summaryrefslogtreecommitdiffstats
path: root/sparkybe-onap-application/src/main
diff options
context:
space:
mode:
authorda490c <dave.adams@amdocs.com>2018-04-03 23:58:17 -0400
committerda490c <dave.adams@amdocs.com>2018-04-04 13:29:45 -0400
commit5ada29b64cb08cbddca09fd89517c4d75c77d330 (patch)
tree4e7433d1fd90bcf629f29c4c4cc3bfc8ac490208 /sparkybe-onap-application/src/main
parent49c08bd745ce620bb5d22cf8862b49f12a687b14 (diff)
Add support for obfuscated keystore password
Issue-ID: AAI-989 Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668 Signed-off-by: da490c <dave.adams@amdocs.com>
Diffstat (limited to 'sparkybe-onap-application/src/main')
-rw-r--r--sparkybe-onap-application/src/main/docker/Dockerfile6
-rw-r--r--sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java51
-rw-r--r--sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java50
-rw-r--r--sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java4
-rw-r--r--sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java4
-rw-r--r--sparkybe-onap-application/src/main/scripts/start.sh2
6 files changed, 100 insertions, 17 deletions
diff --git a/sparkybe-onap-application/src/main/docker/Dockerfile b/sparkybe-onap-application/src/main/docker/Dockerfile
index f5e620c..ea68606 100644
--- a/sparkybe-onap-application/src/main/docker/Dockerfile
+++ b/sparkybe-onap-application/src/main/docker/Dockerfile
@@ -17,18 +17,16 @@ RUN export JAVA_HOME
RUN mkdir -p $MICRO_HOME
RUN mkdir -p $BIN_HOME
RUN mkdir -p $MICRO_HOME/lib/
-RUN mkdir -p $MICRO_HOME/static/services/aai/webapp/
+RUN mkdir -p $MICRO_HOME/static/
ADD *.jar $MICRO_HOME/lib/
ADD scripts/* $MICRO_HOME/bin/
-COPY static/ $MICRO_HOME/static/services/aai/webapp/
+COPY static/ $MICRO_HOME/static/
RUN chmod 755 $MICRO_HOME/bin/*
RUN chmod 755 $MICRO_HOME/lib/*
RUN chmod 755 $MICRO_HOME/static/*
-#RUN ls -la $BIN_HOME/
-
RUN ln -s /logs $MICRO_HOME/logs
EXPOSE 8000 8000
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
index 1077642..f4df67f 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
@@ -22,23 +22,59 @@ package org.onap.aai.sparky;
import javax.servlet.Filter;
-import org.onap.aai.sparky.security.filter.LoginFilter;
-
import org.apache.camel.component.servlet.CamelHttpTransportServlet;
+import org.onap.aai.sparky.config.PropertyPasswordConfiguration;
+import org.onap.aai.sparky.security.filter.LoginFilter;
import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class Application {
-
+
+ private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled";
+ private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled";
+
private Filter loginFilter = new LoginFilter();
-
+
public static void main(String[] args) {
- SpringApplication.run(Application.class, args);
+
+ setDefaultProperties();
+ SpringApplication app = new SpringApplication(Application.class);
+ app.addInitializers(new PropertyPasswordConfiguration());
+ app.run(args);
+
+ }
+
+ protected static void setDefaultProperties() {
+
+ /*
+ * By default we want ssl and portal integration, however it is possible to turn these off with
+ * properties for local development and interop in some situations.
+ */
+
+ if (System.getenv(SPARKY_SSL_ENABLED) == null) {
+ System.setProperty(SPARKY_SSL_ENABLED, "true");
+ } else {
+ System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED));
+ }
+
+ boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED));
+
+ if (sslEnabled) {
+ System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD"));
+ System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD"));
+ }
+
+ if (System.getenv(SPARKY_PORTAL_ENABLED) == null) {
+ System.setProperty(SPARKY_PORTAL_ENABLED, "true");
+ } else {
+ System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED));
+ }
+
}
/*
@@ -67,5 +103,4 @@ public class Application {
}
-
}
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
new file mode 100644
index 0000000..b554375
--- /dev/null
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
@@ -0,0 +1,50 @@
+package org.onap.aai.sparky.config;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.EnumerablePropertySource;
+import org.springframework.core.env.MapPropertySource;
+import org.springframework.core.env.PropertySource;
+
+public class PropertyPasswordConfiguration
+ implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+ private static final String JETTY_OBFUSCATION_PATTERN = "OBF:";
+
+ @Override
+ public void initialize(ConfigurableApplicationContext applicationContext) {
+ ConfigurableEnvironment environment = applicationContext.getEnvironment();
+ for (PropertySource<?> propertySource : environment.getPropertySources()) {
+ Map<String, Object> propertyOverrides = new LinkedHashMap<>();
+ decodePasswords(propertySource, propertyOverrides);
+ if (!propertyOverrides.isEmpty()) {
+ PropertySource<?> decodedProperties =
+ new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides);
+ environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
+ }
+ }
+
+ }
+
+ private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
+ if (source instanceof EnumerablePropertySource) {
+ EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
+ for (String key : enumerablePropertySource.getPropertyNames()) {
+ Object rawValue = source.getProperty(key);
+ if (rawValue instanceof String) {
+ String rawValueString = (String) rawValue;
+ if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) {
+ String decodedValue = Password.deobfuscate(rawValueString);
+ propertyOverrides.put(key, decodedValue);
+ }
+ }
+ }
+ }
+ }
+
+}
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
index 4c1d541..f6b739c 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
@Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
-@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
+@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
public class SparkyHttpConfigLoader {
}
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
index c493f64..c216ddd 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
@Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
-@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
+@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
public class SparkySslConfigLoader {
}
diff --git a/sparkybe-onap-application/src/main/scripts/start.sh b/sparkybe-onap-application/src/main/scripts/start.sh
index f2f6f31..e1a1e57 100644
--- a/sparkybe-onap-application/src/main/scripts/start.sh
+++ b/sparkybe-onap-application/src/main/scripts/start.sh
@@ -7,5 +7,5 @@ PROPS="-DAPP_HOME=${APP_HOME} -DCONFIG_HOME=${CONFIG_HOME}"
set -x
jar ufv ${APP_HOME}/lib/sparkybe-onap-application*.jar -C ${CONFIG_HOME}/portal/ BOOT-INF/classes/portal.properties
-java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar --sparky.ssl.enabled=${UI_SSL_ENABLED} --sparky.portal.enabled=${UI_PORTAL_ENABLED}
+java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar