aboutsummaryrefslogtreecommitdiffstats
path: root/ONAP-PDP-REST
diff options
context:
space:
mode:
authorpa834y <pa834y@att.com>2019-03-26 14:29:38 -0400
committerpa834y <pa834y@att.com>2019-03-31 19:59:20 -0400
commitc1b69dfb1297365d35f2ada8690f13f787d38b4f (patch)
treef7c9780ad4cd84bb24f5d527feac83cb81f50319 /ONAP-PDP-REST
parentc683a67fbf4a50e68bf8736517865b43db75ed4b (diff)
Enhancement to use the common CryptoUtils
Change-Id: I06718526382b424eab991f39a7dac1b5cf4f1b74 Issue-ID: POLICY-1422 Signed-off-by: pa834y <pa834y@att.com>
Diffstat (limited to 'ONAP-PDP-REST')
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java13
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java81
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java49
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java94
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java211
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java22
-rw-r--r--ONAP-PDP-REST/xacml.pdp.properties3
7 files changed, 240 insertions, 233 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java
index 5462dd908..0fab3db61 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
package org.onap.policy.pdp.rest;
+import com.att.research.xacml.util.XACMLProperties;
import java.net.URI;
import java.text.DateFormat;
import java.text.ParseException;
@@ -28,13 +29,10 @@ import java.util.Date;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Properties;
-
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.rest.XACMLRestProperties;
-import org.onap.policy.utils.CryptoUtils;
-
-import com.att.research.xacml.util.XACMLProperties;
+import org.onap.policy.utils.PeCryptoUtils;
public class PapUrlResolver {
private static final Logger LOGGER = FlexLogger.getLogger(PapUrlResolver.class);
@@ -119,10 +117,11 @@ public class PapUrlResolver {
String userId = null;
String pass = null;
userId = XACMLProperties.getProperty(urls[i] + "." + XACMLRestProperties.PROP_PAP_USERID);
- pass = XACMLProperties.getProperty(urls[i] + "." + CryptoUtils.decryptTxtNoExStr(XACMLRestProperties.PROP_PAP_PASS));
+ pass = XACMLProperties.getProperty(urls[i] + "."
+ + PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)));
if (userId == null || pass == null) {
userId = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
- pass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
+ pass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
}
if (userId == null || pass == null) {
userId = "";
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java
index c227d9d2a..c86e21c09 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,6 +20,17 @@
package org.onap.policy.pdp.rest;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.pap.PDPStatus.Status;
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPException;
+import com.att.research.xacml.std.dom.DOMRequest;
+import com.att.research.xacml.std.dom.DOMResponse;
+import com.att.research.xacml.std.json.JSONRequest;
+import com.att.research.xacml.std.json.JSONResponse;
+import com.att.research.xacml.util.XACMLProperties;
+import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -60,40 +71,30 @@ import org.onap.policy.common.logging.eelf.PolicyLogger;
import org.onap.policy.pdp.rest.jmx.PdpRestMonitor;
import org.onap.policy.rest.XACMLRest;
import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.pdp.std.functions.PolicyList;
import org.onap.policy.xacml.std.pap.StdPDPStatus;
-import com.att.research.xacml.api.Request;
-import com.att.research.xacml.api.Response;
-import com.att.research.xacml.api.pap.PDPStatus.Status;
-import com.att.research.xacml.api.pdp.PDPEngine;
-import com.att.research.xacml.api.pdp.PDPException;
-import com.att.research.xacml.std.dom.DOMRequest;
-import com.att.research.xacml.std.dom.DOMResponse;
-import com.att.research.xacml.std.json.JSONRequest;
-import com.att.research.xacml.std.json.JSONResponse;
-import com.att.research.xacml.util.XACMLProperties;
-import com.fasterxml.jackson.databind.ObjectMapper;
/**
* Servlet implementation class XacmlPdpServlet
- *
+ *
* This is an implementation of the XACML 3.0 RESTful Interface with added features to support simple PAP RESTful API
* for policy publishing and PIP configuration changes.
- *
+ *
* If you are running this the first time, then we recommend you look at the xacml.pdp.properties file. This properties
* file has all the default parameter settings. If you are running the servlet as is, then we recommend setting up
* you're container to run it on port 8080 with context "/pdp". Wherever the default working directory is set to, a
* "config" directory will be created that holds the policy and pip cache. This setting is located in the
* xacml.pdp.properties file.
- *
+ *
* When you are ready to customize, you can create a separate xacml.pdp.properties on you're local file system and setup
* the parameters as you wish. Just set the Java VM System variable to point to that file:
- *
+ *
* -Dxacml.properties=/opt/app/xacml/etc/xacml.pdp.properties
- *
+ *
* Or if you only want to change one or two properties, simply set the Java VM System variable for that property.
- *
+ *
* -Dxacml.rest.pdp.register=false
*
*
@@ -268,9 +269,13 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable {
properties.getProperty("createUpdatePolicy.impl.className", CREATE_UPDATE_POLICY_SERVICE);
setCreateUpdatePolicyConstructor(createUpdateResourceName);
+ PeCryptoUtils.initAesKey(properties.getProperty(XACMLRestProperties.PROP_AES_KEY));
+
// Create an IntegrityMonitor
try {
logger.info("Creating IntegrityMonitor");
+ properties.setProperty("javax.persistence.jdbc.password",
+ PeCryptoUtils.decrypt(properties.getProperty("javax.persistence.jdbc.password", "")));
im = IntegrityMonitor.getInstance(pdpResourceName, properties);
} catch (Exception e) {
PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to create IntegrityMonitor" + e);
@@ -380,42 +385,42 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable {
/**
* PUT - The PAP engine sends configuration information using HTTP PUT request.
- *
+ *
* One parameter is expected:
- *
+ *
* config=[policy|pip|all]
- *
+ *
* policy - Expect a properties file that contains updated lists of the root and referenced policies that the PDP
* should be using for PEP requests.
- *
+ *
* Specifically should AT LEAST contain the following properties: xacml.rootPolicies xacml.referencedPolicies
- *
+ *
* In addition, any relevant information needed by the PDP to load or retrieve the policies to store in its cache.
*
* EXAMPLE: xacml.rootPolicies=PolicyA.1, PolicyB.1
*
* PolicyA.1.url=http://localhost:9090/PAP?id=b2d7b86d-d8f1-4adf-ba9d-b68b2a90bee1&version=1
* PolicyB.1.url=http://localhost:9090/PAP/id=be962404-27f6-41d8-9521-5acb7f0238be&version=1
- *
+ *
* xacml.referencedPolicies=RefPolicyC.1, RefPolicyD.1
*
* RefPolicyC.1.url=http://localhost:9090/PAP?id=foobar&version=1
* RefPolicyD.1.url=http://localhost:9090/PAP/id=example&version=1
- *
+ *
* pip - Expect a properties file that contain PIP engine configuration properties.
- *
+ *
* Specifically should AT LEAST the following property: xacml.pip.engines
- *
+ *
* In addition, any relevant information needed by the PDP to load and configure the PIPs.
- *
+ *
* EXAMPLE: xacml.pip.engines=foo,bar
- *
+ *
* foo.classname=com.foo foo.sample=abc foo.example=xyz ......
- *
+ *
* bar.classname=com.bar ......
- *
+ *
* all - Expect ALL new configuration properties for the PDP
- *
+ *
* @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response)
*/
@Override
@@ -625,13 +630,13 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable {
/**
* Parameters: type=hb|config|Status
- *
+ *
* 1. HeartBeat Status HeartBeat OK - All Policies are Loaded, All PIPs are Loaded LOADING_IN_PROGRESS - Currently
* loading a new policy set/pip configuration LAST_UPDATE_FAILED - Need to track the items that failed during last
* update LOAD_FAILURE - ??? Need to determine what information is sent and how 2. Configuration 3. Status return
* the StdPDPStatus object in the Response content
- *
- *
+ *
+ *
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
@@ -812,8 +817,8 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable {
/**
* POST - We expect XACML requests to be posted by PEP applications. They can be in the form of XML or JSON
* according to the XACML 3.0 Specifications for both.
- *
- *
+ *
+ *
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
index 425bcebf9..7704a96a6 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,8 +17,11 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.policy.pdp.rest.api.services;
+import com.att.research.xacml.util.XACMLProperties;
+import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -33,20 +36,16 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
-
import org.apache.commons.io.IOUtils;
import org.onap.policy.api.PolicyException;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.pdp.rest.config.PDPApiAuth;
import org.onap.policy.rest.XACMLRestProperties;
-import org.onap.policy.utils.CryptoUtils;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.std.pap.StdPDPPolicy;
-import com.att.research.xacml.util.XACMLProperties;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
public class PAPServices {
private static final String SUCCESS = "success";
private static Logger LOGGER = FlexLogger.getLogger(PAPServices.class.getName());
@@ -79,10 +78,9 @@ public class PAPServices {
private String getPAPEncoding() {
if (encoding == null) {
- final String userID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
- final String pass =
- CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
- final Base64.Encoder encoder = Base64.getEncoder();
+ String userID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
+ String pass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
+ Base64.Encoder encoder = Base64.getEncoder();
encoding = encoder.encodeToString((userID + ":" + pass).getBytes(StandardCharsets.UTF_8));
}
return encoding;
@@ -131,7 +129,7 @@ public class PAPServices {
String fullURL = getPAP();
fullURL = checkParameter(parameters, fullURL);
final URL url = new URL(fullURL);
- LOGGER.debug("--- Sending Request to PAP : " + url.toString() + " ---");
+ LOGGER.info("--- Sending Request to PAP : " + url.toString() + " ---" + " RequestId:" + requestID);
// Open the connection
connection = (HttpURLConnection) url.openConnection();
// Setting Content-Type
@@ -149,9 +147,9 @@ public class PAPServices {
// Adding RequestID
if (requestID == null) {
requestID = UUID.randomUUID();
- LOGGER.info("No request ID provided, sending generated ID: " + requestID.toString());
+ LOGGER.debug("No request ID provided, sending generated ID: " + requestID.toString());
} else {
- LOGGER.info("Using provided request ID: " + requestID.toString());
+ LOGGER.debug("Using provided request ID: " + requestID.toString());
}
connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString());
if (content != null && (content instanceof InputStream)) {
@@ -168,6 +166,9 @@ public class PAPServices {
if (!isJunit) {
mapper.writeValue(connection.getOutputStream(), content);
}
+ } else {
+ LOGGER.info(XACMLErrorConstants.ERROR_DATA_ISSUE + "content is null for calling: " + url.getHost()
+ + requestID.toString());
}
// DO the connect
connection.connect();
@@ -215,10 +216,12 @@ public class PAPServices {
}
} else {
response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + "connection is null";
+ LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "connection is null - RequestId: " + requestID);
}
return response;
} else {
response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Unable to get valid response from PAP(s) " + paps;
+ LOGGER.error("For RequestId: " + requestID + ", " + response);
return response;
}
}
@@ -228,7 +231,7 @@ public class PAPServices {
String version = null;
HttpURLConnection connection = null;
final String[] parameters = {"apiflag=version", "policyScope=" + policyScope, "filePrefix=" + filePrefix,
- "policyName=" + policyName};
+ "policyName=" + policyName};
if (paps == null || paps.isEmpty()) {
LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty.");
} else {
@@ -311,7 +314,8 @@ public class PAPServices {
version = "pe300";
} else {
LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE
- + "BAD REQUEST: Error occured while getting the version from the PAP. The request may be incorrect. The response code of the URL is '"
+ + "BAD REQUEST: Error occured while getting the version from the PAP. "
+ + "The request may be incorrect. The response code of the URL is '"
+ connection.getResponseCode() + "'");
}
} catch (final IOException e) {
@@ -436,14 +440,16 @@ public class PAPServices {
+ "Please create a new Dictionary Item or use the update API to modify the existing one.";
} else if ("duplicateGroup".equals(connection.getHeaderField("error"))) {
response = XACMLErrorConstants.ERROR_DATA_ISSUE
- + "Group Policy Scope List Exist Error: The Group Policy Scope List for this Dictionary Item already exist in the database. "
+ + "Group Policy Scope List Exist Error: "
+ + "The Group Policy Scope List for this Dictionary Item already exist in the database. "
+ "Duplicate Group Policy Scope Lists for multiple groupNames is not allowed. "
- + "Please review the request and verify that the groupPolicyScopeListData1 is unique compared to existing groups.";
+ + "Please review the request and "
+ + "verify that the groupPolicyScopeListData1 is unique compared to existing groups.";
} else if ("PolicyInPDP".equals(connection.getHeaderField("error"))) {
response = XACMLErrorConstants.ERROR_DATA_ISSUE
+ "Policy Exist Error: The Policy trying to be deleted is active in PDP. "
+ "Active PDP Polcies are not allowed to be deleted from PAP. "
- + "Please First remove the policy from PDP in order to successfully delete the Policy from PAP.";
+ + "Please First remove the policy from PDP in order to successfully delete the Policy from PAP";
}
LOGGER.error(response);
} else if (connection.getResponseCode() == 500 && connection.getHeaderField("error") != null) {
@@ -457,7 +463,8 @@ public class PAPServices {
response = connection.getHeaderField("message");
} else if ("unknown".equals(connection.getHeaderField("error"))) {
response = XACMLErrorConstants.ERROR_UNKNOWN
- + "Failed to delete the policy for an unknown reason. Check the file system and other logs for further information.";
+ + "Failed to delete the policy for an unknown reason. "
+ + "Check the file system and other logs for further information.";
} else if ("deleteConfig".equals(connection.getHeaderField("error"))) {
response = XACMLErrorConstants.ERROR_DATA_ISSUE
+ "Cannot delete the configuration or action body file in specified location.";
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
index 246f5a26d..163298186 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,8 +17,10 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.policy.pdp.rest.config;
+import com.att.research.xacml.util.XACMLProperties;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -33,7 +35,6 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
-
import org.onap.policy.api.PolicyEngineException;
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
@@ -41,21 +42,20 @@ import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.utils.AAFPolicyClient;
import org.onap.policy.utils.AAFPolicyException;
+import org.onap.policy.utils.PeCryptoUtils;
import org.onap.policy.utils.PolicyUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
-import com.att.research.xacml.util.XACMLProperties;
-
public class PDPApiAuth {
private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class);
private static String environment = null;
private static Path clientPath = null;
- private static Map<String,ArrayList<String>> clientMap = null;
+ private static Map<String, ArrayList<String>> clientMap = null;
private static Long oldModified = null;
private static AAFPolicyClient aafClient = null;
- private PDPApiAuth(){
+ private PDPApiAuth() {
// Private Constructor
}
@@ -65,7 +65,7 @@ public class PDPApiAuth {
public static void setProperty() {
environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE);
- if(clientFile!=null){
+ if (clientFile != null) {
clientPath = Paths.get(clientFile);
}
try {
@@ -76,84 +76,84 @@ public class PDPApiAuth {
}
/*
- * Return Environment value of the PDP servlet.
+ * Return Environment value of the PDP servlet.
*/
public static String getEnvironment() {
- if(environment==null){
+ if (environment == null) {
setProperty();
}
return environment;
}
/*
- * Security check for authentication and authorizations.
+ * Security check for authentication and authorizations.
*/
- public static boolean checkPermissions(String clientEncoding, String requestID,
- String resource) {
- try{
+ public static boolean checkPermissions(String clientEncoding, String requestID, String resource) {
+ try {
String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
- if(userNamePass==null || userNamePass.length==0){
+ if (userNamePass == null || userNamePass.length == 0) {
String usernameAndPassword = null;
byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding);
usernameAndPassword = new String(decodedBytes, "UTF-8");
StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
String username = tokenizer.nextToken();
String password = tokenizer.nextToken();
- userNamePass= new String[]{username, password};
+ userNamePass = new String[] {username, password};
}
LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API.");
Boolean result = false;
- // Check Backward Compatibility.
- try{
+ // Check Backward Compatibility.
+ try {
/*
- * If AAF is NOT enabled in the properties we will allow the user to
- * continue to use the client.properties file to authenticate.
- * Note: Disabling AAF is for testing purposes and not intended for production.
+ * If AAF is NOT enabled in the properties we will allow the user to continue to use the
+ * client.properties file to authenticate. Note: Disabling AAF is for testing purposes and not intended
+ * for production.
*/
if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) {
result = clientAuth(userNamePass);
}
- }catch(Exception e){
+ } catch (Exception e) {
LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
}
- if(!result){
+ if (!result) {
String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace");
String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission");
String type = null;
- if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){
+ if (!userNamePass[0].contains("@") && aafPolicyNameSpace != null) {
userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace);
- }else{
+ } else {
LOGGER.info("No AAF NameSpace specified in properties");
}
- if(aafResource != null){
+ if (aafResource != null) {
type = aafResource + "." + resource;
- }else{
+ } else {
LOGGER.warn("No AAF Resource specified in properties");
return false;
}
- LOGGER.info("Contacting AAF in : " + environment);
+ LOGGER.info("Contacting AAF in : " + environment);
result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*");
}
return result;
- }catch(Exception e){
+ } catch (Exception e) {
LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
return false;
}
}
- private static Boolean clientAuth(String[] userNamePass){
- if(clientPath==null){
+ private static Boolean clientAuth(String[] userNamePass) {
+ if (clientPath == null) {
setProperty();
}
if (!clientPath.toFile().exists()) {
return false;
- }else if(clientPath.toString().endsWith(".properties")) {
+ } else if (clientPath.toString().endsWith(".properties")) {
try {
readProps(clientPath);
- if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) {
+ if (clientMap.containsKey(userNamePass[0])
+ && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) {
return true;
}
- }catch(PolicyEngineException e){
+ } catch (PolicyEngineException e) {
LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
return false;
}
@@ -163,12 +163,12 @@ public class PDPApiAuth {
private static String reverseNamespace(String namespace) {
final List<String> components = Arrays.asList(namespace.split("\\."));
- Collections.reverse(components);
+ Collections.reverse(components);
return String.join(".", components);
}
- private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{
- if(oldModified!=null){
+ private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException {
+ if (oldModified != null) {
Long newModified = clientPath.toFile().lastModified();
if (newModified == oldModified) {
return clientMap;
@@ -180,27 +180,31 @@ public class PDPApiAuth {
in = new FileInputStream(clientPath.toFile());
clientProp.load(in);
} catch (IOException e) {
- LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e);
- throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e);
+ LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR, e);
+ throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Cannot Load the Properties file",
+ e);
}
// Read the Properties and Load the Clients and their scopes.
clientMap = new HashMap<>();
- //
+ //
for (Object propKey : clientProp.keySet()) {
- String clientID = (String)propKey;
+ String clientID = (String) propKey;
String clientValue = clientProp.getProperty(clientID);
if (clientValue != null && clientValue.contains(",")) {
ArrayList<String> clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*")));
- if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){
+ if (clientValues.get(0) != null || clientValues.get(1) != null || clientValues.get(0).isEmpty()
+ || clientValues.get(1).isEmpty()) {
+ clientValues.set(0, PeCryptoUtils.decrypt(clientValues.get(0)));
clientMap.put(clientID, clientValues);
}
}
}
if (clientMap.isEmpty()) {
- LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
+ LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS
+ + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
throw new PolicyEngineException("Empty Client file");
}
oldModified = clientPath.toFile().lastModified();
return clientMap;
}
-} \ No newline at end of file
+}
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java
index b563c6cce..9c3213bef 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,23 +17,21 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.policy.pdp.rest.config;
import java.io.FileInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
-
import javax.annotation.PostConstruct;
import javax.servlet.MultipartConfigElement;
import javax.sql.DataSource;
-
import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
import org.hibernate.SessionFactory;
import org.onap.policy.common.logging.eelf.PolicyLogger;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
-import org.onap.policy.pdp.rest.api.controller.PolicyEngineServices;
+import org.onap.policy.utils.PeCryptoUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
@@ -43,7 +41,6 @@ import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
-
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
@@ -55,124 +52,118 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2;
@Configuration
@EnableWebMvc
@EnableSwagger2
-@ComponentScan(basePackages = { "org.onap.*", "com.*" })
-public class PDPRestConfig extends WebMvcConfigurerAdapter{
-
- private static final Logger LOGGER = FlexLogger.getLogger(PDPRestConfig.class);
-
- private static String dbDriver = null;
- private static String dbUrl = null;
- private static String dbUserName = null;
- private static String dbPassword = null;
-
- @PostConstruct
- public void init(){
- Properties prop = new Properties();
- try (InputStream input = new FileInputStream("xacml.pdp.properties")){
- // load a properties file
- prop.load(input);
- setDbDriver(prop.getProperty("javax.persistence.jdbc.driver"));
- setDbUrl(prop.getProperty("javax.persistence.jdbc.url"));
- setDbUserName(prop.getProperty("javax.persistence.jdbc.user"));
- setDbPassword(prop.getProperty("javax.persistence.jdbc.password"));
- }catch(Exception e){
- LOGGER.error("Exception Occured while loading properties file"+e);
- }
- }
-
- @Override
+@ComponentScan(basePackages = {"org.onap.*", "com.*"})
+public class PDPRestConfig extends WebMvcConfigurerAdapter {
+
+ private static final Logger LOGGER = FlexLogger.getLogger(PDPRestConfig.class);
+
+ private static String dbDriver = null;
+ private static String dbUrl = null;
+ private static String dbUserName = null;
+ private static String dbPassword = null;
+
+ @PostConstruct
+ public void init() {
+ Properties prop = new Properties();
+ try (InputStream input = new FileInputStream("xacml.pdp.properties")) {
+ // load a properties file
+ prop.load(input);
+ setDbDriver(prop.getProperty("javax.persistence.jdbc.driver"));
+ setDbUrl(prop.getProperty("javax.persistence.jdbc.url"));
+ setDbUserName(prop.getProperty("javax.persistence.jdbc.user"));
+ PeCryptoUtils.initAesKey(prop.getProperty("org.onap.policy.encryption.aes.key"));
+ setDbPassword(PeCryptoUtils.decrypt(prop.getProperty("javax.persistence.jdbc.password")));
+ } catch (Exception e) {
+ LOGGER.error("Exception Occured while loading properties file" + e);
+ }
+ }
+
+ @Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
}
-
- private ApiInfo apiInfo(){
- return new ApiInfoBuilder()
- .title("Policy Engine REST API")
- .description("This API helps to make queries against Policy Engine")
- .version("3.0")
- .build();
+
+ private ApiInfo apiInfo() {
+ return new ApiInfoBuilder().title("Policy Engine REST API")
+ .description("This API helps to make queries against Policy Engine").version("3.0").build();
}
-
+
@Bean
- public Docket policyAPI(){
+ public Docket policyAPI() {
PolicyLogger.info("Setting up Swagger... ");
- return new Docket(DocumentationType.SWAGGER_2)
- .select()
- .apis(RequestHandlerSelectors.basePackage("org.onap.policy.pdp.rest.api"))
- .paths(PathSelectors.any())
- .build()
- .apiInfo(apiInfo());
- }
-
- @Bean(name = "dataSource")
- public DataSource getDataSource() {
- BasicDataSource dataSource = new BasicDataSource();
- dataSource.setDriverClassName(PDPRestConfig.getDbDriver());
- dataSource.setUrl(PDPRestConfig.getDbUrl());
- dataSource.setUsername(PDPRestConfig.getDbUserName());
- dataSource.setPassword(PDPRestConfig.getDbPassword());
- return dataSource;
- }
-
- @Autowired
- @Bean(name = "sessionFactory")
- public SessionFactory getSessionFactory(DataSource dataSource) {
- LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
- sessionBuilder.scanPackages("org.onap.*", "com.*");
- sessionBuilder.addProperties(getHibernateProperties());
- return sessionBuilder.buildSessionFactory();
- }
-
- private Properties getHibernateProperties() {
- Properties properties = new Properties();
- properties.put("hibernate.show_sql", "true");
- properties.put("hibernate.dialect", "org.hibernate.dialect.MySQLDialect");
- return properties;
- }
-
- @Autowired
- @Bean(name = "transactionManager")
- public HibernateTransactionManager getTransactionManager(SessionFactory sessionFactory) {
- return new HibernateTransactionManager(sessionFactory);
- }
-
+ return new Docket(DocumentationType.SWAGGER_2).select()
+ .apis(RequestHandlerSelectors.basePackage("org.onap.policy.pdp.rest.api")).paths(PathSelectors.any())
+ .build().apiInfo(apiInfo());
