r
- if(is==null) {\r
- is = huc.getInputStream();\r
- }\r
- if(is!=null) {\r
- errContent = new StringBuilder();\r
- Pooled<byte[]> pbuff = Rcli.buffPool.get();\r
- try { \r
- while((read=is.read(pbuff.content))>=0) {\r
- os.write(pbuff.content,0,read);\r
- }\r
- } finally {\r
- pbuff.done();\r
- }\r
- }\r
- }\r
- return false;\r
- }\r
-\r
- @Override\r
- public String body() {\r
- return errContent==null?respMessage:errContent.toString();\r
- }\r
- };\r
- }\r
-\r
- private static class Header {\r
- public final String tag;\r
- public final String value;\r
-\r
- public Header(String t, String v) {\r
- this.tag = t;\r
- this.value = v;\r
- }\r
- \r
- public String toString() {\r
- return tag + '=' + value;\r
- }\r
- }\r
- \r
- public String toString() {\r
- return "HttpURLConnection Client configured to " + uri.toString();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.net.ConnectException;\r
-import java.net.HttpURLConnection;\r
-import java.net.SocketException;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-\r
-import javax.net.ssl.SSLHandshakeException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-public class HMangr {\r
- private String apiVersion;\r
- private int readTimeout, connectionTimeout;\r
- public final Locator<URI> loc;\r
- private Access access;\r
- \r
- public HMangr(Access access, Locator<URI> loc) {\r
- readTimeout = 10000;\r
- connectionTimeout=3000;\r
- this.loc = loc;\r
- this.access = access;\r
- }\r
-\r
- /**\r
- * Reuse the same service. This is helpful for multiple calls that change service side cached data so that \r
- * there is not a speed issue.\r
- * \r
- * If the service goes down, another service will be substituted, if available.\r
- * \r
- * @param access\r
- * @param loc\r
- * @param ss\r
- * @param item\r
- * @param retryable\r
- * @return\r
- * @throws URISyntaxException \r
- * @throws Exception\r
- */\r
- public<RET> RET same(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable) throws APIException, CadiException, LocatorException {\r
- RET ret = null;\r
- boolean retry = true;\r
- int retries = 0;\r
- Rcli<HttpURLConnection> client = retryable.lastClient();\r
- try {\r
- do {\r
- // if no previous state, get the best\r
- if(retryable.item()==null) {\r
- retryable.item(loc.best());\r
- retryable.lastClient = null;\r
- }\r
- if(client==null) {\r
- Item item = retryable.item();\r
- URI uri=loc.get(item);\r
- if(uri==null) {\r
- loc.invalidate(retryable.item());\r
- if(loc.hasItems()) {\r
- retryable.item(loc.next(retryable.item()));\r
- continue;\r
- } else {\r
- throw new LocatorException("No clients available for " + loc.toString());\r
- }\r
- }\r
- client = new HRcli(this, uri,item,ss)\r
- .connectionTimeout(connectionTimeout)\r
- .readTimeout(readTimeout)\r
- .apiVersion(apiVersion);\r
- } else {\r
- client.setSecuritySetter(ss);\r
- }\r
- \r
- retry = false;\r
- try {\r
- ret = retryable.code(client);\r
- } catch (APIException | CadiException e) {\r
- Item item = retryable.item();\r
- loc.invalidate(item);\r
- retryable.item(loc.next(item));\r
- try {\r
- Throwable ec = e.getCause();\r
- if(ec instanceof java.net.ConnectException) {\r
- if(client!=null && ++retries<2) { \r
- access.log(Level.WARN,"Connection refused, trying next available service");\r
- retry = true;\r
- } else {\r
- throw new CadiException("Connection refused, no more available connections to try");\r
- }\r
- } else if(ec instanceof SSLHandshakeException) {\r
- retryable.item(null);\r
- throw e;\r
- } else if(ec instanceof SocketException) {\r
- if("java.net.SocketException: Connection reset".equals(ec.getMessage())) {\r
- access.log(Level.ERROR, ec.getMessage(), " can mean Certificate Expiration or TLS Protocol issues");\r
- }\r
- retryable.item(null);\r
- throw e;\r
- } else {\r
- retryable.item(null);\r
- throw e;\r
- }\r
- } finally {\r
- client = null;\r
- }\r
- } catch (ConnectException e) {\r
- Item item = retryable.item();\r
- loc.invalidate(item);\r
- retryable.item(loc.next(item));\r
- }\r
- } while(retry);\r
- } finally {\r
- retryable.lastClient = client;\r
- }\r
- return ret;\r
- }\r
- \r
- \r
- public<RET> RET best(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable) throws LocatorException, CadiException, APIException {\r
- if(loc==null) {\r
- throw new LocatorException("No Locator Configured");\r
- }\r
- retryable.item(loc.best());\r
- return same(ss,retryable);\r
- }\r
- public<RET> RET all(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable) throws LocatorException, CadiException, APIException {\r
- return oneOf(ss,retryable,true,null);\r
- }\r
-\r
- public<RET> RET all(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable,boolean notify) throws LocatorException, CadiException, APIException {\r
- return oneOf(ss,retryable,notify,null);\r
- }\r
- \r
- public<RET> RET oneOf(SecuritySetter<HttpURLConnection> ss, Retryable<RET> retryable,boolean notify,String host) throws LocatorException, CadiException, APIException {\r
- RET ret = null;\r
- // make sure we have all current references:\r
- loc.refresh();\r
- for(Item li=loc.first();li!=null;li=loc.next(li)) {\r
- URI uri=loc.get(li);\r
- if(host!=null && !host.equals(uri.getHost())) {\r
- break;\r
- }\r
- try {\r
- ret = retryable.code(new HRcli(this,uri,li,ss));\r
- access.log(Level.DEBUG,"Success calling",uri,"during call to all services");\r
- } catch (APIException | CadiException e) {\r
- Throwable t = e.getCause();\r
- if(t!=null && t instanceof ConnectException) {\r
- loc.invalidate(li);\r
- access.log(Level.ERROR,"Connection to",uri,"refused during call to all services");\r
- } else if(t instanceof SSLHandshakeException) {\r
- access.log(Level.ERROR,t.getMessage());\r
- loc.invalidate(li);\r
- } else if(t instanceof SocketException) {\r
- if("java.net.SocketException: Connection reset".equals(t.getMessage())) {\r
- access.log(Level.ERROR, t.getMessage(), " can mean Certificate Expiration or TLS Protocol issues");\r
- }\r
- retryable.item(null);\r
- throw e;\r
- } else {\r
- throw e;\r
- }\r
- } catch (ConnectException e) {\r
- loc.invalidate(li);\r
- access.log(Level.ERROR,"Connection to",uri,"refused during call to all services");\r
- }\r
- }\r
- \r
- if(ret == null && notify) \r
- throw new LocatorException("No available clients to call");\r
- return ret;\r
- }\r
- \r
-\r
- public void close() {\r
- // TODO Anything here?\r
- }\r
-\r
- public HMangr readTimeout(int timeout) {\r
- this.readTimeout = timeout;\r
- return this;\r
- }\r
-\r
- public int readTimeout() {\r
- return readTimeout;\r
- }\r
- \r
- public void connectionTimeout(int t) {\r
- connectionTimeout = t;\r
- }\r
-\r
- public int connectionTimout() {\r
- return connectionTimeout;\r
- }\r
-\r
- public HMangr apiVersion(String version) {\r
- apiVersion = version;\r
- return this;\r
- }\r
-\r
- public String apiVersion() {\r
- return apiVersion;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.net.HttpURLConnection;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.client.EClient;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-\r
-/**\r
- * DME2 Rosetta Client\r
- * \r
- * JAXB defined JSON or XML over DME2 middleware\r
- * \r
- *\r
- * @param <T>\r
- */\r
-public class HRcli extends Rcli<HttpURLConnection> {\r
- private HMangr hman;\r
- private Item item;\r
- private SecuritySetter<HttpURLConnection> ss;\r
-\r
- public HRcli(HMangr hman, Item locItem, SecuritySetter<HttpURLConnection> secSet) throws URISyntaxException, LocatorException {\r
- item=locItem;\r
- uri=hman.loc.get(locItem);\r
- this.hman = hman;\r
- ss=secSet;\r
- type = TYPE.JSON;\r
- apiVersion = hman.apiVersion();\r
- }\r
-\r
- public HRcli(HMangr hman, URI uri, Item locItem, SecuritySetter<HttpURLConnection> secSet) {\r
- locItem=item;\r
- this.uri = uri;\r
- this.hman = hman;\r
- ss=secSet;\r
- type = TYPE.JSON;\r
- apiVersion = hman.apiVersion();\r
- }\r
-\r
- @Override\r
- protected HRcli clone(URI uri, SecuritySetter<HttpURLConnection> ss) {\r
- return new HRcli(hman,uri,item,ss);\r
- }\r
-\r
-\r
-\r
- /**\r
- * Note from Thaniga on 11/5. DME2Client is not expected to be reused... need a fresh one\r
- * on each transaction, which is expected to cover the Async aspects.\r
- * \r
- * @return\r
- * @throws APIException \r
- * @throws DME2Exception \r
- */\r
- protected EClient<HttpURLConnection> client() throws CadiException {\r
- try {\r
- if(uri==null) {\r
- Item item = hman.loc.best();\r
- if(item==null) {\r
- throw new CadiException("No service available for " + hman.loc.toString());\r
- }\r
- uri = hman.loc.get(item);\r
- }\r
- return new HClient(ss,uri,connectionTimeout);\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.client.Rcli#setSecuritySetter(com.att.cadi.SecuritySetter)\r
- */\r
- @Override\r
- public void setSecuritySetter(SecuritySetter<HttpURLConnection> ss) {\r
- this.ss = ss;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.client.Rcli#getSecuritySetter()\r
- */\r
- @Override\r
- public SecuritySetter<HttpURLConnection> getSecuritySetter() {\r
- return ss;\r
- }\r
-\r
- public void invalidate() throws CadiException {\r
- try {\r
- hman.loc.invalidate(item);\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- \r
- public HRcli setManager(HMangr hman) {\r
- this.hman = hman;\r
- return this;\r
- }\r
-\r
- public String toString() {\r
- return uri.toString();\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.io.IOException;\r
-import java.net.HttpURLConnection;\r
-import java.security.Principal;\r
-\r
-import javax.net.ssl.HttpsURLConnection;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.client.AbsTransferSS;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-\r
-\r
-public class HTransferSS extends AbsTransferSS<HttpURLConnection> {\r
- public HTransferSS(Principal principal, String app) throws IOException {\r
- super(principal, app);\r
- }\r
- \r
- public HTransferSS(Principal principal, String app, SecurityInfoC<HttpURLConnection> si) {\r
- super(principal, app, si);\r
- }\r
-\r
- @Override\r
- public void setSecurity(HttpURLConnection huc) throws CadiException {\r
- if(value!=null) {\r
- if(defSS==null) {\r
- throw new CadiException("Need App Credentials to send message");\r
- }\r
- defSS.setSecurity(huc);\r
- huc.addRequestProperty(Config.CADI_USER_CHAIN, value);\r
- }\r
- if(securityInfo!=null) {\r
- securityInfo.setSocketFactoryOn((HttpsURLConnection)huc);\r
- }\r
- }\r
- \r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.net.HttpURLConnection;\r
-import java.security.PrivateKey;\r
-import java.security.SecureRandom;\r
-import java.security.Signature;\r
-import java.security.cert.CertificateEncodingException;\r
-import java.security.cert.X509Certificate;\r
-\r
-import javax.net.ssl.HttpsURLConnection;\r
-import javax.net.ssl.X509KeyManager;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-\r
-\r
-public class HX509SS implements SecuritySetter<HttpURLConnection> {\r
- private static final byte[] X509 = "x509 ".getBytes();\r
- private PrivateKey priv;\r
- private byte[] pub;\r
- private String cert;\r
- private SecurityInfoC<HttpURLConnection> securityInfo;\r
- private String algo;\r
- private String alias;\r
- private static int count = new SecureRandom().nextInt();\r
-\r
- public HX509SS(SecurityInfoC<HttpURLConnection> si) throws APIException, IOException, CertificateEncodingException {\r
- this(null,si,false);\r
- }\r
- \r
- public HX509SS(SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, IOException, CertificateEncodingException {\r
- this(null,si,asDefault);\r
- }\r
- \r
- public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si) throws APIException, IOException, CertificateEncodingException {\r
- this(sendAlias, si, false);\r
- }\r
-\r
- public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, IOException, CertificateEncodingException {\r
- securityInfo = si;\r
- if((alias=sendAlias) == null) {\r
- if(si.default_alias == null) {\r
- throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias");\r
- } else {\r
- alias = si.default_alias;\r
- }\r
- }\r
- \r
- priv=null;\r
- X509KeyManager[] xkms = si.getKeyManagers();\r
- if(xkms==null || xkms.length==0) {\r
- throw new APIException("There are no valid keys available in given Keystores. Wrong Keypass? Expired?");\r
- }\r
- for(int i=0;priv==null&&i<xkms.length;++i) {\r
- priv = xkms[i].getPrivateKey(alias);\r
- }\r
- for(int i=0;cert==null&&i<xkms.length;++i) {\r
- X509Certificate[] chain = xkms[i].getCertificateChain(alias);\r
- if(chain!=null&&chain.length>0) {\r
- algo = chain[0].getSigAlgName(); \r
- pub = chain[0].getEncoded();\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream(pub.length*2); \r
- ByteArrayInputStream bais = new ByteArrayInputStream(pub);\r
- Symm.base64noSplit.encode(bais,baos,X509);\r
- cert = baos.toString();\r
- \r
- /*\r
- // Inner Test code, uncomment if fix needed\r
- bais = new ByteArrayInputStream(baos.toByteArray());\r
- baos = new ByteArrayOutputStream(input.length*2);\r
- Symm.base64noSplit().decode(bais,baos,5);\r
- byte[] output = baos.toByteArray();\r
- String reconstitute = output.toString();\r
- System.out.println("ok");\r
- CertificateFactory certFactory;\r
- try {\r
- bais = new ByteArrayInputStream(output);\r
- certFactory = CertificateFactory.getInstance("X.509");\r
- X509Certificate x509 = (X509Certificate)certFactory.generateCertificate(bais);\r
- System.out.println(x509.toString());\r
- } catch (CertificateException e) {\r
- e.printStackTrace();\r
- }\r
- */\r
- }\r
- }\r
- if(algo==null) {\r
- throw new APIException("X509 Security Setter not configured");\r
- }\r
- }\r
-\r
- @Override\r
- public void setSecurity(HttpURLConnection huc) throws CadiException {\r
- if(huc instanceof HttpsURLConnection) {\r
- securityInfo.setSocketFactoryOn((HttpsURLConnection)huc);\r
- }\r
- if(alias==null) { // must be a one-way\r
- huc.setRequestProperty("Authorization", cert);\r
- \r
- // Test Signed content\r
- try {\r
- String data = "SignedContent["+ inc() + ']' + Chrono.dateTime();\r
- huc.setRequestProperty("Data", data);\r
- \r
- Signature sig = Signature.getInstance(algo);\r
- sig.initSign(priv);\r
- sig.update(data.getBytes());\r
- byte[] signature = sig.sign();\r
- \r
- ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(signature.length*1.3));\r
- ByteArrayInputStream bais = new ByteArrayInputStream(signature);\r
- Symm.base64noSplit.encode(bais, baos);\r
- huc.setRequestProperty("Signature", new String(baos.toByteArray()));\r
- \r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- }\r
- \r
- private synchronized int inc() {\r
- return ++count;\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.SecuritySetter#getID()\r
- */\r
- @Override\r
- public String getID() {\r
- return alias;\r
- }\r
- \r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.locator;\r
-\r
-\r
-import java.net.InetAddress;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.net.UnknownHostException;\r
-import java.util.Arrays;\r
-import java.util.Comparator;\r
-import java.util.Properties;\r
-import java.util.Random;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Access.Level;\r
-\r
-import java.security.SecureRandom;\r
-\r
-//import com.att.aft.dme2.api.DME2Endpoint;\r
-import com.att.aft.dme2.api.DME2Exception;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import com.att.aft.dme2.api.DME2Server;\r
-import com.att.aft.dme2.manager.registry.DME2Endpoint;\r
-\r
-public class DME2Locator implements Locator<URI> {\r
- private DME2Manager dm;\r
- private DME2Endpoint[] endpoints;\r
- private Access access;\r
- private String service;\r
- private String version;\r
- private String routeOffer;\r
- private String envContext;\r
- private String thisMachine;\r
- private String pathInfo;\r
- private int thisPort;\r
- private boolean removeSelf;\r
- private final static SecureRandom random = new SecureRandom();\r
-\r
- // Default is to not bother trying to remove self\r
- public DME2Locator(Access access, DME2Manager dm, String service, String version, String envContext, String routeOffer) throws DME2Exception, UnknownHostException, LocatorException {\r
- this(access,dm,service,version,envContext,routeOffer,false);\r
- }\r
- \r
- public DME2Locator(Access access, DME2Manager dm, String service, String version, String envContext, String routeOffer, boolean removeSelf) throws DME2Exception, UnknownHostException, LocatorException {\r
- this.access = access;\r
- if(dm==null) {\r
- this.dm = new DME2Manager("DME2Locator created DME2Manager",System.getProperties());\r
- } else {\r
- this.dm = dm;\r
- }\r
- this.service = service;\r
- this.version = version;\r
- this.envContext = envContext;\r
- this.routeOffer = routeOffer;\r
- refresh();\r
- if(thisMachine==null) {\r
- // Can't get from dm... \r
- thisMachine = InetAddress.getLocalHost().getHostName();\r
- thisPort = 0;\r
- } else {\r
- thisPort = dm.getPort();\r
- }\r
-\r
- this.removeSelf = removeSelf;\r
- }\r
-\r
- // Default is to not bother trying to remove self\r
- public DME2Locator(Access access, DME2Manager dm, String aafurl) throws DME2Exception, UnknownHostException, LocatorException {\r
- this(access,dm,aafurl,false);\r
- }\r
- \r
- public DME2Locator(Access access, DME2Manager dm, String aafurl, boolean removeSelf) throws DME2Exception, UnknownHostException, LocatorException {\r
- if(aafurl==null) {\r
- throw new LocatorException("URL is null");\r
- }\r
- this.access = access;\r
- if(dm==null) {\r
- Properties dprops;\r
- if(access instanceof PropAccess) {\r
- dprops = ((PropAccess)access).getDME2Properties();\r
- } else {\r
- dprops = System.getProperties();\r
- }\r
- dm = this.dm = new DME2Manager("DME2Locator created DME2Manager",dprops);\r
- } else {\r
- this.dm = dm;\r
- }\r
- String[] split = aafurl.split("/");\r
- StringBuilder sb = new StringBuilder();\r
- boolean dme2Entered = false;\r
- for(String s : split) {\r
- if(s.startsWith("service=")) {\r
- this.service = s.substring(8);\r
- } else if(s.startsWith("version=")) {\r
- this.version = s.substring(8);\r
- } else if(s.startsWith("envContext=")) {\r
- this.envContext = s.substring(11);\r
- } else if(s.startsWith("routeOffer=")) {\r
- this.routeOffer = s.substring(11);\r
- dme2Entered = true;\r
- } else if(dme2Entered) {\r
- sb.append('/');\r
- sb.append(s);\r
- }\r
- }\r
- pathInfo = sb.toString();\r
- thisMachine = dm.getHostname();\r
- if(thisMachine==null) {\r
- // Can't get from dm... \r
- thisMachine = InetAddress.getLocalHost().getHostName();\r
- thisPort = 0;\r
- } else {\r
- thisPort = dm.getPort();\r
- }\r
- this.removeSelf=removeSelf;\r
- refresh();\r
- }\r
- \r
- @Override\r
- public boolean refresh() {\r
- try {\r
- dm.refresh();\r
- //endpoints = dm.findEndpoints(service, version, envContext, routeOffer, true);\r
- if(removeSelf) {\r
-// for(int i=0;i<endpoints.length;++i) {\r
-// if(endpoints[i].getPort()==thisPort && endpoints[i].getHost().equals(thisMachine))\r
-// endpoints[i]=null;\r
- }\r
- //}\r
- //return endpoints.length!=0;\r
- } catch (Exception e) {\r
- access.log(Level.ERROR, e.getMessage());\r
- }\r
- return false;\r
- }\r
-\r
- private String noEndpointsString() {\r
- StringBuilder sb = new StringBuilder("No DME2 Endpoints found for ");\r
- sb.append(service);\r
- sb.append('/');\r
- sb.append(version);\r
- sb.append('/');\r
- sb.append(envContext);\r
- sb.append('/');\r
- sb.append(routeOffer);\r
- return sb.toString();\r
- }\r
-\r
- @Override\r
- public URI get(Locator.Item item) throws LocatorException {\r
- if(!hasItems()) \r
- throw new LocatorException(noEndpointsString());\r
- if(item == null) \r
- return null;\r
-\r
- DME2Item li = ((DME2Item)item);\r
- // if URI has been created, use it\r
- if(li.uri!=null)return li.uri;\r
- \r
- // URI not created, create it\r
-// if(li.idx<endpoints.length) {\r
-// DME2Endpoint de = endpoints[li.idx];\r
-// if(de!=null) {\r
-// try {\r
-// return li.uri=new URI(de.getProtocol().toLowerCase(),null,de.getHost(),de.getPort(),pathInfo,null,null);\r
-// } catch (URISyntaxException e) {\r
-// throw new LocatorException(e);\r
-// }\r
-// }\r
-// }\r
- return null;\r
- }\r
- \r
- @Override\r
- public boolean hasItems() {\r
- //return endpoints!=null && endpoints.length>0;\r
- return true;\r
- }\r
-\r
- @Override\r
- public void invalidate(Locator.Item item) throws LocatorException {\r
- if(item instanceof DME2Item) {\r
- int idx = ((DME2Item)item).idx;\r
-// if(idx<endpoints.length) {\r
-// DME2Endpoint uhoh = endpoints[idx]; // Sometimes, DME2Endpoint, at least on File system, returns bogus entries.\r
-// endpoints[idx]=null;\r
-// boolean noneLeft=true;\r
-// for(int i=0;i<endpoints.length && noneLeft;++i) {\r
-// noneLeft = endpoints[i]==null;\r
-// }\r
-// if(noneLeft && refresh()) { // make sure DME2 isn't giving us the same invalidated entry...\r
-// for(int i=0;i<endpoints.length && noneLeft;++i) {\r
-// DME2Endpoint ep = endpoints[i];\r
-// if(ep != null && \r
-// ep.getHost().equals(uhoh.getHost()) &&\r
-// ep.getPort()==uhoh.getPort()) {\r
-// endpoints[i]=null;\r
-// }\r
-// }\r
-// }\r
-// \r
-// }\r
- }\r
- }\r
-\r
- public class DME2Item implements Locator.Item {\r
- private final int idx;\r
- private URI uri;\r
- private DME2Item(int i) {\r
- idx = i;\r
- uri = null;\r
- }\r
- }\r
-\r
- @Override\r
- public DME2Item best() throws LocatorException {\r
- if(!hasItems()) // checks endpoints\r
- if(!refresh()) throw new LocatorException("No DME2 Endpoints Available");\r
- \r
- // Some endpoints in Array are null. Need sub array of usable endpoints\r
- //int usable[] = new int[endpoints.length];\r
- int count=0;\r
-int[] usable = null;\r
- // for(int i=0;i<endpoints.length;++i) {\r
-// if(endpoints[i]!=null) {\r
-// usable[count++] = i;\r
-// }\r
-// }\r
- switch(count) {\r
- case 0: refresh(); return null;\r
- case 1: return new DME2Item(usable[0]);\r
- default:\r
- int samemach[] = new int[count];\r
- int samecount = 0,closecount=0;\r
- // has to be sortable\r
- Integer closemach[] = new Integer[count];\r
- \r
- // Analyze for Same Machine or Remote machines\r
-// for(int i=0;i<count;++i) {\r
-// DME2Endpoint ep = endpoints[usable[i]];\r
-// String host = ep.getHost();\r
-// if(thisMachine.equalsIgnoreCase(host)) {\r
-// samemach[samecount++] = usable[i];\r
-// } else {\r
-// closemach[closecount++] = usable[i];\r
-// }\r
-// }\r
- \r
- switch(samecount) {\r
- case 0: break;\r
- case 1: return new DME2Item(samemach[0]);\r
- default: // return randomized is multiple Endpoints on local machine.\r
- int i = random.nextInt();\r
- return new DME2Item(usable[Math.abs(i%samecount)]);\r
- }\r
- \r
- // Analyze for closest remote\r
- switch(closecount) {\r
- case 0: return null;\r
- case 1: return new DME2Item(closemach[0]);\r
- default: // return closest machine\r
- DoubIndex remote[] = new DoubIndex[closecount];\r
- int remotecount = 0;\r
- for(int i=0;i<closecount;++i) {\r
- //DME2Endpoint de = endpoints[usable[i]];\r
- // remote[remotecount++] = new DoubIndex(de.getDistance(),i);\r
- }\r
- Arrays.sort(remote,new Comparator<DoubIndex> () {\r
- @Override\r
- public int compare(DoubIndex a, DoubIndex b) {\r
- if(a.d<b.d) return -1;\r
- if(a.d>b.d) return 1;\r
- return (random.nextInt()%1)==0?1:0;// randomize if the same\r
- }\r
- \r
- });\r
- return new DME2Item(remote[0].idx);\r
- }\r
- }\r
- }\r
- \r
- private static class DoubIndex {\r
- public final double d;\r
- public final int idx;\r
- \r
- public DoubIndex(double doub, int i) {\r
- d = doub;\r
- idx = i;\r
- }\r
- }\r
- @Override\r
- public DME2Item first() {\r
-// if(endpoints==null)return null;\r
-// for(int i=0;i<endpoints.length;++i) {\r
-// if(endpoints[i]!=null)\r
-// return new DME2Item(i); \r
-// }\r
- return null;\r
- }\r
-\r
- @Override\r
- public DME2Item next(Locator.Item item) throws LocatorException {\r
- //if(endpoints==null || endpoints.length==0 || !(item instanceof DME2Item))return null;\r
- int idx = ((DME2Item)item).idx +1;\r
-// for(int i=idx;i<endpoints.length;++i) {\r
-// if(endpoints[i]!=null)\r
-// return new DME2Item(i); \r
-// }\r
-// This is a mistake.. will start infinite loops\r
-// // Did not have any at end... try beginning\r
-// for(int i=0;i<idx-1;++i) {\r
-// if(endpoints[i]!=null)\r
-// return new Item(i); \r
-// }\r
-// // If still nothing, refresh\r
-// refresh();\r
- return null;\r
- }\r
- \r
- @Override\r
- public void destroy() {\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.locator;\r
-\r
-import java.io.IOException;\r
-import java.net.InetAddress;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Access.Level;\r
-\r
-public class DNSLocator implements Locator<URI> {\r
- private static enum Status {UNTRIED, OK, INVALID, SLOW};\r
- private static final int CHECK_TIME = 3000;\r
- \r
- private String host, protocol;\r
- private Access access;\r
- private Host[] hosts;\r
- private int startPort, endPort;\r
- private String suffix;\r
- \r
- public DNSLocator(Access access, String protocol, String host, String range) {\r
- this.host = host;\r
- this.protocol = protocol;\r
- this.access = access;\r
- int dash = range.indexOf('-');\r
- if(dash<0) {\r
- startPort = endPort = Integer.parseInt(range);\r
- } else {\r
- startPort = Integer.parseInt(range.substring(0,dash));\r
- endPort = Integer.parseInt(range.substring(dash + 1));\r
- }\r
- refresh();\r
- }\r
-\r
- @Override\r
- public URI get(Item item) throws LocatorException {\r
- return hosts[((DLItem)item).cnt].uri;\r
- }\r
-\r
- @Override\r
- public boolean hasItems() {\r
- for(Host h : hosts) {\r
- if(h.status==Status.OK) {\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
-\r
- @Override\r
- public void invalidate(Item item) {\r
- DLItem di = (DLItem)item;\r
- hosts[di.cnt].status = Status.INVALID;\r
- }\r
-\r
- @Override\r
- public Item best() throws LocatorException {\r
- // not a good "best"\r
- for(int i=0;i<hosts.length;++i) {\r
- switch(hosts[i].status) {\r
- case OK:\r
- return new DLItem(i);\r
- case INVALID:\r
- break;\r
- case SLOW:\r
- break;\r
- case UNTRIED:\r
- try {\r
- if(hosts[i].ia.isReachable(CHECK_TIME)) {\r
- hosts[i].status = Status.OK;\r
- return new DLItem(i);\r
- }\r
- } catch (IOException e) {\r
- throw new LocatorException(e);\r
- }\r
- break;\r
- default:\r
- break;\r
- }\r
- }\r
- throw new LocatorException("No Available URIs for " + host);\r
- }\r
-\r
- @Override\r
- public Item first() throws LocatorException {\r
- return new DLItem(0);\r
- }\r
-\r
- @Override\r
- public Item next(Item item) throws LocatorException {\r
- DLItem di = (DLItem)item;\r
- if(++di.cnt<hosts.length) {\r
- return di;\r
- } else {\r
- return null;\r
- }\r
- }\r
-\r
- @Override\r
- public boolean refresh() {\r
- try {\r
- InetAddress[] ias = InetAddress.getAllByName(host);\r
- Host[] temp = new Host[ias.length * (1 + endPort - startPort)];\r
- int cnt = -1;\r
- for(int j=startPort; j<=endPort; ++j) {\r
- for(int i=0;i<ias.length;++i) {\r
- temp[++cnt] = new Host(ias[i], j, suffix);\r
- }\r
- }\r
- hosts = temp;\r
- return true;\r
- } catch (Exception e) {\r
- access.log(Level.ERROR, e);\r
- }\r
- return false;\r
- }\r
-\r
- private class Host {\r
- private URI uri;\r
- private InetAddress ia;\r
- private Status status;\r
- \r
- public Host(InetAddress inetAddress, int port, String suffix) throws URISyntaxException {\r
- ia = inetAddress;\r
- uri = new URI(protocol,null,inetAddress.getHostAddress(),port,suffix,null,null);\r
- status = Status.UNTRIED;\r
- }\r
- }\r
- \r
- private class DLItem implements Item {\r
- public DLItem(int i) {\r
- cnt = i;\r
- }\r
-\r
- private int cnt;\r
- }\r
- \r
- public void destroy() {}\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.locator;\r
-\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.http.HClient;\r
-import org.onap.aaf.cadi.http.HX509SS;\r
-\r
-public class HClientHotPeerLocator extends HotPeerLocator<HClient> {\r
- private final HX509SS ss;\r
-\r
- public HClientHotPeerLocator(Access access, String urlstr, long invalidateTime, String localLatitude,\r
- String localLongitude, HX509SS ss) throws LocatorException {\r
- super(access, urlstr, invalidateTime, localLatitude, localLongitude);\r
- \r
- this.ss = ss;\r
- }\r
-\r
- @Override\r
- protected HClient _newClient(String clientInfo) throws LocatorException {\r
- try {\r
- int idx = clientInfo.indexOf('/');\r
- return new HClient(ss,new URI("https://"+(idx<0?clientInfo:clientInfo.substring(0, idx))),3000);\r
- } catch (URISyntaxException e) {\r
- throw new LocatorException(e);\r
- }\r
- }\r
-\r
- @Override\r
- protected HClient _invalidate(HClient client) {\r
- return null;\r
- }\r
-\r
- @Override\r
- protected void _destroy(HClient client) {\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.locator;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.routing.GreatCircle;\r
-\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-/**\r
- * This Locator is to handle Hot Peer load protection, when the Servers are \r
- * 1) Static\r
- * 2) Well known client URL\r
- * \r
- * The intention is to change traffic over to the Hot Peer, if a server goes down, and reinstate\r
- * when it is back up.\r
- * \r
- * Example of this kind of Service is a MS Certificate Server\r
- * \r
- *\r
- *\r
- * @param <CLIENT>\r
- */\r
-public abstract class HotPeerLocator<CLIENT> implements Locator<CLIENT> {\r
- private final String[] urlstrs;\r
- private final CLIENT[] clients;\r
- private final long[] failures;\r
- private final double[] distances;\r
- private int preferred;\r
- private long invalidateTime;\r
- private Thread refreshThread;\r
- protected Access access;\r
-\r
- /**\r
- * Construct: Expect one or more Strings in the form:\r
- * 192.555.112.223:39/38.88087/-77.30122\r
- * separated by commas\r
- * \r
- * @param trans\r
- * @param urlstr\r
- * @param invalidateTime\r
- * @param localLatitude\r
- * @param localLongitude\r
- * @throws LocatorException\r
- */\r
- @SuppressWarnings("unchecked")\r
- protected HotPeerLocator(Access access, final String urlstr, final long invalidateTime, final String localLatitude, final String localLongitude) throws LocatorException {\r
- this.access = access;\r
- urlstrs = Split.split(',', urlstr);\r
- clients = (CLIENT[])new Object[urlstrs.length];\r
- failures = new long[urlstrs.length];\r
- distances= new double[urlstrs.length];\r
- this.invalidateTime = invalidateTime;\r
- \r
- double distance = Double.MAX_VALUE;\r
- for(int i=0;i<urlstrs.length;++i) {\r
- String[] info = Split.split('/', urlstrs[i]);\r
- if(info.length<3) {\r
- throw new LocatorException("Configuration needs LAT and LONG, i.e. ip:port/lat/long");\r
- }\r
- try {\r
- clients[i] = _newClient(urlstrs[i]);\r
- failures[i] = 0L;\r
- } catch(LocatorException le) {\r
- failures[i] = System.currentTimeMillis()+invalidateTime;\r
- }\r
- \r
- double d = GreatCircle.calc(info[1],info[2],localLatitude,localLongitude);\r
- distances[i]=d;\r
- \r
- // find preferred server\r
- if(d<distance) {\r
- preferred = i;\r
- distance=d;\r
- }\r
- }\r
- \r
- access.printf(Level.INIT,"Preferred Client is %s",urlstrs[preferred]);\r
- for(int i=0;i<urlstrs.length;++i) {\r
- if(i!=preferred) {\r
- access.printf(Level.INIT,"Alternate Client is %s",urlstrs[i]);\r
- }\r
- }\r
- }\r
- \r
- protected abstract CLIENT _newClient(String hostInfo) throws LocatorException;\r
- /**\r
- * If client can reconnect, then return. Otherwise, destroy and return null;\r
- * @param client\r
- * @return\r
- * @throws LocatorException\r
- */\r
- protected abstract CLIENT _invalidate(CLIENT client);\r
- \r
- protected abstract void _destroy(CLIENT client);\r
- \r
- @Override\r
- public Item best() throws LocatorException {\r
- if(failures[preferred]==0L) {\r
- return new HPItem(preferred);\r
- } else {\r
- long now = System.currentTimeMillis();\r
- double d = Double.MAX_VALUE;\r
- int best = -1;\r
- boolean tickle = false;\r
- // try for best existing client\r
- for(int i=0;i<urlstrs.length;++i) {\r
- if(failures[i]<now && distances[i]<d) {\r
- if(clients[i]!=null) {\r
- best = i;\r
- break;\r
- } else {\r
- tickle = true; // There's some failed clients which can be restored\r
- }\r
- }\r
- }\r
- if(best<0 && tickle) {\r
- tickle=false;\r
- if(refresh()) {\r
- // try again\r
- for(int i=0;i<urlstrs.length;++i) {\r
- if(failures[i]==0L && distances[i]<d) {\r
- if(clients[i]!=null) {\r
- best = i;\r
- break;\r
- }\r
- }\r
- }\r
- }\r
- }\r
- \r
- /*\r
- * If a valid client is available, but there are some that can refresh, return the client immediately\r
- * but start a Thread to do the background Client setup.\r
- */\r
- if(tickle) {\r
- synchronized(clients) {\r
- if(refreshThread==null) {\r
- refreshThread = new Thread(new Runnable(){\r
- @Override\r
- public void run() {\r
- refresh();\r
- refreshThread = null;\r
- }\r
- });\r
- refreshThread.setDaemon(true);\r
- refreshThread.start();\r
- }\r
- }\r
- }\r
- \r
- if(best<0) {\r
- throw new LocatorException("No Clients available");\r
- }\r
-\r
- \r
- return new HPItem(best);\r
- }\r
- }\r
- \r
-\r
- @Override\r
- public CLIENT get(Item item) throws LocatorException {\r
- HPItem hpi = (HPItem)item;\r
- CLIENT c = clients[hpi.idx];\r
- if(c==null) {\r
- if(failures[hpi.idx]>System.currentTimeMillis()) {\r
- throw new LocatorException("Client requested is invalid"); \r
- } else {\r
- synchronized(clients) {\r
- c = _newClient(urlstrs[hpi.idx]);\r
- failures[hpi.idx]=0L;\r
- }\r
- }\r
- } else if(failures[hpi.idx]>0){\r
- throw new LocatorException("Client requested is invalid");\r
- }\r
- return c;\r
- }\r
- \r
- public String info(Item item) {\r
- HPItem hpi = (HPItem)item;\r
- if(hpi!=null && hpi.idx<urlstrs.length) {\r
- return urlstrs[hpi.idx];\r
- } else {\r
- return "Invalid Item";\r
- }\r
- }\r
-\r
- @Override\r
- public boolean hasItems() {\r
- for(int i=0;i<clients.length;++i) {\r
- if(clients[i]!=null && failures[i]==0L) {\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
- \r
- @Override\r
- public synchronized void invalidate(Item item) throws LocatorException {\r
- HPItem hpi = (HPItem)item;\r
- failures[hpi.idx] = System.currentTimeMillis() + invalidateTime;\r
- CLIENT c = clients[hpi.idx];\r
- clients[hpi.idx] = _invalidate(c);\r
- }\r
- \r
- @Override\r
- public Item first() throws LocatorException {\r
- return new HPItem(0);\r
- }\r
- \r
- @Override\r
- public Item next(Item item) throws LocatorException {\r
- HPItem hpi = (HPItem)item;\r
- if(++hpi.idx>=clients.length) {\r
- return null;\r
- }\r
- return hpi;\r
- }\r
- \r
- @Override\r
- public boolean refresh() {\r
- boolean force = !hasItems(); // If no Items at all, reset\r
- boolean rv = true;\r
- long now = System.currentTimeMillis();\r
- for(int i=0;i<clients.length;++i) {\r
- if(failures[i]>0L && (failures[i]<now || force)) { // retry\r
- try {\r
- synchronized(clients) {\r
- if(clients[i]==null) {\r
- clients[i]=_newClient(urlstrs[i]);\r
- }\r
- failures[i]=0L;\r
- }\r
- } catch (LocatorException e) {\r
- failures[i]=now+invalidateTime;\r
- rv = false;\r
- }\r
- }\r
- }\r
- return rv;\r
- }\r
- \r
- @Override\r
- public void destroy() {\r
- for(int i=0;i<clients.length;++i) {\r
- if(clients[i]!=null) {\r
- _destroy(clients[i]);\r
- clients[i] = null;\r
- }\r
- }\r
- }\r
-\r
- private static class HPItem implements Item {\r
- private int idx;\r
-\r
- public HPItem(int i) {\r
- idx = i;\r
- }\r
- }\r
- \r
-\r
- /*\r
- * Convenience Functions\r
- */\r
- public CLIENT bestClient() throws LocatorException {\r
- return get(best());\r
- }\r
-\r
- public boolean invalidate(CLIENT client) throws LocatorException {\r
- for(int i=0;i<clients.length;++i) {\r
- if(clients[i]==client) { // yes, "==" is appropriate here.. Comparing Java Object Reference\r
- invalidate(new HPItem(i));\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
-\r
- }\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.locator;\r
-\r
-import java.io.IOException;\r
-import java.net.InetAddress;\r
-import java.net.InetSocketAddress;\r
-import java.net.Socket;\r
-import java.net.URI;\r
-import java.net.URISyntaxException;\r
-import java.net.UnknownHostException;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.security.SecureRandom;\r
-import java.util.Timer;\r
-import java.util.TimerTask;\r
-\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.LocatorException;\r
-\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-public class PropertyLocator implements Locator<URI> {\r
- private final URI [] orig;\r
- private PLItem[] current;\r
- private int end;\r
- private final SecureRandom random;\r
- private URI[] resolved;\r
- private long lastRefreshed=0L;\r
- private long minRefresh;\r
- private long backgroundRefresh;\r
-\r
- public PropertyLocator(String locList) throws LocatorException {\r
- this(locList,10000L, 1000*60*20); // defaults, do not refresh more than once in 10 seconds, Refresh Locator every 20 mins.\r
- }\r
- /**\r
- * comma delimited root url list\r
- * \r
- * @param locList\r
- * @throws LocatorException\r
- */\r
- public PropertyLocator(String locList, long minRefreshMillis, long backgroundRefreshMillis) throws LocatorException {\r
- minRefresh = minRefreshMillis;\r
- backgroundRefresh = backgroundRefreshMillis;\r
- if(locList==null) {\r
- throw new LocatorException("No Location List given for PropertyLocator");\r
- }\r
- String[] locarray = Split.split(',',locList);\r
- List<URI> uriList = new ArrayList<URI>();\r
- \r
- random = new SecureRandom();\r
- \r
- for(int i=0;i<locarray.length;++i) {\r
- try {\r
- int range = locarray[i].indexOf(":[");\r
- if(range<0) {\r
- uriList.add(new URI(locarray[i]));\r
- } else {\r
- int dash = locarray[i].indexOf('-',range+2);\r
- int brac = locarray[i].indexOf(']',dash+1);\r
- int start = Integer.parseInt(locarray[i].substring(range+2, dash));\r
- int end = Integer.parseInt(locarray[i].substring(dash+1, brac));\r
- for(int port=start;port<=end;++port) {\r
- uriList.add(new URI(locarray[i].substring(0, range+1)+port));\r
- }\r
- }\r
- } catch (NumberFormatException nf) {\r
- throw new LocatorException("Invalid URI format: " + locarray[i]);\r
- } catch (URISyntaxException e) {\r
- throw new LocatorException(e);\r
- }\r
- }\r
- orig = new URI[uriList.size()];\r
- uriList.toArray(orig);\r
-\r
- refresh();\r
- new Timer("PropertyLocator Refresh Timer",true).scheduleAtFixedRate(new TimerTask() {\r
- @Override\r
- public void run() {\r
- refresh();\r
- }\r
- }, backgroundRefresh,backgroundRefresh);\r
-\r
- }\r
-\r
- @Override\r
- public URI get(Item item) throws LocatorException {\r
- synchronized(orig) {\r
- if(item==null) {\r
- return null;\r
- } else {\r
- return resolved[((PLItem)item).idx];\r
- }\r
- }\r
- }\r
-\r
- @Override\r
- public Item first() throws LocatorException {\r
- return end>0?current[0]:null;\r
- }\r
-\r
- @Override\r
- public boolean hasItems() {\r
- return end>0;\r
- }\r
-\r
- @Override\r
- public Item next(Item item) throws LocatorException {\r
- if(item==null) {\r
- return null;\r
- } else {\r
- int spot;\r
- if((spot=(((PLItem)item).order+1))>=end)return null;\r
- return current[spot];\r
- }\r
- }\r
-\r
- @Override\r
- public synchronized void invalidate(Item item) throws LocatorException {\r
- if(--end<=0) {\r
- refresh();\r
- return;\r
- }\r
- PLItem pli = (PLItem)item;\r
- int i,order;\r
- for(i=0;i<end;++i) {\r
- if(pli==current[i])break;\r
- }\r
- order = current[i].order;\r
- for(;i<end;++i) {\r
- current[i]=current[i+1];\r
- current[i].order=order++;\r
- }\r
- current[end]=pli;\r
- }\r
-\r
- @Override\r
- public Item best() throws LocatorException {\r
- if(current.length==0) {\r
- refresh();\r
- }\r
- switch(current.length) {\r
- case 0:\r
- return null;\r
- case 1:\r
- return current[0];\r
- default:\r
- return current[Math.abs(random.nextInt())%current.length];\r
- }\r
- }\r
-\r
- @Override\r
- public synchronized boolean refresh() {\r
- if(System.currentTimeMillis()>lastRefreshed) {\r
- // Build up list\r
- List<URI> resolve = new ArrayList<URI>();\r
- String realname;\r
- for(int i = 0; i < orig.length ; ++i) {\r
- try {\r
- InetAddress ia[] = InetAddress.getAllByName(orig[i].getHost());\r
-\r
- URI o,n;\r
- for(int j=0;j<ia.length;++j) {\r
- o = orig[i];\r
- Socket socket = new Socket();\r
- try {\r
- realname=ia[j].getCanonicalHostName();\r
- socket.connect(new InetSocketAddress(realname,o.getPort()),3000);\r
- if(socket.isConnected()) {\r
- n = new URI(\r
- o.getScheme(),\r
- o.getUserInfo(),\r
- realname,\r
- o.getPort(),\r
- o.getPath(),\r
- o.getQuery(),\r
- o.getFragment()\r
- );\r
- resolve.add(n);\r
- }\r
- } catch (IOException e) {\r
- } finally {\r
- if(!socket.isClosed()) {\r
- try {\r
- socket.close();\r
- } catch (IOException e) {\r
- // nothing to do.\r
- }\r
- }\r
- }\r
- }\r
- } catch (UnknownHostException | URISyntaxException e) {\r
- // Note: Orig Name already known as valid, based on constructor\r
- }\r
- }\r
- end=resolve.size();\r
- PLItem[] newCurrent;\r
- if(current==null || current.length!=end) {\r
- newCurrent = new PLItem[end];\r
- } else {\r
- newCurrent = current;\r
- }\r
- \r
- for(int i=0; i< end; ++i) {\r
- if(newCurrent[i]==null){\r
- newCurrent[i]=new PLItem(i);\r
- } else {\r
- newCurrent[i].idx=newCurrent[i].order=i;\r
- }\r
- }\r
- synchronized(orig) {\r
- resolved = new URI[end];\r
- resolve.toArray(resolved);\r
- current = newCurrent;\r
- }\r
- lastRefreshed = System.currentTimeMillis()+minRefresh;\r
- return !resolve.isEmpty();\r
- } else {\r
- return false;\r
- }\r
- }\r
- \r
- private class PLItem implements Item {\r
- public int idx,order;\r
- \r
- public PLItem(int i) {\r
- idx = order =i;\r
- }\r
- \r
- public String toString() {\r
- return "Item: " + idx + " order: " + order;\r
- }\r
- }\r
-\r
- public String toString() {\r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(URI uri : orig) {\r
- boolean isResolved=false;\r
- if(uri!=null) {\r
- if(first) {\r
- first = false;\r
- } else {\r
- sb.append(", ");\r
- }\r
- sb.append(uri.toString());\r
- sb.append(" [");\r
- for(URI u2 : resolved) {\r
- if(uri.equals(u2)) {\r
- isResolved = true;\r
- break;\r
- }\r
- }\r
- sb.append(isResolved?"X]\n":" ]");\r
- }\r
- }\r
- return sb.toString();\r
- }\r
- \r
- public void destroy() {\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.routing;\r
-\r
-import org.onap.aaf.inno.env.util.Split;\r
-\r
-public class GreatCircle {\r
- // Note: multiplying by this constant is faster than calling Math equivalent function \r
- private static final double DEGREES_2_RADIANS = Math.PI/180.0;\r
- \r
- public static final double DEGREES_2_NM = 60;\r
- public static final double DEGREES_2_KM = DEGREES_2_NM * 1.852; // 1.852 is exact ratio per 1929 Standard Treaty, adopted US 1954\r
- public static final double DEGREES_2_MI = DEGREES_2_NM * 1.1507795; \r
- \r
- /**\r
- * \r
- * Calculate the length of an arc on a perfect sphere based on Latitude and Longitudes of two points\r
- * Parameters are in Degrees (i.e. the coordinate system you get from GPS, Mapping WebSites, Phones, etc)\r
- * \r
- * L1 = Latitude of point A\r
- * G1 = Longitude of point A\r
- * L2 = Latitude of point B\r
- * G2 = Longitude of point B\r
- * \r
- * d = acos (sin(L1)*sin(L2) + cos(L1)*cos(L2)*cos(G1 - G2))\r
- * \r
- * Returns answer in Degrees\r
- * \r
- * Since there are 60 degrees per nautical miles, you can convert to NM by multiplying by 60\r
- * \r
- * Essential formula from a Princeton website, the "Law of Cosines" method. \r
- * \r
- * Refactored cleaned up for speed 3/8/2013\r
- * \r
- * @param latA\r
- * @param lonA\r
- * @param latB\r
- * @param lonB\r
- * @return\r
- */\r
- public static double calc(double latA, double lonA, double latB, double lonB) {\r
- // Formula requires Radians. Expect Params to be Coordinates (Degrees)\r
- // Simple ratio, quicker than calling Math.toRadians()\r
- latA *= DEGREES_2_RADIANS;\r
- lonA *= DEGREES_2_RADIANS;\r
- latB *= DEGREES_2_RADIANS;\r
- lonB *= DEGREES_2_RADIANS;\r
-\r
- return Math.acos(\r
- Math.sin(latA) * Math.sin(latB) + \r
- Math.cos(latA) * Math.cos(latB) * Math.cos(lonA-lonB)\r
- )\r
- / DEGREES_2_RADIANS;\r
- }\r
- \r
- /** \r
- * Convert from "Lat,Long Lat,Long" String format\r
- * "Lat,Long,Lat,Long" Format\r
- * or all four entries "Lat Long Lat Long"\r
- * \r
- * (Convenience function)\r
- * \r
- * Since Distance is positive, a "-1" indicates an error in String formatting\r
- */\r
- public static double calc(String ... coords) {\r
- try {\r
- String [] array;\r
- switch(coords.length) {\r
- case 1:\r
- array = Split.split(',',coords[0]);\r
- if(array.length!=4)return -1;\r
- return calc(\r
- Double.parseDouble(array[0]),\r
- Double.parseDouble(array[1]),\r
- Double.parseDouble(array[2]),\r
- Double.parseDouble(array[3])\r
- );\r
- case 2:\r
- array = Split.split(',',coords[0]);\r
- String [] array2 = Split.split(',',coords[1]);\r
- if(array.length!=2 || array2.length!=2)return -1;\r
- return calc(\r
- Double.parseDouble(array[0]),\r
- Double.parseDouble(array[1]),\r
- Double.parseDouble(array2[0]),\r
- Double.parseDouble(array2[1])\r
- );\r
- case 4:\r
- return calc(\r
- Double.parseDouble(coords[0]),\r
- Double.parseDouble(coords[1]),\r
- Double.parseDouble(coords[2]),\r
- Double.parseDouble(coords[3])\r
- );\r
- \r
- default:\r
- return -1;\r
- }\r
- } catch (NumberFormatException e) {\r
- return -1;\r
- }\r
- }\r
-\r
-}\r
-\r
-///**\r
-//* Haverside method, from Princeton\r
-//* \r
-//* @param alat\r
-//* @param alon\r
-//* @param blat\r
-//* @param blon\r
-//* @return\r
-//*/\r
-//public static double calc3(double alat, double alon, double blat, double blon) {\r
-// alat *= DEGREES_2_RADIANS;\r
-// alon *= DEGREES_2_RADIANS;\r
-// blat *= DEGREES_2_RADIANS;\r
-// blon *= DEGREES_2_RADIANS;\r
-// return 2 * Math.asin(\r
-// Math.min(1, Math.sqrt(\r
-// Math.pow(Math.sin((blat-alat)/2), 2) +\r
-// (Math.cos(alat)*Math.cos(blat)*\r
-// Math.pow(\r
-// Math.sin((blon-alon)/2),2)\r
-// )\r
-// )\r
-// )\r
-// )\r
-// / DEGREES_2_RADIANS;\r
-//}\r
-//\r
-\r
-\r
-\r
-//This is a MEAN radius. The Earth is not perfectly spherical\r
-// public static final double EARTH_RADIUS_KM = 6371.0;\r
-// public static final double EARTH_RADIUS_NM = 3440.07;\r
-// public static final double KM_2_MILES_RATIO = 0.621371192;\r
-///**\r
-//* Code on Internet based on Unknown book. Lat/Long is in Degrees\r
-//* @param alat\r
-//* @param alon\r
-//* @param blat\r
-//* @param blon\r
-//* @return\r
-//*/\r
-//public static double calc1(double alat, double alon, double blat, double blon) {\r
-// alat *= DEGREES_2_RADIANS;\r
-// alon *= DEGREES_2_RADIANS;\r
-// blat *= DEGREES_2_RADIANS;\r
-// blon *= DEGREES_2_RADIANS;\r
-// \r
-// // Reused values\r
-// double cosAlat,cosBlat;\r
-// \r
-// return Math.acos(\r
-// ((cosAlat=Math.cos(alat))*Math.cos(alon)*(cosBlat=Math.cos(blat))*Math.cos(blon)) +\r
-// (cosAlat*Math.sin(alon)*cosBlat*Math.sin(blon)) +\r
-// (Math.sin(alat)*Math.sin(blat))\r
-// )/DEGREES_2_RADIANS;\r
-// \r
-//}\r
-\r
-/*\r
-* This method was 50% faster than calculation 1, and 75% than the Haverside method\r
-* Also, since it's based off of Agree standard Degrees of the Earth, etc, the calculations are more exact,\r
-* at least for Nautical Miles and Kilometers\r
-*/\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.dme2;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import java.io.File;\r
-import java.io.IOException;\r
-\r
-import javax.servlet.annotation.HttpMethodConstraint;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Exception;\r
-\r
-public class JU_DME2ClientSSTest {\r
- \r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
-\r
- @Test\r
- public void test1() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
- \r
- @Test\r
- public void test2() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
- \r
- @Test\r
- public void test3() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
- \r
- @Test\r
- public void test4() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
- \r
- @Test\r
- public void test5() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
- \r
- @Test\r
- public void test6() throws IOException, DME2Exception {\r
- DME2ClientSS client = new DME2ClientSS(null, "user", "pass");\r
- \r
- assertNotNull(client);\r
-\r
- assertEquals(client.getID(), "user");\r
- assertEquals(client.setLastResponse(0), 0);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import java.io.IOException;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-\r
-public class JU_HBasicAuthSSTest {\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void testHBasicAuthSSStringStringSecurityInfoCOfHttpURLConnection() throws IOException {\r
- HBasicAuthSS basicAuth = new HBasicAuthSS("user", "pass", null); \r
- \r
- assertEquals(basicAuth.getID(), "user");\r
- assertFalse(basicAuth.isDenied());\r
- assertEquals(basicAuth.count(), 0);\r
- assertEquals(basicAuth.setLastResponse(401), 1);\r
- }\r
- \r
- @Test\r
- public void testHBasicAuthSSStringStringSecurityInfoCOfHttpURLConnection_one() throws IOException {\r
- HBasicAuthSS basicAuth = new HBasicAuthSS("demo", "demopass", null); \r
- \r
- assertEquals(basicAuth.getID(), "demo");\r
- assertFalse(basicAuth.isDenied());\r
- assertEquals(basicAuth.count(), 0);\r
- assertEquals(basicAuth.setLastResponse(401), 1);\r
- }\r
-\r
- @Test\r
- public void testHBasicAuthSSStringStringSecurityInfoCOfHttpURLConnectionTwo() throws IOException {\r
- HBasicAuthSS basicAuth = new HBasicAuthSS("user 1", "user 2", null); \r
- \r
- assertEquals(basicAuth.getID(), "user 1");\r
- assertFalse(basicAuth.isDenied());\r
- assertEquals(basicAuth.count(), 0);\r
- assertEquals(basicAuth.setLastResponse(401), 1);\r
- }\r
- \r
- @Test\r
- public void testHBasicAuthSSStringStringSecurityInfoCOfHttpURLConnectionThree() throws IOException {\r
- HBasicAuthSS basicAuth = new HBasicAuthSS("onap", "onap", null); \r
- \r
- assertEquals(basicAuth.getID(), "onap");\r
- assertFalse(basicAuth.isDenied());\r
- assertEquals(basicAuth.count(), 0);\r
- assertEquals(basicAuth.setLastResponse(401), 1);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.net.URI;\r
-import java.util.Properties;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-\r
-public class JU_BasicDME2Client {\r
- public static void main(String[] args) {\r
- try {\r
- Properties props = System.getProperties();\r
- \r
- DME2Manager dm = new DME2Manager("DME2Manager TestBasicDME2Client",props);\r
- URI uri = new URI(System.getProperty("aaf_url"));\r
- DME2Client client = new DME2Client(dm,uri,3000);\r
-\r
- System.out.println(props.getProperty("aaf_id"));\r
- client.setCredentials(props.getProperty("aaf_id"),props.getProperty("aaf_password"));\r
- \r
- String path = String.format("/authz/perms/user/%s@csp.att.com",args.length>0?args[0]:"xx9999");\r
- System.out.printf("Path: %s\n",path);\r
- client.addHeader("Accept", "application/Perms+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*");\r
- client.setMethod("GET");\r
- client.setContext(path);\r
- client.setPayload("");// Note: Even on "GET", you need a String in DME2\r
- \r
- String o = client.sendAndWait(5000); // There are other Asynchronous call options, see DME2 Docs\r
- if(o==null) {\r
- System.out.println('[' + o + ']' + " (blank is good)");\r
- }\r
- \r
- \r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.net.URI;\r
-import java.net.URL;\r
-import java.net.URLConnection;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.locator.DNSLocator;\r
-\r
-public class JU_DNSLocator {\r
-\r
- @AfterClass\r
- public static void tearDownAfterClass() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() {\r
- \r
- DNSLocator dl = new DNSLocator(new PropAccess(), "https", "aaf.it.att.com","8150-8152");\r
- try {\r
- Item item = dl.best();\r
- URI uri = dl.get(item);\r
- URL url = uri.toURL();\r
- URLConnection conn = url.openConnection();\r
- conn.connect();\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.client.Holder;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-\r
-public class JU_HolderTest {\r
-\r
- @Test\r
- public void testSet() {\r
- Holder<String> holder = new Holder<String>("StringHolder");\r
- assertEquals(holder.get(), "StringHolder");\r
- \r
- holder.set("New String");\r
- assertEquals(holder.get(), "New String");\r
- }\r
-\r
- @Test\r
- public void testSet4() {\r
- Holder<String> holder = new Holder<String>("StringHolder");\r
- assertEquals(holder.get(), "StringHolder");\r
- \r
- holder.set("New String1");\r
- assertEquals(holder.get(), "New String1");\r
- }\r
- @Test\r
- public void testSet1() {\r
- Holder<String> holder = new Holder<String>("StringHolder");\r
- assertEquals(holder.get(), "StringHolder");\r
- \r
- holder.set("New String2");\r
- assertEquals(holder.get(), "New String2");\r
- }\r
- \r
- @Test\r
- public void testSet2() {\r
- Holder<String> holder = new Holder<String>("StringHolder");\r
- assertEquals(holder.get(), "StringHolder");\r
- \r
- holder.set("New String3");\r
- assertEquals(holder.get(), "New String3");\r
- }\r
- \r
- @Test\r
- public void testSet3() {\r
- Holder<String> holder = new Holder<String>("StringHolder");\r
- assertEquals(holder.get(), "StringHolder");\r
- \r
- holder.set("New String4");\r
- assertEquals(holder.get(), "New String4");\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.PrintStream;\r
-import java.net.URI;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.dme2.DME2Locator;\r
-\r
-import com.att.aft.dme2.api.DME2Manager;\r
-\r
-public class JU_PaulUzee {\r
- public static void main(String[] args) {\r
- try {\r
- // You'll want to put this on Command line "-D" probably\r
- Properties props = System.getProperties();\r
- props.put("AFT_LATITUDE","32.780140");\r
- props.put("AFT_LONGITUDE","-96.800451");\r
- props.put("AFT_ENVIRONMENT","AFTPRD");\r
-\r
- //\r
- // Use an "Access" class to hook up logging, properties, etc.\r
- // Make one that ties into your code's logging, property mechanism, etc.\r
- //\r
- Access access = new PaulAccess();\r
- \r
- DME2Manager dm = new DME2Manager("Paul Uzee's Test",props);\r
- Locator loc = new DME2Locator(access ,dm,"com.att.authz.AuthorizationService","2.0","PROD","DEFAULT");\r
-\r
- \r
- for(Item item = loc.first(); item!=null; item=loc.next(item)) {\r
- URI location = (URI) loc.get(item);\r
- access.log(Level.INFO,location);\r
- access.log(Level.INFO,location.getScheme());\r
- access.log(Level.INFO,location.getHost());\r
- access.log(Level.INFO, location.getPort());\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- \r
- }\r
-\r
- private static class PaulAccess implements Access {\r
- private Level willWrite = Level.INFO;\r
-\r
- @Override\r
- public ClassLoader classLoader() {\r
- return getClass().getClassLoader();\r
- }\r
-\r
- @Override\r
- public String decrypt(String data, boolean def) throws IOException {\r
- return data;\r
- }\r
-\r
- @Override\r
- public String getProperty(String tag, String def) {\r
- return System.getProperty(tag, def);\r
- }\r
-\r
- @Override\r
- public void load(InputStream is) throws IOException {\r
- System.getProperties().load(is);\r
- }\r
-\r
- @Override\r
- public void log(Level level, Object... obj) {\r
- if(level.compareTo(willWrite)<0) return;\r
- PrintStream ps;\r
- switch(level) {\r
- case DEBUG:\r
- case AUDIT:\r
- case ERROR:\r
- case WARN:\r
- ps = System.err;\r
- break;\r
- case INFO:\r
- case INIT:\r
- default:\r
- ps = System.out;\r
- }\r
- boolean first = true;\r
- for(Object o : obj) {\r
- if(first)first=false;\r
- else ps.print(' ');\r
- ps.print(o.toString());\r
- }\r
- ps.println();\r
- }\r
-\r
- @Override\r
- public void log(Exception e, Object... obj) {\r
- Object[] objs = new Object[obj.length+1];\r
- objs[0]=e.getMessage();\r
- System.arraycopy(objs, 1, obj, 0, obj.length);\r
- log(Level.ERROR,e,objs);\r
- }\r
-\r
- @Override\r
- public void setLogLevel(Level l) {\r
- willWrite = l;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Access#willLog(com.att.cadi.Access.Level)\r
- */\r
- @Override\r
- public boolean willLog(Level level) {\r
- return true;\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object... elements) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
- };\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.net.URI;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.locator.PropertyLocator;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-public class JU_PropertyLocator {\r
-\r
- @AfterClass\r
- public static void tearDownAfterClass() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() throws Exception {\r
- PropertyLocator pl = new PropertyLocator("https://localhost:2345,https://fred.wilma.com:26444,https://tom.jerry.com:534");\r
- \r
- Item i;\r
- int count;\r
- boolean print = false;\r
- for(int j=0;j<900000;++j) {\r
- count = 0;\r
- for(i = pl.first();i!=null;i=pl.next(i)) {\r
- URI loc = pl.get(i);\r
- if(print)System.out.println(loc.toString());\r
- ++count;\r
- }\r
- assertEquals(3,count);\r
- assertTrue(pl.hasItems());\r
- if(print)System.out.println("---");\r
- pl.invalidate(pl.best());\r
- \r
- count = 0;\r
- for(i = pl.first();i!=null;i=pl.next(i)) {\r
- URI loc = pl.get(i);\r
- if(print)System.out.println(loc.toString());\r
- ++count;\r
- }\r
- \r
- assertEquals(2,count);\r
- assertTrue(pl.hasItems());\r
- if(print)System.out.println("---");\r
- pl.invalidate(pl.best());\r
- \r
- count = 0;\r
- for(i = pl.first();i!=null;i=pl.next(i)) {\r
- URI loc = pl.get(i);\r
- if(print)System.out.println(loc.toString());\r
- ++count;\r
- }\r
- \r
- assertEquals(1,count);\r
- assertTrue(pl.hasItems());\r
- if(print)System.out.println("---");\r
- pl.invalidate(pl.best());\r
- \r
- count = 0;\r
- for(i = pl.first();i!=null;i=pl.next(i)) {\r
- URI loc = pl.get(i);\r
- if(print)System.out.println(loc.toString());\r
- ++count;\r
- }\r
- \r
- assertEquals(0,count);\r
- assertFalse(pl.hasItems());\r
- \r
- pl.refresh();\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import static org.hamcrest.CoreMatchers.is;\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.client.Result;\r
-\r
-public class JU_ResultTest {\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void testOk() {\r
- Result<String> t = Result.ok(1, "Ok");\r
- assertNotNull(t);\r
- assertThat(t.code, is(1));\r
- assertTrue(t.isOK());\r
- assertThat(t.toString(), is("Code: 1"));\r
- }\r
-\r
- @Test\r
- public void testErr() {\r
- Result<String> t = Result.err(1, "Error Body");\r
- assertNotNull(t);\r
- assertThat(t.error, is("Error Body"));\r
- assertFalse(t.isOK());\r
- assertThat(t.toString(), is("Code: 1 = Error Body"));\r
- }\r
- \r
- @Test\r
- public void testOk1() {\r
- Result<String> t = Result.ok(1, "Ok");\r
- assertNotNull(t);\r
- assertThat(t.code, is(1));\r
- assertTrue(t.isOK());\r
- assertThat(t.toString(), is("Code: 1"));\r
- }\r
-\r
- @Test\r
- public void testErr1() {\r
- Result<String> t = Result.err(1, "Error Body");\r
- assertNotNull(t);\r
- assertThat(t.error, is("Error Body"));\r
- assertFalse(t.isOK());\r
- assertThat(t.toString(), is("Code: 1 = Error Body"));\r
- }\r
- \r
- @Test\r
- public void testOk2() {\r
- Result<String> t = Result.ok(1, "Ok");\r
- assertNotNull(t);\r
- assertThat(t.code, is(1));\r
- assertTrue(t.isOK());\r
- assertThat(t.toString(), is("Code: 1"));\r
- }\r
-\r
- @Test\r
- public void testErr2() {\r
- Result<String> t = Result.err(1, "Error Body");\r
- assertNotNull(t);\r
- assertThat(t.error, is("Error Body"));\r
- assertFalse(t.isOK());\r
- assertThat(t.toString(), is("Code: 1 = Error Body"));\r
- }\r
- \r
- @Test\r
- public void testOk3() {\r
- Result<String> t = Result.ok(1, "Ok");\r
- assertNotNull(t);\r
- assertThat(t.code, is(1));\r
- assertTrue(t.isOK());\r
- assertThat(t.toString(), is("Code: 1"));\r
- }\r
-\r
- @Test\r
- public void testErr3() {\r
- Result<String> t = Result.err(1, "Error Body");\r
- assertNotNull(t);\r
- assertThat(t.error, is("Error Body"));\r
- assertFalse(t.isOK());\r
- assertThat(t.toString(), is("Code: 1 = Error Body"));\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-public class JU_TestAccess implements Access {\r
- private Symm symm;\r
-\r
- public JU_TestAccess() {\r
- symm = Symm.obtain(this);\r
- }\r
- \r
- public void log(Level level, Object... elements) {\r
- boolean first = true;\r
- for(int i=0;i<elements.length;++i) {\r
- if(first)first = false;\r
- else System.out.print(' ');\r
- System.out.print(elements[i].toString());\r
- }\r
- System.out.println();\r
- }\r
-\r
- public void log(Exception e, Object... elements) {\r
- e.printStackTrace();\r
- log(Level.ERROR,elements);\r
- }\r
-\r
- public void setLogLevel(Level level) {\r
- \r
- }\r
-\r
- public ClassLoader classLoader() {\r
- return ClassLoader.getSystemClassLoader();\r
- }\r
-\r
- public String getProperty(String string, String def) {\r
- String rv = System.getProperty(string);\r
- return rv==null?def:rv;\r
- }\r
-\r
- public void load(InputStream is) throws IOException {\r
- \r
- }\r
-\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return (encrypted!=null && (anytext==true || encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Access#willLog(com.att.cadi.Access.Level)\r
- */\r
- @Override\r
- public boolean willLog(Level level) {\r
- return true;\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object... elements) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.io.FileInputStream;\r
-import java.net.URI;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import com.att.aft.dme2.api.DME2Client;\r
-import com.att.aft.dme2.api.DME2Manager;\r
-\r
-public class JU_TestDME2Client {\r
- public static void main(String[] args) {\r
- try {\r
- Properties props = System.getProperties();\r
- props.put("AFT_LATITUDE","32.780140");\r
- props.put("AFT_LONGITUDE","-96.800451");\r
- props.put("AFT_ENVIRONMENT","AFTUAT");\r
- \r
- //props.put("keyStore","/Volumes/Data/src/authz/common/aaf.att.jks");\r
- props.put("AFT_DME2_KEYSTORE","/Volumes/Data/src/authz/common/aaf.att.jks");\r
- props.put("AFT_DME2_KEYSTORE_PASSWORD","enc:???");\r
- props.put("AFT_DME2_TRUSTSTORE","/Volumes/Data/src/authz/common/truststore.jks");\r
- props.put("AFT_DME2_TRUSTSTORE_PASSWORD","enc:???");\r
- \r
- // Local Testing on dynamic IP PC ***ONLY***\r
-// props.put("DME2_EP_REGISTRY_CLASS","DME2FS");\r
-// props.put("AFT_DME2_EP_REGISTRY_FS_DIR","/Volumes/Data/src/authz/dme2reg");\r
-// props.put("AFT_DME2_SSL_TRUST_ALL", "true");\r
-\r
- Symm symm;\r
- FileInputStream keyfile=new FileInputStream("/Volumes/Data/src/authz/common/keyfile");\r
- try {\r
- symm=Symm.obtain(keyfile);\r
- } finally {\r
- keyfile.close();\r
- }\r
-\r
- DME2Manager dm = new DME2Manager("DME2Manager TestHClient",props);\r
- // Standard RESOLVE format\r
- String prefix;\r
- URI uri = \r
-// new URI(\r
-// "https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE"\r
-// );\r
-// prefix = "";\r
-// Direct Format\r
-// new URI("https://mithrilcsp.sbc.com:8100/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE");\r
-// prefix = "";\r
-// Go through PROXY\r
-// new URI("https://mithrilcsp.sbc.com:8095");\r
-// prefix = "/proxy";\r
- \r
-// new URI("https://mithrilcsp.sbc.com:8095");\r
- new URI("https://DME2RESOLVE/service=com.att.authz.authz-gw/version=2.0/envContext=UAT/routeOffer=BAU_SE");\r
-// prefix = "";\r
- prefix = "/proxy";\r
- DME2Client client = new DME2Client(dm,uri,3000);\r
-\r
- client.setCredentials("XX@NS", symm.depass("enc:???"));\r
- \r
- client.addHeader("Accept", "text/plain");\r
- client.setMethod("GET");\r
- client.setContext(prefix+"/authn/basicAuth");\r
- client.setPayload("");// Note: Even on "GET", you need a String in DME2\r
- \r
- String o = client.sendAndWait(5000); // There are other Asynchronous call options, see DME2 Docs\r
- \r
- System.out.println('[' + o + ']' + " (blank is good)");\r
- \r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.net.URI;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.dme2.DME2ClientSS;\r
-import org.onap.aaf.cadi.dme2.DRcli;\r
-\r
-import com.att.aft.dme2.api.DME2Manager;\r
-\r
-public class JU_TestDME2RcliClient {\r
- public static void main(String[] args) {\r
- try {\r
- Properties props = System.getProperties();\r
- props.put("AFT_LATITUDE","32.780140");\r
- props.put("AFT_LONGITUDE","-96.800451");\r
- props.put("AFT_ENVIRONMENT","AFTUAT");\r
-// props.put("DME2_EP_REGISTRY_CLASS","DME2FS");\r
-// props.put("AFT_DME2_EP_REGISTRY_FS_DIR","/Volumes/Data/src/authz/dme2reg");\r
-\r
- props.put("cadi_keystore","/Volumes/Data/src/authz/common/aaf.att.jks");\r
- props.put("cadi_keystore_password","enc:???");\r
- props.put("cadi_truststore","/Volumes/Data/src/authz/common/truststore.jks");\r
- props.put("cadi_truststore_password","enc:???");\r
- props.put("cadi_keyfile", "/Volumes/Data/src/authz/common/keyfile");\r
- \r
- // Local Testing on dynamic IP PC ***ONLY***\r
-// props.put("cadi_trust_all_x509", "true"); \r
- \r
- \r
- \r
- URI uri = new URI("https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE");\r
- \r
- Access access = new JU_TestAccess();\r
- DME2Manager dm = new DME2Manager("DME2Manager TestHClient",props);\r
- DRcli client = new DRcli(\r
- uri, \r
- new DME2ClientSS(access,"XX@NS","enc:???"));\r
- \r
- client.setManager(dm)\r
- .apiVersion("2.0")\r
- .readTimeout(3000);\r
- \r
- Future<String> ft = client.read("/authz/nss/com.att.aaf","text/json"); \r
- if(ft.get(10000)) {\r
- System.out.println("Hurray,\n"+ft.body());\r
- } else {\r
- System.out.println("not quite: " + ft.code());\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.client.test;\r
-\r
-import java.net.HttpURLConnection;\r
-import java.net.URI;\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.client.Rcli;\r
-import org.onap.aaf.cadi.client.Retryable;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.http.HBasicAuthSS;\r
-import org.onap.aaf.cadi.http.HMangr;\r
-import org.onap.aaf.cadi.locator.DME2Locator;\r
-\r
-import com.att.aft.dme2.api.DME2Manager;\r
-import org.onap.aaf.inno.env.APIException;\r
-\r
-public class JU_TestHClient {\r
- public static void main(String[] args) {\r
- try {\r
- PropAccess access = new PropAccess();\r
- DME2Manager dm = new DME2Manager("DME2Manager TestHClient",access.getProperties());\r
- Locator<URI> loc = new DME2Locator(access,dm,"com.att.authz.AuthorizationService","2.0","DEV","BAU_SE");\r
-\r
- for(Item item = loc.first(); item!=null; item=loc.next(item)) {\r
- System.out.println(loc.get(item));\r
- }\r
- \r
- \r
- SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(access);\r
- SecuritySetter<HttpURLConnection> ss = new HBasicAuthSS("m12345@aaf.att.com", \r
- access.decrypt("enc:7K6yjLQqha_S9yApkIul2K_by5Moemcos1HRAVnhMXu",false), si);\r
-// SecuritySetter<HttpURLConnection> ss = new X509SS(si, "aaf");\r
- \r
- HMangr hman = new HMangr(access,loc);\r
- try {\r
- hman.best(ss, new Retryable<Void>() {\r
- @Override\r
- public Void code(Rcli<?> cli) throws APIException, CadiException {\r
- Future<String> ft = cli.read("/authz/nss/com.att.aaf","text/json"); \r
- if(ft.get(10000)) {\r
- System.out.println("Hurray,\n"+ft.body());\r
- } else {\r
- System.out.println("not quite: " + ft.code());\r
- }\r
- return null;\r
- }});\r
- } finally {\r
- hman.close();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- }\r
- \r
-}\r
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-# This is a normal Java Properties File\r
-# Comments are with Pound Signs at beginning of lines,\r
-# and multi-line expression of properties can be obtained by backslash at end of line\r
-\r
-# Certain machines have several possible machine names, and\r
-# the right one may not be reported. This is especially\r
-# important for CSP Authorization, which will only \r
-# function on official AT&T domains.\r
-hostname=veeger.mo.sbc.com \r
-\r
-port=2533\r
-\r
-# CSP has Production mode (active users) or DEVL mode (for \r
-# Testing purposes... Bogus users)\r
-#csp_domain=DEVL\r
-csp_domain=PROD\r
-\r
-# Report all AUTHN and AUTHZ activity\r
-loglevel=AUDIT\r
-\r
-#\r
-# BasicAuth and other User/Password support\r
-#\r
-# The realm reported on BasicAuth callbacks\r
-basic_realm=spiderman.agile.att.com\r
-users=ks%xiVUs_25_1jqGdJ24hqy43Gi;\r
-groups=aaf:Jd8bb3jslg88b@spiderman.agile.att.com%7sZCPBZ_8iWbslqdjWFIDLgTZlm9ung0ym-G,\\r
- jg1555,lg2384,rd8227,tp007s,pe3617;\r
- \r
-\r
-# Keyfile (with relative path) for encryption. This file\r
-# should be marked as ReadOnly by Only the running process\r
-# for security's sake\r
-keyfile=conf/keyfile\r
+++ /dev/null
-9zgJxUXT1CrzC_A2Z0PdKi3n9l6zmErB26ZlSXCCyloxi3bGqD3lNHC3aFHfgC8-ZwNMuLBM93WY
-JV4sEacNodHGjgmAqSVyMHiPTEP4XRrydfjXAvaBIERcU1Yvu4pa4Mq25RXLHt8tIAnToFVbq82n
-bjkfdcv2-shgwkEvRiNIdK5TITO8JTvTRWND5MqXc9gnCKkR6Rl5dU5QGIB2SxWOPCvKBBWeUGRO
-bSinrjkI-iXabuLOYUaGo6FI_XAU5S9WxvfrDVpBijUAGJW8QZe1oBIo5QmQlx6ONB4ohjEu89ZZ
-gTee22MvSNUvaT8IGbj_Zt_TyuCqcdmkVahWp5ffeK2J3bmHActAC2IxXD4yV-sFLB7PW7I8KMA7
-tML3Lcy9ozmYa2E8N8B9uQ0zMHz_TVpPvj5xkVF4_FEKOTD1mkf-JYC1CyzwJS2YWWxO6fqsxIjD
-1qB4OJudv4RK6hSxdVrNxc_wchVAGXVD6ulm8UPBGP_wpfItP8BGYwCHlOjUrZofewKB2Aa9Uk9m
-oyk309WmPVBeRzZ0vRlXUp8jhKlAPISvv8CBbG-6SuXAszY2qedgd3huYKNreVN-xMZM2hnYbEUW
-0sdcqpFqIV039Awfwjn5sZPFW4iT3yWhxib1PwFzwfaXnrwgwbLAda68mRDAWCrsDRu11IiQJqb7
-cjNLYBOGDVhX7jeUyBJUzW-xhl__DsoCZSqP39vFoPtglXHlQNtVqQ8d96mu_QMY5bcuhevI4RQ_
-SD7WcRyAiUztiC4Eb6BYwld0RITdB1-Y43jkZlfA8Ej5Zw8sX_-2J2hKdDPT4KrTYWA5T6wiIJK9
-lxIc39wGHpxQ4kz8gx0VeqRU2hgHVKovuaEvBnwv8JW3qeuowaUmiPi7UuIRwi4pFX5iQv62yrfO
-5Z6EXBDVI8Ikq4UTu70vX_bCuXHtvqm97PFh2KXjBHS--iNVQ5GhnDKKv_Fd4naQjCSwTTgtxD4X
-ASgLSSETGJ8wAjWHOWUuVT4jUDFIQwunNaH6y2NaDWA0tkO74oYaQIL_-kd9ChGLzGL389v8BV2X
-oaw70W9L3-OOtzAz-hACbOtbbMkx2bVMmS8QhjYg-_2bpwSb8NR322pQ9AodFTU4x5HrLoERk2Rw
-hRExZP7K-_idMJUGLF9gJFFS01UyBLijyWGyN0teQleXgn6IzZk7dH9roddoe9IacjiV7XfE4i1U
-rVNTRKiDdHSX02KGOihs_j-Tf0PYsz0wEeACINA5MafGzc9x2b8yMzBxwPHxRszjL4dymCoLXRI5
-srLsWk2Jwtp9meW8jhkoAi5xUKzLiYIhEohIX3eEEA0O0wuK0fzcMB7IbyTYYazawUKmUXZ94OLu
-Fmb-UaAEvU-9U4O3DNfbDN2ELxUHmWaqNqpGl1IV0ZxGrKNZi9Rga9-_vfVGcoVMD7vZOhiZddc9
-WRlom3tQZRx2Sm42baNH8wS34J0KuUYPcjQ-1_GEJxcH0hv6hzSm4is7mUdnyB95g1UohKdQOfaY
-tOdHlXbu2zG6SyPaYyQFfQbMPwBn-hx_7bYj9Px-EhYeMpBIP8X98jkd3BlWY4sdWqxsQfAb5pml
-cnDRynHag2XxLqttAWSwru_owfeXzmYsPD-PINRu-Csjzlbdhq73amTFN-U8mYA09dlCck2fW8qo
-mAXLkVlboVaPuem6WvfSd93ZinsB5Wi5RX6RQxeHeo88cWrJ11Au14J8xFlurcZwdSjO4dsnZj_D
-ry0uKWsyNoLogBuDansiNGGO8-1qsyRxVp3zbxOMQmPouN6l0ZfxQdACqX8_4HTD7NMNMnLYjPjC
-4YfOUx4pQMdjzno05vuF5zY-UQ3SN7HkmXsF6tVJdt15cmtLFetD5LTbvdRr1eeHWuwD4-aJQx4T
-SdOLQ3zHeMnNFsxR_xKsu4AGjcC2-TpGixmA1kJtYBm1WIGoxQ6N4rneEo-82yvKwYst9-DJcV6x
-xy1dpJqtx3I7M6DqPVURomeh2czO6UMRPVIQ1ltj4E27_FWFsWC38ZyR4nFimovFLJNCzy2k
\ No newline at end of file
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">\r
- <parent>\r
- <groupId>org.onap.aaf.cadi</groupId>\r
- <artifactId>parent</artifactId>\r
- <relativePath>..</relativePath>\r
- <version>1.0.0-SNAPSHOT</version>\r
- </parent>\r
- \r
- <modelVersion>4.0.0</modelVersion>\r
- <name>CADI Core Framework (Code, Access, Data, Identity)</name>\r
- <artifactId>cadi-core</artifactId>\r
- <packaging>jar</packaging>\r
- <url>https://github.com/att/AAF</url>\r
- <description>CADI</description>\r
- <properties>\r
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
- <project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion>\r
- <!-- SONAR -->\r
- <jacoco.version>0.7.7.201606060606</jacoco.version>\r
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>\r
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>\r
- <!-- Default Sonar configuration -->\r
- <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>\r
- <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>\r
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list below -->\r
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>\r
- <nexusproxy>https://nexus.onap.org</nexusproxy>\r
- <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>\r
- <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>\r
- <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>\r
- <sitePath>/content/sites/site/org/onap/aaf/cadi/${project.artifactId}/${project.version}</sitePath>\r
- </properties>\r
- <dependencies>\r
- <dependency>\r
- <groupId>org.mockito</groupId>\r
- <artifactId>mockito-all</artifactId>\r
- <version>1.9.5</version>\r
- <scope>test</scope>\r
- </dependency>\r
- <dependency>\r
- <groupId>javax.servlet</groupId>\r
- <artifactId>servlet-api</artifactId>\r
- <scope>provided</scope>\r
- </dependency>\r
- \r
- <dependency>\r
- <groupId>org.slf4j</groupId>\r
- <artifactId>slf4j-api</artifactId>\r
- <scope>provided</scope>\r
- </dependency>\r
- \r
- </dependencies>\r
- <build>\r
- <plugins>\r
- <plugin>\r
- <!-- Must put this in to turn on Signing, but Configuration itself is \r
- in Parent -->\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-jarsigner-plugin</artifactId>\r
- </plugin>\r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-jar-plugin</artifactId>\r
- <configuration>\r
- <archive>\r
- <manifest>\r
- <mainClass>com.att.cadi.CmdLine</mainClass>\r
- </manifest>\r
- <manifestEntries>\r
- <Sealed>true</Sealed>\r
- </manifestEntries>\r
- </archive>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>test-jar</id>\r
- <phase>package</phase>\r
- <goals>\r
- <goal>test-jar</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- \r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-javadoc-plugin</artifactId>\r
- <version>2.10.4</version>\r
- <configuration>\r
- <failOnError>false</failOnError>\r
- </configuration>\r
- <executions>\r
- <execution>\r
- <id>attach-javadocs</id>\r
- <goals>\r
- <goal>jar</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin> \r
- \r
- \r
- <plugin>\r
- <groupId>org.apache.maven.plugins</groupId>\r
- <artifactId>maven-source-plugin</artifactId>\r
- <version>2.2.1</version>\r
- <executions>\r
- <execution>\r
- <id>attach-sources</id>\r
- <goals>\r
- <goal>jar-no-fork</goal>\r
- </goals>\r
- </execution>\r
- </executions>\r
- </plugin>\r
- <plugin>\r
- <groupId>org.sonatype.plugins</groupId>\r
- <artifactId>nexus-staging-maven-plugin</artifactId>\r
- <version>1.6.7</version>\r
- <extensions>true</extensions>\r
- <configuration>\r
- <nexusUrl>${nexusproxy}</nexusUrl>\r
- <stagingProfileId>176c31dfe190a</stagingProfileId>\r
- <serverId>ecomp-staging</serverId>\r
- </configuration>\r
- </plugin> \r
- \r
-<plugin>\r
- <groupId>org.jacoco</groupId>\r
- <artifactId>jacoco-maven-plugin</artifactId>\r
- <version>${jacoco.version}</version>\r
- <configuration>\r
- <excludes>\r
- <exclude>**/gen/**</exclude>\r
- <exclude>**/generated-sources/**</exclude>\r
- <exclude>**/yang-gen/**</exclude>\r
- <exclude>**/pax/**</exclude>\r
- </excludes>\r
- </configuration>\r
- <executions>\r
-\r
- <execution>\r
- <id>pre-unit-test</id>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>\r
- <propertyName>surefireArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
- \r
- \r
- <execution>\r
- <id>post-unit-test</id>\r
- <phase>test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>\r
- </configuration>\r
- </execution>\r
- <execution>\r
- <id>pre-integration-test</id>\r
- <phase>pre-integration-test</phase>\r
- <goals>\r
- <goal>prepare-agent</goal>\r
- </goals>\r
- <configuration>\r
- <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>\r
-\r
- <propertyName>failsafeArgLine</propertyName>\r
- </configuration>\r
- </execution>\r
-\r
- \r
- <execution>\r
- <id>post-integration-test</id>\r
- <phase>post-integration-test</phase>\r
- <goals>\r
- <goal>report</goal>\r
- </goals>\r
- <configuration>\r
- <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>\r
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>\r
- </configuration>\r
- </execution>\r
- </executions>\r
- </plugin> \r
-\r
- \r
- </plugins>\r
- </build>\r
- <distributionManagement>\r
- <repository>\r
- <id>ecomp-releases</id>\r
- <name>AAF Release Repository</name>\r
- <url>${nexusproxy}${releaseNexusPath}</url>\r
- </repository>\r
- <snapshotRepository>\r
- <id>ecomp-snapshots</id>\r
- <name>AAF Snapshot Repository</name>\r
- <url>${nexusproxy}${snapshotNexusPath}</url>\r
- </snapshotRepository>\r
- <site>\r
- <id>ecomp-site</id>\r
- <url>dav:${nexusproxy}${sitePath}</url>\r
- </site>\r
- </distributionManagement>\r
-\r
-</project>\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly>\r
- <id>test</id>\r
- <formats>\r
- <format>jar</format>\r
- </formats>\r
- <includeBaseDirectory>false</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <outputDirectory></outputDirectory>\r
- <outputFileNameMapping></outputFileNameMapping>\r
- <unpack>true</unpack>\r
- <scope>runtime</scope>\r
- <!-- includes>\r
- <include>com.att.cssa:env*</include>\r
- </includes -->\r
- </dependencySet>\r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>target/classes</directory>\r
- <outputDirectory></outputDirectory>\r
- </fileSet>\r
- </fileSets>\r
-</assembly>\r
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly>\r
- <id>app</id>\r
- <formats>\r
- <format>jar</format>\r
- </formats>\r
- <includeBaseDirectory>false</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <outputDirectory></outputDirectory>\r
- <outputFileNameMapping></outputFileNameMapping>\r
- <unpack>true</unpack>\r
- <scope>runtime</scope>\r
- <!-- includes>\r
- <include>web</include>\r
- </includes -->\r
- </dependencySet>\r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>target/classes</directory>\r
- <outputDirectory></outputDirectory>\r
- </fileSet>\r
- </fileSets>\r
-</assembly>\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.OutputStream;\r
-import java.security.InvalidKeyException;\r
-import java.security.NoSuchAlgorithmException;\r
-\r
-import javax.crypto.BadPaddingException;\r
-import javax.crypto.Cipher;\r
-import javax.crypto.CipherInputStream;\r
-import javax.crypto.CipherOutputStream;\r
-import javax.crypto.IllegalBlockSizeException;\r
-import javax.crypto.KeyGenerator;\r
-import javax.crypto.NoSuchPaddingException;\r
-import javax.crypto.SecretKey;\r
-import javax.crypto.spec.SecretKeySpec;\r
-\r
-import org.onap.aaf.cadi.util.Chmod;\r
-\r
-public class AES {\r
- public static final String AES = AES.class.getSimpleName();\r
- public static final int AES_KEY_SIZE = 128; // 256 isn't supported on all JDKs.\r
- \r
- private Cipher aesCipher;\r
- private SecretKeySpec aeskeySpec;\r
-\r
- public AES() throws IOException, NoSuchAlgorithmException, NoSuchPaddingException {\r
- aesCipher = Cipher.getInstance(AES);\r
- aeskeySpec = new SecretKeySpec(newKey().getEncoded(), AES);\r
- }\r
- \r
- public static SecretKey newKey() throws NoSuchAlgorithmException {\r
- KeyGenerator kgen = KeyGenerator.getInstance(AES);\r
- kgen.init(AES_KEY_SIZE);\r
- return kgen.generateKey();\r
- }\r
-\r
- public AES(File keyfile) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException {\r
- aesCipher = Cipher.getInstance(AES);\r
- byte[] aesKey = new byte[AES_KEY_SIZE/8];\r
- FileInputStream fis = new FileInputStream(keyfile);\r
- try {\r
- fis.read(aesKey);\r
- } finally {\r
- fis.close();\r
- }\r
- aeskeySpec = new SecretKeySpec(aesKey,AES);\r
- }\r
-\r
- public AES(byte[] aeskey, int offset, int len) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException {\r
- aesCipher = Cipher.getInstance(AES);\r
- aeskeySpec = new SecretKeySpec(aeskey,offset,len,AES);\r
- }\r
- \r
- public byte[] encrypt(byte[] in) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException {\r
- aesCipher.init(Cipher.ENCRYPT_MODE,aeskeySpec);\r
- return aesCipher.doFinal(in);\r
- }\r
- \r
- public byte[] decrypt(byte[] in) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException {\r
- aesCipher.init(Cipher.DECRYPT_MODE,aeskeySpec); \r
- return aesCipher.doFinal(in);\r
- }\r
- \r
- public void save(File keyfile) throws IOException {\r
- FileOutputStream fis = new FileOutputStream(keyfile);\r
- try {\r
- fis.write(aeskeySpec.getEncoded());\r
- } finally {\r
- fis.close();\r
- }\r
- Chmod.to400.chmod(keyfile);\r
- }\r
-\r
- public CipherOutputStream outputStream(OutputStream os, boolean encrypt) {\r
- try {\r
- if(encrypt) {\r
- aesCipher.init(Cipher.ENCRYPT_MODE,aeskeySpec);\r
- } else {\r
- aesCipher.init(Cipher.DECRYPT_MODE,aeskeySpec);\r
- }\r
- } catch (InvalidKeyException e) {\r
- // KeySpec created earlier... no chance being wrong.\r
- } \r
- return new CipherOutputStream(os,aesCipher);\r
- }\r
- \r
- public CipherInputStream inputStream(InputStream is, boolean encrypt) {\r
- try {\r
- if(encrypt) {\r
- aesCipher.init(Cipher.ENCRYPT_MODE,aeskeySpec);\r
- } else {\r
- aesCipher.init(Cipher.DECRYPT_MODE,aeskeySpec);\r
- }\r
- } catch (InvalidKeyException e) {\r
- // KeySpec created earlier... no chance being wrong.\r
- } \r
- \r
- return new CipherInputStream(is,aesCipher);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-public abstract class AbsCachedPrincipal<TAF> implements CachedPrincipal {\r
- protected TAF taf;\r
-\r
- protected AbsCachedPrincipal(TAF taf) {\r
- this.taf = taf;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.Timer;\r
-import java.util.TimerTask;\r
-import java.util.TreeMap;\r
-import java.util.concurrent.ConcurrentHashMap;\r
-\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-\r
-/**\r
- * Implement Fast lookup and Cache for Local User Info\r
- * \r
- * Include ability to add and remove Users\r
- * \r
- * Also includes a Timer Thread (when necessary) to invoke cleanup on expiring Credentials\r
- * \r
- *\r
- */\r
-public abstract class AbsUserCache<PERM extends Permission> {\r
- static final int MIN_INTERVAL = 15000;\r
- static final int MAX_INTERVAL = 1000*60*5; // 5 mins\r
- private static Timer timer;\r
- // Map of userName to User\r
- private final Map<String, User<PERM>> userMap;\r
- private final Map<String, Miss> missMap;\r
- private Clean clean;\r
- protected Access access;\r
-// private final static Permission teaser = new LocalPermission("***NoPERM****");\r
- \r
- protected AbsUserCache(Access access, long cleanInterval, int highCount, int usageCount) {\r
- this.access = access;\r
- userMap = new ConcurrentHashMap<String, User<PERM>>();\r
- missMap = new TreeMap<String,Miss>();\r
- if(cleanInterval>0) {\r
- cleanInterval = Math.max(MIN_INTERVAL, cleanInterval);\r
- synchronized(AbsUserCache.class) { // Lazy instantiate.. in case there is no cleanup needed\r
- if(timer==null) {\r
- timer = new Timer("CADI Cleanup Timer",true);\r
- }\r
- \r
- timer.schedule(clean = new Clean(access, cleanInterval, highCount, usageCount), cleanInterval, cleanInterval);\r
- access.log(Access.Level.INIT, "Cleaning Thread initialized with interval of",cleanInterval, "ms and max objects of", highCount);\r
- }\r
- }\r
- }\r
- \r
- @SuppressWarnings("unchecked")\r
- public AbsUserCache(AbsUserCache<PERM> cache) {\r
- this.access = cache.access;\r
- userMap = cache.userMap;\r
- missMap = cache.missMap;\r
- synchronized(AbsUserCache.class) {\r
- if(cache.clean!=null && cache.clean.lur==null && this instanceof CachingLur) {\r
- cache.clean.lur=(CachingLur<PERM>)this;\r
- }\r
- }\r
- }\r
-\r
- protected void setLur(CachingLur<PERM> lur) {\r
- if(clean!=null)clean.lur = lur;\r
- \r
- }\r
- \r
- protected void addUser(User<PERM> user) {\r
- userMap.put(user.principal.getName(), user);\r
- }\r
-\r
- // Useful for looking up by WebToken, etc.\r
- protected void addUser(String key, User<PERM> user) {\r
- userMap.put(key, user);\r
- }\r
- \r
- /**\r
- * Add miss to missMap. If Miss exists, or too many tries, returns false.\r
- * \r
- * otherwise, returns true to allow another attempt.\r
- * \r
- * @param key\r
- * @param bs\r
- * @return\r
- */\r
- protected boolean addMiss(String key, byte[] bs) {\r
- Miss miss = missMap.get(key);\r
- if(miss==null) {\r
- synchronized(missMap) {\r
- missMap.put(key, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval));\r
- }\r
- return true;\r
- }\r
- return miss.add(bs); \r
- }\r
-\r
- protected Miss missed(String key) {\r
- return missMap.get(key);\r
- }\r
-\r
- protected User<PERM> getUser(String userName) {\r
- User<PERM> u = userMap.get(userName);\r
- if(u!=null) {\r
- u.incCount();\r
- }\r
- return u;\r
- }\r
- \r
- protected User<PERM> getUser(Principal principal) {\r
- return getUser(principal.getName()); \r
- }\r
- \r
- /**\r
- * Removes User from the Cache\r
- * @param user\r
- */\r
- protected void remove(User<PERM> user) {\r
- userMap.remove(user.principal.getName());\r
- }\r
- \r
- /**\r
- * Removes user from the Cache\r
- * \r
- * @param user\r
- */\r
- public void remove(String user) {\r
- Object o = userMap.remove(user);\r
- if(o!=null) {\r
- access.log(Level.INFO, user,"removed from Client Cache by Request");\r
- }\r
- }\r
- \r
- /**\r
- * Clear all users from the Client Cache\r
- */\r
- public void clearAll() {\r
- userMap.clear();\r
- }\r
- \r
- public final List<DumpInfo> dumpInfo() {\r
- List<DumpInfo> rv = new ArrayList<DumpInfo>();\r
- for(User<PERM> user : userMap.values()) {\r
- rv.add(new DumpInfo(user));\r
- }\r
- return rv;\r
- }\r
-\r
- /**\r
- * The default behavior of a LUR is to not handle something exclusively.\r
- */\r
- public boolean handlesExclusively(Permission pond) {\r
- return false;\r
- }\r
- \r
- /**\r
- * Container calls when cleaning up... \r
- * \r
- * If overloading in Derived class, be sure to call "super.destroy()"\r
- */\r
- public void destroy() {\r
- if(timer!=null) {\r
- timer.purge();\r
- timer.cancel();\r
- }\r
- }\r
- \r
- \r
-\r
- // Simple map of Group name to a set of User Names\r
- // private Map<String, Set<String>> groupMap = new HashMap<String, Set<String>>();\r
-\r
- /**\r
- * Class to hold a small subset of the data, because we don't want to expose actual Permission or User Objects\r
- */\r
- public final class DumpInfo {\r
- public String user;\r
- public List<String> perms;\r
- \r
- public DumpInfo(User<PERM> user) {\r
- this.user = user.principal.getName();\r
- perms = new ArrayList<String>(user.perms.keySet());\r
- }\r
- }\r
- \r
- /**\r
- * Clean will examine resources, and remove those that have expired.\r
- * \r
- * If "highs" have been exceeded, then we'll expire 10% more the next time. This will adjust after each run\r
- * without checking contents more than once, making a good average "high" in the minimum speed.\r
- * \r
- *\r
- */\r
- private final class Clean extends TimerTask {\r
- private final Access access;\r
- private CachingLur<PERM> lur;\r
- \r
- // The idea here is to not be too restrictive on a high, but to Expire more items by \r
- // shortening the time to expire. This is done by judiciously incrementing "advance"\r
- // when the "highs" are exceeded. This effectively reduces numbers of cached items quickly.\r
- private final int high;\r
- private long advance;\r
- private final long timeInterval;\r
- private final int usageTriggerCount;\r
- \r
- public Clean(Access access, long cleanInterval, int highCount, int usageTriggerCount) {\r
- this.access = access;\r
- lur = null;\r
- high = highCount;\r
- timeInterval = cleanInterval;\r
- advance = 0;\r
- this.usageTriggerCount=usageTriggerCount;\r
- }\r
- public void run() {\r
- int renewed = 0;\r
- int count = 0;\r
- int total = 0;\r
- try {\r
- // look at now. If we need to expire more by increasing "now" by "advance"\r
- ArrayList<User<PERM>> al = new ArrayList<User<PERM>>(userMap.values().size());\r
- al.addAll(0, userMap.values());\r
- long now = System.currentTimeMillis() + advance;\r
- for(User<PERM> user : al) {\r
- ++total;\r
- if(user.count>usageTriggerCount) {\r
- // access.log(Level.AUDIT, "Checking Thread", new Date(now));\r
- boolean touched = false, removed=false;\r
- if(user.principal instanceof CachedPrincipal) {\r
- CachedPrincipal cp = (CachedPrincipal)user.principal;\r
- if(cp.expires() < now) {\r
- switch(cp.revalidate()) {\r
- case INACCESSIBLE:\r
- access.log(Level.AUDIT, "AAF Inaccessible. Keeping credentials");\r
- break;\r
- case REVALIDATED:\r
- user.resetCount();\r
- // access.log(Level.AUDIT, "CACHE revalidated credentials");\r
- touched = true;\r
- break;\r
- default:\r
- user.resetCount();\r
- remove(user);\r
- ++count;\r
- removed = true;\r
- break;\r
- }\r
- }\r
- }\r
- \r
- // access.log(Level.AUDIT, "User Perm Expires", new Date(user.permExpires));\r
- if(!removed && lur!=null && user.permExpires<= now ) {\r
- // access.log(Level.AUDIT, "Reloading");\r
- if(lur.reload(user).equals(Resp.REVALIDATED)) {\r
- user.renewPerm();\r
- access.log(Level.DEBUG, "Reloaded Perms for",user);\r
- touched = true;\r
- }\r
- }\r
- user.resetCount();\r
- if(touched) {\r
- ++renewed;\r
- }\r
- \r
- } else {\r
- if(user.permExpired()) {\r
- remove(user);\r
- ++count;\r
- }\r
- }\r
- }\r
- \r
- // Clean out Misses\r
- int missTotal = missMap.keySet().size();\r
- int miss = 0;\r
- if(missTotal>0) {\r
- ArrayList<String> keys = new ArrayList<String>(missTotal);\r
- keys.addAll(missMap.keySet());\r
- for(String key : keys) {\r
- Miss m = missMap.get(key);\r
- if(m!=null && m.timestamp<System.currentTimeMillis()) {\r
- synchronized(missMap) {\r
- missMap.remove(key);\r
- }\r
- access.log(Level.INFO, key, "has been removed from Missed Credential Map (" + m.tries + " invalid tries)");\r
- ++miss;\r
- }\r
- }\r
- }\r
- \r
- if(count+renewed+miss>0) {\r
- access.log(Level.INFO, (lur==null?"Cache":lur.getClass().getSimpleName()), "removed",count,\r
- "and renewed",renewed,"expired Permissions out of", total,"and removed", miss, "password misses out of",missTotal);\r
- }\r
- \r
- // If High (total) is reached during this period, increase the number of expired services removed for next time.\r
- // There's no point doing it again here, as there should have been cleaned items.\r
- if(total>high) {\r
- // advance cleanup by 10%, without getting greater than timeInterval.\r
- advance = Math.min(timeInterval, advance+(timeInterval/10));\r
- } else {\r
- // reduce advance by 10%, without getting lower than 0.\r
- advance = Math.max(0, advance-(timeInterval/10));\r
- }\r
- } catch (Exception e) {\r
- access.log(Level.ERROR,e.getMessage());\r
- }\r
- }\r
- }\r
- \r
- public static class Miss {\r
- private static final int MAX_TRIES = 3;\r
-\r
- long timestamp;\r
- byte[][] array;\r
-\r
- private long timetolive;\r
-\r
- private int tries;\r
- \r
- public Miss(byte[] first, long timeInterval) {\r
- array = new byte[MAX_TRIES][];\r
- array[0]=first;\r
- timestamp = System.currentTimeMillis() + timeInterval;\r
- this.timetolive = timeInterval;\r
- tries = 1;\r
- }\r
- \r
- public boolean mayContinue(byte[] bs) {\r
- if(++tries > MAX_TRIES) return false;\r
- for(byte[] a : array) {\r
- if(a==null)return true;\r
- if(equals(a,bs)) {\r
- return false;\r
- }\r
- }\r
- return true;\r
- }\r
-\r
- public synchronized boolean add(byte[] bc) {\r
- if(++tries>MAX_TRIES)return false;\r
- timestamp = System.currentTimeMillis()+timetolive;\r
- for(int i=0;i<MAX_TRIES;++i) {\r
- if(array[i]==null) {\r
- array[i]=bc;\r
- return true; // add to array, and allow more tries\r
- } else if(equals(array[i],bc)) {\r
- return false;\r
- }\r
- }\r
- return false; // no more tries until cache cleared.\r
- }\r
- \r
- private boolean equals(byte[] src, byte[] target) {\r
- if(target.length==src.length) {\r
- for(int j=0;j<src.length;++j) {\r
- if(src[j]!=target[j]) return false;\r
- }\r
- return true; // same length and same chars\r
- }\r
- return false;\r
- }\r
- }\r
- \r
- /**\r
- * Report on state\r
- */\r
- public String toString() {\r
- return getClass().getSimpleName() + \r
- " Cache:\n Users Cached: " +\r
- userMap.size() +\r
- "\n Misses Saved: " +\r
- missMap.size() +\r
- '\n';\r
- \r
- }\r
-\r
- public void clear(Principal p, StringBuilder sb) {\r
- sb.append(toString());\r
- userMap.clear();\r
- missMap.clear();\r
- access.log(Level.AUDIT, p.getName(),"has cleared User Cache in",getClass().getSimpleName());\r
- sb.append("Now cleared\n");\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-\r
-/**\r
- * Various Environments require different logging mechanisms, or at least allow\r
- * for different ones. We need the Framework to be able to hook into any particular instance of logging\r
- * mechanism, whether it be a Logging Object within a Servlet Context, or a direct library like log4j.\r
- * This interface, therefore, allows maximum pluggability in a variety of different app styles. \r
- * \r
- *\r
- */\r
-public interface Access {\r
- // levels to use\r
- public enum Level {\r
- DEBUG(0x1), INFO(0x10), AUDIT(0x100), WARN(0x2000), ERROR(0x4000), INIT(0x8000),NONE(0XFFFF);\r
- private final int bit;\r
- \r
- Level(int ord) {\r
- bit = ord;\r
- }\r
- \r
- public boolean inMask(int mask) {\r
- return (mask & bit) == bit;\r
- }\r
- \r
- public int addToMask(int mask) {\r
- return mask | bit;\r
- }\r
-\r
- public int delFromMask(int mask) {\r
- return mask & ~bit;\r
- }\r
-\r
- public int toggle(int mask) {\r
- if(inMask(mask)) {\r
- return delFromMask(mask);\r
- } else {\r
- return addToMask(mask);\r
- }\r
- }\r
-\r
-\r
- public int maskOf() {\r
- int mask=0;\r
- for(Level l : values()) {\r
- if(ordinal()<l.ordinal()) {\r
- mask|=l.bit;\r
- }\r
- }\r
- return mask;\r
- }\r
- }\r
-\r
- /**\r
- * Write a variable list of Object's text via the toString() method with appropriate space, etc.\r
- * @param elements\r
- */\r
- public void log(Level level, Object ... elements);\r
-\r
- /**\r
- * Printf mechanism for Access\r
- * @param level\r
- * @param fmt\r
- * @param elements\r
- */\r
- public void printf(Level level, String fmt, Object ... elements);\r
- \r
- /** \r
- * Check if message will log before constructing\r
- * @param level\r
- * @return\r
- */\r
- public boolean willLog(Level level);\r
-\r
- /**\r
- * Write the contents of an exception, followed by a variable list of Object's text via the \r
- * toString() method with appropriate space, etc.\r
- * \r
- * The Loglevel is always "ERROR"\r
- * \r
- * @param elements\r
- */\r
- public void log(Exception e, Object ... elements);\r
- \r
- /**\r
- * Set the Level to compare logging too\r
- */\r
- public void setLogLevel(Level level);\r
- \r
- /**\r
- * It is important in some cases to create a class from within the same Classloader that created\r
- * Security Objects. Specifically, it's pretty typical for Web Containers to separate classloaders\r
- * so as to allow Apps with different dependencies. \r
- * @return\r
- */\r
- public ClassLoader classLoader();\r
-\r
- public String getProperty(String string, String def);\r
- \r
- public void load(InputStream is) throws IOException;\r
-\r
- /**\r
- * if "anytext" is true, then decryption will always be attempted. Otherwise, only if starts with \r
- * Symm.ENC\r
- * @param encrypted\r
- * @param anytext\r
- * @return\r
- * @throws IOException\r
- */\r
- public String decrypt(String encrypted, boolean anytext) throws IOException;\r
-\r
- public static final Access NULL = new Access() {\r
- public void log(Level level, Object... elements) {\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object... elements) {\r
- }\r
-\r
- public void log(Exception e, Object... elements) {\r
- }\r
-\r
- public ClassLoader classLoader() {\r
- return this.classLoader();\r
- }\r
-\r
- public String getProperty(String string, String def) {\r
- return null;\r
- }\r
-\r
- public void load(InputStream is) throws IOException {\r
- }\r
-\r
- public void setLogLevel(Level level) {\r
- }\r
-\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return encrypted;\r
- }\r
-\r
- @Override\r
- public boolean willLog(Level level) {\r
- return false;\r
- }\r
- };\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-/**\r
- * An Interface for testing on Requests to see if we can get a User and Password\r
- * It works for CadiWrap, but also, Container Specific Wraps (aka Tomcat) should also\r
- * implement.\r
- * \r
- *\r
- */\r
-public interface BasicCred extends GetCred {\r
- public void setUser(String user);\r
- public void setCred(byte[] passwd);\r
- public String getUser();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.IOException;\r
-import java.io.InputStreamReader;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-/**\r
- * BufferedCadiWrap exists to additionally wrap the InputStream with a BufferedInputStream to engage the\r
- * "mark()/release()" API of InputStream.\r
- * \r
- * This is a requirement for Re-Reading Content for brain-dead Middleware such as SOAP WS-Security.\r
- * \r
- * Framework needs to set the TafResp and Lur (typically) later in the \r
- * \r
- *\r
- */\r
-public class BufferedCadiWrap extends CadiWrap {\r
- private BufferedServletInputStream sis;\r
- \r
- public BufferedCadiWrap(HttpServletRequest request) {\r
- super(request, null, null); // will need to set TafResp and Lur separately\r
- sis = null;\r
- }\r
-\r
-\r
- // @Override\r
- public BufferedServletInputStream getInputStream() throws IOException {\r
-// System.out.println("getInputStream() from Buffered CadiWrap... sis = " + sis);\r
-// try {\r
-// throw new Exception("OK, here's where we are...");\r
-// } catch (Exception e) {\r
-// e.printStackTrace();\r
-// }\r
- if(sis==null) {\r
- sis = new BufferedServletInputStream(super.getInputStream());\r
-// } else {\r
-// try {\r
-// System.out.println("sis has " + sis.buffered() + " buffered bytes, and reports " + sis.available() + " available");\r
-// } catch (Exception e) {\r
-// e.printStackTrace();\r
-// }\r
- }\r
- return sis;\r
- }\r
-\r
- // @Override\r
- public BufferedReader getReader() throws IOException {\r
-// System.out.println("getReader() from Buffered CadiWrap... sis = " + sis);\r
-// try {\r
-// throw new Exception("OK, here's where we are...");\r
-// } catch (Exception e) {\r
-// e.printStackTrace();\r
-// }\r
- return new BufferedReader(new InputStreamReader(getInputStream()));\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-\r
-import javax.servlet.ServletInputStream;\r
-\r
-/**\r
- * BufferedServletInputStream\r
- * \r
- * There are cases in brain-dead middleware (SOAP) where they store routing information in the content.\r
- * \r
- * In HTTP, this requires reading the content from the InputStream which, of course, cannot be re-read.\r
- * \r
- * BufferedInputStream exists to implement the "Mark" protocols for Streaming, which will enable being \r
- * re-read. Unfortunately, J2EE chose to require a "ServletInputStream" as an abstract class, rather than\r
- * an interface, which requires we create a delegating pattern, rather than the preferred inheriting pattern. \r
- * \r
- * Unfortunately, the standard "BufferedInputStream" cannot be used, because it simply creates a byte array\r
- * in the "mark(int)" method of that size. This is not appropriate for this application, because the Header \r
- * can be potentially huge, and if a buffer was allocated to accommodate all possibilities, the cost of memory \r
- * allocation would be too large for high performance transactions.\r
- *\r
- * \r
- *\r
- */\r
-public class BufferedServletInputStream extends ServletInputStream {\r
- private static final int NONE = 0;\r
- private static final int STORE = 1;\r
- private static final int READ = 2;\r
- \r
- private InputStream is;\r
- private int state = NONE;\r
- private Capacitor capacitor;\r
-\r
- public BufferedServletInputStream(InputStream is) {\r
- this.is = is;\r
- capacitor = null;\r
- }\r
-\r
-\r
- // @Override\r
- public int read() throws IOException {\r
- int value=-1;\r
- if(capacitor==null) {\r
- value=is.read();\r
- } else {\r
- switch(state) {\r
- case STORE:\r
- value = is.read();\r
- if(value>=0) {\r
- capacitor.put((byte)value);\r
- }\r
- break;\r
- case READ:\r
- value = capacitor.read();\r
- if(value<0) {\r
- capacitor.done();\r
- capacitor=null; // all done with buffer\r
- value = is.read();\r
- }\r
- }\r
- } \r
- return value;\r
- }\r
-\r
- // @Override\r
- public int read(byte[] b) throws IOException {\r
- return read(b,0,b.length);\r
- }\r
-\r
-\r
- // @Override\r
- public int read(byte[] b, int off, int len) throws IOException {\r
- int count = -1;\r
- if(capacitor==null) {\r
- count = is.read(b,off,len);\r
- } else {\r
- switch(state) {\r
- case STORE:\r
- count = is.read(b, off, len);\r
- if(count>0) {\r
- capacitor.put(b, off, count);\r
- }\r
- break;\r
- case READ:\r
- count = capacitor.read(b, off, len);\r
-// System.out.println("Capacitor read " + count);\r
- if(count<=0) {\r
- capacitor.done();\r
- capacitor=null; // all done with buffer\r
- }\r
- if(count<len) {\r
- int temp = is.read(b, count, len-count);\r
-// System.out.println("Capacitor done, stream read " + temp);\r
- if(temp>0) { // watch for -1\r
- count+=temp;\r
- } else {\r
- if(count<=0)count = temp; // must account for Stream coming back -1 \r
- }\r
- }\r
- break;\r
- }\r
- }\r
-// System.out.println("read reports " + count);\r
- return count;\r
- }\r
-\r
- // @Override\r
- public long skip(long n) throws IOException {\r
- long skipped = capacitor.skip(n);\r
- if(skipped<n) {\r
- skipped += is.skip(n-skipped);\r
- }\r
- return skipped;\r
- }\r
-\r
-\r
- // @Override\r
- public int available() throws IOException {\r
- int count = is.available();\r
- if(capacitor!=null)count+=capacitor.available();\r
- return count; \r
- }\r
- \r
- /**\r
- * Return just amount buffered (for debugging purposes, mostly)\r
- * @return\r
- */\r
- public int buffered() {\r
- return capacitor.available();\r
- }\r
-\r
-\r
- // @Override\r
- public void close() throws IOException {\r
- if(capacitor!=null) {\r
- capacitor.done();\r
- capacitor=null;\r
- }\r
- is.close();\r
- }\r
-\r
-\r
- /**\r
- * Note: Readlimit is ignored in this implementation, because the need was for unknown buffer size which wouldn't \r
- * require allocating and dumping huge chunks of memory every use, or risk overflow.\r
- */\r
- // @Override\r
- public synchronized void mark(int readlimit) {\r
- switch(state) {\r
- case NONE:\r
- capacitor = new Capacitor();\r
- break;\r
- case READ:\r
- capacitor.done();\r
- break;\r
- // ignore case STORE:\r
- }\r
- state = STORE;\r
- }\r
-\r
-\r
- /**\r
- * Reset Stream\r
- * \r
- * Calling this twice is not supported in typical Stream situations, but it is allowed in this service. The caveat is that it can only reset\r
- * the data read in since Mark has been called. The data integrity is only valid if you have not continued to read past what is stored.\r
- * \r
- */\r
- // @Override\r
- public synchronized void reset() throws IOException {\r
- switch(state) {\r
- case STORE:\r
- capacitor.setForRead();\r
- state = READ;\r
- break;\r
- case READ:\r
- capacitor.reset();\r
- break;\r
-// throw new IOException("InputStream is already in READ state");\r
- case NONE: \r
- throw new IOException("InputStream has not been marked");\r
- }\r
- }\r
-\r
-\r
- // @Override\r
- public boolean markSupported() {\r
- return true;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.security.Principal;\r
-\r
-/**\r
- * Cached Principals need to be able to revalidate in the background.\r
- * \r
- *\r
- */\r
-public interface CachedPrincipal extends Principal {\r
- public enum Resp {NOT_MINE,UNVALIDATED,REVALIDATED,INACCESSIBLE,DENIED};\r
- \r
- /**\r
- * Re-validate with Creator\r
- * \r
- * @return\r
- */\r
- public abstract Resp revalidate();\r
- \r
- /**\r
- * Store when last updated.\r
- * @return\r
- */\r
- public abstract long expires();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-\r
-\r
-public interface CachingLur<PERM extends Permission> extends Lur {\r
- public abstract void remove(String user);\r
- public abstract Resp reload(User<PERM> user);\r
- public abstract void setDebug(String commaDelimIDsOrNull);\r
- public abstract void clear(Principal p, StringBuilder sb);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-/**\r
- * CADI Specific Exception\r
- */\r
-public class CadiException extends Exception {\r
- /**\r
- * Generated ID \r
- */\r
- private static final long serialVersionUID = -4180145363107742619L;\r
-\r
- public CadiException() {\r
- super();\r
- }\r
-\r
- public CadiException(String message) {\r
- super(message);\r
- }\r
-\r
- public CadiException(Throwable cause) {\r
- super(cause);\r
- }\r
-\r
- public CadiException(String message, Throwable cause) {\r
- super(message, cause);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletRequestWrapper;\r
-\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.filter.NullPermConverter;\r
-import org.onap.aaf.cadi.filter.PermConverter;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-\r
-\r
-/**\r
- * Inherit the HttpServletRequestWrapper, which calls methods of delegate it's created with, but\r
- * overload the key security mechanisms with CADI mechanisms\r
- * \r
- * This works with mechanisms working strictly with HttpServletRequest (i.e. Servlet Filters)\r
- * \r
- * Specialty cases, i.e. Tomcat, which for their containers utilize their own mechanisms and Wrappers, you may\r
- * need something similar. See AppServer specific code (i.e. tomcat) for these.\r
- * \r
- *\r
- */\r
-public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRequest, BasicCred {\r
- private Principal principal;\r
- private Lur lur;\r
- private String user; // used to set user/pass from brain-dead protocols like WSSE \r
- private byte[] password;\r
- private PermConverter pconv;\r
- private Access access; \r
- \r
- /**\r
- * Standard Wrapper constructor for Delegate pattern\r
- * @param request\r
- */\r
- public CadiWrap(HttpServletRequest request, TafResp tafResp, Lur lur) {\r
- super(request);\r
- principal = tafResp.getPrincipal();\r
- access = tafResp.getAccess();\r
- this.lur = lur;\r
- pconv = NullPermConverter.singleton();\r
- }\r
-\r
- /**\r
- * Standard Wrapper constructor for Delegate pattern, with PermConverter\r
- * @param request\r
- */\r
- public CadiWrap(HttpServletRequest request, TafResp tafResp, Lur lur, PermConverter pc) {\r
- super(request);\r
- principal = tafResp.getPrincipal();\r
- access = tafResp.getAccess();\r
- this.lur = lur;\r
- pconv = pc;\r
- }\r
-\r
-\r
- /**\r
- * Part of the HTTP Security API. Declare the User associated with this HTTP Transaction.\r
- * CADI does this by reporting the name associated with the Principal obtained, if any.\r
- */\r
-// @Override\r
- public String getRemoteUser() {\r
- return principal==null?null:principal.getName();\r
- }\r
-\r
- /**\r
- * Part of the HTTP Security API. Return the User Principal associated with this HTTP \r
- * Transaction.\r
- */\r
-// @Override\r
- public Principal getUserPrincipal() {\r
- return principal;\r
- }\r
- \r
- /**\r
- * This is the key API call for AUTHZ in J2EE. Given a Role (String passed in), is the user\r
- * associated with this HTTP Transaction allowed to function in this Role?\r
- * \r
- * For CADI, we pass the responsibility for determining this to the "LUR", which may be\r
- * determined by the Enterprise.\r
- * \r
- * Note: Role check is also done in "CadiRealm" in certain cases...\r
- * \r
- *\r
- */\r
-// @Override\r
- public boolean isUserInRole(String perm) {\r
- return perm==null?false:checkPerm(access,"(HttpRequest)",principal,pconv,lur,perm);\r
- }\r
- \r
- public static boolean checkPerm(Access access, String caller, Principal principal, PermConverter pconv, Lur lur, String perm) {\r
- if(principal== null) {\r
- access.log(Level.AUDIT,caller, "No Principal in Transaction");\r
- return false;\r
- } else { \r
- perm = pconv.convert(perm);\r
- if(lur.fish(principal,lur.createPerm(perm))) {\r
- access.log(Level.DEBUG,caller, principal.getName(), "has", perm);\r
- return true;\r
- } else {\r
- access.log(Level.DEBUG,caller, principal.getName(), "does not have", perm);\r
- return false;\r
- }\r
- }\r
-\r
- }\r
-\r
- /** \r
- * CADI Function (Non J2EE standard). GetPermissions will read the Permissions from AAF (if configured) and Roles from Local Lur, etc\r
- * as implemented with lur.fishAll\r
- * \r
- * To utilize, the Request must be a "CadiWrap" object, then call.\r
- */\r
- public List<Permission> getPermissions(Principal p) {\r
- List<Permission> perms = new ArrayList<Permission>();\r
- lur.fishAll(p, perms);\r
- return perms;\r
- }\r
- /**\r
- * Allow setting of tafResp and lur after construction\r
- * \r
- * This can happen if the CadiWrap is constructed in a Valve other than CadiValve\r
- */\r
- public void set(TafResp tafResp, Lur lur) {\r
- principal = tafResp.getPrincipal();\r
- access = tafResp.getAccess();\r
- this.lur = lur;\r
- }\r
-\r
- public String getUser() {\r
- if(user==null && principal!=null) {\r
- user = principal.getName();\r
- }\r
- return user;\r
- }\r
-\r
- public byte[] getCred() {\r
- return password;\r
- }\r
-\r
- public void setUser(String user) {\r
- this.user = user;\r
- }\r
-\r
- public void setCred(byte[] passwd) {\r
- password = passwd;\r
- }\r
- \r
- public CadiWrap setPermConverter(PermConverter pc) {\r
- pconv = pc;\r
- return this;\r
- }\r
- \r
- // Add a feature\r
- public void invalidate(String id) {\r
- if(lur instanceof EpiLur) {\r
- ((EpiLur)lur).remove(id);\r
- } else if(lur instanceof CachingLur) {\r
- ((CachingLur<?>)lur).remove(id);\r
- }\r
- }\r
- \r
- public Lur getLur() {\r
- return lur;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.nio.ByteBuffer;\r
-import java.util.ArrayList;\r
-\r
-/**\r
- * Capacitor\r
- * \r
- * Storage mechanism for read data, specifically designed for InputStreams.\r
- * \r
- * The Standard BufferedInputStream requires a limit to be set for buffered reading, which is \r
- * impractical for reading SOAP headers, which can be quite large.\r
- *\r
- */\r
-public class Capacitor {\r
- private static final int DEFAULT_CHUNK = 256;\r
- private ArrayList<ByteBuffer> bbs = new ArrayList<ByteBuffer>();\r
- private ByteBuffer curr = null;\r
- private int idx;\r
- \r
- // Maintain a private RingBuffer for Memory, for efficiency\r
- private static ByteBuffer[] ring = new ByteBuffer[16];\r
- private static int start, end;\r
- \r
- \r
- public void put(byte b) {\r
- if(curr == null || curr.remaining()==0) { // ensure we have a "curr" buffer ready for data\r
- curr = ringGet();\r
- bbs.add(curr);\r
- }\r
- curr.put(b); \r
- }\r
-\r
- public int read() {\r
- if(curr!=null) { \r
- if(curr.remaining()>0) { // have a buffer, use it!\r
- return curr.get();\r
- } else if(idx<bbs.size()){ // Buffer not enough, get next one from array\r
- if(idx<bbs.size()) {\r
- curr=bbs.get(idx++);\r
- return curr.get();\r
- }\r
- }\r
- } // if no curr buffer, treat as end of stream\r
- return -1;\r
- }\r
- \r
- /**\r
- * read into an array like Streams\r
- * \r
- * @param array\r
- * @param offset\r
- * @param length\r
- * @return\r
- */\r
- public int read(byte[] array, int offset, int length) {\r
- if(curr==null)return -1;\r
- int len;\r
- int count=0;\r
- while(length>0) { // loop through while there's data needed\r
- if((len=curr.remaining())>length) { // if enough data in curr buffer, use this code\r
- curr.get(array,offset,length);\r
- count+=length;\r
- length=0;\r
- } else { // get data from curr, mark how much is needed to fulfil, and loop for next curr.\r
- curr.get(array,offset,len);\r
- count+=len;\r
- offset+=len;\r
- length-=len;\r
- if(idx<bbs.size()) {\r
- curr=bbs.get(idx++);\r
- } else {\r
- length=0; // stop, and return the count of how many we were able to load\r
- }\r
- }\r
- }\r
- return count;\r
- }\r
-\r
- /**\r
- * Put an array of data into Capacitor\r
- * \r
- * @param array\r
- * @param offset\r
- * @param length\r
- */\r
- public void put(byte[] array, int offset, int length) {\r
- if(curr == null || curr.remaining()==0) {\r
- curr = ringGet();\r
- bbs.add(curr);\r
- }\r
- \r
- int len;\r
- while(length>0) {\r
- if((len=curr.remaining())>length) {\r
- curr.put(array,offset,length);\r
- length=0;\r
- } else {\r
-// System.out.println(new String(array));\r
- curr.put(array,offset,len);\r
- length-=len;\r
- offset+=len;\r
- curr = ringGet();\r
- bbs.add(curr);\r
- }\r
- }\r
- }\r
- \r
- /**\r
- * Move state from Storage mode into Read mode, changing all internal buffers to read mode, etc\r
- */\r
- public void setForRead() {\r
- for(ByteBuffer bb : bbs) {\r
- bb.flip();\r
- }\r
- if(bbs.isEmpty()) {\r
- curr = null;\r
- idx = 0;\r
- } else {\r
- curr=bbs.get(0);\r
- idx=1;\r
- }\r
- }\r
- \r
- /**\r
- * reuse all the buffers\r
- */\r
- public void done() {\r
- for(ByteBuffer bb : bbs) {\r
- ringPut(bb);\r
- }\r
- bbs.clear();\r
- curr = null;\r
- }\r
- \r
- /**\r
- * Declare amount of data available to be read at once.\r
- * \r
- * @return\r
- */\r
- public int available() {\r
- int count = 0;\r
- for(ByteBuffer bb : bbs) {\r
- count+=bb.remaining();\r
- }\r
- return count;\r
- }\r
- \r
- /**\r
- * Returns how many are left that were not skipped\r
- * @param n\r
- * @return\r
- */\r
- public long skip(long n) {\r
- long skipped=0L;\r
- int skip;\r
- while(n>0) {\r
- if(n<(skip=curr.remaining())) {\r
- curr.position(curr.position()+(int)n);\r
- skipped+=skip;\r
- n=0;\r
- } else {\r
- curr.position(curr.limit());\r
- \r
- skipped-=skip;\r
- if(idx<bbs.size()) {\r
- curr=bbs.get(idx++);\r
- n-=skip;\r
- } else {\r
- n=0;\r
- }\r
- }\r
- }\r
- return skipped;\r
- }\r
- /**\r
- * Be able to re-read data that is stored that has already been re-read. This is not a standard Stream behavior, but can be useful\r
- * in a standalone mode.\r
- */\r
- public void reset() {\r
- for(ByteBuffer bb : bbs) {\r
- bb.position(0);\r
- }\r
- if(bbs.isEmpty()) {\r
- curr = null;\r
- idx = 0;\r
- } else {\r
- curr=bbs.get(0);\r
- idx=1;\r
- }\r
- }\r
-\r
- /*\r
- * Ring Functions. Reuse allocated memory \r
- */\r
- private ByteBuffer ringGet() {\r
- ByteBuffer bb = null;\r
- synchronized(ring) {\r
- bb=ring[start];\r
- ring[start]=null;\r
- if(bb!=null && ++start>15)start=0;\r
- }\r
- if(bb==null) {\r
- bb=ByteBuffer.allocate(DEFAULT_CHUNK);\r
- } else {\r
- bb.clear();// refresh reused buffer\r
- }\r
- return bb;\r
- }\r
- \r
- private void ringPut(ByteBuffer bb) {\r
- synchronized(ring) {\r
- ring[end]=bb; // if null or not, BB will just be Garbage collected\r
- if(++end>15)end=0;\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.FileReader;\r
-import java.io.IOException;\r
-import java.io.InputStreamReader;\r
-import java.net.InetAddress;\r
-import java.net.UnknownHostException;\r
-import java.security.NoSuchAlgorithmException;\r
-\r
-import org.onap.aaf.cadi.util.Chmod;\r
-import org.onap.aaf.cadi.util.JsonOutputStream;\r
-\r
-\r
-\r
-/**\r
- * A Class to run on command line to determine suitability of environment for certain TAFs.\r
- * \r
- * For instance, CSP supports services only in certain domains, and while dynamic host\r
- * lookups on the machine work in most cases, sometimes, names and IPs are unexpected (and\r
- * invalid) for CSP because of multiple NetworkInterfaces, etc\r
- * \r
- *\r
- */\r
-public class CmdLine {\r
-\r
- /**\r
- * @param args\r
- */\r
- public static void main(String[] args) {\r
- if(args.length>0) {\r
- if("digest".equalsIgnoreCase(args[0]) && (args.length>2 || (args.length>1 && System.console()!=null))) {\r
- String keyfile;\r
- String password;\r
- if(args.length>2) {\r
- password = args[1];\r
- keyfile = args[2];\r
- } else {\r
- keyfile = args[1];\r
- password = new String(System.console().readPassword("Type here (keystrokes hidden): "));\r
- }\r
-\r
- try {\r
- Symm symm;\r
- FileInputStream fis = new FileInputStream(keyfile);\r
- try {\r
- symm = Symm.obtain(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- symm.enpass(password, System.out);\r
- System.out.println();\r
- System.out.flush();\r
- return;\r
- /* testing code... don't want it exposed\r
- System.out.println(" ******** Testing *********");\r
- for(int i=0;i<100000;++i) {\r
- System.out.println(args[1]);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- b64.enpass(args[1], baos);\r
- String pass; \r
- System.out.println(pass=new String(baos.toByteArray()));\r
- ByteArrayOutputStream reconstituted = new ByteArrayOutputStream();\r
- b64.depass(pass, reconstituted);\r
- String r = reconstituted.toString();\r
- System.out.println(r);\r
- if(!r.equals(args[1])) {\r
- System.err.println("!!!!! STOP - ERROR !!!!!");\r
- return;\r
- }\r
- System.out.println();\r
- }\r
- System.out.flush();\r
- */\r
- \r
- } catch (IOException e) {\r
- System.err.println("Cannot digest password");\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
-// . Oh, well, Deployment services need this behavior. I will put this code in, but leave it undocumented. \r
-// One still needs access to the keyfile to read.\r
-// July 2016 - thought of a tool "CMPass" to reguritate from properties, but only if allowed.\r
- } else if("regurgitate".equalsIgnoreCase(args[0]) && args.length>2) {\r
- try {\r
- Symm symm;\r
- FileInputStream fis = new FileInputStream(args[2]);\r
- try {\r
- symm = Symm.obtain(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- boolean isFile = false;\r
- if("-i".equals(args[1]) || (isFile="-f".equals(args[1]))) {\r
- BufferedReader br;\r
- if(isFile) {\r
- if(args.length<4) {\r
- System.err.println("Filename in 4th position");\r
- return;\r
- }\r
- br = new BufferedReader(new FileReader(args[3]));\r
- } else {\r
- br = new BufferedReader(new InputStreamReader(System.in));\r
- }\r
- try {\r
- String line;\r
- boolean cont = false;\r
- StringBuffer sb = new StringBuffer();\r
- JsonOutputStream jw = new JsonOutputStream(System.out);\r
- while((line=br.readLine())!=null) {\r
- if(cont) {\r
- int end;\r
- if((end=line.indexOf('"'))>=0) {\r
- sb.append(line,0,end);\r
- cont=false;\r
- } else {\r
- sb.append(line);\r
- }\r
- } else {\r
- int idx;\r
- if((idx = line.indexOf(' '))>=0 \r
- && (idx = line.indexOf(' ',++idx))>0\r
- && (idx = line.indexOf('=',++idx))>0\r
- && (idx = line.indexOf('=',++idx))>0\r
- ) {\r
- System.out.println(line.substring(0, idx-5));\r
- int start = idx+2;\r
- int end;\r
- if((end=line.indexOf('"',start))<0) {\r
- end = line.length();\r
- cont = true;\r
- }\r
- sb.append(line,start,end);\r
- }\r
- }\r
- if(sb.length()>0) {\r
- symm.depass(sb.toString(),jw);\r
- if(!cont) {\r
- System.out.println();\r
- }\r
- }\r
- System.out.flush();\r
- sb.setLength(0);\r
- if(!cont) {\r
- jw.resetIndent();\r
- }\r
- }\r
- } finally {\r
- if(isFile) {\r
- br.close();\r
- }\r
- }\r
- } else {\r
- symm.depass(args[1], System.out);\r
- }\r
- System.out.println();\r
- System.out.flush();\r
- return;\r
- } catch (IOException e) {\r
- System.err.println("Cannot regurgitate password");\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- } else if("encode64".equalsIgnoreCase(args[0]) && args.length>1) {\r
- try {\r
- Symm.base64.encode(args[1], System.out);\r
- System.out.println();\r
- System.out.flush();\r
- return;\r
- } catch (IOException e) {\r
- System.err.println("Cannot encode Base64 with " + args[1]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- } else if("decode64".equalsIgnoreCase(args[0]) && args.length>1) {\r
- try {\r
- Symm.base64.decode(args[1], System.out);\r
- System.out.println();\r
- System.out.flush();\r
- return;\r
- } catch (IOException e) {\r
- System.err.println("Cannot decode Base64 text from " + args[1]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- } else if("encode64url".equalsIgnoreCase(args[0]) && args.length>1) {\r
- try {\r
- Symm.base64url.encode(args[1], System.out);\r
- System.out.println();\r
- System.out.flush();\r
- return;\r
- } catch (IOException e) {\r
- System.err.println("Cannot encode Base64url with " + args[1]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- } else if("decode64url".equalsIgnoreCase(args[0]) && args.length>1) {\r
- try {\r
- Symm.base64url.decode(args[1], System.out);\r
- System.out.println();\r
- System.out.flush();\r
- return;\r
- } catch (IOException e) {\r
- System.err.println("Cannot decode Base64url text from " + args[1]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- } else if("md5".equalsIgnoreCase(args[0]) && args.length>1) {\r
- try {\r
- System.out.println(Hash.encryptMD5asStringHex(args[1]));\r
- System.out.flush();\r
- } catch (NoSuchAlgorithmException e) {\r
- System.err.println("Cannot hash MD5 from " + args[1]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- return;\r
- } else if("sha256".equalsIgnoreCase(args[0]) && args.length>1) {\r
- try {\r
- if(args.length>2) {\r
- int salt = Integer.parseInt(args[2]);\r
- System.out.println(Hash.hashSHA256asStringHex(args[1],salt));\r
- } else { \r
- System.out.println(Hash.hashSHA256asStringHex(args[1]));\r
- }\r
- } catch (NoSuchAlgorithmException e) {\r
- System.err.println("Cannot hash SHA256 text from " + args[1]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- System.out.flush();\r
- return;\r
- } else if("keygen".equalsIgnoreCase(args[0])) {\r
- try {\r
- if(args.length>1) {\r
- File f = new File(args[1]);\r
- FileOutputStream fos = new FileOutputStream(f);\r
- try {\r
- fos.write(Symm.baseCrypt().keygen());\r
- fos.flush();\r
- } finally {\r
- fos.close();\r
- Chmod.to400.chmod(f);\r
- }\r
- } else {\r
- // create a Symmetric Key out of same characters found in base64\r
- System.out.write(Symm.baseCrypt().keygen());\r
- System.out.flush();\r
- }\r
- return;\r
- } catch (IOException e) {\r
- System.err.println("Cannot create a key " + args[0]);\r
- System.err.println(" \""+ e.getMessage() + '"');\r
- }\r
- \r
- } else if("passgen".equalsIgnoreCase(args[0])) {\r
- int numDigits;\r
- if(args.length <= 1) {\r
- numDigits = 24;\r
- } else {\r
- numDigits = Integer.parseInt(args[1]); \r
- if(numDigits<8)numDigits = 8;\r
- }\r
- String pass;\r
- boolean noLower,noUpper,noDigits,noSpecial,repeats;\r
- do {\r
- pass = Symm.randomGen(numDigits);\r
- noLower=noUpper=noDigits=noSpecial=true;\r
- repeats=false;\r
- int c=-1,last;\r
- for(int i=0;i<numDigits;++i) {\r
- last = c;\r
- c = pass.charAt(i);\r
- if(c==last) {\r
- repeats=true;\r
- break;\r
- }\r
- \r
- if(noLower) {\r
- noLower=!(c>=0x61 && c<=0x7A);\r
- continue;\r
- } \r
- if(noUpper) {\r
- noUpper=!(c>=0x41 && c<=0x5A);\r
- continue;\r
- } \r
- if(noDigits) {\r
- noDigits=!(c>=0x30 && c<=0x39);\r
- continue;\r
- } \r
- if(noSpecial) {\r
- noSpecial = "+!@#$%^&*(){}[]?:;,.".indexOf(c)<0;\r
- continue;\r
- } \r
- \r
- break;\r
- }\r
- } while(noLower || noUpper || noDigits || noSpecial || repeats);\r
- System.out.println(pass.substring(0,numDigits));\r
- } else if("urlgen".equalsIgnoreCase(args[0])) {\r
- int numDigits;\r
- if(args.length < 1) {\r
- numDigits = 24;\r
- } else {\r
- numDigits = Integer.parseInt(args[1]); \r
- }\r
- System.out.println(Symm.randomGen(Symm.base64url.codeset, numDigits).substring(0,numDigits));\r
- \r
- } else if("csptest".equalsIgnoreCase(args[0])) {\r
- try {\r
- System.out.println("CSP Compatibility test");\r
- \r
- String hostName = InetAddress.getLocalHost().getCanonicalHostName();\r
- \r
- System.out.println(" Your automatic hostname is reported as \"" + hostName + "\"\n");\r
- System.out.flush();\r
- return;\r
- } catch (UnknownHostException e) {\r
- e.printStackTrace(System.err);\r
- }\r
- }\r
- } else {\r
- System.out.println("Usage: java -jar <this jar> ...");\r
- System.out.println(" keygen [<keyfile>] (Generates Key on file, or Std Out)");\r
- System.out.println(" digest <keyfile> (Encrypts to Key with \"keyfile\")");\r
- System.out.println(" passgen <digits> (Generate Password of given size)");\r
- System.out.println(" urlgen <digits> (Generate URL field of given size)");\r
- System.out.println(" csptest (Tests for CSP compatibility)");\r
- System.out.println(" encode64 <your text> (Encodes to Base64)");\r
- System.out.println(" decode64 <base64 encoded text> (Decodes from Base64)");\r
- System.out.println(" encode64url <your text> (Encodes to Base64 URL charset)");\r
- System.out.println(" decode64url <base64url encoded text> (Decodes from Base64 URL charset)");\r
- System.out.println(" sha256 <text> (Digest String into SHA256 Hash)");\r
- System.out.println(" md5 <text> (Digest String into MD5 Hash)");\r
- }\r
- System.exit(1);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-public interface Connector {\r
- public Lur newLur() throws CadiException;\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-/**\r
- * UserPass\r
- * \r
- * The essential interface required by BasicAuth to determine if a given User/Password combination is \r
- * valid. This is done as an interface.\r
- * \r
- */\r
-public interface CredVal {\r
- public enum Type{PASSWORD};\r
- /**\r
- * Validate if the User/Password combination matches records \r
- * @param user\r
- * @param pass\r
- * @return\r
- */\r
- public boolean validate(String user, Type type, byte[] cred);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-public interface GetCred {\r
- byte[] getCred();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.nio.ByteBuffer;\r
-import java.security.MessageDigest;\r
-import java.security.NoSuchAlgorithmException;\r
-\r
-public class Hash {\r
- private static char hexDigit[] = "0123456789abcdef".toCharArray();\r
- \r
-/////////////////////////////////\r
-// MD5\r
-/////////////////////////////////\r
- /**\r
- * Encrypt MD5 from Byte Array to Byte Array\r
- * @param input\r
- * @return\r
- * @throws NoSuchAlgorithmException\r
- */\r
- public static byte[] encryptMD5 (byte[] input) throws NoSuchAlgorithmException {\r
- MessageDigest md = MessageDigest.getInstance("MD5");\r
- md.update(input); \r
- return md.digest();\r
- }\r
-\r
- /**\r
- * Encrypt MD5 from Byte Array to Byte Array\r
- * @param input\r
- * @return\r
- * @throws NoSuchAlgorithmException\r
- */\r
- public static byte[] encryptMD5 (byte[] input, int offset, int length) throws NoSuchAlgorithmException {\r
- MessageDigest md = MessageDigest.getInstance("MD5");\r
- md.update(input,offset,length); \r
- return md.digest();\r
- }\r
-\r
-\r
-\r
- /**\r
- * Convenience Function: Encrypt MD5 from String to String Hex representation \r
- * \r
- * @param input\r
- * @return\r
- * @throws NoSuchAlgorithmException\r
- */\r
- public static String encryptMD5asStringHex(String input) throws NoSuchAlgorithmException {\r
- byte[] output = encryptMD5(input.getBytes());\r
- StringBuilder sb = new StringBuilder("0x");\r
- for (byte b : output) {\r
- sb.append(hexDigit[(b >> 4) & 0x0f]);\r
- sb.append(hexDigit[b & 0x0f]);\r
- }\r
- return sb.toString();\r
- }\r
-\r
-/////////////////////////////////\r
-// SHA256\r
-/////////////////////////////////\r
- /**\r
- * SHA256 Hashing\r
- */\r
- public static byte[] hashSHA256(byte[] input) throws NoSuchAlgorithmException {\r
- MessageDigest md = MessageDigest.getInstance("SHA-256");\r
- md.update(input); \r
- return md.digest();\r
- }\r
-\r
- /**\r
- * SHA256 Hashing\r
- */\r
- public static byte[] hashSHA256(byte[] input, int offset, int length) throws NoSuchAlgorithmException {\r
- MessageDigest md = MessageDigest.getInstance("SHA-256");\r
- md.update(input,offset,length); \r
- return md.digest();\r
- }\r
- \r
- /**\r
- * Convenience Function: Hash from String to String Hex representation\r
- * \r
- * @param input\r
- * @return\r
- * @throws NoSuchAlgorithmException\r
- */\r
- public static String hashSHA256asStringHex(String input) throws NoSuchAlgorithmException {\r
- byte[] output = hashSHA256(input.getBytes());\r
- StringBuilder sb = new StringBuilder("0x");\r
- for (byte b : output) {\r
- sb.append(hexDigit[(b >> 4) & 0x0f]);\r
- sb.append(hexDigit[b & 0x0f]);\r
- }\r
- return sb.toString();\r
- }\r
-\r
- /**\r
- * Convenience Function: Hash from String to String Hex representation\r
- * \r
- * @param input\r
- * @return\r
- * @throws NoSuchAlgorithmException\r
- */\r
- public static String hashSHA256asStringHex(String input, int salt) throws NoSuchAlgorithmException {\r
- byte[] in = input.getBytes();\r
- ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + in.length);\r
- bb.putInt(salt);\r
- bb.put(input.getBytes());\r
- byte[] output = Hash.hashSHA256(bb.array());\r
- StringBuilder sb = new StringBuilder("0x");\r
- for (byte b : output) {\r
- sb.append(hexDigit[(b >> 4) & 0x0f]);\r
- sb.append(hexDigit[b & 0x0f]);\r
- }\r
- return sb.toString();\r
- }\r
- \r
- /**\r
- * Compare two byte arrays for equivalency\r
- * @param ba1\r
- * @param ba2\r
- * @return\r
- */\r
- public static boolean isEqual(byte ba1[], byte ba2[]) {\r
- if(ba1.length!=ba2.length)return false;\r
- for(int i = 0;i<ba1.length; ++i) {\r
- if(ba1[i]!=ba2[i])return false;\r
- }\r
- return true;\r
- }\r
-\r
- public static int compareTo(byte[] a, byte[] b) {\r
- int end = Math.min(a.length, b.length);\r
- int compare = 0;\r
- for(int i=0;compare == 0 && i<end;++i) {\r
- compare = a[i]-b[i];\r
- }\r
- if(compare==0)compare=a.length-b.length;\r
- return compare;\r
- }\r
- \r
- public static String toHex(byte[] ba) {\r
- StringBuilder sb = new StringBuilder("0x");\r
- for (byte b : ba) {\r
- sb.append(hexDigit[(b >> 4) & 0x0f]);\r
- sb.append(hexDigit[b & 0x0f]);\r
- }\r
- return sb.toString();\r
- }\r
- \r
- public static byte[] fromHex(String s) throws CadiException{\r
- if(!s.startsWith("0x")) {\r
- throw new CadiException("HexString must start with \"0x\"");\r
- }\r
- boolean high = true;\r
- int c;\r
- byte b;\r
- byte[] ba = new byte[(s.length()-2)/2];\r
- int idx;\r
- for(int i=2;i<s.length();++i) {\r
- c = s.charAt(i);\r
- if(c>=0x30 && c<=0x39) {\r
- b=(byte)(c-0x30);\r
- } else if(c>=0x61 && c<=0x66) {\r
- b=(byte)(c-0x57); // account for "A"\r
- } else if(c>=0x41 && c<=0x46) {\r
- b=(byte)(c-0x37);\r
- } else {\r
- throw new CadiException("Invalid char '" + c + "' in HexString");\r
- }\r
- idx = (i-2)/2;\r
- if(high) {\r
- ba[idx]=(byte)(b<<4);\r
- high = false;\r
- } else {\r
- ba[idx]|=b;\r
- high = true;\r
- }\r
- }\r
- return ba;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-public interface Locator<T> {\r
- public T get(Locator.Item item) throws LocatorException;\r
- public boolean hasItems();\r
- public void invalidate(Locator.Item item) throws LocatorException;\r
- public Locator.Item best() throws LocatorException;\r
- public Item first() throws LocatorException;\r
- public Item next(Item item) throws LocatorException;\r
- public boolean refresh();\r
- public void destroy();\r
- \r
- public interface Item {}\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-public class LocatorException extends Exception {\r
- /**\r
- * \r
- */\r
- private static final long serialVersionUID = -4267929804321134469L;\r
-\r
- public LocatorException(String arg0) {\r
- super(arg0);\r
- }\r
-\r
- public LocatorException(Throwable arg0) {\r
- super(arg0);\r
- }\r
-\r
- public LocatorException(String arg0, Throwable arg1) {\r
- super(arg0, arg1);\r
- }\r
-\r
- public LocatorException(CharSequence cs) {\r
- super(cs.toString());\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.security.Principal;\r
-import java.util.List;\r
-\r
-\r
-\r
-/**\r
- * LUR: Local User Registry\r
- *\r
- * Concept by Robert Garskof, Implementation by Jonathan Gathman\r
- * \r
- * Where we can keep local copies of users and roles for faster Authorization when asked.\r
- * \r
- * Note: Author cannot resist the mental image of using a Fishing Lure to this LUR pattern \r
- * \r
- *\r
- */\r
-public interface Lur {\r
- /**\r
- * Allow the Lur, which has correct Permission access, to create and hand back. \r
- */\r
- public Permission createPerm(String p);\r
- \r
- /** \r
- * Fish for Principals in a Pond\r
- * \r
- * or more boringly, is the User identified within a named collection representing permission.\r
- * \r
- * @param principalName\r
- * @return\r
- */\r
- public boolean fish(Principal bait, Permission pond);\r
-\r
- /** \r
- * Fish all the Principals out a Pond\r
- * \r
- * For additional humor, pronounce the following with a Southern Drawl, "FishOil"\r
- * \r
- * or more boringly, load the List with Permissions found for Principal\r
- * \r
- * @param principalName\r
- * @return\r
- */\r
- public void fishAll(Principal bait, List<Permission> permissions);\r
-\r
- /**\r
- * Allow implementations to disconnect, or cleanup resources if unneeded\r
- */\r
- public void destroy();\r
-\r
- /**\r
- * Does this LUR handle this pond exclusively? Important for EpiLUR to determine whether \r
- * to try another (more expensive) LUR \r
- * @param pond\r
- * @return\r
- */\r
- public boolean handlesExclusively(Permission pond); \r
- \r
- /**\r
- * What domain of User does this LUR support? (used to avoid asking when not possible)\r
- * \r
- * @param bait\r
- * @return\r
- */\r
- public boolean supports(String userName);\r
- \r
- /**\r
- * Clear: Clear any Caching, if exists\r
- */\r
- public void clear(Principal p, StringBuilder report);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-public interface Permission {\r
- public String permType();\r
- public String getKey();\r
- public boolean match(Permission p);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.PrintStream;\r
-import java.text.SimpleDateFormat;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.List;\r
-import java.util.Map.Entry;\r
-\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfo;\r
-\r
-import java.util.Properties;\r
-\r
-public class PropAccess implements Access {\r
- private static final SimpleDateFormat iso8601 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");\r
-\r
- public static Level DEFAULT = Level.AUDIT;\r
- \r
- private Symm symm;\r
- private int level;\r
- private Properties props;\r
- private List<String> recursionProtection = null;\r
- private PrintStream out;\r
- \r
- private String name;\r
-\r
- public PropAccess() {\r
- out=System.out;\r
- init(null);\r
- }\r
- \r
- /**\r
- * This Constructor soley exists to instantiate Servlet Context Based Logging that will call "init" later.\r
- * @param sc\r
- */\r
- protected PropAccess(Object o) {\r
- out=System.out;\r
- props = new Properties();\r
- }\r
- \r
- public PropAccess(String ... args) {\r
- this(System.out,args);\r
- }\r
- \r
- public PropAccess(PrintStream ps, String[] args) {\r
- out=ps==null?System.out:ps;\r
- Properties nprops=new Properties();\r
- int eq;\r
- for(String arg : args) {\r
- if((eq=arg.indexOf('='))>0) {\r
- nprops.setProperty(arg.substring(0, eq),arg.substring(eq+1));\r
- }\r
- }\r
- init(nprops);\r
- }\r
-\r
- public PropAccess(Properties p) {\r
- this(System.out,p);\r
- }\r
- \r
- public PropAccess(PrintStream ps, Properties p) {\r
- out=ps==null?System.out:ps;\r
- init(p);\r
- }\r
- \r
- protected void init(Properties p) {\r
- // Make sure these two are set before any changes in Logging\r
- name = "cadi";\r
- level=DEFAULT.maskOf();\r
- \r
- props = new Properties();\r
- // First, load related System Properties\r
- for(Entry<Object,Object> es : System.getProperties().entrySet()) {\r
- String key = es.getKey().toString();\r
- for(String start : new String[] {"cadi_","aaf_","cm_","csp_"}) {\r
- if(key.startsWith(start)) {\r
- props.put(key, es.getValue());\r
- }\r
- } \r
- }\r
- // Second, overlay or fill in with Passed in Props\r
- if(p!=null) {\r
- props.putAll(p);\r
- }\r
- \r
- // Third, load any Chained Property Files\r
- load(props.getProperty(Config.CADI_PROP_FILES));\r
- \r
- String sLevel = props.getProperty(Config.CADI_LOGLEVEL); \r
- if(sLevel!=null) {\r
- level=Level.valueOf(sLevel).maskOf(); \r
- }\r
- // Setup local Symmetrical key encryption\r
- if(symm==null) {\r
- symm = Symm.obtain(this);\r
- }\r
- \r
- name = props.getProperty(Config.CADI_LOGNAME, name);\r
- \r
- // Critical - if no Security Protocols set, then set it. We'll just get messed up if not\r
- if(props.get(Config.CADI_PROTOCOLS)==null) {\r
- props.setProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT);\r
- }\r
- }\r
-\r
- private void load(String cadi_prop_files) {\r
- String prevKeyFile = props.getProperty(Config.CADI_KEYFILE);\r
-\r
- if(cadi_prop_files!=null) {\r
- int prev = 0, end = cadi_prop_files.length();\r
- int idx;\r
- String filename;\r
- while(prev<end) {\r
- idx = cadi_prop_files.indexOf(File.pathSeparatorChar,prev);\r
- if(idx<0) {\r
- idx = end;\r
- }\r
- File file = new File(filename=cadi_prop_files.substring(prev,idx));\r
- if(file.exists()) {\r
- printf(Level.INIT,"Loading CADI Properties from %s",file.getAbsolutePath());\r
- try {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- props.load(fis);\r
- // Recursively Load\r
- String chainProp = props.getProperty(Config.CADI_PROP_FILES);\r
- if(chainProp!=null) {\r
- if(recursionProtection==null) {\r
- recursionProtection = new ArrayList<String>();\r
- recursionProtection.add(cadi_prop_files);\r
- }\r
- if(!recursionProtection.contains(chainProp)) {\r
- recursionProtection.add(chainProp);\r
- load(chainProp); // recurse\r
- }\r
- }\r
- } finally {\r
- fis.close();\r
- }\r
- } catch (Exception e) {\r
- log(e,filename,"cannot be opened");\r
- }\r
- } else {\r
- printf(Level.WARN,"Warning: recursive CADI Property %s does not exist",file.getAbsolutePath());\r
- }\r
- prev = idx+1;\r
- }\r
- }\r
- // Reset Symm if Keyfile Changes:\r
- String newKeyFile = props.getProperty(Config.CADI_KEYFILE);\r
- if((prevKeyFile==null && newKeyFile!=null) || (newKeyFile!=null && !newKeyFile.equals(prevKeyFile))) {\r
- symm = Symm.obtain(this);\r
- prevKeyFile=newKeyFile;\r
- }\r
- \r
- String loglevel = props.getProperty(Config.CADI_LOGLEVEL);\r
- if(loglevel!=null) {\r
- try {\r
- level=Level.valueOf(loglevel).maskOf();\r
- } catch (IllegalArgumentException e) {\r
- printf(Level.ERROR,"%s=%s is an Invalid Log Level",Config.CADI_LOGLEVEL,loglevel);\r
- }\r
- }\r
- }\r
- \r
- @Override\r
- public void load(InputStream is) throws IOException {\r
- props.load(is);\r
- load(props.getProperty(Config.CADI_PROP_FILES));\r
- }\r
-\r
- @Override\r
- public void log(Level level, Object ... elements) {\r
- if(willLog(level)) {\r
- StringBuilder sb = buildMsg(level, elements);\r
- out.println(sb);\r
- out.flush();\r
- }\r
- }\r
- \r
- protected StringBuilder buildMsg(Level level, Object[] elements) {\r
- StringBuilder sb = new StringBuilder(iso8601.format(new Date()));\r
- sb.append(' ');\r
- sb.append(level.name());\r
- sb.append(" [");\r
- sb.append(name);\r
- \r
- int end = elements.length;\r
- if(end<=0) {\r
- sb.append("] ");\r
- } else {\r
- int idx = 0;\r
- if(elements[idx] instanceof Integer) {\r
- sb.append('-');\r
- sb.append(elements[idx]);\r
- ++idx;\r
- }\r
- sb.append("] ");\r
- String s;\r
- boolean first = true;\r
- for(Object o : elements) {\r
- if(o!=null) {\r
- s=o.toString();\r
- if(first) {\r
- first = false;\r
- } else {\r
- int l = s.length();\r
- if(l>0) {\r
- switch(s.charAt(l-1)) {\r
- case ' ':\r
- break;\r
- default:\r
- sb.append(' ');\r
- }\r
- }\r
- }\r
- sb.append(s);\r
- }\r
- }\r
- }\r
- return sb;\r
- }\r
-\r
- @Override\r
- public void log(Exception e, Object... elements) {\r
- log(Level.ERROR,e.getMessage(),elements);\r
- e.printStackTrace(System.err);\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object... elements) {\r
- if(willLog(level)) {\r
- log(level,String.format(fmt, elements));\r
- }\r
- }\r
-\r
- @Override\r
- public void setLogLevel(Level level) {\r
- this.level = level.maskOf();\r
- }\r
-\r
- @Override\r
- public boolean willLog(Level level) {\r
- return level.inMask(this.level);\r
- }\r
-\r
- @Override\r
- public ClassLoader classLoader() {\r
- return ClassLoader.getSystemClassLoader();\r
- }\r
-\r
- @Override\r
- public String getProperty(String tag, String def) {\r
- return props.getProperty(tag,def);\r
- }\r
-\r
- @Override\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return (encrypted!=null && (anytext==true || encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- }\r
- \r
- public String encrypt(String unencrypted) throws IOException {\r
- return Symm.ENC+symm.enpass(unencrypted);\r
- }\r
-\r
- //////////////////\r
- // Additional\r
- //////////////////\r
- public String getProperty(String tag) {\r
- return props.getProperty(tag);\r
- }\r
- \r
-\r
- public Properties getProperties() {\r
- return props;\r
- }\r
-\r
- public void setProperty(String tag, String value) {\r
- if(value!=null) {\r
- props.put(tag, value);\r
- if(Config.CADI_KEYFILE.equals(tag)) {\r
- // reset decryption too\r
- symm = Symm.obtain(this);\r
- }\r
- }\r
- }\r
-\r
- public Properties getDME2Properties() {\r
- return Config.getDME2Props(this);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-public interface Revalidator<TRANS> {\r
- /**\r
- * Re-Validate Credential\r
- * \r
- * @param prin\r
- * @return\r
- */\r
- public CachedPrincipal.Resp revalidate(TRANS trans, CachedPrincipal prin);\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.util.Properties;\r
-\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
-\r
-public class SLF4JAccess extends PropAccess {\r
- private static final Logger slf4j = LoggerFactory.getLogger("AAF");\r
- \r
- public SLF4JAccess(final Properties initial) throws CadiException {\r
- super(initial);\r
- }\r
-\r
- public void log(Level level, Object... elements) {\r
- switch(level) {\r
- case AUDIT:\r
- slf4j.info(msg(elements).toString());\r
- break;\r
- case DEBUG:\r
- slf4j.debug(msg(elements).toString());\r
- break;\r
- case ERROR:\r
- slf4j.error(msg(elements).toString());\r
- break;\r
- case INFO:\r
- slf4j.info(msg(elements).toString());\r
- break;\r
- case INIT:\r
- slf4j.info(msg(elements).toString());\r
- break;\r
- case WARN:\r
- slf4j.warn(msg(elements).toString());\r
- break;\r
- default:\r
- slf4j.info(msg(elements).toString());\r
- break;\r
- }\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Access#willLog(com.att.cadi.Access.Level)\r
- */\r
- @Override\r
- public boolean willLog(Level level) {\r
- switch(level) {\r
- case DEBUG:\r
- return slf4j.isDebugEnabled();\r
- case ERROR:\r
- return slf4j.isErrorEnabled();\r
- case WARN:\r
- return slf4j.isWarnEnabled();\r
-// case INFO:\r
-// case INIT:\r
-// case AUDIT:\r
- default:\r
- return slf4j.isInfoEnabled();\r
- }\r
- }\r
-\r
- private StringBuilder msg(Object ... elements) {\r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(Object o : elements) {\r
- if(first) first = false;\r
- else {\r
- sb.append(' ');\r
- }\r
- sb.append(o.toString());\r
- }\r
- return sb;\r
- }\r
-\r
- public void log(Exception e, Object... elements) {\r
- slf4j.error(msg(elements).toString(),e);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-/**\r
- * Apply any particular security mechanism\r
- * \r
- * This allows the definition of various mechanisms involved outside of DRcli jars \r
- * \r
- *\r
- */\r
-public interface SecuritySetter<CT> {\r
- public String getID();\r
- \r
- public void setSecurity(CT client) throws CadiException;\r
- \r
- /**\r
- * Returns number of bad logins registered\r
- * @param respCode\r
- * @return\r
- */\r
- public int setLastResponse(int respCode);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-import java.util.Enumeration;\r
-import javax.servlet.FilterConfig;\r
-import javax.servlet.ServletContext;\r
-\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-public class ServletContextAccess extends PropAccess {\r
-\r
- private ServletContext context;\r
-\r
- public ServletContextAccess(FilterConfig filterConfig) {\r
- super(filterConfig); // protected contstructor... does not have "init" called.\r
- context = filterConfig.getServletContext();\r
-\r
- for(Enumeration<?> en = filterConfig.getInitParameterNames();en.hasMoreElements();) {\r
- String name = (String)en.nextElement();\r
- setProperty(name, filterConfig.getInitParameter(name));\r
- }\r
- init(getProperties());\r
- Config.getDME2Props(this);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.PropAccess#log(com.att.cadi.Access.Level, java.lang.Object[])\r
- */\r
- @Override\r
- public void log(Level level, Object... elements) {\r
- if(willLog(level)) {\r
- StringBuilder sb = buildMsg(level, elements);\r
- context.log(sb.toString());\r
- }\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.PropAccess#log(java.lang.Exception, java.lang.Object[])\r
- */\r
- @Override\r
- public void log(Exception e, Object... elements) {\r
- StringBuilder sb = buildMsg(Level.ERROR, elements);\r
- context.log(sb.toString(),e);\r
- }\r
-\r
- public ServletContext context() {\r
- return context;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.util.List;\r
-\r
-\r
-\r
-/**\r
- * StrLUR: Implements fish with String, skipping the need to be a Principal where it doesn't make sense.\r
- *\r
- *\r
- */\r
-public interface StrLur extends Lur {\r
- /** \r
- * Fish for Principals in a Pond\r
- * \r
- * or more boringly, is the User identified within a named collection representing permission.\r
- * \r
- * @param principalName\r
- * @return\r
- */\r
- public boolean fish(String bait, Permission pond);\r
-\r
- /** \r
- * Fish all the Principals out a Pond\r
- * \r
- * For additional humor, pronounce the following with a Southern Drawl, "FishOil"\r
- * \r
- * or more boringly, load the List with Permissions found for Principal\r
- * \r
- * @param principalName\r
- * @return\r
- */\r
- public void fishAll(String bait, List<Permission> permissions);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.DataInputStream;\r
-import java.io.DataOutputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.OutputStream;\r
-import java.security.SecureRandom;\r
-import java.util.ArrayList;\r
-import java.util.Random;\r
-\r
-import javax.crypto.CipherInputStream;\r
-import javax.crypto.CipherOutputStream;\r
-\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-/**\r
- * Key Conversion, primarily "Base64"\r
- * \r
- * Base64 is required for "Basic Authorization", which is an important part of the overall CADI Package.\r
- * \r
- * Note: This author found that there is not a "standard" library for Base64 conversion within Java. \r
- * The source code implementations available elsewhere were surprisingly inefficient, requiring, for \r
- * instance, multiple string creation, on a transaction pass. Integrating other packages that might be\r
- * efficient enough would put undue Jar File Dependencies given this Framework should have none-but-Java \r
- * dependencies.\r
- * \r
- * The essential algorithm is good for a symmetrical key system, as Base64 is really just\r
- * a symmetrical key that everyone knows the values. \r
- * \r
- * This code is quite fast, taking about .016 ms for encrypting, decrypting and even .08 for key \r
- * generation. The speed quality, especially of key generation makes this a candidate for a short term token \r
- * used for identity.\r
- * \r
- * It may be used to easily avoid placing Clear-Text passwords in configurations, etc. and contains \r
- * supporting functions such as 2048 keyfile generation (see keygen). This keyfile should, of course, \r
- * be set to "400" (Unix) and protected as any other mechanism requires. \r
- * \r
- * However, this algorithm has not been tested against hackers. Until such a time, utilize more tested\r
- * packages to protect Data, especially sensitive data at rest (long term). \r
- *\r
- */\r
-public class Symm {\r
- private static final byte[] DOUBLE_EQ = new byte[] {'=','='}; \r
- public static final String ENC = "enc:";\r
- private static final SecureRandom random = new SecureRandom();\r
- \r
- public final char[] codeset;\r
- private final int splitLinesAt;\r
- private final String encoding;\r
- private final Convert convert;\r
- private final boolean endEquals;\r
- //Note: AES Encryption is not Thread Safe. It is Synchronized\r
- private static AES aes = null; // only initialized from File, and only if needed for Passwords\r
- \r
- /**\r
- * This is the standard base64 Key Set.\r
- * RFC 2045\r
- */\r
- public static final Symm base64 = new Symm(\r
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray()\r
- ,76, Config.UTF_8,true);\r
-\r
- public static final Symm base64noSplit = new Symm(\r
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray()\r
- ,Integer.MAX_VALUE, Config.UTF_8,true);\r
-\r
- /**\r
- * This is the standard base64 set suitable for URLs and Filenames\r
- * RFC 4648\r
- */\r
- public static final Symm base64url = new Symm(\r
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_".toCharArray()\r
- ,76, Config.UTF_8,true);\r
-\r
- /**\r
- * A Password set, using US-ASCII\r
- * RFC 4648\r
- */\r
- public static final Symm encrypt = new Symm(base64url.codeset,1024, "US-ASCII", false);\r
-\r
- /**\r
- * A typical set of Password Chars\r
- * Note, this is too large to fit into the algorithm. Only use with PassGen\r
- */\r
- private static char passChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+!@#$%^&*(){}[]?:;,.".toCharArray();\r
- \r
-\r
-\r
- /**\r
- * Use this to create special case Case Sets and/or Line breaks\r
- * \r
- * If you don't know why you need this, use the Singleton Method\r
- * \r
- * @param codeset\r
- * @param split\r
- */\r
- public Symm(char[] codeset, int split, String charset, boolean useEndEquals) {\r
- this.codeset = codeset;\r
- splitLinesAt = split;\r
- encoding = charset;\r
- endEquals = useEndEquals;\r
- char prev = 0, curr=0, first = 0;\r
- int offset=Integer.SIZE; // something that's out of range for integer array\r
- \r
- // There can be time efficiencies gained when the underlying keyset consists mainly of ordered \r
- // data (i.e. abcde...). Therefore, we'll quickly analyze the keyset. If it proves to have\r
- // too much entropy, the "Unordered" algorithm, which is faster in such cases is used.\r
- ArrayList<int[]> la = new ArrayList<int[]>();\r
- for(int i=0;i<codeset.length;++i) {\r
- curr = codeset[i];\r
- if(prev+1==curr) { // is next character in set\r
- prev = curr;\r
- } else {\r
- if(offset!=Integer.SIZE) { // add previous range \r
- la.add(new int[]{first,prev,offset});\r
- }\r
- first = prev = curr;\r
- offset = curr-i;\r
- }\r
- }\r
- la.add(new int[]{first,curr,offset});\r
- if(la.size()>codeset.length/3) {\r
- convert = new Unordered(codeset);\r
- } else { // too random to get speed enhancement from range algorithm\r
- int[][] range = new int[la.size()][];\r
- la.toArray(range);\r
- convert = new Ordered(range);\r
- }\r
- }\r
- \r
- public Symm copy(int lines) {\r
- return new Symm(codeset,lines,encoding,endEquals);\r
- }\r
- \r
- // Only used by keygen, which is intentionally randomized. Therefore, always use unordered\r
- private Symm(char[] codeset, Symm parent) {\r
- this.codeset = codeset;\r
- splitLinesAt = parent.splitLinesAt;\r
- endEquals = parent.endEquals;\r
- encoding = parent.encoding;\r
- convert = new Unordered(codeset);\r
- }\r
-\r
- /**\r
- * Obtain the base64() behavior of this class, for use in standard BASIC AUTH mechanism, etc.\r
- * @return\r
- */\r
- @Deprecated\r
- public static final Symm base64() {\r
- return base64;\r
- }\r
-\r
- /**\r
- * Obtain the base64() behavior of this class, for use in standard BASIC AUTH mechanism, etc. \r
- * No Line Splitting\r
- * @return\r
- */\r
- @Deprecated\r
- public static final Symm base64noSplit() {\r
- return base64noSplit;\r
- }\r
-\r
- /**\r
- * Obtain the base64 "URL" behavior of this class, for use in File Names, etc. (no "/")\r
- */\r
- @Deprecated\r
- public static final Symm base64url() {\r
- return base64url;\r
- }\r
-\r
- /**\r
- * Obtain a special ASCII version for Scripting, with base set of base64url use in File Names, etc. (no "/")\r
- */\r
- public static final Symm baseCrypt() {\r
- return encrypt;\r
- }\r
-\r
- /*\r
- * Note: AES Encryption is NOT thread-safe. Must surround entire use with synchronized\r
- */\r
- private synchronized void exec(AESExec exec) throws IOException {\r
- if(aes == null) {\r
- try {\r
- byte[] bytes = new byte[AES.AES_KEY_SIZE/8];\r
- int offset = (Math.abs(codeset[0])+47)%(codeset.length-bytes.length);\r
- for(int i=0;i<bytes.length;++i) {\r
- bytes[i] = (byte)codeset[i+offset];\r
- }\r
- aes = new AES(bytes,0,bytes.length);\r
- } catch (Exception e) {\r
- throw new IOException(e);\r
- }\r
- }\r
- exec.exec(aes);\r
- }\r
- \r
- private static interface AESExec {\r
- public void exec(AES aes) throws IOException;\r
- }\r
- \r
- public byte[] encode(byte[] toEncrypt) throws IOException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(toEncrypt.length*1.25));\r
- encode(new ByteArrayInputStream(toEncrypt),baos);\r
- return baos.toByteArray();\r
- }\r
-\r
- public byte[] decode(byte[] encrypted) throws IOException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(encrypted.length*1.25));\r
- decode(new ByteArrayInputStream(encrypted),baos);\r
- return baos.toByteArray();\r
- }\r
-\r
- /**\r
- * Helper function for String API of "Encode"\r
- * use "getBytes" with appropriate char encoding, etc.\r
- * \r
- * @param str\r
- * @return\r
- * @throws IOException\r
- */\r
- public String encode(String str) throws IOException {\r
- byte[] array;\r
- try { \r
- array = str.getBytes(encoding);\r
- } catch (IOException e) {\r
- array = str.getBytes(); // take default\r
- }\r
- // Calculate expected size to avoid any buffer expansion copies within the ByteArrayOutput code\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(array.length*1.363)); // account for 4 bytes for 3 and a byte or two more\r
- \r
- encode(new ByteArrayInputStream(array),baos);\r
- return baos.toString(encoding);\r
- }\r
- \r
- /**\r
- * Helper function for the String API of "Decode"\r
- * use "getBytes" with appropriate char encoding, etc.\r
- * @param str\r
- * @return\r
- * @throws IOException\r
- */\r
- public String decode(String str) throws IOException {\r
- byte[] array;\r
- try { \r
- array = str.getBytes(encoding);\r
- } catch (IOException e) {\r
- array = str.getBytes(); // take default\r
- }\r
- // Calculate expected size to avoid any buffer expansion copies within the ByteArrayOutput code\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(array.length*.76)); // Decoding is 3 bytes for 4. Allocate slightly more than 3/4s\r
- decode(new ByteArrayInputStream(array), baos);\r
- return baos.toString(encoding);\r
- }\r
-\r
- /**\r
- * Convenience Function\r
- * \r
- * encode String into InputStream and call encode(InputStream, OutputStream)\r
- * \r
- * @param string\r
- * @param out\r
- * @throws IOException\r
- */\r
- public void encode(String string, OutputStream out) throws IOException {\r
- encode(new ByteArrayInputStream(string.getBytes()),out);\r
- }\r
-\r
- /**\r
- * Convenience Function\r
- * \r
- * encode String into InputStream and call decode(InputStream, OutputStream)\r
- * \r
- * @param string\r
- * @param out\r
- * @throws IOException\r
- */\r
- public void decode(String string, OutputStream out) throws IOException {\r
- decode(new ByteArrayInputStream(string.getBytes()),out);\r
- }\r
-\r
- public void encode(InputStream is, OutputStream os, byte[] prefix) throws IOException {\r
- os.write(prefix);\r
- encode(is,os);\r
- }\r
-\r
- /** \r
- * encode InputStream onto Output Stream\r
- * \r
- * @param is\r
- * @param estimate\r
- * @return\r
- * @throws IOException\r
- */\r
- public void encode(InputStream is, OutputStream os) throws IOException {\r
- // StringBuilder sb = new StringBuilder((int)(estimate*1.255)); // try to get the right size of StringBuilder from start.. slightly more than 1.25 times \r
- int prev=0;\r
- int read, idx=0, line=0;\r
- boolean go;\r
- do {\r
- read = is.read();\r
- if(go = read>=0) {\r
- if(line>=splitLinesAt) {\r
- os.write('\n');\r
- line = 0;\r
- }\r
- switch(++idx) { // 1 based reading, slightly faster ++\r
- case 1: // ptr is the first 6 bits of read\r
- os.write(codeset[read>>2]);\r
- prev = read;\r
- break;\r
- case 2: // ptr is the last 2 bits of prev followed by the first 4 bits of read\r
- os.write(codeset[((prev & 0x03)<<4) | (read>>4)]);\r
- prev = read;\r
- break;\r
- default: //(3+) \r
- // Char 1 is last 4 bits of prev plus the first 2 bits of read\r
- // Char 2 is the last 6 bits of read\r
- os.write(codeset[(((prev & 0xF)<<2) | (read>>6))]);\r
- if(line==splitLinesAt) { // deal with line splitting for two characters\r
- os.write('\n');\r
- line=0;\r
- }\r
- os.write(codeset[(read & 0x3F)]);\r
- ++line;\r
- idx = 0;\r
- prev = 0;\r
- }\r
- ++line;\r
- } else { // deal with any remaining bits from Prev, then pad\r
- switch(idx) {\r
- case 1: // just the last 2 bits of prev\r
- os.write(codeset[(prev & 0x03)<<4]);\r
- if(endEquals)os.write(DOUBLE_EQ);\r
- break;\r
- case 2: // just the last 4 bits of prev\r
- os.write(codeset[(prev & 0xF)<<2]);\r
- if(endEquals)os.write('=');\r
- break;\r
- }\r
- idx = 0;\r
- }\r
- \r
- } while(go);\r
- }\r
-\r
- public void decode(InputStream is, OutputStream os, int skip) throws IOException {\r
- is.skip(skip);\r
- decode(is,os);\r
- }\r
-\r
- /**\r
- * Decode InputStream onto OutputStream\r
- * @param is\r
- * @param os\r
- * @throws IOException\r
- */\r
- public void decode(InputStream is, OutputStream os) throws IOException {\r
- int read, idx=0;\r
- int prev=0, index;\r
- while((read = is.read())>=0) {\r
- index = convert.convert(read);\r
- if(index>=0) {\r
- switch(++idx) { // 1 based cases, slightly faster ++\r
- case 1: // index goes into first 6 bits of prev\r
- prev = index<<2; \r
- break;\r
- case 2: // write second 2 bits of into prev, write byte, last 4 bits go into prev\r
- os.write((byte)(prev|(index>>4)));\r
- prev = index<<4;\r
- break;\r
- case 3: // first 4 bits of index goes into prev, write byte, last 2 bits go into prev\r
- os.write((byte)(prev|(index>>2)));\r
- prev = index<<6;\r
- break;\r
- default: // (3+) | prev and last six of index\r
- os.write((byte)(prev|(index&0x3F)));\r
- idx = prev = 0;\r
- }\r
- }\r
- };\r
- os.flush();\r
- }\r
- \r
- /**\r
- * Interface to allow this class to choose which algorithm to find index of character in Key\r
- *\r
- */\r
- private interface Convert {\r
- public int convert(int read) throws IOException;\r
- }\r
-\r
- /**\r
- * Ordered uses a range of orders to compare against, rather than requiring the investigation\r
- * of every character needed.\r
- *\r
- */\r
- private static final class Ordered implements Convert {\r
- private int[][] range;\r
- public Ordered(int[][] range) {\r
- this.range = range;\r
- }\r
- public int convert(int read) throws IOException {\r
- switch(read) {\r
- case -1: \r
- case '=':\r
- case '\n': \r
- return -1;\r
- }\r
- for(int i=0;i<range.length;++i) {\r
- if(read >= range[i][0] && read<=range[i][1]) {\r
- return read-range[i][2];\r
- }\r
- }\r
- throw new IOException("Unacceptable Character in Stream");\r
- }\r
- }\r
- \r
- /**\r
- * Unordered, i.e. the key is purposely randomized, simply has to investigate each character\r
- * until we find a match.\r
- *\r
- */\r
- private static final class Unordered implements Convert {\r
- private char[] codec;\r
- public Unordered(char[] codec) {\r
- this.codec = codec;\r
- }\r
- public int convert(int read) throws IOException {\r
- switch(read) {\r
- case -1: \r
- case '=':\r
- case '\n': \r
- return -1;\r
- }\r
- for(int i=0;i<codec.length;++i) {\r
- if(codec[i]==read)return i;\r
- }\r
- // don't give clue in Encryption mode\r
- throw new IOException("Unacceptable Character in Stream");\r
- }\r
- }\r
-\r
- /**\r
- * Generate a 2048 based Key from which we extract our code base\r
- * \r
- * @return\r
- * @throws IOException\r
- */\r
- public byte[] keygen() throws IOException {\r
- byte inkey[] = new byte[0x600];\r
- new SecureRandom().nextBytes(inkey);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream(0x800);\r
- base64url.encode(new ByteArrayInputStream(inkey), baos);\r
- return baos.toByteArray();\r
- }\r
- \r
- // A class allowing us to be less predictable about significant digits (i.e. not picking them up from the\r
- // beginning, and not picking them up in an ordered row. Gives a nice 2048 with no visible patterns.\r
- private class Obtain {\r
- private int last;\r
- private int skip;\r
- private int length;\r
- private byte[] key;\r
- \r
- private Obtain(Symm b64, byte[] key) {\r
- skip = Math.abs(key[key.length-13]%key.length);\r
- if((key.length&0x1) == (skip&0x1)) { // if both are odd or both are even\r
- ++skip;\r
- }\r
- length = b64.codeset.length;\r
- last = 17+length%59; // never start at beginning\r
- this.key = key;\r
- }\r
- \r
- private int next() {\r
- return Math.abs(key[(++last*skip)%key.length])%length;\r
- }\r
- };\r
- \r
- /**\r
- * Obtain a Symm from "keyfile" (Config.KEYFILE) property\r
- * \r
- * @param acesss\r
- * @return\r
- */\r
- public static Symm obtain(Access access) {\r
- Symm symm = Symm.baseCrypt();\r
-\r
- String keyfile = access.getProperty(Config.CADI_KEYFILE,null);\r
- if(keyfile!=null) {\r
- File file = new File(keyfile);\r
- try {\r
- access.log(Level.INIT, Config.CADI_KEYFILE,"points to",file.getCanonicalPath());\r
- } catch (IOException e1) {\r
- access.log(Level.INIT, Config.CADI_KEYFILE,"points to",file.getAbsolutePath());\r
- }\r
- if(file.exists()) {\r
- try {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- symm = Symm.obtain(fis);\r
- } finally {\r
- try {\r
- fis.close();\r
- } catch (IOException e) {\r
- }\r
- }\r
- } catch (IOException e) {\r
- access.log(e, "Cannot load keyfile");\r
- }\r
- }\r
- }\r
- return symm;\r
- }\r
- /**\r
- * Create a new random key \r
- */\r
- public Symm obtain() throws IOException {\r
- byte inkey[] = new byte[0x800];\r
- new SecureRandom().nextBytes(inkey);\r
- return obtain(inkey);\r
- }\r
- \r
- /**\r
- * Obtain a Symm from 2048 key from a String\r
- * \r
- * @param key\r
- * @return\r
- * @throws IOException\r
- */\r
