diff options
author | Skip Wonnell <kw5258@att.com> | 2017-08-15 12:43:03 -0500 |
---|---|---|
committer | Patrick Brady <pb071s@att.com> | 2017-08-16 13:21:29 -0700 |
commit | db75c0a0b305c86429a6940de4d56870d3daf5bf (patch) | |
tree | c4dc685d8a5600300fadd51f6e8463ab8cc8c51b /appc-config/appc-encryption-tool/provider/src/main | |
parent | 0500d5dbb363e74983d758288f1ac53ae763683d (diff) |
Initial commit for appc-encryption-tool bundle
appc-encryption-tool: module to retrieve and store
encryped credentials
Change-Id: I3d45c662c9d58dbeec2ab7fffb51658c9ee0d5d3
Signed-off-by: Skip Wonnell <kw5258@att.com>
Issue-Id: APPC-67
Diffstat (limited to 'appc-config/appc-encryption-tool/provider/src/main')
6 files changed, 596 insertions, 0 deletions
diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/EncryptionToolActivator.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/EncryptionToolActivator.java new file mode 100644 index 000000000..002450114 --- /dev/null +++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/EncryptionToolActivator.java @@ -0,0 +1,55 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP : APP-C + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.appc.encryptiontool; + +import java.util.LinkedList; +import java.util.List; +import java.util.Properties; + +import org.openecomp.appc.encryptiontool.wrapper.EncryptionToolDGWrapper; +import org.osgi.framework.BundleActivator; +import org.osgi.framework.BundleContext; +import org.osgi.framework.ServiceRegistration; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +public class EncryptionToolActivator implements BundleActivator { + + private static final EELFLogger log = EELFManager.getInstance().getLogger(EncryptionToolActivator.class); + private List<ServiceRegistration> registrations = new LinkedList<ServiceRegistration>(); + + @Override + public void start(BundleContext ctx) throws Exception { + EncryptionToolDGWrapper encryptionToolWrapper = new EncryptionToolDGWrapper(); + log.info("Registering service-- " + encryptionToolWrapper.getClass().getName()); + registrations.add(ctx.registerService(encryptionToolWrapper.getClass().getName(), encryptionToolWrapper, null)); + + } + + @Override + public void stop(BundleContext arg0) throws Exception { + for (ServiceRegistration registration : registrations) { + registration.unregister(); + registration = null; + } + } +} diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/Constants.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/Constants.java new file mode 100644 index 000000000..710b61a43 --- /dev/null +++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/Constants.java @@ -0,0 +1,33 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP : APP-C + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.appc.encryptiontool.wrapper; + +public class Constants +{ + + public static final String DBLIB_SERVICE = "org.openecomp.sdnctl.sli.resource.dblib.DBResourceManager"; + public static final String DEVICE_AUTHENTICATION="DEVICE_AUTHENTICATION"; + public static final String SCHEMA_SDNCTL="SDNCTL"; + + private static final String SDNC_CONFIG_DIR_VAR = "SDNC_CONFIG_DIR"; + + public static final String APPC_CONFIG_DIR="/opt/app/bvc/properties"; +} diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/DbServiceUtil.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/DbServiceUtil.java new file mode 100644 index 000000000..4f7630478 --- /dev/null +++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/DbServiceUtil.java @@ -0,0 +1,72 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP : APP-C + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.appc.encryptiontool.wrapper; + +import java.io.File; +import java.net.URL; +import java.sql.SQLException; +import java.util.ArrayList; +import java.util.Properties; + +import javax.sql.rowset.CachedRowSet; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import org.openecomp.sdnc.sli.resource.dblib.DBResourceManager; +import org.openecomp.sdnc.sli.resource.dblib.DbLibService; + +public class DbServiceUtil +{ + private static final Logger log = LoggerFactory + .getLogger(DbServiceUtil.class); + + private static Properties props; + private static DBResourceManager jdbcDataSource = null; + + public static boolean updateDB(String tableName, ArrayList inputArgs, + String scema, String whereClause, String setCluase) throws SQLException + { + String updatePasswordString = "update " + tableName + " set " + setCluase + " where " + whereClause ; + boolean result = jdbcDataSource.writeData(updatePasswordString, inputArgs,Constants.SCHEMA_SDNCTL); + return result; + } + + public static CachedRowSet getData(String tableName, ArrayList argList, String schema, + String getselectData, String getDataClasue ) throws SQLException + { + String selectQuery = "select " + getselectData + "from " + tableName + " where " + getDataClasue ; + CachedRowSet data = jdbcDataSource.getData(selectQuery, argList, schema); + return data; + } + + + public static DBResourceManager initDbLibService() throws Exception + { + props = new Properties(); + File file = new File("/opt/app/bvc/properties/dblib.properties"); + URL propURL = file.toURI().toURL(); + props.load(propURL.openStream()); + jdbcDataSource = DBResourceManager.create(props); + return jdbcDataSource; + } + +} diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/EncryptionTool.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/EncryptionTool.java new file mode 100644 index 000000000..3a1b25ffa --- /dev/null +++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/EncryptionTool.java @@ -0,0 +1,214 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP : APP-C + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.appc.encryptiontool.wrapper; + +import java.security.Provider; +import java.security.Provider.Service; +import java.security.Security; + +import javax.crypto.Cipher; + +import org.jasypt.contrib.org.apache.commons.codec_1_3.binary.Base64; +import org.jasypt.util.text.BasicTextEncryptor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * This class is used to encapsulate the encryption and decryption support in one place and to provide a utility to + * encrypt and decrypt data. + */ +public class EncryptionTool { + + /** + * This lock object is used ONLY if the singleton has not been set up. + */ + private static final Object lock = new Object(); + + /** + * The salt is used to initialize the PBE (password Based Encrpytion) algorithm. + */ + private static final byte[] DEFAULT_SALT = { + (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c, (byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99 + }; + + /** + * The prefix we insert onto any data we encrypt so that we can tell if it is encrpyted later and therefore decrypt + * it + */ + @SuppressWarnings("nls") + public static final String ENCRYPTED_VALUE_PREFIX = "enc:"; + + /** + * The instance of the encryption utility object + */ + private static EncryptionTool instance = null; + + /** + * The iteration count used to initialize the PBE algorithm and to generate the key spec + */ + private static final int ITERATION_COUNT = 20; + + /** + * The logger for this class. + */ + private static final Logger LOG = LoggerFactory.getLogger(EncryptionTool.class); + + /** + * The secret passphrase (PBE) that we use to perform encryption and decryption. The algorithm we are using is a + * symmetrical cipher. + */ + private static char[] secret = { + 'C', '_', 'z', 'l', '!', 'K', '!', '4', '?', 'O', 'z', 'E', 'K', 'E', '>', 'U', 'R', '/', '%', 'Y', '\\', 'f', + 'b', '"', 'e', 'n', '{', '"', 'l', 'U', 'F', '+', 'E', '\'', 'R', 'T', 'p', '1', 'V', '4', 'l', 'a', '9', 'w', + 'v', '5', 'Z', '#', 'i', 'V', '"', 'd', 'l', '!', 'L', 'M', 'g', 'L', 'Q', '{', 'v', 'v', 'K', 'V' + }; + + /** + * The algorithm to encrypt and decrpyt data is "Password (or passphrase) Based Encryption with Message Digest #5 + * and the Data Encryption Standard", i.e., PBEWithMD5AndDES. + */ + @SuppressWarnings("nls") + private static final String SECURITY_ALGORITHM = "PBEWITHMD5AND256BITAES";// "PBEWithMD5AndDES"; + + /** + * The decryption cipher object + */ + private Cipher decryptCipher = null; + + /** + * The encryption cipher object + */ + private Cipher encryptCipher = null; + + private BasicTextEncryptor encryptor; + + /** + * Get an instance of the EncryptionTool + * + * @return The encryption tool to be used + */ + public static final EncryptionTool getInstance() { + if (instance == null) { + synchronized (lock) { + if (instance == null) { + instance = new EncryptionTool(); + } + } + } + return instance; + } + + /** + * Create the EncryptionTool instance + */ + @SuppressWarnings("nls") + private EncryptionTool() { + // encryptor = new BasicTextEncryptor(); + // encryptor.setPassword(secret.toString()); + String out = "Found the following security algorithms:"; + for (Provider p : Security.getProviders()) { + for (Service s : p.getServices()) { + String algo = s.getAlgorithm(); + out += + String.format("\n -Algorithm [ %s ] in provider [ %s ] and service [ %s ]", algo, p.getName(), + s.getClassName()); + } + } + LOG.debug(out); + } + + /** + * Decrypt the provided encrypted text + * + * @param cipherText + * THe cipher text to be decrypted. If the ciphertext is not encrypted, then it is returned as is. + * @return the clear test of the (possibly) encrypted value. The original value if the string is not encrypted. + */ + @SuppressWarnings("nls") + public synchronized String decrypt(String cipherText) { + if (isEncrypted(cipherText)) { + String encValue = cipherText.substring(ENCRYPTED_VALUE_PREFIX.length()); + // return encryptor.decrypt(encValue); + byte[] plainByte = Base64.decodeBase64(encValue.getBytes()); + byte[] decryptByte = xorWithSecret(plainByte); + return new String(decryptByte); + } else { + return cipherText; + } + + } + + /** + * Encrypt the provided clear text + * + * @param clearText + * The clear text to be encrypted + * @return the encrypted text. If the clear text is empty (null or zero length), then an empty string is returned. + * If the clear text is already encrypted, it is not encrypted again and is returned as is. Otherwise, the + * clear text is encrypted and returned. + */ + @SuppressWarnings("nls") + public synchronized String encrypt(String clearText) { + if (clearText != null) { + byte[] encByte = xorWithSecret(clearText.getBytes()); + String encryptedValue = new String(Base64.encodeBase64(encByte)); + return ENCRYPTED_VALUE_PREFIX + encryptedValue; + } else { + return null; + } + } + + /** + * Is a value encrypted? A value is considered to be encrypted if it begins with the + * {@linkplain #ENCRYPTED_VALUE_PREFIX encrypted value prefix}. + * + * @param value + * the value to check. + * @return true/false; + */ + private static boolean isEncrypted(final String value) { + return value != null && value.startsWith(ENCRYPTED_VALUE_PREFIX); + } + + /** + * XORs the input byte array with the secret key, padding 0x0 to the end of the secret key if the input is longer + * and returns a byte array the same size as input + * + * @param inp + * The byte array to be XORed with secret + * @return A byte array the same size as inp or null if input is null. + */ + private byte[] xorWithSecret(byte[] inp) { + if (inp == null) { + return null; + } + + byte[] secretBytes = new String(secret).getBytes(); + int size = inp.length; + + byte[] out = new byte[size]; + for (int i = 0; i < size; i++) { + out[i] = (byte) ((inp[i]) ^ (secretBytes[i % secretBytes.length])); + } + return out; + } + +} diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/EncryptionToolDGWrapper.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/EncryptionToolDGWrapper.java new file mode 100644 index 000000000..3dde4e5c0 --- /dev/null +++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/EncryptionToolDGWrapper.java @@ -0,0 +1,80 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP : APP-C + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.appc.encryptiontool.wrapper; + +import java.util.Map; + +import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.commons.lang.StringUtils; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.openecomp.sdnc.sli.SvcLogicContext; +import org.openecomp.sdnc.sli.SvcLogicException; +import org.openecomp.sdnc.sli.SvcLogicJavaPlugin; + +public class EncryptionToolDGWrapper implements SvcLogicJavaPlugin { + + private static final EELFLogger log = EELFManager.getInstance().getLogger(EncryptionToolDGWrapper.class); + + public void runEncryption(Map<String, String> inParams, SvcLogicContext ctx) throws SvcLogicException + { + String responsePrefix = inParams.get("prefix"); + String userName = inParams.get("userName"); + String password = inParams.get("password"); + String vnf_type = inParams.get("vnf_type"); + + try{ + responsePrefix = StringUtils.isNotBlank(responsePrefix) ? (responsePrefix+".") : "" ; + if(StringUtils.isBlank(userName) || StringUtils.isBlank(password) || StringUtils.isBlank(vnf_type)){ + throw new Exception("username or Password is missing"); + } + + String [] input = new String[] {vnf_type,userName,password}; + WrapperEncryptionTool.main(input); + } + catch (Exception e) + { + throw new SvcLogicException(e.getMessage()); + } + + } + public void getProperty(Map<String, String> inParams, SvcLogicContext ctx) throws