From 434170f50621917a7fb2cbe7c7b01c4b29a8211e Mon Sep 17 00:00:00 2001 From: "Determe, Sebastien (sd378r)" Date: Mon, 30 Oct 2017 18:50:37 +0100 Subject: Add encryption for passwords Add encrypted password on all values specified in the properties files, unit tests have been reworked. Change-Id: I619ff67fe1025f69af733b776f055914f949f26a Issue-ID: CLAMP-64 Signed-off-by: Determe, Sebastien (sd378r) --- .../clamp/clds/client/DcaeInventoryServices.java | 30 ++- .../onap/clamp/clds/client/SdcCatalogServices.java | 191 ++++++++--------- .../onap/clamp/clds/client/SdcSendReqDelegate.java | 48 ++--- .../org/onap/clamp/clds/client/req/SdcReq.java | 91 +++++--- .../clds/config/CamundaEngineConfiguration.java | 13 +- .../onap/clamp/clds/config/CldsConfiguration.java | 14 +- .../org/onap/clamp/clds/service/CldsService.java | 231 +++++++++------------ .../onap/clamp/clds/service/SecureServiceBase.java | 47 +++-- .../java/org/onap/clamp/clds/util/CryptoUtils.java | 116 +++++++++++ .../clds/workflow/ProcessRequestDelegate.java | 22 +- 10 files changed, 460 insertions(+), 343 deletions(-) create mode 100644 src/main/java/org/onap/clamp/clds/util/CryptoUtils.java (limited to 'src/main/java') diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java index 8f80e07ca..71e57ded9 100644 --- a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java +++ b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java @@ -32,6 +32,7 @@ import java.io.IOException; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; +import java.security.GeneralSecurityException; import java.util.Date; import java.util.List; @@ -52,34 +53,37 @@ import org.onap.clamp.clds.util.LoggingUtils; import org.springframework.beans.factory.annotation.Autowired; /** + * * This class implements the communication with DCAE for the service inventory. * + * + * */ public class DcaeInventoryServices { protected static final EELFLogger logger = EELFManager.getInstance().getLogger(DcaeInventoryServices.class); protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - @Autowired private RefProp refProp; - @Autowired private CldsDao cldsDao; - @Autowired private SdcCatalogServices sdcCatalogServices; /** + * * Set the event inventory. * * @param cldsModel * The CldsModel * @param userId * The user ID + * @throws GeneralSecurityException + * In case of issue when decryting the DCAE password * @throws ParseException - * In case of issues during the parsing of DCAE answer + * In case of DCAE Json parse exception */ - public void setEventInventory(CldsModel cldsModel, String userId) throws ParseException { + public void setEventInventory(CldsModel cldsModel, String userId) throws GeneralSecurityException, ParseException { String artifactName = cldsModel.getControlName(); DcaeEvent dcaeEvent = new DcaeEvent(); String isDcaeInfoAvailable = null; @@ -90,8 +94,11 @@ public class DcaeInventoryServices { } try { /* + * * Below are the properties required for calling the dcae inventory + * * url call + * */ ModelProperties prop = new ModelProperties(cldsModel.getName(), cldsModel.getControlName(), null, false, "{}", cldsModel.getPropText()); @@ -105,11 +112,9 @@ public class DcaeInventoryServices { } /* Invemtory service url is called in this method */ isDcaeInfoAvailable = getDcaeInformation(artifactName, serviceUuid, resourceUuid); - /* set dcae events */ dcaeEvent.setArtifactName(artifactName); dcaeEvent.setEvent(DcaeEvent.EVENT_DISTRIBUTION); - } catch (JsonProcessingException e) { logger.error("Error during JSON decoding", e); } catch (IOException ex) { @@ -159,6 +164,7 @@ public class DcaeInventoryServices { * In case of issues with the stream * @throws ParseException * In case of issues with the Json parsing + * */ public String getDcaeInformation(String artifactName, String serviceUuid, String resourceUuid) throws IOException, ParseException { @@ -167,28 +173,22 @@ public class DcaeInventoryServices { String queryString = "?sdcResourceId=" + resourceUuid + "&sdcServiceId=" + serviceUuid + "&typeName=" + artifactName; String fullUrl = refProp.getStringValue("DCAE_INVENTORY_URL") + "/dcae-service-types" + queryString; - logger.info("Dcae Inventory Service full url - " + fullUrl); String daceInventoryResponse = null; URL inventoryUrl = new URL(fullUrl); - HttpURLConnection conn = (HttpURLConnection) inventoryUrl.openConnection(); conn.setRequestMethod("GET"); String reqid = LoggingUtils.getRequestId(); logger.info("reqid set to " + reqid); conn.setRequestProperty("X-ECOMP-RequestID", reqid); - boolean requestFailed = true; int responseCode = conn.getResponseCode(); if (responseCode == 200) { requestFailed = false; } - StringBuilder response = new StringBuilder(); - try (BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()))) { String inputLine = null; - while ((inputLine = in.readLine()) != null) { response.append(inputLine); } @@ -203,11 +203,8 @@ public class DcaeInventoryServices { String jsonResponseString = response.toString(); JSONParser parser = new JSONParser(); Object obj0 = parser.parse(jsonResponseString); - JSONObject jsonObj = (JSONObject) obj0; - Long totalCount = (Long) jsonObj.get("totalCount"); - int numServices = totalCount.intValue(); if (numServices == 0) { daceInventoryResponse = null; @@ -221,5 +218,4 @@ public class DcaeInventoryServices { metricsLogger.info("getDcaeInformation complete: number services returned=" + numServices); return daceInventoryResponse; } - } diff --git a/src/main/java/org/onap/clamp/clds/client/SdcCatalogServices.java b/src/main/java/org/onap/clamp/clds/client/SdcCatalogServices.java index 56f296184..36265e837 100644 --- a/src/main/java/org/onap/clamp/clds/client/SdcCatalogServices.java +++ b/src/main/java/org/onap/clamp/clds/client/SdcCatalogServices.java @@ -40,6 +40,7 @@ import java.io.Reader; import java.io.StringReader; import java.net.HttpURLConnection; import java.net.URL; +import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.Collections; import java.util.Date; @@ -71,14 +72,16 @@ import org.onap.clamp.clds.util.LoggingUtils; import org.springframework.beans.factory.annotation.Autowired; public class SdcCatalogServices { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SdcCatalogServices.class); - protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - - private static final String RESOURCE_VF_TYPE = "VF"; - private static final String RESOURCE_VFC_TYPE = "VFC"; - + protected static final EELFLogger logger = EELFManager.getInstance() + .getLogger(SdcCatalogServices.class); + protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); + private static final String RESOURCE_VF_TYPE = "VF"; + private static final String RESOURCE_VFC_TYPE = "VFC"; + private static final String RESOURCE_CVFC_TYPE = "CVFC"; @Autowired private RefProp refProp; + @Autowired + private SdcReq sdcReq; /** * This method get the SDC services Information with the corresponding @@ -87,31 +90,29 @@ public class SdcCatalogServices { * @param uuid * The service UUID * @return A Json String with all the service list + * @throws GeneralSecurityException + * In case of issue when decryting the SDC password */ - public String getSdcServicesInformation(String uuid) { + public String getSdcServicesInformation(String uuid) throws GeneralSecurityException { Date startTime = new Date(); String baseUrl = refProp.getStringValue("sdc.serviceUrl"); - String basicAuth = SdcReq.getSdcBasicAuth(refProp); + String basicAuth = sdcReq.getSdcBasicAuth(); LoggingUtils.setTargetContext("SDC", "getSdcServicesInformation"); - try { String url = baseUrl; if (uuid != null) { url = baseUrl + "/" + uuid + "/metadata"; } URL urlObj = new URL(url); - HttpURLConnection conn = (HttpURLConnection) urlObj.openConnection(); - conn.setRequestProperty(refProp.getStringValue("sdc.InstanceID"), "CLAMP-Tool"); conn.setRequestProperty("Authorization", basicAuth); conn.setRequestProperty("Content-Type", "application/json;charset=UTF-8"); conn.setRequestProperty("X-ECOMP-RequestID", LoggingUtils.getRequestId()); conn.setRequestMethod("GET"); - String resp = getResponse(conn); if (resp != null) { - logger.info(resp); + logger.info(resp); // metrics log LoggingUtils.setResponseContext("0", "Get sdc services success", this.getClass().getName()); return resp; @@ -124,13 +125,12 @@ public class SdcCatalogServices { LoggingUtils.setTimeContext(startTime, new Date()); metricsLogger.info("getSdcServicesInformation complete"); } - return ""; } /** * To remove duplicate serviceUUIDs from sdc services List. - * + * * @param rawCldsSdcServiceList * A list of CldsSdcServiceInfo * @return A list of CldsSdcServiceInfo without duplicate service UUID @@ -159,7 +159,7 @@ public class SdcCatalogServices { /** * To remove duplicate serviceUUIDs from sdc resources List. - * + * * @param rawCldsSdcResourceList * @return */ @@ -187,7 +187,7 @@ public class SdcCatalogServices { /** * To remove duplicate basic resources with same resourceUUIDs. - * + * * @param rawCldsSdcResourceListBasicList * @return */ @@ -217,12 +217,14 @@ public class SdcCatalogServices { /** * To get ServiceUUID by using serviceInvariantUUID. - * + * * @param invariantId * The invariant ID * @return The service UUID + * @throws GeneralSecurityException + * In case of issue when decryting the SDC password */ - public String getServiceUuidFromServiceInvariantId(String invariantId) { + public String getServiceUuidFromServiceInvariantId(String invariantId) throws GeneralSecurityException { String serviceUuid = ""; String responseStr = getSdcServicesInformation(null); List rawCldsSdcServicesList = getCldsSdcServicesListFromJson(responseStr); @@ -241,7 +243,7 @@ public class SdcCatalogServices { /** * To get CldsAsdsServiceInfo class by parsing json string. - * + * * @param jsonStr * The Json string that must be decoded * @return The list of CldsSdcServiceInfo, if there is a failure it return @@ -274,7 +276,6 @@ public class SdcCatalogServices { if (StringUtils.isBlank(jsonStr)) { return new ArrayList<>(); } - try { return objectMapper.readValue(jsonStr, objectMapper.getTypeFactory().constructCollectionType(List.class, CldsSdcResourceBasicInfo.class)); @@ -286,7 +287,7 @@ public class SdcCatalogServices { /** * To get CldsAsdsResource class by parsing json string. - * + * * @param jsonStr * @return * @throws IOException @@ -298,7 +299,7 @@ public class SdcCatalogServices { /** * To get CldsSdcServiceDetail by parsing json string. - * + * * @param jsonStr * @return */ @@ -314,22 +315,24 @@ public class SdcCatalogServices { /** * To upload artifact to sdc based on serviceUUID and resource name on url. - * + * * @param prop * @param userid * @param url * @param formattedSdcReq * @return + * @throws GeneralSecurityException */ - public String uploadArtifactToSdc(ModelProperties prop, String userid, String url, String formattedSdcReq) { + public String uploadArtifactToSdc(ModelProperties prop, String userid, String url, String formattedSdcReq) + throws GeneralSecurityException { // Verify whether it is triggered by Validation Test button from UI if (prop.isTest()) { return "sdc artifact upload not executed for test action"; } try { logger.info("userid=" + userid); - String md5Text = SdcReq.calculateMD5ByString(formattedSdcReq); - byte[] postData = SdcReq.stringToByteArray(formattedSdcReq); + String md5Text = sdcReq.calculateMD5ByString(formattedSdcReq); + byte[] postData = sdcReq.stringToByteArray(formattedSdcReq); int postDataLength = postData.length; HttpURLConnection conn = getSdcHttpUrlConnection(userid, postDataLength, url, md5Text); try (DataOutputStream wr = new DataOutputStream(conn.getOutputStream())) { @@ -341,7 +344,6 @@ public class SdcCatalogServices { if (responseCode == 200) { requestFailed = false; } - String responseStr = getResponse(conn); if (responseStr != null && requestFailed) { logger.error("requestFailed - responseStr=" + responseStr); @@ -352,13 +354,13 @@ public class SdcCatalogServices { logger.error("Exception when attempting to communicate with SDC", e); throw new SdcCommunicationException("Exception when attempting to communicate with SDC", e); } - } - private HttpURLConnection getSdcHttpUrlConnection(String userid, int postDataLength, String url, String md5Text) { + private HttpURLConnection getSdcHttpUrlConnection(String userid, int postDataLength, String url, String md5Text) + throws GeneralSecurityException { try { logger.info("userid=" + userid); - String basicAuth = SdcReq.getSdcBasicAuth(refProp); + String basicAuth = sdcReq.getSdcBasicAuth(); String sdcXonapInstanceId = refProp.getStringValue("sdc.sdcX-InstanceID"); URL urlObj = new URL(url); HttpURLConnection conn = (HttpURLConnection) urlObj.openConnection(); @@ -426,7 +428,14 @@ public class SdcCatalogServices { } } - public boolean isCldsSdcCacheDataExpired(CldsServiceData cldsServiceData) { + /** + * Check if the SDC Info in cache has expired. + * + * @param cldsServiceData + * @return + * @throws GeneralSecurityException + */ + public boolean isCldsSdcCacheDataExpired(CldsServiceData cldsServiceData) throws GeneralSecurityException { boolean expired = false; if (cldsServiceData != null && cldsServiceData.getServiceUUID() != null) { String cachedServiceUuid = cldsServiceData.getServiceUUID(); @@ -442,7 +451,16 @@ public class SdcCatalogServices { return expired; } - public CldsServiceData getCldsServiceDataWithAlarmConditions(String invariantServiceUuid) { + /** + * Get the Service Data with Alarm Conditions for a given + * invariantServiceUuid. + * + * @param invariantServiceUuid + * @return + * @throws GeneralSecurityException + */ + public CldsServiceData getCldsServiceDataWithAlarmConditions(String invariantServiceUuid) + throws GeneralSecurityException { String url = refProp.getStringValue("sdc.serviceUrl"); String catalogUrl = refProp.getStringValue("sdc.catalog.url"); String serviceUuid = getServiceUuidFromServiceInvariantId(invariantServiceUuid); @@ -460,7 +478,6 @@ public class SdcCatalogServices { } cldsServiceData.setServiceUUID(cldsSdcServiceDetail.getUuid()); cldsServiceData.setServiceInvariantUUID(cldsSdcServiceDetail.getInvariantUUID()); - // To remove duplicate resources from serviceDetail and add valid // vfs to service if (cldsSdcServiceDetail != null && cldsSdcServiceDetail.getResources() != null) { @@ -488,13 +505,15 @@ public class SdcCatalogServices { return cldsServiceData; } - private void getAllVfcForVfList(List cldsVfDataList, String catalogUrl) { + private void getAllVfcForVfList(List cldsVfDataList, String catalogUrl) + throws GeneralSecurityException { // todo : refact this.. if (cldsVfDataList != null && !cldsVfDataList.isEmpty()) { List allVfResources = getAllSdcVForVfcResourcesBasedOnResourceType( RESOURCE_VF_TYPE); List allVfcResources = getAllSdcVForVfcResourcesBasedOnResourceType( RESOURCE_VFC_TYPE); + allVfcResources.addAll(getAllSdcVForVfcResourcesBasedOnResourceType(RESOURCE_CVFC_TYPE)); for (CldsVfData currCldsVfData : cldsVfDataList) { if (currCldsVfData != null && currCldsVfData.getVfInvariantResourceUUID() != null) { String resourceUuid = getResourceUuidFromResourceInvariantUuid( @@ -507,7 +526,6 @@ public class SdcCatalogServices { // associated with the VF's List cldsVfKPIDataList = getFieldPathFromVF(vfResponse); currCldsVfData.setCldsKPIList(cldsVfKPIDataList); - List vfcDataListFromVfResponse = getVfcDataListFromVfResponse(vfResponse); if (vfcDataListFromVfResponse != null) { currCldsVfData.setCldsVfcs(vfcDataListFromVfResponse); @@ -547,7 +565,7 @@ public class SdcCatalogServices { } } - private List getVfcDataListFromVfResponse(String vfResponse) { + private List getVfcDataListFromVfResponse(String vfResponse) throws GeneralSecurityException { ObjectMapper mapper = new ObjectMapper(); ObjectNode vfResponseNode; try { @@ -570,6 +588,11 @@ public class SdcCatalogServices { currCldsVfcData.setVfcInvariantResourceUUID(vfcInvariantResourceUuid.textValue()); cldsVfcDataList.add(currCldsVfcData); } else if (resourceTypeNode != null && "CVFC".equalsIgnoreCase(resourceTypeNode.textValue())) { + TextNode vfcResourceName = (TextNode) currVfcNode.get("resourceInstanceName"); + TextNode vfcInvariantResourceUuid = (TextNode) currVfcNode.get("resourceInvariantUUID"); + currCldsVfcData.setVfcName(vfcResourceName.textValue()); + currCldsVfcData.setVfcInvariantResourceUUID(vfcInvariantResourceUuid.textValue()); + cldsVfcDataList.add(currCldsVfcData); cldsVfcDataList.addAll(getVFCfromCVFC(currVfcNode.get("resourceUUID").textValue())); } } @@ -577,10 +600,9 @@ public class SdcCatalogServices { return cldsVfcDataList; } - private List getVFCfromCVFC(String resourceUUID) { + private List getVFCfromCVFC(String resourceUUID) throws GeneralSecurityException { String catalogUrl = refProp.getStringValue("sdc.catalog.url"); List cldsVfcDataList = new ArrayList<>(); - if (resourceUUID != null) { String vfcResourceUUIDUrl = catalogUrl + "resources" + "/" + resourceUUID + "/metadata"; try { @@ -588,7 +610,6 @@ public class SdcCatalogServices { ObjectMapper mapper = new ObjectMapper(); ObjectNode vfResponseNode = (ObjectNode) mapper.readTree(vfcResponse); ArrayNode vfcArrayNode = (ArrayNode) vfResponseNode.get("resources"); - if (vfcArrayNode != null) { for (JsonNode vfcjsonNode : vfcArrayNode) { CldsVfcData currCldsVfcData = new CldsVfcData(); @@ -614,7 +635,7 @@ public class SdcCatalogServices { return (id != null) ? id.replaceAll("\"", "") : ""; } - private List getAlarmCondtionsFromVfc(String vfcResponse) { + private List getAlarmCondtionsFromVfc(String vfcResponse) throws GeneralSecurityException { List cldsAlarmConditionList = new ArrayList<>(); ObjectMapper mapper = new ObjectMapper(); ObjectNode vfcResponseNode; @@ -625,7 +646,6 @@ public class SdcCatalogServices { return cldsAlarmConditionList; } ArrayNode artifactsArrayNode = (ArrayNode) vfcResponseNode.get("artifacts"); - if (artifactsArrayNode != null && artifactsArrayNode.size() > 0) { for (int index = 0; index < artifactsArrayNode.size(); index++) { ObjectNode currArtifactNode = (ObjectNode) artifactsArrayNode.get(index); @@ -660,7 +680,7 @@ public class SdcCatalogServices { } // Method to get the artifact for any particular VF - private List getFieldPathFromVF(String vfResponse) { + private List getFieldPathFromVF(String vfResponse) throws GeneralSecurityException { List cldsVfKPIDataList = new ArrayList<>(); ObjectMapper mapper = new ObjectMapper(); ObjectNode vfResponseNode; @@ -671,7 +691,6 @@ public class SdcCatalogServices { return cldsVfKPIDataList; } ArrayNode artifactsArrayNode = (ArrayNode) vfResponseNode.get("artifacts"); - if (artifactsArrayNode != null && artifactsArrayNode.size() > 0) { for (int index = 0; index < artifactsArrayNode.size(); index++) { ObjectNode currArtifactNode = (ObjectNode) artifactsArrayNode.get(index); @@ -682,7 +701,7 @@ public class SdcCatalogServices { artifactName = artifactNameNode.textValue(); artifactName = artifactName.substring(artifactName.lastIndexOf('.') + 1); } - if (artifactUrlNode != null && "csv".equalsIgnoreCase(artifactName)) { + if (artifactUrlNode != null && "csv".equalsIgnoreCase(artifactName)) { String responsesFromArtifactUrl = getResponsesFromArtifactUrl(artifactUrlNode.textValue()); cldsVfKPIDataList.addAll(parseCsvToGetFieldPath(responsesFromArtifactUrl)); logger.info(responsesFromArtifactUrl); @@ -697,24 +716,19 @@ public class SdcCatalogServices { logger.debug("invalid csv field path Record,total columns less than 6: " + record); return null; } - if (StringUtils.isBlank(record.get(1)) || StringUtils.isBlank(record.get(3)) || StringUtils.isBlank(record.get(5))) { logger.debug("Invalid csv field path Record,one of column is having blank value : " + record); return null; } - CldsVfKPIData cldsVfKPIData = new CldsVfKPIData(); cldsVfKPIData.setNfNamingCode(record.get(0).trim()); cldsVfKPIData.setNfNamingValue(record.get(1).trim()); - cldsVfKPIData.setFieldPath(record.get(2).trim()); cldsVfKPIData.setFieldPathValue(record.get(3).trim()); - cldsVfKPIData.setThresholdName(record.get(4).trim()); cldsVfKPIData.setThresholdValue(record.get(5).trim()); return cldsVfKPIData; - } // Method to get the artifactURL Data and set the CldsVfKPIData node @@ -759,7 +773,14 @@ public class SdcCatalogServices { cldsAlarmConditionList.add(cldsAlarmCondition); } - public String getResponsesFromArtifactUrl(String artifactsUrl) { + /** + * Get the responses for the current artifact from the artifacts URL. + * + * @param artifactsUrl + * @return + * @throws GeneralSecurityException + */ + public String getResponsesFromArtifactUrl(String artifactsUrl) throws GeneralSecurityException { String hostUrl = refProp.getStringValue("sdc.hostUrl"); String artifactsUrlReworked = artifactsUrl.replaceAll("\"", ""); String artifactUrl = hostUrl + artifactsUrlReworked; @@ -771,27 +792,29 @@ public class SdcCatalogServices { /** * Service to services/resources/artifacts from sdc.Pass alarmConditions as - * true to get alarmconditons from artifact url and else it is false - * + * true to get alarm conditons from artifact url and else it is false + * * @param url * @param alarmConditions * @return + * @throws GeneralSecurityException + * In case of issue when decrypting the SDC password + * */ - public String getCldsServicesOrResourcesBasedOnURL(String url, boolean alarmConditions) { + public String getCldsServicesOrResourcesBasedOnURL(String url, boolean alarmConditions) + throws GeneralSecurityException { Date startTime = new Date(); try { LoggingUtils.setTargetContext("SDC", "getCldsServicesOrResourcesBasedOnURL"); String urlReworked = removeUnwantedBracesFromString(url); URL urlObj = new URL(urlReworked); - HttpURLConnection conn = (HttpURLConnection) urlObj.openConnection(); - String basicAuth = SdcReq.getSdcBasicAuth(refProp); + String basicAuth = sdcReq.getSdcBasicAuth(); conn.setRequestProperty(refProp.getStringValue("sdc.InstanceID"), "CLAMP-Tool"); conn.setRequestProperty("Authorization", basicAuth); conn.setRequestProperty("Content-Type", "application/json;charset=UTF-8"); conn.setRequestProperty("X-ECOMP-RequestID", LoggingUtils.getRequestId()); conn.setRequestMethod("GET"); - int responseCode = conn.getResponseCode(); logger.info("Sdc resource url - " + urlReworked + " , responseCode=" + responseCode); StringBuilder response; @@ -818,7 +841,6 @@ public class SdcCatalogServices { LoggingUtils.setTimeContext(startTime, new Date()); metricsLogger.info("getCldsServicesOrResourcesBasedOnURL completed"); } - } /** @@ -833,19 +855,15 @@ public class SdcCatalogServices { ObjectMapper mapper = new ObjectMapper(); ObjectNode globalPropsJson; if (cldsServiceData != null && cldsServiceData.getServiceUUID() != null) { - // Objectnode to save all byservice, byvf , byvfc and byalarm nodes ObjectNode byIdObjectNode = mapper.createObjectNode(); - // To create vf ResourceUUID node with serviceInvariantUUID ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(mapper, cldsServiceData); byIdObjectNode.putPOJO("byService", invariantUuidObjectNodeWithVf); - // To create byVf and vfcResourceNode with vfResourceUUID ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(mapper, cldsServiceData.getCldsVfs()); byIdObjectNode.putPOJO("byVf", vfcObjectNodeByVfUuid); - // To create byKpi ObjectNode kpiObjectNode = mapper.createObjectNode(); if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) { @@ -856,7 +874,6 @@ public class SdcCatalogServices { } } byIdObjectNode.putPOJO("byKpi", kpiObjectNode); - // To create byVfc and alarmCondition with vfcResourceUUID ObjectNode vfcResourceUuidObjectNode = mapper.createObjectNode(); if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) { @@ -868,23 +885,17 @@ public class SdcCatalogServices { } } byIdObjectNode.putPOJO("byVfc", vfcResourceUuidObjectNode); - // To create byAlarmCondition with alarmConditionKey List allAlarmConditions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData, "alarmCondition"); ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(mapper, allAlarmConditions); - byIdObjectNode.putPOJO("byAlarmCondition", alarmCondObjectNodeByAlarmKey); - // To create byAlertDescription with AlertDescription List allAlertDescriptions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData, "alertDescription"); ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(mapper, allAlertDescriptions); - byIdObjectNode.putPOJO("byAlertDescription", alertDescObjectNodeByAlert); - globalPropsJson = decodeGlobalProp(globalProps, mapper); - globalPropsJson.putPOJO("shared", byIdObjectNode); logger.info("value of objNode:" + globalPropsJson); } else { @@ -940,7 +951,6 @@ public class SdcCatalogServices { */ private List getAllAlarmConditionsFromCldsVfData(CldsVfData currCldsVfData, String eventName) { List alarmCondList = new ArrayList<>(); - if (currCldsVfData != null && currCldsVfData.getCldsVfcs() != null && !currCldsVfData.getCldsVfcs().isEmpty()) { for (CldsVfcData currCldsVfcData : currCldsVfData.getCldsVfcs()) { alarmCondList.addAll(getAllAlarmConditionsFromCldsVfcData(currCldsVfcData, eventName)); @@ -962,7 +972,6 @@ public class SdcCatalogServices { private List getAllAlarmConditionsFromCldsVfcData(CldsVfcData currCldsVfcData, String eventName) { List alarmCondList = new ArrayList<>(); - if (currCldsVfcData != null && currCldsVfcData.getCldsAlarmConditions() != null && !currCldsVfcData.getCldsAlarmConditions().isEmpty()) { for (CldsAlarmCondition currCldsAlarmCondition : currCldsVfcData.getCldsAlarmConditions()) { @@ -978,7 +987,6 @@ public class SdcCatalogServices { private ObjectNode createAlarmCondObjectNodeByAlarmKey(ObjectMapper mapper, List cldsAlarmCondList) { ObjectNode alarmCondKeyNode = mapper.createObjectNode(); - if (cldsAlarmCondList != null && !cldsAlarmCondList.isEmpty()) { for (CldsAlarmCondition currCldsAlarmCondition : cldsAlarmCondList) { if (currCldsAlarmCondition != null) { @@ -1022,17 +1030,13 @@ public class SdcCatalogServices { for (CldsVfKPIData currCldsVfKpiData : cldsVfKpiDataList) { if (currCldsVfKpiData != null) { ObjectNode thresholdNameObjectNode = mapper.createObjectNode(); - ObjectNode fieldPathObjectNode = mapper.createObjectNode(); ObjectNode nfNamingCodeNode = mapper.createObjectNode(); - fieldPathObjectNode.put(currCldsVfKpiData.getFieldPathValue(), currCldsVfKpiData.getFieldPathValue()); nfNamingCodeNode.put(currCldsVfKpiData.getNfNamingValue(), currCldsVfKpiData.getNfNamingValue()); - thresholdNameObjectNode.putPOJO("fieldPath", fieldPathObjectNode); thresholdNameObjectNode.putPOJO("nfNamingCode", nfNamingCodeNode); - vfResourceUuidObjectNode.putPOJO(currCldsVfKpiData.getThresholdValue(), thresholdNameObjectNode); } } @@ -1050,9 +1054,7 @@ public class SdcCatalogServices { if (currCldsVfcData.getCldsAlarmConditions() != null && !currCldsVfcData.getCldsAlarmConditions().isEmpty()) { for (CldsAlarmCondition currCldsAlarmCondition : currCldsVfcData.getCldsAlarmConditions()) { - alarmCondNode.put(currCldsAlarmCondition.getAlarmConditionKey(), - currCldsAlarmCondition.getAlarmConditionKey()); - if ("alarmCondition".equalsIgnoreCase(currCldsAlarmCondition.getEventName())) { + if ("alarmCondition".equalsIgnoreCase(currCldsAlarmCondition.getEventName())) { alarmCondNode.put(currCldsAlarmCondition.getAlarmConditionKey(), currCldsAlarmCondition.getAlarmConditionKey()); } else { @@ -1061,7 +1063,6 @@ public class SdcCatalogServices { } } } - vfcObjectNode.putPOJO("alarmCondition", alarmCondNode); vfcObjectNode.putPOJO("alertDescription", alertDescNode); vfcResourceUuidObjectNode.putPOJO(currCldsVfcData.getVfcInvariantResourceUUID(), vfcObjectNode); @@ -1085,7 +1086,6 @@ public class SdcCatalogServices { */ private ObjectNode createVfcObjectNodeByVfUuid(ObjectMapper mapper, List cldsVfDataList) { ObjectNode vfUuidObjectNode = mapper.createObjectNode(); - if (cldsVfDataList != null && !cldsVfDataList.isEmpty()) { for (CldsVfData currCldsVfData : cldsVfDataList) { if (currCldsVfData != null) { @@ -1094,8 +1094,11 @@ public class SdcCatalogServices { ObjectNode kpiObjectNode = mapper.createObjectNode(); if (currCldsVfData.getCldsVfcs() != null && !currCldsVfData.getCldsVfcs().isEmpty()) { for (CldsVfcData currCldsVfcData : currCldsVfData.getCldsVfcs()) { - vfcUuidNode.put(currCldsVfcData.getVfcInvariantResourceUUID(), - currCldsVfcData.getVfcName()); + if (currCldsVfcData.getCldsAlarmConditions() != null + && !currCldsVfcData.getCldsAlarmConditions().isEmpty()) { + vfcUuidNode.put(currCldsVfcData.getVfcInvariantResourceUUID(), + currCldsVfcData.getVfcName()); + } } } else { vfcUuidNode.put("", ""); @@ -1159,9 +1162,9 @@ public class SdcCatalogServices { } public String updateControlLoopStatusToDcae(String dcaeUrl, String invariantResourceUuid, - String invariantServiceUuid, String artifactName) { + String invariantServiceUuid, String artifactName) throws GeneralSecurityException { String baseUrl = refProp.getStringValue("sdc.serviceUrl"); - String basicAuth = SdcReq.getSdcBasicAuth(refProp); + String basicAuth = sdcReq.getSdcBasicAuth(); String postStatusData = "{ \n" + "\"event\" : \"" + "Created" + "\",\n" + "\"serviceUUID\" : \"" + invariantServiceUuid + "\",\n" + "\"resourceUUID\" :\"" + invariantResourceUuid + "\",\n" + "\"artifactName\" : \"" + artifactName + "\",\n" + "} \n"; @@ -1171,22 +1174,18 @@ public class SdcCatalogServices { url = dcaeUrl + "/closed-loops"; } URL urlObj = new URL(url); - HttpURLConnection conn = (HttpURLConnection) urlObj.openConnection(); conn.setRequestProperty(refProp.getStringValue("sdc.InstanceID"), "CLAMP-Tool"); conn.setRequestProperty("Authorization", basicAuth); conn.setRequestProperty("Content-Type", "application/json;charset=UTF-8"); conn.setRequestProperty("X-ECOMP-RequestID", LoggingUtils.getRequestId()); conn.setRequestMethod("POST"); - - byte[] postData = SdcReq.stringToByteArray(postStatusData); + byte[] postData = sdcReq.stringToByteArray(postStatusData); try (DataOutputStream wr = new DataOutputStream(conn.getOutputStream())) { wr.write(postData); } - int responseCode = conn.getResponseCode(); logger.info("responseCode=" + responseCode); - String resp = getResponse(conn); if (resp != null) { return resp; @@ -1203,8 +1202,12 @@ public class SdcCatalogServices { * @param resourceType * The resourceType * @return The list of CldsSdcResourceBasicInfo + * @throws GeneralSecurityException + * In case of issue when decryting the SDC password + * */ - private List getAllSdcVForVfcResourcesBasedOnResourceType(String resourceType) { + private List getAllSdcVForVfcResourcesBasedOnResourceType(String resourceType) + throws GeneralSecurityException { String catalogUrl = refProp.getStringValue("sdc.catalog.url"); String resourceUrl = catalogUrl + "resources?resourceType=" + resourceType; String allSdcVfcResources = getCldsServicesOrResourcesBasedOnURL(resourceUrl, false); @@ -1260,10 +1263,12 @@ public class SdcCatalogServices { * @param locationArtifactName * The location artifact name from where we can get the Artifact * UUID - * + * @throws GeneralSecurityException + * In case of issues to decrypt the SDC password */ public void uploadToSdc(ModelProperties prop, String userid, List sdcReqUrlsList, String formattedSdcReq, - String formattedSdcLocationReq, String artifactName, String locationArtifactName) { + String formattedSdcLocationReq, String artifactName, String locationArtifactName) + throws GeneralSecurityException { logger.info("userid=" + userid); String serviceInvariantUuid = getServiceInvariantUuidFromProps(prop); if (sdcReqUrlsList != null && !sdcReqUrlsList.isEmpty()) { diff --git a/src/main/java/org/onap/clamp/clds/client/SdcSendReqDelegate.java b/src/main/java/org/onap/clamp/clds/client/SdcSendReqDelegate.java index 2d327f5da..90bdcb3a1 100644 --- a/src/main/java/org/onap/clamp/clds/client/SdcSendReqDelegate.java +++ b/src/main/java/org/onap/clamp/clds/client/SdcSendReqDelegate.java @@ -23,6 +23,9 @@ package org.onap.clamp.clds.client; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + import java.util.List; import org.camunda.bpm.engine.delegate.DelegateExecution; @@ -33,27 +36,23 @@ import org.onap.clamp.clds.model.prop.ModelProperties; import org.onap.clamp.clds.model.refprop.RefProp; import org.springframework.beans.factory.annotation.Autowired; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - /** * Send control loop model to dcae proxy. */ public class SdcSendReqDelegate implements JavaDelegate { protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SdcSendReqDelegate.class); protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - @Autowired - private RefProp refProp; - + private SdcReq sdcReq; @Autowired - private SdcCatalogServices sdcCatalogServices; - - private String baseUrl; - private String artifactType; - private String locationArtifactType; - private String artifactLabel; - private String locationArtifactLabel; + private RefProp refProp; + @Autowired + private SdcCatalogServices sdcCatalogServices; + private String baseUrl; + private String artifactType; + private String locationArtifactType; + private String artifactLabel; + private String locationArtifactLabel; /** * Perform activity. Send to sdc proxy. @@ -69,36 +68,37 @@ public class SdcSendReqDelegate implements JavaDelegate { execution.setVariable("artifactName", artifactName); getSdcAttributes((String) execution.getVariable("controlName")); ModelProperties prop = ModelProperties.create(execution); - String bluprintPayload = SdcReq.formatBlueprint(refProp, prop, docText); - // no need to upload blueprint for Holmes, thus blueprintPayload for Holmes is empty + String bluprintPayload = sdcReq.formatBlueprint(prop, docText); + // no need to upload blueprint for Holmes, thus blueprintPayload for + // Holmes is empty if (!bluprintPayload.isEmpty()) { - String formattedSdcReq = SdcReq.formatSdcReq(bluprintPayload, artifactName, artifactLabel, artifactType); + String formattedSdcReq = sdcReq.formatSdcReq(bluprintPayload, artifactName, artifactLabel, artifactType); if (formattedSdcReq != null) { execution.setVariable("formattedArtifactReq", formattedSdcReq.getBytes()); } - List sdcReqUrlsList = SdcReq.getSdcReqUrlsList(prop, baseUrl, sdcCatalogServices, execution); - - String sdcLocationsPayload = SdcReq.formatSdcLocationsReq(prop, artifactName); + List sdcReqUrlsList = sdcReq.getSdcReqUrlsList(prop, baseUrl, sdcCatalogServices, execution); + String sdcLocationsPayload = sdcReq.formatSdcLocationsReq(prop, artifactName); String locationArtifactName = (String) execution.getVariable("controlName") + "-location.json"; - String formattedSdcLocationReq = SdcReq.formatSdcReq(sdcLocationsPayload, locationArtifactName, - locationArtifactLabel, locationArtifactType); + String formattedSdcLocationReq = sdcReq.formatSdcReq(sdcLocationsPayload, locationArtifactName, + locationArtifactLabel, locationArtifactType); if (formattedSdcLocationReq != null) { execution.setVariable("formattedLocationReq", formattedSdcLocationReq.getBytes()); } sdcCatalogServices.uploadToSdc(prop, userid, sdcReqUrlsList, formattedSdcReq, formattedSdcLocationReq, - artifactName, locationArtifactName); + artifactName, locationArtifactName); } } /** * Method to get sdc service values from properties file. + * * @param controlName */ private void getSdcAttributes(String controlName) { baseUrl = refProp.getStringValue("sdc.serviceUrl"); - artifactLabel = SdcReq + artifactLabel = sdcReq .normalizeResourceInstanceName(refProp.getStringValue("sdc.artifactLabel") + "-" + controlName); - locationArtifactLabel = SdcReq + locationArtifactLabel = sdcReq .normalizeResourceInstanceName(refProp.getStringValue("sdc.locationArtifactLabel") + "-" + controlName); artifactType = refProp.getStringValue("sdc.artifactType"); locationArtifactType = refProp.getStringValue("sdc.locationArtifactType"); diff --git a/src/main/java/org/onap/clamp/clds/client/req/SdcReq.java b/src/main/java/org/onap/clamp/clds/client/req/SdcReq.java index 640d3b0cd..38e3b15a0 100644 --- a/src/main/java/org/onap/clamp/clds/client/req/SdcReq.java +++ b/src/main/java/org/onap/clamp/clds/client/req/SdcReq.java @@ -31,15 +31,14 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; -import com.fasterxml.jackson.dataformat.yaml.snakeyaml.Yaml; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.Base64; import java.util.Iterator; import java.util.List; -import java.util.Map; import java.util.Map.Entry; import org.apache.commons.codec.digest.DigestUtils; @@ -51,19 +50,23 @@ import org.onap.clamp.clds.model.prop.Global; import org.onap.clamp.clds.model.prop.ModelProperties; import org.onap.clamp.clds.model.prop.Tca; import org.onap.clamp.clds.model.refprop.RefProp; +import org.onap.clamp.clds.util.CryptoUtils; +import org.springframework.beans.factory.annotation.Autowired; /** * Construct a Sdc request given CLDS objects. */ public class SdcReq { + @Autowired + protected CryptoUtils cryptoUtils; protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SdcReq.class); protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); + @Autowired + protected RefProp refProp; /** * Format the Blueprint from a Yaml * - * @param refProp - * The RefProp instance containing the Clds config * @param prop * The ModelProperties describing the clds model * @param docText @@ -77,14 +80,9 @@ public class SdcReq { * @throws IOException * In case of issues */ - public static String formatBlueprint(RefProp refProp, ModelProperties prop, String docText) + public String formatBlueprint(ModelProperties prop, String docText) throws JsonParseException, JsonMappingException, IOException { - - Global globalProp = prop.getGlobal(); - String service = globalProp.getService(); - String yamlvalue = getYamlvalue(docText); - String updatedBlueprint = ""; Tca tca = prop.getType(Tca.class); if (tca.isFound()) { @@ -94,7 +92,17 @@ public class SdcReq { return updatedBlueprint; } - public static String formatSdcLocationsReq(ModelProperties prop, String artifactName) { + /** + * Format the SDC Locations Request in the JSON Format + * + * @param prop + * The ModelProperties describing the clds model + * @param artifactName + * The name of the artifact + * + * @return SDC Locations request in the JSON Format + */ + public String formatSdcLocationsReq(ModelProperties prop, String artifactName) { ObjectMapper objectMapper = new ObjectMapper(); Global global = prop.getGlobal(); List locationsList = global.getLocation(); @@ -106,12 +114,27 @@ public class SdcReq { locationObject.put("artifactName", artifactName); locationObject.putPOJO("locations", locationsArrayNode); String locationJsonFormat = locationObject.toString(); - logger.info("Value of locaation Json Artifact:" + locationsArrayNode); + logger.info("Value of location Json Artifact:" + locationsArrayNode); return locationJsonFormat; } - public static String formatSdcReq(String payloadData, String artifactName, String artifactLabel, - String artifactType) throws IOException { + /** + * Format the SDC Request + * + * @param payloadData + * The ModelProperties describing the clds model + * @param artifactName + * The name of the artifact + * @param artifactLabel + * The Label of the artifact + * @param artifactType + * The type of the artifact + * @return formatted SDC Request + * @throws IOException + * In case of issues + */ + public String formatSdcReq(String payloadData, String artifactName, String artifactLabel, String artifactType) + throws IOException { logger.info("artifact=" + payloadData); String base64Artifact = base64Encode(payloadData); return "{ \n" + "\"payloadData\" : \"" + base64Artifact + "\",\n" + "\"artifactLabel\" : \"" + artifactLabel @@ -120,7 +143,16 @@ public class SdcReq { + "} \n"; } - public static String getSdcReqUrl(ModelProperties prop, String url) { + /** + * Get the SDC Request URL + * + * @param prop + * The ModelProperties describing the clds model + * @param url + * url + * @return SDC Request URL + */ + public String getSdcReqUrl(ModelProperties prop, String url) { Global globalProps = prop.getGlobal(); String serviceUUID = ""; String resourceInstanceName = ""; @@ -143,13 +175,14 @@ public class SdcReq { * @param prop * @param baseUrl * @param sdcCatalogServices + * @param execution * @return + * @throws GeneralSecurityException */ - public static List getSdcReqUrlsList(ModelProperties prop, String baseUrl, - SdcCatalogServices sdcCatalogServices, DelegateExecution execution) { + public List getSdcReqUrlsList(ModelProperties prop, String baseUrl, SdcCatalogServices sdcCatalogServices, + DelegateExecution execution) throws GeneralSecurityException { // TODO : refact and regroup with very similar code List urlList = new ArrayList<>(); - Global globalProps = prop.getGlobal(); if (globalProps != null) { if (globalProps.getService() != null) { @@ -178,7 +211,6 @@ public class SdcReq { } } } - return urlList; } @@ -190,7 +222,7 @@ public class SdcReq { * @param inText * @return */ - public static String normalizeResourceInstanceName(String inText) { + public String normalizeResourceInstanceName(String inText) { return inText.replace(" ", "").replace("-", "").replace(".", "").toLowerCase(); } @@ -200,7 +232,7 @@ public class SdcReq { * @param data * @return */ - public static String calculateMD5ByString(String data) { + public String calculateMD5ByString(String data) { String calculatedMd5 = DigestUtils.md5Hex(data); // encode base-64 result return base64Encode(calculatedMd5.getBytes()); @@ -212,7 +244,7 @@ public class SdcReq { * @param inText * @return */ - public static String base64Encode(String inText) { + public String base64Encode(String inText) { return base64Encode(stringToByteArray(inText)); } @@ -222,7 +254,7 @@ public class SdcReq { * @param inText * @return */ - public static byte[] stringToByteArray(String inText) { + public byte[] stringToByteArray(String inText) { return inText.getBytes(StandardCharsets.UTF_8); } @@ -232,7 +264,7 @@ public class SdcReq { * @param bytes * @return */ - public static String base64Encode(byte[] bytes) { + public String base64Encode(byte[] bytes) { Base64.Encoder encoder = Base64.getEncoder(); return encoder.encodeToString(bytes); } @@ -241,12 +273,15 @@ public class SdcReq { * Return SDC id and pw as a HTTP Basic Auth string (for example: Basic * dGVzdDoxMjM0NTY=). * - * @return + * @return The String with Basic Auth and password + * @throws GeneralSecurityException + * In case of issue when decryting the SDC password */ - public static String getSdcBasicAuth(RefProp refProp) { + public String getSdcBasicAuth() throws GeneralSecurityException { String sdcId = refProp.getStringValue("sdc.serviceUsername"); String sdcPw = refProp.getStringValue("sdc.servicePassword"); - String idPw = base64Encode(sdcId + ":" + sdcPw); + String password = cryptoUtils.decrypt(sdcPw); + String idPw = base64Encode(sdcId + ":" + password); return "Basic " + idPw; } @@ -257,7 +292,7 @@ public class SdcReq { * @return * @throws IOException */ - public static String getYamlvalue(String docText) throws IOException { + public String getYamlvalue(String docText) throws IOException { ObjectMapper objectMapper = new ObjectMapper(); String yamlFileValue = ""; ObjectNode root = objectMapper.readValue(docText, ObjectNode.class); diff --git a/src/main/java/org/onap/clamp/clds/config/CamundaEngineConfiguration.java b/src/main/java/org/onap/clamp/clds/config/CamundaEngineConfiguration.java index a27cc69ba..3790e235f 100644 --- a/src/main/java/org/onap/clamp/clds/config/CamundaEngineConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/CamundaEngineConfiguration.java @@ -23,9 +23,10 @@ package org.onap.clamp.clds.config; +import java.security.GeneralSecurityException; + import javax.sql.DataSource; -import org.springframework.boot.autoconfigure.jdbc.DataSourceBuilder; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -33,15 +34,17 @@ import org.springframework.context.annotation.Primary; @Configuration public class CamundaEngineConfiguration { - /** - * Camunda Identity databse DataSource configuration + * Camunda Identity database DataSource configuration + * + * @return + * @throws GeneralSecurityException + * In case of issue during the decoding of the password */ @Primary @Bean(name = "camundaBpmDataSource") @ConfigurationProperties(prefix = "spring.datasource.camunda") public DataSource dataSource() { - return DataSourceBuilder.create().build(); + return new EncodedPasswordBasicDataSource(); } - } diff --git a/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java b/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java index 6b7d337ec..0c73ac71f 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java @@ -26,6 +26,7 @@ package org.onap.clamp.clds.config; import com.att.ajsc.common.AjscProvider; import com.att.ajsc.common.AjscService; +import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.List; @@ -44,12 +45,12 @@ import org.onap.clamp.clds.client.SdcCatalogServices; import org.onap.clamp.clds.client.SdcSendReqDelegate; import org.onap.clamp.clds.client.TcaPolicyDelegate; import org.onap.clamp.clds.client.TcaPolicyDeleteDelegate; +import org.onap.clamp.clds.client.req.SdcReq; import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.model.refprop.RefProp; import org.onap.clamp.clds.transform.XslTransformer; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.boot.autoconfigure.jdbc.DataSourceBuilder; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; @@ -59,17 +60,18 @@ import org.springframework.context.annotation.Profile; @Configuration @Profile("clamp-default") public class CldsConfiguration { - @Autowired private ApplicationContext context; /** * Clds Identity database DataSource configuration + * + * @return */ @Bean(name = "cldsDataSource") @ConfigurationProperties(prefix = "spring.datasource.cldsdb") public DataSource cldsDataSource() { - return DataSourceBuilder.create().build(); + return new EncodedPasswordBasicDataSource(); } @Bean(name = "jaxrsProviders") @@ -101,6 +103,11 @@ public class CldsConfiguration { return new RefProp(); } + @Bean + public SdcReq getSdcReq() { + return new SdcReq(); + } + @Bean public PolicyClient getPolicyClient() { return new PolicyClient(); @@ -160,5 +167,4 @@ public class CldsConfiguration { public HolmesPolicyDeleteDelegate getHolmesPolicyDeleteDelegate() { return new HolmesPolicyDeleteDelegate(); } - } \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java index 19e3caa39..157063456 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java @@ -24,12 +24,15 @@ package org.onap.clamp.clds.service; import com.att.ajsc.common.AjscService; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; import java.io.IOException; import java.io.InputStream; +import java.security.GeneralSecurityException; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -39,6 +42,7 @@ import java.util.UUID; import java.util.concurrent.TimeUnit; import javax.annotation.PostConstruct; +import javax.ws.rs.BadRequestException; import javax.ws.rs.Consumes; import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; @@ -62,11 +66,13 @@ import org.onap.clamp.clds.client.SdcCatalogServices; import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.exception.CldsConfigException; import org.onap.clamp.clds.exception.SdcCommunicationException; +import org.onap.clamp.clds.exception.policy.PolicyClientException; import org.onap.clamp.clds.model.CldsDBServiceCache; import org.onap.clamp.clds.model.CldsEvent; import org.onap.clamp.clds.model.CldsHealthCheck; import org.onap.clamp.clds.model.CldsInfo; import org.onap.clamp.clds.model.CldsModel; +import org.onap.clamp.clds.model.CldsModelProp; import org.onap.clamp.clds.model.CldsSdcResource; import org.onap.clamp.clds.model.CldsSdcServiceDetail; import org.onap.clamp.clds.model.CldsSdcServiceInfo; @@ -74,6 +80,7 @@ import org.onap.clamp.clds.model.CldsServiceData; import org.onap.clamp.clds.model.CldsTemplate; import org.onap.clamp.clds.model.DcaeEvent; import org.onap.clamp.clds.model.ValueItem; +import org.onap.clamp.clds.model.prop.AbstractModelElement; import org.onap.clamp.clds.model.prop.ModelProperties; import org.onap.clamp.clds.model.refprop.RefProp; import org.onap.clamp.clds.transform.XslTransformer; @@ -94,37 +101,26 @@ import io.swagger.annotations.ApiOperation; @Api(value = "/clds") @Path("/clds") public class CldsService extends SecureServiceBase { - + protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); @Autowired - private ApplicationContext appContext; - - private static final String RESOURCE_NAME = "clds-version.properties"; - + private ApplicationContext appContext; + private static final String RESOURCE_NAME = "clds-version.properties"; @Value("${CLDS_PERMISSION_TYPE_CL:permission-type-cl}") - private String cldsPersmissionTypeCl; - + private String cldsPersmissionTypeCl; @Value("${CLDS_PERMISSION_TYPE_CL_MANAGE:permission-type-cl-manage}") - private String cldsPermissionTypeClManage; - + private String cldsPermissionTypeClManage; @Value("${CLDS_PERMISSION_TYPE_CL_EVENT:permission-type-cl-event}") - private String cldsPermissionTypeClEvent; - + private String cldsPermissionTypeClEvent; @Value("${CLDS_PERMISSION_TYPE_FILTER_VF:permission-type-filter-vf}") - private String cldsPermissionTypeFilterVf; - + private String cldsPermissionTypeFilterVf; @Value("${CLDS_PERMISSION_TYPE_TEMPLATE:permission-type-template}") - private String cldsPermissionTypeTemplate; - + private String cldsPermissionTypeTemplate; @Value("${CLDS_PERMISSION_INSTANCE:dev}") - private