- public static Symm obtain(String key) throws IOException {\r
- return obtain(new ByteArrayInputStream(key.getBytes()));\r
- }\r
- \r
- /**\r
- * Obtain a Symm from 2048 key from a Stream\r
- * \r
- * @param is\r
- * @return\r
- * @throws IOException\r
- */\r
- public static Symm obtain(InputStream is) throws IOException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- try {\r
- base64url.decode(is, baos);\r
- } catch (IOException e) {\r
- // don't give clue\r
- throw new IOException("Invalid Key");\r
- }\r
- byte[] bkey = baos.toByteArray();\r
- if(bkey.length<0x88) { // 2048 bit key\r
- throw new IOException("Invalid key");\r
- }\r
- return baseCrypt().obtain(bkey);\r
- }\r
-\r
- /**\r
- * Convenience for picking up Keyfile\r
- * \r
- * @param f\r
- * @return\r
- * @throws IOException\r
- */\r
- public static Symm obtain(File f) throws IOException {\r
- FileInputStream fis = new FileInputStream(f);\r
- try {\r
- return obtain(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- }\r
- /**\r
- * Decrypt into a String\r
- *\r
- * Convenience method\r
- * \r
- * @param password\r
- * @return\r
- * @throws IOException\r
- */\r
- public String enpass(String password) throws IOException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- enpass(password,baos);\r
- return new String(baos.toByteArray());\r
- }\r
-\r
- /**\r
- * Create an encrypted password, making sure that even short passwords have a minimum length.\r
- * \r
- * @param password\r
- * @param os\r
- * @throws IOException\r
- */\r
- public void enpass(final String password, final OutputStream os) throws IOException {\r
- final ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- DataOutputStream dos = new DataOutputStream(baos);\r
- byte[] bytes = password.getBytes();\r
- if(this.getClass().getSimpleName().startsWith("base64")) { // don't expose randomization\r
- dos.write(bytes);\r
- } else {\r
- \r
- Random r = new SecureRandom();\r
- int start = 0;\r
- byte b;\r
- for(int i=0;i<3;++i) {\r
- dos.writeByte(b=(byte)r.nextInt());\r
- start+=Math.abs(b);\r
- }\r
- start%=0x7;\r
- for(int i=0;i<start;++i) {\r
- dos.writeByte(r.nextInt());\r
- }\r
- dos.writeInt((int)System.currentTimeMillis());\r
- int minlength = Math.min(0x9,bytes.length);\r
- dos.writeByte(minlength); // expect truncation\r
- if(bytes.length<0x9) {\r
- for(int i=0;i<bytes.length;++i) {\r
- dos.writeByte(r.nextInt());\r
- dos.writeByte(bytes[i]);\r
- }\r
- // make sure it's long enough\r
- for(int i=bytes.length;i<0x9;++i) {\r
- dos.writeByte(r.nextInt());\r
- }\r
- } else {\r
- dos.write(bytes);\r
- }\r
- }\r
- \r
- // 7/21/2016 jg add AES Encryption to the mix\r
- exec(new AESExec() {\r
- @Override\r
- public void exec(AES aes) throws IOException {\r
- CipherInputStream cis = aes.inputStream(new ByteArrayInputStream(baos.toByteArray()), true);\r
- try {\r
- encode(cis,os);\r
- } finally {\r
- os.flush();\r
- cis.close();\r
- }\r
- }\r
- });\r
- synchronized(ENC) {\r
- }\r
- }\r
-\r
- /**\r
- * Decrypt a password into a String\r
- * \r
- * Convenience method\r
- * \r
- * @param password\r
- * @return\r
- * @throws IOException\r
- */\r
- public String depass(String password) throws IOException {\r
- if(password==null)return null;\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- depass(password,baos);\r
- return new String(baos.toByteArray());\r
- }\r
- \r
- /**\r
- * Decrypt a password\r
- * \r
- * Skip Symm.ENC\r
- * \r
- * @param password\r
- * @param os\r
- * @return\r
- * @throws IOException\r
- */\r
- public long depass(final String password, final OutputStream os) throws IOException {\r
- int offset = password.startsWith(ENC)?4:0;\r
- final ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- final ByteArrayInputStream bais = new ByteArrayInputStream(password.getBytes(),offset,password.length()-offset);\r
- exec(new AESExec() {\r
- @Override\r
- public void exec(AES aes) throws IOException {\r
- CipherOutputStream cos = aes.outputStream(baos, false);\r
- decode(bais,cos);\r
- cos.close(); // flush\r
- }\r
- });\r
- byte[] bytes = baos.toByteArray();\r
- DataInputStream dis = new DataInputStream(new ByteArrayInputStream(bytes));\r
- long time;\r
- if(this.getClass().getSimpleName().startsWith("base64")) { // don't expose randomization\r
- os.write(bytes);\r
- time = 0L;\r
- } else {\r
- int start=0;\r
- for(int i=0;i<3;++i) {\r
- start+=Math.abs(dis.readByte());\r
- }\r
- start%=0x7;\r
- for(int i=0;i<start;++i) {\r
- dis.readByte();\r
- }\r
- time = (dis.readInt() & 0xFFFF)|(System.currentTimeMillis()&0xFFFF0000);\r
- int minlength = dis.readByte();\r
- if(minlength<0x9){\r
- DataOutputStream dos = new DataOutputStream(os);\r
- for(int i=0;i<minlength;++i) {\r
- dis.readByte();\r
- dos.writeByte(dis.readByte());\r
- }\r
- } else {\r
- int pre =((Byte.SIZE*3+Integer.SIZE+Byte.SIZE)/Byte.SIZE)+start; \r
- os.write(bytes, pre, bytes.length-pre);\r
- }\r
- }\r
- return time;\r
- }\r
-\r
- public static String randomGen(int numBytes) {\r
- return randomGen(passChars,numBytes); \r
- }\r
- \r
- public static String randomGen(char[] chars ,int numBytes) {\r
- int rint;\r
- StringBuilder sb = new StringBuilder(numBytes);\r
- for(int i=0;i<numBytes;++i) {\r
- rint = random.nextInt(chars.length);\r
- sb.append(chars[rint]);\r
- }\r
- return sb.toString();\r
- }\r
- // Internal mechanism for helping to randomize placement of characters within a Symm codeset\r
- // Based on an incoming data stream (originally created randomly, but can be recreated within \r
- // 2048 key), go after a particular place in the new codeset. If that codeset spot is used, then move\r
- // right or left (depending on iteration) to find the next available slot. In this way, key generation \r
- // is speeded up by only enacting N iterations, but adds a spreading effect of the random number stream, so that keyset is also\r
- // shuffled for a good spread. It is, however, repeatable, given the same number set, allowing for \r
- // quick recreation when the official stream is actually obtained.\r
- public Symm obtain(byte[] key) throws IOException {\r
- try {\r
- byte[] bytes = new byte[AES.AES_KEY_SIZE/8];\r
- int offset = (Math.abs(key[(47%key.length)])+137)%(key.length-bytes.length);\r
- for(int i=0;i<bytes.length;++i) {\r
- bytes[i] = key[i+offset];\r
- }\r
-\r
- aes = new AES(bytes,0,bytes.length);\r
- } catch (Exception e) {\r
- throw new IOException(e);\r
- }\r
- int filled = codeset.length;\r
- char[] seq = new char[filled];\r
- int end = filled--;\r
- \r
- boolean right = true;\r
- int index;\r
- Obtain o = new Obtain(this,key);\r
- \r
- while(filled>=0) {\r
- index = o.next();\r
- if(index<0 || index>=codeset.length) {\r
- System.out.println("uh, oh");\r
- }\r
- if(right) { // alternate going left or right to find the next open slot (keeps it from taking too long to hit something) \r
- for(int j=index;j<end;++j) {\r
- if(seq[j]==0) {\r
- seq[j]=codeset[filled];\r
- --filled;\r
- break;\r
- }\r
- }\r
- right = false;\r
- } else {\r
- for(int j=index;j>=0;--j) {\r
- if(seq[j]==0) {\r
- seq[j]=codeset[filled];\r
- --filled;\r
- break;\r
- }\r
- }\r
- right = true;\r
- }\r
- }\r
- return new Symm(seq,this);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-\r
-/**\r
- * TAF - Transmutative Assertion Framework. \r
- * \r
- * This main Interface embodies the essential of the assertion, where a number of different TAFs might be used to authenticate\r
- * and that authentication to be recognized through other elements.\r
- * \r
- * Concept by Robert Garskof. Implemented by Jonathan Gathman\r
- * \r
- *\r
- */\r
-public interface Taf {\r
- enum LifeForm {CBLF, SBLF, LFN};\r
- /**\r
- * The lifeForm param is a humorous way of describing whether the interaction is proceeding from direct Human Interaction via a browser \r
- * or App which can directly query a memorized password, key sequence, bio-feedback, from that user, or a machine mechanism for which identity\r
- * can more easily be determined by Certificate, Mechanical ID/Password etc. Popularized in modern culture and Science Fiction (especially \r
- * Star Trek), we (starting with Robert Garskof) use the terms "Carbon Based Life Form" (CBLF) for mechanisms with people at the end of them, or \r
- * "Silicon Based Life Forms" (SBLF) to indicate machine only interactions. I have added "LFN" for (Life-Form Neutral) to aid identifying\r
- * processes for which it doesn't matter whether there is a human at the immediate end of the chain, or cannot be determined mechanically. \r
- * \r
- * The variable parameter is not necessarily ideal, but with too many unknown Tafs to be created, flexibility,\r
- * is unfortunately required at this point. Future versions could lock this down more. JG 10/18/2012\r
- * \r
- * @param lifeForm\r
- * @param info\r
- * @return\r
- */\r
- public TafResp validate(LifeForm reading, String ... info);\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.security.Principal;\r
-\r
-/**\r
- * The unique element of TAF is that we establish the relationship/mechanism to mutate the Principal derived from\r
- * one Authentication mechanism into a trustable Principal of another. The mechanism needs to be decided by system\r
- * trusting. \r
- * \r
- * The Generic "T" is used so that the code used will be very specific for the implementation, enforced by Compiler\r
- * \r
- * This interface will allow differences of trusting Transmutation of Authentication \r
- *\r
- */\r
-public interface Transmutate<T> {\r
- /**\r
- * Mutate the (assumed validated) Principal into the expected Principal name to be used to construct\r
- * \r
- * @param p\r
- * @return\r
- */\r
- public T mutate(Principal p);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-/**\r
- * Change to another Principal based on Trust of caller and User Chain (if desired)\r
- * \r
- *\r
- */\r
-public interface TrustChecker {\r
- public TafResp mayTrust(TafResp tresp, HttpServletRequest req);\r
- \r
- /**\r
- * A class that trusts no-one else, so just return same TResp\r
- */\r
- public static TrustChecker NOTRUST = new TrustChecker() {\r
- @Override\r
- public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {\r
- return tresp;\r
- }\r
-\r
- @Override\r
- public void setLur(Lur lur) {\r
- }\r
- };\r
-\r
- public void setLur(Lur lur);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.security.Principal;\r
-import java.util.HashMap;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.concurrent.ConcurrentHashMap;\r
-\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-/**\r
- * Class to hold info from the User Perspective.\r
- * \r
- *\r
- */\r
-public final class User<PERM extends Permission> {\r
- private static Map<String,Permission> NULL_MAP = new HashMap<String,Permission>();\r
- public Principal principal;\r
- Map<String, Permission> perms ;\r
- long permExpires;\r
- private final long interval;\r
- int count;\r
- \r
- // Note: This should only be used for Local RBAC (in memory)\r
- public User(Principal principal) {\r
- this.principal = principal;\r
- perms = NULL_MAP;\r
- permExpires = Long.MAX_VALUE; // Never. Well, until 64 bits of millis since 1970 expires...\r
- interval = 0L;\r
- count = 0;\r
- }\r
-\r
- public User(Principal principal, long expireInterval) {\r
- this.principal = principal;\r
- perms = NULL_MAP;\r
- expireInterval = Math.max(expireInterval, 0); // avoid < 1\r
- interval = Math.max(AbsUserCache.MIN_INTERVAL,Math.min(expireInterval,AbsUserCache.MAX_INTERVAL));\r
- permExpires = 0;\r
- count = 0;\r
- }\r
- \r
- public void renewPerm() {\r
- permExpires = System.currentTimeMillis()+interval;\r
- }\r
- \r
- public long permExpires() {\r
- return permExpires;\r
- }\r
- \r
- public boolean permExpired() {\r
- return System.currentTimeMillis() > permExpires;\r
- }\r
-\r
- public boolean noPerms() {\r
- return perms==null || perms.values().size()==0; \r
- }\r
- \r
- public void setNoPerms() {\r
- perms=NULL_MAP;\r
- permExpires = System.currentTimeMillis() + interval;\r
- }\r
-\r
- public boolean permsUnloaded() {\r
- return perms==null;\r
- }\r
-\r
- public synchronized void incCount() {\r
- ++count;\r
- }\r
- \r
- public synchronized void resetCount() {\r
- count=0;\r
- }\r
- \r
- public Map<String,Permission> newMap() {\r
- return new ConcurrentHashMap<String,Permission>();\r
- }\r
-\r
- public void add(LocalPermission permission) {\r
- if(perms==NULL_MAP)perms=newMap();\r
- perms.put(permission.getKey(),permission);\r
- }\r
-\r
- public void add(Map<String, Permission> newMap, PERM permission) {\r
- newMap.put(permission.getKey(),permission);\r
- }\r
-\r
- public void setMap(Map<String, Permission> newMap) {\r
- perms = newMap;\r
- }\r
-\r
- public boolean contains(Permission perm) {\r
- for (Permission p : perms.values()) {\r
- if (p.match(perm)) return true;\r
- }\r
- return false;\r
- }\r
- \r
- public void copyPermsTo(List<Permission> sink) {\r
- sink.addAll(perms.values());\r
- }\r
- \r
- public String toString() {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append(principal.getName());\r
- sb.append('|');\r
- boolean first = true;\r
- synchronized(perms) {\r
- for(Permission gp : perms.values()) {\r
- if(first) {\r
- first = false;\r
- sb.append(':');\r
- } else {\r
- sb.append(',');\r
- }\r
- sb.append(gp.getKey());\r
- }\r
- }\r
- return sb.toString();\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-/**\r
- * Interface to add a User Chain String to Principal\r
- * \r
- * \r
- * \r
- * Where\r
- * APP is name suitable for Logging (i.e. official App Acronym) \r
- * ID is official User or MechID, best if includes Identity Source (i.e. ab1234@csp.att.com)\r
- * Protocol is the Security protocol,\r
- * \r
- * Format:<ID>:<APP>:<protocol>[:AS][,<ID>:<APP>:<protocol>]*\r
- * \r
- * \r
- *\r
- */\r
-public interface UserChain {\r
- public enum Protocol {BasicAuth,Cookie,Cert,OAuth};\r
- public String userChain();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-import java.io.IOException;\r
-import java.lang.reflect.Constructor;\r
-import java.lang.reflect.Field;\r
-import java.lang.reflect.Method;\r
-import java.net.InetAddress;\r
-import java.net.URI;\r
-import java.net.UnknownHostException;\r
-import java.security.NoSuchAlgorithmException;\r
-import java.security.cert.CertificateException;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.util.Map.Entry;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachingLur;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CredVal;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.TrustChecker;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.lur.LocalLur;\r
-import org.onap.aaf.cadi.lur.NullLur;\r
-import org.onap.aaf.cadi.taf.HttpEpiTaf;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;\r
-import org.onap.aaf.cadi.taf.cert.X509Taf;\r
-import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;\r
-\r
-import java.util.Properties;\r
-import java.util.TimerTask;\r
-\r
-/**\r
- * Create a Consistent Configuration mechanism, even when configuration styles are as vastly different as\r
- * Properties vs JavaBeans vs FilterConfigs...\r
- * \r
- *\r
- */\r
-public class Config {\r
-\r
- private static final String HIDE_PASS = "***************";\r
-\r
- public static final String UTF_8 = "UTF-8";\r
-\r
- // Property Names associated with configurations.\r
- // As of 1.0.2, these have had the dots removed so as to be compatible with JavaBean style\r
- // configurations as well as property list style.\r
- public static final String HOSTNAME = "hostname";\r
- public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)\r
- public static final String CADI_LOGLEVEL = "cadi_loglevel";\r
- public static final String CADI_LOGNAME = "cadi_logname";\r
- public static final String CADI_KEYFILE = "cadi_keyfile";\r
- public static final String CADI_KEYSTORE = "cadi_keystore";\r
- public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password";\r
- public static final String CADI_ALIAS = "cadi_alias";\r
- public static final String CADI_LOGINPAGE_URL = "cadi_loginpage_url";\r
-\r
- public static final String CADI_KEY_PASSWORD = "cadi_key_password";\r
- public static final String CADI_TRUSTSTORE = "cadi_truststore";\r
- public static final String CADI_TRUSTSTORE_PASSWORD = "cadi_truststore_password";\r
- public static final String CADI_X509_ISSUERS = "cadi_x509_issuers";\r
- public static final String CADI_TRUST_MASKS="cadi_trust_masks";\r
- public static final String CADI_TRUST_PERM="cadi_trust_perm"; // IDs with this perm can utilize the "AS " user concept\r
- public static final String CADI_PROTOCOLS = "cadi_protocols";\r
- public static final String CADI_NOAUTHN = "cadi_noauthn";\r
- public static final String CADI_LOC_LIST = "cadi_loc_list";\r
- \r
- public static final String CADI_USER_CHAIN_TAG = "cadi_user_chain";\r
- public static final String CADI_USER_CHAIN = "USER_CHAIN";\r
-\r
- \r
- \r
- public static final String CSP_DOMAIN = "csp_domain";\r
- public static final String CSP_HOSTNAME = "csp_hostname";\r
- public static final String CSP_DEVL_LOCALHOST = "csp_devl_localhost";\r
- public static final String CSP_USER_HEADER = "CSP_USER";\r
- public static final String CSP_SYSTEMS_CONF = "CSPSystems.conf";\r
- public static final String CSP_SYSTEMS_CONF_FILE = "csp_systems_conf_file";\r
-\r
-\r
- public static final String TGUARD_ENV="tguard_env";\r
- public static final String TGUARD_DOMAIN = "tguard_domain";\r
- public static final String TGUARD_TIMEOUT = "tguard_timeout";\r
- public static final String TGUARD_TIMEOUT_DEF = "5000";\r
- public static final String TGUARD_CERTS = "tguard_certs"; // comma delimited SHA-256 finger prints\r
-// public static final String TGUARD_DEVL_LOCALHOST = "tguard_devl_localhost";\r
-// public static final String TGUARD_USER_HEADER = "TGUARD_USER";\r
-\r
- public static final String LOCALHOST_ALLOW = "localhost_allow";\r
- public static final String LOCALHOST_DENY = "localhost_deny";\r
- \r
- public static final String BASIC_REALM = "basic_realm"; // what is sent to the client \r
- public static final String BASIC_WARN = "basic_warn"; // Warning of insecure channel \r
- public static final String USERS = "local_users";\r
- public static final String GROUPS = "local_groups";\r
- public static final String WRITE_TO = "local_writeto"; // dump RBAC to local file in Tomcat Style (some apps use)\r
- \r
- public static final String AAF_ENV = "aaf_env";\r
- public static final String AAF_ROOT_NS = "aaf_root_ns";\r
- public static final String AAF_ROOT_COMPANY = "aaf_root_company";\r
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration\r
- public static final String AAF_MECHID = "aaf_id";\r
- public static final String AAF_MECHPASS = "aaf_password";\r
- public static final String AAF_LUR_CLASS = "aaf_lur_class";\r
- public static final String AAF_TAF_CLASS = "aaf_taf_class";\r
- public static final String AAF_CONNECTOR_CLASS = "aaf_connector_class";\r
- public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";\r
- public static final String AAF_CONN_TIMEOUT = "aaf_conn_timeout";\r
- public static final String AAF_CONN_TIMEOUT_DEF = "3000";\r
- public static final String AAF_READ_TIMEOUT = "aaf_timeout";\r
- public static final String AAF_READ_TIMEOUT_DEF = "5000";\r
- public static final String AAF_USER_EXPIRES = "aaf_user_expires";\r
- public static final String AAF_USER_EXPIRES_DEF = "600000"; // Default is 10 mins\r
- public static final String AAF_CLEAN_INTERVAL = "aaf_clean_interval";\r
- public static final String AAF_CLEAN_INTERVAL_DEF = "30000"; // Default is 30 seconds\r
- public static final String AAF_REFRESH_TRIGGER_COUNT = "aaf_refresh_trigger_count";\r
- public static final String AAF_REFRESH_TRIGGER_COUNT_DEF = "3"; // Default is 10 mins\r
- \r
- public static final String AAF_HIGH_COUNT = "aaf_high_count";\r
- public static final String AAF_HIGH_COUNT_DEF = "1000"; // Default is 1000 entries\r
- public static final String AAF_PERM_MAP = "aaf_perm_map";\r
- public static final String AAF_DEPLOYED_VERSION = "DEPLOYED_VERSION";\r
- public static final String AAF_CERT_IDS = "aaf_cert_ids";\r
- public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited\r
- \r
- public static final String GW_URL = "gw_url";\r
- public static final String CM_URL = "cm_url";\r
- public static final String CM_TRUSTED_CAS = "cm_trusted_cas";\r
-\r
- public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";\r
- public static final String PATHFILTER_STACK = "pathfilter_stack";\r
- public static final String PATHFILTER_NS = "pathfilter_ns";\r
- public static final String PATHFILTER_NOT_AUTHORIZED_MSG = "pathfilter_not_authorized_msg";\r
-\r
- public static final String AFT_DME2_TRUSTSTORE_PASSWORD = "AFT_DME2_TRUSTSTORE_PASSWORD";\r
- public static final String AFT_DME2_TRUSTSTORE = "AFT_DME2_TRUSTSTORE";\r
- public static final String AFT_DME2_KEYSTORE_PASSWORD = "AFT_DME2_KEYSTORE_PASSWORD";\r
- public static final String AFT_DME2_KEY_PASSWORD = "AFT_DME2_KEY_PASSWORD";\r
- public static final String AFT_DME2_KEYSTORE = "AFT_DME2_KEYSTORE";\r
- public static final String AFT_DME2_SSL_TRUST_ALL = "AFT_DME2_SSL_TRUST_ALL";\r
- public static final String AFT_DME2_SSL_INCLUDE_PROTOCOLS = "AFT_DME2_SSL_INCLUDE_PROTOCOLS";\r
-\r
-\r
- // DME2 Client. First property must be set to "false", and the others set in order to use SSL Client\r
- public static final String AFT_DME2_CLIENT_IGNORE_SSL_CONFIG="AFT_DME2_CLIENT_IGNORE_SSL_CONFIG";\r
- public static final String AFT_DME2_CLIENT_KEYSTORE = "AFT_DME2_CLIENT_KEYSTORE";\r
- public static final String AFT_DME2_CLIENT_KEYSTORE_PASSWORD = "AFT_DME2_CLIENT_KEYSTORE_PASSWORD";\r
- public static final String AFT_DME2_CLIENT_TRUSTSTORE = "AFT_DME2_CLIENT_TRUSTSTORE";\r
- public static final String AFT_DME2_CLIENT_TRUSTSTORE_PASSWORD = "AFT_DME2_CLIENT_TRUSTSTORE_PASSWORD";\r
- public static final String AFT_DME2_CLIENT_SSL_CERT_ALIAS = "AFT_DME2_CLIENT_SSL_CERT_ALIAS"; \r
- public static final String AFT_DME2_CLIENT_SSL_INCLUDE_PROTOCOLS = "AFT_DME2_CLIENT_SSL_INCLUDE_PROTOCOLS";\r
-\r
- \r
- // This one should go unpublic\r
- public static final String AAF_DEFAULT_REALM = "aaf_default_realm";\r
- private static String defaultRealm="none";\r
-\r
- public static final String AAF_DOMAIN_SUPPORT = "aaf_domain_support";\r
- //public static final String AAF_DOMAIN_SUPPORT_DEF = ".com";\r
- public static final String AAF_DOMAIN_SUPPORT_DEF = ".org";\r
-\r
-\r
- public static void setDefaultRealm(Access access) throws CadiException {\r
- try {\r
- boolean hasCSP;\r
- try {\r
- Class.forName("com.att.cadi.taf.csp.CSPTaf");\r
- hasCSP=true;\r
- } catch(ClassNotFoundException e) {\r
- hasCSP = logProp(access,Config.CSP_DOMAIN, null)!=null;\r
- }\r
- defaultRealm = logProp(access,Config.AAF_DEFAULT_REALM,\r
- hasCSP?"csp.att.com":\r
- logProp(access,Config.BASIC_REALM,\r
- logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName())\r
- )\r
- );\r
- } catch (UnknownHostException e) {\r
- //defaultRealm="none";\r
- }\r
- }\r
- \r
-\r
- public static HttpTaf configHttpTaf(Access access, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException {\r
- /////////////////////////////////////////////////////\r
- // Setup AAFCon for any following\r
- /////////////////////////////////////////////////////\r
- Object aafcon = null;\r
- if(lur != null) {\r
- Field f = null;\r
- try {\r
- f = lur.getClass().getField("aaf");\r
- aafcon = f.get(lur);\r
- } catch (Exception nsfe) {\r
- }\r
- }\r
- // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL\r
- String aafURL = access.getProperty(AAF_URL,null);\r
- if(aafcon==null && aafURL!=null) {\r
- aafcon = loadAAFConnector(access, aafURL); \r
- }\r
- \r
- HttpTaf taf;\r
- // Setup Host, in case Network reports an unusable Hostname (i.e. VTiers, VPNs, etc)\r
- String hostname = logProp(access, HOSTNAME,null);\r
- if(hostname==null) {\r
- try {\r
- hostname = InetAddress.getLocalHost().getHostName();\r
- } catch (UnknownHostException e1) {\r
- throw new CadiException("Unable to determine Hostname",e1);\r
- }\r
- }\r
- \r
- access.log(Level.INIT, "Hostname set to",hostname);\r
- // Get appropriate TAFs\r
- ArrayList<HttpTaf> htlist = new ArrayList<HttpTaf>();\r
-\r
- /////////////////////////////////////////////////////\r
- // Add a Denial of Service TAF\r
- // Note: how IPs and IDs are added are up to service type.\r
- // They call "DenialOfServiceTaf.denyIP(String) or denyID(String)\r
- /////////////////////////////////////////////////////\r
- htlist.add(new DenialOfServiceTaf(access));\r
-\r
- /////////////////////////////////////////////////////\r
- // Configure LocalHost \r
- /////////////////////////////////////////////////////\r
- \r
- String truststore = logProp(access, CADI_TRUSTSTORE, access.getProperty("AFT_DME2_TRUSTSTORE", null));\r
- if(truststore!=null) {\r
- String truststore_pwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD, access.getProperty("AFT_DME2_TRUSTSTORE_PASSWORD",null));\r
- if(truststore_pwd!=null) {\r
- if(truststore_pwd.startsWith(Symm.ENC)) {\r
- try {\r
- truststore_pwd = access.decrypt(truststore_pwd,false);\r
- } catch (IOException e) {\r
- throw new CadiException(CADI_TRUSTSTORE_PASSWORD + " cannot be decrypted",e);\r
- }\r
- }\r
- try {\r
- htlist.add(new X509Taf(access,lur));\r
- access.log(Level.INIT,"Certificate Authorization enabled");\r
- } catch (SecurityException e) {\r
- access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e);\r
- } catch (IllegalArgumentException e) {\r
- access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e);\r
- } catch (CertificateException e) {\r
- access.log(Level.INIT,"Certificate Authorization failed, it is disabled",e);\r
- } catch (NoSuchAlgorithmException e) {\r
- access.log(Level.INIT,"Certificate Authorization failed, wrong Security Algorithm",e);\r
- }\r
- }\r
- } else {\r
- access.log(Level.INIT,"Certificate Authorization not enabled");\r
- }\r
- \r
- /////////////////////////////////////////////////////\r
- // Configure Basic Auth (local content)\r
- /////////////////////////////////////////////////////\r
- String basic_realm = logProp(access, BASIC_REALM,null);\r
- boolean basic_warn = "TRUE".equals(access.getProperty(BASIC_WARN,"FALSE"));\r
- if(basic_realm!=null && up!=null) {\r
- access.log(Level.INIT,"Basic Authorization is enabled using realm",basic_realm);\r
- // Allow warning about insecure channel to be turned off\r
- if(!basic_warn)access.log(Level.INIT,"WARNING! The basic_warn property has been set to false.",\r
- " There will be no additional warning if Basic Auth is used on an insecure channel"\r
- );\r
- String aafCleanup = logProp(access, AAF_USER_EXPIRES,AAF_USER_EXPIRES_DEF); // Default is 10 mins\r
- long userExp = Long.parseLong(aafCleanup);\r
-\r
- htlist.add(new BasicHttpTaf(access, up, basic_realm, userExp, basic_warn));\r
- } else {\r
- access.log(Level.INIT,"Local Basic Authorization is disabled. Enable by setting basic_realm=<appropriate realm, i.e. my.att.com>");\r
- }\r
- \r
- /////////////////////////////////////////////////////\r
- // Configure AAF Driven Basic Auth\r
- /////////////////////////////////////////////////////\r
- boolean getRemoteAAF = true;\r
- if(additionalTafLurs!=null) {\r
- for(Object o : additionalTafLurs) {\r
- if(o.getClass().getSimpleName().equals("DirectAAFLur")) {\r
- getRemoteAAF = false;\r
- break;\r
- }\r
- }\r
- }\r
- HttpTaf aaftaf=null;\r
- if(getRemoteAAF) {\r
- if(aafcon==null) {\r
- access.log(Level.INIT,"AAF Connection (AAFcon) is null. Cannot create an AAF TAF");\r
- } else if(aafURL==null) {\r
- access.log(Level.INIT,"No AAF URL in properties, Cannot create an AAF TAF");\r
- } else {// There's an AAF_URL... try to configure an AAF \r
- String defName = aafURL.contains("version=2.0")?"com.att.cadi.aaf.v2_0.AAFTaf":"";\r
- String aafTafClassName = logProp(access, AAF_TAF_CLASS,defName);\r
- // Only 2.0 available at this time\r
- if("com.att.cadi.aaf.v2_0.AAFTaf".equals(aafTafClassName)) { \r
- try {\r
- Class<?> aafTafClass = loadClass(access,aafTafClassName);\r
- Class<?> aafConClass = loadClass(access,"com.att.cadi.aaf.v2_0.AAFCon");\r
- \r
- Constructor<?> cstr = aafTafClass.getConstructor(aafConClass,boolean.class,AbsUserCache.class);\r
- if(cstr!=null) {\r
- aaftaf = (HttpTaf)cstr.newInstance(aafcon,basic_warn,lur);\r
- if(aaftaf==null) {\r
- access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured");\r
- } else {\r
- access.log(Level.INIT,"AAF TAF Configured to ",aafURL);\r
- // Note: will add later, after all others configured\r
- }\r
- }\r
- } catch(Exception e) {\r
- access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured");\r
- }\r
- }\r
- }\r
- }\r
- \r
- \r
- String alias = logProp(access, CADI_ALIAS,null);\r
-\r
- /////////////////////////////////////////////////////\r
- // Configure tGuard... (AT&T Client Repo)\r
- /////////////////////////////////////////////////////\r
- // TGUARD Environment, translated to any other remote Environment validation mechanism...\r
- String tGuard_domain = logProp(access, TGUARD_DOMAIN,null);\r
- String tGuard_env = logProp(access, TGUARD_ENV, null);\r
-\r
- if(!("PROD".equals(tGuard_env) || "STAGE".equals(tGuard_env))) {\r
- access.log(Level.INIT, "tGuard Authorization is disabled. Enable by setting", TGUARD_ENV, "to \"PROD\" or \"STAGE\"");\r
- } else if(tGuard_domain==null) {\r
- access.log(Level.INIT,TGUARD_DOMAIN + " must be set: tGuard Authorization is disabled.");\r
- } else if(alias == null) {\r
- access.log(Level.INIT,CADI_ALIAS + " must be set: tGuard Authorization is disabled.");\r
- } else {\r
- try {\r
- Class<?> tGuardClass = loadClass(access,"com.att.cadi.tguard.TGuardHttpTaf");\r
- if(aaftaf!=null) {\r
- Constructor<?> tGuardCnst = tGuardClass.getConstructor(new Class[]{Access.class, AbsUserCache.class});\r
- htlist.add((HttpTaf)tGuardCnst.newInstance(new Object[] {access,aaftaf}));\r
- access.log(Level.INIT,"tGuard Authorization is enabled on",tGuard_env,"on the",tGuard_domain," tGuard Domain");\r
- } else {\r
- Constructor<?> tGuardCnst = tGuardClass.getConstructor(new Class[]{Access.class, int.class, int.class, int.class});\r
- htlist.add((HttpTaf)tGuardCnst.newInstance(new Object[] {\r
- access,\r
- Integer.parseInt(logProp(access, AAF_CLEAN_INTERVAL,AAF_CLEAN_INTERVAL_DEF)),\r
- Integer.parseInt(logProp(access, AAF_HIGH_COUNT, AAF_HIGH_COUNT_DEF)),\r
- Integer.parseInt(logProp(access, AAF_REFRESH_TRIGGER_COUNT, AAF_REFRESH_TRIGGER_COUNT_DEF))\r
- }));\r
- access.log(Level.INIT,"tGuard Authorization is enabled on",tGuard_env,"on the",tGuard_domain," tGuard Domain");\r
- }\r
- } catch(Exception e) {\r
- access.log(e, Level.INIT,"tGuard Class cannot be loaded: tGuard Authorization is disabled.");\r
- }\r
- }\r
- \r
- /////////////////////////////////////////////////////\r
- // Adding BasicAuth (AAF) last, after other primary Cookie Based\r
- // Needs to be before Cert... see below\r
- /////////////////////////////////////////////////////\r
- if(aaftaf!=null) {\r
- htlist.add(aaftaf);\r
- }\r
-\r
-\r
- /////////////////////////////////////////////////////\r
- // Any Additional Lurs passed in Constructor\r
- /////////////////////////////////////////////////////\r
- if(additionalTafLurs!=null) {\r
- for(Object additional : additionalTafLurs) {\r
- if(additional instanceof HttpTaf) {\r
- htlist.add((HttpTaf)additional);\r
- access.log(Level.INIT,additional);\r
- }\r
- }\r
- }\r
-\r
- /////////////////////////////////////////////////////\r
- // Create EpiTaf from configured TAFs\r
- /////////////////////////////////////////////////////\r
- if(htlist.size()==1) {\r
- // just return the one\r
- taf = htlist.get(0);\r
- } else {\r
- HttpTaf[] htarray = new HttpTaf[htlist.size()];\r
- htlist.toArray(htarray);\r
- Locator<URI> locator = loadLocator(access, logProp(access, CADI_LOGINPAGE_URL, null));\r
- \r
- taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null\r
- String level = logProp(access, CADI_LOGLEVEL, null);\r
- if(level!=null) {\r
- access.setLogLevel(Level.valueOf(level));\r
- }\r
- }\r
- \r
- return taf;\r
- }\r
- \r
- public static String logProp(Access access,String tag, String def) {\r
- String rv = access.getProperty(tag, def);\r
- if(rv == null) {\r
- access.log(Level.INIT,tag,"is not set");\r
- } else {\r
- access.log(Level.INIT,tag,"is set to",rv);\r
- }\r
- return rv;\r
- }\r
- \r
- public static Lur configLur(Access access, Object ... additionalTafLurs) throws CadiException {\r
- List<Lur> lurs = new ArrayList<Lur>();\r
- \r
- /////////////////////////////////////////////////////\r
- // Configure a Local Property Based RBAC/LUR\r
- /////////////////////////////////////////////////////\r
- try {\r
- String users = access.getProperty(USERS,null);\r
- String groups = access.getProperty(GROUPS,null);\r
-\r
- if(groups!=null || users!=null) {\r
- LocalLur ll;\r
- lurs.add(ll = new LocalLur(access, users, groups)); // note b64==null is ok.. just means no encryption.\r
- \r
- String writeto = access.getProperty(WRITE_TO,null);\r
- if(writeto!=null) {\r
- String msg = UsersDump.updateUsers(writeto, ll);\r
- if(msg!=null) access.log(Level.INIT,"ERROR! Error Updating ",writeto,"with roles and users:",msg);\r
- }\r
- }\r
- } catch (IOException e) {\r
- throw new CadiException(e);\r
- }\r
- \r
- /////////////////////////////////////////////////////\r
- // Configure the AAF Lur (if any)\r
- /////////////////////////////////////////////////////\r
- String aafURL = logProp(access,AAF_URL,null); // Trigger Property\r
- String aaf_env = access.getProperty(AAF_ENV,null);\r
- if(aaf_env == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL\r
- int ec = aafURL.indexOf("envContext=");\r
- if(ec>0) {\r
- ec += 11; // length of envContext=\r
- int slash = aafURL.indexOf('/', ec);\r
- if(slash>0) {\r
- aaf_env = aafURL.substring(ec, slash);\r
- ((PropAccess)access).setProperty(AAF_ENV, aaf_env);\r
- access.printf(Level.INIT, "Setting aaf_env to %s from aaf_url value",aaf_env);\r
- }\r
- }\r
- }\r
- \r
- if(aafURL==null) {\r
- access.log(Level.INIT,"No AAF LUR properties, AAF will not be loaded");\r
- } else {// There's an AAF_URL... try to configure an AAF\r
- String aafLurClassStr = logProp(access,AAF_LUR_CLASS,"com.att.cadi.aaf.v2_0.AAFLurPerm");\r
- ////////////AAF Lur 2.0 /////////////\r
- if(aafLurClassStr.startsWith("com.att.cadi.aaf.v2_0")) { \r
- try {\r
- Object aafcon = loadAAFConnector(access, aafURL);\r
- if(aafcon==null) {\r
- access.log(Level.INIT,"AAF LUR class,",aafLurClassStr,"cannot be constructed without valid AAFCon object.");\r
- } else {\r
- Class<?> aafAbsAAFCon = loadClass(access, "com.att.cadi.aaf.v2_0.AAFCon");\r
- Method mNewLur = aafAbsAAFCon.getMethod("newLur");\r
- Object aaflur = mNewLur.invoke(aafcon);\r
- \r
- if(aaflur==null) {\r
- access.log(Level.INIT,"ERROR! AAF LUR Failed construction. NOT Configured");\r
- } else {\r
- access.log(Level.INIT,"AAF LUR Configured to ",aafURL);\r
- lurs.add((Lur)aaflur);\r
- String debugIDs = logProp(access,Config.AAF_DEBUG_IDS, null);\r
- if(debugIDs !=null && aaflur instanceof CachingLur) {\r
- ((CachingLur<?>)aaflur).setDebug(debugIDs);\r
- }\r
- }\r
- }\r
- } catch (Exception e) {\r
- access.log(e,"AAF LUR class,",aafLurClassStr,"could not be constructed with given Constructors.");\r
- }\r
- } \r
- } \r
-\r
- /////////////////////////////////////////////////////\r
- // Any Additional passed in Constructor\r
- /////////////////////////////////////////////////////\r
- if(additionalTafLurs!=null) {\r
- for(Object additional : additionalTafLurs) {\r
- if(additional instanceof Lur) {\r
- lurs.add((Lur)additional);\r
- access.log(Level.INIT, additional);\r
- }\r
- }\r
- }\r
-\r
- /////////////////////////////////////////////////////\r
- // Return a Lur based on how many there are... \r
- /////////////////////////////////////////////////////\r
- switch(lurs.size()) {\r
- case 0: \r
- access.log(Level.INIT,"WARNING! No CADI LURs configured");\r
- // Return a NULL Lur that does nothing.\r
- return new NullLur();\r
- case 1:\r
- return lurs.get(0); // Only one, just return it, save processing\r
- default:\r
- // Multiple Lurs, use EpiLUR to handle\r
- Lur[] la = new Lur[lurs.size()];\r
- lurs.toArray(la);\r
- return new EpiLur(la);\r
- }\r
- }\r
- \r
- private static final String COM_ATT_CADI_AAF_V2_0_AAF_CON_DME2 = "com.att.cadi.aaf.v2_0.AAFConDME2";\r
- private static final String COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP = "com.att.cadi.aaf.v2_0.AAFConHttp";\r
- public static Object loadAAFConnector(Access access, String aafURL) {\r
- Object aafcon = null;\r
- Class<?> aafConClass = null;\r
-\r
- try {\r
- if(aafURL!=null) {\r
- String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);\r
- if(COM_ATT_CADI_AAF_V2_0_AAF_CON_DME2.equals(aafConnector) || aafURL.contains("/service=")) {\r
- aafConClass = loadClass(access, COM_ATT_CADI_AAF_V2_0_AAF_CON_DME2);\r
- if(aafConClass!=null) {\r
- Constructor<?> cons = aafConClass.getConstructor(PropAccess.class);\r
- aafcon = cons.newInstance(access);\r
- } else {\r
- access.log(Level.ERROR, "URL contains '/service=', which requires DME2");\r
- }\r
- } else if(COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {\r
- aafConClass = loadClass(access, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);\r
- for(Constructor<?> c : aafConClass.getConstructors()) {\r
- List<Object> lo = new ArrayList<Object>();\r
- for(Class<?> pc : c.getParameterTypes()) {\r
- if(pc.equals(PropAccess.class)) {\r
- lo.add(access);\r
- } else if(pc.equals(Locator.class)) {\r
- lo.add(loadLocator(access, aafURL));\r
- } else {\r
- continue;\r
- }\r
- }\r
- if(c.getParameterTypes().length!=lo.size()) {\r
- continue; // back to another Constructor\r
- } else {\r
- aafcon = c.newInstance(lo.toArray());\r
- }\r
- break;\r
- }\r
- }\r
- if(aafcon!=null) {\r
- String mechid = logProp(access,Config.AAF_MECHID, null);\r
- String pass = access.getProperty(Config.AAF_MECHPASS, null);\r
- if(mechid!=null && pass!=null) {\r
- try {\r
- Method basicAuth = aafConClass.getMethod("basicAuth", String.class, String.class);\r
- basicAuth.invoke(aafcon, mechid,pass);\r
- } catch (NoSuchMethodException nsme) {\r
- // it's ok, don't use\r
- }\r
- }\r
- }\r
- }\r
- } catch (Exception e) {\r
- access.log(e,"AAF Connector could not be constructed with given Constructors.");\r
- }\r
- \r
- return aafcon;\r
- }\r
-\r
- public static Class<?> loadClass(Access access, String className) {\r
- Class<?> cls=null;\r
- try {\r
- cls = access.classLoader().loadClass(className);\r
- } catch (ClassNotFoundException cnfe) {\r
- try {\r
- cls = access.getClass().getClassLoader().loadClass(className);\r
- } catch (ClassNotFoundException cnfe2) {\r
- // just return null\r
- }\r
- }\r
- return cls;\r
- }\r
-\r
- @SuppressWarnings("unchecked")\r
- public static Locator<URI> loadLocator(Access access, String url) {\r
- Locator<URI> locator = null;\r
- if(url==null) {\r
- access.log(Level.INIT,"No URL for AAF Login Page. Disabled");\r
- } else {\r
- if(url.contains("DME2RESOLVE")) {\r
- try {\r
- Class<?> lcls = loadClass(access,"com.att.cadi.locator.DME2Locator");\r
- Class<?> dmcls = loadClass(access,"com.att.aft.dme2.api.DME2Manager");\r
- Constructor<?> cnst = lcls.getConstructor(new Class[] {Access.class,dmcls,String.class});\r
- locator = (Locator<URI>)cnst.newInstance(new Object[] {access,null,url});\r
- access.log(Level.INFO, "DME2Locator enabled with " + url);\r
- } catch (Exception e) {\r
- access.log(Level.INIT,"AAF Login Page accessed by " + url + " requires DME2. It is now disabled",e);\r
- }\r
- } else {\r
- try {\r
- Class<?> cls = loadClass(access,"com.att.cadi.locator.PropertyLocator");\r
- Constructor<?> cnst = cls.getConstructor(new Class[] {String.class});\r
- locator = (Locator<URI>)cnst.newInstance(new Object[] {url});\r
- access.log(Level.INFO, "PropertyLocator enabled with " + url);\r
- } catch (Exception e) {\r
- access.log(Level.INIT,"AAF Login Page accessed by " + url + " requires PropertyLocator. It is now disabled",e);\r
- }\r
- }\r
- }\r
- return locator;\r
- }\r
-\r
- /*\r
- * DME2 can only read Passwords as clear text properties. Leaving in "System Properties" un-encrypted exposes these passwords\r
- */\r
- public static class PasswordRemoval extends TimerTask {\r
- private Access access;\r
- \r
- private final List<String> pws;\r
-\r
- public PasswordRemoval(Access access) {\r
- this.access = access;\r
- pws = new ArrayList<String>();\r
- }\r
- \r
- @Override\r
- public void run() {\r
- for(String key:pws) {\r
- access.log(Level.INIT, "Scrubbing " + key);\r
- System.clearProperty(key);\r
- }\r
- } \r
- public void add(String key) {\r
- pws.add(key);\r
- }\r
- }\r
-\r
- private static final String Y = "Y";\r
-\r
- private static String[][] CONVERTER_STRINGS=new String[][] {\r
- {AFT_DME2_KEYSTORE,CADI_KEYSTORE,null},\r
- {AFT_DME2_KEYSTORE_PASSWORD,CADI_KEYSTORE_PASSWORD,null},\r
- {AFT_DME2_KEY_PASSWORD,CADI_KEY_PASSWORD,null},\r
- {AFT_DME2_TRUSTSTORE,CADI_TRUSTSTORE,null},\r
- {AFT_DME2_TRUSTSTORE_PASSWORD,CADI_TRUSTSTORE_PASSWORD,null},\r
- {AFT_DME2_CLIENT_KEYSTORE,CADI_KEYSTORE,null},\r
- {AFT_DME2_CLIENT_KEYSTORE_PASSWORD,CADI_KEYSTORE_PASSWORD,null},\r
- {AFT_DME2_CLIENT_TRUSTSTORE,CADI_TRUSTSTORE,null},\r
- {AFT_DME2_CLIENT_TRUSTSTORE_PASSWORD,CADI_TRUSTSTORE_PASSWORD,null},\r
- {AFT_DME2_CLIENT_SSL_CERT_ALIAS,CADI_ALIAS,null},\r
- {AFT_DME2_CLIENT_SSL_INCLUDE_PROTOCOLS,CADI_PROTOCOLS,null},\r
- {"AFT_DME2_HOSTNAME",HOSTNAME,null},\r
- {"AFT_LATITUDE",null,Y},\r
- {"AFT_LONGITUDE",null,Y},\r
- {"AFT_ENVIRONMENT",null,Y},\r
- {"SCLD_PLATFORM",null,Y},\r
- {"DME2_EP_REGISTRY_CLASS",null,Y},// for Developer local access\r
- {"AFT_DME2_EP_REGISTRY_FS_DIR",null,Y},\r
- {"DME2.DEBUG",null,null},\r
- {"AFT_DME2_HTTP_EXCHANGE_TRACE_ON",null,null},\r
- {"AFT_DME2_SSL_ENABLE",null,null},\r
- {"AFT_DME2_SSL_WANT_CLIENT_AUTH",null,null},\r
- {AFT_DME2_SSL_INCLUDE_PROTOCOLS,CADI_PROTOCOLS,null},\r
- {"AFT_DME2_SSL_VALIDATE_CERTS",null,null},\r
- {AFT_DME2_CLIENT_IGNORE_SSL_CONFIG,null,null},\r
- {"https.protocols",CADI_PROTOCOLS,Y},\r
- };\r
-\r
-\r
-\r
- public static Properties getDME2Props(PropAccess access) {\r
- Properties dprops = new Properties();\r
- String value = null;\r
- boolean reqClientConfig = false;\r
- for(String[] row : CONVERTER_STRINGS) {\r
- value = access.getProperty(row[0],null);\r
- if(value==null) {\r
- value = System.getProperty(row[0]);\r
- if(value==null && row[1]!=null) {\r
- value = access.getProperty(row[1],null);\r
- if(value == null) {\r
- value = System.getProperty(row[1]);\r
- }\r
- }\r
- }\r
- if(value!=null) {\r
- if(row[0].contains("_SSL_")) {\r
- reqClientConfig = true;\r
- }\r
- if(row[0].startsWith("AFT") || row[0].startsWith("SCLD") || row[0].contains("DME2")) {\r
- if(value.startsWith("enc:")) {\r
- try {\r
- value = access.decrypt(value, true);\r
- } catch (IOException e) {\r
- access.log(Level.ERROR, e);\r
- }\r
- System.setProperty(row[0], value);\r
- } else if(Y.equals(row[2])) {\r
- System.setProperty(row[0], value);\r
- dprops.setProperty(row[0], value);\r
- } else if(row[0].contains("PASSWORD") || row[0].contains("STORE")) {\r
- System.setProperty(row[0], value);\r
- } else {\r
- dprops.setProperty(row[0], value);\r
- }\r
- }\r
- \r
- }\r
- \r
- }\r
- \r
- Properties sprops = System.getProperties();\r
- if(reqClientConfig && sprops.getProperty(AFT_DME2_CLIENT_IGNORE_SSL_CONFIG)==null) {\r
- sprops.put(AFT_DME2_CLIENT_IGNORE_SSL_CONFIG, "false");\r
- replaceKeyWithTrust(sprops,AFT_DME2_KEYSTORE,AFT_DME2_TRUSTSTORE);\r
- replaceKeyWithTrust(sprops,AFT_DME2_KEYSTORE_PASSWORD,AFT_DME2_TRUSTSTORE_PASSWORD);\r
- replaceKeyWithTrust(sprops,AFT_DME2_CLIENT_KEYSTORE,AFT_DME2_CLIENT_TRUSTSTORE);\r
- replaceKeyWithTrust(sprops,AFT_DME2_CLIENT_KEYSTORE_PASSWORD,AFT_DME2_CLIENT_TRUSTSTORE_PASSWORD);\r
- }\r
- \r
- if(sprops.getProperty(AFT_DME2_CLIENT_SSL_INCLUDE_PROTOCOLS)==null) {\r
- sprops.setProperty(AFT_DME2_CLIENT_SSL_INCLUDE_PROTOCOLS, access.getProperty(CADI_PROTOCOLS,SecurityInfo.HTTPS_PROTOCOLS_DEFAULT));\r
- }\r
-\r
- if(sprops.getProperty(AFT_DME2_SSL_INCLUDE_PROTOCOLS)==null) {\r
- sprops.setProperty(AFT_DME2_SSL_INCLUDE_PROTOCOLS, access.getProperty(CADI_PROTOCOLS,SecurityInfo.HTTPS_PROTOCOLS_DEFAULT));\r
- }\r
- \r
- if(access.willLog(Level.DEBUG)) {\r
- if(access instanceof PropAccess) {\r
- access.log(Level.DEBUG,"Access Properties");\r
- for(Entry<Object, Object> es : ((PropAccess)access).getProperties().entrySet()) {\r
- access.printf(Level.DEBUG," %s=%s",es.getKey().toString(),es.getValue().toString());\r
- }\r
- }\r
- access.log(Level.DEBUG,"DME2 Properties()");\r
- for(Entry<Object, Object> es : dprops.entrySet()) {\r
- value = es.getValue().toString();\r
- if(es.getKey().toString().contains("PASS")) {\r
- if(value==null || !value.contains("enc:")) {\r
- value = HIDE_PASS;\r
- }\r
- }\r
- access.printf(Level.DEBUG," %s=%s",es.getKey().toString(),value);\r
- }\r
- \r
- access.log(Level.DEBUG,"System (AFT) Properties");\r
- for(Entry<Object, Object> es : System.getProperties().entrySet()) {\r
- if(es.getKey().toString().startsWith("AFT")) {\r
- value = es.getValue().toString();\r
- if(es.getKey().toString().contains("PASS")) {\r
- if(value==null || !value.contains("enc:")) {\r
- value = HIDE_PASS;\r
- }\r
- }\r
- access.printf(Level.DEBUG," %s=%s",es.getKey().toString(),value);\r
- }\r
- }\r
- }\r
- // Cover any not specific AFT props\r
- String key;\r
- for(Entry<Object, Object> es : access.getProperties().entrySet()) {\r
- if((key=es.getKey().toString()).startsWith("AFT_") && \r
- !key.contains("PASSWORD") &&\r
- dprops.get(key)==null) {\r
- dprops.put(key, es.getValue());\r
- }\r
- }\r
- return dprops;\r
- }\r
- \r
- private static void replaceKeyWithTrust(Properties props, String ks, String ts) {\r
- String value;\r
- if(props.get(ks)==null && (value=props.getProperty(ts))!=null) {\r
- props.put(ks,value);\r
- props.remove(ts);\r
- }\r
- }\r
- // Set by CSP, or is hostname.\r
- public static String getDefaultRealm() {\r
- return defaultRealm;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-import java.lang.reflect.Method;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Access.Level;\r
-\r
-public interface Get {\r
- public String get(String name, String def, boolean print);\r
- \r
- \r
- /**\r
- * A class for Getting info out of "JavaBean" format\r
- *\r
- */\r
- public static class Bean implements Get {\r
- private Object bean;\r
- private Class<?> bc;\r
- private Class<?>[] params;\r
- private Object[] args;\r
- \r
- public Bean(Object bean) {\r
- this.bean = bean;\r
- bc = bean.getClass();\r
- params = new Class<?>[0]; // note, this will allow to go out of scope after config\r
- args = new Object[0];\r
- }\r
- \r
- public String get(String name, String def, boolean print) {\r
- String str = null;\r
- String gname = "get"+Character.toUpperCase(name.charAt(0))+name.substring(1);\r
- try {\r
- Method meth = bc.getMethod(gname, params);\r
- Object obj = meth.invoke(bean, args);\r
- str = obj==null?null:obj.toString(); // easy string convert... \r
- } catch (Exception e) {\r
- }\r
- \r
- // Take def if nothing else\r
- if(str==null) {\r
- str = def;\r
- // don't log defaults\r
- } else {\r
- str = str.trim(); // this is vital in Property File based values, as spaces can hide easily\r
- }\r
- // Note: Can't log during configuration\r
- return str;\r
- }\r
- }\r
-\r
- public static Get NULL = new Get() {\r
- public String get(String name, String def, boolean print) {\r
- return def;\r
- }\r
- };\r
-\r
- public static class AccessGet implements Get {\r
- private Access access;\r
- public AccessGet(Access access) {\r
- this.access = access;\r
- }\r
- public String get(String name, String def, boolean print) {\r
- String gotten = access.getProperty(name, def);\r
- if(print) {\r
- if(gotten == null) {\r
- access.log(Level.INIT,name, "is not set");\r
- } else {\r
- access.log(Level.INIT,name, "is set to", gotten);\r
- }\r
- }\r
- return gotten;\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-import org.onap.aaf.cadi.PropAccess;\r
-\r
-public class GetAccess extends PropAccess {\r
- private final Get getter;\r
- \r
- public GetAccess(Get getter) {\r
- super(new String[]{"cadi_prop_files="+getter.get("cadi_prop_files", null, true)});\r
- this.getter = getter;\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.PropAccess#getProperty(java.lang.String, java.lang.String)\r
- */\r
- @Override\r
- public String getProperty(String tag, String def) {\r
- String rv;\r
- rv = super.getProperty(tag, null);\r
- if(rv==null && getter!=null) {\r
- rv = getter.get(tag, null, true);\r
- }\r
- return rv==null?def:rv;\r
- }\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.PropAccess#getProperty(java.lang.String)\r
- */\r
- @Override\r
- public String getProperty(String tag) {\r
- String rv;\r
- rv = super.getProperty(tag, null);\r
- if(rv==null && getter!=null) {\r
- rv = getter.get(tag, null, true);\r
- }\r
- return rv;\r
- }\r
-\r
- public Get get() {\r
- return getter;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-public class MultiGet implements Get {\r
- private Get[] getters;\r
-\r
- public MultiGet(Get ... getters) {\r
- this.getters = getters;\r
- }\r
-\r
- @Override\r
- public String get(String name, String def, boolean print) {\r
- String str;\r
- for(Get getter : getters) {\r
- str = getter.get(name, null, print);\r
- if(str!=null) \r
- return str;\r
- }\r
- return def;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-import java.net.InetAddress;\r
-import java.net.UnknownHostException;\r
-import java.rmi.AccessException;\r
-import java.security.GeneralSecurityException;\r
-import java.security.KeyStore;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.X509Certificate;\r
-import java.util.ArrayList;\r
-\r
-import javax.net.ssl.HostnameVerifier;\r
-import javax.net.ssl.HttpsURLConnection;\r
-import javax.net.ssl.KeyManager;\r
-import javax.net.ssl.KeyManagerFactory;\r
-import javax.net.ssl.SSLContext;\r
-import javax.net.ssl.SSLSession;\r
-import javax.net.ssl.SSLSocketFactory;\r
-import javax.net.ssl.TrustManager;\r
-import javax.net.ssl.TrustManagerFactory;\r
-import javax.net.ssl.X509KeyManager;\r
-import javax.net.ssl.X509TrustManager;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.util.MaskFormatException;\r
-import org.onap.aaf.cadi.util.NetMask;\r
-\r
-public class SecurityInfo {\r
- private static final String SECURITY_ALGO = "RSA";\r
- private static final String HTTPS_PROTOCOLS = "https.protocols";\r
- private static final String JDK_TLS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";\r
-\r
- public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";\r
- public static final String REGEX_COMMA = "\\s*,\\s*";\r
- public static final String SslKeyManagerFactoryAlgorithm;\r
- \r
- private SSLSocketFactory scf;\r
- private X509KeyManager[] km;\r
- private X509TrustManager[] tm;\r
- public final String default_alias;\r
- private NetMask[] trustMasks;\r
- private SSLContext ctx;\r
- private HostnameVerifier maskHV;\r
-\r
- // Change Key Algorithms for IBM's VM. Could put in others, if needed.\r
- static {\r
- if(System.getProperty("java.vm.vendor").equalsIgnoreCase("IBM Corporation")) {\r
- SslKeyManagerFactoryAlgorithm = "IbmX509";\r
- } else {\r
- SslKeyManagerFactoryAlgorithm = "SunX509";\r
- }\r
- }\r
- \r
-\r
- public SecurityInfo(final Access access) throws GeneralSecurityException, IOException {\r
- // reuse DME2 Properties for convenience if specific Properties don't exist\r
- String keyStore = access.getProperty(Config.CADI_KEYSTORE,\r
- access.getProperty(Config.AFT_DME2_KEYSTORE,null));\r
- String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD,\r
- access.getProperty(Config.AFT_DME2_KEYSTORE_PASSWORD, null));\r
- keyStorePasswd = keyStorePasswd==null?null:access.decrypt(keyStorePasswd,false);\r
- String trustStore = access.getProperty(Config.CADI_TRUSTSTORE,\r
- access.getProperty(Config.AFT_DME2_TRUSTSTORE, null));\r
- String trustStorePasswd = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD,\r
- access.getProperty(Config.AFT_DME2_TRUSTSTORE_PASSWORD,null));\r
- trustStorePasswd = trustStorePasswd==null?null:access.decrypt(trustStorePasswd,false);\r
- default_alias = access.getProperty(Config.CADI_ALIAS, \r
- access.getProperty(Config.AFT_DME2_CLIENT_SSL_CERT_ALIAS,null));\r
- \r
- String keyPasswd = access.getProperty(Config.CADI_KEY_PASSWORD,null);\r
- keyPasswd = keyPasswd==null?keyStorePasswd:access.decrypt(keyPasswd,false);\r
- String tips=access.getProperty(Config.CADI_TRUST_MASKS, null);\r
- if(tips!=null) {\r
- access.log(Level.INIT,"Explicitly accepting valid X509s from",tips);\r
- String[] ipsplit = tips.split(REGEX_COMMA);\r
- trustMasks = new NetMask[ipsplit.length];\r
- for(int i=0;i<ipsplit.length;++i) {\r
- try {\r
- trustMasks[i]=new NetMask(ipsplit[i]);\r
- } catch (MaskFormatException e) {\r
- throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS,e);\r
- }\r
- }\r
- }\r
- String https_protocols = Config.logProp(access,Config.CADI_PROTOCOLS, \r
- access.getProperty(Config.AFT_DME2_SSL_INCLUDE_PROTOCOLS, \r
- access.getProperty(HTTPS_PROTOCOLS,HTTPS_PROTOCOLS_DEFAULT)\r
- ));\r
- System.setProperty(HTTPS_PROTOCOLS,https_protocols);\r
- System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, https_protocols);\r
- \r
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm);\r
- File file;\r
-\r
-\r
- if(keyStore==null || keyStorePasswd == null) { \r
- km = new X509KeyManager[0];\r
- } else {\r
- ArrayList<X509KeyManager> kmal = new ArrayList<X509KeyManager>();\r
- for(String ksname : keyStore.split(REGEX_COMMA)) {\r
- file = new File(ksname);\r
