From efaba4825cbe90116acf30b2117a790f5aec53aa Mon Sep 17 00:00:00 2001 From: "Kajur, Harish (vk250x)" Date: Mon, 23 Sep 2019 10:07:18 -0400 Subject: Update the code to read aaf generated passwords Issue-ID: AAI-2476 Change-Id: I7a13ef0556f9b73d1dda2526c1ef24e860f59dc9 Signed-off-by: Kajur, Harish (vk250x) --- .../aai/config/PropertyPasswordConfiguration.java | 87 ++++++++++++++++++++-- .../src/main/resources/application.properties | 15 +++- 2 files changed, 90 insertions(+), 12 deletions(-) (limited to 'aai-traversal') diff --git a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java index a4b4313..0d2ff88 100644 --- a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java +++ b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java @@ -19,30 +19,95 @@ */ package org.onap.aai.config; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; import java.util.LinkedHashMap; import java.util.Map; -import java.util.Optional; +import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.apache.commons.io.IOUtils; import org.springframework.context.ApplicationContextInitializer; import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.CompositePropertySource; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.core.env.EnumerablePropertySource; -import org.springframework.core.env.MapPropertySource; -import org.springframework.core.env.PropertySource; -import org.springframework.stereotype.Component; +import org.springframework.core.env.*; public class PropertyPasswordConfiguration implements ApplicationContextInitializer { private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); - private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); + private static final EELFLogger logger = EELFManager.getInstance().getLogger(PropertyPasswordConfiguration.class.getName()); @Override public void initialize(ConfigurableApplicationContext applicationContext) { ConfigurableEnvironment environment = applicationContext.getEnvironment(); + String certPath = environment.getProperty("server.certs.location"); + File passwordFile = null; + File passphrasesFile = null; + InputStream passwordStream = null; + InputStream passphrasesStream = null; + Map sslProps = new LinkedHashMap<>(); + + // Override the passwords from application.properties if we find AAF certman files + if (certPath != null) { + try { + passwordFile = new File(certPath + ".password"); + passwordStream = new FileInputStream(passwordFile); + + if (passwordStream != null) { + String keystorePassword = null; + + keystorePassword = IOUtils.toString(passwordStream); + if (keystorePassword != null) { + keystorePassword = keystorePassword.trim(); + } + sslProps.put("server.ssl.key-store-password", keystorePassword); + sslProps.put("schema.service.ssl.key-store-password", keystorePassword); + } else { + logger.info("Not using AAF Certman password file"); + } + } catch (IOException e) { + logger.warn("Not using AAF Certman password file, e=" + e.getMessage()); + } finally { + if (passwordStream != null) { + try { + passwordStream.close(); + } catch (Exception e) { + } + } + } + try { + passphrasesFile = new File(certPath + ".passphrases"); + passphrasesStream = new FileInputStream(passphrasesFile); + + if (passphrasesStream != null) { + String truststorePassword = null; + Properties passphrasesProps = new Properties(); + passphrasesProps.load(passphrasesStream); + truststorePassword = passphrasesProps.getProperty("cadi_truststore_password"); + if (truststorePassword != null) { + truststorePassword = truststorePassword.trim(); + } + sslProps.put("server.ssl.trust-store-password", truststorePassword); + sslProps.put("schema.service.ssl.trust-store-password", truststorePassword); + } else { + logger.info("Not using AAF Certman passphrases file"); + } + } catch (IOException e) { + logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage()); + } finally { + if (passphrasesStream != null) { + try { + passphrasesStream.close(); + } catch (Exception e) { + } + } + } + } for (PropertySource propertySource : environment.getPropertySources()) { Map propertyOverrides = new LinkedHashMap<>(); decodePasswords(propertySource, propertyOverrides); @@ -50,6 +115,12 @@ public class PropertyPasswordConfiguration implements ApplicationContextInitiali PropertySource decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides); environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); } + + } + if (!sslProps.isEmpty()) { + logger.info("Using AAF Certman files"); + PropertySource additionalProperties = new MapPropertySource("additionalProperties", sslProps); + environment.getPropertySources().addFirst(additionalProperties); } } diff --git a/aai-traversal/src/main/resources/application.properties b/aai-traversal/src/main/resources/application.properties index 1f57c7d..f44bed4 100644 --- a/aai-traversal/src/main/resources/application.properties +++ b/aai-traversal/src/main/resources/application.properties @@ -35,9 +35,15 @@ server.ssl.key-store-type=JKS # Start of Internal Specific Properties spring.profiles.active=production,one-way-ssl -server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore +### +server.certs.location=${server.local.startpath}etc/auth/ +server.keystore.name.pkcs12=aai_keystore +server.keystore.name=aai_keystore +server.truststore.name=aai_keystore +### +server.ssl.key-store=${server.certs.location}${server.keystore.name} server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +server.ssl.trust-store=${server.certs.location}${server.truststore.name} server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.version.list=v10,v11,v12,v13,v14,v15,v16 @@ -86,8 +92,9 @@ schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries -schema.service.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore -schema.service.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +schema.service.ssl.key-store=${server.certs.location}${server.keystore.name.pkcs12} +schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name} + schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.versions.override=false -- cgit 1.2.3-korg