String cldsPermissionInstance; - - private SecureServicePermission permissionReadCl; - - private SecureServicePermission permissionUpdateCl; - - private SecureServicePermission permissionReadTemplate; - - private SecureServicePermission permissionUpdateTemplate; + private String cldsPermissionInstance; + private SecureServicePermission permissionReadCl; + private SecureServicePermission permissionUpdateCl; + private SecureServicePermission permissionReadTemplate; + private SecureServicePermission permissionUpdateTemplate; @PostConstruct private final void afterConstruction() { @@ -138,25 +134,19 @@ public class CldsService extends SecureServiceBase { @Value("${org.onap.clamp.config.files.globalClds:'classpath:/clds/globalClds.properties'}") private String globalClds; - private Properties globalCldsProperties; - @Autowired private CldsDao cldsDao; @Autowired private RuntimeService runtimeService; @Autowired private XslTransformer cldsBpmnTransformer; - @Autowired private RefProp refProp; - @Autowired private SdcCatalogServices sdcCatalogServices; - @Autowired private DcaeDispatcherServices dcaeDispatcherServices; - @Autowired private DcaeInventoryServices dcaeInventoryServices; @@ -173,23 +163,20 @@ public class CldsService extends SecureServiceBase { * that is currently installed from pom.xml file 3. User permissions * */ - @GET @Path("/cldsInfo") @Produces(MediaType.APPLICATION_JSON) public CldsInfo getCldsInfo() { - CldsInfo cldsInfo = new CldsInfo(); - + Date startTime = new Date(); + LoggingUtils.setRequestContext("CldsService: GET cldsInfo", getPrincipalName()); + LoggingUtils.setTimeContext(startTime, new Date()); // Get the user info cldsInfo.setUserName(getUserName()); - // Get CLDS application version String cldsVersion = ""; Properties props = new Properties(); - ClassLoader loader = Thread.currentThread().getContextClassLoader(); - try (InputStream resourceStream = loader.getResourceAsStream(RESOURCE_NAME)) { props.load(resourceStream); cldsVersion = props.getProperty("clds.version"); @@ -197,22 +184,31 @@ public class CldsService extends SecureServiceBase { logger.error("Exception caught during the clds.version reading", ex); } cldsInfo.setCldsVersion(cldsVersion); - // Get the user list of permissions cldsInfo.setPermissionReadCl(isAuthorizedNoException(permissionReadCl)); cldsInfo.setPermissionUpdateCl(isAuthorizedNoException(permissionUpdateCl)); cldsInfo.setPermissionReadTemplate(isAuthorizedNoException(permissionReadTemplate)); cldsInfo.setPermissionUpdateTemplate(isAuthorizedNoException(permissionUpdateTemplate)); + // audit log + LoggingUtils.setTimeContext(startTime, new Date()); + LoggingUtils.setResponseContext("0", "Get cldsInfo success", this.getClass().getName()); + securityLogger.info("GET cldsInfo completed"); return cldsInfo; } + /** + * REST service that retrieves clds healthcheck information. + * + * @return CldsHealthCheck class containing healthcheck info + */ @GET @Path("/healthcheck") @Produces(MediaType.APPLICATION_JSON) public CldsHealthCheck gethealthcheck() { - CldsHealthCheck cldsHealthCheck = new CldsHealthCheck(); - + Date startTime = new Date(); + LoggingUtils.setRequestContext("CldsService: GET healthcheck", getPrincipalName()); + LoggingUtils.setTimeContext(startTime, new Date()); try { cldsDao.doHealthCheck(); cldsHealthCheck.setHealthCheckComponent("CLDS-APP"); @@ -224,8 +220,11 @@ public class CldsService extends SecureServiceBase { cldsHealthCheck.setHealthCheckStatus("DOWN"); cldsHealthCheck.setDescription("NOT-OK"); } + // audit log + LoggingUtils.setTimeContext(startTime, new Date()); + LoggingUtils.setResponseContext("0", "Get healthcheck success", this.getClass().getName()); + securityLogger.info("GET healthcheck completed"); return cldsHealthCheck; - } /** @@ -253,32 +252,6 @@ public class CldsService extends SecureServiceBase { return model.getBpmnText(); } - /** - * REST service that saves BPMN for a CLDS model by name in the database. - * This is subset of the json putModel. This is only expected to be used for - * testing purposes, not by the UI. - * - * @param modelName - */ - @ApiOperation(value = "Saves BPMN for a CLDS model by name in the database", notes = "This is only expected to be used for testing purposes, not by the UI", response = String.class) - @PUT - @Path("/model/bpmn/{modelName}") - @Consumes(MediaType.TEXT_XML) - public String putBpmnXml(@PathParam("modelName") String modelName, String bpmnText) { - LoggingUtils.setRequestContext("CldsService: PUT model bpmn", getPrincipalName()); - isAuthorized(permissionUpdateCl); - logger.info("PUT bpmnText for modelName={}", modelName); - logger.info("PUT bpmnText={}", bpmnText); - CldsModel cldsModel = CldsModel.retrieve(cldsDao, modelName, true); - cldsModel.setBpmnText(bpmnText); - cldsModel.save(cldsDao, getUserId()); - // audit log - LoggingUtils.setTimeContext(new Date(), new Date()); - LoggingUtils.setResponseContext("0", "Put model bpmn success", this.getClass().getName()); - auditLogger.info("PUT model bpmn completed"); - return "wrote bpmnText for modelName=" + modelName; - } - /** * REST service that retrieves image for a CLDS model name from the * database. This is subset of the json getModel. This is only expected to @@ -304,33 +277,6 @@ public class CldsService extends SecureServiceBase { return model.getImageText(); } - /** - * REST service that saves image for a CLDS model by name in the database. - * This is subset of the json putModel. This is only expected to be used for - * testing purposes, not by the UI. - * - * @param modelName - */ - @ApiOperation(value = "Saves image for a CLDS model by name in the database", notes = "This is only expected to be used for testing purposes, not by the UI", response = String.class) - @PUT - @Path("/model/image/{modelName}") - @Consumes(MediaType.TEXT_XML) - public String putImageXml(@PathParam("modelName") String modelName, String imageText) { - Date startTime = new Date(); - LoggingUtils.setRequestContext("CldsService: PUT model image", getPrincipalName()); - isAuthorized(permissionUpdateCl); - logger.info("PUT iamgeText for modelName={}", modelName); - logger.info("PUT imageText={}", imageText); - CldsModel cldsModel = CldsModel.retrieve(cldsDao, modelName, true); - cldsModel.setImageText(imageText); - cldsModel.save(cldsDao, getUserId()); - // audit log - LoggingUtils.setTimeContext(startTime, new Date()); - LoggingUtils.setResponseContext("0", "Put model image success", this.getClass().getName()); - auditLogger.info("PUT model image completed"); - return "wrote imageText for modelName=" + modelName; - } - /** * REST service that retrieves a CLDS model by name from the database. * @@ -349,7 +295,6 @@ public class CldsService extends SecureServiceBase { CldsModel cldsModel = CldsModel.retrieve(cldsDao, modelName, false); isAuthorizedForVf(cldsModel); cldsModel.setUserAuthorizedToUpdate(isAuthorizedNoException(permissionUpdateCl)); - /** * Checking condition whether our CLDS model can call INventory Method */ @@ -392,7 +337,12 @@ public class CldsService extends SecureServiceBase { logger.info("PUT propText={}", cldsModel.getPropText()); logger.info("PUT imageText={}", cldsModel.getImageText()); cldsModel.setName(modelName); - + try { + duplicateCheckforServiceVf(modelName, cldsModel.getPropText()); + } catch (IOException | BadRequestException e) { + logger.error("Exception occured during duplicate check for service and VF", e); + throw new CldsConfigException(e.getMessage(), e); + } if (cldsModel.getTemplateName() != null) { CldsTemplate template = cldsDao.getTemplate(cldsModel.getTemplateName()); if (template != null) { @@ -441,6 +391,7 @@ public class CldsService extends SecureServiceBase { * @return * @throws TransformerException * @throws ParseException + * @throws GeneralSecurityException */ @ApiOperation(value = "Saves and processes an action for a CLDS model by name", notes = "", response = String.class) @PUT @@ -449,7 +400,7 @@ public class CldsService extends SecureServiceBase { @Produces(MediaType.APPLICATION_JSON) public CldsModel putModelAndProcessAction(@PathParam("action") String action, @PathParam("modelName") String modelName, @QueryParam("test") String test, CldsModel model) - throws TransformerException, ParseException { + throws TransformerException, ParseException, GeneralSecurityException { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Process model action", getPrincipalName()); String actionCd = action.toUpperCase(); @@ -460,7 +411,6 @@ public class CldsService extends SecureServiceBase { String userid = getUserId(); String actionStateCd = CldsEvent.ACTION_STATE_INITIATED; String processDefinitionKey = "clds-process-action-wf"; - logger.info("PUT actionCd={}", actionCd); logger.info("PUT actionStateCd={}", actionStateCd); logger.info("PUT processDefinitionKey={}", processDefinitionKey); @@ -471,7 +421,6 @@ public class CldsService extends SecureServiceBase { logger.info("PUT userid={}", userid); logger.info("PUT getTypeId={}", model.getTypeId()); logger.info("PUT deploymentId={}", model.getDeploymentId()); - if (model.getTemplateName() != null) { CldsTemplate template = cldsDao.getTemplate(model.getTemplateName()); if (template != null) { @@ -483,16 +432,13 @@ public class CldsService extends SecureServiceBase { // save model to db model.setName(modelName); model.save(cldsDao, getUserId()); - // get vars and format if necessary String prop = model.getPropText(); String bpmn = model.getBpmnText(); String docText = model.getDocText(); String controlName = model.getControlName(); - String bpmnJson = cldsBpmnTransformer.doXslTransformToString(bpmn); logger.info("PUT bpmnJson={}", bpmnJson); - // Flag indicates whether it is triggered by Validation Test button from // UI boolean isTest = false; @@ -507,17 +453,14 @@ public class CldsService extends SecureServiceBase { } } logger.info("PUT isTest={}", isTest); - boolean isInsertTestEvent = false; String insertTestEvent = refProp.getStringValue("action.insert.test.event"); if (insertTestEvent != null && insertTestEvent.equalsIgnoreCase("true")) { isInsertTestEvent = true; } logger.info("PUT isInsertTestEvent={}", isInsertTestEvent); - // determine if requested action is permitted model.validateAction(actionCd); - // input variables to camunda process Map variables = new HashMap<>(); variables.put("actionCd", actionCd); @@ -531,17 +474,18 @@ public class CldsService extends SecureServiceBase { variables.put("isInsertTestEvent", isInsertTestEvent); logger.info("modelProp - " + prop); logger.info("docText - " + docText); - - // start camunda process - ProcessInstance pi = runtimeService.startProcessInstanceByKey(processDefinitionKey, variables); - - // log process info - logger.info("Started processDefinitionId={}, processInstanceId={}", pi.getProcessDefinitionId(), - pi.getProcessInstanceId()); - + try { + // start camunda process + ProcessInstance pi = runtimeService.startProcessInstanceByKey(processDefinitionKey, variables); + // log process info + logger.info("Started processDefinitionId={}, processInstanceId={}", pi.getProcessDefinitionId(), + pi.getProcessInstanceId()); + } catch (SdcCommunicationException | PolicyClientException | BadRequestException e) { + logger.error("Exception occured during invoking bpmn process", e); + throw new CldsConfigException(e.getMessage(), e); + } // refresh model info from db (get fresh event info) CldsModel retreivedModel = CldsModel.retrieve(cldsDao, modelName, false); - if (actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMIT) || actionCd.equalsIgnoreCase(CldsEvent.ACTION_RESUBMIT)) { // To verify inventory status and modify model status to distribute @@ -552,7 +496,6 @@ public class CldsService extends SecureServiceBase { LoggingUtils.setTimeContext(startTime, new Date()); LoggingUtils.setResponseContext("0", "Process model action success", this.getClass().getName()); auditLogger.info("Process model action completed"); - return retreivedModel; } @@ -579,14 +522,12 @@ public class CldsService extends SecureServiceBase { isAuthorized(permissionEvent); userid = getUserId(); } - // Flag indicates whether it is triggered by Validation Test button from // UI boolean isTest = false; if (test != null && test.equalsIgnoreCase("true")) { isTest = true; } - int instanceCount = 0; if (dcaeEvent.getInstances() != null) { instanceCount = dcaeEvent.getInstances().size(); @@ -595,7 +536,6 @@ public class CldsService extends SecureServiceBase { + " resourceUUID=" + dcaeEvent.getResourceUUID() + " artifactName=" + dcaeEvent.getArtifactName() + " instance count=" + instanceCount + " isTest=" + isTest; logger.info("POST dcae event {}", msgInfo); - if (isTest) { logger.warn("Ignorning test event from DCAE"); } else { @@ -610,24 +550,24 @@ public class CldsService extends SecureServiceBase { LoggingUtils.setTimeContext(startTime, new Date()); LoggingUtils.setResponseContext("0", "Post dcae event success", this.getClass().getName()); auditLogger.info("Post dcae event completed"); - return msgInfo; } /** * REST service that retrieves sdc services + * + * @throws GeneralSecurityException + * In case of issue when decryting the SDC password * - * @throws Exception */ @ApiOperation(value = "Retrieves sdc services", notes = "", response = String.class) @GET @Path("/sdc/services") @Produces(MediaType.APPLICATION_JSON) - public String getSdcServices() { + public String getSdcServices() throws GeneralSecurityException { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET sdc services", getPrincipalName()); String retStr; - String responseStr = sdcCatalogServices.getSdcServicesInformation(null); try { retStr = createUiServiceFormatJson(responseStr); @@ -635,7 +575,6 @@ public class CldsService extends SecureServiceBase { logger.error("IOException during SDC communication", e); throw new SdcCommunicationException("IOException during SDC communication", e); } - logger.info("value of sdcServices : {}", retStr); // audit log LoggingUtils.setTimeContext(startTime, new Date()); @@ -663,6 +602,9 @@ public class CldsService extends SecureServiceBase { * REST service that retrieves total properties by using invariantUUID based * on refresh and non refresh * + * @throws GeneralSecurityException + * In case of issue when decryting the SDC password + * */ @ApiOperation(value = "Retrieves total properties by using invariantUUID based on refresh and non refresh", notes = "", response = String.class) @GET @@ -670,12 +612,11 @@ public class CldsService extends SecureServiceBase { @Produces(MediaType.APPLICATION_JSON) public String getSdcPropertiesByServiceUUIDForRefresh( @PathParam("serviceInvariantUUID") String serviceInvariantUUID, - @DefaultValue("false") @QueryParam("refresh") String refresh) { + @DefaultValue("false") @QueryParam("refresh") String refresh) throws GeneralSecurityException { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET sdc properties by uuid", getPrincipalName()); CldsServiceData cldsServiceData = new CldsServiceData(); cldsServiceData.setServiceInvariantUUID(serviceInvariantUUID); - boolean isCldsSdcDataExpired = true; // To getcldsService information from database cache using invariantUUID // only when refresh = false @@ -698,18 +639,14 @@ public class CldsService extends SecureServiceBase { cldsServiceData.setCldsServiceCache(cldsDao, cldsDBServiceCache); } } - // filter out VFs the user is not authorized for cldsServiceData.filterVfs(this); - // format retrieved data into properties json String sdcProperties = sdcCatalogServices.createPropertiesObjectByUUID(getGlobalCldsString(), cldsServiceData); - // audit log LoggingUtils.setTimeContext(startTime, new Date()); LoggingUtils.setResponseContext("0", "Get sdc properties by uuid success", this.getClass().getName()); auditLogger.info("GET sdc properties by uuid completed"); - return sdcProperties; } @@ -763,7 +700,6 @@ public class CldsService extends SecureServiceBase { logger.info("value of cldsserviceiNfolist: {}", rawList); if (rawList != null && !rawList.isEmpty()) { List cldsSdcServiceInfoList = sdcCatalogServices.removeDuplicateServices(rawList); - for (CldsSdcServiceInfo currCldsSdcServiceInfo : cldsSdcServiceInfoList) { if (currCldsSdcServiceInfo != null) { invariantIdServiceNode.put(currCldsSdcServiceInfo.getInvariantUUID(), @@ -785,7 +721,6 @@ public class CldsService extends SecureServiceBase { */ ObjectNode serviceObjectNode = createEmptyVfAlarmObject(mapper); ObjectNode vfObjectNode = mapper.createObjectNode(); - /** * to create json with vf and vfresourceId */ @@ -793,7 +728,6 @@ public class CldsService extends SecureServiceBase { serviceObjectNode.putPOJO(cldsSdcServiceDetail.getInvariantUUID(), vfObjectNode); ObjectNode byServiceBasicObjetNode = mapper.createObjectNode(); byServiceBasicObjetNode.putPOJO("byService", serviceObjectNode); - /** * to create json with VFC Node */ @@ -827,7 +761,6 @@ public class CldsService extends SecureServiceBase { List rawCldsSdcResourceList) { ObjectNode vfNode = mapper.createObjectNode(); vfNode.put("", ""); - // To remove repeated resource instance name from // resourceInstanceList List cldsSdcResourceList = sdcCatalogServices @@ -843,7 +776,6 @@ public class CldsService extends SecureServiceBase { } } vfObjectNode2.putPOJO("vf", vfNode); - /** * creating location json object using properties file value */ @@ -857,7 +789,6 @@ public class CldsService extends SecureServiceBase { "Unable to load ui.location.default JSON in clds-references.properties properly", e); } vfObjectNode2.putPOJO("location", locationJsonNode); - /** * creating alarm json object using properties file value */ @@ -872,7 +803,6 @@ public class CldsService extends SecureServiceBase { e); } vfObjectNode2.putPOJO("alarmCondition", alarmStringJsonNode); - } private ObjectNode createByVFCObjectNode(ObjectMapper mapper, List cldsSdcResourceList) { @@ -901,7 +831,13 @@ public class CldsService extends SecureServiceBase { @QueryParam("test") String test, CldsModel model) throws IOException { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Deploy model", getPrincipalName()); - String deploymentId = "closedLoop_" + UUID.randomUUID() + "_deploymentId"; + String deploymentId = ""; + // If model is already deployed then pass same deployment id + if (model.getDeploymentId() != null && !model.getDeploymentId().isEmpty()) { + deploymentId = model.getDeploymentId(); + } else { + deploymentId = "closedLoop_" + UUID.randomUUID() + "_deploymentId"; + } String createNewDeploymentStatusUrl = dcaeDispatcherServices.createNewDeployment(deploymentId, model.getTypeId()); String operationStatus = "processing"; @@ -995,4 +931,27 @@ public class CldsService extends SecureServiceBase { throw new CldsConfigException("Unable to load the globalClds due to an exception", e); } } + + private void duplicateCheckforServiceVf(String modelName, String modelPropText) throws IOException { + JsonNode modelJson = new ObjectMapper().readTree(modelPropText); + JsonNode globalNode = modelJson.get("global"); + String service = AbstractModelElement.getValueByName(globalNode, "service"); + List resourceVf = AbstractModelElement.getValuesByName(globalNode, "vf"); + if (resourceVf != null && !resourceVf.isEmpty()) { + List cldsModelPropList = cldsDao.getAllModelProperties(); + for (CldsModelProp cldsModelProp : cldsModelPropList) { + JsonNode currentJson = new ObjectMapper().readTree(cldsModelProp.getPropText()); + JsonNode currentNode = currentJson.get("global"); + String currentService = AbstractModelElement.getValueByName(currentNode, "service"); + List currentVf = AbstractModelElement.getValuesByName(currentNode, "vf"); + if (currentVf != null && !currentVf.isEmpty()) { + if (!modelName.equalsIgnoreCase(cldsModelProp.getName()) && service.equalsIgnoreCase(currentService) + && resourceVf.get(0).equalsIgnoreCase(currentVf.get(0))) { + throw new BadRequestException("Same service/VF already exists in " + cldsModelProp.getName() + + " model, please select different service/VF."); + } + } + } + } + } } diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java index acbd8bbd4..70ba32f58 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java +++ b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java @@ -27,6 +27,7 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.security.Principal; +import java.util.Date; import javax.ws.rs.NotAuthorizedException; import javax.ws.rs.core.Context; @@ -40,6 +41,7 @@ import org.onap.clamp.clds.util.LoggingUtils; public abstract class SecureServiceBase { protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); + protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); // By default we'll set it to a default handler private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); @@ -63,7 +65,10 @@ public abstract class SecureServiceBase { */ public String getUserName() { String name = userNameHandler.retrieveUserName(securityContext); - logger.debug("userName={}", name); + Date startTime = new Date(); + LoggingUtils.setTargetContext("CLDS", "getUserName"); + LoggingUtils.setTimeContext(startTime, new Date()); + securityLogger.debug("User logged into the CLDS system={}", name); return name; } @@ -100,30 +105,33 @@ public abstract class SecureServiceBase { */ public boolean isAuthorized(SecureServicePermission inPermission) throws NotAuthorizedException { boolean authorized = false; - logger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); + + Date startTime = new Date(); + LoggingUtils.setTargetContext("CLDS", "isAuthorized"); + LoggingUtils.setTimeContext(startTime, new Date()); + + securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); + // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. if (securityContext.isUserInRole(inPermission.getKey())) { - logger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); + securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); authorized = true; // the rest of these don't seem to be required - isUserInRole method // appears to take * as a wildcard } else if (securityContext.isUserInRole(inPermission.getKeyAllInstance())) { - logger.info("{} authorized because user has permission with * for instance: {}", getPrincipalName(), - inPermission.getKey()); + securityLogger.info("{} authorized because user has permission with * for instance: {}", getPrincipalName(), inPermission.getKey()); authorized = true; } else if (securityContext.isUserInRole(inPermission.getKeyAllInstanceAction())) { - logger.info("{} authorized because user has permission with * for instance and * for action: {}", - getPrincipalName(), inPermission.getKey()); + securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", getPrincipalName(), inPermission.getKey()); authorized = true; } else if (securityContext.isUserInRole(inPermission.getKeyAllAction())) { - logger.info("{} authorized because user has permission with * for action: {}", getPrincipalName(), - inPermission.getKey()); + securityLogger.info("{} authorized because user has permission with * for action: {}", getPrincipalName(), inPermission.getKey()); authorized = true; } else { String msg = getPrincipalName() + " does not have permission: " + inPermission; LoggingUtils.setErrorContext("100", "Authorization Error"); - logger.warn(msg); + securityLogger.warn(msg); throw new NotAuthorizedException(msg); } return authorized; @@ -144,29 +152,32 @@ public abstract class SecureServiceBase { */ public boolean isAuthorizedNoException(SecureServicePermission inPermission) { boolean authorized = false; - logger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); + + securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); + Date startTime = new Date(); + LoggingUtils.setTargetContext("CLDS", "isAuthorizedNoException"); + LoggingUtils.setTimeContext(startTime, new Date()); + // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. if (securityContext.isUserInRole(inPermission.getKey())) { - logger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); + securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); authorized = true; // the rest of these don't seem to be required - isUserInRole method // appears to take * as a wildcard } else if (securityContext.isUserInRole(inPermission.getKeyAllInstance())) { - logger.info("{} authorized because user has permission with * for instance: {}", getPrincipalName(), - inPermission.getKey()); + securityLogger.info("{} authorized because user has permission with * for instance: {}", getPrincipalName(),inPermission.getKey()); authorized = true; } else if (securityContext.isUserInRole(inPermission.getKeyAllInstanceAction())) { - logger.info("{} authorized because user has permission with * for instance and * for action: {}", - getPrincipalName(), inPermission.getKey()); + securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", getPrincipalName(), inPermission.getKey()); authorized = true; } else if (securityContext.isUserInRole(inPermission.getKeyAllAction())) { - logger.info("{} authorized because user has permission with * for action: {}", getPrincipalName(), - inPermission.getKey()); + securityLogger.info("{} authorized because user has permission with * for action: {}", getPrincipalName(), inPermission.getKey()); authorized = true; } else { String msg = getPrincipalName() + " does not have permission: " + inPermission; LoggingUtils.setErrorContext("100", "Authorization Error"); + securityLogger.warn(msg); logger.warn(msg); } return authorized; diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java new file mode 100644 index 000000000..fd4d1b15c --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java @@ -0,0 +1,116 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.util; + +import java.security.GeneralSecurityException; + +import javax.annotation.PostConstruct; +import javax.crypto.Cipher; +import javax.crypto.spec.SecretKeySpec; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.env.Environment; +import org.springframework.stereotype.Component; + +/** + * CryptoUtils for encrypting/decrypting string based on a Key defined in + * application.properties (Spring config file). + * + */ +@Component("CryptoUtils") +public final class CryptoUtils { + public static final String AES = "AES"; + public static final String KEY_PARAM = "org.onap.clamp.encryption.aes.key"; + @Autowired + private Environment springEnv; + private SecretKeySpec secretKeySpec; + + /** + * Initialize Method + * + */ + @PostConstruct + public void init() { + secretKeySpec = getSecretKeySpec(springEnv.getProperty(KEY_PARAM)); + } + + /** + * Encrypt a value based on the Clamp Encryption Key. + * + * @param value + * @return The encrypted string + * @throws GeneralSecurityException + * In case of issue with the encryption + */ + public String encrypt(String value) throws GeneralSecurityException { + Cipher cipher = Cipher.getInstance(CryptoUtils.AES); + cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, cipher.getParameters()); + byte[] encrypted = cipher.doFinal(value.getBytes()); + return byteArrayToHexString(encrypted); + } + + /** + * Decrypt a value. + * + * @param message + * The encrypted string that must be decrypted using the Clamp + * Encryption Key + * @return The String decrypted + * @throws GeneralSecurityException + * In case of issue with the encryption + */ + public String decrypt(String message) throws GeneralSecurityException { + Cipher cipher = Cipher.getInstance(CryptoUtils.AES); + cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); + byte[] decrypted = cipher.doFinal(hexStringToByteArray(message)); + return new String(decrypted); + } + + private SecretKeySpec getSecretKeySpec(String keyString) { + byte[] key = hexStringToByteArray(keyString); + return new SecretKeySpec(key, CryptoUtils.AES); + } + + private String byteArrayToHexString(byte[] b) { + StringBuilder sb = new StringBuilder(b.length * 2); + for (int i = 0; i < b.length; i++) { + int v = b[i] & 0xff; + if (v < 16) { + sb.append('0'); + } + sb.append(Integer.toHexString(v)); + } + return sb.toString().toUpperCase(); + } + + private byte[] hexStringToByteArray(String s) { + byte[] b = new byte[s.length() / 2]; + for (int i = 0; i < b.length; i++) { + int index = i * 2; + int v = Integer.parseInt(s.substring(index, index + 2), 16); + b[i] = (byte) v; + } + return b; + } +} diff --git a/src/main/java/org/onap/clamp/clds/workflow/ProcessRequestDelegate.java b/src/main/java/org/onap/clamp/clds/workflow/ProcessRequestDelegate.java index 19bdcaf98..a5d84bb64 100644 --- a/src/main/java/org/onap/clamp/clds/workflow/ProcessRequestDelegate.java +++ b/src/main/java/org/onap/clamp/clds/workflow/ProcessRequestDelegate.java @@ -21,35 +21,21 @@ * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ -/* Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - package org.onap.clamp.clds.workflow; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + import org.camunda.bpm.engine.delegate.DelegateExecution; import org.camunda.bpm.engine.delegate.JavaDelegate; import org.springframework.stereotype.Component; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - @Component public class ProcessRequestDelegate implements JavaDelegate { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ProcessRequestDelegate.class); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ProcessRequestDelegate.class); protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); - // @Override @Override public void execute(DelegateExecution execution) throws Exception { logger.info("Processing request by '" + execution.getVariable("customerId") + "'..."); -- cgit 1.2.3-korg