From c1b69dfb1297365d35f2ada8690f13f787d38b4f Mon Sep 17 00:00:00 2001 From: pa834y Date: Tue, 26 Mar 2019 14:29:38 -0400 Subject: Enhancement to use the common CryptoUtils Change-Id: I06718526382b424eab991f39a7dac1b5cf4f1b74 Issue-ID: POLICY-1422 Signed-off-by: pa834y --- .../onap/policy/pap/xacml/rest/PAPRestConfig.java | 18 +++---- .../policy/pap/xacml/rest/UpdateOthersPAPS.java | 30 +++++------ .../policy/pap/xacml/rest/XACMLPapServlet.java | 16 +++--- .../pap/xacml/rest/components/NotifyOtherPaps.java | 4 +- .../pap/xacml/rest/components/PolicyDBDao.java | 13 ++--- .../rest/elk/client/ElasticSearchPolicyUpdate.java | 59 +++++++++++----------- .../pap/xacml/restAuth/AuthenticationService.java | 50 +++++++++++------- .../onap/policy/pap/xacml/restAuth/CheckPDP.java | 13 +++-- 8 files changed, 105 insertions(+), 98 deletions(-) (limited to 'ONAP-PAP-REST/src/main/java/org') diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java index 614ba85df..9ccccff05 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/PAPRestConfig.java @@ -2,15 +2,15 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -18,21 +18,20 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pap.xacml.rest; import java.io.FileInputStream; -import java.io.IOException; import java.io.InputStream; import java.util.Properties; - import javax.annotation.PostConstruct; import javax.sql.DataSource; - import org.apache.tomcat.dbcp.dbcp2.BasicDataSource; import org.hibernate.SessionFactory; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; -import org.onap.policy.utils.CryptoUtils; +import org.onap.policy.rest.XACMLRestProperties; +import org.onap.policy.utils.PeCryptoUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; @@ -64,7 +63,8 @@ public class PAPRestConfig extends WebMvcConfigurerAdapter { setDbDriver(prop.getProperty("javax.persistence.jdbc.driver")); setDbUrl(prop.getProperty("javax.persistence.jdbc.url")); setDbUserName(prop.getProperty("javax.persistence.jdbc.user")); - setDbPassword( CryptoUtils.decryptTxtNoExStr(prop.getProperty("javax.persistence.jdbc.password", ""))); + PeCryptoUtils.initAesKey(prop.getProperty(XACMLRestProperties.PROP_AES_KEY)); + setDbPassword(PeCryptoUtils.decrypt(prop.getProperty("javax.persistence.jdbc.password"))); }catch(Exception e){ LOGGER.error("Exception Occured while loading properties file"+e); } @@ -131,7 +131,7 @@ public class PAPRestConfig extends WebMvcConfigurerAdapter { } public static void setDbPassword(String dbPassword) { - PAPRestConfig.dbPassword = CryptoUtils.decryptTxtNoExStr(dbPassword); + PAPRestConfig.dbPassword = dbPassword; } } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java index bd000381b..22f919e4b 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/UpdateOthersPAPS.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,8 +17,11 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pap.xacml.rest; +import com.att.research.xacml.util.XACMLProperties; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.BufferedWriter; import java.io.File; import java.io.FileWriter; @@ -30,10 +33,8 @@ import java.util.Base64; import java.util.HashMap; import java.util.List; import java.util.Map; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.json.JSONObject; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; @@ -45,7 +46,7 @@ import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.ActionBodyEntity; import org.onap.policy.rest.jpa.ConfigurationDataEntity; import org.onap.policy.rest.jpa.PolicyDBDaoEntity; -import org.onap.policy.utils.CryptoUtils; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpEntity; @@ -60,12 +61,10 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; -import com.fasterxml.jackson.databind.ObjectMapper; - @Controller public class UpdateOthersPAPS { - private static final Logger policyLogger = FlexLogger.getLogger(UpdateOthersPAPS.class); + private static final Logger policyLogger = FlexLogger.getLogger(UpdateOthersPAPS.class); private static CommonClassDao commonClassDao; @@ -82,7 +81,7 @@ public class UpdateOthersPAPS { } @Autowired - private UpdateOthersPAPS(CommonClassDao commonClassDao){ + private UpdateOthersPAPS(CommonClassDao commonClassDao) { UpdateOthersPAPS.commonClassDao = commonClassDao; } @@ -110,14 +109,15 @@ public class UpdateOthersPAPS { String password = papId.getPassword(); Base64.Encoder encoder = Base64.getEncoder(); String txt; - try{ - txt = new String(CryptoUtils.decryptTxt(password), StandardCharsets.UTF_8); - } catch(Exception