Merge "Update the code to read aaf generated passwords"

2 files changed, 90 insertions, 12 deletions

diff --git a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
index a4b4313..0d2ff88 100644
--- a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
+++ b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java
@@ -19,30 +19,95 @@
  */
 package org.onap.aai.config;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.util.LinkedHashMap;
 import java.util.Map;
-import java.util.Optional;
+import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import org.apache.commons.io.IOUtils;
 import org.springframework.context.ApplicationContextInitializer;
 import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.core.env.CompositePropertySource;
-import org.springframework.core.env.ConfigurableEnvironment;
-import org.springframework.core.env.EnumerablePropertySource;
-import org.springframework.core.env.MapPropertySource;
-import org.springframework.core.env.PropertySource;
-import org.springframework.stereotype.Component;
+import org.springframework.core.env.*;
 
 public class PropertyPasswordConfiguration implements ApplicationContextInitializer<ConfigurableApplicationContext> {
 
     private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)");
-
     private PasswordDecoder passwordDecoder = new JettyPasswordDecoder();
+    private static final EELFLogger logger = EELFManager.getInstance().getLogger(PropertyPasswordConfiguration.class.getName());
 
     @Override
     public void initialize(ConfigurableApplicationContext applicationContext) {
         ConfigurableEnvironment environment = applicationContext.getEnvironment();
+        String certPath = environment.getProperty("server.certs.location");
+        File passwordFile = null;
+        File passphrasesFile = null;
+        InputStream passwordStream = null;
+        InputStream passphrasesStream = null;
+        Map<String, Object> sslProps = new LinkedHashMap<>();
+
+        // Override the passwords from application.properties if we find AAF certman files
+        if (certPath != null) {
+            try {
+                passwordFile = new File(certPath + ".password");
+                passwordStream = new FileInputStream(passwordFile);
+
+                if (passwordStream != null) {
+                    String keystorePassword = null;
+
+                    keystorePassword = IOUtils.toString(passwordStream);
+                    if (keystorePassword != null) {
+                        keystorePassword = keystorePassword.trim();
+                    }
+                    sslProps.put("server.ssl.key-store-password", keystorePassword);
+                    sslProps.put("schema.service.ssl.key-store-password", keystorePassword);
+                } else {
+                    logger.info("Not using AAF Certman password file");
+                }
+            } catch (IOException e) {
+                logger.warn("Not using AAF Certman password file, e=" + e.getMessage());
+            } finally {
+                if (passwordStream != null) {
+                    try {
+                        passwordStream.close();
+                    } catch (Exception e) {
+                    }
+                }
+            }
+            try {
+                passphrasesFile = new File(certPath + ".passphrases");
+                passphrasesStream = new FileInputStream(passphrasesFile);
+
+                if (passphrasesStream != null) {
+                    String truststorePassword = null;
+                    Properties passphrasesProps = new Properties();
+                    passphrasesProps.load(passphrasesStream);
+                    truststorePassword = passphrasesProps.getProperty("cadi_truststore_password");
+                    if (truststorePassword != null) {
+                        truststorePassword = truststorePassword.trim();
+                    }
+                    sslProps.put("server.ssl.trust-store-password", truststorePassword);
+                    sslProps.put("schema.service.ssl.trust-store-password", truststorePassword);
+                } else {
+                    logger.info("Not using AAF Certman passphrases file");
+                }
+            } catch (IOException e) {
+                logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage());
+            } finally {
+                if (passphrasesStream != null) {
+                    try {
+                        passphrasesStream.close();
+                    } catch (Exception e) {
+                    }
+                }
+            }
+        }
         for (PropertySource<?> propertySource : environment.getPropertySources()) {
             Map<String, Object> propertyOverrides = new LinkedHashMap<>();
             decodePasswords(propertySource, propertyOverrides);
@@ -50,6 +115,12 @@ public class PropertyPasswordConfiguration implements ApplicationContextInitiali
                 PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
                 environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
             }
+
+        }
+        if (!sslProps.isEmpty()) {
+            logger.info("Using AAF Certman files");
+            PropertySource<?> additionalProperties = new MapPropertySource("additionalProperties", sslProps);
+            environment.getPropertySources().addFirst(additionalProperties);
         }
     }
 
diff --git a/aai-traversal/src/main/resources/application.properties b/aai-traversal/src/main/resources/application.properties
index 1f57c7d..f44bed4 100644
--- a/aai-traversal/src/main/resources/application.properties
+++ b/aai-traversal/src/main/resources/application.properties
@@ -35,9 +35,15 @@ server.ssl.key-store-type=JKS
 
 # Start of Internal Specific Properties
 spring.profiles.active=production,one-way-ssl
-server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
+###
+server.certs.location=${server.local.startpath}etc/auth/
+server.keystore.name.pkcs12=aai_keystore
+server.keystore.name=aai_keystore
+server.truststore.name=aai_keystore
+###
+server.ssl.key-store=${server.certs.location}${server.keystore.name}
 server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
+server.ssl.trust-store=${server.certs.location}${server.truststore.name}
 server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
 
 schema.version.list=v10,v11,v12,v13,v14,v15,v16
@@ -86,8 +92,9 @@ schema.service.edges.endpoint=edgerules?version=
 schema.service.versions.endpoint=versions
 schema.service.custom.queries.endpoint=stored-queries
 
-schema.service.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
-schema.service.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
+schema.service.ssl.key-store=${server.certs.location}${server.keystore.name.pkcs12}
+schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name}
+
 schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
 schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
 schema.service.versions.override=false