- String keystoreFormat;\r
- if(ksname.endsWith("pkcs12")) {\r
- keystoreFormat = "PKCS12";\r
- } else {\r
- keystoreFormat = "JKS";\r
- }\r
- if(file.exists()) {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- KeyStore ks = KeyStore.getInstance(keystoreFormat);\r
- ks.load(fis, keyStorePasswd.toCharArray());\r
- kmf.init(ks, keyPasswd.toCharArray());\r
- } finally {\r
- fis.close();\r
- }\r
- }\r
- }\r
- for(KeyManager km : kmf.getKeyManagers()) {\r
- if(km instanceof X509KeyManager) {\r
- kmal.add((X509KeyManager)km);\r
- }\r
- }\r
- km = new X509KeyManager[kmal.size()];\r
- kmal.toArray(km);\r
- }\r
-\r
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm);\r
- if(trustStore!=null) {\r
- for(String tsname : trustStore.split(REGEX_COMMA)) {\r
- file = new File(tsname);\r
- if(file.exists()) {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- KeyStore ts = KeyStore.getInstance("JKS");\r
- ts.load(fis, trustStorePasswd.toCharArray());\r
- tmf.init(ts); \r
- } finally {\r
- fis.close();\r
- }\r
- }\r
- }\r
- TrustManager tms[] = tmf.getTrustManagers();\r
- tm = new X509TrustManager[tms==null?0:tms.length];\r
- for(int i=0;i<tms.length;++i) {\r
- try {\r
- tm[i]=(X509TrustManager)tms[i];\r
- } catch (ClassCastException e) {\r
- access.log(Level.WARN, "Non X509 TrustManager", tm[i].getClass().getName(),"skipped in SecurityInfo");\r
- }\r
- }\r
- }\r
- \r
- if(trustMasks!=null) {\r
- final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier();\r
- HttpsURLConnection.setDefaultHostnameVerifier(maskHV = new HostnameVerifier() {\r
- @Override\r
- public boolean verify(final String urlHostName, final SSLSession session) {\r
- try {\r
- // This will pick up /etc/host entries as well as DNS\r
- InetAddress ia = InetAddress.getByName(session.getPeerHost());\r
- for(NetMask tmask : trustMasks) {\r
- if(tmask.isInNet(ia.getHostAddress())) {\r
- return true;\r
- }\r
- }\r
- } catch (UnknownHostException e) {\r
- // It's ok. do normal Verify\r
- }\r
- return origHV.verify(urlHostName,session);\r
- };\r
- });\r
- }\r
- ctx = SSLContext.getInstance("TLS");\r
- ctx.init(km, tm, null);\r
- SSLContext.setDefault(ctx);\r
- scf = ctx.getSocketFactory();\r
- }\r
-\r
- /**\r
- * @return the scf\r
- */\r
- public SSLSocketFactory getSSLSocketFactory() {\r
- return scf;\r
- }\r
-\r
- public SSLContext getSSLContext() {\r
- return ctx;\r
- }\r
-\r
- /**\r
- * @return the km\r
- */\r
- public X509KeyManager[] getKeyManagers() {\r
- return km;\r
- }\r
-\r
- public void checkClientTrusted(X509Certificate[] certarr) throws CertificateException {\r
- for(X509TrustManager xtm : tm) {\r
- xtm.checkClientTrusted(certarr, SECURITY_ALGO);\r
- }\r
- }\r
-\r
- public void checkServerTrusted(X509Certificate[] certarr) throws CertificateException {\r
- for(X509TrustManager xtm : tm) {\r
- xtm.checkServerTrusted(certarr, SECURITY_ALGO);\r
- }\r
- }\r
-\r
- public void setSocketFactoryOn(HttpsURLConnection hsuc) {\r
- hsuc.setSSLSocketFactory(scf);\r
- if(maskHV!=null && !maskHV.equals(hsuc.getHostnameVerifier())) {\r
- hsuc.setHostnameVerifier(maskHV);\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-import java.io.IOException;\r
-import java.security.GeneralSecurityException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-\r
-\r
-public class SecurityInfoC<CLIENT> extends SecurityInfo {\r
- public SecuritySetter<CLIENT> defSS;\r
-\r
- public SecurityInfoC(Access access) throws GeneralSecurityException, IOException {\r
- super(access);\r
- }\r
-\r
- public SecurityInfoC<CLIENT> set(SecuritySetter<CLIENT> defSS) {\r
- this.defSS = defSS;\r
- return this;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.config;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.io.IOException;\r
-import java.io.OutputStream;\r
-import java.io.PrintStream;\r
-import java.util.Date;\r
-import java.util.HashSet;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.lur.LocalLur;\r
-\r
-public class UsersDump {\r
-\r
- /**\r
- * @param args\r
- */\r
- public static boolean write(OutputStream os, AbsUserCache<?> lur) {\r
- PrintStream ps;\r
- if(os instanceof PrintStream) {\r
- ps = (PrintStream)os;\r
- } else {\r
- ps = new PrintStream(os);\r
- }\r
- try {\r
- ps.println("<?xml version='1.0' encoding='utf-8'?>");\r
- ps.println("<!--");\r
- ps.print( " Code Generated Tomcat Users and Roles from AT&T LUR on ");\r
- ps.println(new Date());\r
- ps.println( "-->");\r
- ps.println("<tomcat-users>");\r
-\r
- // We loop through Users, but want to write Groups first... therefore, save off print\r
- StringBuilder sb = new StringBuilder();\r
- \r
- // Obtain all unique role names\r
- HashSet<String> groups = new HashSet<String>();\r
- for(AbsUserCache<?>.DumpInfo di : lur.dumpInfo()) {\r
- sb.append("\n <user username=\"");\r
- sb.append(di.user);\r
- sb.append("\" roles=\"");\r
- boolean first = true;\r
- for(String role : di.perms) {\r
- groups.add(role);\r
- if(first)first = false;\r
- else sb.append(',');\r
- sb.append(role);\r
- }\r
- sb.append("\"/>");\r
-\r
- }\r
-\r
- // Print roles\r
- for(String group : groups) {\r
- ps.print(" <role rolename=\"");\r
- ps.print(group);\r
- ps.println("\"/>");\r
- }\r
- \r
- ps.println(sb);\r
-\r
- ps.println("</tomcat-users>");\r
- ps.flush();\r
- } catch (Throwable t) {\r
- t.printStackTrace(ps);\r
- return false;\r
- }\r
- return true;\r
- }\r
- \r
- /**\r
- * \r
- * Note: This method returns a String if there's an error, or null if ok.\r
- * This unusual style is necessitated by the fact that any Exceptions thrown are likely to \r
- * be unlogged and hidden from view, making debugging almost impossible.\r
- * \r
- * @param writeto\r
- * @param up\r
- * @return\r
- */\r
- public static String updateUsers(String writeto, LocalLur up) {\r
- // Dump a Tomcat-user.xml lookalike (anywhere)\r
- if(writeto!=null) {\r
- // First read content\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- if(UsersDump.write(baos, up)) {\r
- byte[] postulate = baos.toByteArray();\r
- // now get contents of file\r
- File file = new File(writeto);\r
- boolean writeIt;\r
- if(file.exists()) {\r
- try {\r
- FileInputStream fis = new FileInputStream(file);\r
- byte[] orig = new byte[(int)file.length()];\r
- try {\r
- fis.read(orig);\r
- } finally {\r
- fis.close();\r
- }\r
- // Starting at third "<" (<tomcat-users> line)\r
- int startA=0, startB=0;\r
- for(int i=0;startA<orig.length && i<3;++startA) if(orig[startA]=='<')++i;\r
- for(int i=0;startB<orig.length && i<3;++startB) if(postulate[startB]=='<')++i;\r
- \r
- writeIt=orig.length-startA!=postulate.length-startB; // first, check if remaining length is the same\r
- while(!writeIt && startA<orig.length && startB<postulate.length) {\r
- if(orig[startA++]!=postulate[startB++])writeIt = true;\r
- }\r
- } catch (Exception e) {\r
- writeIt = true;\r
- }\r
- } else {\r
- writeIt = true;\r
- }\r
- \r
- if(writeIt) {\r
- try {\r
- FileOutputStream fos = new FileOutputStream(file);\r
- try {\r
- fos.write(postulate);\r
- } finally {\r
- fos.close();\r
- }\r
- } catch (IOException e) {\r
- return e.getMessage();\r
- }\r
- }\r
- }\r
- }\r
- return null; // no message means ok.\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import static java.lang.annotation.ElementType.TYPE;\r
-import static java.lang.annotation.RetentionPolicy.RUNTIME;\r
-\r
-import java.lang.annotation.Retention;\r
-import java.lang.annotation.Target;\r
-\r
-import javax.servlet.Servlet;\r
-\r
-@Target({TYPE})\r
-@Retention(RUNTIME)\r
-public @interface AUTHZ {\r
- Class<? extends Servlet> value();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.io.IOException;\r
-\r
-import javax.servlet.Servlet;\r
-import javax.servlet.ServletConfig;\r
-import javax.servlet.ServletException;\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.ServletResponse;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-/**\r
- * \r
- *\r
- */\r
-public class AUTHZServlet<S extends Servlet> implements Servlet {\r
- private String[] roles;\r
- private Servlet delegate;\r
-\r
- protected AUTHZServlet(Class<S> cls) {\r
- try {\r
- delegate = cls.newInstance();\r
- } catch (Exception e) {\r
- delegate = null;\r
- }\r
- RolesAllowed rolesAllowed = cls.getAnnotation(RolesAllowed.class);\r
- if(rolesAllowed == null) {\r
- roles = null;\r
- } else {\r
- roles = rolesAllowed.value();\r
- }\r
- }\r
- \r
- public void init(ServletConfig sc) throws ServletException {\r
- if(delegate == null) throw new ServletException("Invalid Servlet Delegate");\r
- delegate.init(sc);\r
- }\r
- \r
- public ServletConfig getServletConfig() {\r
- return delegate.getServletConfig();\r
- }\r
-\r
- public String getServletInfo() {\r
- return delegate.getServletInfo();\r
- }\r
-\r
- public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException {\r
- if(roles==null) {\r
- delegate.service(req,resp);\r
- } else { // Validate\r
- try {\r
- HttpServletRequest hreq = (HttpServletRequest)req;\r
- boolean proceed = false;\r
- for(String role : roles) {\r
- if(hreq.isUserInRole(role)) {\r
- proceed = true;\r
- break;\r
- }\r
- }\r
- if(proceed) {\r
- delegate.service(req,resp);\r
- } else {\r
- //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles);\r
- ((HttpServletResponse)resp).sendError(403); // forbidden\r
- }\r
- } catch(ClassCastException e) {\r
- throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse");\r
- }\r
- }\r
- }\r
-\r
- public void destroy() {\r
- delegate.destroy();\r
- }\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.config.Get;\r
-\r
-public class AccessGetter implements Get {\r
- private final Access access;\r
- public AccessGetter(Access access) {\r
- this.access = access;\r
- }\r
- public String get(String name, String def, boolean print) {\r
- return access.getProperty(name, def);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.util.Map;\r
-import java.util.Map.Entry;\r
-import java.util.Properties;\r
-\r
-import javax.servlet.ServletContext;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.Get;\r
-\r
-public class CadiAccess implements Access {\r
- // constants for a couple of very commonly used strings.\r
- protected static final String FROM = "from";\r
- protected static final String FOR = "for";\r
-\r
- // Properties derived from <pass> sources (could be property files, Valve Configurations, Filter\r
- // configs, etc. \r
- protected Properties props;\r
-\r
- // Will we write Logs?\r
- protected Level willWrite = Level.INFO;\r
- \r
- protected ServletContext context;\r
- protected Get getter = Get.NULL; // replace with Derived Class getter\r
- private Symm symm;\r
-\r
- public CadiAccess(Map<String, Object> map) {\r
- if(map!=null && !map.isEmpty()) {\r
- props = new Properties();\r
- for(Entry<String, Object> es : map.entrySet()) {\r
- Object v = es.getValue();\r
- if(v!=null) {\r
- props.put(es.getKey(), v.toString());\r
- }\r
- }\r
- Object keyfile = props.get(Config.CADI_KEYFILE);\r
- if(keyfile!=null) {\r
- try {\r
- FileInputStream fis = new FileInputStream(keyfile.toString());\r
- symm = Symm.obtain(fis);\r
- } catch (Exception e) {\r
- }\r
- }\r
-\r
- }\r
- }\r
- \r
- public Level willWrite() {\r
- return willWrite;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Access#willLog(com.att.cadi.Access.Level)\r
- */\r
- @Override\r
- public boolean willLog(Level level) {\r
- return willWrite.compareTo(level)<=0;\r
- }\r
-\r
- /**\r
- * Add the "Level" to the Buildline for Logging types that don't specify, or straight Streams, etc. Then buildline\r
- * \r
- * Build a line of code onto a StringBuilder based on Objects. Analyze whether \r
- * spaces need including.\r
- *\r
- * @param level\r
- * @param sb\r
- * @param elements\r
- * @return\r
- */\r
- public final static StringBuilder buildLine(Level level, StringBuilder sb, Object[] elements) {\r
- sb.append(level.name());\r
- return buildLine(sb,elements);\r
- }\r
- \r
- /*\r
- * Build a line of code onto a StringBuilder based on Objects. Analyze whether \r
- * spaces need including.\r
- * \r
- * @param sb\r
- * @param elements\r
- * @return\r
- */\r
- public final static StringBuilder buildLine(StringBuilder sb, Object[] elements) {\r
- sb.append(' ');\r
- String str;\r
- boolean notFirst = false;\r
- for(Object o : elements) {\r
- if(o!=null) {\r
- str = o.toString();\r
- \r
- if(str.length()>0) {\r
- if(notFirst && shouldAddSpace(str,true) && shouldAddSpace(sb,false)) {\r
- sb.append(' ');\r
- } else {\r
- notFirst=true;\r
- }\r
- sb.append(str);\r
- }\r
- }\r
- }\r
- return sb;\r
- }\r
- \r
- private static boolean shouldAddSpace(CharSequence c,boolean start) {\r
- if(c.length()>0)\r
- switch(c.charAt(start?0:c.length()-1)) {\r
- case ' ':\r
- case '\t':\r
- case '\n':\r
- case '\'':\r
- case '"':\r
- case '|':\r
- return false;\r
- }\r
- return true;\r
- }\r
-\r
- /**\r
- * Standard mechanism for logging, given being within a Servlet Context\r
- * \r
- * Here, we treat\r
- * \r
- * if context exists, log to it, otherwise log to Std Out (The latter is usually for startup \r
- * scenarios)\r
- *\r
- */\r
- public void log(Level level, Object... elements) {\r
- if(willWrite.compareTo(level)<=0) {\r
- StringBuilder sb = buildLine(level, new StringBuilder(),elements);\r
- if(context==null) {\r
- System.out.println(sb.toString());\r
- } else {\r
- context.log(sb.toString());\r
- }\r
- }\r
- }\r
-\r
- /**\r
- * Standard mechanism for logging an Exception, given being within a Servlet Context, etc\r
- * \r
- * if context exists, log to it, otherwise log to Std Out (The latter is usually for startup \r
- * scenarios)\r
- *\r
- */\r
- public void log(Exception e, Object... elements) {\r
- if(willWrite.compareTo(Level.ERROR)<=0) {\r
- StringBuilder sb = buildLine(Level.ERROR, new StringBuilder(),elements);\r
- \r
- if(context==null) {\r
- sb.append(e.toString());\r
- System.out.println(sb.toString());\r
- } else {\r
- context.log(sb.toString(),e);\r
- }\r
- }\r
- }\r
- \r
- public void setLogLevel(Level level) {\r
- willWrite = level;\r
- }\r
- \r
- /**\r
- * Pass back the classloader of the Servlet Context, if it exists. Otherwise, get the classloader\r
- * of this object.\r
- */\r
- public ClassLoader classLoader() { // Use the Classloader that Context was created with\r
- return (context==null?this:context).getClass().getClassLoader();\r
- }\r
-\r
- /**\r
- * Get the Property from Context\r
- */\r
- public String getProperty(String string, String def) {\r
- String rv = null;\r
-\r
- if ( props != null )\r
- rv = props.getProperty( string, def );\r
- \r
- if(rv==null) {\r
- rv = context.getInitParameter(string);\r
- }\r
- return rv==null?def:rv;\r
-\r
- }\r
-\r
- public void load(InputStream is) throws IOException {\r
- if(this.props==null) {\r
- this.props = new Properties();\r
- }\r
- this.props.load(is);\r
- symm = Symm.obtain(this);\r
- }\r
-\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- if(symm==null) {\r
- String keyfile = getter.get(Config.CADI_KEYFILE, null, true);\r
- if(keyfile!=null) {\r
- FileInputStream fis = new FileInputStream(keyfile);\r
- symm=Symm.obtain(fis);\r
- fis.close();\r
- }\r
- }\r
- return (symm!=null && encrypted!=null && (anytext || encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object[] elements) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.io.IOException;\r
-import java.lang.reflect.Constructor;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import javax.servlet.Filter;\r
-import javax.servlet.FilterChain;\r
-import javax.servlet.FilterConfig;\r
-import javax.servlet.ServletException;\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.ServletResponse;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CadiWrap;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.ServletContextAccess;\r
-import org.onap.aaf.cadi.TrustChecker;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.Get;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-\r
-/**\r
- * CadiFilter\r
- * \r
- * This class implements Servlet Filter, and ties together CADI implementations\r
- * \r
- * This class can be used in a standard J2EE Servlet manner. Optimal usage is for POJO operations, where\r
- * one can enforce this Filter being first and primary. Depending on the Container, it \r
- * may be more effective, in some cases, to utilize features that allow earlier determination of \r
- * AUTHN (Authorization). An example would be "Tomcat Valve". These implementations, however, should\r
- * be modeled after the "init" and "doFilter" functions, and be kept up to date as this class changes.\r
- * \r
- * \r
- *\r
- */\r
-public class CadiFilter implements Filter {\r
- private static CadiHTTPManip httpChecker;\r
- private static String[] pathExceptions;\r
- private static List<Pair> mapPairs;\r
- private Access access;\r
- private Object[] additionalTafLurs;\r
- private static int count=0;\r
- \r
- public Lur getLur() {\r
- return httpChecker.getLur();\r
- }\r
- \r
- /**\r
- * Construct a viable Filter\r
- * \r
- * Due to the vagaries of many containers, there is a tendency to create Objects and call "Init" on \r
- * them at a later time. Therefore, this object creates with an object that denies all access\r
- * until appropriate Init happens, just in case the container lets something slip by in the meantime.\r
- * \r
- */\r
- public CadiFilter() {\r
- additionalTafLurs = CadiHTTPManip.noAdditional;\r
- }\r
-\r
- /**\r
- * This constructor to be used when directly constructing and placing in HTTP Engine\r
- * \r
- * @param access\r
- * @param moreTafLurs\r
- * @throws ServletException \r
- */\r
- public CadiFilter(Access access, Object ... moreTafLurs) throws ServletException {\r
- additionalTafLurs = moreTafLurs;\r
- init(new AccessGetter(this.access = access));\r
- }\r
-\r
-\r
- /**\r
- * Use this to pass in a PreContructed CADI Filter, but with initializing... let Servlet do it\r
- * @param init\r
- * @param access\r
- * @param moreTafLurs\r
- * @throws ServletException\r
- */\r
- public CadiFilter(boolean init, PropAccess access, Object ... moreTafLurs) throws ServletException {\r
- this.access = access;\r
- if(init) {\r
- init(new AccessGetter(access));\r
- }\r
- additionalTafLurs = moreTafLurs;\r
- }\r
-\r
- /**\r
- * Init\r
- * \r
- * Standard Filter "init" call with FilterConfig to obtain properties. POJOs can construct a\r
- * FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this\r
- * mechanism already.\r
- */\r
- //TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM Init functions\r
- public void init(FilterConfig filterConfig) throws ServletException {\r
- // need the Context for Logging, instantiating ClassLoader, etc\r
- ServletContextAccess sca=new ServletContextAccess(filterConfig); \r
- if(access==null) {\r
- access = sca;\r
- }\r
- \r
- // Set Protected getter with base Access, for internal class instantiations\r
- init(new FCGet(access, sca.context(), filterConfig));\r
- }\r
- \r
-\r
- private void init(Get getter) throws ServletException {\r
- // Start with the assumption of "Don't trust anyone".\r
- TrustChecker tc = TrustChecker.NOTRUST; // default position\r
- try {\r
- @SuppressWarnings("unchecked")\r
- Class<TrustChecker> ctc = (Class<TrustChecker>) Class.forName("com.att.cadi.aaf.v2_0.AAFTrustChecker");\r
- if(ctc!=null) {\r
- Constructor<TrustChecker> contc = ctc.getConstructor(Access.class);\r
- if(contc!=null) {\r
- tc = contc.newInstance(access);\r
- }\r
- }\r
- } catch (Exception e) {\r
- access.log(Level.INIT, "AAFTrustChecker cannot be loaded",e.getMessage());\r
- }\r
- \r
- \r
- // Synchronize, because some instantiations call init several times on the same object\r
- // In this case, the epiTaf will be changed to a non-NullTaf, and thus not instantiate twice.\r
- synchronized(CadiHTTPManip.noAdditional /*will always remain same Object*/) {\r
- ++count;\r
- if(httpChecker == null) {\r
- if(access==null) {\r
- access = new PropAccess();\r
- }\r
- try {\r
- httpChecker = new CadiHTTPManip(access,null /*reuseable Con*/,tc, additionalTafLurs);\r
- } catch (CadiException e1) {\r
- throw new ServletException(e1);\r
- }\r
- } else if(access==null) {\r
- access= httpChecker.getAccess();\r
- }\r
-\r
- /*\r
- * Setup Authn Path Exceptions\r
- */\r
- if(pathExceptions==null) {\r
- String str = getter.get(Config.CADI_NOAUTHN, null, true);\r
- if(str!=null) {\r
- pathExceptions = str.split("\\s*:\\s*");\r
- }\r
- }\r
- \r
- /* \r
- * SETUP Permission Converters... those that can take Strings from a Vendor Product, and convert to appropriate AAF Permissions\r
- */\r
- if(mapPairs==null) {\r
- String str = getter.get(Config.AAF_PERM_MAP, null, true);\r
- if(str!=null) {\r
- String mstr = getter.get(Config.AAF_PERM_MAP, null, true);\r
- if(mstr!=null) {\r
- String map[] = mstr.split("\\s*:\\s*");\r
- if(map.length>0) {\r
- MapPermConverter mpc=null;\r
- int idx;\r
- mapPairs = new ArrayList<Pair>();\r
- for(String entry : map) {\r
- if((idx=entry.indexOf('='))<0) { // it's a Path, so create a new converter\r
- access.log(Level.INIT,"Loading Perm Conversions for:",entry);\r
- mapPairs.add(new Pair(entry,mpc=new MapPermConverter()));\r
- } else {\r
- if(mpc!=null) {\r
- mpc.map().put(entry.substring(0,idx),entry.substring(idx+1));\r
- } else {\r
- access.log(Level.ERROR,"cadi_perm_map is malformed; ",entry, "is skipped");\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
-\r
- // Remove Getter\r
- getter = Get.NULL;\r
- }\r
-\r
- /**\r
- * Containers call "destroy" when time to cleanup \r
- */\r
- public void destroy() {\r
- // Synchronize, in case multiCadiFilters are used.\r
- synchronized(CadiHTTPManip.noAdditional) {\r
- if(--count<=0 && httpChecker!=null) {\r
- httpChecker.destroy();\r
- httpChecker=null;\r
- access=null;\r
- pathExceptions=null;\r
- }\r
- }\r
- }\r
-\r
- /**\r
- * doFilter\r
- * \r
- * This is the standard J2EE invocation. Analyze the request, modify response as necessary, and\r
- * only call the next item in the filterChain if request is suitably Authenticated.\r
- */\r
- //TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM functions\r
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {\r
- try {\r
- HttpServletRequest hreq = (HttpServletRequest)request;\r
- if(noAuthn(hreq)) {\r
- chain.doFilter(request, response);\r
- } else {\r
- HttpServletResponse hresp = (HttpServletResponse)response;\r
- TafResp tresp = httpChecker.validate(hreq, hresp);\r
- if(tresp.isAuthenticated()==RESP.IS_AUTHENTICATED) {\r
- CadiWrap cw = new CadiWrap(hreq, tresp, httpChecker.getLur(),getConverter(hreq));\r
- if(httpChecker.notCadi(cw, hresp)) {\r
- chain.doFilter(cw,response);\r
- }\r
- } \r
- }\r
- } catch (ClassCastException e) {\r
- throw new ServletException("CadiFilter expects Servlet to be an HTTP Servlet",e);\r
- }\r
- }\r
-\r
-\r
- /** \r
- * If PathExceptions exist, report if these should not have Authn applied.\r
- * @param hreq\r
- * @return\r
- */\r
- private boolean noAuthn(HttpServletRequest hreq) {\r
- if(pathExceptions!=null) {\r
- String pi = hreq.getPathInfo();\r
- if(pi==null) return false; // JBoss sometimes leaves null\r
- for(String pe : pathExceptions) {\r
- if(pi.startsWith(pe))return true;\r
- }\r
- }\r
- return false;\r
- }\r
- \r
- /**\r
- * Get Converter by Path\r
- */\r
- private PermConverter getConverter(HttpServletRequest hreq) {\r
- if(mapPairs!=null) {\r
- String pi = hreq.getPathInfo();\r
- if(pi!=null) {\r
- for(Pair p: mapPairs) {\r
- if(pi.startsWith(p.name))return p.pc;\r
- }\r
- }\r
- }\r
- return NullPermConverter.singleton();\r
- }\r
- \r
- /**\r
- * store PermConverters by Path prefix\r
- *\r
- */\r
- private class Pair {\r
- public Pair(String key, PermConverter pc) {\r
- name = key;\r
- this.pc = pc;\r
- }\r
- public String name;\r
- public PermConverter pc;\r
- }\r
-\r
-}\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.io.IOException;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CadiWrap;\r
-import org.onap.aaf.cadi.Connector;\r
-import org.onap.aaf.cadi.CredVal;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Taf;\r
-import org.onap.aaf.cadi.TrustChecker;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.util.UserChainManip;\r
-\r
-/**\r
- * Encapsulate common HTTP Manipulation Behavior. It will appropriately set\r
- * HTTPServletResponse for Redirect or Forbidden, as needed.\r
- * \r
- * Further, this is useful, because it avoids multiple creates of Connections, where some Filters\r
- * are created and destroyed regularly.\r
- * \r
- *\r
- *\r
- */\r
-public class CadiHTTPManip {\r
- private static final String ACCESS_CADI_CONTROL = ".access|cadi|control";\r
- private static final String METH = "OPTIONS";\r
- private static final String CADI = "/cadi/";\r
- private static final String CADI_CACHE_PRINT = "/cadi/cache/print";\r
- private static final String CADI_CACHE_CLEAR = "/cadi/cache/clear";\r
- private static final String CADI_LOG_SET = "/cadi/log/set/";\r
- private Access access;\r
- private HttpTaf taf;\r
- private CredVal up;\r
- private Lur lur;\r
- private String thisPerm,companyPerm,aaf_id;\r
- \r
- public static final Object[] noAdditional = new Object[0]; // CadiFilter can be created each call in some systems\r
-\r
-\r
- public CadiHTTPManip(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {\r
- synchronized(CADI) {\r
- this.access = access;\r
-// Get getter = new AccessGetter(access);\r
- Config.setDefaultRealm(access);\r
- \r
- aaf_id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_MECHID, null));\r
- if(aaf_id==null) {\r
- access.printf(Level.INIT, "%s is not set. %s can be used instead",Config.AAF_MECHID,Config.CADI_ALIAS);\r
- } else {\r
- access.printf(Level.INIT, "%s is set to %s",Config.AAF_MECHID,aaf_id);\r
- }\r
- String ns = aaf_id==null?null:UserChainManip.idToNS(aaf_id);\r
- if(ns!=null) {\r
- thisPerm = ns+ACCESS_CADI_CONTROL;\r
- int dot = ns.indexOf('.');\r
- if(dot>=0) {\r
- int dot2=ns.indexOf('.',dot+1);\r
- if(dot2<0) {\r
- dot2=dot;\r
- }\r
- companyPerm = ns.substring(0, dot2)+ACCESS_CADI_CONTROL;\r
- } else {\r
- companyPerm = "com"+ACCESS_CADI_CONTROL;\r
- }\r
- } else {\r
- thisPerm = companyPerm = "com"+ACCESS_CADI_CONTROL;\r
- }\r
- \r
- if(con!=null) { // try to reutilize connector\r
- List<Lur> ll = null;\r
- for(Object tl : additionalTafLurs) {\r
- if(tl instanceof Lur) {\r
- if(ll==null) {\r
- ll = new ArrayList<Lur>();\r
- ll.add(con.newLur());\r
- }\r
- ll.add((Lur)tl);\r
- }\r
- }\r
- if(ll==null) {\r
- lur = con.newLur();\r
- } else {\r
- lur = new EpiLur((Lur[])ll.toArray());\r
- }\r
- } else {\r
- lur = Config.configLur(access, additionalTafLurs);\r
- }\r
- tc.setLur(lur);\r
- if(lur instanceof EpiLur) {\r
- up = ((EpiLur)lur).getUserPassImpl();\r
- } else if(lur instanceof CredVal) {\r
- up = (CredVal)lur;\r
- } else {\r
- up = null;\r
- }\r
- taf = Config.configHttpTaf(access, tc, up, lur, additionalTafLurs);\r
- }\r
- }\r
-\r
- public TafResp validate(HttpServletRequest hreq, HttpServletResponse hresp) throws IOException {\r
- TafResp tresp = taf.validate(Taf.LifeForm.LFN, hreq, hresp);\r
- switch(tresp.isAuthenticated()) {\r
- case IS_AUTHENTICATED:\r
- access.printf(Level.INFO,"Authenticated: %s from %s:%d"\r
- , tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort());\r
- break;\r
- case TRY_AUTHENTICATING:\r
- switch (tresp.authenticate()) {\r
- case IS_AUTHENTICATED:\r
- access.printf(Level.INFO,"Authenticated: %s from %s:%d"\r
- , tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort());\r
- break;\r
- case HTTP_REDIRECT_INVOKED:\r
- access.log(Level.INFO,"Authenticating via redirection: ", tresp.desc());\r
- break;\r
- case NO_FURTHER_PROCESSING:\r
- access.printf(Level.AUDIT,"Authentication Failure: %s from %s:%d"\r
- , tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort());\r
- hresp.sendError(403, tresp.desc()); // Forbidden\r
- break;\r
-\r
- default:\r
- access.printf(Level.AUDIT,"No TAF will authorize for request from %s:%d"\r
- , hreq.getRemoteAddr(), hreq.getRemotePort());\r
- hresp.sendError(403, tresp.desc()); // Forbidden\r
- }\r
- break;\r
- case NO_FURTHER_PROCESSING:\r
- access.printf(Level.AUDIT,"Authentication Failure: %s from %s:%d", \r
- tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort());\r
- hresp.sendError(403, "Access Denied"); // FORBIDDEN\r
- break;\r
- default:\r
- access.printf(Level.AUDIT,"No TAF will authorize for request from %s:%d"\r
- , hreq.getRemoteAddr(), hreq.getRemotePort());\r
- hresp.sendError(403, "Access Denied"); // FORBIDDEN\r
- }\r
- return tresp;\r
- }\r
- \r
- public boolean notCadi(CadiWrap req, HttpServletResponse resp) {\r
- \r
- String pathInfo = req.getPathInfo();\r
- if(METH.equalsIgnoreCase(req.getMethod()) && pathInfo!=null && pathInfo.contains(CADI)) {\r
- if(req.getUser().equals(aaf_id) || req.isUserInRole(thisPerm) || req.isUserInRole(companyPerm)) {\r
- try {\r
- if(pathInfo.contains(CADI_CACHE_PRINT)) {\r
- resp.getOutputStream().println(lur.toString());\r
- resp.setStatus(200);\r
- return false;\r
- } else if(pathInfo.contains(CADI_CACHE_CLEAR)) {\r
- StringBuilder report = new StringBuilder();\r
- lur.clear(req.getUserPrincipal(), report);\r
- resp.getOutputStream().println(report.toString());\r
- resp.setStatus(200);\r
- return false;\r
- } else if(pathInfo.contains(CADI_LOG_SET)) {\r
- Level l;\r
- int slash = pathInfo.lastIndexOf('/');\r
- String level = pathInfo.substring(slash+1);\r
- try {\r
- l = Level.valueOf(level);\r
- access.printf(Level.AUDIT, "%s has set CADI Log Level to '%s'",req.getUser(),l.name());\r
- access.setLogLevel(l);\r
- } catch (IllegalArgumentException e) {\r
- access.printf(Level.AUDIT, "'%s' is not a valid CADI Log Level",level);\r
- }\r
- return false;\r
- }\r
- } catch (IOException e) {\r
- access.log(e);\r
- }\r
- }\r
- }\r
- return true;\r
- }\r
-\r
- public Lur getLur() {\r
- return lur;\r
- }\r
- \r
- public void destroy() {\r
- access.log(Level.INFO,"CadiHttpChecker destroyed.");\r
- if(lur!=null) {\r
- lur.destroy();\r
- lur=null;\r
- }\r
- }\r
-\r
- public Access getAccess() {\r
- return access;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import javax.servlet.FilterConfig;\r
-import javax.servlet.ServletContext;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Get;\r
-\r
-/*\r
- * A private method to query the Filter config and if not exists, return the default. This\r
- * cleans up the initialization code.\r
- */\r
-class FCGet implements Get {\r
- /**\r
- * \r
- */\r
- private final Access access;\r
- private FilterConfig filterConfig;\r
- private ServletContext context;\r
-\r
- public FCGet(Access access, ServletContext context, FilterConfig filterConfig) {\r
- this.access = access;\r
- this.context = context;\r
- this.filterConfig = filterConfig;\r
- }\r
-\r
- public String get(String name, String def, boolean print) {\r
- String str = null;\r
- // Try Server Context First\r
- if(context!=null) {\r
- str = context.getInitParameter(name);\r
- }\r
- \r
- // Try Filter Context next\r
- if(str==null && filterConfig != null) {\r
- str = filterConfig.getInitParameter(name);\r
- }\r
- \r
- if(str==null) {\r
- str = access.getProperty(name, def);\r
- }\r
- // Take def if nothing else\r
- if(str==null) {\r
- str = def;\r
- // don't log defaults\r
- } else {\r
- str = str.trim(); // this is vital in Property File based values, as spaces can hide easily\r
- if(print) {\r
- access.log(Level.INFO,"Setting", name, "to", str);\r
- }\r
- }\r
- return str;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.util.HashMap;\r
-import java.util.Map;\r
-\r
-public class MapPermConverter implements PermConverter {\r
- private HashMap<String,String> map;\r
-\r
- /**\r
- * Create with colon separated name value pairs\r
- * i.e. teAdmin=com.att.myNS.myPerm|*|*:teUser=...\r
- * \r
- * @param value\r
- */\r
- public MapPermConverter() {\r
- map = new HashMap<String,String>();\r
- }\r
-\r
- /**\r
- * use to instantiate entries \r
- * \r
- * @return\r
- */\r
- public Map<String,String> map() {\r
- return map;\r
- }\r
-\r
- public String convert(String minimal) {\r
- String rv = map.get(minimal);\r
- return rv==null?minimal:rv;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-\r
-/**\r
- * A NullPermConverter \r
- * \r
- * Obey the PermConverter Interface, but passed in "minimal" String is not converted.\r
- * \r
- *\r
- */\r
-public class NullPermConverter implements PermConverter {\r
-\r
- private NullPermConverter() {}\r
- private static final NullPermConverter singleton = new NullPermConverter();\r
- public static NullPermConverter singleton() {return singleton;}\r
-\r
- public String convert(String minimal) {\r
- return minimal;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.io.IOException;\r
-\r
-import javax.servlet.Filter;\r
-import javax.servlet.FilterChain;\r
-import javax.servlet.FilterConfig;\r
-import javax.servlet.ServletContext;\r
-import javax.servlet.ServletException;\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.ServletResponse;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-/**\r
- * PathFilter\r
- * \r
- * This class implements Servlet Filter, and uses AAF to validate access to a Path.\r
- * \r
- * This class can be used in a standard J2EE Servlet manner.\r
- * \r
- *\r
- */\r
-public class PathFilter implements Filter {\r
- private ServletContext context;\r
- private String aaf_type;\r
- private String not_authorized_msg;\r
- private final Log log;\r
-\r
- /**\r
- * Construct a viable Filter for installing in Container WEB.XML, etc.\r
- * \r
- */\r
- public PathFilter() {\r
- log = new Log() {\r
- public void info(String ... msg) {\r
- context.log(build("INFO:",msg));\r
- }\r
- public void audit(String ... msg) {\r
- context.log(build("AUDIT:",msg));\r
- }\r
- private String build(String type, String []msg) {\r
- StringBuilder sb = new StringBuilder(type);\r
- for(String s : msg) {\r
- sb.append(' ');\r
- sb.append(s);\r
- }\r
- return sb.toString();\r
- }\r
- \r
- };\r
- }\r
- \r
- /**\r
- * Filter that can be constructed within Java\r
- * @param access\r
- */\r
- public PathFilter(final Access access) {\r
- log = new Log() {\r
- public void info(String ... msg) {\r
- access.log(Level.INFO, (Object[])msg);\r
- }\r
- public void audit(String ... msg) {\r
- access.log(Level.AUDIT, (Object[])msg);\r
- }\r
- };\r
- }\r
- \r
- /**\r
- * Init\r
- * \r
- * Standard Filter "init" call with FilterConfig to obtain properties. POJOs can construct a\r
- * FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this\r
- * mechanism already.\r
- */\r
- public void init(FilterConfig filterConfig) throws ServletException {\r
- // need the Context for Logging, instantiating ClassLoader, etc\r
- context = filterConfig.getServletContext();\r
- StringBuilder sb = new StringBuilder();\r
- StringBuilder err = new StringBuilder(); \r
- Object attr = context.getAttribute(Config.PATHFILTER_NS);\r
- if(attr==null) {\r
- err.append("PathFilter - pathfilter_ns is not set");\r
- } else {\r
- sb.append(attr.toString()); \r
- }\r
-\r
- attr = context.getAttribute(Config.PATHFILTER_STACK);\r
- if(attr==null) {\r
- log.info("PathFilter - No pathfilter_stack set, ignoring");\r
- } else {\r
- sb.append('.');\r
- sb.append(attr.toString());\r
- }\r
-\r
- attr = context.getAttribute(Config.PATHFILTER_URLPATTERN);\r
- if(attr==null) {\r
- log.info("PathFilter - No pathfilter_urlpattern set, defaulting to 'urlpattern'");\r
- sb.append(".urlpattern");\r
- } else {\r
- sb.append('.');\r
- sb.append(attr.toString());\r
- }\r
-\r
- log.info("PathFilter - AAF Permission Type is",sb.toString());\r
- \r
- sb.append('|');\r
- \r
- aaf_type = sb.toString();\r
-\r
- attr = context.getAttribute(Config.PATHFILTER_NOT_AUTHORIZED_MSG);\r
- if(attr==null) {\r
- not_authorized_msg = "Forbidden - Not Authorized to access this Path";\r
- } else {\r
- not_authorized_msg = attr.toString();\r
- }\r
-\r
- if(err.length()>0) {\r
- throw new ServletException(err.toString());\r
- }\r
- }\r
-\r
- private interface Log {\r
- public void info(String ... msg);\r
- public void audit(String ... msg);\r
- }\r
-\r
- /**\r
- * doFilter\r
- * \r
- * This is the standard J2EE invocation. Analyze the request, modify response as necessary, and\r
- * only call the next item in the filterChain if request is suitably Authenticated.\r
- */\r
- //TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM functions\r
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {\r
- HttpServletRequest hreq = (HttpServletRequest)request;\r
- HttpServletResponse hresp = (HttpServletResponse)response;\r
- String perm = aaf_type+hreq.getPathInfo()+'|'+hreq.getMethod();\r
- if(hreq.isUserInRole(perm)) {\r
- chain.doFilter(request, response);\r
- } else {\r
- log.audit("PathFilter has denied",hreq.getUserPrincipal().getName(),"access to",perm);\r
- hresp.sendError(403,not_authorized_msg);\r
- }\r
- }\r
-\r
- /**\r
- * Containers call "destroy" when time to cleanup \r
- */\r
- public void destroy() {\r
- log.info("PathFilter destroyed.");\r
- }\r
-\r
-\r
-\r
-}\r
-\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-/**\r
- * Convert a simplistic, single string Permission into an Enterprise Scoped Perm\r
- * \r
- *\r
- */\r
-public interface PermConverter {\r
- public String convert(String minimal);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-/**\r
- * RolesAllowed \r
- * \r
- * \r
- * Similar to Java EE's Spec from Annotations 1.1, 2.8\r
- * \r
- * That Spec, however, was geared towards being able to route calls to Methods on Objects, and thus needed a more refined\r
- * sense of permissions hierarchy. The same mechanism, however, can easily be achieved on single Servlet/Handlers in\r
- * POJOs like Jetty by simply adding the Roles Allowed in a similar Annotation\r
- * \r
- */\r
-package org.onap.aaf.cadi.filter;\r
-import static java.lang.annotation.ElementType.TYPE;\r
-import static java.lang.annotation.RetentionPolicy.RUNTIME;\r
-\r
-import java.lang.annotation.Retention;\r
-import java.lang.annotation.Target;\r
-\r
-/**\r
- * JASPI Style Annotation of RolesAllowed when the coding style is desired but actually including all \r
- * JEE jars is not. If using actual JASPI, use official @interface classes, not this one...\r
- * \r
- */\r
-@Target({TYPE})\r
-@Retention(RUNTIME)\r
-public @interface RolesAllowed {\r
- /**\r
- * Security role of the implementation, which doesn't have to be an EJB or CORBA like object. Can be just a\r
- * Handler\r
- * @return\r
- */\r
- String[] value();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-/**\r
- * RolesAllowed \r
- * \r
- * \r
- * Similar to Java EE's Spec from Annotations 1.1, 2.8\r
- * \r
- * That Spec, however, was geared towards being able to route calls to Methods on Objects, and thus needed a more refined\r
- * sense of permissions hierarchy. The same mechanism, however, can easily be achieved on single Servlet/Handlers in\r
- * POJOs like Jetty by simply adding the Roles Allowed in a similar Annotation\r
- * \r
- */\r
-package org.onap.aaf.cadi.filter;\r
-import static java.lang.annotation.ElementType.TYPE;\r
-import static java.lang.annotation.RetentionPolicy.RUNTIME;\r
-\r
-import java.lang.annotation.Retention;\r
-import java.lang.annotation.Target;\r
-\r
-import javax.servlet.Servlet;\r
-\r
-/**\r
- * \r
- */\r
-@Target({TYPE})\r
-@Retention(RUNTIME)\r
-public @interface ServletImpl {\r
- /**\r
- * Security role of the implementation, which doesn't have to be an EJB or CORBA like object. Can be just a\r
- * Handler\r
- * @return\r
- */\r
- Class<? extends Servlet> value();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.GetCred;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-public class ConfigPrincipal implements Principal, GetCred {\r
- private String name;\r
- private byte[] cred;\r
- private String content;\r
-\r
- public ConfigPrincipal(String name, String passwd) {\r
- this.name = name;\r
- this.cred = passwd.getBytes();\r
- content = null;\r
- }\r
-\r
- public ConfigPrincipal(String name, byte[] cred) {\r
- this.name = name;\r
- this.cred = cred;\r
- content = null;\r
- }\r
-\r
- public String getName() {\r
- return name;\r
- }\r
- \r
- public byte[] getCred() {\r
- return cred;\r
- }\r
-\r
- public String toString() {\r
- return name;\r
- }\r
- \r
- public String getAsBasicAuthHeader() throws IOException {\r
- if(content ==null) {\r
- String s = name + ':' + new String(cred);\r
- content = "Basic " + Symm.base64.encode(s); \r
- } else if(!content.startsWith("Basic ")) { // content is the saved password from construction\r
- String s = name + ':' + content;\r
- content = "Basic " + Symm.base64.encode(s); \r
- }\r
- return content;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import java.security.Principal;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.CachingLur;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CredVal;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Permission;\r
-\r
-/**\r
- * EpiLUR\r
- * \r
- * Short for "Epic LUR". Be able to run through a series of LURs to obtain the validation needed.\r
- * \r
- * The pun is better for the other pattern... "TAF" (aka EpiTaf), but it's still the larger picture of \r
- * LURs that will be accomplished.\r
- * \r
- * FYI, the reason we separate LURs, rather than combine, is that Various User Repository Resources have\r
- * different Caching requirements. For instance, the Local User Repo (with stand alone names), never expire, but might be\r
- * refreshed with a change in Configuration File, while the Remote Service based LURs will need to expire at prescribed intervals \r
- * \r
- *\r
- */\r
-public final class EpiLur implements Lur {\r
- private final Lur[] lurs;\r
- \r
- /**\r
- * EpiLur constructor\r
- * \r
- * Construct the EpiLur from variable TAF parameters\r
- * @param lurs\r
- * @throws CadiException\r
- */\r
- public EpiLur(Lur ... lurs) throws CadiException{\r
- this.lurs = lurs;\r
- if(lurs.length==0) throw new CadiException("Need at least one Lur implementation in constructor");\r
- }\r
-\r
- public boolean fish(Principal bait, Permission pond) {\r
- if(pond==null) {\r
- return false;\r
- }\r
- boolean rv = false;\r
- Lur lur;\r
- for(int i=0;!rv && i<lurs.length;++i) {\r
- rv = (lur = lurs[i]).fish(bait, pond);\r
- if(!rv && lur.handlesExclusively(pond)) break;\r
- }\r
- return rv;\r
- }\r
-\r
- public void fishAll(Principal bait, List<Permission> permissions) {\r
- for(Lur lur : lurs) {\r
- lur.fishAll(bait, permissions);\r
- }\r
- }\r
-\r
- public void destroy() {\r
- for(Lur lur : lurs) {\r
- lur.destroy();\r
- }\r
- }\r
-\r
- /**\r
- * Return the first Lur (if any) which also implements UserPass \r
- * @return\r
- */\r
- public CredVal getUserPassImpl() {\r
- for(Lur lur : lurs) {\r
- if(lur instanceof CredVal) {\r
- return (CredVal)lur;\r
- }\r
- }\r
- return null;\r
- }\r
-\r
- // Never needed... Only EpiLur uses...\r
- public boolean handlesExclusively(Permission pond) {\r
- return false;\r
- }\r
- \r
- /**\r
- * Get Lur for index. Returns null if out of range\r
- * @param idx\r
- * @return\r
- */\r
- public Lur get(int idx) {\r
- if(idx>=0 && idx<lurs.length) {\r
- return lurs[idx];\r
- }\r
- return null;\r
- }\r
-\r
- public boolean supports(String userName) {\r
- for(Lur l : lurs) {\r
- if(l.supports(userName))return true;\r
- }\r
- return false;\r
- }\r
-\r
- public void remove(String id) {\r
- for(Lur l : lurs) {\r
- if(l instanceof CachingLur) {\r
- ((CachingLur<?>)l).remove(id);\r
- }\r
- }\r
- }\r
- \r
- public Lur subLur(Class<? extends Lur> cls ) {\r
- for(Lur l : lurs) {\r
- if(l.getClass().isAssignableFrom(cls)) {\r
- return l;\r
- }\r
- }\r
- return null;\r
- }\r
-\r
- @Override\r
- public Permission createPerm(String p) {\r
- return new LocalPermission(p);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Lur#clear(java.security.Principal, java.lang.StringBuilder)\r
- */\r
- @Override\r
- public void clear(Principal p, StringBuilder report) {\r
- for(Lur lur : lurs) {\r
- lur.clear(p, report);\r
- }\r
- }\r
- \r
- public String toString() {\r
- StringBuilder sb = new StringBuilder();\r
- for(Lur lur : lurs) {\r
- sb.append(lur.getClass().getSimpleName());\r
- sb.append(": Report\n");\r
- sb.append(lur.toString());\r
- sb.append('\n');\r
- }\r
- return sb.toString();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.Set;\r
-import java.util.TreeSet;\r
-\r
-import org.onap.aaf.cadi.AbsUserCache;\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CredVal;\r
-import org.onap.aaf.cadi.Hash;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.StrLur;\r
-import org.onap.aaf.cadi.User;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-\r
-/**\r
- * An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms.\r
- * \r
- *\r
- */\r
-public final class LocalLur extends AbsUserCache<LocalPermission> implements StrLur, CredVal {\r
- public static final String SEMI = "\\s*;\\s*";\r
- public static final String COLON = "\\s*:\\s*";\r
- public static final String COMMA = "\\s*,\\s*";\r
- public static final String PERCENT = "\\s*%\\s*";\r
- \r
- // Use to quickly determine whether any given group is supported by this LUR\r
- private final Set<String> supportingGroups;\r
- private String supportedRealm; \r
- \r
- /**\r
- * Construct by building structure, see "build"\r
- * \r
- * Reconstruct with "build"\r
- * \r
- * @param userProperty\r
- * @param groupProperty\r
- * @param decryptor\r
- * @throws IOException\r
- */\r
- public LocalLur(Access access, String userProperty, String groupProperty) throws IOException {\r
- super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire\r
- supportedRealm = access.getProperty(Config.BASIC_REALM, "localized");\r
- supportingGroups = new TreeSet<String>();\r
- \r
- if(userProperty!=null) {\r
- // For each User name...\r
- for(String user : userProperty.trim().split(SEMI)) {\r
- String[] us = user.split(COLON,2);\r
- String[] userpass = us[0].split(PERCENT,2);\r
- String u;\r
- User<LocalPermission> usr;\r
- if(userpass.length>1) {\r
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {\r
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());\r
- }\r
-\r
- u = userpass[0];\r
- byte[] pass = access.decrypt(userpass[1], true).getBytes();\r
- usr = new User<LocalPermission>(new ConfigPrincipal(u, pass));\r
- } else {\r
- u = us[0];\r
- usr = new User<LocalPermission>(new ConfigPrincipal(u, (byte[])null));\r
- }\r
- addUser(usr);\r
- access.log(Level.INIT, "Local User:",usr.principal);\r
- \r
- if(us.length>1) {\r
- Map<String, Permission> newMap = usr.newMap();\r
- for(String group : us[1].split(COMMA)) {\r
- supportingGroups.add(group);\r
- usr.add(newMap,new LocalPermission(group));\r
- }\r
- usr.setMap(newMap);\r
- }\r
- }\r
- }\r
- if(groupProperty!=null) {\r
- // For each Group name...\r
- for(String group : groupProperty.trim().split(SEMI)) {\r
- String[] gs = group.split(COLON,2);\r
- if(gs.length>1) {\r
- supportingGroups.add(gs[0]);\r
- LocalPermission p = new LocalPermission(gs[0]);\r
- // Add all users (known by comma separators) \r
- \r
- for(String grpMem : gs[1].split(COMMA)) {\r
- // look for password, if so, put in passMap\r
- String[] userpass = grpMem.split(PERCENT,2);\r
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {\r
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());\r
- }\r
- User<LocalPermission> usr = getUser(userpass[0]);\r
- if(userpass.length>1) {\r
- byte[] pass = access.decrypt(userpass[1], true).getBytes();\r
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],pass)));\r
- else usr.principal=new ConfigPrincipal(userpass[0],pass);\r
- } else {\r
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],(byte[])null)));\r
- }\r
- usr.add(p);\r
- access.log(Level.INIT, "Local User:",usr.principal);\r
- }\r
- }\r
- }\r
- }\r
- }\r
- \r
- public boolean validate(String user, CredVal.Type type, byte[] cred) {\r
- User<LocalPermission> usr = getUser(user);\r
- switch(type) {\r
- case PASSWORD:\r
- // covers null as well as bad pass\r
- if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) {\r
- return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred());\r
- }\r
- break;\r
- }\r
- return false;\r
- }\r
-\r
- // @Override\r
- public boolean fish(Principal bait, Permission pond) {\r
- if(supports(bait.getName()) && pond instanceof LocalPermission) { // local Users only have LocalPermissions\r
- User<LocalPermission> user = getUser(bait);\r
- return user==null?false:user.contains((LocalPermission)pond);\r
- }\r
- return false;\r
- }\r
-\r
- public boolean fish(String bait, Permission pond) {\r
- if(supports(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions\r
- User<LocalPermission> user = getUser(bait);\r
- return user==null?false:user.contains((LocalPermission)pond);\r
- }\r
- return false;\r
- }\r
-\r
- // We do not want to expose the actual Group, so make a copy.\r
- public void fishAll(Principal bait, List<Permission> perms) {\r
- if(supports(bait.getName())) {\r
- User<LocalPermission> user = getUser(bait);\r
- if(user!=null) {\r
- user.copyPermsTo(perms);\r
- }\r
- }\r
- }\r
-\r
- public void fishAll(String bait, List<Permission> perms) {\r
- if(supports(bait)) {\r
- User<LocalPermission> user = getUser(bait);\r
- if(user!=null) {\r
- user.copyPermsTo(perms);\r
- }\r
- }\r
- }\r
-\r
- public boolean supports(String userName) {\r
- return userName!=null && userName.endsWith(supportedRealm);\r
- }\r
-\r
- public boolean handlesExclusively(Permission pond) {\r
- return supportingGroups.contains(pond.getKey());\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Lur#createPerm(java.lang.String)\r
- */\r
- @Override\r
- public Permission createPerm(String p) {\r
- return new LocalPermission(p);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import org.onap.aaf.cadi.Permission;\r
-\r
-public class LocalPermission implements Permission {\r
- private String key;\r
- \r
- public LocalPermission(String role) {\r
- this.key = role;\r
- }\r
- \r
- public String getKey() {\r
- return key;\r
- }\r
-\r
- public String toString() {\r
- return key;\r
- }\r
-\r
- public boolean match(Permission p) {\r
- return key.equals(p.getKey());\r
- }\r
-\r
- public String permType() {\r
- return "LOCAL";\r
- }\r
- \r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import java.security.Principal;\r
-import java.util.List;\r
-\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Permission;\r
-\r
-public class NullLur implements Lur {\r
- private static final Permission NULL = new Permission() {\r
- @Override\r
- public String permType() {\r
- return "";\r
- }\r
-\r
- @Override\r
- public String getKey() {\r
- return "";\r
- }\r
-\r
- @Override\r
- public boolean match(Permission p) {\r
- return false;\r
- }};\r
-\r
- public boolean fish(Principal bait, Permission pond) {\r
- // Well, for Jenkins, this is ok... It finds out it can't do J2EE Security, and then looks at it's own\r
-// System.err.println("CADI's LUR has not been configured, but is still being called. Access is being denied");\r
- return false;\r
- }\r
-\r
- public void fishAll(Principal bait, List<Permission> permissions) {\r
- }\r
-\r
- public void destroy() {\r
- }\r
-\r
- public boolean handlesExclusively(Permission pond) {\r
- return false;\r
- }\r
-\r
- public boolean supports(String userName) {\r
- return false;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Lur#createPerm(java.lang.String)\r
- */\r
- @Override\r
- public Permission createPerm(String p) {\r
- return NULL;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.Lur#clear(java.security.Principal, java.lang.StringBuilder)\r
- */\r
- @Override\r
- public void clear(Principal p, StringBuilder report) {\r
- report.append(NullLur.class.getSimpleName());\r
- report.append('\n');\r
- }\r
- \r
- public String toString() {\r
- return NullLur.class.getSimpleName() + '\n';\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.io.OutputStream;\r
-import java.util.Date;\r
-\r
-import org.onap.aaf.cadi.BasicCred;\r
-import org.onap.aaf.cadi.GetCred;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-public class BasicPrincipal extends BearerPrincipal implements GetCred {\r
- private static byte[] basic = "Basic ".getBytes();\r
-\r
- private String name = null;\r
- private String shortName = null;\r
- private byte[] cred = null;\r
- \r
- private long created;\r
-\r
- public BasicPrincipal(String content,String domain) throws IOException {\r
- created = System.currentTimeMillis();\r
- ByteArrayInputStream bis = new ByteArrayInputStream(content.getBytes());\r
- // Read past "Basic ", ensuring it starts with it.\r
- for(int i=0;i<basic.length;++i) {\r
- if(bis.read()!=basic[i]) {\r
- name=content;\r
- cred = null;\r
- return;\r
- }\r
- }\r
- BasicOS bos = new BasicOS(content.length());\r
- Symm.base64.decode(bis,bos); // note: writes directly to name until ':'\r
- if(name==null) throw new IOException("Invalid Coding");\r
- else cred = bos.toCred();\r
- int at;\r
- if((at=name.indexOf('@'))>0) {\r
- domain=name.substring(at+1);\r
- shortName=name.substring(0, at);\r
- } else {\r
- shortName = name;\r
- name = name + '@' + domain;\r
- }\r
- }\r
- \r
- public BasicPrincipal(BasicCred bc, String domain) {\r
- name = bc.getUser();\r
- cred = bc.getCred();\r
- }\r
-\r
- private class BasicOS extends OutputStream {\r
- private boolean first = true;\r
- private ByteArrayOutputStream baos;\r
- \r
- public BasicOS(int size) {\r
- baos = new ByteArrayOutputStream(size);\r
- }\r
-\r
- @Override\r
- public void write(int b) throws IOException {\r
- if(b==':' && first) {\r
- first = false;\r
- name = new String(baos.toByteArray());\r
- baos.reset(); // \r
- } else {\r
- baos.write(b);\r
- }\r
- }\r
- \r
- private byte[] toCred() {\r
- return baos.toByteArray();\r
