Northbound OSS Client

Analysis

vFirewall Demo Sequence of Events

All the events during a VF creation so we can understand all the orchestration steps at a granular REST level.

Prerequisites

Seq	Name	Source	Target	Actor	REST calls

Config

Name	Source	Target	Actor
create customer	robot	aai	./demo.sh init
create service model	robot	aai	./demo.sh init

Service Deployment

Name	Source	Actor
deploy service model	vid	demo user
create service instance	vid	demo user

VNF Creation

Seq	Name	Source	Target	Actor	REST calls
		robot		./demo.sh init

VFModule Preload

Name	Source	Actor
preload vnf	robot	./demo.sh preload <DemoVNF> <DemoModule>

VFModule Creation

Name	Source	Actor
create vf module <DemoModule>	vid	demo user

Closed Loop

Name	Source	Actor
appc	robot	./demo.sh appc <DemoModule>

Design Issues

DI 1: 20170719: AAI Cert required for HTTPS REST calls

Calls to AAI such as the following require both the authentication header and an imported certificate. When running Postman - because it is a Chrome app - this is a simple case of loading a REST url in the browser and importing the certificate after an authentication challenge (AAI:AAI). However for a java client like a JAX-RS 2.0 client we need the certificate in a keystore (the default or a specially defined one).

Below we import the cert into the default keystore. Where did I get the cert? by extracting it from Firefox - however it is in the code base - looking it up

obrienbiometrics:onap michaelobrien$ ls $JAVA_HOME/jre/lib/security/cacerts

/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/cacerts

sudo keytool -import -trustcacerts -alias aai -file /Users/michaelobrien/Dropbox/_amdocs/config/certs/aai/aaiapisimpledemoopenecomporg.cer -keystore $JAVA_HOME/jre/lib/security/cacerts

Running an https rest target using this certificate - if the cert is in a default keystore - you dont need to define it.

// require: cert, username, password, headers(X-FromAppId,Accept), Authenticator

public String run(boolean isSSL, String url, String port, String path) {

  String record = null;
  Client client = null;
  WebTarget latestTarget = null;
  WebTarget rootTarget = null;
  if(isSSL) {
    SslConfigurator sslConfig = SslConfigurator.newInstance();
    SSLContext sslContext = sslConfig.createSSLContext();
    HostnameVerifier verifier = new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession sslSession) {
      return true; // TODO: security breach
    }};
    client = ClientBuilder.newBuilder().sslContext(sslContext).hostnameVerifier(verifier).build();
    client.register(new Authenticator("AAI","AAI"));
  } else {

      client = ClientBuilder.newClient();
    }
    rootTarget = client.target(url);
    latestTarget = rootTarget.path(path);
    try {
      try { Thread.sleep(1); } catch (InterruptedException ie) { Thread.currentThread().interrupt(); }
        record = finalTarget.request()
          .header("X-FromAppId", "AAI").header("Accept", "application/json")
          .get(String.class);

public class Authenticator implements ClientRequestFilter {
 private final String user;
 private final String pass;

 public Authenticator(String user, String password) {
      this.user = user; this.pass = password;
 }

 public void filter(ClientRequestContext requestContext) throws IOException {
   MultivaluedMap<String, Object> headMap = requestContext.getHeaders();
 String basicAuth = null;
 try {
         String aToken = user + ":" + pass;
 basicAuth = "BASIC " + DatatypeConverter.printBase64Binary(aToken.getBytes("UTF-8"));
 } catch (UnsupportedEncodingException uee) { throw new IllegalStateException("Encoding with UTF-8 failed", uee);}
   headMap.add("Authorization", basicAuth);
 }
}