From 48a51f0d12f5e6e4f9afe86297904faed9226f4b Mon Sep 17 00:00:00 2001
From: "Tait,Trevor(rt0435)" <rtait@amdocs.com>
Date: Fri, 30 Nov 2018 15:45:49 -0500
Subject: HTTPS Support for Network Discovery Micorservice

Issue-ID: SDNC-375

Change-Id: I9c3601eb9aac5e4c8abea2d0c121bf8de56685e2
Signed-off-by: Tait,Trevor(rt0435) <rtait@amdocs.com>
---
 .../config/application.properties                  | 10 +++
 pomba/network-discovery/pom.xml                    |  2 +-
 .../apps/pomba/networkdiscovery/Application.java   |  4 +-
 .../PropertyPasswordConfiguration.java             | 82 ++++++++++++++++++++++
 4 files changed, 96 insertions(+), 2 deletions(-)
 create mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java

(limited to 'pomba/network-discovery')

diff --git a/pomba/network-discovery/config/application.properties b/pomba/network-discovery/config/application.properties
index f6a889e..9de4fde 100644
--- a/pomba/network-discovery/config/application.properties
+++ b/pomba/network-discovery/config/application.properties
@@ -18,6 +18,16 @@ server.tomcat.max-idle-time=60000
 #Servlet context parameters
 server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
 
+#Enable HTTPS
+server.port=8443
+server.ssl.key-store=config/auth/client-cert-onap.p12
+server.ssl.key-store-password=password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+server.ssl.keyStoreType=JKS
+server.ssl.keyAlias=tomcat
+server.ssl.client-auth=want
+server.ssl.enabled=true
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+
 # Basic Authentication
 basicAuth.username=admin
 basicAuth.password=OBF:1u2a1toa1w8v1tok1u30
diff --git a/pomba/network-discovery/pom.xml b/pomba/network-discovery/pom.xml
index 18a8587..dea7353 100644
--- a/pomba/network-discovery/pom.xml
+++ b/pomba/network-discovery/pom.xml
@@ -296,7 +296,7 @@ limitations under the License.
                                             <includes>
                                                 <include>*.properties</include>
                                                 <include>*.xml</include>
-                                                <include>**/*.json</include>   
+                                                <include>**/*.json</include>
                                             </includes>
                                             <filtering>false</filtering>
                                         </resource>
diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java
index e7e2208..c9b995f 100644
--- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java
+++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java
@@ -39,6 +39,8 @@ public class Application extends SpringBootServletInitializer {
     }
 
     public static void main(String[] args) {
-        SpringApplication.run(Application.class, args);
+        SpringApplication app = new SpringApplication(Application.class);
+        app.addInitializers(new PropertyPasswordConfiguration());
+        app.run(args);
     }
 }
\ No newline at end of file
diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java
new file mode 100644
index 0000000..fb62d78
--- /dev/null
+++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java
@@ -0,0 +1,82 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+
+package org.onap.sdnc.apps.pomba.networkdiscovery;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.EnumerablePropertySource;
+import org.springframework.core.env.MapPropertySource;
+import org.springframework.core.env.PropertySource;
+
+public class PropertyPasswordConfiguration implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+    private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)");
+
+    @Override
+    public void initialize(ConfigurableApplicationContext applicationContext) {
+        ConfigurableEnvironment environment = applicationContext.getEnvironment();
+        for (PropertySource<?> propertySource : environment.getPropertySources()) {
+            Map<String, Object> propertyOverrides = new LinkedHashMap<>();
+            decodePasswords(propertySource, propertyOverrides);
+            if (!propertyOverrides.isEmpty()) {
+                PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
+                environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
+            }
+        }
+    }
+
+    private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
+        if (source instanceof EnumerablePropertySource) {
+            EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
+            for (String key : enumerablePropertySource.getPropertyNames()) {
+                Object rawValue = source.getProperty(key);
+                if (rawValue instanceof String) {
+                    String decodedValue = decodePasswordsInString((String) rawValue);
+                    propertyOverrides.put(key, decodedValue);
+                }
+            }
+        }
+    }
+
+    private String decodePasswordsInString(String input) {
+        if (input == null) return null;
+        StringBuffer output = new StringBuffer();
+        Matcher matcher = decodePasswordPattern.matcher(input);
+        while (matcher.find()) {
+            String replacement = decode(matcher.group(1));
+            matcher.appendReplacement(output, replacement);
+        }
+        matcher.appendTail(output);
+        return output.toString();
+    }
+
+    private String decode(String input) {
+        if (input.startsWith("OBF:")) {
+            return Password.deobfuscate(input);
+        }
+        return Password.deobfuscate("OBF:" + input);
+    }
+
+}
-- 
cgit 1.2.3-korg