From 41a3f1b3b0e14fb1df40273adb4b4b1937c5a977 Mon Sep 17 00:00:00 2001 From: Mohammadreza Pasandideh Date: Mon, 13 Aug 2018 16:37:33 -0400 Subject: Added code for password obfuscation Issue-ID: SDNC-317 Change-Id: I5114f1dd7dd093e9df6ebd3d91c3cbd47ef31ef9 Signed-off-by: Mohammadreza Pasandideh --- .../config/application.properties | 4 +-- .../AuthorizationConfiguration.java | 12 +++---- .../networkdiscovery/EnricherConfiguration.java | 5 +-- .../service/rs/RestServiceImpl.java | 6 ++-- .../service/AuthorizationConfigurationTest.java | 39 ++++++++++++++++++++++ .../unittest/service/NetworkDiscoveryTest.java | 6 ++-- .../config/application.properties | 2 +- .../AuthorizationConfiguration.java | 12 +++---- .../service/rs/RestServiceImpl.java | 6 ++-- .../test/AuthorizationConfigurationTest.java | 39 ++++++++++++++++++++++ .../test/ServiceDecompositionTest.java | 6 ++-- 11 files changed, 110 insertions(+), 27 deletions(-) create mode 100644 pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/AuthorizationConfigurationTest.java create mode 100644 pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/AuthorizationConfigurationTest.java (limited to 'pomba') diff --git a/pomba/network-discovery/config/application.properties b/pomba/network-discovery/config/application.properties index 6997061..1536110 100644 --- a/pomba/network-discovery/config/application.properties +++ b/pomba/network-discovery/config/application.properties @@ -20,14 +20,14 @@ server.context_parameters.p-name=value #context parameter with p-name as key and # Basic Authentication basicAuth.username=admin -basicAuth.password=admin +basicAuth.password=OBF:1u2a1toa1w8v1tok1u30 # A&AI Enircher REST Client Configuration enricher.url=https://d2enrichment:9505 enricher.connectionTimeout=5000 enricher.readTimeout=60000 enricher.keyStorePath=config/auth/enricher-client-cert.p12 -enricher.keyStorePassword=aaiDomain2 +enricher.keyStorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o enricher.types = vserver, l3-network enricher.type.vserver.url = /enricher/v11/cloud-infrastructure/vservers/vserver/{0}?sot=!aai diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java index 5204a48..c767e44 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/AuthorizationConfiguration.java @@ -19,6 +19,7 @@ package org.onap.sdnc.apps.pomba.networkdiscovery; import java.util.Base64; +import org.eclipse.jetty.util.security.Password; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; @@ -29,13 +30,12 @@ public class AuthorizationConfiguration { @Value("${basicAuth.username:admin}") private String username; - @Value("${basicAuth.password:admin}") + @Value("${basicAuth.password:OBF:1u2a1toa1w8v1tok1u30}") private String password; - @Bean(name="basicAuthHeader") - public String getBasicAuthHeader() { - return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + this.password).getBytes()); + @Bean(name="networkDiscoveryBasicAuthHeader") + public String getNdBasicAuthHeader() { + String auth = new String(this.username + ":" + Password.deobfuscate(this.password)); + return "Basic " + Base64.getEncoder().encodeToString(auth.getBytes()); } - - } diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java index 9b2db05..0fee505 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java @@ -38,7 +38,7 @@ public class EnricherConfiguration { @Value("${enricher.keyStorePath}") private String keyStorePath; - @Value("${enricher.keyStorePassword}") + @Value("${enricher.keyStorePassword:OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o}") private String keyStorePassword; @Value("${enricher.connectionTimeout:5000}") @@ -55,7 +55,8 @@ public class EnricherConfiguration { .connectTimeoutMs(this.connectionTimeout) .readTimeoutMs(this.readTimeout) .clientCertFile(this.keyStorePath) - .clientCertPassword(this.keyStorePassword); + .clientCertPassword( + org.eclipse.jetty.util.security.Password.deobfuscate(this.keyStorePassword)); } @Bean(name="enricherBaseUrl") diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java index 4e6fdcb..666e308 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/service/rs/RestServiceImpl.java @@ -48,8 +48,8 @@ public class RestServiceImpl implements RestService { @Autowired private SpringService service; - @Resource(name="basicAuthHeader") - private String basicAuthHeader; + @Resource(name="networkDiscoveryBasicAuthHeader") + private String networkDiscoveryBasicAuthHeader; @Override public Response findbyResourceIdAndType(HttpServletRequest request, @@ -73,7 +73,7 @@ public class RestServiceImpl implements RestService { version = "v1"; } - if (authorization == null || !this.basicAuthHeader.equals(authorization)) { + if (authorization == null || !this.networkDiscoveryBasicAuthHeader.equals(authorization)) { throw new ApplicationException(UNAUTHORIZED, Status.UNAUTHORIZED); } if ((fromAppId == null) || fromAppId.trim().isEmpty()) { diff --git a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/AuthorizationConfigurationTest.java b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/AuthorizationConfigurationTest.java new file mode 100644 index 0000000..c34c53c --- /dev/null +++ b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/AuthorizationConfigurationTest.java @@ -0,0 +1,39 @@ +/* + * ============LICENSE_START=================================================== + * Copyright (c) 2018 Amdocs + * ============================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================================== + */ + +package org.onap.sdnc.apps.pomba.networkdiscovery.unittest.service; + +import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import org.junit.Test; +import org.onap.sdnc.apps.pomba.networkdiscovery.AuthorizationConfiguration; + +public class