Security-Mode ONOS BUCK

Change-Id: I72ef80d84665049c738eaa89394b95b699b33b6b
diff --git a/core/security/BUCK b/core/security/BUCK
index c9a6a91..f6b0da3 100644
--- a/core/security/BUCK
+++ b/core/security/BUCK
@@ -1,7 +1,15 @@
+SRC = 'src/main/java/org/onosproject/security/**/'
+TEST = 'src/test/java/org/onosproject/security/**/'
+CURRENT_NAME = 'onos-security'
+CURRENT_TARGET = ':' + CURRENT_NAME
+
+
 COMPILE_DEPS = [
     '//lib:CORE_DEPS',
     '//lib:KRYO',
     '//core/store/serializers:onos-core-serializers',
+    '//lib:org.apache.felix.framework.security',
+    '//core/api:onos-api',
 ]
 
 TEST_DEPS = [
@@ -10,7 +18,16 @@
 
 osgi_jar_with_tests (
     name = 'onos-security',
+    srcs = glob([SRC + '/*.java']),
     deps = COMPILE_DEPS,
     test_deps = TEST_DEPS,
     visibility = ['PUBLIC'],
 )
+
+java_test(
+    name = 'tests',
+    srcs = glob([TEST + '/*.java']),
+    deps = COMPILE_DEPS +
+           TEST_DEPS +
+           [CURRENT_TARGET],
+)
\ No newline at end of file
diff --git a/features/BUCK b/features/BUCK
index bb87afc..7291d53 100644
--- a/features/BUCK
+++ b/features/BUCK
@@ -133,14 +133,13 @@
   ]
 )
 
-#FIXME
-# osgi_feature (
-#   name = 'onos-security',
-#   title="Security-Mode ONOS",
-#   required_features = ['onos-api'],
-#   included_bundles = [
-#     'org.onosproject/org.apache.felix.framework.security/2.2.0.onos',
-#     'org.onosproject/onos-security/@ONOS-VERSION',
-#   ]
-# )
+osgi_feature (
+  name = 'onos-security',
+  title="Security-Mode ONOS",
+  required_features = ['onos-api'],
+  included_bundles = [
+    '//lib:org.apache.felix.framework.security',
+    '//core/security:onos-security',
+  ]
+)
 
diff --git a/lib/BUCK b/lib/BUCK
index 0c7ecc1..26a65cb 100644
--- a/lib/BUCK
+++ b/lib/BUCK
@@ -1,4 +1,4 @@
-# ***** This file was auto-generated at Tue, 17 Oct 2017 22:57:24 GMT. Do not edit this file manually. *****
+# ***** This file was auto-generated at Tue, 31 Oct 2017 16:53:55 GMT. Do not edit this file manually. *****
 # ***** Use onos-lib-gen *****
 
 pass_thru_pom(
@@ -928,6 +928,15 @@
 )
 
 remote_jar (
+  name = 'org.apache.felix.framework.security',
+  out = 'org.apache.felix.framework.security-2.2.0.onos.jar',
+  url = 'mvn:org.onosproject:org.apache.felix.framework.security:jar:2.2.0.onos',
+  sha1 = '5d39a4ff4a5d3daec8c404789d398c780151de8c',
+  maven_coords = 'org.onosproject:org.apache.felix.framework.security:2.2.0.onos',
+  visibility = [ 'PUBLIC' ],
+)
+
+remote_jar (
   name = 'org.apache.felix.scr',
   out = 'org.apache.felix.scr-1.8.2.jar',
   url = 'mvn:org.apache.felix:org.apache.felix.scr:jar:1.8.2',
diff --git a/lib/deps.json b/lib/deps.json
index bb05865..7685db0 100644
--- a/lib/deps.json
+++ b/lib/deps.json
@@ -199,6 +199,7 @@
     "netty-codec-http": "mvn:io.netty:netty-codec-http:4.1.8.Final",
     "objenesis": "mvn:org.objenesis:objenesis:2.2",
     "openflowj": "mvn:org.onosproject:openflowj:3.2.0.onos",
+    "org.apache.felix.framework.security": "mvn:org.onosproject:org.apache.felix.framework.security:jar:2.2.0.onos",
     "org.apache.felix.scr": "mvn:org.apache.felix:org.apache.felix.scr:1.8.2",
     "org.apache.felix.scr.annotations": "mvn:org.apache.felix:org.apache.felix.scr.annotations:1.9.12",
     "org.apache.karaf.features.core": "mvn:org.apache.karaf.features:org.apache.karaf.features.core:3.0.8",
diff --git a/tools/package/BUCK b/tools/package/BUCK
index 8f429c9..05fefcb 100644
--- a/tools/package/BUCK
+++ b/tools/package/BUCK
@@ -10,7 +10,7 @@
   '//features:onos-rest',
   '//features:onos-gui',
   '//features:onos-cli',
-#'//features:onos-security',
+  '//features:onos-security',
 ]
 
 #TODO move to buck-tools
diff --git a/tools/package/onos-prep-karaf b/tools/package/onos-prep-karaf
index a6ab98f..ed89fb2 100755
--- a/tools/package/onos-prep-karaf
+++ b/tools/package/onos-prep-karaf
@@ -11,6 +11,7 @@
 BRANDING=$4
 #FIXME karaf version
 KARAF_VERSION="3.0.8"
+ONOS_SECURITY_MODE="false"
 
 PREFIX="onos-$ONOS_VERSION"
 
@@ -31,8 +32,6 @@
 chmod a+x bin/onos-service bin/onos
 
 export BOOT_FEATURES="standard,ssh,scr,war,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
-#FIXME
-#[ "$ONOS_SECURITY_MODE" = true ] && enable_security_mode
 
 # Patch the Apache Karaf distribution file to add ONOS features repository
 perl -pi.old -e "s|^(featuresRepositories=).*|\1mvn:org.apache.karaf.features/standard/$KARAF_VERSION/xml/features,mvn:org.onosproject/onos-features/$ONOS_VERSION/xml/features|" \
@@ -56,45 +55,40 @@
 cp -r init $PREFIX
 cp -r etc/* $PREFIX/$KARAF_DIR/etc/
 
+if [ "$ONOS_SECURITY_MODE" = true ]
+then
+    # ONOS Patching ----------------------------------------------------------------
+
+    echo "Enabling security mode ONOS..."
+
+    # SM-ONOS step 1: downgrade felix config admin
+    FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+    if [ ! -f $FELIX_CFG_ADMIN ]; then
+        echo "Downloading $FELIX_CFG_ADMIN..."
+        curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+    fi
+    [ ! -f $FELIX_CFG_ADMIN ] && \
+        echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+
+    mkdir -p $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    cp $FELIX_CFG_ADMIN $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    perl -pi.old -e "s|org.apache.felix.configadmin/1.8.4|org.apache.felix.configadmin/1.6.0|g" \
+        $PREFIX/$KARAF_DIR/etc/startup.properties
+
+    # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
+
+    # SM-ONOS step 3.1: configure karaf
+    perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+        $PREFIX/$KARAF_DIR/etc/system.properties
+    perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+        $PREFIX/$KARAF_DIR/etc/system.properties
+
+    # SM-ONOS step 3.2: update featuresBoot
+    export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+
+    # Patch the Apache Karaf distribution file to load onos security feature
+    perl -pi.old -e "s|^(featuresBoot=).*|\1$BOOT_FEATURES|" \
+        $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
+fi
+
 zip -q -0 -r $OUT $PREFIX
-
-#FIXME
-# Stage all builtin ONOS apps for factory install
-#onos-stage-apps $ONOS_STAGE/apps $ONOS_STAGE/$KARAF_DIST/system
-# Mark the org.onosproject.drivers app active by default
-#touch $ONOS_STAGE/apps/org.onosproject.drivers/active
-
-# copy in features and repos
-# Patch in the ONOS version file
-#echo $ONOS_VERSION > $ONOS_STAGE/VERSION
-
-
-#function enable_security_mode() {
-#    echo "Enabling security mode ONOS..."
-#
-#    # SM-ONOS step 1: downgrade felix config admin
-#    FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
-#    if [ ! -f $FELIX_CFG_ADMIN ]; then
-#        echo "Downloading $FELIX_CFG_ADMIN..."
-#        curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
-#    fi
-#    [ ! -f $FELIX_CFG_ADMIN ] && \
-#        echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
-#
-#    mkdir -p $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
-#    cp $FELIX_CFG_ADMIN $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
-#    perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
-#        $ONOS_STAGE/$KARAF_DIST/etc/startup.properties
-#
-#    # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
-#
-#    # SM-ONOS step 3.1: configure karaf
-#    perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
-#        $ONOS_STAGE/$KARAF_DIST/etc/system.properties
-#    perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
-#        $ONOS_STAGE/$KARAF_DIST/etc/system.properties
-#
-#    # SM-ONOS step 3.2: update featuresBoot
-#    export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
-#}
-