From c1b69dfb1297365d35f2ada8690f13f787d38b4f Mon Sep 17 00:00:00 2001 From: pa834y Date: Tue, 26 Mar 2019 14:29:38 -0400 Subject: Enhancement to use the common CryptoUtils Change-Id: I06718526382b424eab991f39a7dac1b5cf4f1b74 Issue-ID: POLICY-1422 Signed-off-by: pa834y --- .../org/onap/policy/pdp/rest/PapUrlResolver.java | 13 +- .../org/onap/policy/pdp/rest/XACMLPdpServlet.java | 81 ++++---- .../policy/pdp/rest/api/services/PAPServices.java | 49 +++-- .../onap/policy/pdp/rest/config/PDPApiAuth.java | 94 ++++----- .../onap/policy/pdp/rest/config/PDPRestConfig.java | 211 ++++++++++----------- .../pdp/rest/restAuth/AuthenticationService.java | 22 +-- ONAP-PDP-REST/xacml.pdp.properties | 3 + 7 files changed, 240 insertions(+), 233 deletions(-) (limited to 'ONAP-PDP-REST') diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java index 5462dd908..0fab3db61 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ package org.onap.policy.pdp.rest; +import com.att.research.xacml.util.XACMLProperties; import java.net.URI; import java.text.DateFormat; import java.text.ParseException; @@ -28,13 +29,10 @@ import java.util.Date; import java.util.NoSuchElementException; import java.util.Objects; import java.util.Properties; - import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.XACMLRestProperties; -import org.onap.policy.utils.CryptoUtils; - -import com.att.research.xacml.util.XACMLProperties; +import org.onap.policy.utils.PeCryptoUtils; public class PapUrlResolver { private static final Logger LOGGER = FlexLogger.getLogger(PapUrlResolver.class); @@ -119,10 +117,11 @@ public class PapUrlResolver { String userId = null; String pass = null; userId = XACMLProperties.getProperty(urls[i] + "." + XACMLRestProperties.PROP_PAP_USERID); - pass = XACMLProperties.getProperty(urls[i] + "." + CryptoUtils.decryptTxtNoExStr(XACMLRestProperties.PROP_PAP_PASS)); + pass = XACMLProperties.getProperty(urls[i] + "." + + PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS))); if (userId == null || pass == null) { userId = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); - pass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); + pass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); } if (userId == null || pass == null) { userId = ""; diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java index c227d9d2a..c86e21c09 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpServlet.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,6 +20,17 @@ package org.onap.policy.pdp.rest; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.pap.PDPStatus.Status; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.std.dom.DOMRequest; +import com.att.research.xacml.std.dom.DOMResponse; +import com.att.research.xacml.std.json.JSONRequest; +import com.att.research.xacml.std.json.JSONResponse; +import com.att.research.xacml.util.XACMLProperties; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -60,40 +71,30 @@ import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.pdp.rest.jmx.PdpRestMonitor; import org.onap.policy.rest.XACMLRest; import org.onap.policy.rest.XACMLRestProperties; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.pdp.std.functions.PolicyList; import org.onap.policy.xacml.std.pap.StdPDPStatus; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.pap.PDPStatus.Status; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.api.pdp.PDPException; -import com.att.research.xacml.std.dom.DOMRequest; -import com.att.research.xacml.std.dom.DOMResponse; -import com.att.research.xacml.std.json.JSONRequest; -import com.att.research.xacml.std.json.JSONResponse; -import com.att.research.xacml.util.XACMLProperties; -import com.fasterxml.jackson.databind.ObjectMapper; /** * Servlet implementation class XacmlPdpServlet - * + * * This is an implementation of the XACML 3.0 RESTful Interface with added features to support simple PAP RESTful API * for policy publishing and PIP configuration changes. - * + * * If you are running this the first time, then we recommend you look at the xacml.pdp.properties file. This properties * file has all the default parameter settings. If you are running the servlet as is, then we recommend setting up * you're container to run it on port 8080 with context "/pdp". Wherever the default working directory is set to, a * "config" directory will be created that holds the policy and pip cache. This setting is located in the * xacml.pdp.properties file. - * + * * When you are ready to customize, you can create a separate xacml.pdp.properties on you're local file system and setup * the parameters as you wish. Just set the Java VM System variable to point to that file: - * + * * -Dxacml.properties=/opt/app/xacml/etc/xacml.pdp.properties - * + * * Or if you only want to change one or two properties, simply set the Java VM System variable for that property. - * + * * -Dxacml.rest.pdp.register=false * * @@ -268,9 +269,13 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { properties.getProperty("createUpdatePolicy.impl.className", CREATE_UPDATE_POLICY_SERVICE); setCreateUpdatePolicyConstructor(createUpdateResourceName); + PeCryptoUtils.initAesKey(properties.getProperty(XACMLRestProperties.PROP_AES_KEY)); + // Create an IntegrityMonitor try { logger.info("Creating IntegrityMonitor"); + properties.setProperty("javax.persistence.jdbc.password", + PeCryptoUtils.decrypt(properties.getProperty("javax.persistence.jdbc.password", ""))); im = IntegrityMonitor.getInstance(pdpResourceName, properties); } catch (Exception e) { PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "Failed to create IntegrityMonitor" + e); @@ -380,42 +385,42 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { /** * PUT - The PAP engine sends configuration information using HTTP PUT request. - * + * * One parameter is expected: - * + * * config=[policy|pip|all] - * + * * policy - Expect a properties file that contains updated lists of the root and referenced policies that the PDP * should be using for PEP requests. - * + * * Specifically should AT LEAST contain the following properties: xacml.rootPolicies xacml.referencedPolicies - * + * * In addition, any relevant information needed by the PDP to load or retrieve the policies to store in its cache. * * EXAMPLE: xacml.rootPolicies=PolicyA.1, PolicyB.1 * * PolicyA.1.url=http://localhost:9090/PAP?id=b2d7b86d-d8f1-4adf-ba9d-b68b2a90bee1&version=1 * PolicyB.1.url=http://localhost:9090/PAP/id=be962404-27f6-41d8-9521-5acb7f0238be&version=1 - * + * * xacml.referencedPolicies=RefPolicyC.1, RefPolicyD.1 * * RefPolicyC.1.url=http://localhost:9090/PAP?id=foobar&version=1 * RefPolicyD.1.url=http://localhost:9090/PAP/id=example&version=1 - * + * * pip - Expect a properties file that contain PIP engine configuration properties. - * + * * Specifically should AT LEAST the following property: xacml.pip.engines - * + * * In addition, any relevant information needed by the PDP to load and configure the PIPs. - * + * * EXAMPLE: xacml.pip.engines=foo,bar - * + * * foo.classname=com.foo foo.sample=abc foo.example=xyz ...... - * + * * bar.classname=com.bar ...... - * + * * all - Expect ALL new configuration properties for the PDP - * + * * @see HttpServlet#doPut(HttpServletRequest request, HttpServletResponse response) */ @Override @@ -625,13 +630,13 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { /** * Parameters: type=hb|config|Status - * + * * 1. HeartBeat Status HeartBeat OK - All Policies are Loaded, All PIPs are Loaded LOADING_IN_PROGRESS - Currently * loading a new policy set/pip configuration LAST_UPDATE_FAILED - Need to track the items that failed during last * update LOAD_FAILURE - ??? Need to determine what information is sent and how 2. Configuration 3. Status return * the StdPDPStatus object in the Response content - * - * + * + * * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ @Override @@ -812,8 +817,8 @@ public class XACMLPdpServlet extends HttpServlet implements Runnable { /** * POST - We expect XACML requests to be posted by PEP applications. They can be in the form of XML or JSON * according to the XACML 3.0 Specifications for both. - * - * + * + * * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ @Override diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java index 425bcebf9..7704a96a6 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,8 +17,11 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pdp.rest.api.services; +import com.att.research.xacml.util.XACMLProperties; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -33,20 +36,16 @@ import java.util.Collections; import java.util.List; import java.util.Map; import java.util.UUID; - import org.apache.commons.io.IOUtils; import org.onap.policy.api.PolicyException; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.pdp.rest.config.PDPApiAuth; import org.onap.policy.rest.XACMLRestProperties; -import org.onap.policy.utils.CryptoUtils; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.std.pap.StdPDPPolicy; -import com.att.research.xacml.util.XACMLProperties; -import com.fasterxml.jackson.databind.ObjectMapper; - public class PAPServices { private static final String SUCCESS = "success"; private static Logger LOGGER = FlexLogger.getLogger(PAPServices.class.getName()); @@ -79,10 +78,9 @@ public class PAPServices { private String getPAPEncoding() { if (encoding == null) { - final String userID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); - final String pass = - CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); - final Base64.Encoder encoder = Base64.getEncoder(); + String userID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); + String pass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); + Base64.Encoder encoder = Base64.getEncoder(); encoding = encoder.encodeToString((userID + ":" + pass).getBytes(StandardCharsets.UTF_8)); } return encoding; @@ -131,7 +129,7 @@ public class PAPServices { String fullURL = getPAP(); fullURL = checkParameter(parameters, fullURL); final URL url = new URL(fullURL); - LOGGER.debug("--- Sending Request to PAP : " + url.toString() + " ---"); + LOGGER.info("--- Sending Request to PAP : " + url.toString() + " ---" + " RequestId:" + requestID); // Open the connection connection = (HttpURLConnection) url.openConnection(); // Setting Content-Type @@ -149,9 +147,9 @@ public class PAPServices { // Adding RequestID if (requestID == null) { requestID = UUID.randomUUID(); - LOGGER.info("No request ID provided, sending generated ID: " + requestID.toString()); + LOGGER.debug("No request ID provided, sending generated ID: " + requestID.toString()); } else { - LOGGER.info("Using provided request ID: " + requestID.toString()); + LOGGER.debug("Using provided request ID: " + requestID.toString()); } connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString()); if (content != null && (content instanceof InputStream)) { @@ -168,6 +166,9 @@ public class PAPServices { if (!isJunit) { mapper.writeValue(connection.getOutputStream(), content); } + } else { + LOGGER.info(XACMLErrorConstants.ERROR_DATA_ISSUE + "content is null for calling: " + url.getHost() + + requestID.toString()); } // DO the connect connection.connect(); @@ -215,10 +216,12 @@ public class PAPServices { } } else { response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + "connection is null"; + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "connection is null - RequestId: " + requestID); } return response; } else { response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Unable to get valid response from PAP(s) " + paps; + LOGGER.error("For RequestId: " + requestID + ", " + response); return response; } } @@ -228,7 +231,7 @@ public class PAPServices { String version = null; HttpURLConnection connection = null; final String[] parameters = {"apiflag=version", "policyScope=" + policyScope, "filePrefix=" + filePrefix, - "policyName=" + policyName}; + "policyName=" + policyName}; if (paps == null || paps.isEmpty()) { LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty."); } else { @@ -311,7 +314,8 @@ public class PAPServices { version = "pe300"; } else { LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE - + "BAD REQUEST: Error occured while getting the version from the PAP. The request may be incorrect. The response code of the URL is '" + + "BAD REQUEST: Error occured while getting the version from the PAP. " + + "The request may be incorrect. The response code of the URL is '" + connection.getResponseCode() + "'"); } } catch (final IOException e) { @@ -436,14 +440,16 @@ public class PAPServices { + "Please create a new Dictionary Item or use the update API to modify the existing one."; } else if ("duplicateGroup".equals(connection.getHeaderField("error"))) { response = XACMLErrorConstants.ERROR_DATA_ISSUE - + "Group Policy Scope List Exist Error: The Group Policy Scope List for this Dictionary Item already exist in the database. " + + "Group Policy Scope List Exist Error: " + + "The Group Policy Scope List for this Dictionary Item already exist in the database. " + "Duplicate Group Policy Scope Lists for multiple groupNames is not allowed. " - + "Please review the request and verify that the groupPolicyScopeListData1 is unique compared to existing groups."; + + "Please review the request and " + + "verify that the groupPolicyScopeListData1 is unique compared to existing groups."; } else if ("PolicyInPDP".equals(connection.getHeaderField("error"))) { response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Policy Exist Error: The Policy trying to be deleted is active in PDP. " + "Active PDP Polcies are not allowed to be deleted from PAP. " - + "Please First remove the policy from PDP in order to successfully delete the Policy from PAP."; + + "Please First remove the policy from PDP in order to successfully delete the Policy from PAP"; } LOGGER.error(response); } else if (connection.getResponseCode() == 500 && connection.getHeaderField("error") != null) { @@ -457,7 +463,8 @@ public class PAPServices { response = connection.getHeaderField("message"); } else if ("unknown".equals(connection.getHeaderField("error"))) { response = XACMLErrorConstants.ERROR_UNKNOWN - + "Failed to delete the policy for an unknown reason. Check the file system and other logs for further information."; + + "Failed to delete the policy for an unknown reason. " + + "Check the file system and other logs for further information."; } else if ("deleteConfig".equals(connection.getHeaderField("error"))) { response = XACMLErrorConstants.ERROR_DATA_ISSUE + "Cannot delete the configuration or action body file in specified location."; diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java index 246f5a26d..163298186 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,8 +17,10 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pdp.rest.config; +import com.att.research.xacml.util.XACMLProperties; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; @@ -33,7 +35,6 @@ import java.util.List; import java.util.Map; import java.util.Properties; import java.util.StringTokenizer; - import org.onap.policy.api.PolicyEngineException; import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.flexlogger.FlexLogger; @@ -41,21 +42,20 @@ import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.utils.AAFPolicyClient; import org.onap.policy.utils.AAFPolicyException; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; -import com.att.research.xacml.util.XACMLProperties; - public class PDPApiAuth { private static final Logger LOGGER = FlexLogger.getLogger(PDPApiAuth.class); private static String environment = null; private static Path clientPath = null; - private static Map> clientMap = null; + private static Map> clientMap = null; private static Long oldModified = null; private static AAFPolicyClient aafClient = null; - private PDPApiAuth(){ + private PDPApiAuth() { // Private Constructor } @@ -65,7 +65,7 @@ public class PDPApiAuth { public static void setProperty() { environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL"); String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE); - if(clientFile!=null){ + if (clientFile != null) { clientPath = Paths.get(clientFile); } try { @@ -76,84 +76,84 @@ public class PDPApiAuth { } /* - * Return Environment value of the PDP servlet. + * Return Environment value of the PDP servlet. */ public static String getEnvironment() { - if(environment==null){ + if (environment == null) { setProperty(); } return environment; } /* - * Security check for authentication and authorizations. + * Security check for authentication and authorizations. */ - public static boolean checkPermissions(String clientEncoding, String requestID, - String resource) { - try{ + public static boolean checkPermissions(String clientEncoding, String requestID, String resource) { + try { String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); - if(userNamePass==null || userNamePass.length==0){ + if (userNamePass == null || userNamePass.length == 0) { String usernameAndPassword = null; byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding); usernameAndPassword = new String(decodedBytes, "UTF-8"); StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); String username = tokenizer.nextToken(); String password = tokenizer.nextToken(); - userNamePass= new String[]{username, password}; + userNamePass = new String[] {username, password}; } LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API."); Boolean result = false; - // Check Backward Compatibility. - try{ + // Check Backward Compatibility. + try { /* - * If AAF is NOT enabled in the properties we will allow the user to - * continue to use the client.properties file to authenticate. - * Note: Disabling AAF is for testing purposes and not intended for production. + * If AAF is NOT enabled in the properties we will allow the user to continue to use the + * client.properties file to authenticate. Note: Disabling AAF is for testing purposes and not intended + * for production. */ if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) { result = clientAuth(userNamePass); } - }catch(Exception e){ + } catch (Exception e) { LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); } - if(!result){ + if (!result) { String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace"); String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission"); String