1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/*-
* ============LICENSE_START=======================================================
* org.openecomp.aai
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.openecomp.aai.restcore;
import org.apache.commons.cli.BasicParser;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.eclipse.jetty.util.security.Password;
/*
* The purpose of this class is to be a tool for
* manually applying jetty obfuscation/deobfuscation
* so that one can obfuscate the various passwords/secrets
* in aaiconfig.properties.
*
* Originally, they were being encrypted by a similar
* command line utility, however the encryption key
* was being hardcoded in the src package
* which is a security violation.
* Since this ultimately just moved the problem of how
* to hide secrets to a different secret in a different file,
* and since that encryption was really just being done to
* obfuscate those values in case someone needed to look at
* properties with others looking at their screen,
* we decided that jetty obfuscation would be adequate
* for that task as well as
* removing the "turtles all the way down" secret-to-hide-
* the-secret-to-hide-the-secret problem.
*/
public class JettyObfuscationConversionCommandLineUtil {
/**
* The main method.
*
* @param args the arguments
*/
public static void main(String[] args){
Options options = new Options();
options.addOption("e", true, "obfuscate the given string");
options.addOption("d", true, "deobfuscate the given string");
CommandLineParser parser = new BasicParser();
try {
CommandLine cmd = parser.parse(options, args);
String toProcess = null;
if (cmd.hasOption("e")){
toProcess = cmd.getOptionValue("e");
String encoded = Password.obfuscate(toProcess);
System.out.println(encoded);
} else if (cmd.hasOption("d")) {
toProcess = cmd.getOptionValue("d");
String decoded_str = Password.deobfuscate(toProcess);
System.out.println(decoded_str);
} else {
usage();
}
} catch (ParseException e) {
System.out.println("failed to parse input");
System.out.println(e.toString());
usage();
} catch (Exception e) {
System.out.println("exception:" + e.toString());
}
}
/**
* Usage.
*/
private static void usage(){
System.out.println("usage:");;
System.out.println("-e [string] to obfuscate");
System.out.println("-d [string] to deobfuscate");
System.out.println("-h help");
}
}
|
