From af22e3dbddd5b372e815970ff43cc73e29135218 Mon Sep 17 00:00:00 2001 From: Ryan Goulding Date: Thu, 17 Aug 2017 16:15:39 -0400 Subject: Fix service registration for SDNC Addresses the inherit race conditions associated with the BundleActivator abstraction. From lessons learned in OpenDaylight project, dependency injection and service injection via Aries Blueprint is faster, more deterministic, and has better error messaging than using BundleActivator(s). This change addresses several aspects: 1) DBLIBResourceActivator is changed to DBLIBResourceProvider. This was done in order to imply that this is no longer an Activator or subclass of an Activator. The class is a POJO. 2) DBLIBResourceProvider is split from a single monolithic method into several more manageable and better documented methods. 3) Documentation surrounding the resolution of the DB properties is added so that a developer can more easily identify the strategy (priority) used for resolving properties. 4) dblib-blueprint.xml is added. This is used to register the configuration bean (DBLIBResourceProvider), and pass it as an argument to the actual Service (DBLIBResourceManager). 5) Tests are added to test the functionality and resolution of the properties file loading. Issue-Id: SDNC-54 Change-Id: Ie9d5fb423ae7a67e9aec026c78321537399cc308 Signed-off-by: Ryan Goulding --- .../org/opendaylight/blueprint/dblib-blueprint.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml (limited to 'dblib/provider/src/main/resources/org') diff --git a/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml b/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml new file mode 100644 index 000000000..ee3e0f033 --- /dev/null +++ b/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + \ No newline at end of file -- cgit 1.2.3-korg From 38f77425e9515b061f7eca1683fc85c42997619a Mon Sep 17 00:00:00 2001 From: Rich Tabedzki Date: Thu, 28 Sep 2017 03:00:10 +0000 Subject: Refined DBLIB blueprint configuration Changes made: 1. updated DBLibService definition by registering service on two interfaces: a) javax.sql.DataSource b) org.onap.ccsdk.sli.core.dblib.DbLibService Change-Id: If187b07db83ebca5428c809a83f546d9178a2b7f Issue-ID: CCSDK-102 Signed-off-by: Rich Tabedzki --- .../main/resources/org/opendaylight/blueprint/dblib-blueprint.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) mode change 100644 => 100755 dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml (limited to 'dblib/provider/src/main/resources/org') diff --git a/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml b/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml old mode 100644 new mode 100755 index ee3e0f033..f1d5166db --- a/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml +++ b/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml @@ -8,6 +8,11 @@ - + + + javax.sql.DataSource + org.onap.ccsdk.sli.core.dblib.DbLibService + + \ No newline at end of file -- cgit 1.2.3-korg From 972b25417e2851486940ca93d73763026eaa13b6 Mon Sep 17 00:00:00 2001 From: Rich Tabedzki Date: Tue, 8 May 2018 11:27:50 -0400 Subject: Provide support for properties encryption Changes made: * Implemented code to decrypt password field in property file Change-Id: I97e5f93fd1f8383c1e2a1e6170489dc1db9d6337 Issue-ID: CCSDK-182 Signed-off-by: Rich Tabedzki --- dblib/provider/pom.xml | 5 ++ .../sli/core/dblib/DBLIBResourceProvider.java | 56 ++++++++++++++++++++++ .../onap/ccsdk/sli/core/dblib/EncShellCommand.java | 48 +++++++++++++++++++ .../org/opendaylight/blueprint/dblib-blueprint.xml | 6 +++ 4 files changed, 115 insertions(+) mode change 100644 => 100755 dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/DBLIBResourceProvider.java create mode 100755 dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/EncShellCommand.java (limited to 'dblib/provider/src/main/resources/org') diff --git a/dblib/provider/pom.xml b/dblib/provider/pom.xml index 3eaefd067..9bf898f51 100755 --- a/dblib/provider/pom.xml +++ b/dblib/provider/pom.xml @@ -82,5 +82,10 @@ mockito-core test + + org.apache.karaf.shell + org.apache.karaf.shell.console + 3.0.8 + diff --git a/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/DBLIBResourceProvider.java b/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/DBLIBResourceProvider.java old mode 100644 new mode 100755 index ddfb73316..6d36d6389 --- a/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/DBLIBResourceProvider.java +++ b/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/DBLIBResourceProvider.java @@ -23,6 +23,7 @@ package org.onap.ccsdk.sli.core.dblib; import java.io.File; import java.io.FileInputStream; import java.io.IOException; +import java.lang.reflect.Method; import java.util.Optional; import java.util.Properties; import java.util.Vector; @@ -32,6 +33,9 @@ import org.onap.ccsdk.sli.core.utils.KarafRootFileResolver; import org.onap.ccsdk.sli.core.utils.PropertiesFileResolver; import org.onap.ccsdk.sli.core.utils.common.CoreDefaultFileResolver; import org.onap.ccsdk.sli.core.utils.common.SdncConfigEnvVarFileResolver; +import org.osgi.framework.BundleContext; +import org.osgi.framework.FrameworkUtil; +import org.osgi.framework.ServiceReference; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -45,6 +49,12 @@ import org.slf4j.LoggerFactory; *