e){ + try { + PeCryptoUtils.initAesKey(XACMLProperties.getProperty(XACMLRestProperties.PROP_AES_KEY)); + txt = PeCryptoUtils.decrypt(password); + } catch (Exception e) { policyLogger.debug(e); //if we can't decrypt, might as well try it anyway txt = password; } - String encoding = encoder.encodeToString((userName+":"+txt).getBytes(StandardCharsets.UTF_8)); + String encoding = encoder.encodeToString((userName + ":" + txt).getBytes(StandardCharsets.UTF_8)); HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", "Basic " + encoding); headers.set("Content-Type", contentType); @@ -237,4 +237,4 @@ public class UpdateOthersPAPS { policyLogger.error("Exception Occured While closing the File input stream"+e); } } -} \ No newline at end of file +} diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java index 889905eb6..f2e038721 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java @@ -75,7 +75,7 @@ import org.onap.policy.pap.xacml.restAuth.CheckPDP; import org.onap.policy.rest.XACMLRest; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.dao.PolicyDBException; -import org.onap.policy.utils.CryptoUtils; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory; @@ -89,7 +89,7 @@ import org.onap.policy.xacml.std.pap.StdPDPPolicy; import org.onap.policy.xacml.std.pap.StdPDPStatus; /** - * Servlet implementation class XacmlPapServlet + * Servlet implementation class XacmlPapServlet. */ @WebServlet(description = "Implements the XACML PAP RESTful API.", urlPatterns = {"/"}, loadOnStartup = 1, @@ -264,14 +264,13 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } // Create an IntegrityMonitor if (properties.getProperty(PERSISTENCE_JDBC_PWD) != null) { - properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils - .decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, ""))); + properties.setProperty(PERSISTENCE_JDBC_PWD, + PeCryptoUtils.decrypt(properties.getProperty(PERSISTENCE_JDBC_PWD, ""))); } im = IntegrityMonitor.getInstance(papResourceName, properties); // Create an IntegrityAudit ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties); ia.startAuditThread(); - // we are about to call the PDPs and give them their configuration. // To do that we need to have the URL of this PAP so we can // construct the Policy file URLs @@ -298,7 +297,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList LOGGER.info("PapServlet: calling auditLocalFileSystem for PDP group audit"); LOGGER.info("PapServlet: old group is " + papEngine.getDefaultGroup().toString()); - // get the current filesystem group and update from the database if needed + // get the current filesystem group and update from the database + // if needed StdPDPGroup group = (StdPDPGroup) papEngine.getDefaultGroup(); StdPDPGroup updatedGroup = policyDbDao.auditLocalFileSystem(group); if (updatedGroup != null) { @@ -456,8 +456,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList throw new PAPException("papDbUser is null"); } setPapDbUser(papDbUser); - papDbPd = CryptoUtils.decryptTxtNoExStr( - XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, "")); + PeCryptoUtils.initAesKey(XACMLProperties.getProperty(XACMLRestProperties.PROP_AES_KEY)); + papDbPd = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD)); if (papDbPd == null) { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, "XACMLPapServlet", " ERROR: Bad papDbPassword property entry"); diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java index cd02c2bfe..2e2a74015 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/NotifyOtherPaps.java @@ -35,7 +35,7 @@ import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.jpa.PolicyDBDaoEntity; -import org.onap.policy.utils.CryptoUtils; +import org.onap.policy.utils.PeCryptoUtils; public class NotifyOtherPaps { @@ -108,7 +108,7 @@ public class NotifyOtherPaps { String username = dbdEntity.getUsername(); String txt; try { - txt = new String(CryptoUtils.decryptTxt(dbdEntity.getPassword()), StandardCharsets.UTF_8); + txt = PeCryptoUtils.decrypt(dbdEntity.getPassword()); } catch (Exception e) { LOGGER.debug(e); // if we can't decrypt, might as well try it anyway diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java index 9f5933850..9a39b6ed1 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java @@ -58,7 +58,7 @@ import org.onap.policy.rest.jpa.GroupEntity; import org.onap.policy.rest.jpa.PdpEntity; import org.onap.policy.rest.jpa.PolicyDBDaoEntity; import org.onap.policy.rest.jpa.PolicyEntity; -import