summaryrefslogtreecommitdiffstats
path: root/ONAP-PAP-REST
diff options
context:
space:
mode:
authorJorge Hernandez <jorge.hernandez-herrero@att.com>2019-04-03 02:01:34 +0000
committerGerrit Code Review <gerrit@onap.org>2019-04-03 02:01:34 +0000
commitd5f95d08ffd3f2e16b67aadae7007c7a51dfae19 (patch)
treea9388d004af2bf679b66524edbc53571ce06d8e1 /ONAP-PAP-REST
parent338796c4d56d2e95aa2903d80589b3b35b5a3dd2 (diff)
parentc1b69dfb1297365d35f2ada8690f13f787d38b4f (diff)
Merge "Enhancement to use the common CryptoUtils"
Diffstat (limited to 'ONAP-PAP-REST')
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java18
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java30
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java16
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java4
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java13
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java59
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java50
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java13
-rw-r--r--ONAP-PAP-REST/xacml.pap.properties8
9 files changed, 111 insertions, 100 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java
index 614ba85df..9ccccff05 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java
@@ -2,15 +2,15 @@
* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* Modified Copyright (C) 2018 Samsung Electronics Co., Ltd.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,21 +18,20 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.policy.pap.xacml.rest;
import java.io.FileInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
-
import javax.annotation.PostConstruct;
import javax.sql.DataSource;
-
import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
import org.hibernate.SessionFactory;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
-import org.onap.policy.utils.CryptoUtils;
+import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.utils.PeCryptoUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
@@ -64,7 +63,8 @@ public class PAPRestConfig extends WebMvcConfigurerAdapter {
setDbDriver(prop.getProperty("javax.persistence.jdbc.driver"));
setDbUrl(prop.getProperty("javax.persistence.jdbc.url"));
setDbUserName(prop.getProperty("javax.persistence.jdbc.user"));
- setDbPassword( CryptoUtils.decryptTxtNoExStr(prop.getProperty("javax.persistence.jdbc.password", "")));
+ PeCryptoUtils.initAesKey(prop.getProperty(XACMLRestProperties.PROP_AES_KEY));
+ setDbPassword(PeCryptoUtils.decrypt(prop.getProperty("javax.persistence.jdbc.password")));
}catch(Exception e){
LOGGER.error("Exception Occured while loading properties file"+e);
}
@@ -131,7 +131,7 @@ public class PAPRestConfig extends WebMvcConfigurerAdapter {
}
public static void setDbPassword(String dbPassword) {
- PAPRestConfig.dbPassword = CryptoUtils.decryptTxtNoExStr(dbPassword);
+ PAPRestConfig.dbPassword = dbPassword;
}
}
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java
index bd000381b..22f919e4b 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,8 +17,11 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.policy.pap.xacml.rest;
+import com.att.research.xacml.util.XACMLProperties;
+import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
@@ -30,10 +33,8 @@ import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.json.JSONObject;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
@@ -45,7 +46,7 @@ import org.onap.policy.rest.dao.CommonClassDao;
import org.onap.policy.rest.jpa.ActionBodyEntity;
import org.onap.policy.rest.jpa.ConfigurationDataEntity;
import org.onap.policy.rest.jpa.PolicyDBDaoEntity;
-import org.onap.policy.utils.CryptoUtils;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
@@ -60,12 +61,10 @@ import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
@Controller
public class UpdateOthersPAPS {
- private static final Logger policyLogger = FlexLogger.getLogger(UpdateOthersPAPS.class);
+ private static final Logger policyLogger = FlexLogger.getLogger(UpdateOthersPAPS.class);
private static CommonClassDao commonClassDao;
@@ -82,7 +81,7 @@ public class UpdateOthersPAPS {
}
@Autowired
- private UpdateOthersPAPS(CommonClassDao commonClassDao){
+ private UpdateOthersPAPS(CommonClassDao commonClassDao) {
UpdateOthersPAPS.commonClassDao = commonClassDao;
}
@@ -110,14 +109,15 @@ public class UpdateOthersPAPS {
String password = papId.getPassword();
Base64.Encoder encoder = Base64.getEncoder();
String txt;
- try{
- txt = new String(CryptoUtils.decryptTxt(password), StandardCharsets.UTF_8);
- } catch(Exception e){
+ try {
+ PeCryptoUtils.initAesKey(XACMLProperties.getProperty(XACMLRestProperties.PROP_AES_KEY));
+ txt = PeCryptoUtils.decrypt(password);
+ } catch (Exception e) {
policyLogger.debug(e);
//if we can't decrypt, might as well try it anyway
txt = password;
}
- String encoding = encoder.encodeToString((userName+":"+txt).getBytes(StandardCharsets.UTF_8));
+ String encoding = encoder.encodeToString((userName + ":" + txt).getBytes(StandardCharsets.UTF_8));
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Basic " + encoding);
headers.set("Content-Type", contentType);
@@ -237,4 +237,4 @@ public class UpdateOthersPAPS {
policyLogger.error("Exception Occured While closing the File input stream"+e);
}
}
-} \ No newline at end of file
+}
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
index 889905eb6..f2e038721 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
@@ -75,7 +75,7 @@ import org.onap.policy.pap.xacml.restAuth.CheckPDP;
import org.onap.policy.rest.XACMLRest;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.rest.dao.PolicyDBException;
-import org.onap.policy.utils.CryptoUtils;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.utils.PolicyUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
@@ -89,7 +89,7 @@ import org.onap.policy.xacml.std.pap.StdPDPPolicy;
import org.onap.policy.xacml.std.pap.StdPDPStatus;
/**
- * Servlet implementation class XacmlPapServlet
+ * Servlet implementation class XacmlPapServlet.
*/
@WebServlet(description = "Implements the XACML PAP RESTful API.", urlPatterns = {"/"},
loadOnStartup = 1,
@@ -264,14 +264,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
}
// Create an IntegrityMonitor
if (properties.getProperty(PERSISTENCE_JDBC_PWD) != null) {
- properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils
- .decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
+ properties.setProperty(PERSISTENCE_JDBC_PWD,
+ PeCryptoUtils.decrypt(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
}
im = IntegrityMonitor.getInstance(papResourceName, properties);
// Create an IntegrityAudit
ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
ia.startAuditThread();
-
// we are about to call the PDPs and give them their configuration.
// To do that we need to have the URL of this PAP so we can
// construct the Policy file URLs
@@ -298,7 +297,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit");
LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString());
- // get the current filesystem group and update from the database if needed
+ // get the current filesystem group and update from the database
+ // if needed
StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup();
StdPDPGroup updatedGroup = policyDbDao.auditLocalFileSystem(group);
if (updatedGroup != null) {
@@ -456,8 +456,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
throw new PAPException("papDbUser is null");
}
setPapDbUser(papDbUser);
- papDbPd = CryptoUtils.decryptTxtNoExStr(
- XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, ""));
+ PeCryptoUtils.initAesKey(XACMLProperties.getProperty(XACMLRestProperties.PROP_AES_KEY));
+ papDbPd = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD));
if (papDbPd == null) {
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "XACMLPapServlet",
" ERROR: Bad papDbPassword property entry");
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java
index cd02c2bfe..2e2a74015 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java
@@ -35,7 +35,7 @@ import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.rest.jpa.PolicyDBDaoEntity;
-import org.onap.policy.utils.CryptoUtils;
+import org.onap.policy.utils.PeCryptoUtils;
public class NotifyOtherPaps {
@@ -108,7 +108,7 @@ public class NotifyOtherPaps {
String username = dbdEntity.getUsername();
String txt;
try {
- txt = new String(CryptoUtils.decryptTxt(dbdEntity.getPassword()), StandardCharsets.UTF_8);
+ txt = PeCryptoUtils.decrypt(dbdEntity.getPassword());
} catch (Exception e) {
LOGGER.debug(e);
// if we can't decrypt, might as well try it anyway
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
index 9f5933850..9a39b6ed1 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
@@ -58,7 +58,7 @@ import org.onap.policy.rest.jpa.GroupEntity;
import org.onap.policy.rest.jpa.PdpEntity;
import org.onap.policy.rest.jpa.PolicyDBDaoEntity;
import org.onap.policy.rest.jpa.PolicyEntity;
-import org.onap.policy.utils.CryptoUtils;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.api.pap.OnapPDP;
import org.onap.policy.xacml.api.pap.OnapPDPGroup;
@@ -280,7 +280,7 @@ public class PolicyDBDao {
}
if (urlUserPass[2] == null || "".equals(urlUserPass[2])) {
String passwordPropertyValue =
- XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS);
+ PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
if (passwordPropertyValue != null) {
urlUserPass[2] = passwordPropertyValue;
}
@@ -343,14 +343,7 @@ public class PolicyDBDao {
}
// encrypt the password
- String txt = null;
- try {
- txt = CryptoUtils.encryptTxt(url[2].getBytes(StandardCharsets.UTF_8));
- } catch (Exception e) {
- logger.debug(e);
- PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, POLICYDBDAO_VAR,
- "Could not encrypt PAP password");
- }
+ String txt = PeCryptoUtils.encrypt(url[2]);
if (foundPolicyDBDaoEntity == null) {
PolicyDBDaoEntity newPolicyDBDaoEntity = new PolicyDBDaoEntity();
