aboutsummaryrefslogtreecommitdiffstats
path: root/policy-management/src
diff options
context:
space:
mode:
authorjhh <jorge.hernandez-herrero@att.com>2019-10-16 21:30:26 -0500
committerJorge Hernandez <jorge.hernandez-herrero@att.com>2019-10-24 14:12:41 +0000
commit327ac05ea0e29a8d604f187d78f1a48aa35d8b4a (patch)
treedd6c149b33afb32c63a274dd57f2da6b0b7b7143 /policy-management/src
parent6e0b450abe7e62fa47ffe14e95a67d035174dbdb (diff)
Allow encrypted property values
Issue-ID: POLICY-1945 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I0317a6de838d99b579638252859e42fc49cedfa8 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'policy-management/src')
-rw-r--r--policy-management/src/main/java/org/onap/policy/drools/system/Main.java9
-rw-r--r--policy-management/src/main/server/config/engine-system.properties12
-rw-r--r--policy-management/src/main/server/config/engine.properties25
3 files changed, 30 insertions, 16 deletions
diff --git a/policy-management/src/main/java/org/onap/policy/drools/system/Main.java b/policy-management/src/main/java/org/onap/policy/drools/system/Main.java
index 0e7b44f2..3451587b 100644
--- a/policy-management/src/main/java/org/onap/policy/drools/system/Main.java
+++ b/policy-management/src/main/java/org/onap/policy/drools/system/Main.java
@@ -21,7 +21,9 @@
package org.onap.policy.drools.system;
import java.util.Properties;
+import org.apache.commons.lang3.StringUtils;
import org.onap.policy.common.endpoints.event.comm.TopicEndpointManager;
+import org.onap.policy.common.utils.security.CryptoUtils;
import org.onap.policy.drools.persistence.SystemPersistenceConstants;
import org.onap.policy.drools.properties.DroolsPropertyConstants;
import org.onap.policy.drools.utils.PropertyUtil;
@@ -34,6 +36,10 @@ import org.slf4j.LoggerFactory;
* Programmatic entry point to the management layer.
*/
public class Main {
+ /**
+ * Symmetric Key to decode sensitive configuration data.
+ */
+ protected static final String SYSTEM_SYMM_KEY = "engine.symm.key";
/** constructor (hides public default one). */
private Main() {}
@@ -52,6 +58,9 @@ public class Main {
/* system properties */
for (Properties systemProperties : SystemPersistenceConstants.getManager().getSystemProperties()) {
+ if (!StringUtils.isBlank(systemProperties.getProperty(SYSTEM_SYMM_KEY))) {
+ PropertyUtil.setDefaultCryptoCoder(new CryptoUtils(systemProperties.getProperty(SYSTEM_SYMM_KEY)));
+ }
PropertyUtil.setSystemProperties(systemProperties);
}
diff --git a/policy-management/src/main/server/config/engine-system.properties b/policy-management/src/main/server/config/engine-system.properties
index c1f21b86..a61df280 100644
--- a/policy-management/src/main/server/config/engine-system.properties
+++ b/policy-management/src/main/server/config/engine-system.properties
@@ -30,8 +30,12 @@ com.sun.management.jmxremote.ssl=false
# certs
-javax.net.ssl.trustStore=${env:POLICY_HOME}/etc/ssl/policy-truststore
-javax.net.ssl.trustStorePassword=${env:TRUSTSTORE_PASSWD}
+javax.net.ssl.trustStore=${envd:POLICY_HOME:/opt/app/policy}/etc/ssl/policy-truststore
+javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD}
-javax.net.ssl.keyStore=${env:POLICY_HOME}/etc/ssl/policy-keystore
-javax.net.ssl.keyStorePassword=${env:KEYSTORE_PASSWD}
+javax.net.ssl.keyStore=${envd:POLICY_HOME:/opt/app/policy}/etc/ssl/policy-keystore
+javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD}
+
+# symmetric key for sensitive configuration data
+
+engine.symm.key=${envd:SYMM_KEY} \ No newline at end of file
diff --git a/policy-management/src/main/server/config/engine.properties b/policy-management/src/main/server/config/engine.properties
index aa9b6d80..4f114d88 100644
--- a/policy-management/src/main/server/config/engine.properties
+++ b/policy-management/src/main/server/config/engine.properties
@@ -22,27 +22,28 @@
dmaap.source.topics=PDPD-CONFIGURATION
-dmaap.source.topics.PDPD-CONFIGURATION.servers=${env:DMAAP_SERVERS}
-dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${env:PDPD_CONFIGURATION_TOPIC}
-dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${env:PDPD_CONFIGURATION_API_KEY}
-dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${env:PDPD_CONFIGURATION_API_SECRET}
-dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${env:PDPD_CONFIGURATION_CONSUMER_GROUP}
-dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${env:PDPD_CONFIGURATION_CONSUMER_INSTANCE}
+dmaap.source.topics.PDPD-CONFIGURATION.servers=${envd:DMAAP_SERVERS}
+dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${envd:PDPD_CONFIGURATION_TOPIC}
+dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${envd:PDPD_CONFIGURATION_API_KEY}
+dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${envd:PDPD_CONFIGURATION_API_SECRET}
+dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${envd:PDPD_CONFIGURATION_CONSUMER_GROUP}
+dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${envd:PDPD_CONFIGURATION_CONSUMER_INSTANCE}
dmaap.source.topics.PDPD-CONFIGURATION.managed=false
dmaap.source.topics.PDPD-CONFIGURATION.https=true
http.server.services=SECURED-CONFIG
-http.server.services.SECURED-CONFIG.host=${env:TELEMETRY_HOST}
+http.server.services.SECURED-CONFIG.host=${envd:TELEMETRY_HOST}
http.server.services.SECURED-CONFIG.port=9696
-http.server.services.SECURED-CONFIG.userName=${env:TELEMETRY_USER}
-http.server.services.SECURED-CONFIG.password=${env:TELEMETRY_PASSWORD}
+http.server.services.SECURED-CONFIG.userName=${envd:TELEMETRY_USER}
+http.server.services.SECURED-CONFIG.password=${envd:TELEMETRY_PASSWORD}
http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.restful
http.server.services.SECURED-CONFIG.managed=false
http.server.services.SECURED-CONFIG.swagger=true
http.server.services.SECURED-CONFIG.https=true
-http.server.services.SECURED-CONFIG.aaf=${env:AAF}
+http.server.services.SECURED-CONFIG.aaf=${envd:AAF:false}
http.server.services.SECURED-CONFIG.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-aaf.namespace=${env:AAF_NAMESPACE}
-aaf.root.permission=${env:AAF_NAMESPACE}.pdpd
+aaf.namespace=${envd:AAF_NAMESPACE:false}
+aaf.root.permission=${envd:AAF_NAMESPACE:org.onap.policy}.pdpd
+