aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVijay Venkatesh Kumar <vv770d@att.com>2018-12-12 21:25:56 +0000
committerGerrit Code Review <gerrit@onap.org>2018-12-12 21:25:56 +0000
commit142a1d4d8177e86eac9e1e534708c6e8cc9d4c22 (patch)
tree57487f99433255d64e40eadeabb3dab2902257ef
parent713bb43a00682ebaeb1ada4eb27af965a8d7d56d (diff)
parent27b6e6483e73e37a235b8160ad9a1c9f3f68d5ea (diff)
Merge "Remove clear text password"
Diffstat
-rw-r--r--README.md8
-rwxr-xr-xetc/collector.properties4
-rw-r--r--src/main/java/org/onap/dcae/ApplicationSettings.java6
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java15
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiConfiguration.java1
-rw-r--r--src/test/java/org/onap/dcae/ApplicationSettingsTest.java4
-rw-r--r--src/test/java/org/onap/dcae/TLSTest.java2
-rw-r--r--src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java4
8 files changed, 28 insertions, 16 deletions
diff --git a/README.md b/README.md
index 09037680..f77ca227 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,14 @@ Run the image using docker-compose.yml
docker-compose up
```
+### Generate auth credential
+
+Util "crypt_password.py" to generate new cryptographic password is stored in dcaegen2/sdk
+
+```
+python crypt_password.py -p TestPassword
+```
+
### Environment variables in Docker Container
Most of the configuration of how VESCollector should be started and managed is done through environment variables.
Some of them are set during the image build process and some of them are defined manually or by
diff --git a/etc/collector.properties b/etc/collector.properties
index 475c49b0..d0c90695 100755
--- a/etc/collector.properties
+++ b/etc/collector.properties
@@ -60,9 +60,9 @@ collector.dmaapfile=./etc/DmaapConfig.json
## To disable enter 0
header.authflag=0
-## Combination of userid,base64 encoded pwd list to be supported
+## Combination of userid,hashPassword encoded pwd list to be supported
## userid and pwd comma separated; pipe delimitation between each pair
-header.authlist=sample1,c2FtcGxlMQ==
+header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6
## Event transformation Flag - when set expects configurable transformation
## defined under ./etc/eventTransform.json
diff --git a/src/main/java/org/onap/dcae/ApplicationSettings.java b/src/main/java/org/onap/dcae/ApplicationSettings.java
index ead148c4..f140def2 100644
--- a/src/main/java/org/onap/dcae/ApplicationSettings.java
+++ b/src/main/java/org/onap/dcae/ApplicationSettings.java
@@ -90,8 +90,10 @@ public class ApplicationSettings {
}
private Map<String, String> prepareUsersMap(@Nullable String allowedUsers) {
- return allowedUsers == null ? HashMap.empty() : List.ofAll(stream(allowedUsers.split("\\|")))
- .toMap(t -> t.split(",")[0].trim(), t -> new String(Base64.getDecoder().decode(t.split(",")[1])).trim());
+ return allowedUsers == null ? HashMap.empty()
+ : List.of(allowedUsers.split("\\|"))
+ .map(t->t.split(","))
+ .toMap(t-> t[0].trim(), t -> t[1].trim());
}
private String findOutConfigurationFileLocation(Map<String, String> parsedArgs) {
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 8061ec5a..6b5a64aa 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -20,19 +20,20 @@
package org.onap.dcae.restapi;
import io.vavr.control.Option;
+import java.io.IOException;
+import java.util.Base64;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Base64;
-
final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
+ private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private final ApplicationSettings applicationSettings;
private Logger errorLog;
@@ -65,11 +66,11 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
String providedPassword = decodedData.split(":")[1].trim();
Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
boolean userRegistered = maybeSavedPassword.isDefined();
- return userRegistered && maybeSavedPassword.get().equals(providedPassword);
+ return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {
LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
authorizationHeader), e);
return false;
}
}
-}
+} \ No newline at end of file
diff --git a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java
index 9ebb5394..c44e0d45 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java
@@ -32,6 +32,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@Configuration
public class ApiConfiguration implements WebMvcConfigurer {
+
private final ApplicationSettings applicationSettings;
private Logger errorLogger;
diff --git a/src/test/java/org/onap/dcae/ApplicationSettingsTest.java b/src/test/java/org/onap/dcae/ApplicationSettingsTest.java
index 55160ff5..0e91bc70 100644
--- a/src/test/java/org/onap/dcae/ApplicationSettingsTest.java
+++ b/src/test/java/org/onap/dcae/ApplicationSettingsTest.java
@@ -389,8 +389,8 @@ public class ApplicationSettingsTest {
).validAuthorizationCredentials();
// then
- assertEquals(allowedUsers.get("pasza").get(), "simplepassword");
- assertEquals(allowedUsers.get("someoneelse").get(), "simplepassword");
+ assertEquals(allowedUsers.get("pasza").get(), "c2ltcGxlcGFzc3dvcmQNCg==");
+ assertEquals(allowedUsers.get("someoneelse").get(), "c2ltcGxlcGFzc3dvcmQNCg==");
}
@Test
diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java
index 63099b7d..c73bb53b 100644
--- a/src/test/java/org/onap/dcae/TLSTest.java
+++ b/src/test/java/org/onap/dcae/TLSTest.java
@@ -113,7 +113,7 @@ public class TLSTest extends TLSTestBase {
when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString());
when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString());
when(settings.authorizationEnabled()).thenReturn(true);
- when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, PASSWORD));
+ when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, "$2a$10$51tDgG2VNLde5E173Ay/YO.Fq.aD.LR2Rp8pY3QAKriOSPswvGviy"));
}
}
diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
index cb4d334c..569fd969 100644
--- a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
+++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
@@ -139,9 +139,9 @@ public class ApiAuthInterceptionTest {
public void shouldSucceed() throws IOException {
// given
final HttpServletRequest request = createRequestWithAuthorizationHeader();
-
when(settings.authorizationEnabled()).thenReturn(true);
- when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+ when(settings.validAuthorizationCredentials()).thenReturn(
+ HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G"));
when(response.getWriter()).thenReturn(writer);
// when