type = null; - if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){ + if (!userNamePass[0].contains("@") && aafPolicyNameSpace != null) { userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace); - }else{ + } else { LOGGER.info("No AAF NameSpace specified in properties"); } - if(aafResource != null){ + if (aafResource != null) { type = aafResource + "." + resource; - }else{ + } else { LOGGER.warn("No AAF Resource specified in properties"); return false; } - LOGGER.info("Contacting AAF in : " + environment); + LOGGER.info("Contacting AAF in : " + environment); result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*"); } return result; - }catch(Exception e){ + } catch (Exception e) { LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); return false; } } - private static Boolean clientAuth(String[] userNamePass){ - if(clientPath==null){ + private static Boolean clientAuth(String[] userNamePass) { + if (clientPath == null) { setProperty(); } if (!clientPath.toFile().exists()) { return false; - }else if(clientPath.toString().endsWith(".properties")) { + } else if (clientPath.toString().endsWith(".properties")) { try { readProps(clientPath); - if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { + if (clientMap.containsKey(userNamePass[0]) + && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) { return true; } - }catch(PolicyEngineException e){ + } catch (PolicyEngineException e) { LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); return false; } @@ -163,12 +163,12 @@ public class PDPApiAuth { private static String reverseNamespace(String namespace) { final List components = Arrays.asList(namespace.split("\\.")); - Collections.reverse(components); + Collections.reverse(components); return String.join(".", components); } - private static Map> readProps(Path clientPath) throws PolicyEngineException{ - if(oldModified!=null){ + private static Map> readProps(Path clientPath) throws PolicyEngineException { + if (oldModified != null) { Long newModified = clientPath.toFile().lastModified(); if (newModified == oldModified) { return clientMap; @@ -180,27 +180,31 @@ public class PDPApiAuth { in = new FileInputStream(clientPath.toFile()); clientProp.load(in); } catch (IOException e) { - LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR , e); - throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e); + LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR, e); + throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Cannot Load the Properties file", + e); } // Read the Properties and Load the Clients and their scopes. clientMap = new HashMap<>(); - // + // for (Object propKey : clientProp.keySet()) { - String clientID = (String)propKey; + String clientID = (String) propKey; String clientValue = clientProp.getProperty(clientID); if (clientValue != null && clientValue.contains(",")) { ArrayList clientValues = new ArrayList<>(Arrays.asList(clientValue.split("\\s*,\\s*"))); - if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){ + if (clientValues.get(0) != null || clientValues.get(1) != null || clientValues.get(0).isEmpty() + || clientValues.get(1).isEmpty()) { + clientValues.set(0, PeCryptoUtils.decrypt(clientValues.get(0))); clientMap.put(clientID, clientValues); } } } if (clientMap.isEmpty()) { - LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); + LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS + + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!"); throw new PolicyEngineException("Empty Client file"); } oldModified = clientPath.toFile().lastModified(); return clientMap; } -} \ No newline at end of file +} diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java index b563c6cce..9c3213bef 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPRestConfig.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,23 +17,21 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.pdp.rest.config; import java.io.FileInputStream; -import java.io.IOException; import java.io.InputStream; import java.util.Properties; - import javax.annotation.PostConstruct; import javax.servlet.MultipartConfigElement; import javax.sql.DataSource; - import org.apache.tomcat.dbcp.dbcp2.BasicDataSource; import org.hibernate.SessionFactory; import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; -import org.onap.policy.pdp.rest.api.controller.PolicyEngineServices; +import org.onap.policy.utils.PeCryptoUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; @@ -43,7 +41,6 @@ import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; - import springfox.documentation.builders.ApiInfoBuilder; import springfox.documentation.builders.PathSelectors; import springfox.documentation.builders.RequestHandlerSelectors; @@ -55,124 +52,118 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2; @Configuration @EnableWebMvc @EnableSwagger2 -@ComponentScan(basePackages = { "org.onap.