- }\r
- }\r
- \r
- public String getName() {\r
- return name;\r
- }\r
- \r
- public String getShortName() {\r
- return shortName;\r
- }\r
- \r
- public byte[] getCred() {\r
- return cred;\r
- }\r
- \r
- public long created() {\r
- return created;\r
- }\r
-\r
- public String toString() {\r
- return "Basic Authorization for " + name + " evaluated on " + new Date(created).toString();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.security.Principal;\r
-\r
-public abstract class BearerPrincipal implements Principal {\r
- private String bearer = null;\r
- public BearerPrincipal setBearer(String bearer) {\r
- this.bearer = bearer;\r
- return this;\r
- }\r
- public String getBearer() {\r
- return bearer;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.security.Principal;\r
-\r
-/**\r
- * Indicate a CSP Principal that is trusted as a CSPPrincipal. \r
- *\r
- */\r
-public interface CSPPrincipal_T extends Principal {\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.io.IOException;\r
-\r
-import org.onap.aaf.cadi.BasicCred;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-\r
-/**\r
- * Cached Principals need to be able to revalidate in the Background\r
- * \r
- *\r
- */\r
-public class CachedBasicPrincipal extends BasicPrincipal implements CachedPrincipal {\r
- private final HttpTaf creator;\r
- private long timeToLive;\r
- private long expires;\r
-\r
- public CachedBasicPrincipal(HttpTaf creator, BasicCred bc, String domain, long timeToLive) {\r
- super(bc, domain);\r
- this.creator = creator;\r
- this.timeToLive = timeToLive;\r
- expires = System.currentTimeMillis()+timeToLive;\r
- }\r
- \r
- public CachedBasicPrincipal(HttpTaf creator, String content, String domain, long timeToLive) throws IOException {\r
- super(content, domain);\r
- this.creator = creator;\r
- this.timeToLive = timeToLive;\r
- expires = System.currentTimeMillis()+timeToLive;\r
- }\r
-\r
- public CachedPrincipal.Resp revalidate() {\r
- Resp resp = creator.revalidate(this);\r
- if(resp.equals(Resp.REVALIDATED))expires = System.currentTimeMillis()+timeToLive;\r
- return resp;\r
- }\r
-\r
- public long expires() {\r
- return expires;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-public class TGuardPrincipal extends BearerPrincipal {\r
-\r
- private String name, tresp;\r
-\r
- public TGuardPrincipal(String tresp) {\r
- this.tresp=tresp;\r
- }\r
-\r
- /**\r
- * TODO Need to figure out what Organizations TGuard entities should be part of. \r
- * \r
- */\r
- public String getName() {\r
- if(name==null) {\r
- String temp = get("iv-user");\r
- if(temp==null)return null;\r
- StringBuilder sb = new StringBuilder();\r
- int at = temp.indexOf('@');\r
- if(at<0) {\r
- sb.append(temp);\r
- } else {\r
- sb.append(temp.substring(0, at));\r
- }\r
- if(temp.endsWith("@uverse.com"))sb.append("@uverse.tguard.att.com");\r
- else if(temp.endsWith("@att.com"))sb.append("@com.tguard.att.com");\r
- else if(temp.endsWith("@att.net"))sb.append("@net.tguard.att.com");\r
- else sb.append("@tguard.att.com");\r
- name = sb.toString();\r
- }\r
- return name;\r
- }\r
-\r
- /**\r
- * Get a value from a named TGuard Property\r
- * \r
- * TGuard response info is very dynamic. They can add new properties at any time, so we dare not code field names for these values.\r
- * @param key\r
- * @return\r
- */\r
- public String get(String key) {\r
- if(key==null)return null;\r
- int idx=0,equal=0,amp=0;\r
- while(idx>=0 && (equal = tresp.indexOf('=',idx))>=0) {\r
- amp = tresp.indexOf('&',equal);\r
- if(key.regionMatches(0, tresp, idx, equal-idx)) {\r
- return amp>=0?tresp.substring(equal+1, amp):tresp.substring(equal+1); \r
- }\r
- idx=amp+(amp>0?1:0);\r
- }\r
- return null;\r
- }\r
-\r
- public String info() {\r
- return tresp;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.security.Principal;\r
-\r
-/**\r
- * Indicate a TGuard Principal that is trusted as a TGuardPrincipal. \r
- *\r
- */\r
-public interface TGuardPrincipal_T extends Principal {\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.UserChain;\r
-\r
-public class TrustPrincipal extends BearerPrincipal implements UserChain {\r
- private final String name;\r
- private final Principal original;\r
- private String userChain;\r
- \r
- public TrustPrincipal(final Principal actual, final String asName) {\r
- this.original = actual;\r
- name = asName.trim();\r
- if(actual instanceof UserChain) {\r
- UserChain uc = (UserChain)actual;\r
- userChain = uc.userChain();\r
- } else if(actual instanceof X509Principal) {\r
- userChain="x509";\r
- } else if(actual instanceof BasicPrincipal) {\r
- userChain="BAth";\r
- } else {\r
- userChain = actual.getClass().getSimpleName();\r
- }\r
- }\r
- \r
- @Override\r
- public String getName() {\r
- return name;\r
- }\r
- \r
- public String getOrigName() {\r
- return original.getName() + '[' + userChain + ']';\r
- }\r
-\r
- @Override\r
- public String userChain() {\r
- return userChain;\r
- }\r
- \r
- public Principal original() {\r
- return original;\r
- }\r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.principal;\r
-\r
-import java.io.IOException;\r
-import java.security.cert.CertificateEncodingException;\r
-import java.security.cert.X509Certificate;\r
-import java.util.regex.Pattern;\r
-\r
-import org.onap.aaf.cadi.GetCred;\r
-\r
-public class X509Principal extends BearerPrincipal implements GetCred {\r
- private static final Pattern pattern = Pattern.compile("[a-zA-Z0-9]*\\@[a-zA-Z0-9.]*");\r
- private byte[] content; \r
- private X509Certificate cert;\r
- private String name;\r
-\r
- public X509Principal(String identity, X509Certificate cert, byte[] content) {\r
- name = identity;\r
- this.content = content;\r
- this.cert = cert;\r
- }\r
- \r
- public X509Principal(X509Certificate cert, byte[] content) throws IOException {\r
- this.content=content;\r
- this.cert = cert;\r
- String subj = cert.getSubjectDN().getName();\r
- int cn = subj.indexOf("OU=");\r
- if(cn>=0) {\r
- cn+=3;\r
- int space = subj.indexOf(',',cn);\r
- if(space>=0) {\r
- String id = subj.substring(cn, space);\r
- if(pattern.matcher(id).matches()) {\r
- name = id;\r
- }\r
- }\r
- }\r
- if(name==null)\r
- throw new IOException("X509 does not have Identity as CN");\r
- \r
- }\r
- \r
- \r
- public String getAsHeader() throws IOException {\r
- try {\r
- if(content==null) \r
- content=cert.getEncoded();\r
- } catch (CertificateEncodingException e) {\r
- throw new IOException(e);\r
- }\r
- return "X509 " + content;\r
- }\r
- \r
- public String toString() {\r
- return "X509 Authentication for " + name;\r
- }\r
-\r
-\r
- public byte[] getCred() {\r
- try {\r
- return content==null?(content=cert.getEncoded()):content;\r
- } catch (CertificateEncodingException e) {\r
- return null;\r
- }\r
- }\r
-\r
-\r
- public String getName() {\r
- return name;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-\r
-/**\r
- * AbsTafResp\r
- * \r
- * Base class for TafResp (TAF Response Objects)\r
- *\r
- */\r
-public abstract class AbsTafResp implements TafResp {\r
-\r
- protected final String desc;\r
- protected final Principal principal;\r
- protected final Access access;\r
-\r
- /**\r
- * AbsTafResp\r
- * \r
- * Set and hold\r
- * Description (for logging)\r
- * Principal (as created by derived class)\r
- * Access (for access to underlying container, i.e. for Logging, auditing, ClassLoaders, etc)\r
- * \r
- * @param access\r
- * @param principal\r
- * @param description\r
- */\r
- public AbsTafResp(Access access, Principal principal, String description) {\r
- this.access = access;\r
- this.principal = principal;\r
- this.desc = description;\r
- }\r
-\r
- /**\r
- * isValid()\r
- * \r
- * Respond in the affirmative if the TAF was able to Authenticate\r
- */\r
- public boolean isValid() {\r
- return principal!=null;\r
- }\r
-\r
- /**\r
- * desc()\r
- * \r
- * Respond with description of response as given by the TAF \r
- */\r
- public String desc() {\r
- return desc;\r
- }\r
-\r
- /**\r
- * isAuthenticated()\r
- * \r
- * Respond with the TAF's code of whether Authenticated, or suggested next steps\r
- * default is either IS_AUTHENTICATED, or TRY_ANOTHER_TAF. The TAF can overload\r
- * and suggest others, such as "NO_FURTHER_PROCESSING", if it can detect that this\r
- * is some sort of security breach (i.e. Denial of Service) \r
- */\r
- public RESP isAuthenticated() {\r
- return principal==null?RESP.TRY_ANOTHER_TAF:RESP.IS_AUTHENTICATED;\r
- }\r
-\r
- /**\r
- * getPrincipal()\r
- * \r
- * Return the principal created by the TAF based on Authentication. \r
- * \r
- * Returns "null" if Authentication failed (no principal)\r
- */\r
- public Principal getPrincipal() {\r
- return principal;\r
- }\r
-\r
- /**\r
- * getAccess()\r
- * \r
- * Get the Access object from the TAF, so that appropriate Logging, etc can be coordinated.\r
- */\r
- public Access getAccess() {\r
- return access;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.taf.TafResp#isFailedAttempt()\r
- */\r
- public boolean isFailedAttempt() {\r
- return false;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Taf;\r
-\r
-/**\r
- * EpiTAF\r
- * \r
- * Short for "Epic TAF". Be able to run through a series of TAFs to obtain the validation needed.\r
- * \r
- * OK, the name could probably be better as "Tafs", like it was originally, but the pun was too\r
- * irresistible for this author to pass up.\r
- * \r
- *\r
- */\r
-public class EpiTaf implements Taf {\r
- private Taf[] tafs;\r
- \r
- /**\r
- * EpiTaf constructor\r
- * \r
- * Construct the EpiTaf from variable TAF parameters\r
- * @param tafs\r
- * @throws CadiException\r
- */\r
- public EpiTaf(Taf ... tafs) throws CadiException{\r
- this.tafs = tafs;\r
- if(tafs.length==0) throw new CadiException("Need at least one Taf implementation in constructor");\r
- }\r
-\r
- /**\r
- * validate\r
- * \r
- * Respond with the first TAF to authenticate user based on variable info and "LifeForm" (is it \r
- * a human behind an interface, or a server behind a protocol).\r
- * \r
- * If there is no TAF that can authenticate, respond with the first TAF that suggests it can\r
- * establish an Authentication conversation (TRY_AUTHENTICATING).\r
- * \r
- * If no TAF declares either, respond with NullTafResp (which denies all questions)\r
- */\r
- public TafResp validate(LifeForm reading, String... info) {\r
- TafResp tresp,firstTryAuth=null;\r
- for(Taf taf : tafs) {\r
- tresp = taf.validate(reading, info);\r
- switch(tresp.isAuthenticated()) {\r
- case TRY_ANOTHER_TAF:\r
- break;\r
- case TRY_AUTHENTICATING:\r
- if(firstTryAuth==null)firstTryAuth=tresp;\r
- break;\r
- default:\r
- return tresp;\r
- }\r
- }\r
-\r
- // No TAFs configured, at this point. It is safer at this point to be "not validated", \r
- // rather than "let it go"\r
- return firstTryAuth == null?NullTafResp.singleton():firstTryAuth;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.net.URI;\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.TrustChecker;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.Taf.LifeForm;\r
-\r
-/**\r
- * HttpEpiTaf\r
- * \r
- * An extension of the basic "EpiTAF" concept, check known HTTP Related TAFs for valid credentials\r
- * \r
- *\r
- */\r
-public class HttpEpiTaf implements HttpTaf {\r
- private HttpTaf[] tafs;\r
- private Access access;\r
- private Locator<URI> locator;\r
- private TrustChecker trustChecker;\r
- \r
- /**\r
- * HttpEpiTaf constructor\r
- * \r
- * Construct the HttpEpiTaf from variable Http specific TAF parameters\r
-\r
- * @param tafs\r
- * @throws CadiException\r
- */\r
- public HttpEpiTaf(Access access, Locator<URI> locator, TrustChecker tc, HttpTaf ... tafs) throws CadiException{\r
- this.tafs = tafs;\r
- this.access = access;\r
- this.locator = locator;\r
- this.trustChecker = tc;\r
- // Establish what Header Property to look for UserChain/Trust Props \r
-// trustChainProp = access.getProperty(Config.CADI_TRUST_PROP, Config.CADI_TRUST_PROP_DEFAULT);\r
-\r
- if(tafs.length==0) throw new CadiException("Need at least one HttpTaf implementation in constructor");\r
- }\r
-\r
- /**\r
- * validate\r
- * \r
- * Respond with the first Http specific TAF to authenticate user based on variable info \r
- * and "LifeForm" (is it a human behind a browser, or a server utilizing HTTP Protocol).\r
- * \r
- * If there is no HttpTAF that can authenticate, respond with the first TAF that suggests it can\r
- * establish an Authentication conversation (TRY_AUTHENTICATING) (Examples include a redirect to CSP\r
- * Servers for CSP Cookie, or BasicAuth 401 response, suggesting User/Password for given Realm \r
- * submission\r
- * \r
- * If no TAF declares either, respond with NullTafResp (which denies all questions)\r
- */\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- // Given a LifeForm Neutral, for HTTP, we need to discover true Life-Form Readings\r
- if(reading==LifeForm.LFN) {\r
- reading = tricorderScan(req);\r
- }\r
- TafResp tresp=null, firstTry = null;\r
- List<Redirectable> redirectables = null;\r
- \r
- for(HttpTaf taf : tafs) {\r
- tresp = taf.validate(reading, req, resp);\r
- switch(tresp.isAuthenticated()) {\r
- case TRY_ANOTHER_TAF:\r
- break; // and loop\r
- case TRY_AUTHENTICATING:\r
- if(tresp instanceof Redirectable) {\r
- if(redirectables==null) {\r
- redirectables = new ArrayList<Redirectable>();\r
- }\r
- redirectables.add((Redirectable)tresp);\r
- } else if(firstTry==null) {\r
- firstTry = tresp;\r
- }\r
- break; \r
- case IS_AUTHENTICATED:\r
- tresp = trustChecker.mayTrust(tresp, req);\r
- return tresp;\r
- default:\r
- return tresp;\r
- }\r
- }\r
- \r
- // If No TAFs configured, at this point. It is safer at this point to be "not validated", \r
- // rather than "let it go"\r
- // Note: if exists, there will always be more than 0 entries, according to above code\r
- if(redirectables==null) {\r
- return firstTry!=null?firstTry:NullTafResp.singleton();\r
- }\r
- \r
- // If there is one Tryable entry then return it\r
- if(redirectables.size()>1) {\r
- return LoginPageTafResp.create(access,locator,resp,redirectables);\r
- } else {\r
- return redirectables.get(0);\r
- }\r
- }\r
- \r
- public boolean revalidate(Principal prin) throws Exception {\r
- return false;\r
- }\r
-\r
- /*\r
- * Since this is internal, we use a little Star Trek humor to indicate looking in the HTTP Request to see if we can determine what kind\r
- * of "LifeForm" reading we can determine, i.e. is there a Human (CarbonBasedLifeForm) behind a browser, or is it mechanical \r
- * id (SiliconBasedLifeForm)? This makes a difference in some Authentication, i.e CSP, which doesn't work well for SBLFs\r
- */\r
- private LifeForm tricorderScan(HttpServletRequest req) {\r
- // For simplicity's sake, we'll say Humans use FQDNs, not IPs.\r
- \r
- String auth = req.getParameter("Authentication");\r
- if(auth!=null) {\r
- if("BasicAuth".equals(auth)) {\r
- return LifeForm.SBLF;\r
- }\r
- }\r
- // Current guess that only Browsers bother to set "Agent" codes that identify the kind of browser they are.\r
- // If mechanical frameworks are found that populate this, then more advanced analysis may be required\r
- // 1/22/2013\r
- String agent = req.getHeader("User-Agent");\r
- if(agent!=null && agent.startsWith("Mozilla")) // covers I.E./Firefox/Safari/probably any other "advanced" Browser see http://en.wikipedia.org/wiki/User_agent\r
- return LifeForm.CBLF; \r
- return LifeForm.SBLF; // notably skips "curl","wget", (which is desired behavior. We don't want to try CSP, etc on these)\r
- }\r
-\r
- public Resp revalidate(CachedPrincipal prin) {\r
- Resp resp;\r
- for(HttpTaf taf : tafs) {\r
- resp = taf.revalidate(prin);\r
- switch(resp) {\r
- case NOT_MINE:\r
- break;\r
- default:\r
- return resp;\r
- }\r
- }\r
- return Resp.NOT_MINE;\r
- }\r
-\r
- /**\r
- * List HttpTafs with their "toString" representations... primarily useful for Debugging in an IDE\r
- * like Eclipse.\r
- */\r
- public String toString() {\r
- StringBuilder sb = new StringBuilder();\r
- for(HttpTaf ht : tafs) {\r
- sb.append(ht.toString());\r
- sb.append(". ");\r
- }\r
- return sb.toString();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.Taf.LifeForm;\r
-\r
-/**\r
- * A TAF which is in a specific HTTP environment in which the engine implements \r
- * javax Servlet.\r
- * \r
- * Using the Http Request and Response interfaces takes the effort out of implementing in almost any kind of\r
- * HTTP Container or Engine.\r
- * \r
- *\r
- */\r
-public interface HttpTaf {\r
- /**\r
- * validate\r
- * \r
- * Validate the Request, and respond with created TafResp object.\r
- * \r
- * @param reading\r
- * @param req\r
- * @param resp\r
- * @return\r
- */\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp);\r
- \r
- /**\r
- * Re-Validate Credential\r
- * \r
- * @param prin\r
- * @return\r
- */\r
- public CachedPrincipal.Resp revalidate(CachedPrincipal prin);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.io.IOException;\r
-import java.net.URI;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Locator;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.Locator.Item;\r
-\r
-public class LoginPageTafResp extends AbsTafResp {\r
- private final HttpServletResponse httpResp;\r
- private final String loginPageURL;\r
-\r
- private LoginPageTafResp(Access access, final HttpServletResponse resp, String loginPageURL) {\r
- super(access, null, "Multiple Possible HTTP Logins available. Redirecting to Login Choice Page");\r
- httpResp = resp;\r
- this.loginPageURL = loginPageURL;\r
- }\r
-\r
- @Override\r
- public RESP authenticate() throws IOException {\r
- httpResp.sendRedirect(loginPageURL);\r
- return RESP.HTTP_REDIRECT_INVOKED;\r
- }\r
- \r
- @Override\r
- public RESP isAuthenticated() {\r
- return RESP.TRY_AUTHENTICATING;\r
- }\r
- \r
- public static TafResp create(Access access, Locator<URI> locator, final HttpServletResponse resp, List<Redirectable> redir) {\r
- if(locator!=null) {\r
- try {\r
- Item item = locator.best();\r
- URI uri = locator.get(item);\r
- if(uri!=null) {\r
- StringBuilder sb = new StringBuilder(uri.toString());\r
- String query = uri.getQuery();\r
- boolean first = query==null || query.length()==0;\r
- int count=0;\r
- for(Redirectable t : redir) {\r
- if(first) {\r
- sb.append('?');\r
- first=false;\r
- }\r
- else sb.append('&');\r
- sb.append(t.get());\r
- ++count;\r
- }\r
- if(count>0)return new LoginPageTafResp(access, resp, sb.toString());\r
- }\r
- } catch (Exception e) {\r
- access.log(e, "Error deriving Login Page location");\r
- }\r
- } else if(!redir.isEmpty()) { \r
- access.log(Level.DEBUG,"LoginPage Locator is not configured. Taking first Redirectable Taf");\r
- return redir.get(0);\r
- }\r
- return NullTafResp.singleton();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.Taf;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-\r
-\r
-/**\r
- * This TAF is set at the very beginning of Filters and Valves so that if any configuration issues hit while\r
- * starting, the default behavior is to shut down traffic rather than leaving an open hole\r
- * \r
- *\r
- */\r
-public class NullTaf implements Taf, HttpTaf {\r
- // Singleton Pattern\r
- public NullTaf() {}\r
-\r
- /**\r
- * validate \r
- * \r
- * Always Respond with a NullTafResp, which declares it is unauthenticated, and unauthorized\r
- */\r
- public TafResp validate(LifeForm reading, String... info) {\r
- return NullTafResp.singleton();\r
- }\r
-\r
- /**\r
- * validate \r
- * \r
- * Always Respond with a NullTafResp, which declares it is unauthenticated, and unauthorized\r
- */\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- return NullTafResp.singleton();\r
- }\r
-\r
- public Resp revalidate(CachedPrincipal prin) {\r
- return Resp.NOT_MINE;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-\r
-/**\r
- * A Null Pattern for setting responses to "Deny" before configuration is setup.\r
- *\r
- */\r
-class NullTafResp implements TafResp {\r
- private NullTafResp(){}\r
- \r
- private static TafResp singleton = new NullTafResp();\r
- \r
- public static TafResp singleton() {\r
- return singleton;\r
- }\r
- \r
- public boolean isValid() {\r
- return false;\r
- }\r
- \r
- public RESP isAuthenticated() {\r
- return RESP.NO_FURTHER_PROCESSING;\r
- }\r
- \r
- public String desc() {\r
- return "All Authentication denied";\r
- }\r
- \r
- public RESP authenticate() throws IOException {\r
- return RESP.NO_FURTHER_PROCESSING;\r
- }\r
-\r
- public Principal getPrincipal() {\r
- return null;\r
- }\r
-\r
- public Access getAccess() {\r
- return Access.NULL;\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see com.att.cadi.taf.TafResp#isFailedAttempt()\r
- */\r
- public boolean isFailedAttempt() {\r
- return true;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-\r
-/**\r
- * A Punt Resp to make it fast and easy for a Taf to respond that it cannot handle a particular kind of\r
- * request. It is always the same object, so there is no cost for memory, etc.\r
- *\r
- */\r
-public class PuntTafResp implements TafResp {\r
- private PuntTafResp(){}\r
- \r
- private static TafResp singleton = new PuntTafResp();\r
- \r
- public static TafResp singleton() {\r
- return singleton;\r
- }\r
- \r
- public boolean isValid() {\r
- return false;\r
- }\r
- \r
- public RESP isAuthenticated() {\r
- return RESP.TRY_ANOTHER_TAF;\r
- }\r
- \r
- public String desc() {\r
- return "This Taf can or will not handle this authentication";\r
- }\r
- \r
- public RESP authenticate() throws IOException {\r
- return RESP.TRY_ANOTHER_TAF;\r
- }\r
-\r
- public Principal getPrincipal() {\r
- return null;\r
- }\r
-\r
- public Access getAccess() {\r
- return NullTafResp.singleton().getAccess();\r
- }\r
-\r
- public boolean isFailedAttempt() {\r
- return false;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-public interface Redirectable extends TafResp {\r
- /**\r
- * Create a Redirectable URL entry prefaced by a URLEncoder.String for a Menu\r
- * example:\r
- * "Global Login=https://xxxx....."\r
- */\r
- public String get();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CadiException;\r
-\r
-/**\r
- * Response from Taf objects, which inform users what has happened and/or what should be done\r
- * \r
- *\r
- */\r
-public interface TafResp {\r
- public static enum RESP {\r
- IS_AUTHENTICATED, \r
- NO_FURTHER_PROCESSING, \r
- TRY_AUTHENTICATING, \r
- TRY_ANOTHER_TAF,\r
- FAIL, \r
- // A note was made to avoid the response REDIRECT. However, I have deemed that it is \r
- // unavoidable when the underlying TAF did do a REDIRECT, because it requires a HTTP\r
- // Service code to exit without modifying the Response any further.\r
- // Therefore, I have changed this to indicate what HAS happened, with should accommodate \r
- // both positions. JG 10/18/2012\r
-// public static final int HTTP_REDIRECT_INVOKED = 11;\r
- HTTP_REDIRECT_INVOKED,\r
- HAS_PROCESSED};\r
- \r
- /**\r
- * Basic success check\r
- * @return\r
- */\r
- public boolean isValid();\r
- \r
- /**\r
- * String description of what has occurred (for logging/exceptions)\r
- * @return\r
- */\r
- public String desc();\r
- \r
- /**\r
- * Check Response\r
- * @return\r
- */\r
- public RESP isAuthenticated();\r
-\r
- /**\r
- * Authenticate, returning FAIL or Other Valid indication\r
- * \r
- * HTTP implementations should watch for "HTTP_REDIRECT_INVOKED", and end the HTTP call appropriately.\r
- * @return\r
- * @throws CadiException \r
- */\r
- public RESP authenticate() throws IOException;\r
-\r
- /**\r
- * Once authenticated, this object should hold a Principal created from the authorization\r
- * @return\r
- */\r
- public Principal getPrincipal();\r
-\r
- /**\r
- * get the Access object which created this object, allowing the responder to appropriate Log, etc\r
- */\r
- public Access getAccess();\r
- \r
- /**\r
- * Be able to check if part of a Failed attempt\r
- */\r
- public boolean isFailedAttempt();\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-\r
-public class TrustNotTafResp implements TafResp {\r
- private final TafResp delegate;\r
- private final String desc;\r
- \r
- public TrustNotTafResp(final TafResp delegate, final String desc) {\r
- this.delegate = delegate;\r
- this.desc = desc;\r
- }\r
- \r
- @Override\r
- public boolean isValid() {\r
- return false;\r
- }\r
-\r
- @Override\r
- public String desc() {\r
- return desc;\r
- }\r
-\r
- @Override\r
- public RESP isAuthenticated() {\r
- return RESP.NO_FURTHER_PROCESSING;\r
- }\r
-\r
- @Override\r
- public RESP authenticate() throws IOException {\r
- return RESP.NO_FURTHER_PROCESSING;\r
- }\r
-\r
- @Override\r
- public Principal getPrincipal() {\r
- return delegate.getPrincipal();\r
- }\r
-\r
- @Override\r
- public Access getAccess() {\r
- return delegate.getAccess();\r
- }\r
-\r
- @Override\r
- public boolean isFailedAttempt() {\r
- return true;\r
- }\r
- \r
- public String toString() {\r
- return desc();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-\r
-public class TrustTafResp implements TafResp {\r
- private final TafResp delegate;\r
- private final Principal principal;\r
- private final String desc;\r
- \r
- public TrustTafResp(final TafResp delegate, final Principal principal, final String desc) {\r
- this.delegate = delegate;\r
- this.principal = principal;\r
- this.desc = desc + ' ' + delegate.desc();\r
- }\r
- \r
- @Override\r
- public boolean isValid() {\r
- return delegate.isValid();\r
- }\r
-\r
- @Override\r
- public String desc() {\r
- return desc;\r
- }\r
-\r
- @Override\r
- public RESP isAuthenticated() {\r
- return delegate.isAuthenticated();\r
- }\r
-\r
- @Override\r
- public RESP authenticate() throws IOException {\r
- return delegate.authenticate();\r
- }\r
-\r
- @Override\r
- public Principal getPrincipal() {\r
- return principal;\r
- }\r
-\r
- @Override\r
- public Access getAccess() {\r
- return delegate.getAccess();\r
- }\r
-\r
- @Override\r
- public boolean isFailedAttempt() {\r
- return delegate.isFailedAttempt();\r
- }\r
- \r
- public String toString() {\r
- return principal.getName() + " by trust of " + desc();\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.basic;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.BasicCred;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.CredVal;\r
-import org.onap.aaf.cadi.Taf;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.CredVal.Type;\r
-import org.onap.aaf.cadi.principal.BasicPrincipal;\r
-import org.onap.aaf.cadi.principal.CachedBasicPrincipal;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;\r
-\r
-/**\r
- * BasicHttpTaf\r
- * \r
- * This TAF implements the "Basic Auth" protocol. \r
- * \r
- * WARNING! It is true for any implementation of "Basic Auth" that the password is passed unencrypted. \r
- * This is because the expectation, when designed years ago, was that it would only be used in \r
- * conjunction with SSL (https). It is common, however, for users to ignore this on the assumption that\r
- * their internal network is secure, or just ignorance. Therefore, a WARNING will be printed\r
- * when the HTTP Channel is not encrypted (unless explicitly turned off).\r
- * \r
- *\r
- */\r
-public class BasicHttpTaf implements HttpTaf {\r
- private Access access;\r
- private String realm;\r
- private CredVal rbac;\r
- private boolean warn;\r
- private long timeToLive;\r
- \r
- public BasicHttpTaf(Access access, CredVal rbac, String realm, long timeToLive, boolean turnOnWarning) {\r
- this.access = access;\r
- this.realm = realm;\r
- this.rbac = rbac;\r
- this.warn = turnOnWarning;\r
- this.timeToLive = timeToLive;\r
- }\r
-\r
- /**\r
- * Note: BasicHttp works for either Carbon Based (Humans) or Silicon Based (machine) Lifeforms. \r
- * @see Taf\r
- */\r
- public TafResp validate(Taf.LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- // See if Request implements BasicCred (aka CadiWrap or other), and if User/Pass has already been set separately\r
- if(req instanceof BasicCred) {\r
- BasicCred bc = (BasicCred)req;\r
- if(bc.getUser()!=null) { // CadiWrap, if set, makes sure User & Password are both valid, or both null\r
- if(DenialOfServiceTaf.isDeniedID(bc.getUser())!=null) {\r
- return DenialOfServiceTaf.respDenyID(access,bc.getUser());\r
- }\r
- CachedBasicPrincipal bp = new CachedBasicPrincipal(this,bc,realm,timeToLive);\r
- // ONLY FOR Last Ditch DEBUGGING... \r
- // access.log(Level.WARN,bp.getName() + ":" + new String(bp.getCred()));\r
- if(rbac.validate(bp.getName(),Type.PASSWORD,bp.getCred())) {\r
- return new BasicHttpTafResp(access,bp,bp.getName()+" authenticated by password",RESP.IS_AUTHENTICATED,resp,realm,false);\r
- } else {\r
- //TODO may need timed retries in a given time period\r
- return new BasicHttpTafResp(access,null,buildMsg(bp,req,"User/Pass combo invalid for ",bc.getUser()), \r
- RESP.TRY_AUTHENTICATING,resp,realm,true);\r
- }\r
- }\r
- }\r
- // Get User/Password from Authorization Header value\r
- String authz = req.getHeader("Authorization");\r
- if(authz != null && authz.startsWith("Basic ")) {\r
- if(warn&&!req.isSecure()) {\r
- access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");\r
- }\r
- try {\r
- CachedBasicPrincipal ba = new CachedBasicPrincipal(this,authz,realm,timeToLive);\r
- if(DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {\r
- return DenialOfServiceTaf.respDenyID(access,ba.getName());\r
- }\r
-\r
- // ONLY FOR Last Ditch DEBUGGING... \r
- // access.log(Level.WARN,ba.getName() + ":" + new String(ba.getCred()));\r
- if(rbac.validate(ba.getName(), Type.PASSWORD, ba.getCred())) {\r
- return new BasicHttpTafResp(access,ba, ba.getName()+" authenticated by BasicAuth password",RESP.IS_AUTHENTICATED,resp,realm,false);\r
- } else {\r
- //TODO may need timed retries in a given time period\r
- return new BasicHttpTafResp(access,null,buildMsg(ba,req,"User/Pass combo invalid"), \r
- RESP.TRY_AUTHENTICATING,resp,realm,true);\r
- }\r
- } catch (IOException e) {\r
- String msg = buildMsg(null,req,"Failed HTTP Basic Authorization (", e.getMessage(), ')');\r
- access.log(Level.INFO,msg);\r
- return new BasicHttpTafResp(access,null,msg, RESP.TRY_AUTHENTICATING, resp, realm,true);\r
- }\r
- }\r
- return new BasicHttpTafResp(access,null,"Requesting HTTP Basic Authorization",RESP.TRY_AUTHENTICATING,resp,realm,false);\r
- }\r
- \r
- protected String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {\r
- StringBuilder sb = new StringBuilder();\r
- for(Object s : msg) {\r
- sb.append(s.toString());\r
- }\r
- if(pr!=null) {\r
- sb.append(" for ");\r
- sb.append(pr.getName());\r
- }\r
- sb.append(" from ");\r
- sb.append(req.getRemoteAddr());\r
- sb.append(':');\r
- sb.append(req.getRemotePort());\r
- return sb.toString();\r
- }\r
-\r
- @Override\r
- public Resp revalidate(CachedPrincipal prin) {\r
- if(prin instanceof BasicPrincipal) {\r
- BasicPrincipal ba = (BasicPrincipal)prin;\r
- if(DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {\r
- return Resp.UNVALIDATED;\r
- }\r
- return rbac.validate(ba.getName(), Type.PASSWORD, ba.getCred())?Resp.REVALIDATED:Resp.UNVALIDATED;\r
- }\r
- return Resp.NOT_MINE;\r
- }\r
- \r
- public String toString() {\r
- return "Basic Auth enabled on realm: " + realm;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.basic;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.taf.AbsTafResp;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-public class BasicHttpTafResp extends AbsTafResp implements TafResp {\r
- private HttpServletResponse httpResp;\r
- private String realm;\r
- private RESP status;\r
- private final boolean wasFailed;\r
- \r
- public BasicHttpTafResp(Access access, Principal principal, String description, RESP status, HttpServletResponse resp, String realm, boolean wasFailed) {\r
- super(access,principal, description);\r
- httpResp = resp;\r
- this.realm = realm;\r
- this.status = status;\r
- this.wasFailed = wasFailed;\r
- }\r
-\r
- public RESP authenticate() throws IOException {\r
- httpResp.setStatus(401); // Unauthorized \r
- httpResp.setHeader("WWW-Authenticate", "Basic realm=\""+realm+'"');\r
- return RESP.HTTP_REDIRECT_INVOKED;\r
- }\r
-\r
- public RESP isAuthenticated() {\r
- return status;\r
- }\r
-\r
- public boolean isFailedAttempt() {\r
- return wasFailed;\r
- }\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.cert;\r
-\r
-import java.security.Principal;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.X509Certificate;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-public interface CertIdentity {\r
- /**\r
- * identity from X509Certificate Object and/or certBytes\r
- * \r
- * If you have both, include them. If you only have one, leave the other null, and it will be generated if needed\r
- * \r
- * The Request is there to obtain Header or Attribute info of ultimate user\r
- * \r
- * @param req\r
- * @param cert\r
- * @param certBytes\r
- * @return\r
- * @throws CertificateException \r
- */\r
- public Principal identity(HttpServletRequest req, X509Certificate cert, byte[] certBytes) throws CertificateException;\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.cert;\r
-\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.taf.AbsTafResp;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-public class X509HttpTafResp extends AbsTafResp implements TafResp {\r
- private RESP status;\r
- \r
- public X509HttpTafResp(Access access, Principal principal, String description, RESP status) {\r
- super(access, principal, description);\r
- this.status = status;\r
- }\r
-\r
- public RESP authenticate() throws IOException {\r
- return RESP.TRY_ANOTHER_TAF;\r
- }\r
-\r
- public RESP isAuthenticated() {\r
- return status;\r
- }\r
-\r
- public String toString() {\r
- return status.name();\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.cert;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.security.GeneralSecurityException;\r
-import java.security.MessageDigest;\r
-import java.security.NoSuchAlgorithmException;\r
-import java.security.Principal;\r
-import java.security.Signature;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.CertificateFactory;\r
-import java.security.cert.X509Certificate;\r
-import java.util.ArrayList;\r
-\r
-import javax.net.ssl.TrustManagerFactory;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.Taf.LifeForm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfo;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-import org.onap.aaf.cadi.principal.TGuardPrincipal;\r
-import org.onap.aaf.cadi.principal.X509Principal;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-import org.onap.aaf.cadi.util.Split;\r
-\r
-public class X509Taf implements HttpTaf {\r
- \r
- public static final CertificateFactory certFactory;\r
- public static final MessageDigest messageDigest;\r
- public static final TrustManagerFactory tmf;\r
- private Access access;\r
- private CertIdentity[] certIdents;\r
- private Lur lur;\r
- private ArrayList<String> cadiIssuers;\r
- private String env;\r
- private SecurityInfo si;\r
-\r
- static {\r
- try {\r
- certFactory = CertificateFactory.getInstance("X.509");\r
- messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone\r
- tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm);\r
- } catch (Exception e) {\r
- throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e);\r
- }\r
- }\r
- \r
- public X509Taf(Access access, Lur lur, CertIdentity ... cis) throws CertificateException, NoSuchAlgorithmException, CadiException {\r
- this.access = access;\r
- env = access.getProperty(Config.AAF_ENV,null);\r
- if(env==null) {\r
- throw new CadiException("X509Taf requires Environment ("+Config.AAF_ENV+") to be set.");\r
- }\r
- this.lur = lur;\r
- this.cadiIssuers = new ArrayList<String>();\r
- for(String ci : access.getProperty(Config.CADI_X509_ISSUERS, "CN=ATT CADI Issuing CA 01, OU=CSO, O=ATT, C=US:CN=ATT CADI Issuing CA 02, OU=CSO, O=ATT, C=US").split(":")) {\r
- cadiIssuers.add(ci);\r
- }\r
- try {\r
- Class<?> dci = access.classLoader().loadClass("com.att.authz.cadi.DirectCertIdentity");\r
- CertIdentity temp[] = new CertIdentity[cis.length+1];\r
- System.arraycopy(cis, 0, temp, 1, cis.length);\r
- temp[0] = (CertIdentity) dci.newInstance();\r
- certIdents=temp;\r
- } catch (Exception e) {\r
- certIdents = cis;\r
- }\r
- \r
- try {\r
- si = new SecurityInfo(access);\r
- } catch (GeneralSecurityException | IOException e1) {\r
- throw new CadiException(e1);\r
- }\r
- }\r
-\r
- public static final X509Certificate getCert(byte[] certBytes) throws CertificateException {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(certBytes);\r
- return (X509Certificate)certFactory.generateCertificate(bais);\r
- }\r
-\r
- public static final byte[] getFingerPrint(byte[] ba) {\r
- MessageDigest md;\r
- try {\r
- md = (MessageDigest)messageDigest.clone();\r
- } catch (CloneNotSupportedException e) {\r
- // should never get here\r
- return new byte[0];\r
- }\r
- md.update(ba);\r
- return md.digest();\r
- }\r
-\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- // Check for Mutual SSL\r
- try {\r
- X509Certificate[] certarr = (X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");\r
- if(certarr!=null && certarr.length>0) {\r
- si.checkClientTrusted(certarr);\r
- // Note: If the Issuer is not in the TrustStore, it's not added to the Cert list\r
- if(cadiIssuers.contains(certarr[0].getIssuerDN().toString())) {\r
- String x500 = certarr[0].getSubjectDN().getName();\r
- int ou=x500.indexOf("OU=");\r
- if(ou>0) {\r
- ou+=3;\r
- int comma = x500.indexOf(',',ou);\r
- if(comma>0) {\r
- String id= x500.substring(ou,comma);\r
- String idenv[] = id.split(":");\r
- if(idenv.length==1 || (idenv.length>1 && env.equals(idenv[1]))) {\r
- return new X509HttpTafResp(access, \r
- new X509Principal(idenv[0], certarr[0],null), \r
- id + " validated by CADI x509", RESP.IS_AUTHENTICATED);\r
- }\r
- }\r
- }\r
- }\r
- }\r
-\r
- byte[] array = null;\r
- byte[] certBytes = null;\r
- X509Certificate cert=null;\r
- String responseText=null;\r
- String authHeader = req.getHeader("Authorization");\r
-\r
- if(certarr!=null) { // If cert !=null, Cert is Tested by Mutual Protocol.\r
- if(authHeader!=null) { // This is only intended to be a Secure Connection, not an Identity\r
- return new X509HttpTafResp(access, null, "Certificate verified, but another Identity is presented", RESP.TRY_ANOTHER_TAF);\r
- }\r
- cert = certarr[0];\r
- responseText = ", validated by Mutual SSL Protocol";\r
- } else { // If cert == null, Get Declared Cert (in header), but validate by having them sign something\r
- if(authHeader != null && authHeader.startsWith("x509 ")) {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream(authHeader.length());\r
- try {\r
- array = authHeader.getBytes();\r
- ByteArrayInputStream bais = new ByteArrayInputStream(array);\r
- Symm.base64noSplit.decode(bais, baos, 5);\r
- certBytes = baos.toByteArray();\r
- cert = getCert(certBytes);\r
- \r
- /** \r
- * Identity from CERT if well know CA and specific encoded information\r
- */\r
- // If found Identity doesn't work, try SignedStuff Protocol\r
-// cert.checkValidity();\r
-// cert.--- GET FINGERPRINT?\r
- String stuff = req.getHeader("Signature");\r
- if(stuff==null) \r
- return new X509HttpTafResp(access, null, "Header entry 'Signature' required to validate One way X509 Certificate", RESP.TRY_ANOTHER_TAF);\r
- String data = req.getHeader("Data"); \r
-// if(data==null) \r
-// return new X509HttpTafResp(access, null, "No signed Data to validate with X509 Certificate", RESP.TRY_ANOTHER_TAF);\r
-\r
- // Note: Data Pos shows is "<signatureType> <data>"\r
-// int dataPos = (stuff.indexOf(' ')); // determine what is Algorithm\r
- // Get Signature \r
- bais = new ByteArrayInputStream(stuff.getBytes());\r
- baos = new ByteArrayOutputStream(stuff.length());\r
- Symm.base64noSplit.decode(bais, baos);\r
- array = baos.toByteArray();\r
-// Signature sig = Signature.getInstance(stuff.substring(0, dataPos)); // get Algorithm from first part of Signature\r
- \r
- Signature sig = Signature.getInstance(cert.getSigAlgName()); \r
- sig.initVerify(cert.getPublicKey());\r
- sig.update(data.getBytes());\r
- if(!sig.verify(array)) {\r
- access.log(Level.ERROR, "Signature doesn't Match");\r
- return new X509HttpTafResp(access, null, "Certificate NOT verified", RESP.TRY_ANOTHER_TAF);\r
- }\r
- responseText = ", validated by Signed Data";\r
- } catch (Exception e) {\r
- access.log(e, "Exception while validating Cert");\r
- return new X509HttpTafResp(access, null, "Certificate NOT verified", RESP.TRY_ANOTHER_TAF);\r
- }\r
- \r
- } else {\r
- return new X509HttpTafResp(access, null, "No Certificate Info on Transaction", RESP.TRY_ANOTHER_TAF);\r
- }\r
- }\r
-\r
- // A cert has been found, match Identify\r
- Principal prin=null;\r
- \r
- for(int i=0;prin==null && i<certIdents.length;++i) {\r
- if((prin=certIdents[i].identity(req, cert, certBytes))!=null) {\r
- responseText = prin.getName() + " matches Certificate " + cert.getSubjectX500Principal().getName() + responseText;\r
-// xresp = new X509HttpTafResp(\r
-// access,\r
-// prin,\r
-// prin.getName() + " matches Certificate " + cert.getSubjectX500Principal().getName() + responseText,\r
-// RESP.IS_AUTHENTICATED);\r
- \r
- }\r
- }\r
-\r
- // if Principal is found, check for "AS_USER" and whether this entity is trusted to declare\r
- if(prin!=null) {\r
- String as_user=req.getHeader(Config.CADI_USER_CHAIN);\r
- if(as_user!=null) {\r
- if(as_user.startsWith("TGUARD ") && lur.fish(prin, new LocalPermission("com.att.aaf.trust|"+prin.getName()+"|tguard"))) {\r
- prin = new TGuardPrincipal(as_user.substring(7));\r
- responseText=prin.getName() + " set via trust of " + responseText;\r
- }\r
- }\r
- return new X509HttpTafResp(\r
- access,\r
- prin,\r
- responseText,\r
- RESP.IS_AUTHENTICATED);\r
- }\r
- } catch(Exception e) {\r
- return new X509HttpTafResp(access, null, e.getMessage(), RESP.TRY_ANOTHER_TAF); \r
- }\r
- \r
- return new X509HttpTafResp(access, null, "Certificate NOT verified", RESP.TRY_ANOTHER_TAF);\r
- }\r
-\r
- public Resp revalidate(CachedPrincipal prin) {\r
- return null;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.dos;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.File;\r
-import java.io.FileOutputStream;\r
-import java.io.FileReader;\r
-import java.io.IOException;\r
-import java.io.PrintStream;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.HashMap;\r
-import java.util.List;\r
-import java.util.Map;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.Taf.LifeForm;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.PuntTafResp;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-\r
-public class DenialOfServiceTaf implements HttpTaf {\r
- private static Map<String, Counter> deniedIP=null, deniedID=null;\r
- private Access access;\r
- private static File dosIP, dosID;\r
- \r
- /**\r
- * \r
- * @param hostname\r
- * @param prod\r
- * @throws CadiException\r
- */\r
- public DenialOfServiceTaf(Access access) throws CadiException {\r
- this.access = access;\r
- if(dosIP==null || dosID == null) {\r
- String dirStr;\r
- if((dirStr = access.getProperty("aaf_data_dir", null))!=null) {\r
- dosIP = new File(dirStr+"/dosIP");\r
- readIP();\r
- dosID = new File(dirStr+"/dosID");\r
- readID();\r
- }\r
- }\r
- }\r
-\r
- public TafResp validate(LifeForm reading, HttpServletRequest req, final HttpServletResponse resp) {\r
- // Performance, when not needed\r
- if(deniedIP != null) {\r
- String ip;\r
- Counter c = deniedIP.get(ip=req.getRemoteAddr());\r
- if(c!=null) {\r
- c.inc();\r
- return respDenyIP(access,ip);\r
- }\r
- }\r
- \r
- // Note: Can't process Principal, because this is the first TAF, and no Principal is created.\r
- // Other TAFs use "isDenied()" on this Object to validate.\r
- return PuntTafResp.singleton();\r
- }\r
-\r
- public Resp revalidate(CachedPrincipal prin) {\r
- // We always return NOT MINE, because DOS Taf does not ever validate\r
- return Resp.NOT_MINE;\r
- }\r
-\r
- /*\r
- * for use in Other TAFs, before they attempt backend validation of \r
- */\r
- public static Counter isDeniedID(String identity) {\r
- if(deniedID!=null) {\r
- return deniedID.get(identity);\r
- }\r
- return null;\r
- }\r
- \r
- /**\r
- * \r
- */\r
- public static Counter isDeniedIP(String ipvX) {\r
- if(deniedID!=null) {\r
- return deniedID.get(ipvX);\r
- }\r
- return null;\r
- }\r
-\r
- /**\r
- * Return of "True" means IP has been added.\r
- * Return of "False" means IP already added.\r
- * \r
- * @param ip\r
- * @return\r
- */\r
- public static synchronized boolean denyIP(String ip) {\r
- boolean rv = false;\r
- if(deniedIP==null) {\r
- deniedIP = new HashMap<String,Counter>();\r
- deniedIP.put(ip, new Counter(ip)); // Noted duplicated for minimum time spent\r
- rv= true;\r
- } else if(deniedIP.get(ip)==null) {\r
- deniedIP.put(ip, new Counter(ip));\r
- rv = true;\r
- }\r
- if(rv) {\r
- writeIP();\r
- }\r
- return rv;\r
- }\r
- \r
- private static void writeIP() {\r
- if(dosIP!=null && deniedIP!=null) {\r
- if(deniedIP.isEmpty()) {\r
- if(dosIP.exists()) {\r
- dosIP.delete();\r
- }\r
- } else {\r
- PrintStream fos;\r
- try {\r
- fos = new PrintStream(new FileOutputStream(dosIP,false));\r
- try {\r
- for(String ip: deniedIP.keySet()) {\r
- fos.println(ip);\r
- }\r
- } finally {\r
- fos.close();\r
- }\r
- } catch (IOException e) {\r
- e.printStackTrace(System.err);\r
- }\r
- }\r
- }\r
- }\r
- \r
- private static void readIP() {\r
- if(dosIP!=null && dosIP.exists()) {\r
- BufferedReader br;\r
- try {\r
- br = new BufferedReader(new FileReader(dosIP));\r
- if(deniedIP==null) {\r
- deniedIP=new HashMap<String,Counter>();\r
- }\r
-\r
- try {\r
- String line;\r
- while((line=br.readLine())!=null) {\r
- deniedIP.put(line, new Counter(line));\r
- }\r
- } finally {\r
- br.close();\r
- }\r
- } catch (IOException e) {\r
- e.printStackTrace(System.err);\r
- }\r
- }\r
- }\r
-\r
-\r
- /**\r
- * Return of "True" means IP has was removed.\r
- * Return of "False" means IP wasn't being denied.\r
- * \r
- * @param ip\r
- * @return\r
- */\r
- public static synchronized boolean removeDenyIP(String ip) {\r
- if(deniedIP!=null && deniedIP.remove(ip)!=null) {\r
- writeIP();\r
- if(deniedIP.isEmpty()) {\r
- deniedIP=null;\r
- }\r
- return true;\r
- }\r
- return false;\r
- }\r
-\r
- /**\r
- * Return of "True" means ID has been added.\r
- * Return of "False" means ID already added.\r
- * \r
- * @param ip\r
- * @return\r
- */\r
- public static synchronized boolean denyID(String id) {\r
- boolean rv = false;\r
- if(deniedID==null) {\r
- deniedID = new HashMap<String,Counter>();\r
- deniedID.put(id, new Counter(id)); // Noted duplicated for minimum time spent\r
- rv = true;\r
- } else if(deniedID.get(id)==null) {\r
- deniedID.put(id, new Counter(id));\r
- rv = true;\r
- }\r
- if(rv) {\r
- writeID();\r
- }\r
- return rv;\r
-\r
- }\r
-\r
- private static void writeID() {\r
- if(dosID!=null && deniedID!=null) {\r
- if(deniedID.isEmpty()) {\r
- if(dosID.exists()) {\r
- dosID.delete();\r
- }\r
- } else {\r
- PrintStream fos;\r
- try {\r
- fos = new PrintStream(new FileOutputStream(dosID,false));\r
- try {\r
- for(String ip: deniedID.keySet()) {\r
- fos.println(ip);\r
- }\r
- } finally {\r
- fos.close();\r
- }\r
- } catch (IOException e) {\r
- e.printStackTrace(System.err);\r
- }\r
- }\r
- }\r
- }\r
-\r
- private static void readID() {\r
- if(dosID!=null && dosID.exists()) {\r
- BufferedReader br;\r
- try {\r
- br = new BufferedReader(new FileReader(dosID));\r
- if(deniedID==null) {\r
- deniedID=new HashMap<String,Counter>();\r
- }\r
- try {\r
- String line;\r
- while((line=br.readLine())!=null) {\r
- deniedID.put(line, new Counter(line));\r
- }\r
- } finally {\r
- br.close();\r
- }\r
- } catch (IOException e) {\r
- e.printStackTrace(System.err);\r
- }\r
- }\r
- }\r
-\r
- /**\r
- * Return of "True" means ID has was removed.\r
- * Return of "False" means ID wasn't being denied.\r
- * \r
- * @param ip\r
- * @return\r
- */\r
- public static synchronized boolean removeDenyID(String id) {\r
- if(deniedID!=null && deniedID.remove(id)!=null) { \r
- writeID();\r
- if(deniedID.isEmpty()) {\r
- deniedID=null;\r
- }\r
-\r
- return true;\r
- }\r
- return false;\r
- }\r
- \r
- public List<String> report() {\r
- int initSize = 0;\r
- if(deniedIP!=null)initSize+=deniedIP.size();\r
- if(deniedID!=null)initSize+=deniedID.size();\r
- ArrayList<String> al = new ArrayList<String>(initSize);\r
- if(deniedID!=null) {\r
- for(Counter c : deniedID.values()) {\r
- al.add(c.toString());\r
- }\r
- }\r
- if(deniedIP!=null) {\r
- for(Counter c : deniedIP.values()) {\r
- al.add(c.toString());\r
- }\r
- }\r
- return al;\r
- }\r
- \r
- public static class Counter {\r
- private final String name; \r
- private int count = 0;\r
- private Date first;\r
- private long last; // note, we use "last" as long, to avoid popping useless dates on Heap.\r
- \r
- public Counter(String name) {\r
- this.name = name;\r
- first = null;\r
- last = 0L;\r
- count = 0;\r
- }\r
- \r
- public String getName() {\r
- return name;\r
- }\r
- \r
- public int getCount() {\r
- return count;\r
- }\r
-\r
- public long getLast() {\r
- return last;\r
- }\r
- \r
- /*\r
- * Only allow Denial of ServiceTaf to increment\r
- */\r
- private synchronized void inc() {\r
- ++count;\r
- last = System.currentTimeMillis();\r
- if(first==null) {\r
- first = new Date(last);\r
- }\r
- }\r
- \r
- public String toString() {\r
- if(count==0) \r
- return name + " is on the denied list, but has not attempted Access"; \r
- else \r
- return \r
- name +\r
- " has been denied " +\r
- count +\r
- " times since " +\r
- first +\r
- ". Last denial was " +\r
- new Date(last);\r
- }\r
- }\r
-\r
- public static TafResp respDenyID(Access access, String identity) {\r
- return new DenialOfServiceTafResp(access, RESP.NO_FURTHER_PROCESSING, identity + " is on the Identity Denial list");\r
- }\r
- \r
- public static TafResp respDenyIP(Access access, String ip) {\r
- return new DenialOfServiceTafResp(access, RESP.NO_FURTHER_PROCESSING, ip + " is on the IP Denial list");\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.dos;\r
-\r
-import java.io.IOException;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.taf.AbsTafResp;\r
-\r
-public class DenialOfServiceTafResp extends AbsTafResp {\r
- private RESP ect; // Homage to Arethra Franklin\r
-\r
- public DenialOfServiceTafResp(Access access, RESP resp, String description ) {\r
- super(access, null, description);\r
- ect = resp;\r
- }\r
-\r
- // Override base behavior of checking Principal and trying another TAF\r
- @Override\r
- public RESP isAuthenticated() {\r
- return ect;\r
- }\r
- \r
-\r
- public RESP authenticate() throws IOException {\r
- return ect;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.localhost;\r
-\r
-import java.net.InetAddress;\r
-import java.net.NetworkInterface;\r
-import java.net.SocketException;\r
-import java.net.UnknownHostException;\r
-import java.util.Enumeration;\r
-import java.util.TreeSet;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.Taf;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-\r
-/**\r
- * Implement the ability to utilize LocalHost as a TAF.\r
- * \r
- * Configure with two properties, \r
- * localhost.deny\r
- * localhost.accept\r
- * \r
- * 1) If localhost.deny==true, then no localhost requests are allowed\r
- * 2) If localhost.deny==false, but accept==false, return "Try Another TAF" (i.e. allow further checking of the\r
- * chain, but don't treat localhost as an acceptable credential)\r
- * 3) If localhost.deny=false and accept=true, then the processes coming from the same machine, given logins are needed, \r
- * to run, are treated as validated. This is primarily for Developer purposes.\r
- * \r
- * \r
- *\r
- */\r
-public class LocalhostTaf implements HttpTaf {\r
- private TafResp isLocalHost,isNotLocalHost;\r
- private static final TreeSet<String> addrSet;\r
- \r
- static {\r
- addrSet = new TreeSet<String>();\r
- try {\r
- for(Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces();en.hasMoreElements();) {\r
- NetworkInterface ni = en.nextElement();\r
- for(Enumeration<InetAddress> eia = ni.getInetAddresses();eia.hasMoreElements();) {\r
- InetAddress ia = eia.nextElement();\r
- addrSet.add(ia.getHostAddress());\r
- }\r
- }\r
- } catch (SocketException e) {\r
- }\r
- \r
- }\r
-\r
- public LocalhostTaf(Access access, boolean accept, boolean isDenied) {\r
- String hostname = access.getProperty("hostname",null);\r
- if(hostname !=null) {\r
- try {\r
- addrSet.add(InetAddress.getByName(hostname).getHostAddress());\r
- } catch (UnknownHostException e) {\r
- access.log(e,"Unknown Host");\r
- }\r
- }\r
- \r
- if(isDenied) {\r
- access.log(Level.INFO,"LocalhostTaf will deny all localhost traffic");\r
- } else {\r
- access.log(Level.INFO,"LocalhostTaf will not deny localhost requests, ",\r
- (accept?"and will treat them as authenticated":"but will require other authentication"));\r
- }\r
- // Set the appropriate behavior for when ID coming in is from localhost\r
- isLocalHost = isDenied? \r
- new LocalhostTafResp(access, RESP.NO_FURTHER_PROCESSING,"Localhost is denied"):\r
- accept?\r
- new LocalhostTafResp(access, RESP.IS_AUTHENTICATED,"Localhost is allowed"):\r
- new LocalhostTafResp(access, RESP.TRY_ANOTHER_TAF,"Localhost is allowed");\r
- isNotLocalHost = new LocalhostTafResp(access, RESP.TRY_ANOTHER_TAF,"Address is not Localhost");\r
- }\r
-\r
-// @Override\r
- public TafResp validate(Taf.LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- String remote = req.getRemoteAddr();\r
- return addrSet.contains(remote)\r
- ?isLocalHost\r
- :isNotLocalHost;\r
- }\r
-\r
- /** \r
- * This function used for other TAFs (i.e. CSP, which can't work on localhost address)\r
- * \r
- * @param address\r
- * @return\r
