diff options
author | James Forsyth <jf2512@att.com> | 2019-11-15 21:34:48 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-11-15 21:34:48 +0000 |
commit | 03842e7455feca17efe26025b951cbb7c6752622 (patch) | |
tree | e52e93377e9c7e5e2ea51843968b5146517e1383 /aai-traversal/src/main | |
parent | 36f15e43d11c73bd1dfcb10674150b9dda4c4744 (diff) | |
parent | efaba4825cbe90116acf30b2117a790f5aec53aa (diff) |
Merge "Update the code to read aaf generated passwords"
Diffstat (limited to 'aai-traversal/src/main')
-rw-r--r-- | aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java | 87 | ||||
-rw-r--r-- | aai-traversal/src/main/resources/application.properties | 15 |
2 files changed, 90 insertions, 12 deletions
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java index a4b4313..0d2ff88 100644 --- a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java +++ b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java @@ -19,30 +19,95 @@ */ package org.onap.aai.config; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; import java.util.LinkedHashMap; import java.util.Map; -import java.util.Optional; +import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.apache.commons.io.IOUtils; import org.springframework.context.ApplicationContextInitializer; import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.CompositePropertySource; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.core.env.EnumerablePropertySource; -import org.springframework.core.env.MapPropertySource; -import org.springframework.core.env.PropertySource; -import org.springframework.stereotype.Component; +import org.springframework.core.env.*; public class PropertyPasswordConfiguration implements ApplicationContextInitializer<ConfigurableApplicationContext> { private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); - private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); + private static final EELFLogger logger = EELFManager.getInstance().getLogger(PropertyPasswordConfiguration.class.getName()); @Override public void initialize(ConfigurableApplicationContext applicationContext) { ConfigurableEnvironment environment = applicationContext.getEnvironment(); + String certPath = environment.getProperty("server.certs.location"); + File passwordFile = null; + File passphrasesFile = null; + InputStream passwordStream = null; + InputStream passphrasesStream = null; + Map<String, Object> sslProps = new LinkedHashMap<>(); + + // Override the passwords from application.properties if we find AAF certman files + if (certPath != null) { + try { + passwordFile = new File(certPath + ".password"); + passwordStream = new FileInputStream(passwordFile); + + if (passwordStream != null) { + String keystorePassword = null; + + keystorePassword = IOUtils.toString(passwordStream); + if (keystorePassword != null) { + keystorePassword = keystorePassword.trim(); + } + sslProps.put("server.ssl.key-store-password", keystorePassword); + sslProps.put("schema.service.ssl.key-store-password", keystorePassword); + } else { + logger.info("Not using AAF Certman password file"); + } + } catch (IOException e) { + logger.warn("Not using AAF Certman password file, e=" + e.getMessage()); + } finally { + if (passwordStream != null) { + try { + passwordStream.close(); + } catch (Exception e) { + } + } + } + try { + passphrasesFile = new File(certPath + ".passphrases"); + passphrasesStream = new FileInputStream(passphrasesFile); + + if (passphrasesStream != null) { + String truststorePassword = null; + Properties passphrasesProps = new Properties(); + passphrasesProps.load(passphrasesStream); + truststorePassword = passphrasesProps.getProperty("cadi_truststore_password"); + if (truststorePassword != null) { + truststorePassword = truststorePassword.trim(); + } + sslProps.put("server.ssl.trust-store-password", truststorePassword); + sslProps.put("schema.service.ssl.trust-store-password", truststorePassword); + } else { + logger.info("Not using AAF Certman passphrases file"); + } + } catch (IOException e) { + logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage()); + } finally { + if (passphrasesStream != null) { + try { + passphrasesStream.close(); + } catch (Exception e) { + } + } + } + } for (PropertySource<?> propertySource : environment.getPropertySources()) { Map<String, Object> propertyOverrides = new LinkedHashMap<>(); decodePasswords(propertySource, propertyOverrides); @@ -50,6 +115,12 @@ public class PropertyPasswordConfiguration implements ApplicationContextInitiali PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides); environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); } + + } + if (!sslProps.isEmpty()) { + logger.info("Using AAF Certman files"); + PropertySource<?> additionalProperties = new MapPropertySource("additionalProperties", sslProps); + environment.getPropertySources().addFirst(additionalProperties); } } diff --git a/aai-traversal/src/main/resources/application.properties b/aai-traversal/src/main/resources/application.properties index 1f57c7d..f44bed4 100644 --- a/aai-traversal/src/main/resources/application.properties +++ b/aai-traversal/src/main/resources/application.properties @@ -35,9 +35,15 @@ server.ssl.key-store-type=JKS # Start of Internal Specific Properties spring.profiles.active=production,one-way-ssl -server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore +### +server.certs.location=${server.local.startpath}etc/auth/ +server.keystore.name.pkcs12=aai_keystore +server.keystore.name=aai_keystore +server.truststore.name=aai_keystore +### +server.ssl.key-store=${server.certs.location}${server.keystore.name} server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.trust-store=${server.certs.location}${server.truststore.name} server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.version.list=v10,v11,v12,v13,v14,v15,v16 @@ -86,8 +92,9 @@ schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries -schema.service.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore -schema.service.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +schema.service.ssl.key-store=${server.certs.location}${server.keystore.name.pkcs12} +schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name} + schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.versions.override=false |