SvcLogicException + { + String responsePrefix = inParams.get("prefix"); + String propertyName = inParams.get("propertyName"); + + try{ + responsePrefix = StringUtils.isNotBlank(responsePrefix) ? (responsePrefix+".") : "" ; + PropertiesConfiguration conf = new PropertiesConfiguration(Constants.APPC_CONFIG_DIR + "/appc_southbound.properties"); + conf.setBasePath(null); + EncryptionTool et = EncryptionTool.getInstance(); + + ctx.setAttribute(responsePrefix + "propertyName", et.decrypt(conf.getProperty(propertyName).toString())); + } + catch (Exception e) { + ctx.setAttribute(responsePrefix + "status", "failure"); + ctx.setAttribute(responsePrefix + "error-message", e.getMessage()); + e.printStackTrace(); + throw new SvcLogicException(e.getMessage()); + } + } +} diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/WrapperEncryptionTool.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/WrapperEncryptionTool.java new file mode 100644 index 000000000..aa86149aa --- /dev/null +++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/openecomp/appc/encryptiontool/wrapper/WrapperEncryptionTool.java @@ -0,0 +1,142 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP : APP-C + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.appc.encryptiontool.wrapper; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.OutputStream; +import java.util.ArrayList; +import java.util.Properties; + +import javax.sql.rowset.CachedRowSet; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.apache.commons.configuration.PropertiesConfiguration; +import org.openecomp.sdnc.sli.resource.dblib.DBResourceManager; + +public class WrapperEncryptionTool { + + private static final Logger log = LoggerFactory + .getLogger(WrapperEncryptionTool.class); + + public static void main(String[] args) + { + int rowCount = 0; + String vnf_type=args[0]; + String user = args[1]; + String password = args[2]; + String action = args[3]; + String port = args[4]; + String url = args[5]; + + if("".equals(vnf_type)) + { + System.out.println("ERROR-VNF_TYPE can not be null"); + return; + } + if("".equals(user)) + { + System.out.println("ERROR-USER can not be null"); + return; + } + if("".equals(password)) + { + System.out.println("ERROR-PASSWORD can not be null"); + return; + } + + EncryptionTool encryptionTool = EncryptionTool.getInstance(); + String enPass = encryptionTool.encrypt(password); + + if(action != null && !action.isEmpty()){ + updateProperties(user,vnf_type , enPass, action, port, url); + return ; + } + + ArrayList<String> argList = new ArrayList<>(); + argList.add(vnf_type); + argList.add(user); + String clause = " vnf_type = ? and user_name = ? "; + String setClause = " password = ? "; + String getselectData = " * "; + DBResourceManager dbResourceManager = null; + try + { + dbResourceManager = DbServiceUtil.initDbLibService(); + CachedRowSet data = DbServiceUtil.getData(Constants.DEVICE_AUTHENTICATION, + argList, Constants.SCHEMA_SDNCTL, getselectData,clause ); + while(data.next()) + { + rowCount ++; + } + if(rowCount == 0) + log.info("APPC-MESSAGE: ERROR - No record Found for VNF_TYPE: " + vnf_type + ", User " + user ); + else + { + argList.clear(); + argList.add(enPass); + argList.add(vnf_type); + argList.add(user); + DbServiceUtil.updateDB(Constants.DEVICE_AUTHENTICATION, argList, + Constants.SCHEMA_SDNCTL, clause, setClause); + log.info("APPC-MESSAGE: Password Updated Successfully"); + } + } + catch (Exception e) + { + e.printStackTrace(); + log.info("APPC-MESSAGE:" + e.getMessage()); + } + finally + { + dbResourceManager.cleanUp(); + System.exit(0); + } + } + + private static void updateProperties(String user, String vnf_type, String password, + String action, String port, String url) { + + log.info("Received Inputs User:" + user + " vnf_type:" + vnf_type + " action:" + action ); + + String property = vnf_type + "." + action + "."; + + try { + PropertiesConfiguration conf = new PropertiesConfiguration(Constants.APPC_CONFIG_DIR + "/appc_southbound.properties"); + conf.setProperty(property + "user", user); + if(port != null && !port.isEmpty() ) + conf.setProperty(property + "port", port); + if(password != null && !password.isEmpty() ) + conf.setProperty(property + "password", password); + if(url != null && !url.isEmpty() ) + conf.setProperty(property + "url", url); + + conf.save(); + + } + catch (Exception e ) { + e.printStackTrace(); + log.info("APPC-MESSAGE:" + e.getMessage()); + } + + } +} |