org.onap.policy.utils.CryptoUtils; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; @@ -280,7 +280,7 @@ public class PolicyDBDao { } if (urlUserPass[2] == null || "".equals(urlUserPass[2])) { String passwordPropertyValue = - XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS); + PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); if (passwordPropertyValue != null) { urlUserPass[2] = passwordPropertyValue; } @@ -343,14 +343,7 @@ public class PolicyDBDao { } // encrypt the password - String txt = null; - try { - txt = CryptoUtils.encryptTxt(url[2].getBytes(StandardCharsets.UTF_8)); - } catch (Exception e) { - logger.debug(e); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, POLICYDBDAO_VAR, - "Could not encrypt PAP password"); - } + String txt = PeCryptoUtils.encrypt(url[2]); if (foundPolicyDBDaoEntity == null) { PolicyDBDaoEntity newPolicyDBDaoEntity = new PolicyDBDaoEntity(); newPolicyDBDaoEntity.setPolicyDBDaoUrl(url[0]); diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java index 79b07e2b9..f04be861b 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/elk/client/ElasticSearchPolicyUpdate.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP Policy Engine * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,8 +17,17 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pap.xacml.rest.elk.client; +import com.google.gson.Gson; +import io.searchbox.client.JestClientFactory; +import io.searchbox.client.config.HttpClientConfig; +import io.searchbox.client.http.JestHttpClient; +import io.searchbox.core.Bulk; +import io.searchbox.core.Bulk.Builder; +import io.searchbox.core.BulkResult; +import io.searchbox.core.Index; import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.InputStream; @@ -34,21 +43,6 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Properties; - -import org.onap.policy.common.logging.flexlogger.FlexLogger; -import org.onap.policy.common.logging.flexlogger.Logger; -import org.onap.policy.utils.CryptoUtils; -import org.onap.policy.xacml.util.XACMLPolicyScanner; - -import com.google.gson.Gson; - -import io.searchbox.client.JestClientFactory; -import io.searchbox.client.config.HttpClientConfig; -import io.searchbox.client.http.JestHttpClient; -import io.searchbox.core.Bulk; -import io.searchbox.core.Bulk.Builder; -import io.searchbox.core.BulkResult; -import io.searchbox.core.Index; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType; @@ -56,24 +50,28 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; +import org.onap.policy.common.logging.flexlogger.FlexLogger; +import org.onap.policy.common.logging.flexlogger.Logger; +import org.onap.policy.utils.PeCryptoUtils; +import org.onap.policy.xacml.util.XACMLPolicyScanner; /** - * This code will deals with parsing the XACML content on reading from + * This code will deals with parsing the XACML content on reading from * database(PolicyEntity, ConfigurationDataEntity and ActionBodyEntity tables) * and convert the data into json to do bulk operation on putting to elastic search database. * Which is used to support Elastic Search in Policy Application GUI to search policies. - * - * - * + * + * + * * properties should be configured in policyelk.properties * */ public class ElasticSearchPolicyUpdate { private static final Logger LOGGER = FlexLogger.getLogger(ElasticSearchPolicyUpdate.class); - protected final static JestClientFactory jestFactory = new JestClientFactory(); + protected static final JestClientFactory jestFactory = new JestClientFactory(); public static void main(String[] args) { @@ -86,23 +84,24 @@ public class ElasticSearchPolicyUpdate { String propertyFile = System.getProperty("PROPERTY_FILE"); Properties config = new Properties(); Path file = Paths.get(propertyFile); - if(!file.toFile().exists()){ + if (!file.toFile().exists()) { LOGGER.error("Config File doesn't Exist in the specified Path " + file.toString()); - }else{ - if(file.toString().endsWith(".properties")){ + } else { + if (file.toString().endsWith(".properties")) { try { InputStream in = new FileInputStream(file.toFile()); config.load(in); elkURL = config.getProperty("policy.elk.url"); databseUrl = config.getProperty("policy.database.url"); userName = config.getProperty("policy.database.username"); - txt = CryptoUtils.decryptTxtNoExStr(config.getProperty("policy.database.password")); + txt = PeCryptoUtils.decrypt(config.getProperty("policy.database.password")); databaseDriver = config.getProperty("policy.database.driver"); - if(elkURL == null || databseUrl == null || userName == null || txt == null || databaseDriver == null){ + if (elkURL == null || databseUrl == null || userName == null || txt == null + || databaseDriver == null) { LOGGER.error("please check the elk configuration"); } } catch (Exception e) { - LOGGER.error("Config File doesn't Exist in the specified Path " + file.toString(),e); + LOGGER.error("Config File doesn't Exist in the specified Path " + file.toString(), e); } } } @@ -379,4 +378,4 @@ public class ElasticSearchPolicyUpdate { } } } -} \ No newline at end of file +} diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java index 0ac6c7009..10cc81549 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/AuthenticationService.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,32 +20,48 @@ package org.onap.policy.pap.xacml.restAuth; +import com.att.research.xacml.util.XACMLProperties; +import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.StringTokenizer; - import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.rest.XACMLRestProperties; -import org.onap.policy.utils.CryptoUtils; - -import com.att.research.xacml.util.XACMLProperties; +import org.onap.policy.utils.PeCryptoUtils; public class AuthenticationService { - private String papID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); - private String papPass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); + private String papId = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); + private String papPass = null; + /** + * Authenticate. + * + * @param authCredentials the auth credentials + * @return true, if successful + */ public boolean authenticate(String authCredentials) { - if (null == authCredentials) + if (null == authCredentials) { return false; + } // header value format will be "Basic encodedstring" for Basic authentication. - final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", ""); + final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", ""); String usernameAndPassword = null; + + try { + String secretKey = XACMLProperties.getProperty(XACMLRestProperties.PROP_AES_KEY); + PeCryptoUtils.initAesKey(secretKey); + papPass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); + } catch (Exception e) { + PolicyLogger.error(e); + } + try { byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword); - usernameAndPassword = new String(decodedBytes, "UTF-8"); + usernameAndPassword = new String(decodedBytes, StandardCharsets.UTF_8); } catch (Exception e) { - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService", "Exception decoding username and password"); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService", + "Exception decoding username and password"); return false; } try { @@ -53,10 +69,10 @@ public class AuthenticationService { final String username = tokenizer.nextToken(); final String password = tokenizer.nextToken(); - boolean authenticationStatus = papID.equals(username) && papPass.equals(password); - return authenticationStatus; - } catch (Exception e){ - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService", "Exception authenticating user"); + return papId.equals(username) && papPass.equals(password); + } catch (Exception e) { + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AuthenticationService", + "Exception authenticating user"); return false; } } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java index cddcb2a4c..181dd0910 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/CheckPDP.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,6 +20,7 @@ package org.onap.policy.pap.xacml.restAuth; +import com.att.research.xacml.api.pap.PAPException; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; @@ -36,16 +37,14 @@ import java.util.HashMap; import java.util.List; import java.util.Objects; import java.util.Properties; - import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.pap.xacml.rest.XACMLPapServlet; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; -import com.att.research.xacml.api.pap.PAPException; - public class CheckPDP { private static Path pdpPath = null; @@ -148,7 +147,7 @@ public class CheckPDP { if(pdpValues.size()==3){ // 1:2 will be UserID:Password String userID = pdpValues.get(1); - String pass = pdpValues.get(2); + String pass = PeCryptoUtils.decrypt(pdpValues.get(2)); Base64.Encoder encoder = Base64.getEncoder(); // 0 - PDPURL pdpMap.put(pdpValues.get(0), encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8))); -- cgit 1.2.3-korg