diff options
author | da490c <dave.adams@amdocs.com> | 2018-04-03 23:58:17 -0400 |
---|---|---|
committer | da490c <dave.adams@amdocs.com> | 2018-04-04 13:29:45 -0400 |
commit | 5ada29b64cb08cbddca09fd89517c4d75c77d330 (patch) | |
tree | 4e7433d1fd90bcf629f29c4c4cc3bfc8ac490208 /sparkybe-onap-application/src | |
parent | 49c08bd745ce620bb5d22cf8862b49f12a687b14 (diff) |
Add support for obfuscated keystore password
Issue-ID: AAI-989
Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668
Signed-off-by: da490c <dave.adams@amdocs.com>
Diffstat (limited to 'sparkybe-onap-application/src')
6 files changed, 100 insertions, 17 deletions
diff --git a/sparkybe-onap-application/src/main/docker/Dockerfile b/sparkybe-onap-application/src/main/docker/Dockerfile index f5e620c..ea68606 100644 --- a/sparkybe-onap-application/src/main/docker/Dockerfile +++ b/sparkybe-onap-application/src/main/docker/Dockerfile @@ -17,18 +17,16 @@ RUN export JAVA_HOME RUN mkdir -p $MICRO_HOME RUN mkdir -p $BIN_HOME RUN mkdir -p $MICRO_HOME/lib/ -RUN mkdir -p $MICRO_HOME/static/services/aai/webapp/ +RUN mkdir -p $MICRO_HOME/static/ ADD *.jar $MICRO_HOME/lib/ ADD scripts/* $MICRO_HOME/bin/ -COPY static/ $MICRO_HOME/static/services/aai/webapp/ +COPY static/ $MICRO_HOME/static/ RUN chmod 755 $MICRO_HOME/bin/* RUN chmod 755 $MICRO_HOME/lib/* RUN chmod 755 $MICRO_HOME/static/* -#RUN ls -la $BIN_HOME/ - RUN ln -s /logs $MICRO_HOME/logs EXPOSE 8000 8000 diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java index 1077642..f4df67f 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java @@ -22,23 +22,59 @@ package org.onap.aai.sparky; import javax.servlet.Filter; -import org.onap.aai.sparky.security.filter.LoginFilter; - import org.apache.camel.component.servlet.CamelHttpTransportServlet; +import org.onap.aai.sparky.config.PropertyPasswordConfiguration; +import org.onap.aai.sparky.security.filter.LoginFilter; import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.web.servlet.ServletRegistrationBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.annotation.Bean; @SpringBootApplication public class Application { - + + private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled"; + private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled"; + private Filter loginFilter = new LoginFilter(); - + public static void main(String[] args) { - SpringApplication.run(Application.class, args); + + setDefaultProperties(); + SpringApplication app = new SpringApplication(Application.class); + app.addInitializers(new PropertyPasswordConfiguration()); + app.run(args); + + } + + protected static void setDefaultProperties() { + + /* + * By default we want ssl and portal integration, however it is possible to turn these off with + * properties for local development and interop in some situations. + */ + + if (System.getenv(SPARKY_SSL_ENABLED) == null) { + System.setProperty(SPARKY_SSL_ENABLED, "true"); + } else { + System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED)); + } + + boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED)); + + if (sslEnabled) { + System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD")); + System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD")); + } + + if (System.getenv(SPARKY_PORTAL_ENABLED) == null) { + System.setProperty(SPARKY_PORTAL_ENABLED, "true"); + } else { + System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED)); + } + } /* @@ -67,5 +103,4 @@ public class Application { } - } diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java new file mode 100644 index 0000000..b554375 --- /dev/null +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java @@ -0,0 +1,50 @@ +package org.onap.aai.sparky.config; + +import java.util.LinkedHashMap; +import java.util.Map; + +import org.eclipse.jetty.util.security.Password; +import org.springframework.context.ApplicationContextInitializer; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.EnumerablePropertySource; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.PropertySource; + +public class PropertyPasswordConfiguration + implements ApplicationContextInitializer<ConfigurableApplicationContext> { + + private static final String JETTY_OBFUSCATION_PATTERN = "OBF:"; + + @Override + public void initialize(ConfigurableApplicationContext applicationContext) { + ConfigurableEnvironment environment = applicationContext.getEnvironment(); + for (PropertySource<?> propertySource : environment.getPropertySources()) { + Map<String, Object> propertyOverrides = new LinkedHashMap<>(); + decodePasswords(propertySource, propertyOverrides); + if (!propertyOverrides.isEmpty()) { + PropertySource<?> decodedProperties = + new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides); + environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); + } + } + + } + + private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) { + if (source instanceof EnumerablePropertySource) { + EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source; + for (String key : enumerablePropertySource.getPropertyNames()) { + Object rawValue = source.getProperty(key); + if (rawValue instanceof String) { + String rawValueString = (String) rawValue; + if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) { + String decodedValue = Password.deobfuscate(rawValueString); + propertyOverrides.put(key, decodedValue); + } + } + } + } + } + +} diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java index 4c1d541..f6b739c 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java @@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration -@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true") -@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties") +@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false") +@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties") public class SparkyHttpConfigLoader { } diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java index c493f64..c216ddd 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java @@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration -@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false") -@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties") +@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true") +@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties") public class SparkySslConfigLoader { } diff --git a/sparkybe-onap-application/src/main/scripts/start.sh b/sparkybe-onap-application/src/main/scripts/start.sh index f2f6f31..e1a1e57 100644 --- a/sparkybe-onap-application/src/main/scripts/start.sh +++ b/sparkybe-onap-application/src/main/scripts/start.sh @@ -7,5 +7,5 @@ PROPS="-DAPP_HOME=${APP_HOME} -DCONFIG_HOME=${CONFIG_HOME}" set -x jar ufv ${APP_HOME}/lib/sparkybe-onap-application*.jar -C ${CONFIG_HOME}/portal/ BOOT-INF/classes/portal.properties -java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar --sparky.ssl.enabled=${UI_SSL_ENABLED} --sparky.portal.enabled=${UI_PORTAL_ENABLED} +java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar |