From a71801f323473b7d559b9282c8318b923ff94efa Mon Sep 17 00:00:00 2001 From: Mohammadreza Pasandideh Date: Tue, 21 Aug 2018 10:28:05 -0400 Subject: Roll-Back Password obfuscation(v2) for ND & SD Issue-ID: SDNC-317 Change-Id: I859934dc231fb3f049b1e1911e314d1d61e31174 Signed-off-by: Mohammadreza Pasandideh --- .../apps/pomba/networkdiscovery/Application.java | 3 +- .../AuthorizationConfiguration.java | 5 +- .../networkdiscovery/JettyPasswordDecoder.java | 34 --------- .../pomba/networkdiscovery/PasswordDecoder.java | 26 ------- .../PropertyPasswordConfiguration.java | 80 ---------------------- .../unittest/service/NetworkDiscoveryTest.java | 11 ++- 6 files changed, 9 insertions(+), 150 deletions(-) delete mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java delete mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java delete mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java (limited to 'pomba/network-discovery/src') diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java index 82916e9..c976678 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java @@ -39,7 +39,6 @@ public class Application extends SpringBootServletInitializer { } public static void main(String[] args) throws Exception { - SpringApplication app = new SpringApplication(Application.class); - app.addInitializers(new PropertyPasswordConfiguration()); + SpringApplication.run(Application.class, args); } } \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java index 0196e49..4bb3427 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java @@ -19,6 +19,7 @@ package org.onap.sdnc.apps.pomba.networkdiscovery; import java.util.Base64; +import org.eclipse.jetty.util.security.Password; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; @@ -29,11 +30,11 @@ public class AuthorizationConfiguration { @Value("${basicAuth.username:admin}") private String username; - @Value("${basicAuth.password:admin}") + @Value("${basicAuth.password:OBF:1u2a1toa1w8v1tok1u30}") private String password; @Bean(name="basicAuthHeader") public String getNdBasicAuthHeader() { - return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + this.password).getBytes()); + return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + Password.deobfuscate(this.password)).getBytes()); } } diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java deleted file mode 100644 index 10db0ef..0000000 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdnc.apps.pomba.networkdiscovery; - -import org.eclipse.jetty.util.security.Password; - -public class JettyPasswordDecoder implements PasswordDecoder { - - @Override - public String decode(String input) { - if (input.startsWith("OBF:")) { - return Password.deobfuscate(input); - } - return Password.deobfuscate("OBF:" + input); - } -} \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java deleted file mode 100644 index 9bbabd0..0000000 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdnc.apps.pomba.networkdiscovery; - -public interface PasswordDecoder { - - String decode(String input); -} \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java deleted file mode 100644 index be99ebf..0000000 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java +++ /dev/null @@ -1,80 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdnc.apps.pomba.networkdiscovery; - -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.springframework.context.ApplicationContextInitializer; -import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.core.env.EnumerablePropertySource; -import org.springframework.core.env.MapPropertySource; -import org.springframework.core.env.PropertySource; -import org.springframework.stereotype.Component; - -@Component -public class PropertyPasswordConfiguration implements ApplicationContextInitializer -{ - private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); - - private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); - - @Override - public void initialize(ConfigurableApplicationContext applicationContext) { - ConfigurableEnvironment environment = applicationContext.getEnvironment(); - for (PropertySource propertySource : environment.getPropertySources()) { - Map propertyOverrides = new LinkedHashMap<>(); - decodePasswords(propertySource, propertyOverrides); - if (!propertyOverrides.isEmpty()) { - PropertySource decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides); - environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); - } - } - } - - private void decodePasswords(PropertySource source, Map propertyOverrides) { - if (source instanceof EnumerablePropertySource) { - EnumerablePropertySource enumerablePropertySource = (EnumerablePropertySource) source; - for (String key : enumerablePropertySource.getPropertyNames()) { - Object rawValue = source.getProperty(key); - if (rawValue instanceof String) { - String decodedValue = decodePasswordsInString((String) rawValue); - propertyOverrides.put(key, decodedValue); - } - } - } - } - - private String decodePasswordsInString(String input) { - if (input == null) return null; - StringBuffer output = new StringBuffer(); - Matcher matcher = decodePasswordPattern.matcher(input); - while (matcher.find()) { - String replacement = passwordDecoder.decode(matcher.group(1)); - matcher.appendReplacement(output, replacement); - } - matcher.appendTail(output); - return output.toString(); - } -} \ No newline at end of file diff --git a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java index cd65b25..93a1304 100644 --- a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java +++ b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java @@ -46,14 +46,13 @@ import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; +import org.eclipse.jetty.util.security.Password; import org.junit.After; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; import org.onap.logging.ref.slf4j.ONAPLogConstants; -import org.onap.sdnc.apps.pomba.networkdiscovery.Application; -import org.onap.sdnc.apps.pomba.networkdiscovery.PropertyPasswordConfiguration; import org.onap.sdnc.apps.pomba.networkdiscovery.datamodel.Attribute; import org.onap.sdnc.apps.pomba.networkdiscovery.datamodel.DataQuality; import org.onap.sdnc.apps.pomba.networkdiscovery.datamodel.NetworkDiscoveryNotification; @@ -66,7 +65,6 @@ import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.core.env.Environment; -import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -78,9 +76,9 @@ import org.springframework.test.context.web.WebAppConfiguration; @TestPropertySource(properties = { "enricher.url=http://localhost:9505", "basicAuth.username=admin", - "basicAuth.password=password(OBF:1u2a1toa1w8v1tok1u30)" + "basicAuth.password=OBF:1u2a1toa1w8v1tok1u30" }) -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class, classes = Application.class) + public class NetworkDiscoveryTest { private static final String V1 = "v1"; private static final String APP = "junit"; @@ -88,7 +86,8 @@ public class NetworkDiscoveryTest { private static final String RESOURCE_TYPE_VSERVER = "vserver"; private static final String CALLBACK_PATH = "/callback"; - private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString(("admin:admin").getBytes()); + private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString(( + "admin:" + Password.deobfuscate("OBF:1u2a1toa1w8v1tok1u30")).getBytes()); @Autowired private Environment environment; -- cgit 1.2.3-korg