diff options
| author |   da490c <dave.adams@amdocs.com> | 2018-04-03 23:58:17 -0400 |
|---|---|---|
| committer | da490c <dave.adams@amdocs.com> | 2018-04-04 13:29:45 -0400 |
| commit | 5ada29b64cb08cbddca09fd89517c4d75c77d330 (patch) | |
| tree | 4e7433d1fd90bcf629f29c4c4cc3bfc8ac490208 | |
| parent | 49c08bd745ce620bb5d22cf8862b49f12a687b14 (diff) | |
Add support for obfuscated keystore password
Issue-ID: AAI-989
Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668
Signed-off-by: da490c <dave.adams@amdocs.com>
7 files changed, 126 insertions, 43 deletions
diff --git a/sparkybe-onap-application/pom.xml b/sparkybe-onap-application/pom.xml index e68439b..e58e54a 100644 --- a/sparkybe-onap-application/pom.xml +++ b/sparkybe-onap-application/pom.xml @@ -28,9 +28,6 @@ <docker.image.name>sparky-be</docker.image.name> </properties> - - - <dependencyManagement> <dependencies> @@ -109,8 +106,8 @@ </dependency> <!-- https://mvnrepository.com/artifact/com.sun.xml.bind/jaxb-impl --> - <!-- <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-impl</artifactId> - </dependency> <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-core</artifactId> + <!-- <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-impl</artifactId> + </dependency> <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-core</artifactId> </dependency> --> <!-- Camel --> @@ -165,17 +162,17 @@ <version>1.2</version> </dependency> - <!-- <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-jasper</artifactId> + <!-- <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-jasper</artifactId> </dependency> --> <!-- https://mvnrepository.com/artifact/org.apache.camel/camel-http-common --> - <!-- <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-http</artifactId> - <version>2.15.5</version> </dependency> <dependency> <groupId>abc.def</groupId> - <artifactId>att-camel-dme2-servlet</artifactId> <version>2.15.5</version> - <scope>system</scope> <systemPath>x:/222/att-camel-dme2-servlet-2.15.5.jar</systemPath> - </dependency> <dependency> <groupId>abc.def</groupId> <artifactId>att-camel-static-content</artifactId> - <version>2.11.2.1</version> <scope>system</scope> <systemPath>x:/222/att-camel-static-content-2.11.2.1.jar</systemPath> + <!-- <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-http</artifactId> + <version>2.15.5</version> </dependency> <dependency> <groupId>abc.def</groupId> + <artifactId>att-camel-dme2-servlet</artifactId> <version>2.15.5</version> + <scope>system</scope> <systemPath>x:/222/att-camel-dme2-servlet-2.15.5.jar</systemPath> + </dependency> <dependency> <groupId>abc.def</groupId> <artifactId>att-camel-static-content</artifactId> + <version>2.11.2.1</version> <scope>system</scope> <systemPath>x:/222/att-camel-static-content-2.11.2.1.jar</systemPath> </dependency> --> <!-- Utility dependencies --> @@ -389,7 +386,7 @@ </folders> </configuration> </plugin> - + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> @@ -464,14 +461,14 @@ <artifactId>${frontEndArtifactId}</artifactId> <version>${frontEndVersion}</version> <type>war</type> - <outputDirectory>${basedir}/target/static/</outputDirectory> + <outputDirectory>${basedir}/target/static/services/aai/webapp/</outputDirectory> </artifactItem> </artifactItems> </configuration> </execution> </executions> - </plugin> - + </plugin> + <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> @@ -524,12 +521,12 @@ </configuration> </plugin> - <!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> - <version>2.7</version> <executions> <execution> <id>copy-docker-file</id> - <phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> - <outputDirectory>target</outputDirectory> <overwrite>true</overwrite> <resources> - <resource> <directory>${basedir}/src/main/docker</directory> <filtering>true</filtering> - <includes> <include>**/*</include> </includes> </resource> <resource> <directory>${basedir}/src/main/scripts/</directory> + <!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> + <version>2.7</version> <executions> <execution> <id>copy-docker-file</id> + <phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> + <outputDirectory>target</outputDirectory> <overwrite>true</overwrite> <resources> + <resource> <directory>${basedir}/src/main/docker</directory> <filtering>true</filtering> + <includes> <include>**/*</include> </includes> </resource> <resource> <directory>${basedir}/src/main/scripts/</directory> </resource> </resources> </configuration> </execution> </executions> </plugin> --> <plugin> <groupId>com.spotify</groupId> @@ -547,10 +544,10 @@ </configuration> </plugin> <!-- license plugin --> - <!-- <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> - <version>3.0</version> <configuration> <header>LICENSE</header> <includes> - <include>src/main/java/**</include> </includes> </configuration> <executions> - <execution> <goals> <goal>format</goal> </goals> <phase>process-sources</phase> + <!-- <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> + <version>3.0</version> <configuration> <header>LICENSE</header> <includes> + <include>src/main/java/**</include> </includes> </configuration> <executions> + <execution> <goals> <goal>format</goal> </goals> <phase>process-sources</phase> </execution> </executions> </plugin> --> </plugins> </build> @@ -568,3 +565,6 @@ </distributionManagement> </project> + + + diff --git a/sparkybe-onap-application/src/main/docker/Dockerfile b/sparkybe-onap-application/src/main/docker/Dockerfile index f5e620c..ea68606 100644 --- a/sparkybe-onap-application/src/main/docker/Dockerfile +++ b/sparkybe-onap-application/src/main/docker/Dockerfile @@ -17,18 +17,16 @@ RUN export JAVA_HOME RUN mkdir -p $MICRO_HOME RUN mkdir -p $BIN_HOME RUN mkdir -p $MICRO_HOME/lib/ -RUN mkdir -p $MICRO_HOME/static/services/aai/webapp/ +RUN mkdir -p $MICRO_HOME/static/ ADD *.jar $MICRO_HOME/lib/ ADD scripts/* $MICRO_HOME/bin/ -COPY static/ $MICRO_HOME/static/services/aai/webapp/ +COPY static/ $MICRO_HOME/static/ RUN chmod 755 $MICRO_HOME/bin/* RUN chmod 755 $MICRO_HOME/lib/* RUN chmod 755 $MICRO_HOME/static/* -#RUN ls -la $BIN_HOME/ - RUN ln -s /logs $MICRO_HOME/logs EXPOSE 8000 8000 diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java index 1077642..f4df67f 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java @@ -22,23 +22,59 @@ package org.onap.aai.sparky; import javax.servlet.Filter; -import org.onap.aai.sparky.security.filter.LoginFilter; - import org.apache.camel.component.servlet.CamelHttpTransportServlet; +import org.onap.aai.sparky.config.PropertyPasswordConfiguration; +import org.onap.aai.sparky.security.filter.LoginFilter; import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.web.servlet.ServletRegistrationBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.annotation.Bean; @SpringBootApplication public class Application { - + + private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled"; + private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled"; + private Filter loginFilter = new LoginFilter(); - + public static void main(String[] args) { - SpringApplication.run(Application.class, args); + + setDefaultProperties(); + SpringApplication app = new SpringApplication(Application.class); + app.addInitializers(new PropertyPasswordConfiguration()); + app.run(args); + + } + + protected static void setDefaultProperties() { + + /* + * By default we want ssl and portal integration, however it is possible to turn these off with + * properties for local development and interop in some situations. + */ + + if (System.getenv(SPARKY_SSL_ENABLED) == null) { + System.setProperty(SPARKY_SSL_ENABLED, "true"); + } else { + System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED)); + } + + boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED)); + + if (sslEnabled) { + System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD")); + System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD")); + } + + if (System.getenv(SPARKY_PORTAL_ENABLED) == null) { + System.setProperty(SPARKY_PORTAL_ENABLED, "true"); + } else { + System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED)); + } + } /* @@ -67,5 +103,4 @@ public class Application { } - } diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java new file mode 100644 index 0000000..b554375 --- /dev/null +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java @@ -0,0 +1,50 @@ +package org.onap.aai.sparky.config; + +import java.util.LinkedHashMap; +import java.util.Map; + +import org.eclipse.jetty.util.security.Password; +import org.springframework.context.ApplicationContextInitializer; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.EnumerablePropertySource; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.PropertySource; + +public class PropertyPasswordConfiguration + implements ApplicationContextInitializer<ConfigurableApplicationContext> { + + private static final String JETTY_OBFUSCATION_PATTERN = "OBF:"; + + @Override + public void initialize(ConfigurableApplicationContext applicationContext) { + ConfigurableEnvironment environment = applicationContext.getEnvironment(); + for (PropertySource<?> propertySource : environment.getPropertySources()) { + Map<String, Object> propertyOverrides = new LinkedHashMap<>(); + decodePasswords(propertySource, propertyOverrides); + if (!propertyOverrides.isEmpty()) { + PropertySource<?> decodedProperties = + new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides); + environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); + } + } + + } + + private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) { + if (source instanceof EnumerablePropertySource) { + EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source; + for (String key : enumerablePropertySource.getPropertyNames()) { + Object rawValue = source.getProperty(key); + if (rawValue instanceof String) { + String rawValueString = (String) rawValue; + if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) { + String decodedValue = Password.deobfuscate(rawValueString); + propertyOverrides.put(key, decodedValue); + } + } + } + } + } + +} diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java index 4c1d541..f6b739c 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java @@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration -@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true") -@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties") +@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false") +@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties") public class SparkyHttpConfigLoader { } diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java index c493f64..c216ddd 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java @@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration -@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false") -@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties") +@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true") +@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties") public class SparkySslConfigLoader { } diff --git a/sparkybe-onap-application/src/main/scripts/start.sh b/sparkybe-onap-application/src/main/scripts/start.sh index f2f6f31..e1a1e57 100644 --- a/sparkybe-onap-application/src/main/scripts/start.sh +++ b/sparkybe-onap-application/src/main/scripts/start.sh @@ -7,5 +7,5 @@ PROPS="-DAPP_HOME=${APP_HOME} -DCONFIG_HOME=${CONFIG_HOME}" set -x jar ufv ${APP_HOME}/lib/sparkybe-onap-application*.jar -C ${CONFIG_HOME}/portal/ BOOT-INF/classes/portal.properties -java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar --sparky.ssl.enabled=${UI_SSL_ENABLED} --sparky.portal.enabled=${UI_PORTAL_ENABLED} +java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar |