aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Forsyth <jf2512@att.com>2019-11-15 21:35:03 +0000
committerGerrit Code Review <gerrit@onap.org>2019-11-15 21:35:03 +0000
commitf6e09e93481b28e07fe1dbe542c320ec09eb3d77 (patch)
tree331e824dde9616e62b27555f3545d8befca8ec08
parent1c79cd7bc64599ac398daba94e91a3d9bce2eebe (diff)
parentdb3b0a2008038a5022340561fd915adfd2b3bed9 (diff)
Merge "Update the code to read aaf generated passwords"
-rw-r--r--aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java87
-rw-r--r--aai-resources/src/main/resources/application.properties14
2 files changed, 88 insertions, 13 deletions
diff --git a/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
index a4b4313..0d2ff88 100644
--- a/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
+++ b/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
@@ -19,30 +19,95 @@
*/
package org.onap.aai.config;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.LinkedHashMap;
import java.util.Map;
-import java.util.Optional;
+import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import org.apache.commons.io.IOUtils;
import org.springframework.context.ApplicationContextInitializer;
import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.core.env.CompositePropertySource;
-import org.springframework.core.env.ConfigurableEnvironment;
-import org.springframework.core.env.EnumerablePropertySource;
-import org.springframework.core.env.MapPropertySource;
-import org.springframework.core.env.PropertySource;
-import org.springframework.stereotype.Component;
+import org.springframework.core.env.*;
public class PropertyPasswordConfiguration implements ApplicationContextInitializer<ConfigurableApplicationContext> {
private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)");
-
private PasswordDecoder passwordDecoder = new JettyPasswordDecoder();
+ private static final EELFLogger logger = EELFManager.getInstance().getLogger(PropertyPasswordConfiguration.class.getName());
@Override
public void initialize(ConfigurableApplicationContext applicationContext) {
ConfigurableEnvironment environment = applicationContext.getEnvironment();
+ String certPath = environment.getProperty("server.certs.location");
+ File passwordFile = null;
+ File passphrasesFile = null;
+ InputStream passwordStream = null;
+ InputStream passphrasesStream = null;
+ Map<String, Object> sslProps = new LinkedHashMap<>();
+
+ // Override the passwords from application.properties if we find AAF certman files
+ if (certPath != null) {
+ try {
+ passwordFile = new File(certPath + ".password");
+ passwordStream = new FileInputStream(passwordFile);
+
+ if (passwordStream != null) {
+ String keystorePassword = null;
+
+ keystorePassword = IOUtils.toString(passwordStream);
+ if (keystorePassword != null) {
+ keystorePassword = keystorePassword.trim();
+ }
+ sslProps.put("server.ssl.key-store-password", keystorePassword);
+ sslProps.put("schema.service.ssl.key-store-password", keystorePassword);
+ } else {
+ logger.info("Not using AAF Certman password file");
+ }
+ } catch (IOException e) {
+ logger.warn("Not using AAF Certman password file, e=" + e.getMessage());
+ } finally {
+ if (passwordStream != null) {
+ try {
+ passwordStream.close();
+ } catch (Exception e) {
+ }
+ }
+ }
+ try {
+ passphrasesFile = new File(certPath + ".passphrases");
+ passphrasesStream = new FileInputStream(passphrasesFile);
+
+ if (passphrasesStream != null) {
+ String truststorePassword = null;
+ Properties passphrasesProps = new Properties();
+ passphrasesProps.load(passphrasesStream);
+ truststorePassword = passphrasesProps.getProperty("cadi_truststore_password");
+ if (truststorePassword != null) {
+ truststorePassword = truststorePassword.trim();
+ }
+ sslProps.put("server.ssl.trust-store-password", truststorePassword);
+ sslProps.put("schema.service.ssl.trust-store-password", truststorePassword);
+ } else {
+ logger.info("Not using AAF Certman passphrases file");
+ }
+ } catch (IOException e) {
+ logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage());
+ } finally {
+ if (passphrasesStream != null) {
+ try {
+ passphrasesStream.close();
+ } catch (Exception e) {
+ }
+ }
+ }
+ }
for (PropertySource<?> propertySource : environment.getPropertySources()) {
Map<String, Object> propertyOverrides = new LinkedHashMap<>();
decodePasswords(propertySource, propertyOverrides);
@@ -50,6 +115,12 @@ public class PropertyPasswordConfiguration implements ApplicationContextInitiali
PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
}
+
+ }
+ if (!sslProps.isEmpty()) {
+ logger.info("Using AAF Certman files");
+ PropertySource<?> additionalProperties = new MapPropertySource("additionalProperties", sslProps);
+ environment.getPropertySources().addFirst(additionalProperties);
}
}
diff --git a/aai-resources/src/main/resources/application.properties b/aai-resources/src/main/resources/application.properties
index 517c650..3cabe4a 100644
--- a/aai-resources/src/main/resources/application.properties
+++ b/aai-resources/src/main/resources/application.properties
@@ -26,12 +26,16 @@ server.tomcat.max-idle-time=60000
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=aai-resources/src/main/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
-
+server.certs.location=${server.local.startpath}etc/auth/
+#server.keystore.name=keystore.jks
+server.keystore.name=aai_keystore
+#server.truststore.name=com.att.ecomp.aai.dev.trust.jks
+server.truststore.name=aai_keystore
server.port=8447
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
+server.ssl.key-store=${server.certs.location}${server.keystore.name}
server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
+server.ssl.trust-store=${server.certs.location}${server.truststore.name}
server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
@@ -73,8 +77,8 @@ schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.ssl.key-store=${server.local.startpath}/etc/auth/aai_keystore
-schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/aai_keystore
+schema.service.ssl.key-store=${server.certs.location}${server.keystore.name}
+schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name}
schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
schema.service.versions.override=false