diff options
11 files changed, 7 insertions, 270 deletions
diff --git a/aai-schema-service/.gitignore b/aai-schema-service/.gitignore index 35183c9..a29490d 100644 --- a/aai-schema-service/.gitignore +++ b/aai-schema-service/.gitignore @@ -1,8 +1,6 @@ .settings target/ **/logs/ -bundleconfig-local/etc/auth/aai-client-cert.p12 -bundleconfig-local/etc/auth/tomcat_keystore bundleconfig-local/etc/oxm src/main/aai_schema bundleconfig-local/etc/logback.xml diff --git a/aai-schema-service/pom.xml b/aai-schema-service/pom.xml index 3d02be5..15f8c1d 100644 --- a/aai-schema-service/pom.xml +++ b/aai-schema-service/pom.xml @@ -272,10 +272,6 @@ </profiles> <dependencies> <dependency> - <groupId>com.att.eelf</groupId> - <artifactId>eelf-core</artifactId> - </dependency> - <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-core</artifactId> <version>${logback.version}</version> @@ -415,8 +411,6 @@ <resource> <directory>${project.basedir}/src/main/resources/etc/auth/</directory> <includes> - <include>aai-client-cert.p12</include> - <include>tomcat_keystore</include> <include>aai_policy.json</include> </includes> <targetPath>${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig</targetPath> diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java index 5c36ed8..65232be 100644 --- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java @@ -25,7 +25,6 @@ import javax.annotation.PreDestroy; import org.onap.aai.aailog.logs.AaiDebugLog; import org.onap.aai.exceptions.AAIException; -import org.onap.aai.schemaservice.config.PropertyPasswordConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -68,7 +67,6 @@ public class SchemaServiceApp { SpringApplication app = new SpringApplication(SchemaServiceApp.class); app.setLogStartupInfo(false); app.setRegisterShutdownHook(true); - app.addInitializers(new PropertyPasswordConfiguration()); Environment env = app.run(args).getEnvironment(); diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java deleted file mode 100644 index f1576b0..0000000 --- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/JettyPasswordDecoder.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.schemaservice.config; - -import org.eclipse.jetty.util.security.Password; - -public class JettyPasswordDecoder implements PasswordDecoder { - - @Override - public String decode(String input) { - if (input.startsWith("OBF:")) { - return Password.deobfuscate(input); - } - return Password.deobfuscate("OBF:" + input); - } -} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java deleted file mode 100644 index 9ebd684..0000000 --- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PasswordDecoder.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.schemaservice.config; - -public interface PasswordDecoder { - - String decode(String input); -} diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java deleted file mode 100644 index bd8ce6e..0000000 --- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/PropertyPasswordConfiguration.java +++ /dev/null @@ -1,142 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aai.schemaservice.config; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.Charset; -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Properties; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationContextInitializer; -import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.core.env.EnumerablePropertySource; -import org.springframework.core.env.MapPropertySource; -import org.springframework.core.env.PropertySource; - -public class PropertyPasswordConfiguration - implements ApplicationContextInitializer<ConfigurableApplicationContext> { - - private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); - private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); - private static final Logger logger = - LoggerFactory.getLogger(PropertyPasswordConfiguration.class.getName()); - - @Override - public void initialize(ConfigurableApplicationContext applicationContext) { - - ConfigurableEnvironment environment = applicationContext.getEnvironment(); - String certPath = environment.getProperty("server.certs.location"); - Map<String, Object> sslProps = new LinkedHashMap<>(); - - // Override the passwords from application.properties if we find AAF certman files - if (certPath != null) { - File passwordFile = new File(certPath + ".password"); - try (InputStream passwordStream = new FileInputStream(passwordFile)) { - String keystorePassword = null; - - keystorePassword = IOUtils.toString(passwordStream, Charset.defaultCharset()); - if (keystorePassword != null) { - keystorePassword = keystorePassword.trim(); - sslProps.put("server.ssl.key-store-password", keystorePassword); - } else { - logger.warn("Keystore password is null in AAF Certman password file"); - } - } catch (IOException e) { - logger.warn("Not using AAF Certman password file " + passwordFile.getName() + " e=" - + e.getMessage()); - } - - File passphrasesFile = new File(certPath + ".passphrases"); - try (InputStream passphrasesStream = new FileInputStream(passphrasesFile)) { - String truststorePassword = null; - Properties passphrasesProps = new Properties(); - passphrasesProps.load(passphrasesStream); - truststorePassword = passphrasesProps.getProperty("cadi_truststore_password"); - if (truststorePassword != null) { - truststorePassword = truststorePassword.trim(); - sslProps.put("server.ssl.trust-store-password", truststorePassword); - } else { - logger.warn("Truststore password is null in AAF Certman passphrases file"); - } - } catch (IOException e) { - logger.warn("Not using AAF Certman passphrases file " + passphrasesFile.getName() - + " e=" + e.getMessage()); - } - } - for (PropertySource<?> propertySource : environment.getPropertySources()) { - Map<String, Object> propertyOverrides = new LinkedHashMap<>(); - decodePasswords(propertySource, propertyOverrides); - if (!propertyOverrides.isEmpty()) { - PropertySource<?> decodedProperties = - new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides); - environment.getPropertySources().addBefore(propertySource.getName(), - decodedProperties); - } - - } - if (!sslProps.isEmpty()) { - logger.info("Using AAF Certman files"); - PropertySource<?