  • A directory identified by the JRE argument dblib.properties
  • *
  • A dblib.properties file located in the karaf root directory
  • * + * + * Encryption Support + *
      + *
    1. Uses ecryption provided by AAAEncryptionService
    2. + *
    3. AAA Configuration file is aaa-cert-config.xml
    4. + *
    */ public class DBLIBResourceProvider { @@ -55,6 +65,8 @@ public class DBLIBResourceProvider { */ private static final String DBLIB_PROP_FILE_NAME = "dblib.properties"; + private static final String DBLIB_PROPERTY_NAME = "org.onap.ccsdk.sli.jdbc.password"; + /** * A prioritized list of strategies for resolving dblib properties files. */ @@ -87,6 +99,20 @@ public class DBLIBResourceProvider { try(FileInputStream fileInputStream = new FileInputStream(propertiesFile)) { properties = new Properties(); properties.load(fileInputStream); + + if(properties.containsKey(DBLIB_PROPERTY_NAME)) { + String sensitive = properties.getProperty(DBLIB_PROPERTY_NAME); + if(sensitive != null && sensitive.startsWith("ENC:")) { + try { + sensitive = sensitive.substring(4); + String postsense = decrypt(sensitive); + properties.setProperty(DBLIB_PROPERTY_NAME, postsense); + } catch(Exception exc) { + LOG.error("Failed to translate property", exc); + } + } + } + } catch (final IOException e) { LOG.error("Failed to load properties for file: {}", propertiesFile.toString(), new DblibConfigurationException("Failed to load properties for file: " @@ -95,6 +121,36 @@ public class DBLIBResourceProvider { } } + /** + * + * @param value + * @return decrypted string if successful or the original value if unsuccessful + */ + private String decrypt(String value) { + try { + BundleContext bctx = FrameworkUtil.getBundle(this.getClass()).getBundleContext(); + + ServiceReference sref = bctx.getServiceReference("org.opendaylight.aaa.encrypt.AAAEncryptionService"); + if(sref == null) { + LOG.warn("Could not acquire service reference for 'org.opendaylight.aaa.encrypt.AAAEncryptionService'"); + return value; + } + Object encrSvc = bctx.getService(sref); + if(encrSvc == null) { + LOG.warn("Could not access service for 'org.opendaylight.aaa.encrypt.AAAEncryptionService'"); + return value; + } + + Method gs2Method = encrSvc.getClass().getMethod("decrypt", new Class[] { "".getClass() }); + Object unmasked = gs2Method.invoke(encrSvc, new Object[] { value }); + return unmasked.toString(); + + } catch (Exception exc) { + LOG.error("Failure", exc); + return value; + } + } + /** * Extract db config properties. * diff --git a/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/EncShellCommand.java b/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/EncShellCommand.java new file mode 100755 index 000000000..eaa5700c9 --- /dev/null +++ b/dblib/provider/src/main/java/org/onap/ccsdk/sli/core/dblib/EncShellCommand.java @@ -0,0 +1,48 @@ +package org.onap.ccsdk.sli.core.dblib; + +import java.lang.reflect.Method; + +/** + * https://karaf.apache.org/manual/latest-2.x/developers-guide/extending-console.html + * https://github.com/apache/karaf/tree/master/shell/console/src/main/java/org/apache/felix/gogo/commands + */ +import org.apache.karaf.shell.commands.Argument; +import org.apache.karaf.shell.commands.Command; +import org.apache.karaf.shell.console.OsgiCommandSupport; +import org.osgi.framework.BundleContext; +import org.osgi.framework.FrameworkUtil; +import org.osgi.framework.ServiceReference; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@Command(scope = "dblib", name = "encode", description="Says hello") +public class EncShellCommand extends OsgiCommandSupport { + private static Logger LOGGER = LoggerFactory.getLogger(EncShellCommand.class); + + @Argument(index = 0, name = "arg", description = "The command argument", required = true, multiValued = false) + String arg = null; + + @Override + protected Object doExecute() throws Exception { + System.out.println(String.format("Original value: %s", arg)); + System.out.println(String.format("Encrypted value: %s", encrypt(arg))); + return null; + } + + private String encrypt(String value) { + try { + BundleContext bctx = FrameworkUtil.getBundle(this.getClass()).getBundleContext(); + + ServiceReference sref = bctx.getServiceReference("org.opendaylight.aaa.encrypt.AAAEncryptionService"); + Object encrSvc = bctx.getService(sref); + + Method gs2Method = encrSvc.getClass().getMethod("encrypt", new Class[] { "".getClass() }); + Object unmasked = gs2Method.invoke(encrSvc, new Object[] { value }); + return String.format("ENC:%s", unmasked.toString()); + + } catch (Exception exc) { + LOGGER.error("Failure", exc); + return value; + } + } +} \ No newline at end of file diff --git a/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml b/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml index f1d5166db..d9bb99c07 100755 --- a/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml +++ b/dblib/provider/src/main/resources/org/opendaylight/blueprint/dblib-blueprint.xml @@ -15,4 +15,10 @@
    + + + + + + \ No newline at end of file -- cgit 1.2.3-korg