+ }
+
+ @Bean(name = "dataSource")
+ public DataSource getDataSource() {
+ BasicDataSource dataSource = new BasicDataSource();
+ dataSource.setDriverClassName(PDPRestConfig.getDbDriver());
+ dataSource.setUrl(PDPRestConfig.getDbUrl());
+ dataSource.setUsername(PDPRestConfig.getDbUserName());
+ dataSource.setPassword(PDPRestConfig.getDbPassword());
+ return dataSource;
+ }
+
+ @Autowired
+ @Bean(name = "sessionFactory")
+ public SessionFactory getSessionFactory(DataSource dataSource) {
+ LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
+ sessionBuilder.scanPackages("org.onap.*", "com.*");
+ sessionBuilder.addProperties(getHibernateProperties());
+ return sessionBuilder.buildSessionFactory();
+ }
+
+ private Properties getHibernateProperties() {
+ Properties properties = new Properties();
+ properties.put("hibernate.show_sql", "true");
+ properties.put("hibernate.dialect", "org.hibernate.dialect.MySQLDialect");
+ return properties;
+ }
+
+ @Autowired
+ @Bean(name = "transactionManager")
+ public HibernateTransactionManager getTransactionManager(SessionFactory sessionFactory) {
+ return new HibernateTransactionManager(sessionFactory);
+ }
+
@Bean
- public MultipartConfigElement multipartConfigElement(){
+ public MultipartConfigElement multipartConfigElement() {
String location = System.getProperty("java.io.tmpdir");
- MultipartConfigElement mp = new MultipartConfigElement(location);
- return mp;
+ return new MultipartConfigElement(location);
}
- public static String getDbDriver() {
- return dbDriver;
- }
+ public static String getDbDriver() {
+ return dbDriver;
+ }
- public static void setDbDriver(String dbDriver) {
- PDPRestConfig.dbDriver = dbDriver;
- }
+ public static void setDbDriver(String dbDriver) {
+ PDPRestConfig.dbDriver = dbDriver;
+ }
- public static String getDbUrl() {
- return dbUrl;
- }
+ public static String getDbUrl() {
+ return dbUrl;
+ }
- public static void setDbUrl(String dbUrl) {
- PDPRestConfig.dbUrl = dbUrl;
- }
+ public static void setDbUrl(String dbUrl) {
+ PDPRestConfig.dbUrl = dbUrl;
+ }
- public static String getDbUserName() {
- return dbUserName;
- }
+ public static String getDbUserName() {
+ return dbUserName;
+ }
- public static void setDbUserName(String dbUserName) {
- PDPRestConfig.dbUserName = dbUserName;
- }
+ public static void setDbUserName(String dbUserName) {
+ PDPRestConfig.dbUserName = dbUserName;
+ }
- public static String getDbPassword() {
- return dbPassword;
- }
+ public static String getDbPassword() {
+ return dbPassword;
+ }
- public static void setDbPassword(String dbPassword) {
- PDPRestConfig.dbPassword = dbPassword;
- }
+ public static void setDbPassword(String dbPassword) {
+ PDPRestConfig.dbPassword = dbPassword;
+ }
}
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java
index 0d066c59c..b1b092431 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,25 +20,23 @@
package org.onap.policy.pdp.rest.restAuth;
+import com.att.research.xacml.util.XACMLProperties;
import java.util.Base64;
import java.util.StringTokenizer;
-
-import org.onap.policy.rest.XACMLRestProperties;
-
-import com.att.research.xacml.util.XACMLProperties;
-
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.common.logging.eelf.PolicyLogger;
+import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.utils.PeCryptoUtils;
public class AuthenticationService {
private String pdpID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_USERID);
- private String pdpPass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_PASS);
-
+ private String pdpPass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_PASS));
+
public boolean authenticate(String authCredentials) {
if (null == authCredentials)
return false;
- // header value format will be "Basic encodedstring" for Basic authentication.
+ // header value format will be "Basic encodedstring" for Basic authentication.
final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
String usernameAndPassword = null;
try {
@@ -58,5 +56,5 @@ public class AuthenticationService {
return false;
}
}
-
+
}
diff --git a/ONAP-PDP-REST/xacml.pdp.properties b/ONAP-PDP-REST/xacml.pdp.properties
index 90e0f5c3c..51feec6f5 100644
--- a/ONAP-PDP-REST/xacml.pdp.properties
+++ b/ONAP-PDP-REST/xacml.pdp.properties
@@ -199,3 +199,6 @@ msToscaModel.home=/home/users/PolicyEngine/webapps/ConfigPAP/
# Decision Response settings.
# can be either PERMIT or DENY.
decision.indeterminate.response=PERMIT
+
+# AES key for password encryption in config files
+#org.onap.policy.encryption.aes.key=12345678901234567890123456789012