Add support for obfuscated keystore password

Issue-ID: AAI-989 Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668 Signed-off-by: da490c <dave.adams@amdocs.com>
author: da490c <dave.adams@amdocs.com> 2018-04-03 23:58:17 -0400
committer: da490c <dave.adams@amdocs.com> 2018-04-04 13:29:45 -0400
commit: 5ada29b64cb08cbddca09fd89517c4d75c77d330 (patch)
tree: 4e7433d1fd90bcf629f29c4c4cc3bfc8ac490208 /sparkybe-onap-application/src/main
parent: 49c08bd745ce620bb5d22cf8862b49f12a687b14 (diff)
6 files changed, 100 insertions, 17 deletions
diff --git a/sparkybe-onap-application/src/main/docker/Dockerfile b/sparkybe-onap-application/src/main/docker/Dockerfile
index f5e620c..ea68606 100644
--- a/sparkybe-onap-application/src/main/docker/Dockerfile
+++ b/sparkybe-onap-application/src/main/docker/Dockerfile
@@ -17,18 +17,16 @@ RUN export JAVA_HOME
 RUN mkdir -p $MICRO_HOME
 RUN mkdir -p $BIN_HOME
 RUN mkdir -p $MICRO_HOME/lib/
-RUN mkdir -p $MICRO_HOME/static/services/aai/webapp/
+RUN mkdir -p $MICRO_HOME/static/
 
 ADD *.jar $MICRO_HOME/lib/
 ADD scripts/* $MICRO_HOME/bin/
-COPY static/ $MICRO_HOME/static/services/aai/webapp/
+COPY static/ $MICRO_HOME/static/
 
 RUN chmod 755 $MICRO_HOME/bin/*
 RUN chmod 755 $MICRO_HOME/lib/*
 RUN chmod 755 $MICRO_HOME/static/*
 
-#RUN ls -la $BIN_HOME/
-
 RUN ln -s /logs $MICRO_HOME/logs
 
 EXPOSE 8000 8000
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
index 1077642..f4df67f 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
@@ -22,23 +22,59 @@ package org.onap.aai.sparky;
 
 import javax.servlet.Filter;
 
-import org.onap.aai.sparky.security.filter.LoginFilter;
-
 import org.apache.camel.component.servlet.CamelHttpTransportServlet;
+import org.onap.aai.sparky.config.PropertyPasswordConfiguration;
+import org.onap.aai.sparky.security.filter.LoginFilter;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class Application {
-
+  
+  private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled";
+  private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled";
+  
   private Filter loginFilter = new LoginFilter();
-
+   
   public static void main(String[] args) {
-    SpringApplication.run(Application.class, args);
+
+    setDefaultProperties();
+    SpringApplication app = new SpringApplication(Application.class);
+    app.addInitializers(new PropertyPasswordConfiguration());
+    app.run(args);
+    
+  }
+  
+  protected static void setDefaultProperties() {
+
+    /*
+     * By default we want ssl and portal integration, however it is possible to turn these off with
+     * properties for local development and interop in some situations.
+     */
+
+    if (System.getenv(SPARKY_SSL_ENABLED) == null) {
+      System.setProperty(SPARKY_SSL_ENABLED, "true");
+    } else {
+      System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED));
+    }
+
+    boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED));
+
+    if (sslEnabled) {
+      System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD"));
+      System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD"));
+    }
+
+    if (System.getenv(SPARKY_PORTAL_ENABLED) == null) {
+      System.setProperty(SPARKY_PORTAL_ENABLED, "true");
+    } else {
+      System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED));
+    }
+
   }
 
   /*
@@ -67,5 +103,4 @@ public class Application {
   }
 
 
-
 }
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
new file mode 100644
index 0000000..b554375
--- /dev/null
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
@@ -0,0 +1,50 @@
+package org.onap.aai.sparky.config;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.EnumerablePropertySource;
+import org.springframework.core.env.MapPropertySource;
+import org.springframework.core.env.PropertySource;
+
+public class PropertyPasswordConfiguration
+    implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+  private static final String JETTY_OBFUSCATION_PATTERN = "OBF:";
+
+  @Override
+  public void initialize(ConfigurableApplicationContext applicationContext) {
+    ConfigurableEnvironment environment = applicationContext.getEnvironment();
+    for (PropertySource<?> propertySource : environment.getPropertySources()) {
+      Map<String, Object> propertyOverrides = new LinkedHashMap<>();
+      decodePasswords(propertySource, propertyOverrides);
+      if (!propertyOverrides.isEmpty()) {
+        PropertySource<?> decodedProperties =
+            new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides);
+        environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
+      }
+    }
+
+  }
+
+  private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
+    if (source instanceof EnumerablePropertySource) {
+      EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
+      for (String key : enumerablePropertySource.getPropertyNames()) {
+        Object rawValue = source.getProperty(key);
+        if (rawValue instanceof String) {
+          String rawValueString = (String) rawValue;
+          if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) {
+            String decodedValue = Password.deobfuscate(rawValueString);
+            propertyOverrides.put(key, decodedValue);
+          }
+        }
+      }
+    }
+  }
+
+}
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
index 4c1d541..f6b739c 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 @Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
-@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
+@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
 public class SparkyHttpConfigLoader {
 
 }
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
index c493f64..c216ddd 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 @Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
-@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
+@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
 public class SparkySslConfigLoader {
 
 }
diff --git a/sparkybe-onap-application/src/main/scripts/start.sh b/sparkybe-onap-application/src/main/scripts/start.sh
index f2f6f31..e1a1e57 100644
--- a/sparkybe-onap-application/src/main/scripts/start.sh
+++ b/sparkybe-onap-application/src/main/scripts/start.sh
@@ -7,5 +7,5 @@ PROPS="-DAPP_HOME=${APP_HOME} -DCONFIG_HOME=${CONFIG_HOME}"
 
 set -x
 jar ufv ${APP_HOME}/lib/sparkybe-onap-application*.jar -C ${CONFIG_HOME}/portal/ BOOT-INF/classes/portal.properties
-java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar --sparky.ssl.enabled=${UI_SSL_ENABLED} --sparky.portal.enabled=${UI_PORTAL_ENABLED}
+java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar
author	da490c <dave.adams@amdocs.com>	2018-04-03 23:58:17 -0400
committer	da490c <dave.adams@amdocs.com>	2018-04-04 13:29:45 -0400
commit	5ada29b64cb08cbddca09fd89517c4d75c77d330 (patch)
tree	4e7433d1fd90bcf629f29c4c4cc3bfc8ac490208 /sparkybe-onap-application/src/main
parent	49c08bd745ce620bb5d22cf8862b49f12a687b14 (diff)