Merge "Update the code to read aaf generated passwords"

2 files changed, 88 insertions, 13 deletions

diff --git a/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
index a4b4313..0d2ff88 100644
--- a/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
+++ b/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
@@ -19,30 +19,95 @@
  */
 package org.onap.aai.config;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedHashMap;
 import java.util.Map;
-import java.util.Optional;
+import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import org.apache.commons.io.IOUtils;
 import org.springframework.context.ApplicationContextInitializer;
 import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.core.env.CompositePropertySource;
-import org.springframework.core.env.ConfigurableEnvironment;
-import org.springframework.core.env.EnumerablePropertySource;
-import org.springframework.core.env.MapPropertySource;
-import org.springframework.core.env.PropertySource;
-import org.springframework.stereotype.Component;
+import org.springframework.core.env.*;
 
 public class PropertyPasswordConfiguration implements ApplicationContextInitializer<ConfigurableApplicationContext> {
 
     private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)");
-
     private PasswordDecoder passwordDecoder = new JettyPasswordDecoder();
+    private static final EELFLogger logger = EELFManager.getInstance().getLogger(PropertyPasswordConfiguration.class.getName());
 
     @Override
     public void initialize(ConfigurableApplicationContext applicationContext) {
         ConfigurableEnvironment environment = applicationContext.getEnvironment();
+        String certPath = environment.getProperty("server.certs.location");
+        File passwordFile = null;
+        File passphrasesFile = null;
+        InputStream passwordStream = null;
+        InputStream passphrasesStream = null;
+        Map<String, Object> sslProps = new LinkedHashMap<>();
+
+        // Override the passwords from application.properties if we find AAF certman files
+        if (certPath != null) {
+            try {
+                passwordFile = new File(certPath + ".password");
+                passwordStream = new FileInputStream(passwordFile);
+
+                if (passwordStream != null) {
+                    String keystorePassword = null;
+
+                    keystorePassword = IOUtils.toString(passwordStream);
+                    if (keystorePassword != null) {
+                        keystorePassword = keystorePassword.trim();
+                    }
+                    sslProps.put("server.ssl.key-store-password", keystorePassword);
+                    sslProps.put("schema.service.ssl.key-store-password", keystorePassword);
+                } else {
+                    logger.info("Not using AAF Certman password file");
+                }
+            } catch (IOException e) {
+                logger.warn("Not using AAF Certman password file, e=" + e.getMessage());
+            } finally {
+                if (passwordStream != null) {
+                    try {
+                        passwordStream.close();
+                    } catch (Exception e) {
+                    }
+                }
+            }
+            try {
+                passphrasesFile = new File(certPath + ".passphrases");
+                passphrasesStream = new FileInputStream(passphrasesFile);
+
+                if (passphrasesStream != null) {
+                    String truststorePassword = null;
+                    Properties passphrasesProps = new Properties();
+                    passphrasesProps.load(passphrasesStream);
+                    truststorePassword = passphrasesProps.getProperty("cadi_truststore_password");
+                    if (truststorePassword != null) {
+                        truststorePassword = truststorePassword.trim();
+                    }
+                    sslProps.put("server.ssl.trust-store-password", truststorePassword);
+                    sslProps.put("schema.service.ssl.trust-store-password", truststorePassword);
+                } else {
+                    logger.info("Not using AAF Certman passphrases file");
+                }
+            } catch (IOException e) {
+                logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage());
+            } finally {
+                if (passphrasesStream != null) {
+                    try {
+                        passphrasesStream.close();
+                    } catch (Exception e) {
+                    }
+                }
+            }
+        }
         for (PropertySource<?> propertySource : environment.getPropertySources()) {
             Map<String, Object> propertyOverrides = new LinkedHashMap<>();
             decodePasswords(propertySource, propertyOverrides);
@@ -50,6 +115,12 @@ public class PropertyPasswordConfiguration implements ApplicationContextInitiali
                 PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
                 environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
             }
+
+        }
+        if (!sslProps.isEmpty()) {
+            logger.info("Using AAF Certman files");
+            PropertySource<?> additionalProperties = new MapPropertySource("additionalProperties", sslProps);
+            environment.getPropertySources().addFirst(additionalProperties);
         }
     }
 
diff --git a/aai-resources/src/main/resources/application.properties b/aai-resources/src/main/resources/application.properties
index 517c650..3cabe4a 100644
--- a/aai-resources/src/main/resources/application.properties
+++ b/aai-resources/src/main/resources/application.properties
@@ -26,12 +26,16 @@ server.tomcat.max-idle-time=60000
 # If thats not it, please check if the key-store file path makes sense
 server.local.startpath=aai-resources/src/main/resources/
 server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
-
+server.certs.location=${server.local.startpath}etc/auth/
+#server.keystore.name=keystore.jks
+server.keystore.name=aai_keystore
+#server.truststore.name=com.att.ecomp.aai.dev.trust.jks
+server.truststore.name=aai_keystore
 server.port=8447
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
+server.ssl.key-store=${server.certs.location}${server.keystore.name}
 server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
+server.ssl.trust-store=${server.certs.location}${server.truststore.name}
 server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
 server.ssl.client-auth=want
 server.ssl.key-store-type=JKS
@@ -73,8 +77,8 @@ schema.service.nodes.endpoint=nodes?version=
 schema.service.edges.endpoint=edgerules?version=
 schema.service.versions.endpoint=versions
 
-schema.service.ssl.key-store=${server.local.startpath}/etc/auth/aai_keystore
-schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/aai_keystore
+schema.service.ssl.key-store=${server.certs.location}${server.keystore.name}
+schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name}
 schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
 schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
 schema.service.versions.override=false