From 5ada29b64cb08cbddca09fd89517c4d75c77d330 Mon Sep 17 00:00:00 2001 From: da490c Date: Tue, 3 Apr 2018 23:58:17 -0400 Subject: Add support for obfuscated keystore password Issue-ID: AAI-989 Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668 Signed-off-by: da490c --- .../src/main/docker/Dockerfile | 6 +-- .../main/java/org/onap/aai/sparky/Application.java | 51 ++++++++++++++++++---- .../config/PropertyPasswordConfiguration.java | 50 +++++++++++++++++++++ .../aai/sparky/config/SparkyHttpConfigLoader.java | 4 +- .../aai/sparky/config/SparkySslConfigLoader.java | 4 +- .../src/main/scripts/start.sh | 2 +- 6 files changed, 100 insertions(+), 17 deletions(-) create mode 100644 sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java (limited to 'sparkybe-onap-application/src/main') diff --git a/sparkybe-onap-application/src/main/docker/Dockerfile b/sparkybe-onap-application/src/main/docker/Dockerfile index f5e620c..ea68606 100644 --- a/sparkybe-onap-application/src/main/docker/Dockerfile +++ b/sparkybe-onap-application/src/main/docker/Dockerfile @@ -17,18 +17,16 @@ RUN export JAVA_HOME RUN mkdir -p $MICRO_HOME RUN mkdir -p $BIN_HOME RUN mkdir -p $MICRO_HOME/lib/ -RUN mkdir -p $MICRO_HOME/static/services/aai/webapp/ +RUN mkdir -p $MICRO_HOME/static/ ADD *.jar $MICRO_HOME/lib/ ADD scripts/* $MICRO_HOME/bin/ -COPY static/ $MICRO_HOME/static/services/aai/webapp/ +COPY static/ $MICRO_HOME/static/ RUN chmod 755 $MICRO_HOME/bin/* RUN chmod 755 $MICRO_HOME/lib/* RUN chmod 755 $MICRO_HOME/static/* -#RUN ls -la $BIN_HOME/ - RUN ln -s /logs $MICRO_HOME/logs EXPOSE 8000 8000 diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java index 1077642..f4df67f 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java @@ -22,23 +22,59 @@ package org.onap.aai.sparky; import javax.servlet.Filter; -import org.onap.aai.sparky.security.filter.LoginFilter; - import org.apache.camel.component.servlet.CamelHttpTransportServlet; +import org.onap.aai.sparky.config.PropertyPasswordConfiguration; +import org.onap.aai.sparky.security.filter.LoginFilter; import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.web.servlet.ServletRegistrationBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.annotation.Bean; @SpringBootApplication public class Application { - + + private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled"; + private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled"; + private Filter loginFilter = new LoginFilter(); - + public static void main(String[] args) { - SpringApplication.run(Application.class, args); + + setDefaultProperties(); + SpringApplication app = new SpringApplication(Application.class); + app.addInitializers(new PropertyPasswordConfiguration()); + app.run(args); + + } + + protected static void setDefaultProperties() { + + /* + * By default we want ssl and portal integration, however it is possible to turn these off with + * properties for local development and interop in some situations. + */ + + if (System.getenv(SPARKY_SSL_ENABLED) == null) { + System.setProperty(SPARKY_SSL_ENABLED, "true"); + } else { + System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED)); + } + + boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED)); + + if (sslEnabled) { + System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD")); + System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD")); + } + + if (System.getenv(SPARKY_PORTAL_ENABLED) == null) { + System.setProperty(SPARKY_PORTAL_ENABLED, "true"); + } else { + System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED)); + } + } /* @@ -67,5 +103,4 @@ public class Application { } - } diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java new file mode 100644 index 0000000..b554375 --- /dev/null +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java @@ -0,0 +1,50 @@ +package org.onap.aai.sparky.config; + +import java.util.LinkedHashMap; +import java.util.Map; + +import org.eclipse.jetty.util.security.Password; +import org.springframework.context.ApplicationContextInitializer; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.EnumerablePropertySource; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.PropertySource; + +public class PropertyPasswordConfiguration + implements ApplicationContextInitializer { + + private static final String JETTY_OBFUSCATION_PATTERN = "OBF:"; + + @Override + public void initialize(ConfigurableApplicationContext applicationContext) { + ConfigurableEnvironment environment = applicationContext.getEnvironment(); + for (PropertySource propertySource : environment.getPropertySources()) { + Map propertyOverrides = new LinkedHashMap<>(); + decodePasswords(propertySource, propertyOverrides); + if (!propertyOverrides.isEmpty()) { + PropertySource decodedProperties = + new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides); + environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); + } + } + + } + + private void decodePasswords(PropertySource source, Map propertyOverrides) { + if (source instanceof EnumerablePropertySource) { + EnumerablePropertySource enumerablePropertySource = (EnumerablePropertySource) source; + for (String key : enumerablePropertySource.getPropertyNames()) { + Object rawValue = source.getProperty(key); + if (rawValue instanceof String) { + String rawValueString = (String) rawValue; + if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) { + String decodedValue = Password.deobfuscate(rawValueString); + propertyOverrides.put(key, decodedValue); + } + } + } + } + } + +} diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java index 4c1d541..f6b739c 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java @@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration -@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true") -@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties") +@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false") +@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties") public class SparkyHttpConfigLoader { } diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java index c493f64..c216ddd 100644 --- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java +++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java @@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration -@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false") -@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties") +@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true") +@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties") public class SparkySslConfigLoader { } diff --git a/sparkybe-onap-application/src/main/scripts/start.sh b/sparkybe-onap-application/src/main/scripts/start.sh index f2f6f31..e1a1e57 100644 --- a/sparkybe-onap-application/src/main/scripts/start.sh +++ b/sparkybe-onap-application/src/main/scripts/start.sh @@ -7,5 +7,5 @@ PROPS="-DAPP_HOME=${APP_HOME} -DCONFIG_HOME=${CONFIG_HOME}" set -x jar ufv ${APP_HOME}/lib/sparkybe-onap-application*.jar -C ${CONFIG_HOME}/portal/ BOOT-INF/classes/portal.properties -java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar --sparky.ssl.enabled=${UI_SSL_ENABLED} --sparky.portal.enabled=${UI_PORTAL_ENABLED} +java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar -- cgit 1.2.3-korg