From 5ada29b64cb08cbddca09fd89517c4d75c77d330 Mon Sep 17 00:00:00 2001
From: da490c <dave.adams@amdocs.com>
Date: Tue, 3 Apr 2018 23:58:17 -0400
Subject: Add support for obfuscated keystore password

Issue-ID: AAI-989
Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668
Signed-off-by: da490c <dave.adams@amdocs.com>
---
 .../main/java/org/onap/aai/sparky/Application.java | 51 ++++++++++++++++++----
 .../config/PropertyPasswordConfiguration.java      | 50 +++++++++++++++++++++
 .../aai/sparky/config/SparkyHttpConfigLoader.java  |  4 +-
 .../aai/sparky/config/SparkySslConfigLoader.java   |  4 +-
 4 files changed, 97 insertions(+), 12 deletions(-)
 create mode 100644 sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java

(limited to 'sparkybe-onap-application/src/main/java')

diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
index 1077642..f4df67f 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
@@ -22,23 +22,59 @@ package org.onap.aai.sparky;
 
 import javax.servlet.Filter;
 
-import org.onap.aai.sparky.security.filter.LoginFilter;
-
 import org.apache.camel.component.servlet.CamelHttpTransportServlet;
+import org.onap.aai.sparky.config.PropertyPasswordConfiguration;
+import org.onap.aai.sparky.security.filter.LoginFilter;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class Application {
-
+  
+  private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled";
+  private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled";
+  
   private Filter loginFilter = new LoginFilter();
-
+   
   public static void main(String[] args) {
-    SpringApplication.run(Application.class, args);
+
+    setDefaultProperties();
+    SpringApplication app = new SpringApplication(Application.class);
+    app.addInitializers(new PropertyPasswordConfiguration());
+    app.run(args);
+    
+  }
+  
+  protected static void setDefaultProperties() {
+
+    /*
+     * By default we want ssl and portal integration, however it is possible to turn these off with
+     * properties for local development and interop in some situations.
+     */
+
+    if (System.getenv(SPARKY_SSL_ENABLED) == null) {
+      System.setProperty(SPARKY_SSL_ENABLED, "true");
+    } else {
+      System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED));
+    }
+
+    boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED));
+
+    if (sslEnabled) {
+      System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD"));
+      System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD"));
+    }
+
+    if (System.getenv(SPARKY_PORTAL_ENABLED) == null) {
+      System.setProperty(SPARKY_PORTAL_ENABLED, "true");
+    } else {
+      System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED));
+    }
+
   }
 
   /*
@@ -67,5 +103,4 @@ public class Application {
   }
 
 
-
 }
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
new file mode 100644
index 0000000..b554375
--- /dev/null
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
@@ -0,0 +1,50 @@
+package org.onap.aai.sparky.config;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.EnumerablePropertySource;
+import org.springframework.core.env.MapPropertySource;
+import org.springframework.core.env.PropertySource;
+
+public class PropertyPasswordConfiguration
+    implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+  private static final String JETTY_OBFUSCATION_PATTERN = "OBF:";
+
+  @Override
+  public void initialize(ConfigurableApplicationContext applicationContext) {
+    ConfigurableEnvironment environment = applicationContext.getEnvironment();
+    for (PropertySource<?> propertySource : environment.getPropertySources()) {
+      Map<String, Object> propertyOverrides = new LinkedHashMap<>();
+      decodePasswords(propertySource, propertyOverrides);
+      if (!propertyOverrides.isEmpty()) {
+        PropertySource<?> decodedProperties =
+            new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides);
+        environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
+      }
+    }
+
+  }
+
+  private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
+    if (source instanceof EnumerablePropertySource) {
+      EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
+      for (String key : enumerablePropertySource.getPropertyNames()) {
+        Object rawValue = source.getProperty(key);
+        if (rawValue instanceof String) {
+          String rawValueString = (String) rawValue;
+          if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) {
+            String decodedValue = Password.deobfuscate(rawValueString);
+            propertyOverrides.put(key, decodedValue);
+          }
+        }
+      }
+    }
+  }
+
+}
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
index 4c1d541..f6b739c 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 @Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
-@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
+@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
 public class SparkyHttpConfigLoader {
 
 }
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
index c493f64..c216ddd 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 @Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
-@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
+@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
 public class SparkySslConfigLoader {
 
 }
-- 
cgit 1.2.3-korg