*", "com.*" }) -public class PDPRestConfig extends WebMvcConfigurerAdapter{ - - private static final Logger LOGGER = FlexLogger.getLogger(PDPRestConfig.class); - - private static String dbDriver = null; - private static String dbUrl = null; - private static String dbUserName = null; - private static String dbPassword = null; - - @PostConstruct - public void init(){ - Properties prop = new Properties(); - try (InputStream input = new FileInputStream("xacml.pdp.properties")){ - // load a properties file - prop.load(input); - setDbDriver(prop.getProperty("javax.persistence.jdbc.driver")); - setDbUrl(prop.getProperty("javax.persistence.jdbc.url")); - setDbUserName(prop.getProperty("javax.persistence.jdbc.user")); - setDbPassword(prop.getProperty("javax.persistence.jdbc.password")); - }catch(Exception e){ - LOGGER.error("Exception Occured while loading properties file"+e); - } - } - - @Override +@ComponentScan(basePackages = {"org.onap.*", "com.*"}) +public class PDPRestConfig extends WebMvcConfigurerAdapter { + + private static final Logger LOGGER = FlexLogger.getLogger(PDPRestConfig.class); + + private static String dbDriver = null; + private static String dbUrl = null; + private static String dbUserName = null; + private static String dbPassword = null; + + @PostConstruct + public void init() { + Properties prop = new Properties(); + try (InputStream input = new FileInputStream("xacml.pdp.properties")) { + // load a properties file + prop.load(input); + setDbDriver(prop.getProperty("javax.persistence.jdbc.driver")); + setDbUrl(prop.getProperty("javax.persistence.jdbc.url")); + setDbUserName(prop.getProperty("javax.persistence.jdbc.user")); + PeCryptoUtils.initAesKey(prop.getProperty("org.onap.policy.encryption.aes.key")); + setDbPassword(PeCryptoUtils.decrypt(prop.getProperty("javax.persistence.jdbc.password"))); + } catch (Exception e) { + LOGGER.error("Exception Occured while loading properties file" + e); + } + } + + @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/"); registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/"); } - - private ApiInfo apiInfo(){ - return new ApiInfoBuilder() - .title("Policy Engine REST API") - .description("This API helps to make queries against Policy Engine") - .version("3.0") - .build(); + + private ApiInfo apiInfo() { + return new ApiInfoBuilder().title("Policy Engine REST API") + .description("This API helps to make queries against Policy Engine").version("3.0").build(); } - + @Bean - public Docket policyAPI(){ + public Docket policyAPI() { PolicyLogger.info("Setting up Swagger... "); - return new Docket(DocumentationType.SWAGGER_2) - .select() - .apis(RequestHandlerSelectors.basePackage("org.onap.policy.pdp.rest.api")) - .paths(PathSelectors.any()) - .build() - .apiInfo(apiInfo()); - } - - @Bean(name = "dataSource") - public DataSource getDataSource() { - BasicDataSource dataSource = new BasicDataSource(); - dataSource.setDriverClassName(PDPRestConfig.getDbDriver()); - dataSource.setUrl(PDPRestConfig.getDbUrl()); - dataSource.setUsername(PDPRestConfig.getDbUserName()); - dataSource.setPassword(PDPRestConfig.getDbPassword()); - return dataSource; - } - - @Autowired - @Bean(name = "sessionFactory") - public SessionFactory getSessionFactory(DataSource dataSource) { - LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource); - sessionBuilder.scanPackages("org.onap.*", "com.*"); - sessionBuilder.addProperties(getHibernateProperties()); - return sessionBuilder.buildSessionFactory(); - } - - private Properties getHibernateProperties() { - Properties properties = new Properties(); - properties.put("hibernate.show_sql", "true"); - properties.put("hibernate.dialect", "org.hibernate.dialect.MySQLDialect"); - return properties; - } - - @Autowired - @Bean(name = "transactionManager") - public HibernateTransactionManager getTransactionManager(SessionFactory sessionFactory) { - return new HibernateTransactionManager(sessionFactory); - } - + return new Docket(DocumentationType.SWAGGER_2).select() + .apis(RequestHandlerSelectors.basePackage("org.onap.policy.pdp.rest.api")).paths(PathSelectors.any()) + .build().apiInfo(apiInfo()); + } + + @Bean(name = "dataSource") + public DataSource getDataSource() { + BasicDataSource dataSource = new BasicDataSource(); + dataSource.setDriverClassName(PDPRestConfig.getDbDriver()); + dataSource.setUrl(PDPRestConfig.getDbUrl()); + dataSource.setUsername(PDPRestConfig.getDbUserName()); + dataSource.setPassword(PDPRestConfig.getDbPassword()); + return dataSource; + } + + @Autowired + @Bean(name = "sessionFactory") + public SessionFactory getSessionFactory(DataSource dataSource) { + LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource); + sessionBuilder.scanPackages("org.onap.