From db3b0a2008038a5022340561fd915adfd2b3bed9 Mon Sep 17 00:00:00 2001 From: "Kajur, Harish (vk250x)" Date: Mon, 23 Sep 2019 10:00:24 -0400 Subject: Update the code to read aaf generated passwords Issue-ID: AAI-2476 Change-Id: I196f3da1f3f82c5d4b4707b97ffd4a4e36868088 Signed-off-by: Kajur, Harish (vk250x) --- .../aai/config/PropertyPasswordConfiguration.java | 87 ++++++++++++++++++++-- .../src/main/resources/application.properties | 14 ++-- 2 files changed, 88 insertions(+), 13 deletions(-) diff --git a/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java index a4b4313..0d2ff88 100644 --- a/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java +++ b/aai-resources/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java @@ -19,30 +19,95 @@ */ package org.onap.aai.config; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; import java.util.LinkedHashMap; import java.util.Map; -import java.util.Optional; +import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.apache.commons.io.IOUtils; import org.springframework.context.ApplicationContextInitializer; import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.CompositePropertySource; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.core.env.EnumerablePropertySource; -import org.springframework.core.env.MapPropertySource; -import org.springframework.core.env.PropertySource; -import org.springframework.stereotype.Component; +import org.springframework.core.env.*; public class PropertyPasswordConfiguration implements ApplicationContextInitializer { private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); - private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); + private static final EELFLogger logger = EELFManager.getInstance().getLogger(PropertyPasswordConfiguration.class.getName()); @Override public void initialize(ConfigurableApplicationContext applicationContext) { ConfigurableEnvironment environment = applicationContext.getEnvironment(); + String certPath = environment.getProperty("server.certs.location"); + File passwordFile = null; + File passphrasesFile = null; + InputStream passwordStream = null; + InputStream passphrasesStream = null; + Map sslProps = new LinkedHashMap<>(); + + // Override the passwords from application.properties if we find AAF certman files + if (certPath != null) { + try { + passwordFile = new File(certPath + ".password"); + passwordStream = new FileInputStream(passwordFile); + + if (passwordStream != null) { + String keystorePassword = null; + + keystorePassword = IOUtils.toString(passwordStream); + if (keystorePassword != null) { + keystorePassword = keystorePassword.trim(); + } + sslProps.put("server.ssl.key-store-password", keystorePassword); + sslProps.put("schema.service.ssl.key-store-password", keystorePassword); + } else { + logger.info("Not using AAF Certman password file"); + } + } catch (IOException e) { + logger.warn("Not using AAF Certman password file, e=" + e.getMessage()); + } finally { + if (passwordStream != null) { + try { + passwordStream.close(); + } catch (Exception e) { + } + } + } + try { + passphrasesFile = new File(certPath + ".passphrases"); + passphrasesStream = new FileInputStream(passphrasesFile); + + if (passphrasesStream != null) { + String truststorePassword = null; + Properties passphrasesProps = new Properties(); + passphrasesProps.load(passphrasesStream); + truststorePassword = passphrasesProps.getProperty("cadi_truststore_password"); + if (truststorePassword != null) { + truststorePassword = truststorePassword.trim(); + } + sslProps.put("server.ssl.trust-store-password", truststorePassword); + sslProps.put("schema.service.ssl.trust-store-password", truststorePassword); + } else { + logger.info("Not using AAF Certman passphrases file"); + } + } catch (IOException e) { + logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage()); + } finally { + if (passphrasesStream != null) { + try { + passphrasesStream.close(); + } catch (Exception e) { + } + } + } + } for (PropertySource propertySource : environment.getPropertySources()) { Map propertyOverrides = new LinkedHashMap<>(); decodePasswords(propertySource, propertyOverrides); @@ -50,6 +115,12 @@ public class PropertyPasswordConfiguration implements ApplicationContextInitiali PropertySource decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides); environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); } + + } + if (!sslProps.isEmpty()) { + logger.info("Using AAF Certman files"); + PropertySource additionalProperties = new MapPropertySource("additionalProperties", sslProps); + environment.getPropertySources().addFirst(additionalProperties); } } diff --git a/aai-resources/src/main/resources/application.properties b/aai-resources/src/main/resources/application.properties index 517c650..3cabe4a 100644 --- a/aai-resources/src/main/resources/application.properties +++ b/aai-resources/src/main/resources/application.properties @@ -26,12 +26,16 @@ server.tomcat.max-idle-time=60000 # If thats not it, please check if the key-store file path makes sense server.local.startpath=aai-resources/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties - +server.certs.location=${server.local.startpath}etc/auth/ +#server.keystore.name=keystore.jks +server.keystore.name=aai_keystore +#server.truststore.name=com.att.ecomp.aai.dev.trust.jks +server.truststore.name=aai_keystore server.port=8447 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.key-store=${server.certs.location}${server.keystore.name} server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.trust-store=${server.certs.location}${server.truststore.name} server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) server.ssl.client-auth=want server.ssl.key-store-type=JKS @@ -73,8 +77,8 @@ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions -schema.service.ssl.key-store=${server.local.startpath}/etc/auth/aai_keystore -schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/aai_keystore +schema.service.ssl.key-store=${server.certs.location}${server.keystore.name} +schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name} schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.versions.override=false -- cgit 1.2.3-korg