- */\r
- public static boolean isLocalAddress(String address) {\r
- return addrSet.contains(address);\r
- }\r
- \r
- public String toString() {\r
- return "Localhost TAF activated: " + isLocalHost.desc();\r
- }\r
-\r
- public Resp revalidate(CachedPrincipal prin) {\r
- // shouldn't get here, since there's no need to Cache, but if so, LocalHost is always valid...\r
- return Resp.REVALIDATED;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.localhost;\r
-\r
-import java.security.Principal;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-public class LocalhostTafResp implements TafResp {\r
- private RESP action;\r
- private String description;\r
- private final static Principal principal = new Principal() {\r
- private String name = System.getProperty("user.name")+"@localhost";\r
-// @Override\r
- public String getName() {\r
- return name;\r
- }\r
- };\r
-\r
- private Access access;\r
- \r
- public LocalhostTafResp(Access access, RESP state, String desc) {\r
- action = state;\r
- description = desc;\r
- this.access = access;\r
- }\r
- \r
-// @Override\r
- public boolean isValid() {\r
- return action == RESP.IS_AUTHENTICATED;\r
- }\r
-\r
-// @Override\r
- public String desc() {\r
- return description;\r
- }\r
-\r
-// @Override\r
- public RESP authenticate() {\r
- return action;\r
- }\r
- \r
- public RESP isAuthenticated() {\r
- return action;\r
- }\r
-\r
-// @Override\r
- public Principal getPrincipal() {\r
- return principal;\r
- }\r
-\r
- public Access getAccess() {\r
- return access;\r
- }\r
-\r
- public boolean isFailedAttempt() {\r
- return false;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import java.io.File;\r
-import java.io.IOException;\r
-\r
-public interface Chmod {\r
- public void chmod(File f) throws IOException;\r
- \r
- public static final Chmod to755 = new Chmod() {\r
- public void chmod(File f) throws IOException {\r
- f.setExecutable(true, false);\r
- f.setExecutable(true, true);\r
- f.setReadable(true, false);\r
- f.setReadable(true, true);\r
- f.setWritable(false, false);\r
- f.setWritable(true, true);\r
- }\r
- };\r
-\r
- public static final Chmod to644 = new Chmod() {\r
- public void chmod(File f) throws IOException {\r
- f.setExecutable(false, false);\r
- f.setExecutable(false, true);\r
- f.setReadable(true, false);\r
- f.setReadable(true, true);\r
- f.setWritable(false, false);\r
- f.setWritable(true, true);\r
- }\r
- };\r
-\r
- public static final Chmod to400 = new Chmod() {\r
- public void chmod(File f) throws IOException {\r
- f.setExecutable(false, false);\r
- f.setExecutable(false, true);\r
- f.setReadable(false, false);\r
- f.setReadable(true, true);\r
- f.setWritable(false, false);\r
- f.setWritable(false, true);\r
- }\r
- };\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import java.io.IOException;\r
-import java.io.OutputStream;\r
-\r
-public class JsonOutputStream extends OutputStream {\r
- private static final byte[] TWO_SPACE = " ".getBytes();\r
- private OutputStream os;\r
- private boolean closeable;\r
- private int indent = 0;\r
- private int prev,ret=0;\r
-\r
- public JsonOutputStream(OutputStream os) {\r
- // Don't close these, or dire consequences.\r
- closeable = !os.equals(System.out) && !os.equals(System.err);\r
- this.os = os;\r
- }\r
-\r
- @Override\r
- public void write(int b) throws IOException {\r
- if(ret=='\n') {\r
- ret = 0;\r
- if(prev!=',' || (b!='{' && b!='[')) {\r
- os.write('\n');\r
- for(int i=0;i<indent;++i) {\r
- os.write(TWO_SPACE);\r
- }\r
- }\r
- }\r
- switch(b) {\r
- case '{':\r
- case '[': \r
- ret = '\n';\r
- ++indent;\r
- break;\r
- case '}':\r
- case ']': \r
- --indent;\r
- os.write('\n');\r
- for(int i=0;i<indent;++i) {\r
- os.write(TWO_SPACE);\r
- }\r
- break;\r
- case ',':\r
- ret = '\n';\r
- break;\r
- \r
- }\r
- os.write(b);\r
- prev = b;\r
- }\r
- public void resetIndent() {\r
- indent = 1;\r
- }\r
-\r
- @Override\r
- public void flush() throws IOException {\r
- os.flush();\r
- }\r
-\r
- @Override\r
- public void close() throws IOException {\r
- if(closeable) {\r
- os.close();\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-@SuppressWarnings("serial")\r
-public class MaskFormatException extends Exception {\r
-\r
- public MaskFormatException(String string) {\r
- super(string);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-public interface MyConsole {\r
- public String readLine(String fmt, Object ... args);\r
- public char[] readPassword(String fmt, Object ... args);\r
- public void printf(String fmt, Object ...args);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-/* \r
- * NetMask - a class to quickly validate whether a given IP is part of a mask, as defined by bytes or standard String format.\r
- * \r
- * Needs the IPV6 Mask Builder. \r
- */\r
-public class NetMask {\r
- private long mask;\r
-\r
- public NetMask(byte[] inBytes) {\r
- mask = derive(inBytes);\r
- }\r
- \r
- public NetMask(String string) throws MaskFormatException {\r
- mask = derive(string,true);\r
- }\r
- \r
- public boolean isInNet(byte[] inBytes) {\r
- long addr = derive(inBytes);\r
- return (mask & addr) == addr;\r
- }\r
- \r
- public boolean isInNet(String str) {\r
- long addr;\r
- try {\r
- addr = derive(str,false);\r
- return (mask & addr) == addr;\r
- } catch (MaskFormatException e) {\r
- // will not hit this code;\r
- return false;\r
- }\r
- }\r
-\r
- public static long derive(byte[] inBytes) {\r
- long addr = 0L;\r
- int offset = inBytes.length*8;\r
- for(int i=0;i<inBytes.length;++i) {\r
- addr&=(inBytes[i]<<offset);\r
- offset-=8;\r
- }\r
- return addr;\r
- }\r
-\r
- public static long derive(String str, boolean check) throws MaskFormatException {\r
- long rv=0L;\r
- int idx=str.indexOf(':');\r
- int slash = str.indexOf('/');\r
-\r
- if(idx<0) { // Not IPV6, so it's IPV4... Is there a mask of 123/254?\r
- idx=str.indexOf('.');\r
- int offset = 24;\r
- int end = slash>=0?slash:str.length();\r
- int bits = slash>=0?Integer.parseInt(str.substring(slash+1)):32;\r
- if(check && bits>32) {\r
- throw new MaskFormatException("Invalid Mask Offset in IPV4 Address");\r
- }\r
- int prev = 0;\r
- long lbyte;\r
- while(prev<end) {\r
- if(idx<0) {\r
- idx = end;\r
- }\r
- lbyte = Long.parseLong(str.substring(prev, idx));\r
- if(check && (lbyte>255 || lbyte<0)) {\r
- throw new MaskFormatException("Invalid Byte in IPV4 Address");\r
- }\r
- rv|=lbyte<<offset;\r
- prev = ++idx;\r
- idx=str.indexOf('.',prev);\r
- offset-=8;\r
- }\r
- rv|=0x00000000FFFFFFFFL>>bits;\r
- }\r
- return rv;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-/**\r
- * Split by Char, optional Trim\r
- *\r
- * Note: Copied from Inno to avoid linking issues.\r
- * Note: I read the String split and Pattern split code, and we can do this more efficiently for a single Character\r
- * \r
- * 8/20/2015\r
- */\r
-\r
-public class Split {\r
- public static String[] split(char c, String value) {\r
- // Count items to preallocate Array (memory alloc is more expensive than counting twice)\r
- int count,idx;\r
- for(count=1,idx=value.indexOf(c);idx>=0;idx=value.indexOf(c,++idx),++count);\r
- String[] rv = new String[count];\r
- if(count==1) {\r
- rv[0]=value;\r
- } else {\r
- int last=0;\r
- count=-1;\r
- for(idx=value.indexOf(c);idx>=0;idx=value.indexOf(c,idx)) {\r
- rv[++count]=value.substring(last,idx);\r
- last = ++idx;\r
- }\r
- rv[++count]=value.substring(last);\r
- }\r
- return rv;\r
- }\r
-\r
- public static String[] splitTrim(char c, String value) {\r
- // Count items to preallocate Array (memory alloc is more expensive than counting twice)\r
- int count,idx;\r
- for(count=1,idx=value.indexOf(c);idx>=0;idx=value.indexOf(c,++idx),++count);\r
- String[] rv = new String[count];\r
- if(count==1) {\r
- rv[0]=value.trim();\r
- } else {\r
- int last=0;\r
- count=-1;\r
- for(idx=value.indexOf(c);idx>=0;idx=value.indexOf(c,idx)) {\r
- rv[++count]=value.substring(last,idx).trim();\r
- last = ++idx;\r
- }\r
- rv[++count]=value.substring(last).trim();\r
- }\r
- return rv;\r
- }\r
-\r
- public static String[] splitTrim(char c, String value, int size) {\r
- int idx;\r
- String[] rv = new String[size];\r
- if(size==1) {\r
- rv[0]=value.trim();\r
- } else {\r
- int last=0;\r
- int count=-1;\r
- size-=2;\r
- for(idx=value.indexOf(c);idx>=0 && count<size;idx=value.indexOf(c,idx)) {\r
- rv[++count]=value.substring(last,idx).trim();\r
- last = ++idx;\r
- }\r
- rv[++count]=value.substring(last).trim();\r
- }\r
- return rv;\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.IOException;\r
-import java.io.InputStreamReader;\r
-\r
-// Substandard, because System.in doesn't do Passwords..\r
-public class SubStandardConsole implements MyConsole {\r
- BufferedReader br = new BufferedReader(new InputStreamReader(System.in));\r
- @Override\r
- public String readLine(String fmt, Object... args) {\r
- String rv;\r
- try {\r
- System.out.printf(fmt,args);\r
- rv = br.readLine();\r
- if(args.length==1 && rv.length()==0) {\r
- rv = args[0].toString();\r
- }\r
- } catch (IOException e) {\r
- System.err.println("uh oh...");\r
- rv = "";\r
- }\r
- return rv;\r
- }\r
-\r
- @Override\r
- public char[] readPassword(String fmt, Object... args) {\r
- try {\r
- System.out.printf(fmt,args);\r
- return br.readLine().toCharArray();\r
- } catch (IOException e) {\r
- System.err.println("uh oh...");\r
- return new char[0];\r
- }\r
- }\r
-\r
- @Override\r
- public void printf(String fmt, Object... args) {\r
- System.out.printf(fmt, args);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-public class TheConsole implements MyConsole {\r
- @Override\r
- public String readLine(String fmt, Object... args) {\r
- String rv = System.console().readLine(fmt, args);\r
- if(args.length>0 && args[0]!=null && rv.length()==0) {\r
- rv = args[0].toString();\r
- }\r
- return rv;\r
- }\r
-\r
- @Override\r
- public char[] readPassword(String fmt, Object... args) {\r
- return System.console().readPassword(fmt, args);\r
- }\r
- \r
- public static boolean implemented() {\r
- return System.console()!=null;\r
- }\r
-\r
- @Override\r
- public void printf(String fmt, Object... args) {\r
- System.console().printf(fmt, args);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import org.onap.aaf.cadi.UserChain;\r
-\r
-public class UserChainManip {\r
- /** \r
- Build an element in the correct format for UserChain.\r
- Format:<APP>:<ID>:<protocol>[:AS][,<APP>:<ID>:<protocol>]*\r
- @see UserChain\r
- */ \r
- public static StringBuilder build(StringBuilder sb, String app, String id, UserChain.Protocol proto, boolean as) {\r
- boolean mayAs;\r
- if(!(mayAs=sb.length()==0)) {\r
- sb.append(',');\r
- }\r
- sb.append(app);\r
- sb.append(':');\r
- sb.append(id);\r
- sb.append(':');\r
- sb.append(proto.name());\r
- if(as && mayAs) {\r
- sb.append(":AS");\r
- }\r
- return sb;\r
- }\r
- \r
- public static String idToNS(String id) {\r
- if(id==null) {\r
- return "";\r
- } else {\r
- StringBuilder sb = new StringBuilder();\r
- char c;\r
- int end;\r
- boolean first = true;\r
- for(int idx = end = id.length()-1;idx>=0;--idx) {\r
- if((c = id.charAt(idx))=='@' || c=='.') {\r
- if(idx<end) {\r
- if(first) {\r
- first = false;\r
- } else {\r
- sb.append('.');\r
- }\r
- for(int i=idx+1;i<=end;++i) {\r
- sb.append(id.charAt(i));\r
- }\r
- }\r
- end=idx-1;\r
- if(c=='@') {\r
- break;\r
- }\r
- }\r
- }\r
- return sb.toString();\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import java.util.List;\r
-\r
-public class Vars {\r
- /**\r
- * Simplified Conversion based on typical use of getting AT&T style RESTful Error Messages\r
- * @param text\r
- * @param vars\r
- * @return\r
- */\r
- public static String convert(final String text, final List<String> vars) {\r
- String[] array = new String[vars.size()];\r
- StringBuilder sb = new StringBuilder();\r
- convert(sb,text,vars.toArray(array));\r
- return sb.toString();\r
- }\r
- /**\r
- * Convert a format string with "%s" into AT&T RESTful Error %1 %2 (number) format\r
- * If "holder" is passed in, it is built with full Message extracted (typically for Logging)\r
- * @param holder\r
- * @param text\r
- * @param vars\r
- * @return\r
- */\r
- public static String convert(final StringBuilder holder, final String text, final String ... vars) {\r
- StringBuilder sb = null;\r
- int idx,index=0,prev = 0;\r
- \r
- if(text.contains("%s")) {\r
- sb = new StringBuilder();\r
- }\r
- \r
- StringBuilder[] sbs = new StringBuilder[] {sb,holder};\r
- boolean replace, clearIndex = false;\r
- int c;\r
- while((idx=text.indexOf('%',prev))>=0) {\r
- replace = false;\r
- if(clearIndex) {\r
- index=0;\r
- }\r
- if(sb!=null) {\r
- sb.append(text,prev,idx);\r
- }\r
- if(holder!=null) {\r
- holder.append(text,prev,idx);\r
- }\r
- \r
- boolean go = true;\r
- while(go) {\r
- if(text.length()>++idx) {\r
- switch(c=text.charAt(idx)) {\r
- case '0': case '1': case '2': case '3': case '4': \r
- case '5': case '6': case '7': case '8': case '9':\r
- index *=10;\r
- index +=(c-'0');\r
- clearIndex=replace=true;\r
- continue;\r
- case 's':\r
- ++index;\r
- replace = true;\r
- continue;\r
- default:\r
- break;\r
- }\r
- }\r
- prev = idx;\r
- go=false;\r
- if(replace) {\r
- if(sb!=null) {\r
- sb.append('%');\r
- sb.append(index);\r
- }\r
- if(index<=vars.length) {\r
- if(holder!=null) {\r
- holder.append(vars[index-1]);\r
- }\r
- }\r
- } else {\r
- for(StringBuilder s : sbs) {\r
- if(s!=null) {\r
- s.append("%");\r
- }\r
- }\r
- }\r
- }\r
- }\r
- \r
- if(sb!=null) {\r
- sb.append(text,prev,text.length());\r
- }\r
- if(holder!=null) {\r
- holder.append(text,prev,text.length());\r
- }\r
-\r
- return sb==null?text:sb.toString();\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse;\r
-\r
-/**\r
- * Interface to specify an action deep within a parsing tree on a local object\r
- * \r
- * We use a Generic so as to be flexible on create what that object actually is. This is passed in at the\r
- * root "parse" call of Match. Similar to a "Visitor" Pattern, this object is passed upon reaching the right\r
- * point in a parse tree.\r
- * \r
- *\r
- * @param <OUTPUT>\r
- */\r
-interface Action<OUTPUT> {\r
- public boolean content(OUTPUT output, String text);\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse;\r
-\r
-import javax.xml.namespace.QName;\r
-import javax.xml.stream.XMLStreamException;\r
-import javax.xml.stream.events.XMLEvent;\r
-\r
-/**\r
- * Match Class allows you to build an automatic Tree of StAX (or StAX like) \r
- * Objects for frequent use.\r
- * \r
- * OBJECT is a type which you which to do some end Actions on, similar to a Visitor pattern, see Action\r
- * \r
- * Note: We have implemented with XReader and XEvent, rather than StAX for performance reasons.\r
- * \r
- * @see Action\r
- * @see Match\r
- * @see XEvent\r
- * @see XReader\r
- * \r
- *\r
- * @param <OUTPUT>\r
- */\r
-//@SuppressWarnings("restriction")\r
-public class Match<OUTPUT> {\r
- private QName qname;\r
- private Match<OUTPUT>[] next;\r
- private Match<OUTPUT> prev;\r
- private Action<OUTPUT> action = null;\r
- private boolean stopAfter;\r
- private boolean exclusive;\r
- \r
-\r
- @SafeVarargs\r
- public Match(String ns, String name, Match<OUTPUT> ... next) {\r
- this.qname = new QName(ns,name);\r
- this.next = next;\r
- stopAfter = exclusive = false;\r
- for(Match<OUTPUT> m : next) { // add the possible tags to look for\r
- if(!m.stopAfter)m.prev = this;\r
- }\r
- }\r
- \r
- public Match<OUTPUT> onMatch(OUTPUT output, XReader reader) throws XMLStreamException {\r
- while(reader.hasNext()) {\r
- XEvent event = reader.nextEvent();\r
- switch(event.getEventType()) {\r
- case XMLEvent.START_ELEMENT:\r
- QName e_qname = event.asStartElement().getName();\r
- //System.out.println("Start - " + e_qname);\r
- boolean match = false;\r
- for(Match<OUTPUT> m : next) {\r
- if(e_qname.equals(m.qname)) {\r
- match=true;\r
- if(m.onMatch(output, reader)==null) {\r
- return null; // short circuit Parsing\r
- }\r
- break;\r
- }\r
- }\r
- if(exclusive && !match) // When Tag MUST be present, i.e. the Root Tag, versus info we're not interested in\r
- return null;\r
- break;\r
- case XMLEvent.CHARACTERS:\r
- //System.out.println("Data - " +event.asCharacters().getData());\r
- if(action!=null) {\r
- if(!action.content(output,event.asCharacters().getData())) {\r
- return null;\r
- }\r
- }\r
- break;\r
- case XMLEvent.END_ELEMENT:\r
- //System.out.println("End - " + event.asEndElement().getName());\r
- if(event.asEndElement().getName().equals(qname)) {\r
- return prev;\r
- }\r
- break;\r
- case XMLEvent.END_DOCUMENT:\r
- return null; // Exit Chain\r
- }\r
- }\r
- return this;\r
- }\r
-\r
- /**\r
- * When this Matched Tag has completed, Stop parsing and end\r
- * @return\r
- */\r
- public Match<OUTPUT> stopAfter() {\r
- stopAfter = true;\r
- return this;\r
- }\r
- \r
- /**\r
- * Mark that this Object MUST be matched at this level or stop parsing and end\r
- * \r
- * @param action\r
- * @return\r
- */\r
- public Match<OUTPUT> exclusive() {\r
- exclusive = true;\r
- return this;\r
- }\r
-\r
- public Match<OUTPUT> set(Action<OUTPUT> action) {\r
- this.action = action;\r
- return this;\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-\r
-import javax.xml.stream.XMLStreamException;\r
-\r
-import org.onap.aaf.cadi.BasicCred;\r
-\r
-\r
-/**\r
- * WSSE Parser\r
- * \r
- * Read the User and Password from WSSE Formatted SOAP Messages \r
- * \r
- * This class uses StAX so that processing is stopped as soon as the Security User/Password are read into BasicCred, or the Header Ends\r
- * \r
- * This class is intended to be created once (or very few times) and reused as much as possible.\r
- * \r
- * It is as thread safe as StAX parsing is.\r
- * \r
- */\r
-public class WSSEParser {\r
- private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";\r
- private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";\r
- private Match<BasicCred> parseTree;\r
- //private XMLInputFactory inputFactory;\r
-\r
- public WSSEParser() {\r
- // soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username]\r
- parseTree = new Match<BasicCred>(SOAP_NS,"root", // need a root level to start from... Doesn't matter what the tag is\r
- new Match<BasicCred>(SOAP_NS,"Envelope",\r
- new Match<BasicCred>(SOAP_NS,"Header",\r
- new Match<BasicCred>(WSSE_NS,"Security",\r
- new Match<BasicCred>(WSSE_NS,"UsernameToken",\r
- new Match<BasicCred>(WSSE_NS,"Password").set(new Action<BasicCred>() {\r
- public boolean content(BasicCred bc,String text) {\r
- bc.setCred(text.getBytes());\r
- return true;\r
- }\r
- }),\r
- new Match<BasicCred>(WSSE_NS,"Username").set(new Action<BasicCred>() {\r
- public boolean content(BasicCred bc,String text) {\r
- bc.setUser(text);\r
- return true;\r
- }\r
- })\r
- ).stopAfter() // if found, end when UsernameToken ends (no further processing needed)\r
- )\r
- ).stopAfter() // Stop Processing when Header Ends\r
- ).exclusive()// Envelope must match Header, and no other. FYI, Body comes after Header short circuits (see above), so it's ok\r
- ).exclusive(); // root must be Envelope\r
- //inputFactory = XMLInputFactory.newInstance();\r
- }\r
- \r
- public XMLStreamException parse(BasicCred bc, InputStream is) throws IOException {\r
- try {\r
- parseTree.onMatch(bc, new XReader(is));\r
- return null;\r
- } catch (XMLStreamException e) {\r
- return e;\r
- }\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse;\r
-\r
-import javax.xml.namespace.QName;\r
-import javax.xml.stream.events.XMLEvent;\r
-\r
-/**\r
- * XEvent\r
- * \r
- * This mechanism mimics a minimal portion of StAX "XMLEvent", enough to work with minimal XReader.\r
- * \r
- * We implement the same interface, as much as minimally necessary, as XMLEvent for these small usages so as to\r
- * be interchangeable in the future, if so desired\r
- * \r
- *\r
- */\r
-// @SuppressWarnings("restriction")\r
-public abstract class XEvent {\r
-\r
- public abstract int getEventType();\r
-\r
- public StartElement asStartElement() {\r
- return (StartElement)this;\r
- }\r
-\r
- public Characters asCharacters() {\r
- return (Characters)this;\r
- }\r
-\r
- public EndElement asEndElement() {\r
- return (EndElement)this;\r
- }\r
-\r
- public static abstract class NamedXEvent extends XEvent {\r
- private QName qname;\r
-\r
- public NamedXEvent(QName qname) {\r
- this.qname = qname;\r
- }\r
- \r
- public QName getName() {\r
- return qname;\r
- }\r
- }\r
- public static class StartElement extends NamedXEvent {\r
-\r
- public StartElement(String ns, String tag) {\r
- super(new QName(ns,tag));\r
- }\r
-\r
- @Override\r
- public int getEventType() {\r
- return XMLEvent.START_ELEMENT;\r
- }\r
- }\r
-\r
- public static class EndElement extends NamedXEvent {\r
- public EndElement(String ns, String tag) {\r
- super(new QName(ns,tag));\r
- }\r
- \r
- @Override\r
- public int getEventType() {\r
- return XMLEvent.END_ELEMENT;\r
- }\r
- }\r
-\r
- public static class Characters extends XEvent {\r
- private String data;\r
-\r
- public Characters(String data) {\r
- this.data = data;\r
- }\r
- @Override\r
- public int getEventType() {\r
- return XMLEvent.CHARACTERS;\r
- }\r
-\r
- public String getData() {\r
- return data;\r
- }\r
- }\r
- \r
- public static class StartDocument extends XEvent {\r
-\r
- @Override\r
- public int getEventType() {\r
- return XMLEvent.START_DOCUMENT;\r
- }\r
- \r
- }\r
-\r
- public static class EndDocument extends XEvent {\r
-\r
- @Override\r
- public int getEventType() {\r
- return XMLEvent.END_DOCUMENT;\r
- }\r
- \r
- }\r
- public static class Comment extends XEvent {\r
- public final String value;\r
- public Comment(String value) {\r
- this.value = value;\r
- }\r
-\r
- @Override\r
- public int getEventType() {\r
- return XMLEvent.COMMENT;\r
- }\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.util.ArrayList;\r
-import java.util.HashMap;\r
-import java.util.List;\r
-import java.util.Map;\r
-import java.util.Stack;\r
-\r
-import javax.xml.stream.XMLStreamException;\r
-\r
-/**\r
- * XReader\r
- * This class works similarly as StAX, except StAX has more behavior than is needed. That would be ok, but \r
- * StAX also was Buffering in their code in such as way as to read most if not all the incoming stream into memory,\r
- * defeating the purpose of pre-reading only the Header\r
- * \r
- * This Reader does no back-tracking, but is able to create events based on syntax and given state only, leaving the\r
- * Read-ahead mode of the InputStream up to the other classes.\r
- * \r
- * At this time, we only implement the important events, though if this is good enough, it could be expanded, perhaps to \r
- * replace the original XMLReader from StAX.\r
- * \r
- *\r
- */\r
-// @SuppressWarnings("restriction")\r
-public class XReader {\r
- private XEvent curr,another;\r
- private InputStream is;\r
- private ByteArrayOutputStream baos;\r
- private int state, count, last;\r
- \r
- private Stack<Map<String,String>> nsses;\r
- \r
- public XReader(InputStream is) {\r
- this.is = is;\r
- curr = another = null;\r
- baos = new ByteArrayOutputStream();\r
- state = BEGIN_DOC; \r
- count = 0;\r
- nsses = new Stack<Map<String,String>>();\r
- }\r
- \r
- public boolean hasNext() throws XMLStreamException {\r
- if(curr==null) {\r
- curr = parse();\r
- }\r
- return curr!=null;\r
- }\r
-\r
- public XEvent nextEvent() {\r
- XEvent xe = curr;\r
- curr = null;\r
- return xe;\r
- }\r
-\r
- // \r
- // State Flags\r
- //\r
- // Note: The State of parsing XML can be complicated. There are too many to cleanly keep in "booleans". Additionally,\r
- // there are certain checks that can be better made with Bitwise operations within switches\r
- // Keeping track of state this way also helps us to accomplish logic without storing any back characters except one\r
- private final static int BEGIN_DOC= 0x000001;\r
- private final static int DOC_TYPE= 0x000002;\r
- private final static int QUESTION_F= 0x000004;\r
- private final static int QUESTION = 0x000008;\r
- private final static int START_TAG = 0x000010;\r
- private final static int END_TAG = 0x000020;\r
- private final static int VALUE= 0x000040;\r
- private final static int COMMENT = 0x001000;\r
- private final static int COMMENT_E = 0x002000;\r
- private final static int COMMENT_D1 =0x010000;\r
- private final static int COMMENT_D2 =0x020000;\r
- private final static int COMMENT_D3 =0x040000;\r
- private final static int COMMENT_D4 =0x080000;\r
- // useful combined Comment states\r
- private final static int IN_COMMENT=COMMENT|COMMENT_E|COMMENT_D1|COMMENT_D2;\r
- private final static int COMPLETE_COMMENT = COMMENT|COMMENT_E|COMMENT_D1|COMMENT_D2|COMMENT_D3|COMMENT_D4;\r
- \r
- \r
- private XEvent parse() throws XMLStreamException {\r
- Map<String,String> nss = nsses.isEmpty()?null:nsses.peek();\r
-\r
- XEvent rv;\r
- if((rv=another)!=null) { // "another" is a tag that may have needed to be created, but not \r
- // immediately returned. Save for next parse. If necessary, this could be turned into\r
- // a FIFO storage, but a single reference is enough for now.\r
- another = null; // "rv" is now set for the Event, and will be returned. Set to Null.\r
- } else {\r
- boolean go = true;\r
- int c=0;\r
- \r
- try {\r
- while(go && (c=is.read())>=0) {\r
- ++count;\r
- switch(c) {\r
- case '<': // Tag is opening\r
- state|=~BEGIN_DOC; // remove BEGIN_DOC flag, this is possibly an XML Doc\r
- XEvent cxe = null;\r
- if(baos.size()>0) { // If there are any characters between tags, we send as Character Event\r
- String chars = baos.toString().trim(); // Trim out WhiteSpace before and after\r
- if(chars.length()>0) { // don't send if Characters were only whitespace\r
- cxe = new XEvent.Characters(chars);\r
- baos.reset();\r
- go = false;\r
- }\r
- }\r
- last = c; // make sure "last" character is set for use in "ParseTag"\r
- Tag t = parseTag(); // call subroutine to process the tag as a unit\r
- String ns;\r
- switch(t.state&(START_TAG|END_TAG)) {\r
- case START_TAG:\r
- nss = getNss(nss,t); // Only Start Tags might have NS Attributes \r
- // Get any NameSpace elements from tag. If there are, nss will become \r
- // a new Map with all the previous NSs plus the new. This provides \r
- // scoping behavior when used with the Stack\r
- // drop through on purpose\r
- case END_TAG:\r
- ns = t.prefix==null?"":nss.get(t.prefix); // Get the namespace from prefix (if exists)\r
- break;\r
- default:\r
- ns = "";\r
- }\r
- if(ns==null)\r
- throw new XMLStreamException("Invalid Namespace Prefix at " + count);\r
- go = false;\r
- switch(t.state) { // based on \r
- case DOC_TYPE: \r
- rv = new XEvent.StartDocument();\r
- break;\r
- case COMMENT:\r
- rv = new XEvent.Comment(t.value);\r
- break;\r
- case START_TAG:\r
- rv = new XEvent.StartElement(ns,t.name);\r
- nsses.push(nss); // Change potential scope for Namespace\r
- break;\r
- case END_TAG:\r
- rv = new XEvent.EndElement(ns,t.name);\r
- nss = nsses.pop(); // End potential scope for Namespace\r
- break;\r
- case START_TAG|END_TAG: // This tag is both start/end aka <myTag/>\r
- rv = new XEvent.StartElement(ns,t.name);\r
- if(last=='/')another = new XEvent.EndElement(ns,t.name);\r
- }\r
- if(cxe!=null) { // if there is a Character Event, it actually should go first. ow.\r
- another = rv; // Make current Event the "another" or next event, and \r
- rv = cxe; // send Character Event now\r
- }\r
- break;\r
- case ' ':\r
- case '\t':\r
- case '\n':\r
- if((state&BEGIN_DOC)==BEGIN_DOC) { // if Whitespace before doc, just ignore \r
- break;\r
- }\r
- // fallthrough on purpose\r
- default:\r
- if((state&BEGIN_DOC)==BEGIN_DOC) { // if there is any data at the start other than XML Tag, it's not XML\r
- throw new XMLStreamException("Parse Error: This is not an XML Doc");\r
- }\r
- baos.write(c); // save off Characters\r
- }\r
- last = c; // Some processing needs to know what the last character was, aka Escaped characters... ex \"\r
- }\r
- } catch (IOException e) {\r
- throw new XMLStreamException(e); // all errors parsing will be treated as XMLStreamErrors (like StAX)\r
- }\r
- if(c==-1 && (state&BEGIN_DOC)==BEGIN_DOC) { // Normally, end of stream is ok, however, we need to know if the \r
- throw new XMLStreamException("Premature End of File"); // document isn't an XML document, so we throw exception if it \r
- } // hasn't yet been determined to be an XML Doc\r
- }\r
- return rv;\r
- }\r
- \r
- /**\r
- * parseTag\r
- * \r
- * Parsing a Tag is somewhat complicated, so it's helpful to separate this process from the \r
- * higher level Parsing effort\r
- * @return\r
- * @throws IOException\r
- * @throws XMLStreamException\r
- */\r
- private Tag parseTag() throws IOException, XMLStreamException {\r
- Tag tag = null;\r
- boolean go = true;\r
- state = 0;\r
- int c, quote=0; // If "quote" is 0, then we're not in a quote. We set ' (in pretag) or " in attribs accordingly to denote quoted\r
- String prefix=null,name=null,value=null;\r
- baos.reset();\r
- \r
- while(go && (c=is.read())>=0) {\r
- ++count;\r
- if(quote!=0) { // If we're in a quote, we only end if we hit another quote of the same time, not preceded by \\r
- if(c==quote && last!='\\') {\r
- quote=0;\r
- } else {\r
- baos.write(c);\r
- }\r
- } else if((state&COMMENT)==COMMENT) { // similar to Quote is being in a comment\r
- switch(c) {\r
- case '-':\r
- switch(state) { // XML has a complicated Quote set... <!-- --> ... we keep track if each has been met with flags. \r
- case COMMENT|COMMENT_E:\r
- state|=COMMENT_D1;\r
- break;\r
- case COMMENT|COMMENT_E|COMMENT_D1:\r
- state|=COMMENT_D2;\r
- baos.reset(); // clear out "!--", it's a Comment\r
- break;\r
- case COMMENT|COMMENT_E|COMMENT_D1|COMMENT_D2:\r
- state|=COMMENT_D3;\r
- baos.write(c);\r
- break;\r
- case COMMENT|COMMENT_E|COMMENT_D1|COMMENT_D2|COMMENT_D3:\r
- state|=COMMENT_D4;\r
- baos.write(c);\r
- break;\r
- }\r
- break;\r
- case '>': // Tag indicator has been found, do we have all the comment characters in line?\r
- if((state&COMPLETE_COMMENT)==COMPLETE_COMMENT) {\r
- byte ba[] = baos.toByteArray();\r
- tag = new Tag(null,null, new String(ba,0,ba.length-2));\r
- baos.reset();\r
- go = false;\r
- break;\r
- }\r
- // fall through on purpose\r
- default:\r
- state&=~(COMMENT_D3|COMMENT_D4);\r
- if((state&IN_COMMENT)!=IN_COMMENT) state&=~IN_COMMENT; // false alarm, it's not actually a comment\r
- baos.write(c);\r
- }\r
- } else { // Normal Tag Processing loop\r
- switch(c) {\r
- case '?': \r
- switch(state & (QUESTION_F|QUESTION)) { // Validate the state of Doc tag... <?xml ... ?>\r
- case QUESTION_F:\r
- state |= DOC_TYPE;\r
- state &= ~QUESTION_F;\r
- break;\r
- case 0:\r
- state |=QUESTION_F;\r
- break;\r
- default:\r
- throw new IOException("Bad character [?] at " + count);\r
- }\r
- break;\r
- case '!':\r
- if(last=='<') { \r
- state|=COMMENT|COMMENT_E; // likely a comment, continue processing in Comment Loop\r
- }\r
- baos.write(c);\r
- break;\r
- case '/':\r
- state|=(last=='<'?END_TAG:(END_TAG|START_TAG)); // end tag indicator </xxx>, ,or both <xxx/>\r
- break;\r
- case ':':\r
- prefix=baos.toString(); // prefix indicator\r
- baos.reset();\r
- break;\r
- case '=': // used in Attributes\r
- name=baos.toString();\r
- baos.reset();\r
- state|=VALUE;\r
- break;\r
- case '>': // end the tag, which causes end of this subprocess as well as formulation of the found data\r
- go = false;\r
- // passthrough on purpose\r
- case ' ':\r
- case '\t':\r
- case '\n': // white space indicates change in internal tag state, ex between name and between attributes\r
- if((state&VALUE)==VALUE) {\r
- value = baos.toString(); // we're in VALUE state, add characters to Value\r
- } else if(name==null) {\r
- name = baos.toString(); // we're in Name state (default) add characters to Name\r
- }\r
- baos.reset(); // we've assigned chars, reset buffer\r
- if(name!=null) { // Name is not null, there's a tag in the offing here...\r
- Tag t = new Tag(prefix,name,value);\r
- if(tag==null) { // Set as the tag to return, if not exists\r
- tag = t;\r
- } else { // if we already have a Tag, then we'll treat this one as an attribute\r
- tag.add(t);\r
- }\r
- }\r
- prefix=name=value=null; // reset these values in case we loop for attributes.\r
- break;\r
- case '\'': // is the character one of two kinds of quote?\r
- case '"':\r
- if(last!='\\') {\r
- quote=c;\r
- break;\r
- }\r
- // Fallthrough ok\r
- default:\r
- baos.write(c); // write any unprocessed bytes into buffer\r
- \r
- }\r
- }\r
- last = c;\r
- }\r
- int type = state&(DOC_TYPE|COMMENT|END_TAG|START_TAG); // get just the Tag states and turn into Type for Tag\r
- if(type==0) {\r
- type=START_TAG;\r
- }\r
- tag.state|=type; // add the appropriate Tag States\r
- return tag;\r
- }\r
-\r
- /**\r
- * getNSS\r
- * \r
- * If the tag contains some Namespace attributes, create a new nss from the passed in one, copy all into it, then add\r
- * This provides Scoping behavior\r
- * \r
- * if Nss is null in the first place, create an new nss, so we don't have to deal with null Maps.\r
- * \r
- * @param nss\r
- * @param t\r
- * @return\r
- */\r
- private Map<String, String> getNss(Map<String, String> nss, Tag t) {\r
- Map<String,String> newnss = null;\r
- if(t.attribs!=null) {\r
- for(Tag tag : t.attribs) {\r
- if("xmlns".equals(tag.prefix)) {\r
- if(newnss==null) {\r
- newnss = new HashMap<String,String>();\r
- if(nss!=null)newnss.putAll(nss);\r
- }\r
- newnss.put(tag.name, tag.value);\r
- }\r
- }\r
- }\r
- return newnss==null?(nss==null?new HashMap<String,String>():nss):newnss;\r
- }\r
-\r
- /**\r
- * The result of the parseTag method\r
- * \r
- * Data is split up into prefix, name and value portions. "Tags" with Values that are inside a Tag are known in XLM\r
- * as Attributes. \r
- * \r
- *\r
- */\r
- public class Tag {\r
- public int state;\r
- public String prefix,name,value;\r
- public List<Tag> attribs;\r
-\r
- public Tag(String prefix, String name, String value) {\r
- this.prefix = prefix;\r
- this.name = name;\r
- this.value = value;\r
- attribs = null; \r
- }\r
-\r
- /**\r
- * add an attribute\r
- * Not all tags need attributes... lazy instantiate to save time and memory\r
- * @param tag\r
- */\r
- public void add(Tag attrib) {\r
- if(attribs == null) {\r
- attribs = new ArrayList<Tag>();\r
- }\r
- attribs.add(attrib);\r
- }\r
- \r
- public String toString() {\r
- StringBuffer sb = new StringBuffer();\r
- if(prefix!=null) {\r
- sb.append(prefix);\r
- sb.append(':');\r
- }\r
- sb.append(name==null?"!!ERROR!!":name);\r
-\r
- char quote = ((state&DOC_TYPE)==DOC_TYPE)?'\'':'"';\r
- if(value!=null) {\r
- sb.append('=');\r
- sb.append(quote);\r
- sb.append(value);\r
- sb.append(quote);\r
- }\r
- return sb.toString();\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-\r
-import javax.crypto.CipherInputStream;\r
-import javax.crypto.CipherOutputStream;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.AES;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import junit.framework.Assert;\r
-\r
-import static org.junit.Assert.assertFalse;\r
-import static org.junit.Assert.assertTrue;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.File;\r
-import java.io.OutputStream;\r
-\r
-import javax.crypto.CipherInputStream;\r
-import javax.crypto.CipherOutputStream;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.AES;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import junit.framework.Assert;\r
-\r
-public class JU_AES {\r
-\r
- @Test\r
- public void test() throws Exception {\r
- AES aes = new AES();\r
- String orig = "I'm a password, really";\r
- byte[] passin = orig.getBytes();\r
- byte[] encrypted = aes.encrypt(passin);\r
- byte[] b64enc = Symm.base64.encode(encrypted);\r
- System.out.println(new String(b64enc));\r
- \r
- encrypted = Symm.base64.decode(b64enc);\r
- passin = aes.decrypt(encrypted);\r
- Assert.assertEquals(orig, new String(passin));\r
- }\r
- \r
- @Test\r
- public void testAESFileStream() throws Exception {\r
- File fi = new File("test/AESKeyFile");\r
- AES aes = new AES(fi);\r
- \r
- String orig = "I'm a password, really";\r
- byte[] passin = orig.getBytes();\r
- byte[] encrypted = aes.encrypt(passin);\r
- byte[] b64enc = Symm.base64.encode(encrypted);\r
- System.out.println(new String(b64enc));\r
- \r
- encrypted = Symm.base64.decode(b64enc);\r
- passin = aes.decrypt(encrypted);\r
- Assert.assertEquals(orig, new String(passin));\r
- \r
- File temp = new File("tempFile");\r
- try {\r
- assertFalse(temp.exists());\r
- aes.save(temp);\r
- assertTrue(temp.exists());\r
- } catch (Exception e) {\r
- } finally {\r
- temp.delete();\r
- } \r
- \r
- }\r
-\r
- @Test\r
- public void testInputStream() throws Exception {\r
- AES aes = new AES();\r
- String orig = "I'm a password, really";\r
- ByteArrayInputStream bais = new ByteArrayInputStream(orig.getBytes());\r
- CipherInputStream cis = aes.inputStream(bais, true);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.encode(cis, baos);\r
- cis.close();\r
-\r
- byte[] b64encrypted;\r
- System.out.println(new String(b64encrypted=baos.toByteArray()));\r
-\r
- CipherInputStream cis1 = aes.inputStream(bais, false);\r
- ByteArrayOutputStream baos1 = new ByteArrayOutputStream();\r
- Symm.base64.encode(cis1, baos1);\r
- cis.close();\r
-\r
- byte[] b64encrypted1;\r
- System.out.println(new String(b64encrypted1=baos1.toByteArray()));\r
- \r
- baos.reset();\r
- CipherOutputStream cos = aes.outputStream(baos, false);\r
- Symm.base64.decode(new ByteArrayInputStream(b64encrypted),cos);\r
- cos.close();\r
- Assert.assertEquals(orig, new String(baos.toByteArray()));\r
- \r
- OutputStream stream = aes.outputStream(System.out, true);\r
- assertTrue(stream instanceof CipherOutputStream);\r
-\r
- }\r
-\r
- @Test\r
- public void testObtain() throws Exception {\r
- byte[] keygen = Symm.baseCrypt().keygen();\r
- \r
- Symm symm = Symm.obtain(new ByteArrayInputStream(keygen));\r
- \r
- String orig ="Another Password, please";\r
- String encrypted = symm.enpass(orig);\r
- System.out.println(encrypted);\r
- String decrypted = symm.depass(encrypted);\r
- System.out.println(decrypted);\r
- Assert.assertEquals(orig, decrypted);\r
- }\r
- \r
- @Test\r
- public void test1() throws Exception {\r
- AES aes = new AES();\r
- String orig = "I'm a password, really";\r
- byte[] passin = orig.getBytes();\r
- byte[] encrypted = aes.encrypt(passin);\r
- byte[] b64enc = Symm.base64.encode(encrypted);\r
- System.out.println(new String(b64enc));\r
- \r
- encrypted = Symm.base64.decode(b64enc);\r
- passin = aes.decrypt(encrypted);\r
- Assert.assertEquals(orig, new String(passin));\r
- }\r
- \r
- @Test\r
- public void testAESFileStream1() throws Exception {\r
- File fi = new File("test/AESKeyFile");\r
- AES aes = new AES(fi);\r
- \r
- String orig = "I'm a password, really";\r
- byte[] passin = orig.getBytes();\r
- byte[] encrypted = aes.encrypt(passin);\r
- byte[] b64enc = Symm.base64.encode(encrypted);\r
- System.out.println(new String(b64enc));\r
- \r
- encrypted = Symm.base64.decode(b64enc);\r
- passin = aes.decrypt(encrypted);\r
- Assert.assertEquals(orig, new String(passin));\r
- \r
- File temp = new File("tempFile");\r
- try {\r
- assertFalse(temp.exists());\r
- aes.save(temp);\r
- assertTrue(temp.exists());\r
- } catch (Exception e) {\r
- } finally {\r
- temp.delete();\r
- } \r
- \r
- }\r
-\r
- @Test\r
- public void testInputStream1() throws Exception {\r
- AES aes = new AES();\r
- String orig = "I'm a password, really";\r
- ByteArrayInputStream bais = new ByteArrayInputStream(orig.getBytes());\r
- CipherInputStream cis = aes.inputStream(bais, true);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.encode(cis, baos);\r
- cis.close();\r
-\r
- byte[] b64encrypted;\r
- System.out.println(new String(b64encrypted=baos.toByteArray()));\r
-\r
- CipherInputStream cis1 = aes.inputStream(bais, false);\r
- ByteArrayOutputStream baos1 = new ByteArrayOutputStream();\r
- Symm.base64.encode(cis1, baos1);\r
- cis.close();\r
-\r
- byte[] b64encrypted1;\r
- System.out.println(new String(b64encrypted1=baos1.toByteArray()));\r
- \r
- baos.reset();\r
- CipherOutputStream cos = aes.outputStream(baos, false);\r
- Symm.base64.decode(new ByteArrayInputStream(b64encrypted),cos);\r
- cos.close();\r
- Assert.assertEquals(orig, new String(baos.toByteArray()));\r
- \r
- OutputStream stream = aes.outputStream(System.out, true);\r
- assertTrue(stream instanceof CipherOutputStream);\r
-\r
- }\r
-\r
- @Test\r
- public void testObtain1() throws Exception {\r
- byte[] keygen = Symm.baseCrypt().keygen();\r
- \r
- Symm symm = Symm.obtain(new ByteArrayInputStream(keygen));\r
- \r
- String orig ="Another Password, please";\r
- String encrypted = symm.enpass(orig);\r
- System.out.println(encrypted);\r
- String decrypted = symm.depass(encrypted);\r
- System.out.println(decrypted);\r
- Assert.assertEquals(orig, decrypted);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-import static org.hamcrest.CoreMatchers.is;\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-public class JU_CadiExceptionTest {\r
-\r
- @Test\r
- public void testCadiException() {\r
- CadiException exception = new CadiException();\r
- \r
- assertNotNull(exception);\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionString() {\r
- CadiException exception = new CadiException("New Exception");\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionThrowable() {\r
- CadiException exception = new CadiException(new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionStringThrowable() {\r
- CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
-\r
- }\r
- \r
- @Test\r
- public void testCadiException1() {\r
- CadiException exception = new CadiException();\r
- \r
- assertNotNull(exception);\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionString1() {\r
- CadiException exception = new CadiException("New Exception");\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionThrowable1() {\r
- CadiException exception = new CadiException(new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionStringThrowable1() {\r
- CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
-\r
- }\r
- \r
- @Test\r
- public void testCadiException2() {\r
- CadiException exception = new CadiException();\r
- \r
- assertNotNull(exception);\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionString2() {\r
- CadiException exception = new CadiException("New Exception");\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionThrowable2() {\r
- CadiException exception = new CadiException(new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("java.lang.Throwable: New Exception"));\r
- }\r
-\r
- @Test\r
- public void testCadiExceptionStringThrowable2() {\r
- CadiException exception = new CadiException("New Exception",new Throwable("New Exception"));\r
- assertNotNull(exception);\r
- assertThat(exception.getMessage(), is("New Exception"));\r
-\r
- }\r
-\r
-\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Matchers.isA;\r
-import static org.mockito.Mockito.when;\r
-\r
-import java.security.Principal;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Mock;\r
-import org.mockito.Mockito;\r
-import org.mockito.MockitoAnnotations;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.filter.MapPermConverter;\r
-import org.onap.aaf.cadi.lur.EpiLur;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-\r
-public class JU_CadiWrapTest {\r
- \r
- @Mock\r
- private HttpServletRequest request;\r
- \r
- @Mock\r
- private TafResp tafResp;\r
- \r
- @Mock\r
- private Principal principle;\r
-\r
- @Mock\r
- private Lur lur;\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- MockitoAnnotations.initMocks(this);\r
- }\r
-\r
- @Test\r
- public void testInstantiate() throws CadiException {\r
- Access a = new PropAccess();\r
- when(tafResp.getAccess()).thenReturn(a);\r
- \r
- lur.fishAll(isA(Principal.class), isA(List.class));\r
- \r
- EpiLur lur1 = new EpiLur(lur);\r
- \r
- CadiWrap wrap = new CadiWrap(request, tafResp, lur1);\r
- \r
- assertNull(wrap.getUserPrincipal());\r
- assertNull(wrap.getRemoteUser());\r
- assertNull(wrap.getUser());\r
- assertEquals(wrap.getPermissions(principle).size(), 0);\r
- \r
- byte[] arr = {'1','2'};\r
- wrap.setCred(arr);\r
- \r
- assertEquals(arr, wrap.getCred());\r
- \r
- wrap.setUser("User1");\r
- assertEquals("User1", wrap.getUser());\r
- \r
- wrap.invalidate("1");\r
-\r
- assertFalse(wrap.isUserInRole(null));\r
- \r
- wrap.set(tafResp, lur);\r
- \r
- wrap.invalidate("2");\r
- \r
- wrap.isUserInRole("User1");\r
- }\r
-\r
- @Test\r
- public void testInstantiateWithPermConverter() throws CadiException {\r
- Access a = new PropAccess();\r
- when(tafResp.getAccess()).thenReturn(a);\r
- when(tafResp.getPrincipal()).thenReturn(principle);\r
- \r
- \r
- CachingLur<Permission> lur1 = new CachingLur<Permission>() {\r
-\r
- @Override\r
- public Permission createPerm(String p) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public boolean fish(Principal bait, Permission pond) {\r
- // TODO Auto-generated method stub\r
- return true;\r
- }\r
-\r
- @Override\r
- public void fishAll(Principal bait, List<Permission> permissions) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- @Override\r
- public void destroy() {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- @Override\r
- public boolean handlesExclusively(Permission pond) {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- @Override\r
- public boolean supports(String userName) {\r
- // TODO Auto-generated method stub\r
- return false;\r
- }\r
-\r
- @Override\r
- public void remove(String user) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- @Override\r
- public Resp reload(User<Permission> user) {\r
- // TODO Auto-generated method stub\r
- return null;\r
- }\r
-\r
- @Override\r
- public void setDebug(String commaDelimIDsOrNull) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
- @Override\r
- public void clear(Principal p, StringBuilder sb) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
- };\r
- \r
- MapPermConverter pc = new MapPermConverter();\r
- \r
- CadiWrap wrap = new CadiWrap(request, tafResp, lur1, pc);\r
- \r
- assertNotNull(wrap.getUserPrincipal());\r
- assertNull(wrap.getRemoteUser());\r
- assertNull(wrap.getUser());\r
- \r
- byte[] arr = {'1','2'};\r
- wrap.setCred(arr);\r
- \r
- assertEquals(arr, wrap.getCred());\r
- \r
- wrap.setUser("User1");\r
- assertEquals("User1", wrap.getUser());\r
- \r
- wrap.invalidate("1");\r
- wrap.setPermConverter(new MapPermConverter());\r
- \r
- assertTrue(wrap.getLur() instanceof CachingLur);\r
- assertTrue(wrap.isUserInRole("User1"));\r
- \r
- wrap.set(tafResp, lur);\r
- assertFalse(wrap.isUserInRole("Perm1"));\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-\r
-import static org.junit.Assert.assertEquals;\r
-import static org.junit.Assert.assertFalse;\r
-import static org.junit.Assert.assertNotNull;\r
-import static org.junit.Assert.assertNull;\r
-import static org.junit.Assert.assertTrue;\r
-\r
-import java.io.IOException;\r
-import java.util.Properties;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-public class JU_PropAccessTest {\r
-\r
- @Test\r
- public void test() {\r
- PropAccess prop = new PropAccess(new Object());\r
- \r
- prop = new PropAccess("cadi_name=user","cadi_loglevel=DEBUG","cadi_prop_files=test/cadi.properties");\r
- \r
- assertTrue(prop.getProperties().keySet().contains("cadi_name"));\r
- assertTrue(prop.getProperty("cadi_name").equals("user"));\r
- \r
- prop.setProperty("cadi_keyfile", "file");\r
- prop.setLogLevel(Level.DEBUG);\r
- assertEquals(prop.getProperty("cadi_keyfile"),"file");\r
- prop.log(Level.DEBUG);\r
- assertTrue(prop.getDME2Properties().keySet().contains("AFT_DME2_SSL_INCLUDE_PROTOCOLS"));\r
- }\r
- \r
- @Test\r
- public void testWithProperties() {\r
- Properties p = new Properties();\r
- p.put("cadi_name", "user");\r
- p.put("cadi_loglevel", "DEBUG");\r
- \r
- PropAccess prop = new PropAccess(p);\r
- \r
- assertTrue(prop.getProperties().keySet().contains("cadi_name"));\r
- assertTrue(prop.getProperty("cadi_name").equals("user"));\r
- \r
- prop.setProperty("cadi_keyfile", "file");\r
- prop.setLogLevel(Level.DEBUG);\r
- assertEquals(prop.getProperty("cadi_keyfile"),"file");\r
- prop.log(Level.DEBUG);\r
- assertTrue(prop.getDME2Properties().keySet().contains("AFT_DME2_SSL_INCLUDE_PROTOCOLS"));\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-\r
-\r
-import static org.hamcrest.CoreMatchers.is;\r
-import static org.junit.Assert.*;\r
-import static org.mockito.Mockito.when;\r
-\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.HashMap;\r
-import java.util.List;\r
-import java.util.Map;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-public class JU_UserTest {\r
-\r
- @Mock\r
- private Principal principal;\r
- \r
- @Mock\r
- private LocalPermission permission;\r
- \r
- @Before\r
- public void setup() {\r
- MockitoAnnotations.initMocks(this);\r
- \r
- when(principal.getName()).thenReturn("Principal");\r
- \r
- when(permission.getKey()).thenReturn("NewKey");\r
- when(permission.match(permission)).thenReturn(true);\r
- }\r
- \r
- @Test\r
- public void testCountCheck() {\r
- User<Permission> user = new User<Permission>(principal);\r
- user.resetCount();\r
- assertThat(user.count, is(0));\r
- user.incCount();\r
- assertThat(user.count, is(1));\r
- }\r
- \r
- @Test\r
- public void testCountCheck1() {\r
- User<Permission> user = new User<Permission>(principal);\r
- user.resetCount();\r
- assertThat(user.count, is(0));\r
- user.incCount();\r
- assertThat(user.count, is(1));\r
- }\r
-\r
- @Test\r
- public void testPerm() throws InterruptedException {\r
- User<Permission> user = new User<Permission>(principal);\r
- assertThat(user.permExpires(), is(Long.MAX_VALUE));\r
- user.renewPerm();\r
- Thread.sleep(1);\r
- assertThat(user.permExpired(), is(true));\r
- user = new User<Permission>(principal,100);\r
- assertTrue(user.noPerms());\r
- user.add(permission);\r
- assertFalse(user.noPerms());\r
- user.setNoPerms();\r
- assertThat(user.permExpired(), is(false));\r
- assertFalse(user.permsUnloaded());\r
- user.perms = null;\r
- assertTrue(user.permsUnloaded());\r
- assertTrue(user.noPerms());\r
- }\r
- \r
- @Test\r
- public void testPerm1() throws InterruptedException {\r
- User<Permission> user = new User<Permission>(principal);\r
- assertThat(user.permExpires(), is(Long.MAX_VALUE));\r
- user.renewPerm();\r
- Thread.sleep(1);\r
- assertThat(user.permExpired(), is(true));\r
- user = new User<Permission>(principal,100);\r
- assertTrue(user.noPerms());\r
- user.add(permission);\r
- assertFalse(user.noPerms());\r
- user.setNoPerms();\r
- assertThat(user.permExpired(), is(false));\r
- assertFalse(user.permsUnloaded());\r
- user.perms = null;\r
- assertTrue(user.permsUnloaded());\r
- assertTrue(user.noPerms());\r
- }\r
- \r
- @Test\r
- public void testAddValuesToNewMap() {\r
- User<Permission> user = new User<Permission>(principal);\r
- Map<String, Permission> newMap = new HashMap<String,Permission>();\r
- \r
- assertFalse(user.contains(permission));\r
- \r
- user.add(newMap, permission);\r
- user.setMap(newMap);\r
- \r
- assertTrue(user.contains(permission));\r
- \r
- List<Permission> sink = new ArrayList<Permission>();\r
- user.copyPermsTo(sink);\r
- \r
- assertThat(sink.size(), is(1));\r
- assertTrue(sink.contains(permission));\r
- \r
- assertThat(user.toString(), is("Principal|:NewKey"));\r
- }\r
- \r
- @Test\r
- public void testAddValuesToNewMap1() {\r
- User<Permission> user = new User<Permission>(principal);\r
- Map<String, Permission> newMap = new HashMap<String,Permission>();\r
- \r
- assertFalse(user.contains(permission));\r
- \r
- user.add(newMap, permission);\r
- user.setMap(newMap);\r
- \r
- assertTrue(user.contains(permission));\r
- \r
- List<Permission> sink = new ArrayList<Permission>();\r
- user.copyPermsTo(sink);\r
- \r
- assertThat(sink.size(), is(1));\r
- assertTrue(sink.contains(permission));\r
- \r
- assertThat(user.toString(), is("Principal|:NewKey"));\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-import static org.mockito.Mockito.when;\r
-\r
-import javax.servlet.FilterConfig;\r
-import javax.servlet.ServletContext;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.mockito.Mock;\r
-import org.mockito.MockitoAnnotations;\r
-import org.onap.aaf.cadi.PropAccess;\r
-\r
-public class JU_FCGetTest {\r
-\r
- @Mock\r
- private ServletContext context;\r
- \r
- @Mock\r
- private FilterConfig config;\r
-\r
- @Mock\r
- private PropAccess access = new PropAccess();\r
- \r
- @Before\r
- public void setUp() {\r
- MockitoAnnotations.initMocks(this);\r
- }\r
- \r
- @Test\r
- public void testGetStringFromDef() {\r
- PropAccess access = new PropAccess();\r
- \r
- FCGet fcGet = new FCGet(access, context, config);\r
-\r
- String user = fcGet.get("user", "DefaultUser", true);\r
- \r
- assertEquals(user, "DefaultUser");\r
- }\r
-\r
- @Test\r
- public void testGetStringFromContext() {\r
- PropAccess access = new PropAccess();\r
- when(context.getInitParameter("user")).thenReturn("ContextUser");\r
- \r
- FCGet fcGet = new FCGet(access, context, null);\r
-\r
- String user = fcGet.get("user", "DefaultUser", true);\r
- \r
- assertEquals(user,"ContextUser");\r
- }\r
- \r
- @Test\r
- public void testGetStringFromFilter() {\r
- PropAccess access = new PropAccess();\r
- when(config.getInitParameter("user")).thenReturn("FilterUser");\r
- \r
- FCGet fcGet = new FCGet(access, null, config);\r
-\r
- String user = fcGet.get("user", "DefaultUser", true);\r
- \r
- assertEquals(user,"FilterUser");\r
- }\r
- \r
- @Test\r
- public void testGetStringWithNullContextFilter() {\r
- \r
- when(access.getProperty("user", "DefaultUser")).thenReturn(null);\r
- \r
- FCGet fcGet = new FCGet(access, null, null);\r
-\r
- String user = fcGet.get("user", "DefaultUser", true);\r
- \r
