From 327ac05ea0e29a8d604f187d78f1a48aa35d8b4a Mon Sep 17 00:00:00 2001 From: jhh Date: Wed, 16 Oct 2019 21:30:26 -0500 Subject: Allow encrypted property values Issue-ID: POLICY-1945 Signed-off-by: jhh Change-Id: I0317a6de838d99b579638252859e42fc49cedfa8 Signed-off-by: jhh --- .../java/org/onap/policy/drools/system/Main.java | 9 ++++++++ .../main/server/config/engine-system.properties | 12 +++++++---- .../src/main/server/config/engine.properties | 25 +++++++++++----------- 3 files changed, 30 insertions(+), 16 deletions(-) (limited to 'policy-management') diff --git a/policy-management/src/main/java/org/onap/policy/drools/system/Main.java b/policy-management/src/main/java/org/onap/policy/drools/system/Main.java index 0e7b44f2..3451587b 100644 --- a/policy-management/src/main/java/org/onap/policy/drools/system/Main.java +++ b/policy-management/src/main/java/org/onap/policy/drools/system/Main.java @@ -21,7 +21,9 @@ package org.onap.policy.drools.system; import java.util.Properties; +import org.apache.commons.lang3.StringUtils; import org.onap.policy.common.endpoints.event.comm.TopicEndpointManager; +import org.onap.policy.common.utils.security.CryptoUtils; import org.onap.policy.drools.persistence.SystemPersistenceConstants; import org.onap.policy.drools.properties.DroolsPropertyConstants; import org.onap.policy.drools.utils.PropertyUtil; @@ -34,6 +36,10 @@ import org.slf4j.LoggerFactory; * Programmatic entry point to the management layer. */ public class Main { + /** + * Symmetric Key to decode sensitive configuration data. + */ + protected static final String SYSTEM_SYMM_KEY = "engine.symm.key"; /** constructor (hides public default one). */ private Main() {} @@ -52,6 +58,9 @@ public class Main { /* system properties */ for (Properties systemProperties : SystemPersistenceConstants.getManager().getSystemProperties()) { + if (!StringUtils.isBlank(systemProperties.getProperty(SYSTEM_SYMM_KEY))) { + PropertyUtil.setDefaultCryptoCoder(new CryptoUtils(systemProperties.getProperty(SYSTEM_SYMM_KEY))); + } PropertyUtil.setSystemProperties(systemProperties); } diff --git a/policy-management/src/main/server/config/engine-system.properties b/policy-management/src/main/server/config/engine-system.properties index c1f21b86..a61df280 100644 --- a/policy-management/src/main/server/config/engine-system.properties +++ b/policy-management/src/main/server/config/engine-system.properties @@ -30,8 +30,12 @@ com.sun.management.jmxremote.ssl=false # certs -javax.net.ssl.trustStore=${env:POLICY_HOME}/etc/ssl/policy-truststore -javax.net.ssl.trustStorePassword=${env:TRUSTSTORE_PASSWD} +javax.net.ssl.trustStore=${envd:POLICY_HOME:/opt/app/policy}/etc/ssl/policy-truststore +javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD} -javax.net.ssl.keyStore=${env:POLICY_HOME}/etc/ssl/policy-keystore -javax.net.ssl.keyStorePassword=${env:KEYSTORE_PASSWD} +javax.net.ssl.keyStore=${envd:POLICY_HOME:/opt/app/policy}/etc/ssl/policy-keystore +javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD} + +# symmetric key for sensitive configuration data + +engine.symm.key=${envd:SYMM_KEY} \ No newline at end of file diff --git a/policy-management/src/main/server/config/engine.properties b/policy-management/src/main/server/config/engine.properties index aa9b6d80..4f114d88 100644 --- a/policy-management/src/main/server/config/engine.properties +++ b/policy-management/src/main/server/config/engine.properties @@ -22,27 +22,28 @@ dmaap.source.topics=PDPD-CONFIGURATION -dmaap.source.topics.PDPD-CONFIGURATION.servers=${env:DMAAP_SERVERS} -dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${env:PDPD_CONFIGURATION_TOPIC} -dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${env:PDPD_CONFIGURATION_API_KEY} -dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${env:PDPD_CONFIGURATION_API_SECRET} -dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${env:PDPD_CONFIGURATION_CONSUMER_GROUP} -dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${env:PDPD_CONFIGURATION_CONSUMER_INSTANCE} +dmaap.source.topics.PDPD-CONFIGURATION.servers=${envd:DMAAP_SERVERS} +dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${envd:PDPD_CONFIGURATION_TOPIC} +dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${envd:PDPD_CONFIGURATION_API_KEY} +dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${envd:PDPD_CONFIGURATION_API_SECRET} +dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${envd:PDPD_CONFIGURATION_CONSUMER_GROUP} +dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${envd:PDPD_CONFIGURATION_CONSUMER_INSTANCE} dmaap.source.topics.PDPD-CONFIGURATION.managed=false dmaap.source.topics.PDPD-CONFIGURATION.https=true http.server.services=SECURED-CONFIG -http.server.services.SECURED-CONFIG.host=${env:TELEMETRY_HOST} +http.server.services.SECURED-CONFIG.host=${envd:TELEMETRY_HOST} http.server.services.SECURED-CONFIG.port=9696 -http.server.services.SECURED-CONFIG.userName=${env:TELEMETRY_USER} -http.server.services.SECURED-CONFIG.password=${env:TELEMETRY_PASSWORD} +http.server.services.SECURED-CONFIG.userName=${envd:TELEMETRY_USER} +http.server.services.SECURED-CONFIG.password=${envd:TELEMETRY_PASSWORD} http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.restful http.server.services.SECURED-CONFIG.managed=false http.server.services.SECURED-CONFIG.swagger=true http.server.services.SECURED-CONFIG.https=true -http.server.services.SECURED-CONFIG.aaf=${env:AAF} +http.server.services.SECURED-CONFIG.aaf=${envd:AAF:false} http.server.services.SECURED-CONFIG.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler -aaf.namespace=${env:AAF_NAMESPACE} -aaf.root.permission=${env:AAF_NAMESPACE}.pdpd +aaf.namespace=${envd:AAF_NAMESPACE:false} +aaf.root.permission=${envd:AAF_NAMESPACE:org.onap.policy}.pdpd + -- cgit 1.2.3-korg