newPolicyDBDaoEntity.setPolicyDBDaoUrl(url[0]);
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java
index 79b07e2b9..f04be861b 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP Policy Engine
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,8 +17,17 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.policy.pap.xacml.rest.elk.client;
+import com.google.gson.Gson;
+import io.searchbox.client.JestClientFactory;
+import io.searchbox.client.config.HttpClientConfig;
+import io.searchbox.client.http.JestHttpClient;
+import io.searchbox.core.Bulk;
+import io.searchbox.core.Bulk.Builder;
+import io.searchbox.core.BulkResult;
+import io.searchbox.core.Index;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.InputStream;
@@ -34,21 +43,6 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
-
-import org.onap.policy.common.logging.flexlogger.FlexLogger;
-import org.onap.policy.common.logging.flexlogger.Logger;
-import org.onap.policy.utils.CryptoUtils;
-import org.onap.policy.xacml.util.XACMLPolicyScanner;
-
-import com.google.gson.Gson;
-
-import io.searchbox.client.JestClientFactory;
-import io.searchbox.client.config.HttpClientConfig;
-import io.searchbox.client.http.JestHttpClient;
-import io.searchbox.core.Bulk;
-import io.searchbox.core.Bulk.Builder;
-import io.searchbox.core.BulkResult;
-import io.searchbox.core.Index;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
@@ -56,24 +50,28 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
+import org.onap.policy.common.logging.flexlogger.FlexLogger;
+import org.onap.policy.common.logging.flexlogger.Logger;
+import org.onap.policy.utils.PeCryptoUtils;
+import org.onap.policy.xacml.util.XACMLPolicyScanner;
/**
- * This code will deals with parsing the XACML content on reading from
+ * This code will deals with parsing the XACML content on reading from
* database(PolicyEntity, ConfigurationDataEntity and ActionBodyEntity tables)
* and convert the data into json to do bulk operation on putting to elastic search database.
* Which is used to support Elastic Search in Policy Application GUI to search policies.
- *
- *
- *
+ *
+ *
+ *
* properties should be configured in policyelk.properties
*
*/
public class ElasticSearchPolicyUpdate {
private static final Logger LOGGER = FlexLogger.getLogger(ElasticSearchPolicyUpdate.class);
- protected final static JestClientFactory jestFactory = new JestClientFactory();
+ protected static final JestClientFactory jestFactory = new JestClientFactory();
public static void main(String[] args) {
@@ -86,23 +84,24 @@ public class ElasticSearchPolicyUpdate {
String propertyFile = System.getProperty("PROPERTY_FILE");
Properties config = new Properties();
Path file = Paths.get(propertyFile);
- if(!file.toFile().exists()){
+ if (!file.toFile().exists()) {
LOGGER.error("Config File doesn't Exist in the specified Path " + file.toString());
- }else{
- if(file.toString().endsWith(".properties")){
+ } else {
+ if (file.toString().endsWith(".properties")) {
try {
InputStream in = new FileInputStream(file.toFile());
config.load(in);
elkURL = config.getProperty("policy.elk.url");
databseUrl = config.getProperty("policy.database.url");
userName = config.getProperty("policy.database.username");
- txt = CryptoUtils.decryptTxtNoExStr(config.getProperty("policy.database.password"));
+ txt = PeCryptoUtils.decrypt(config.getProperty("policy.database.password"));
databaseDriver = config.getProperty("policy.database.driver");
- if(elkURL == null || databseUrl == null || userName == null || txt == null || databaseDriver == null){
+ if (elkURL == null || databseUrl == null || userName == null || txt == null
+ || databaseDriver == null) {
LOGGER.error("please check the elk configuration");
}
} catch (Exception e) {
- LOGGER.error("Config File doesn't Exist in the specified Path " + file.toString(),e);
+ LOGGER.error("Config File doesn't Exist in the specified Path " + file.toString(), e);
}
}
}
@@ -379,4 +378,4 @@ public class ElasticSearchPolicyUpdate {
}
}
}
-} \ No newline at end of file
+}
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java
index 0ac6c7009..10cc81549 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,32 +20,48 @@
package org.onap.policy.pap.xacml.restAuth;
+import com.att.research.xacml.util.XACMLProperties;
+import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.StringTokenizer;
-
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.common.logging.eelf.PolicyLogger;
import org.onap.policy.rest.XACMLRestProperties;
-import org.onap.policy.utils.CryptoUtils;
-
-import com.att.research.xacml.util.XACMLProperties;
+import org.onap.policy.utils.PeCryptoUtils;
public class AuthenticationService {
- private String papID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
- private String papPass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
+ private String papId = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
+ private String papPass = null;
+ /**
+ * Authenticate.
+ *
+ * @param authCredentials the auth credentials
+ * @return true, if successful
+ */
public boolean authenticate(String authCredentials) {
- if (null == authCredentials)
+ if (null == authCredentials) {
return false;
+ }
// header value format will be "Basic encodedstring" for Basic authentication.
- final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
+ final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
String usernameAndPassword = null;
+
+ try {
+ String secretKey = XACMLProperties.getProperty(XACMLRestProperties.PROP_AES_KEY);
+ PeCryptoUtils.initAesKey(secretKey);
+ papPass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
+ } catch (Exception e) {
+ PolicyLogger.error(e);
+ }
+
try {
byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
- usernameAndPassword = new String(decodedBytes, "UTF-8");
+ usernameAndPassword = new String(decodedBytes, StandardCharsets.UTF_8);
} catch (Exception e) {
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService", "Exception decoding username and password");
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService",
+ "Exception decoding username and password");
return false;
}
try {
@@ -53,10 +69,10 @@ public class AuthenticationService {
final String username = tokenizer.nextToken();
final String password = tokenizer.nextToken();
- boolean authenticationStatus = papID.equals(username) && papPass.equals(password);
- return authenticationStatus;
- } catch (Exception e){
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService", "Exception authenticating user");
+ return papId.equals(username) && papPass.equals(password);
+ } catch (Exception e) {
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService",
+ "Exception authenticating user");
return false;
}
}
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java
index cddcb2a4c..181dd0910 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PAP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,6 +20,7 @@
package org.onap.policy.pap.xacml.restAuth;
+import com.att.research.xacml.api.pap.PAPException;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -36,16 +37,14 @@ import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
-
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.common.logging.eelf.PolicyLogger;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.pap.xacml.rest.XACMLPapServlet;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
-import com.att.research.xacml.api.pap.PAPException;
-
public class CheckPDP {
private static Path pdpPath = null;
@@ -148,7 +147,7 @@ public class CheckPDP {
if(pdpValues.size()==3){
// 1:2 will be UserID:Password
String userID = pdpValues.get(1);
- String pass = pdpValues.get(2);
+ String pass = PeCryptoUtils.decrypt(pdpValues.get(2));
Base64.Encoder encoder = Base64.getEncoder();
// 0 - PDPURL
pdpMap.put(pdpValues.get(0), encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8)));
diff --git a/ONAP-PAP-REST/xacml.pap.properties b/ONAP-PAP-REST/xacml.pap.properties
index c26e96ff9..6ce51473d 100644
--- a/ONAP-PAP-REST/xacml.pap.properties
+++ b/ONAP-PAP-REST/xacml.pap.properties
@@ -2,7 +2,7 @@
# ============LICENSE_START=======================================================
# ONAP-PAP-REST
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -158,4 +158,8 @@ CLIENT_KEY=
#Micro Service Model Properties
xacml.policy.msOnapName=http://org.onap
-xacml.policy.msPolicyName=http://org.onap.policy \ No newline at end of file
+xacml.policy.msPolicyName=http://org.onap.policy
+
+
+# AES key for password encryption in config files
+#org.onap.policy.encryption.aes.key=12345678901234567890123456789012