*", "com.*"); + sessionBuilder.addProperties(getHibernateProperties()); + return sessionBuilder.buildSessionFactory(); + } + + private Properties getHibernateProperties() { + Properties properties = new Properties(); + properties.put("hibernate.show_sql", "true"); + properties.put("hibernate.dialect", "org.hibernate.dialect.MySQLDialect"); + return properties; + } + + @Autowired + @Bean(name = "transactionManager") + public HibernateTransactionManager getTransactionManager(SessionFactory sessionFactory) { + return new HibernateTransactionManager(sessionFactory); + } + @Bean - public MultipartConfigElement multipartConfigElement(){ + public MultipartConfigElement multipartConfigElement() { String location = System.getProperty("java.io.tmpdir"); - MultipartConfigElement mp = new MultipartConfigElement(location); - return mp; + return new MultipartConfigElement(location); } - public static String getDbDriver() { - return dbDriver; - } + public static String getDbDriver() { + return dbDriver; + } - public static void setDbDriver(String dbDriver) { - PDPRestConfig.dbDriver = dbDriver; - } + public static void setDbDriver(String dbDriver) { + PDPRestConfig.dbDriver = dbDriver; + } - public static String getDbUrl() { - return dbUrl; - } + public static String getDbUrl() { + return dbUrl; + } - public static void setDbUrl(String dbUrl) { - PDPRestConfig.dbUrl = dbUrl; - } + public static void setDbUrl(String dbUrl) { + PDPRestConfig.dbUrl = dbUrl; + } - public static String getDbUserName() { - return dbUserName; - } + public static String getDbUserName() { + return dbUserName; + } - public static void setDbUserName(String dbUserName) { - PDPRestConfig.dbUserName = dbUserName; - } + public static void setDbUserName(String dbUserName) { + PDPRestConfig.dbUserName = dbUserName; + } - public static String getDbPassword() { - return dbPassword; - } + public static String getDbPassword() { + return dbPassword; + } - public static void setDbPassword(String dbPassword) { - PDPRestConfig.dbPassword = dbPassword; - } + public static void setDbPassword(String dbPassword) { + PDPRestConfig.dbPassword = dbPassword; + } } diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java index 0d066c59c..b1b092431 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restAuth/AuthenticationService.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,25 +20,23 @@ package org.onap.policy.pdp.rest.restAuth; +import com.att.research.xacml.util.XACMLProperties; import java.util.Base64; import java.util.StringTokenizer; - -import org.onap.policy.rest.XACMLRestProperties; - -import com.att.research.xacml.util.XACMLProperties; - import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.eelf.PolicyLogger; +import org.onap.policy.rest.XACMLRestProperties; +import org.onap.policy.utils.PeCryptoUtils; public class AuthenticationService { private String pdpID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_USERID); - private String pdpPass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_PASS); - + private String pdpPass = PeCryptoUtils.decrypt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PDP_PASS)); + public boolean authenticate(String authCredentials) { if (null == authCredentials) return false; - // header value format will be "Basic encodedstring" for Basic authentication. + // header value format will be "Basic encodedstring" for Basic authentication. final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", ""); String usernameAndPassword = null; try { @@ -58,5 +56,5 @@ public class AuthenticationService { return false; } } - + } diff --git a/ONAP-PDP-REST/xacml.pdp.properties b/ONAP-PDP-REST/xacml.pdp.properties index 90e0f5c3c..51feec6f5 100644 --- a/ONAP-PDP-REST/xacml.pdp.properties +++ b/ONAP-PDP-REST/xacml.pdp.properties @@ -199,3 +199,6 @@ msToscaModel.home=/home/users/PolicyEngine/webapps/ConfigPAP/ # Decision Response settings. # can be either PERMIT or DENY. decision.indeterminate.response=PERMIT + +# AES key for password encryption in config files +#org.onap.policy.encryption.aes.key=12345678901234567890123456789012 -- cgit 1.2.3-korg