> additionalProperties = - new MapPropertySource("additionalProperties", sslProps); - environment.getPropertySources().addFirst(additionalProperties); - } - - } - - private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) { - if (source instanceof EnumerablePropertySource) { - EnumerablePropertySource<?> enumerablePropertySource = - (EnumerablePropertySource<?>) source; - for (String key : enumerablePropertySource.getPropertyNames()) { - Object rawValue = source.getProperty(key); - if (rawValue instanceof String) { - String decodedValue = decodePasswordsInString((String) rawValue); - propertyOverrides.put(key, decodedValue); - } - } - } - } - - private String decodePasswordsInString(String input) { - if (input == null) { - return null; - } - StringBuffer output = new StringBuffer(); - Matcher matcher = decodePasswordPattern.matcher(input); - while (matcher.find()) { - String replacement = passwordDecoder.decode(matcher.group(1)); - matcher.appendReplacement(output, replacement); - } - matcher.appendTail(output); - return output.toString(); - } - -} diff --git a/aai-schema-service/src/main/resources/application.properties b/aai-schema-service/src/main/resources/application.properties index 8581348..bcdc887 100644 --- a/aai-schema-service/src/main/resources/application.properties +++ b/aai-schema-service/src/main/resources/application.properties @@ -32,17 +32,8 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=aai-schema-service/src/main/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8452 -# Server SSL Related Attributes -server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore -server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore -server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.client-auth=want -server.ssl.key-store-type=JKS # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema diff --git a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java index f2f91cb..7450d14 100644 --- a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java +++ b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java @@ -31,7 +31,6 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.onap.aai.exceptions.AAIException; -import org.onap.aai.schemaservice.config.PropertyPasswordConfiguration; import org.onap.aai.util.AAIConfig; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -42,15 +41,11 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; import org.springframework.web.client.RestTemplate; @SpringBootTest( webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = SchemaServiceApp.class) -// @TestPropertySource(locations = "classpath:application-test.properties") -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @Import(SchemaServiceTestConfiguration.class) public class SchemaServiceTest { diff --git a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java index e5a8632..a45696e 100644 --- a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java +++ b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java @@ -20,11 +20,7 @@ package org.onap.aai.schemaservice; -import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; -import java.security.KeyStore; import javax.net.ssl.SSLContext; @@ -65,25 +61,12 @@ public class SchemaServiceTestConfiguration { RestTemplate restTemplate = null; if (env.acceptsProfiles(Profiles.of("one-way-ssl", "two-way-ssl"))) { - char[] trustStorePassword = - env.getProperty("server.ssl.trust-store-password").toCharArray(); - char[] keyStorePassword = - env.getProperty("server.ssl.key-store-password").toCharArray(); - - String keyStore = env.getProperty("server.ssl.key-store"); - String trustStore = env.getProperty("server.ssl.trust-store"); - SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); - - if (env.acceptsProfiles(Profiles.of("two-way-ssl"))) { - sslContextBuilder = sslContextBuilder - .loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword); - } - - SSLContext sslContext = sslContextBuilder - .loadTrustMaterial(ResourceUtils.getFile(trustStore), trustStorePassword).build(); + SSLContext sslContext = SSLContextBuilder.create().build(); - HttpClient client = HttpClients.custom().setSSLContext(sslContext) - .setSSLHostnameVerifier((s, sslSession) -> true).build(); + HttpClient client = HttpClients.custom() + .setSSLContext(sslContext) + .setSSLHostnameVerifier((s, sslSession) -> true) + .build(); restTemplate = builder .requestFactory(() -> new HttpComponentsClientHttpRequestFactory(client)).build(); @@ -119,13 +102,4 @@ public class SchemaServiceTestConfiguration { return restTemplate; } - - private KeyStore loadPfx(String file, char[] password) throws Exception { - KeyStore keyStore = KeyStore.getInstance("PKCS12"); - File key = ResourceUtils.getFile(file); - try (InputStream in = new FileInputStream(key)) { - keyStore.load(in, password); - } - return keyStore; - } } diff --git a/aai-schema-service/src/test/resources/application.properties b/aai-schema-service/src/test/resources/application.properties index a711688..9235392 100644 --- a/aai-schema-service/src/test/resources/application.properties +++ b/aai-schema-service/src/test/resources/application.properties @@ -18,19 +18,8 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=src/main/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8452 -security.require-ssl=false -server.ssl.enabled=false -# Server SSL Related Attributes -#server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -#server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore -#server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -#server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore -#server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -#server.ssl.client-auth=want -#server.ssl.key-store-type=JKS # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.aai.aai-common</groupId> <artifactId>aai-parent</artifactId> - <version>1.15.2</version> + <version>1.15.4</version> </parent> <groupId>org.onap.aai.schema-service</groupId> <artifactId>schema-service</artifactId> @@ -52,7 +52,7 @@ <!-- GMaven plugin uses this property to figure out the name of the docker tag --> <aai.project.version>${project.version}</aai.project.version> <checkstyle.skip>false</checkstyle.skip> - <aai.common.version>1.15.2</aai.common.version> + <aai.common.version>1.15.5-SNAPSHOT</aai.common.version> <spring-cloud.version>2021.0.9</spring-cloud.version> </properties> <dependencyManagement> |