- assertEquals(user,"DefaultUser");\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import java.io.IOException;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-\r
-public class JU_ConfigPrincipalTest {\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void testConfigPrincipalStringString() {\r
- ConfigPrincipal p = new ConfigPrincipal("User", "pass");\r
- \r
- assertEquals(p.getName(), "User");\r
- assertEquals(p.toString(), "User");\r
- \r
- }\r
-\r
- @Test\r
- public void testConfigPrincipalStringByteArray() throws IOException {\r
- byte[] bytes = "pass".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("User", bytes);\r
- \r
- assertEquals(p.getName(), "User");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "User");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
- \r
- @Test\r
- public void testConfigPrincipalStringString2() {\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", "password");\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.toString(), "Demo");\r
- \r
- }\r
-\r
- @Test\r
- public void testConfigPrincipalStringByteArray2() throws IOException {\r
- byte[] bytes = "password".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", bytes);\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "Demo");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
-\r
- \r
- @Test\r
- public void testConfigPrincipalStringString1() {\r
- ConfigPrincipal p = new ConfigPrincipal("User", "pass");\r
- \r
- assertEquals(p.getName(), "User");\r
- assertEquals(p.toString(), "User");\r
- \r
- }\r
-\r
- @Test\r
- public void testConfigPrincipalStringByteArray1() throws IOException {\r
- byte[] bytes = "pass".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("User", bytes);\r
- \r
- assertEquals(p.getName(), "User");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "User");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
- \r
- @Test\r
- public void testConfigPrincipalStringString3() {\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", "password");\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.toString(), "Demo");\r
- \r
- }\r
-\r
- @Test\r
- public void testConfigPrincipalStringByteArray3() throws IOException {\r
- byte[] bytes = "password".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", bytes);\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "Demo");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
- \r
- @Test\r
- public void testConfigPrincipalStringString4() {\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", "password");\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.toString(), "Demo");\r
- \r
- }\r
-\r
- @Test\r
- public void testConfigPrincipalStringByteArray4() throws IOException {\r
- byte[] bytes = "password".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", bytes);\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "Demo");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
- \r
- @Test\r
- public void testConfigPrincipalStringByteArray5() throws IOException {\r
- byte[] bytes = "password".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", bytes);\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "Demo");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
- \r
- @Test\r
- public void testConfigPrincipalStringByteArray6() throws IOException {\r
- byte[] bytes = "password".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", bytes);\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "Demo");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
- \r
- @Test\r
- public void testConfigPrincipalStringByteArray7() throws IOException {\r
- byte[] bytes = "password".getBytes();\r
- ConfigPrincipal p = new ConfigPrincipal("Demo", bytes);\r
- \r
- assertEquals(p.getName(), "Demo");\r
- assertEquals(p.getCred(), bytes);\r
- assertEquals(p.toString(), "Demo");\r
- assertTrue(p.getAsBasicAuthHeader().startsWith("Basic"));\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.test;\r
-\r
-import static junit.framework.Assert.assertEquals;\r
-import static junit.framework.Assert.assertFalse;\r
-import static junit.framework.Assert.assertTrue;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.security.Principal;\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-import java.util.Set;\r
-import java.util.TreeSet;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Lur;\r
-import org.onap.aaf.cadi.Permission;\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.CredVal.Type;\r
-import org.onap.aaf.cadi.config.UsersDump;\r
-import org.onap.aaf.cadi.lur.LocalLur;\r
-import org.onap.aaf.cadi.lur.LocalPermission;\r
-\r
-public class JU_LocalLur {\r
-\r
- @Test\r
- public void test() throws IOException {\r
- Symm symmetric = Symm.baseCrypt().obtain();\r
- LocalLur up;\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- baos.write(Symm.ENC.getBytes());\r
- symmetric.enpass("<pass>", baos);\r
- PropAccess ta = new PropAccess();\r
- Lur ml = up = new LocalLur(ta,"myname:groupA,groupB","admin:myname,yourname;suser:hisname,hername,m1234%"+baos.toString());\r
-\r
- \r
-// Permission admin = new LocalPermission("admin");\r
-// Permission suser = new LocalPermission("suser");\r
-// \r
-// // Check User fish\r
-// assertTrue(ml.fish(new JUPrincipal("myname"),admin));\r
-// assertTrue(ml.fish(new JUPrincipal("hisname"),admin));\r
-// assertFalse(ml.fish(new JUPrincipal("noname"),admin));\r
-// assertTrue(ml.fish(new JUPrincipal("itsname"),suser));\r
-// assertTrue(ml.fish(new JUPrincipal("hername"),suser));\r
-// assertFalse(ml.fish(new JUPrincipal("myname"),suser));\r
-// \r
-// // Check validate password\r
-// assertTrue(up.validate("m1234",Type.PASSWORD, "<pass>".getBytes()));\r
-// assertFalse(up.validate("m1234",Type.PASSWORD, "badPass".getBytes()));\r
-// \r
- // Check fishAll\r
- Set<String> set = new TreeSet<String>();\r
- List<Permission> perms = new ArrayList<Permission>();\r
- ml.fishAll(new JUPrincipal("myname"), perms);\r
- for(Permission p : perms) {\r
- set.add(p.getKey());\r
- }\r
-// assertEquals("[admin, groupA, groupB]",set.toString());\r
- UsersDump.write(System.out, up);\r
- System.out.flush();\r
- \r
- }\r
- \r
- // Simplistic Principal for testing purposes\r
- private static class JUPrincipal implements Principal {\r
- private String name;\r
- public JUPrincipal(String name) {\r
- this.name = name;\r
- }\r
-// @Override\r
- public String getName() {\r
- return name;\r
- }\r
- }\r
-\r
-\r
-\r
- \r
- \r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.lur.test;\r
-\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-public class JU_TestAccess implements Access {\r
- private Symm symm;\r
-\r
- public JU_TestAccess() {\r
- symm = Symm.obtain(this);\r
- }\r
- \r
- public JU_TestAccess(Symm symmetric) {\r
- symm = symmetric;\r
- }\r
-\r
- public void log(Level level, Object... elements) {\r
- boolean first = true;\r
- for(int i=0;i<elements.length;++i) {\r
- if(first)first = false;\r
- else System.out.print(' ');\r
- System.out.print(elements[i].toString());\r
- }\r
- System.out.println();\r
- }\r
-\r
- public void log(Exception e, Object... elements) {\r
- e.printStackTrace();\r
- log(Level.ERROR,elements);\r
- }\r
-\r
- public void setLogLevel(Level level) {\r
- \r
- }\r
-\r
- public ClassLoader classLoader() {\r
- return ClassLoader.getSystemClassLoader();\r
- }\r
-\r
- public String getProperty(String string, String def) {\r
- String rv = System.getProperty(string);\r
- return rv==null?def:rv;\r
- }\r
-\r
- public void load(InputStream is) throws IOException {\r
- \r
- }\r
-\r
- public String decrypt(String encrypted, boolean anytext) throws IOException {\r
- return (encrypted!=null && (anytext==true || encrypted.startsWith(Symm.ENC)))\r
- ? symm.depass(encrypted)\r
- : encrypted;\r
- }\r
-\r
- @Override\r
- public boolean willLog(Level level) {\r
- return true;\r
- }\r
-\r
- @Override\r
- public void printf(Level level, String fmt, Object[] elements) {\r
- // TODO Auto-generated method stub\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import java.io.IOException;\r
-\r
-import org.junit.Before;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-\r
-public class JU_NullTafRespTest {\r
-\r
- @Before\r
- public void setUp() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() throws IOException {\r
- TafResp singleton = NullTafResp.singleton();\r
- TafResp singleton1 = NullTafResp.singleton();\r
- \r
- assertEquals(singleton, singleton1);\r
- \r
- assertFalse(singleton.isValid());\r
- \r
- assertEquals(singleton.isAuthenticated(), RESP.NO_FURTHER_PROCESSING);\r
- \r
- assertEquals(singleton.desc(), "All Authentication denied");\r
- \r
- assertEquals(singleton.authenticate(), RESP.NO_FURTHER_PROCESSING);\r
- \r
- assertNull(singleton.getPrincipal());\r
- \r
- assertEquals(singleton.getAccess(), Access.NULL);\r
- \r
- assertEquals(singleton.isFailedAttempt(), true);\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-import static org.junit.Assert.assertNotSame;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.security.SecureRandom;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-\r
-\r
-public class JU_Base64 {\r
- private static final String encoding = "Man is distinguished, not only by his reason, but by this singular " +\r
- "passion from other animals, which is a lust of the mind, that by a " + \r
- "perseverance of delight in the continued and indefatigable generation of " + \r
- "knowledge, exceeds the short vehemence of any carnal pleasure.";\r
- \r
- private static final String expected = \r
- "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz\n" + \r
- "IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg\n" + \r
- "dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu\n" +\r
- "dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo\n" +\r
- "ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=";\r
-\r
-\r
- @Test\r
- public void test() throws Exception {\r
- // Test with different Padding\r
- encode("leas", "bGVhcw==");\r
- encode("leasu", "bGVhc3U=");\r
- encode("leasur", "bGVhc3Vy");\r
- encode("leasure", "bGVhc3VyZQ==");\r
- encode("leasure.","bGVhc3VyZS4=");\r
-\r
- // Test with line ends\r
- encode(encoding, expected);\r
- \r
- int ITER = 2000;\r
- System.out.println("Priming by Encoding Base64 " + ITER + " times");\r
- long start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.encode(encoding);\r
- }\r
- Float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- \r
- System.out.println("Priming by Decoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.decode(expected);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
-\r
- \r
- ITER=30000;\r
- System.out.println("Encoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.encode(encoding);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- \r
- System.out.println("Decoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.decode(expected);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- }\r
- \r
- @Test\r
- public void symmetric() throws IOException {\r
- System.out.println("Validating Generated Key mechanisms works");\r
- String symmetric = new String(Symm.base64.keygen());\r
- System.out.println(symmetric);\r
- Symm bsym = Symm.obtain(symmetric);\r
- String result = bsym.encode(encoding);\r
- System.out.println("\nResult:");\r
- System.out.println(result);\r
- assertEquals(encoding, bsym.decode(result));\r
- \r
- int ITER = 20000;\r
- System.out.println("Generating keys " + ITER + " times");\r
- long start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.keygen();\r
- }\r
- Float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
-\r
- char[] manipulate = symmetric.toCharArray();\r
- int spot = new SecureRandom().nextInt(manipulate.length);\r
- manipulate[spot]|=0xFF;\r
- String newsymmetric = new String(manipulate);\r
- assertNotSame(newsymmetric, symmetric);\r
- try {\r
- bsym = Symm.obtain(newsymmetric);\r
- result = bsym.decode(result);\r
- assertEquals(encoding, result);\r
- } catch (IOException e) {\r
- // this is what we want to see if key wrong\r
- System.out.println(e.getMessage() + " (as expected)");\r
- }\r
- }\r
-\r
- private void encode(String toEncode, String expected) throws IOException {\r
- System.out.println("-------------------------------------------------");\r
- System.out.println(toEncode);\r
- System.out.println();\r
- System.out.println(expected);\r
- System.out.println();\r
- String result = Symm.base64.encode(toEncode);\r
- System.out.println(result);\r
- assertEquals(expected,result);\r
- \r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.decode(new ByteArrayInputStream(result.getBytes()), baos);\r
- result = baos.toString(Config.UTF_8);\r
- System.out.println(result);\r
- assertEquals(toEncode,result);\r
- \r
- }\r
- \r
- @Test\r
- public void test1() throws Exception {\r
- // Test with different Padding\r
- encode("leas", "bGVhcw==");\r
- encode("leasu", "bGVhc3U=");\r
- encode("leasur", "bGVhc3Vy");\r
- encode("leasure", "bGVhc3VyZQ==");\r
- encode("leasure.","bGVhc3VyZS4=");\r
-\r
- // Test with line ends\r
- encode(encoding, expected);\r
- \r
- int ITER = 2000;\r
- System.out.println("Priming by Encoding Base64 " + ITER + " times");\r
- long start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.encode(encoding);\r
- }\r
- Float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- \r
- System.out.println("Priming by Decoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.decode(expected);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
-\r
- \r
- ITER=30000;\r
- System.out.println("Encoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.encode(encoding);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- \r
- System.out.println("Decoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.decode(expected);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- }\r
- \r
- @Test\r
- public void symmetric1() throws IOException {\r
- System.out.println("Validating Generated Key mechanisms works");\r
- String symmetric = new String(Symm.base64.keygen());\r
- System.out.println(symmetric);\r
- Symm bsym = Symm.obtain(symmetric);\r
- String result = bsym.encode(encoding);\r
- System.out.println("\nResult:");\r
- System.out.println(result);\r
- assertEquals(encoding, bsym.decode(result));\r
- \r
- int ITER = 20000;\r
- System.out.println("Generating keys " + ITER + " times");\r
- long start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.keygen();\r
- }\r
- Float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
-\r
- char[] manipulate = symmetric.toCharArray();\r
- int spot = new SecureRandom().nextInt(manipulate.length);\r
- manipulate[spot]|=0xFF;\r
- String newsymmetric = new String(manipulate);\r
- assertNotSame(newsymmetric, symmetric);\r
- try {\r
- bsym = Symm.obtain(newsymmetric);\r
- result = bsym.decode(result);\r
- assertEquals(encoding, result);\r
- } catch (IOException e) {\r
- // this is what we want to see if key wrong\r
- System.out.println(e.getMessage() + " (as expected)");\r
- }\r
- }\r
-\r
- private void encode1(String toEncode, String expected) throws IOException {\r
- System.out.println("-------------------------------------------------");\r
- System.out.println(toEncode);\r
- System.out.println();\r
- System.out.println(expected);\r
- System.out.println();\r
- String result = Symm.base64.encode(toEncode);\r
- System.out.println(result);\r
- assertEquals(expected,result);\r
- \r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.decode(new ByteArrayInputStream(result.getBytes()), baos);\r
- result = baos.toString(Config.UTF_8);\r
- System.out.println(result);\r
- assertEquals(toEncode,result);\r
- \r
- }\r
- \r
- @Test\r
- public void test2() throws Exception {\r
- // Test with different Padding\r
- encode("leas", "bGVhcw==");\r
- encode("leasu", "bGVhc3U=");\r
- encode("leasur", "bGVhc3Vy");\r
- encode("leasure", "bGVhc3VyZQ==");\r
- encode("leasure.","bGVhc3VyZS4=");\r
-\r
- // Test with line ends\r
- encode(encoding, expected);\r
- \r
- int ITER = 2000;\r
- System.out.println("Priming by Encoding Base64 " + ITER + " times");\r
- long start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.encode(encoding);\r
- }\r
- Float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- \r
- System.out.println("Priming by Decoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.decode(expected);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
-\r
- \r
- ITER=30000;\r
- System.out.println("Encoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.encode(encoding);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- \r
- System.out.println("Decoding Base64 " + ITER + " times");\r
- start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.decode(expected);\r
- }\r
- ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
- }\r
- \r
- @Test\r
- public void symmetric2() throws IOException {\r
- System.out.println("Validating Generated Key mechanisms works");\r
- String symmetric = new String(Symm.base64.keygen());\r
- System.out.println(symmetric);\r
- Symm bsym = Symm.obtain(symmetric);\r
- String result = bsym.encode(encoding);\r
- System.out.println("\nResult:");\r
- System.out.println(result);\r
- assertEquals(encoding, bsym.decode(result));\r
- \r
- int ITER = 20000;\r
- System.out.println("Generating keys " + ITER + " times");\r
- long start = System.nanoTime();\r
- for(int i=0;i<ITER;++i) {\r
- Symm.base64.keygen();\r
- }\r
- Float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/ITER + "ms");\r
-\r
- char[] manipulate = symmetric.toCharArray();\r
- int spot = new SecureRandom().nextInt(manipulate.length);\r
- manipulate[spot]|=0xFF;\r
- String newsymmetric = new String(manipulate);\r
- assertNotSame(newsymmetric, symmetric);\r
- try {\r
- bsym = Symm.obtain(newsymmetric);\r
- result = bsym.decode(result);\r
- assertEquals(encoding, result);\r
- } catch (IOException e) {\r
- // this is what we want to see if key wrong\r
- System.out.println(e.getMessage() + " (as expected)");\r
- }\r
- }\r
-\r
- private void encode2(String toEncode, String expected) throws IOException {\r
- System.out.println("-------------------------------------------------");\r
- System.out.println(toEncode);\r
- System.out.println();\r
- System.out.println(expected);\r
- System.out.println();\r
- String result = Symm.base64.encode(toEncode);\r
- System.out.println(result);\r
- assertEquals(expected,result);\r
- \r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.decode(new ByteArrayInputStream(result.getBytes()), baos);\r
- result = baos.toString(Config.UTF_8);\r
- System.out.println(result);\r
- assertEquals(toEncode,result);\r
- \r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static junit.framework.Assert.assertEquals;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.FileInputStream;\r
-import java.io.IOException;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.BufferedServletInputStream;\r
-\r
-public class JU_BufferedServletInputStream {\r
-\r
- @Test\r
- public void testByteRead() throws Exception {\r
- FileInputStream fis = new FileInputStream("test/CBUSevent.xml");\r
- BufferedServletInputStream bsis = new BufferedServletInputStream(fis);\r
- try {\r
- bsis.mark(0);\r
- int c;\r
- byte aa[] = new byte[260];\r
- for(int i=0;i<aa.length;++i) {\r
- c = bsis.read();\r
- if(c>=0) {\r
- aa[i]=(byte)c;\r
- }\r
- }\r
- System.out.println(new String(aa));\r
- \r
- bsis.reset();\r
-\r
- byte bb[] = new byte[400];\r
- for(int i=0;i<bb.length;++i) {\r
- c = bsis.read();\r
- if(c>=0) {\r
- bb[i]=(byte)c;\r
- }\r
- }\r
- System.out.println(new String(bb));\r
-\r
- } finally {\r
- bsis.close();\r
- fis.close();\r
- }\r
- }\r
- \r
- @Test\r
- public void testByteArray() throws Exception {\r
- FileInputStream fis = new FileInputStream("test/CBUSevent.xml");\r
- BufferedServletInputStream bsis = new BufferedServletInputStream(fis);\r
- try {\r
- bsis.mark(0);\r
- byte aa[] = new byte[260];\r
- bsis.read(aa);\r
- System.out.println(new String(aa));\r
- \r
- bsis.reset();\r
-\r
- byte bb[] = new byte[400];\r
- bsis.read(bb);\r
- System.out.println(new String(bb));\r
-\r
- } finally {\r
- bsis.close();\r
- fis.close();\r
- }\r
- }\r
-\r
- @Test\r
- public void testDoubleRead() throws Exception {\r
- FileInputStream fis = new FileInputStream("test/CBUSevent.xml");\r
- BufferedServletInputStream bsis = new BufferedServletInputStream(fis);\r
- try {\r
- bsis.mark(0);\r
- byte aa[] = new byte[260];\r
- bsis.read(aa);\r
- System.out.println(new String(aa));\r
- \r
- bsis.reset();\r
-\r
- byte bb[] = new byte[400];\r
- bsis.read(bb);\r
- System.out.println(new String(bb));\r
-\r
- } finally {\r
- bsis.close();\r
- fis.close();\r
- }\r
- }\r
-\r
- @Test\r
- public void testByteArray2() throws Exception {\r
- FileInputStream fis = new FileInputStream("test/CBUSevent.xml");\r
- try {\r
- BufferedServletInputStream bsis = new BufferedServletInputStream(fis);\r
- byte[] content = null;\r
- byte aa[] = new byte[500];\r
- for(int i=0;i<2000;++i) {\r
- bsis.mark(0);\r
- bsis.read(aa,0,260);\r
- if(i==0)System.out.println(new String(aa));\r
- \r
- bsis.reset();\r
- \r
- bsis.read(aa,0,aa.length);\r
- if(i==0) {\r
- System.out.println(new String(aa));\r
- content = aa;\r
- aa = new byte[400];\r
- }\r
- bsis = new BufferedServletInputStream(new ByteArrayInputStream(content));\r
- \r
- }\r
- \r
- System.out.println(new String(aa));\r
-\r
- } finally {\r
- fis.close();\r
- }\r
- }\r
-\r
- // "Bug" 4/22/2013 \r
- // Some XML code expects Buffered InputStream can never return 0... This isn't actually true, but we'll accommodate as far\r
- // as we can. \r
- // Here, we make sure we set and read the Buffered data, making sure the buffer is empty on the last test...\r
- @Test\r
- public void issue04_22_2013() throws IOException {\r
- String testString = "We want to read in and get out with a Buffered Stream seamlessly.";\r
- ByteArrayInputStream bais = new ByteArrayInputStream(testString.getBytes());\r
- BufferedServletInputStream bsis = new BufferedServletInputStream(bais);\r
- try {\r
- bsis.mark(0);\r
- byte aa[] = new byte[testString.length()]; // 65 count... important for our test (divisible by 5);\r
-\r
- int read;\r
- for(int i=0;i<aa.length;i+=5) {\r
- read = bsis.read(aa, i, 5);\r
- assertEquals(5,read);\r
- }\r
- System.out.println(new String(aa));\r
- \r
- bsis.reset();\r
-\r
- byte bb[] = new byte[aa.length];\r
- read = 0;\r
- for(int i=0;read>=0;i+=read) {\r
- read = bsis.read(bb,i,5);\r
- switch(i) {\r
- case 65:\r
- assertEquals(read,-1);\r
- break;\r
- default:\r
- assertEquals(read,5);\r
- }\r
- }\r
- System.out.println(new String(bb));\r
- assertEquals(testString,new String(aa));\r
- assertEquals(testString,new String(bb));\r
-\r
- } finally {\r
- bsis.close();\r
- bais.close();\r
- }\r
- \r
- }\r
- \r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static junit.framework.Assert.assertEquals;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.Capacitor;\r
-\r
-public class JU_Capacitor {\r
- @Test\r
- public void testA() {\r
- Capacitor cap = new Capacitor();\r
- \r
- for(int iter=0;iter<200;++iter) {\r
- for(int i=0;i<20;++i) {\r
- cap.put((byte)('a'+i));\r
- }\r
- cap.setForRead();\r
- byte[] array = new byte[20];\r
- for(int i=0;i<20;++i) {\r
- array[i]=(byte)cap.read();\r
- }\r
- assertEquals("abcdefghijklmnopqrst",new String(array));\r
- assertEquals(-1,cap.read());\r
- cap.done();\r
- }\r
- }\r
-\r
- public final static String TEST_DATA = \r
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +\r
- "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" +\r
- "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc" +\r
- "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd" +\r
- "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" +\r
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff";\r
- @Test\r
- public void testB() {\r
- Capacitor cap = new Capacitor();\r
- byte[] arrayA = TEST_DATA.getBytes();\r
- System.out.println(arrayA.length);\r
- for(int iter=0;iter<200;++iter) {\r
- for(int i=0;i<arrayA.length;++i) {\r
- cap.put(arrayA[i]);\r
- }\r
- cap.setForRead();\r
- assertEquals(TEST_DATA.length(),cap.available());\r
- byte[] arrayB = new byte[arrayA.length];\r
- for(int i=0;i<arrayB.length;++i) {\r
- arrayB[i]=(byte)cap.read();\r
- }\r
- assertEquals(TEST_DATA,new String(arrayB));\r
- assertEquals(-1,cap.read());\r
- cap.done();\r
- }\r
- }\r
-\r
- @Test\r
- public void testC() {\r
- Capacitor cap = new Capacitor();\r
- byte[] arrayA = TEST_DATA.getBytes();\r
- System.out.println(arrayA.length);\r
- for(int iter=0;iter<200;++iter) {\r
- cap.put(arrayA,0,arrayA.length);\r
- cap.setForRead();\r
- assertEquals(TEST_DATA.length(),cap.available());\r
- byte[] arrayB = new byte[arrayA.length];\r
- assertEquals(arrayA.length,cap.read(arrayB,0,arrayB.length));\r
- assertEquals(TEST_DATA,new String(arrayB));\r
- assertEquals(-1,cap.read());\r
- cap.done();\r
- }\r
- }\r
-\r
- \r
- @Test\r
- public void testD() {\r
- StringBuffer sb = new StringBuffer();\r
- for(int i=0;i<300;++i) {\r
- sb.append(TEST_DATA);\r
- sb.append("###FILLER##");\r
- }\r
- String td = sb.toString();\r
- Capacitor cap = new Capacitor();\r
- byte[] arrayA = td.getBytes();\r
- System.out.println(arrayA.length);\r
- for(int iter=0;iter<200;++iter) {\r
- cap.put(arrayA,0,arrayA.length);\r
- cap.setForRead();\r
- assertEquals(td.length(),cap.available());\r
- byte[] arrayB = new byte[arrayA.length];\r
- assertEquals(arrayA.length,cap.read(arrayB,0,arrayB.length));\r
- assertEquals(td,new String(arrayB));\r
- assertEquals(-1,cap.read());\r
- cap.done();\r
- }\r
- }\r
-\r
- @Test\r
- public void testE() {\r
- Capacitor cap = new Capacitor();\r
- \r
- String b = "This is some content that we want to read";\r
- byte[] a = b.getBytes();\r
- byte[] c = new byte[b.length()]; // we want to use this to test reading offsets, etc\r
-\r
- for(int i=0;i<a.length;i+=11) {\r
- cap.put(a, i, Math.min(11,a.length-i));\r
- }\r
- cap.reset();\r
- int read;\r
- for(int i=0;i<c.length;i+=read) {\r
- read = cap.read(c, i, Math.min(3,c.length-i));\r
- if(read<0) break;\r
- }\r
- \r
- assertEquals(b, new String(c));\r
- \r
- \r
- }\r
- \r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Hash;\r
-\r
-import junit.framework.Assert;\r
-\r
-public class JU_Hash {\r
-\r
- @Test\r
- public void test() throws CadiException {\r
- String init = "m82347@csp.att.com:kumquat8rie@#Tomatos3";\r
- String hashed = Hash.toHex(init.getBytes());\r
- System.out.println(hashed);\r
- byte[] ba = Hash.fromHex(hashed);\r
- String recon = new String(ba);\r
- System.out.println(recon);\r
- Assert.assertEquals(init, recon);\r
- \r
- init =hashed.substring(1);\r
- try {\r
- hashed = Hash.fromHex(init).toString();\r
- Assert.fail("Should have thrown Exception");\r
- } catch (CadiException e) {\r
- \r
- }\r
- \r
- init = hashed.replace('1', '~');\r
- try {\r
- hashed = Hash.fromHex(init).toString();\r
- Assert.fail("Should have thrown Exception");\r
- } catch (CadiException e) {\r
- \r
- }\r
- }\r
-\r
- @Test\r
- public void test1() throws CadiException {\r
- String init = "m8234337@csp.att.com:kumquat8rie@#Tomatos3";\r
- String hashed = Hash.toHex(init.getBytes());\r
- System.out.println(hashed);\r
- byte[] ba = Hash.fromHex(hashed);\r
- String recon = new String(ba);\r
- System.out.println(recon);\r
- Assert.assertEquals(init, recon);\r
- \r
- init =hashed.substring(1);\r
- try {\r
- hashed = Hash.fromHex(init).toString();\r
- Assert.fail("Should have thrown Exception");\r
- } catch (CadiException e) {\r
- \r
- }\r
- \r
- init = hashed.replace('1', '~');\r
- try {\r
- hashed = Hash.fromHex(init).toString();\r
- Assert.fail("Should have thrown Exception");\r
- } catch (CadiException e) {\r
- \r
- }\r
- }\r
-\r
- \r
- @Test\r
- public void test2() throws CadiException {\r
- String init = "m823475@csp.att.com:kumquat8rie@#Tomatos3";\r
- String hashed = Hash.toHex(init.getBytes());\r
- System.out.println(hashed);\r
- byte[] ba = Hash.fromHex(hashed);\r
- String recon = new String(ba);\r
- System.out.println(recon);\r
- Assert.assertEquals(init, recon);\r
- \r
- init =hashed.substring(1);\r
- try {\r
- hashed = Hash.fromHex(init).toString();\r
- Assert.fail("Should have thrown Exception");\r
- } catch (CadiException e) {\r
- \r
- }\r
- \r
- init = hashed.replace('1', '~');\r
- try {\r
- hashed = Hash.fromHex(init).toString();\r
- Assert.fail("Should have thrown Exception");\r
- } catch (CadiException e) {\r
- \r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.CmdLine;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import junit.framework.Assert;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.CmdLine;\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import junit.framework.Assert;\r
-\r
-public class JU_Passcode {\r
- @Test\r
- public void test() throws Exception {\r
- int iterations = 0;\r
- long start = System.nanoTime();\r
- int gens= 800, en_de=2000;\r
- for(int j=0;j<gens;++j) {\r
- CmdLine.main(new String[] {"keygen","tempkey"});\r
- \r
- Symm symm;\r
- File fi = new File("tempkey");\r
- Assert.assertEquals(2074, fi.length());\r
- FileInputStream fis = new FileInputStream(fi);\r
- \r
- try {\r
- symm = Symm.obtain(fis);\r
- } finally {\r
- fis.close();\r
- fi.delete();\r
- }\r
- String samples[] = {"activevos","ThisIsATestPassword","I have spaces","I have 's, /s and &s and _s"};\r
- ByteArrayOutputStream baos;\r
- for(int i=0;i<en_de;++i) {\r
- String password = samples[i%samples.length];\r
- baos = new ByteArrayOutputStream();\r
- symm.enpass(password, baos);\r
- String pass = baos.toString();\r
- byte[] array = baos.toByteArray();\r
- for(int k=0;k<array.length;++k) {\r
- byte ch = array[k];\r
-// for(int k=0;k<pass.length();++k) {\r
-// char ch = pass.charAt(k);\r
- if(!(Character.isLetter(ch) || Character.isDigit(ch) || ch=='-' || ch=='_' || ch=='=')) {\r
- throw new Exception("Yikes, have a bad character..." + ch + '(' + (int)ch + ')');\r
- }\r
- }\r
- baos = new ByteArrayOutputStream();\r
- symm.depass(pass, baos);\r
- Assert.assertEquals(password,baos.toString());\r
- Assert.assertEquals(password,symm.depass(pass));\r
- ++iterations;\r
- }\r
- symm.enpass("activevos", System.out);\r
- System.out.println();\r
- }\r
- float ms = (System.nanoTime()-start)/1000000F;\r
- System.out.println("Ran " + iterations + " Encrypt/Decrypt cycles + " + gens + " keygens");\r
-\r
- System.out.println("Total: " + ms + "ms");\r
- System.out.println("Avg: " + ms/iterations + "ms");\r
- System.out.println("Avg Gen + " + en_de + " Encrypt/Decrypt cycles: " + ms/gens + "ms");\r
-\r
-\r
- }\r
- \r
- @AfterClass\r
- public static void tearDown() {\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-import java.net.InetAddress;\r
-import java.net.UnknownHostException;\r
-\r
-/**\r
- * A Class to run on command line to determine suitability of environment for certain TAFs.\r
- * \r
- * For instance, CSP supports services only in certain domains, and while dynamic host\r
- * lookups on the machine work in most cases, sometimes, names and IPs are unexpected (and\r
- * invalid) for CSP because of multiple NetworkInterfaces, etc\r
- * \r
- *\r
- */\r
-public class JU_Test {\r
-\r
- /**\r
- * @param args\r
- */\r
- public static void main(String[] args) {\r
- try {\r
- System.out.println("CADI/TAF test");\r
- \r
- String hostName = InetAddress.getLocalHost().getCanonicalHostName();\r
- \r
- System.out.println(" Your automatic hostname is reported as \"" + hostName + "\"\n");\r
- String[] two;\r
-\r
- for(String str : args) {\r
- two = str.split("=");\r
- if(two.length==2) {\r
- if("hostname".equals(two[0])) {\r
- hostName = two[1];\r
- System.out.println(" You have overlaid the automatic hostname with \"" + hostName + "\"\n");\r
- }\r
- }\r
- }\r
- if(hostName.endsWith("vpn.cingular.net"))\r
- System.out.println(" This service appears to be an AT&T VPN address. These VPNs are typically\n" +\r
- " (and appropriately) firewalled against incoming traffic, and likely cannot be accessed.\n" +\r
- " For best results, choose a machine that is not firewalled on the ports you choose.\n");\r
- \r
- } catch (UnknownHostException e) {\r
- e.printStackTrace();\r
- }\r
-\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static org.junit.Assert.*;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.util.UserChainManip;\r
-\r
-public class JU_UserChainManip {\r
-\r
- @Test\r
- public void test() {\r
- assertEquals("",UserChainManip.idToNS(null));\r
- assertEquals("",UserChainManip.idToNS(""));\r
- assertEquals("",UserChainManip.idToNS("something"));\r
- assertEquals("",UserChainManip.idToNS("something@@"));\r
- assertEquals("",UserChainManip.idToNS("something@@."));\r
- assertEquals("com",UserChainManip.idToNS("something@com"));\r
- assertEquals("com.random",UserChainManip.idToNS("something@random.com"));\r
- assertEquals("com.random",UserChainManip.idToNS("@random.com"));\r
- assertEquals("com.random",UserChainManip.idToNS("something@random.com."));\r
- assertEquals("com.random",UserChainManip.idToNS("something@..random...com..."));\r
- assertEquals("com.random.this",UserChainManip.idToNS("something@this.random.com"));\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.test;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import org.junit.AfterClass;\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.util.Vars;\r
-\r
-public class JU_Vars {\r
-\r
- @AfterClass\r
- public static void tearDownAfterClass() throws Exception {\r
- }\r
-\r
- @Test\r
- public void test() {\r
- StringBuilder holder = new StringBuilder();\r
- String str,bstr;\r
- assertEquals(str = "set %1 to %2",Vars.convert(holder,str, "a","b"));\r
- assertEquals("set a to b",holder.toString());\r
- assertEquals(str,Vars.convert(null,str, "a","b"));\r
- holder.setLength(0);\r
- assertEquals(str,Vars.convert(holder,bstr="set %s to %s", "a","b"));\r
- assertEquals("set a to b",holder.toString());\r
- assertEquals(str,Vars.convert(null,bstr, "a","b"));\r
- \r
- holder.setLength(0);\r
- assertEquals(str = "%1=%2",Vars.convert(holder,str, "a","b"));\r
- assertEquals("a=b",holder.toString());\r
- assertEquals(str,Vars.convert(null,str, "a","b"));\r
- holder.setLength(0);\r
- assertEquals(str,Vars.convert(holder,bstr="%s=%s", "a","b"));\r
- assertEquals("a=b",holder.toString());\r
- assertEquals(str,Vars.convert(null,bstr, "a","b"));\r
- \r
- holder.setLength(0);\r
- assertEquals(str = "%1%2",Vars.convert(holder,str, "a","b"));\r
- assertEquals("ab",holder.toString());\r
- assertEquals(str ,Vars.convert(null,str, "a","b"));\r
- holder.setLength(0);\r
- assertEquals(str,Vars.convert(holder,bstr="%s%s", "a","b"));\r
- assertEquals("ab",holder.toString());\r
- assertEquals(str ,Vars.convert(null,bstr, "a","b"));\r
-\r
-\r
- holder.setLength(0);\r
- assertEquals(str = " %1=%2 ",Vars.convert(holder,str, "a","b"));\r
- assertEquals(" a=b ",holder.toString());\r
- assertEquals(str ,Vars.convert(null,str, "a","b"));\r
- holder.setLength(0);\r
- assertEquals(str,Vars.convert(holder,bstr = " %s=%s ", "a","b"));\r
- assertEquals(" a=b ",holder.toString());\r
- assertEquals(str ,Vars.convert(null,bstr, "a","b"));\r
-\r
- holder.setLength(0);\r
- assertEquals(str = " %1%2%10 ",Vars.convert(holder,str, "a","b","c","d","e","f","g","h","i","j"));\r
- assertEquals(" abj ",holder.toString());\r
- assertEquals(str,Vars.convert(null,str, "a","b","c","d","e","f","g","h","i","j"));\r
- holder.setLength(0);\r
- assertEquals(str=" %1%2%3 ",Vars.convert(holder,bstr = " %s%s%s ", "a","b","c","d","e","f","g","h","i","j"));\r
- assertEquals(" abc ",holder.toString());\r
- assertEquals(str,Vars.convert(null,bstr, "a","b","c","d","e","f","g","h","i","j"));\r
- \r
-\r
- holder.setLength(0);\r
- assertEquals(str = "set %1 to %2",Vars.convert(holder,str, "Something much","larger"));\r
- assertEquals("set Something much to larger",holder.toString());\r
- assertEquals(str,Vars.convert(null,str,"Something much","larger"));\r
- holder.setLength(0);\r
- assertEquals(str,Vars.convert(holder,bstr="set %s to %s", "Something much","larger"));\r
- assertEquals("set Something much to larger",holder.toString());\r
- assertEquals(str,Vars.convert(null,bstr, "Something much","larger"));\r
-\r
- holder.setLength(0);\r
- assertEquals(str = "Text without Vars",Vars.convert(holder,str));\r
- assertEquals(str,holder.toString());\r
- assertEquals(str = "Text without Vars",Vars.convert(null,str));\r
- \r
- \r
- holder.setLength(0);\r
- assertEquals(str = "Not %1 Enough %2 Vars %3",Vars.convert(holder,str, "a","b"));\r
- assertEquals("Not a Enough b Vars ",holder.toString());\r
- assertEquals(str ,Vars.convert(null,str, "a","b"));\r
- holder.setLength(0);\r
- assertEquals(str,Vars.convert(holder,bstr="Not %s Enough %s Vars %s", "a","b"));\r
- assertEquals("Not a Enough b Vars ",holder.toString());\r
- assertEquals(str ,Vars.convert(null,bstr, "a","b"));\r
-\r
- holder.setLength(0);\r
- assertEquals(str = "!@#$%^*()-+?/,:;.",Vars.convert(holder,str, "a","b"));\r
- assertEquals(str,holder.toString());\r
- assertEquals(str ,Vars.convert(null,str, "a","b"));\r
-\r
- holder.setLength(0);\r
- bstr = "%s !@#$%^*()-+?/,:;.";\r
- str = "%1 !@#$%^*()-+?/,:;.";\r
- assertEquals(str,Vars.convert(holder,bstr, "Not Acceptable"));\r
- assertEquals("Not Acceptable !@#$%^*()-+?/,:;.",holder.toString());\r
- assertEquals(str ,Vars.convert(null,bstr, "Not Acceptable"));\r
-\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import org.junit.Test;\r
-\r
-public class JU_NetMask {\r
-\r
- @Test\r
- public void deriveTest() {\r
- String test = "test";\r
- assertEquals(NetMask.derive(test.getBytes()), 0);\r
- }\r
-\r
- @Test\r
- public void deriveTest2() {\r
- String test = "1.2.3.4";\r
- assertEquals(NetMask.derive(test.getBytes()), 0);\r
- }\r
- \r
- @Test\r
- public void deriveTest3() {\r
- String test = "1.2.4";\r
- assertEquals(NetMask.derive(test.getBytes()), 0);\r
- }\r
- \r
- @Test\r
- public void deriveTest4() {\r
- String test = "1.3.4";\r
- assertEquals(NetMask.derive(test.getBytes()), 0);\r
- }\r
- \r
- @Test\r
- public void deriveTest5() {\r
- String test = "2.3.4";\r
- assertEquals(NetMask.derive(test.getBytes()), 0);\r
- }\r
- \r
- @Test\r
- public void deriveTest6() {\r
- String test = "3.4";\r
- assertEquals(NetMask.derive(test.getBytes()), 0);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import org.junit.Test;\r
-\r
-public class JU_Split {\r
-\r
- @Test\r
- public void split() {\r
- assertEquals(Split.split('c', "testctc").length,3);\r
- }\r
- \r
- @Test\r
- public void splitTrim() {\r
- assertEquals(Split.splitTrim('c', "testctc").length,3);\r
- }\r
- \r
- @Test\r
- public void splitTrimWithSize() {\r
- assertEquals(Split.splitTrim('c', "testcctc",2).length,2);\r
- }\r
-\r
- @Test\r
- public void splitTrim1() {\r
- assertEquals(Split.splitTrim('c', "testctc").length,3);\r
- }\r
- \r
- @Test\r
- public void splitTrimWithSize1() {\r
- assertEquals(Split.splitTrim('c', "testcctc",2).length,2);\r
- }\r
- \r
- @Test\r
- public void splitTrim2() {\r
- assertEquals(Split.splitTrim('c', "testctc").length,3);\r
- }\r
- \r
- @Test\r
- public void splitTrimWithSize2() {\r
- assertEquals(Split.splitTrim('c', "testcctc",2).length,2);\r
- }\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import org.junit.Test;\r
-\r
-public class JU_TheConsole {\r
- \r
- @Test\r
- public void implemented(){\r
- assertEquals(TheConsole.implemented(),false);\r
- }\r
- \r
-\r
- }\r
- \r
+++ /dev/null
-/*******************************************************************************\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.UserChain;\r
-\r
-public class JU_UserChainManip {\r
-\r
- @Test\r
- public void build(){\r
- UserChain.Protocol baseAuth=UserChain.Protocol.BasicAuth;\r
- assertEquals(UserChainManip.build(new StringBuilder(""), "app", "id", baseAuth, true).toString(), "app:id:BasicAuth:AS");\r
- }\r
- \r
-\r
- @Test\r
- public void idToNS(){\r
- assertEquals(UserChainManip.idToNS(null), "");\r
- }\r
- \r
- @Test\r
- public void idToNS1(){\r
- assertEquals(UserChainManip.idToNS("t@st"), "st");\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.util;\r
-\r
-import static org.junit.Assert.assertEquals;\r
-\r
-import java.util.ArrayList;\r
-import java.util.List;\r
-\r
-import org.junit.Test;\r
-\r
-public class JU_Vars {\r
-\r
- @Test\r
- public void convert() {\r
- String test = "test";\r
- List<String> list = new ArrayList<String>();\r
- list.add("method");\r
- assertEquals(Vars.convert(test, list), test);\r
- }\r
-\r
- @Test\r
- public void convertTest1() {\r
- String test = "te%t";\r
- List<String> list = new ArrayList<String>();\r
- list.add("method");\r
- assertEquals(Vars.convert("test", list), "test");\r
- }\r
-\r
- @Test\r
- public void convertTest2() {\r
- String test = "te%s%t";\r
- List<String> list = new ArrayList<String>();\r
- list.add("method");\r
- assertEquals(Vars.convert("test", list), "test");\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse.test;\r
-\r
-import static junit.framework.Assert.assertEquals;\r
-import static junit.framework.Assert.assertNotNull;\r
-import static junit.framework.Assert.assertNull;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-\r
-import javax.xml.stream.XMLStreamException;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.BasicCred;\r
-import org.onap.aaf.cadi.BufferedServletInputStream;\r
-import org.onap.aaf.cadi.wsse.WSSEParser;\r
-\r
-public class JU_WSSE_Read {\r
-\r
- @Test\r
- public void test() {\r
- try {\r
- final BasicCred bc = new BasicCred() {\r
-\r
- private String user;\r
- private byte[] password;\r
-\r
- public void setUser(String user) {\r
- this.user = user;\r
- }\r
-\r
- public void setCred(byte[] passwd) {\r
- this.password = passwd;\r
- }\r
-\r
- public String getUser() {\r
- return user;\r
- }\r
-\r
- public byte[] getCred() {\r
- return password;\r
- }\r
- };\r
-\r
- WSSEParser wp = new WSSEParser();\r
-\r
- FileInputStream fis;\r
- fis = new FileInputStream("test/example.xml");\r
- BufferedServletInputStream is = new BufferedServletInputStream(fis);\r
- try {\r
- is.mark(1536);\r
- try {\r
- assertNull(wp.parse(bc, is));\r
- } finally {\r
- is.reset();\r
- assertEquals(814,is.buffered());\r
- }\r
- String password = new String(bc.getCred());\r
- System.out.println("CadiWrap credentials are: " + bc.getUser() + ", " + password);\r
- assertEquals("some_user", bc.getUser());\r
- assertEquals("some_password", password);\r
- \r
- } finally {\r
- fis.close();\r
- }\r
-\r
- // CBUS (larger)\r
- fis = new FileInputStream("test/CBUSevent.xml");\r
- is = new BufferedServletInputStream(fis);\r
- try {\r
- is.mark(1536);\r
- try {\r
- assertNull(wp.parse(bc, is));\r
- } finally {\r
- is.reset();\r
- assertEquals(667,is.buffered());\r
- }\r
- String password = new String(bc.getCred());\r
- System.out.println("CadiWrap credentials are: " + bc.getUser() + ", " + password);\r
- assertEquals("none", bc.getUser());\r
- assertEquals("none", password);\r
- \r
- } finally {\r
- fis.close();\r
- }\r
-\r
- // Closed Stream\r
- fis = new FileInputStream("test/example.xml");\r
- fis.close();\r
- bc.setCred(null);\r
- bc.setUser(null);\r
- XMLStreamException ex = wp.parse(bc, fis);\r
- assertNotNull(ex);\r
- assertNull(bc.getUser());\r
- assertNull(bc.getCred());\r
-\r
-\r
- fis = new FileInputStream("test/exampleNoSecurity.xml");\r
- try {\r
- bc.setCred(null);\r
- bc.setUser(null);\r
- assertNull(wp.parse(bc, fis));\r
- assertNull(bc.getUser());\r
- assertNull(bc.getCred());\r
- } finally {\r
- fis.close();\r
- }\r
-\r
- fis = new FileInputStream("test/exampleBad1.xml");\r
- try {\r
- bc.setCred(null);\r
- bc.setUser(null);\r
- assertNull(wp.parse(bc, fis));\r
- assertNull(bc.getUser());\r
- assertNull(bc.getCred());\r
- } finally {\r
- fis.close();\r
- }\r
-\r
- XMLStreamException e = wp.parse(bc, new ByteArrayInputStream("Not XML".getBytes())); // empty\r
- assertNotNull(e);\r
-\r
- e = wp.parse(bc, new ByteArrayInputStream("".getBytes())); // empty\r
- assertNotNull(e);\r
- \r
- \r
- long start, count = 0L;\r
- int iter = 30000;\r
- File f = new File("test/CBUSevent.xml");\r
- fis = new FileInputStream(f);\r
- is = new BufferedServletInputStream(fis);\r
- is.mark(0);\r
- try {\r
- while(is.read()>=0);\r
- } finally {\r
- fis.close();\r
- }\r
-\r
- for(int i=0;i<iter;++i) {\r
- start = System.nanoTime();\r
- is.reset();\r
- try {\r
- assertNull(wp.parse(bc, is));\r
- } finally {\r
- count += System.nanoTime()-start;\r
- }\r
- }\r
- float ms = count/1000000f;\r
- System.out.println("Executed " + iter + " WSSE reads from Memory Stream in " + ms + "ms. " + ms/iter + "ms per trans");\r
- \r
- // SPECIFIC ISSUES\r
- \r
- fis = new FileInputStream("test/error2013_04_23.xml");\r
- try {\r
- bc.setCred(null);\r
- bc.setUser(null);\r
- assertNull(wp.parse(bc, fis));\r
- assertNull(bc.getUser());\r
- assertNull(bc.getCred());\r
- } finally {\r
- fis.close();\r
- }\r
- } catch(Exception e) {\r
- e.printStackTrace(System.err);\r
- }\r
- }\r
-\r
-}\r
+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.wsse.test;\r
-\r
-import java.io.FileInputStream;\r
-\r
-import javax.xml.stream.events.XMLEvent;\r
-\r
-import org.junit.Test;\r
-import org.onap.aaf.cadi.wsse.XEvent;\r
-import org.onap.aaf.cadi.wsse.XReader;\r
-\r
-public class JU_XReader {\r
- @Test\r
- public void test() throws Exception {\r
- FileInputStream fis = new FileInputStream("test/CBUSevent.xml");\r
- try {\r
- XReader xr = new XReader(fis);\r
- while(xr.hasNext()) {\r
- XEvent xe = xr.nextEvent();\r
- switch(xe.getEventType()) {\r
- case XMLEvent.START_DOCUMENT:\r
- System.out.println("Start Document");\r
- break;\r
- case XMLEvent.START_ELEMENT:\r
- System.out.println("Start Event: " + xe.asStartElement().getName());\r
- break;\r
- case XMLEvent.END_ELEMENT:\r
- System.out.println("End Event: " + xe.asEndElement().getName());\r
- break;\r
- case XMLEvent.CHARACTERS:\r
- System.out.println("Characters: " + xe.asCharacters().getData());\r
- break;\r
- case XMLEvent.COMMENT:\r
- System.out.println("Comment: " + ((XEvent.Comment)xe).value);\r
- break;\r
- }\r
- }\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- }\r
-\r
-}\r
+++ /dev/null
-xteeS5pA6m4SW2fMANEeF__VDm3F2wlUqyeUKDKxlSFiS_ICs0Eg7Xeqj3WqbgRqOisc1hLIbyk3\r
-2bal9qYwT59VxcZy-vrS3ytf0uu5gWwxGfo2-ut3CQTBfwVOj88RMdiyM13-dxJGOdQxT9_Czc9A\r
-it4edvcVQOTeazJ9JJ0KtO5tvsdihsaYYOVbMbMWPTzyDKY2KE7iMmPaqeGPLvxZSVvjQzjU8qMp\r
-OwzllAhRXZd0DWOullSotpt8P2VKcbnoKVA2SQvLTt5Zd9TziaaCMP88-fJQUhXvWhUPG_ZdH2R1\r
-MVyS0WrnBN6rY2h_aTiUswYZ6GGTDa_7O4AQixNR02NAbn7718Mw3bbe12d6nJZ2uYqMb9Hl1bzO\r
--mZbJ_TUVAIUBgOb7XjScIS12JLlUuf-kIlQjfT2kfAzSuwcYHUZmB_jAfdZBjyhqVj4x7N47wb1\r
-7GbBBbECLAPMk9633_3HzadqZu6J3TmfmW2IYR9kqEF1NwfaXgJAL4I43YDSo2XyD-i9MUb3diYd\r
-LVElQP8gwMh2gbfRe_7BU49_HdbCk4n6BNgT0Z0EgtnMAA0ZZWmBTJTz5BlC0lXL-7NAWyOw1vRs\r
-ovjqc46zpQq8LYtJ2Vg5WwfpqBpyXqCdp9QYTNtN0GVB4iPBvaWRsQoZKzEESHavxKbGX2_Z7h2Q\r
-k03Okhl4Ud3MduR6pyxfxVqAdFu3xr2tEIcv_FjyD-5XiTfKcWPw-Srwy-_YiTy_io4nu2swC8Xm\r
-TsNcWtebM0W80L1nw0MwHFFIoAMBrHUjHxIrZL5JWZyaGxUdtnbKKlkVR1kDC8_pHrevwIijAEyi\r
-NnwDYaMw7tZo6f06J3yPVCVzVLLXFCCTkvdJAFBhaZI600mf7UZP2BMqomYVROoQNZDAO_GzP1sX\r
-_B4oebfYPkLk3fBkHasHPDZNy-oNHDEw8ytMXlMhyKX7UHUy28E8zpZWoRMmGPnzOSwp3P-Q08DP\r
-ja05l6vgvGtzuWNUKcFjSTdqx73JJJ1-QrZZlTd0N1gYqhRyh8YssGDYXEHh5zKuF6vNTinJwGLY\r
-P5NnOSBCbm9rcPcZGtZYer-uNUY9Z_rscfxiVork1SfnG25FwxCRkc_Nf47THAVM9T7m9Ou_g2N8\r
-eethvrQxDxEi_DVRBTJYe_9iUOec4KQY7VGhTiFbfvDPRB8yF7Znu5UPJXIeOjvcf9gi8lSwTTRx\r
-sqRpB3D5SJUSnBGzOCUvYRBbGP0olaVYyVXLcDknRTKbwkIf0tKAEFRDkvkXdlJnQ4lldFHuuHO9\r
-G7_iqEjCCNncdtLZMwe6LPe1usfJmnl3x95wkpVQdAKl7QoP5fMR2XoXwQbSO2qwIdgBwq9Zm6FW\r
-wRPStR0pS2ICjHusgmLPsdf2pVZ8q0fqjjzF4Ch7MfOWjhRsK9fCvVDXlrEOACTt7o0roXuswxKT\r
-EEbibkLsEAQOfOCYa66G37yQKRNnR8PWeRLAaZGF8ewfqF0c2KBAQuLYFlE8OthP_vFDKfVT2zMX\r
-BfneXOJNY2kZTEJA4MQOC4_Y1JJ7NJc1zqJRuPD8Ifo4oE1Qo2FE-mjm2G_Zb4XsmBEdWsiSAYum\r
-2DiGm5Io7OXQXv2zOKsBvcoG-24A4M3kTxhEH16sueTKY_DqOjjxkcVIUX_PM7TGkeRU9cnJ2sDH\r
-Y749blu8BWrRKSRiksxwwNAGW_IdElVVGd89gyGGRzZ2I4h-FXf9EBS1sqo-F_hOq_O3KOoMDFWK\r
-gdc4XIqeqmjwVTSpkKyxSCFYQW-aPBuTSdJYmPZRQQlCXwkm7SHbLRBKM4h62koA8A3hpzda3qnZ\r
-w_Wyb8u42yZpqNuUjUUOb4JApmOVCXIe4P9yfhiTbYRvGX50XjPIHBKjAzXhKLGaBaugBYhaGpXf\r
-kFjvsEF-4PrtQWORKudvlk8D7DnhxqgJdG0GoZAETBTCq_m1trg2TJ2WyAMidFUOWrgGPpshFq1F\r
-Nu7buFG6nsOsg4sfLmSm2oYhVb0TmEbBGRr_Apkg6nVJzX7DE_Rvt2slZDoIrXeKSbIJ_i5Y
\ No newline at end of file
+++ /dev/null
-<!--\r
- ============LICENSE_START====================================================\r
- * org.onap.aaf\r
- * ===========================================================================\r
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * ===========================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ============LICENSE_END====================================================\r
- *\r
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- *\r
--->\r
-<assembly>\r
- <id>app</id>\r
- <formats>\r
- <format>jar</format>\r
- </formats>\r
- <includeBaseDirectory>false</includeBaseDirectory>\r
- <dependencySets>\r
- <dependencySet>\r
- <outputDirectory></outputDirectory>\r
- <outputFileNameMapping></outputFileNameMapping>\r
- <unpack>true</unpack>\r
- <scope>runtime</scope>\r
- <!-- includes>\r
- <include>web</include>\r
- </includes -->\r
- </dependencySet>\r
- </dependencySets>\r
- <fileSets>\r
- <fileSet>\r
- <directory>target/classes</directory>\r
- <outputDirectory></outputDirectory>\r
- </fileSet>\r
- </fileSets>\r
-</assembly>\r
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START====================================================\r
-# * org.onap.aaf\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# * \r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# * \r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-###############################################################################\r
-# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.\r
-###############################################################################\r
-# This is a normal Java Properties File\r
-# Comments are with Pound Signs at beginning of lines,\r
-# and multi-line expression of properties can be obtained by backslash at end of line\r
-\r
-# Certain machines have several possible machine names, and\r
-# the right one may not be reported. This is especially\r
-# important for CSP Authorization, which will only \r
-# function on official AT&T domains.\r
-hostname=veeger.mo.sbc.com \r
-\r
-port=2533\r
-\r
-# CSP has Production mode (active users) or DEVL mode (for \r
-# Testing purposes... Bogus users)\r
-#csp_domain=DEVL\r
-csp_domain=PROD\r
-\r
-# Report all AUTHN and AUTHZ activity\r
-loglevel=AUDIT\r
-\r
-#\r
-# BasicAuth and other User/Password support\r
-#\r
-# The realm reported on BasicAuth callbacks\r
-basic_realm=spiderman.agile.att.com\r
-users=ks%xiVUs_25_1jqGdJ24hqy43Gi;\r
-groups=aaf:Jd8bb3jslg88b@spiderman.agile.att.com%7sZCPBZ_8iWbslqdjWFIDLgTZlm9ung0ym-G,\\r
- jg1555,lg2384,rd8227,tp007s,pe3617;\r
- \r
-\r
-# Keyfile (with relative path) for encryption. This file\r
-# should be marked as ReadOnly by Only the running process\r
-# for security's sake\r
-keyfile=conf/keyfile\r
+++ /dev/null
-9zgJxUXT1CrzC_A2Z0PdKi3n9l6zmErB26ZlSXCCyloxi3bGqD3lNHC3aFHfgC8-ZwNMuLBM93WY
-JV4sEacNodHGjgmAqSVyMHiPTEP4XRrydfjXAvaBIERcU1Yvu4pa4Mq25RXLHt8tIAnToFVbq82n
-bjkfdcv2-shgwkEvRiNIdK5TITO8JTvTRWND5MqXc9gnCKkR6Rl5dU5QGIB2SxWOPCvKBBWeUGRO
-bSinrjkI-iXabuLOYUaGo6FI_XAU5S9WxvfrDVpBijUAGJW8QZe1oBIo5QmQlx6ONB4ohjEu89ZZ
-gTee22MvSNUvaT8IGbj_Zt_TyuCqcdmkVahWp5ffeK2J3bmHActAC2IxXD4yV-sFLB7PW7I8KMA7
-tML3Lcy9ozmYa2E8N8B9uQ0zMHz_TVpPvj5xkVF4_FEKOTD1mkf-JYC1CyzwJS2YWWxO6fqsxIjD
-1qB4OJudv4RK6hSxdVrNxc_wchVAGXVD6ulm8UPBGP_wpfItP8BGYwCHlOjUrZofewKB2Aa9Uk9m
-oyk309WmPVBeRzZ0vRlXUp8jhKlAPISvv8CBbG-6SuXAszY2qedgd3huYKNreVN-xMZM2hnYbEUW
-0sdcqpFqIV039Awfwjn5sZPFW4iT3yWhxib1PwFzwfaXnrwgwbLAda68mRDAWCrsDRu11IiQJqb7
-cjNLYBOGDVhX7jeUyBJUzW-xhl__DsoCZSqP39vFoPtglXHlQNtVqQ8d96mu_QMY5bcuhevI4RQ_
-SD7WcRyAiUztiC4Eb6BYwld0RITdB1-Y43jkZlfA8Ej5Zw8sX_-2J2hKdDPT4KrTYWA5T6wiIJK9
-lxIc39wGHpxQ4kz8gx0VeqRU2hgHVKovuaEvBnwv8JW3qeuowaUmiPi7UuIRwi4pFX5iQv62yrfO
-5Z6EXBDVI8Ikq4UTu70vX_bCuXHtvqm97PFh2KXjBHS--iNVQ5GhnDKKv_Fd4naQjCSwTTgtxD4X
-ASgLSSETGJ8wAjWHOWUuVT4jUDFIQwunNaH6y2NaDWA0tkO74oYaQIL_-kd9ChGLzGL389v8BV2X
-oaw70W9L3-OOtzAz-hACbOtbbMkx2bVMmS8QhjYg-_2bpwSb8NR322pQ9AodFTU4x5HrLoERk2Rw
-hRExZP7K-_idMJUGLF9gJFFS01UyBLijyWGyN0teQleXgn6IzZk7dH9roddoe9IacjiV7XfE4i1U
-rVNTRKiDdHSX02KGOihs_j-Tf0PYsz0wEeACINA5MafGzc9x2b8yMzBxwPHxRszjL4dymCoLXRI5
-srLsWk2Jwtp9meW8jhkoAi5xUKzLiYIhEohIX3eEEA0O0wuK0fzcMB7IbyTYYazawUKmUXZ94OLu
-Fmb-UaAEvU-9U4O3DNfbDN2ELxUHmWaqNqpGl1IV0ZxGrKNZi9Rga9-_vfVGcoVMD7vZOhiZddc9
-WRlom3tQZRx2Sm42baNH8wS34J0KuUYPcjQ-1_GEJxcH0hv6hzSm4is7mUdnyB95g1UohKdQOfaY
-tOdHlXbu2zG6SyPaYyQFfQbMPwBn-hx_7bYj9Px-EhYeMpBIP8X98jkd3BlWY4sdWqxsQfAb5pml
-cnDRynHag2XxLqttAWSwru_owfeXzmYsPD-PINRu-Csjzlbdhq73amTFN-U8mYA09dlCck2fW8qo
-mAXLkVlboVaPuem6WvfSd93ZinsB5Wi5RX6RQxeHeo88cWrJ11Au14J8xFlurcZwdSjO4dsnZj_D
-ry0uKWsyNoLogBuDansiNGGO8-1qsyRxVp3zbxOMQmPouN6l0ZfxQdACqX8_4HTD7NMNMnLYjPjC
-4YfOUx4pQMdjzno05vuF5zY-UQ3SN7HkmXsF6tVJdt15cmtLFetD5LTbvdRr1eeHWuwD4-aJQx4T
-SdOLQ3zHeMnNFsxR_xKsu4AGjcC2-TpGixmA1kJtYBm1WIGoxQ6N4rneEo-82yvKwYst9-DJcV6x
-xy1dpJqtx3I7M6DqPVURomeh2czO6UMRPVIQ1ltj4E27_FWFsWC38ZyR4nFimovFLJNCzy2k
\ No newline at end of file
<!-- Define sub-projects (modules) -->
<!-- ============================================================== -->
<modules>
- <module>core</module>
- <module>client</module>
- <module>aaf</module>
- <module>cass</module>
- <!-- module>jetty</module -->
- <!-- module>weblogic</module -->
- <!-- always build last -->
- <!--module>swm</module -->
</modules>
<!-- ============================================================== -->