From 705c39c8274ceefebe0d8fd6c7bcd741e1bb6797 Mon Sep 17 00:00:00 2001 From: Mohammadreza Pasandideh Date: Wed, 15 Aug 2018 10:26:43 -0400 Subject: Added code for password obfuscation(v2) Issue-ID: SDNC-317 Change-Id: Ic6125feb917878f8edaf34a1f396826401173022 Signed-off-by: Mohammadreza Pasandideh --- .../config/application.properties | 2 +- .../apps/pomba/networkdiscovery/Application.java | 7 +- .../AuthorizationConfiguration.java | 8 +-- .../networkdiscovery/JettyPasswordDecoder.java | 34 +++++++++ .../pomba/networkdiscovery/PasswordDecoder.java | 26 +++++++ .../PropertyPasswordConfiguration.java | 80 ++++++++++++++++++++++ .../service/rs/RestServiceImpl.java | 9 ++- .../unittest/service/NetworkDiscoveryTest.java | 11 +-- 8 files changed, 158 insertions(+), 19 deletions(-) create mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java create mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java create mode 100644 pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java (limited to 'pomba/network-discovery') diff --git a/pomba/network-discovery/config/application.properties b/pomba/network-discovery/config/application.properties index 1536110..ba631b6 100644 --- a/pomba/network-discovery/config/application.properties +++ b/pomba/network-discovery/config/application.properties @@ -20,7 +20,7 @@ server.context_parameters.p-name=value #context parameter with p-name as key and # Basic Authentication basicAuth.username=admin -basicAuth.password=OBF:1u2a1toa1w8v1tok1u30 +basicAuth.password=password(OBF:1u2a1toa1w8v1tok1u30) # A&AI Enircher REST Client Configuration enricher.url=https://d2enrichment:9505 diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java index eb2d9fd..82916e9 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/Application.java @@ -15,6 +15,7 @@ * limitations under the License. * ============LICENSE_END===================================================== */ + package org.onap.sdnc.apps.pomba.networkdiscovery; import org.springframework.boot.SpringApplication; @@ -38,7 +39,7 @@ public class Application extends SpringBootServletInitializer { } public static void main(String[] args) throws Exception { - SpringApplication.run(Application.class, args); + SpringApplication app = new SpringApplication(Application.class); + app.addInitializers(new PropertyPasswordConfiguration()); } - -} +} \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java index c767e44..0196e49 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java @@ -19,7 +19,6 @@ package org.onap.sdnc.apps.pomba.networkdiscovery; import java.util.Base64; -import org.eclipse.jetty.util.security.Password; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; @@ -30,12 +29,11 @@ public class AuthorizationConfiguration { @Value("${basicAuth.username:admin}") private String username; - @Value("${basicAuth.password:OBF:1u2a1toa1w8v1tok1u30}") + @Value("${basicAuth.password:admin}") private String password; - @Bean(name="networkDiscoveryBasicAuthHeader") + @Bean(name="basicAuthHeader") public String getNdBasicAuthHeader() { - String auth = new String(this.username + ":" + Password.deobfuscate(this.password)); - return "Basic " + Base64.getEncoder().encodeToString(auth.getBytes()); + return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + this.password).getBytes()); } } diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java new file mode 100644 index 0000000..10db0ef --- /dev/null +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/JettyPasswordDecoder.java @@ -0,0 +1,34 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.sdnc.apps.pomba.networkdiscovery; + +import org.eclipse.jetty.util.security.Password; + +public class JettyPasswordDecoder implements PasswordDecoder { + + @Override + public String decode(String input) { + if (input.startsWith("OBF:")) { + return Password.deobfuscate(input); + } + return Password.deobfuscate("OBF:" + input); + } +} \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java new file mode 100644 index 0000000..9bbabd0 --- /dev/null +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PasswordDecoder.java @@ -0,0 +1,26 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.sdnc.apps.pomba.networkdiscovery; + +public interface PasswordDecoder { + + String decode(String input); +} \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java new file mode 100644 index 0000000..be99ebf --- /dev/null +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/PropertyPasswordConfiguration.java @@ -0,0 +1,80 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.sdnc.apps.pomba.networkdiscovery; + +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.springframework.context.ApplicationContextInitializer; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.EnumerablePropertySource; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.PropertySource; +import org.springframework.stereotype.Component; + +@Component +public class PropertyPasswordConfiguration implements ApplicationContextInitializer +{ + private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); + + private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); + + @Override + public void initialize(ConfigurableApplicationContext applicationContext) { + ConfigurableEnvironment environment = applicationContext.getEnvironment(); + for (PropertySource propertySource : environment.getPropertySources()) { + Map propertyOverrides = new LinkedHashMap<>(); + decodePasswords(propertySource, propertyOverrides); + if (!propertyOverrides.isEmpty()) { + PropertySource decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides); + environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties); + } + } + } + + private void decodePasswords(PropertySource source, Map propertyOverrides) { + if (source instanceof EnumerablePropertySource) { + EnumerablePropertySource enumerablePropertySource = (EnumerablePropertySource) source; + for (String key : enumerablePropertySource.getPropertyNames()) { + Object rawValue = source.getProperty(key); + if (rawValue instanceof String) { + String decodedValue = decodePasswordsInString((String) rawValue); + propertyOverrides.put(key, decodedValue); + } + } + } + } + + private String decodePasswordsInString(String input) { + if (input == null) return null; + StringBuffer output = new StringBuffer(); + Matcher matcher = decodePasswordPattern.matcher(input); + while (matcher.find()) { + String replacement = passwordDecoder.decode(matcher.group(1)); + matcher.appendReplacement(output, replacement); + } + matcher.appendTail(output); + return output.toString(); + } +} \ No newline at end of file diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java index 666e308..7447e67 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java @@ -15,6 +15,7 @@ * limitations under the License. * ============LICENSE_END===================================================== */ + package org.onap.sdnc.apps.pomba.networkdiscovery.service.rs; import static org.onap.sdnc.apps.pomba.networkdiscovery.ApplicationException.Error.GENERAL_FAILURE; @@ -48,8 +49,8 @@ public class RestServiceImpl implements RestService { @Autowired private SpringService service; - @Resource(name="networkDiscoveryBasicAuthHeader") - private String networkDiscoveryBasicAuthHeader; + @Resource(name="basicAuthHeader") + private String basicAuthHeader; @Override public Response findbyResourceIdAndType(HttpServletRequest request, @@ -73,7 +74,7 @@ public class RestServiceImpl implements RestService { version = "v1"; } - if (authorization == null || !this.networkDiscoveryBasicAuthHeader.equals(authorization)) { + if (authorization == null || !this.basicAuthHeader.equals(authorization)) { throw new ApplicationException(UNAUTHORIZED, Status.UNAUTHORIZED); } if ((fromAppId == null) || fromAppId.trim().isEmpty()) { @@ -123,7 +124,5 @@ public class RestServiceImpl implements RestService { } finally { adapter.exiting(); } - } - } diff --git a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java index 100c671..cd65b25 100644 --- a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java +++ b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java @@ -46,13 +46,14 @@ import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; -import org.eclipse.jetty.util.security.Password; import org.junit.After; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; import org.onap.logging.ref.slf4j.ONAPLogConstants; +import org.onap.sdnc.apps.pomba.networkdiscovery.Application; +import org.onap.sdnc.apps.pomba.networkdiscovery.PropertyPasswordConfiguration; import org.onap.sdnc.apps.pomba.networkdiscovery.datamodel.Attribute; import org.onap.sdnc.apps.pomba.networkdiscovery.datamodel.DataQuality; import org.onap.sdnc.apps.pomba.networkdiscovery.datamodel.NetworkDiscoveryNotification; @@ -65,6 +66,7 @@ import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.core.env.Environment; +import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -76,8 +78,9 @@ import org.springframework.test.context.web.WebAppConfiguration; @TestPropertySource(properties = { "enricher.url=http://localhost:9505", "basicAuth.username=admin", - "basicAuth.password=OBF:1u2a1toa1w8v1tok1u30" + "basicAuth.password=password(OBF:1u2a1toa1w8v1tok1u30)" }) +@ContextConfiguration(initializers = PropertyPasswordConfiguration.class, classes = Application.class) public class NetworkDiscoveryTest { private static final String V1 = "v1"; private static final String APP = "junit"; @@ -85,8 +88,7 @@ public class NetworkDiscoveryTest { private static final String RESOURCE_TYPE_VSERVER = "vserver"; private static final String CALLBACK_PATH = "/callback"; - private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString(( - "admin:" + Password.deobfuscate("OBF:1u2a1toa1w8v1tok1u30")).getBytes()); + private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString(("admin:admin").getBytes()); @Autowired private Environment environment; @@ -189,7 +191,6 @@ public class NetworkDiscoveryTest { } } - @Test public void testVerifyResourceType() throws Exception { // no resource type -- cgit 1.2.3-korg