AuthorizationConfigurationTest +{ + AuthorizationConfiguration authorizationConfiguration = + mock(AuthorizationConfiguration.class); + + @Test + public void testGetNdBasicAuthHeader() { + String msg = "Basic YWRtaW46YWRtaW4="; + when(authorizationConfiguration.getNdBasicAuthHeader()).thenReturn(msg); + assertEquals(msg, authorizationConfiguration.getNdBasicAuthHeader()); + } +} diff --git a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java index f908dfd..100c671 100644 --- a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java +++ b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java @@ -46,6 +46,7 @@ import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; +import org.eclipse.jetty.util.security.Password; import org.junit.After; import org.junit.Before; import org.junit.Rule; @@ -75,7 +76,7 @@ import org.springframework.test.context.web.WebAppConfiguration; @TestPropertySource(properties = { "enricher.url=http://localhost:9505", "basicAuth.username=admin", - "basicAuth.password=admin" + "basicAuth.password=OBF:1u2a1toa1w8v1tok1u30" }) public class NetworkDiscoveryTest { private static final String V1 = "v1"; @@ -84,7 +85,8 @@ public class NetworkDiscoveryTest { private static final String RESOURCE_TYPE_VSERVER = "vserver"; private static final String CALLBACK_PATH = "/callback"; - private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString("admin:admin".getBytes()); + private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString(( + "admin:" + Password.deobfuscate("OBF:1u2a1toa1w8v1tok1u30")).getBytes()); @Autowired private Environment environment; diff --git a/pomba/service-decomposition/config/application.properties b/pomba/service-decomposition/config/application.properties index fc26079..c60a369 100644 --- a/pomba/service-decomposition/config/application.properties +++ b/pomba/service-decomposition/config/application.properties @@ -16,7 +16,7 @@ server.tomcat.min-Spare-Threads=25 server.tomcat.max-idle-time=60000 basicAuth.username=admin -basicAuth.password=admin +basicAuth.password=OBF:1u2a1toa1w8v1tok1u30 # AAI REST Client Configuration aai.host=135.63.125.59 diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AuthorizationConfiguration.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AuthorizationConfiguration.java index f54f387..7cac0cd 100644 --- a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AuthorizationConfiguration.java +++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AuthorizationConfiguration.java @@ -19,6 +19,7 @@ package org.onap.sdnc.apps.pomba.servicedecomposition; import java.util.Base64; +import org.eclipse.jetty.util.security.Password; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; @@ -29,13 +30,12 @@ public class AuthorizationConfiguration { @Value("${basicAuth.username:admin}") private String username; - @Value("${basicAuth.password:admin}") + @Value("${basicAuth.password:OBF:1u2a1toa1w8v1tok1u30}") private String password; - @Bean(name="basicAuthHeader") - public String getBasicAuthHeader() { - return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + this.password).getBytes()); + @Bean(name="serviceDecompositionBasicAuthHeader") + public String getSdBasicAuthHeader() { + String auth = new String(this.username + ":" + Password.deobfuscate(this.password)); + return "Basic " + Base64.getEncoder().encodeToString(auth.getBytes()); } - - } diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/service/rs/RestServiceImpl.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/service/rs/RestServiceImpl.java index 12c3935..5ec6bca 100644 --- a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/service/rs/RestServiceImpl.java +++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/service/rs/RestServiceImpl.java @@ -45,8 +45,8 @@ public class RestServiceImpl implements RestService { @Autowired private SpringService service; - @Resource(name="basicAuthHeader") - private String basicAuthHeader; + @Resource(name="serviceDecompositionBasicAuthHeader") + private String serviceDecompositionBasicAuthHeader; public RestServiceImpl() {} @@ -61,7 +61,7 @@ public class RestServiceImpl implements RestService { adapter.getServiceDescriptor().setServiceName(SERVICE_NAME); adapter.entering(request); try { - if (authorization == null || !this.basicAuthHeader.equals(authorization)) { + if (authorization == null || !this.serviceDecompositionBasicAuthHeader.equals(authorization)) { throw new DiscoveryException(UNAUTHORIZED, Status.UNAUTHORIZED); } diff --git a/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/AuthorizationConfigurationTest.java b/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/AuthorizationConfigurationTest.java new file mode 100644 index 0000000..4c7830b --- /dev/null +++ b/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/AuthorizationConfigurationTest.java @@ -0,0 +1,39 @@ +/* + * ============LICENSE_START=================================================== + * Copyright (c) 2018 Amdocs + * ============================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================================== + */ + +package org.onap.sdnc.apps.pomba.servicedecomposition.test; + +import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import org.junit.Test; +import org.onap.sdnc.apps.pomba.servicedecomposition.AuthorizationConfiguration; + +public class AuthorizationConfigurationTest +{ + AuthorizationConfiguration authorizationConfiguration = + mock(AuthorizationConfiguration.class); + + @Test + public void testGetSdBasicAuthHeader() { + String msg = "Basic YWRtaW46YWRtaW4="; + when(authorizationConfiguration.getSdBasicAuthHeader()).thenReturn(msg); + assertEquals(msg, authorizationConfiguration.getSdBasicAuthHeader()); + } +} diff --git a/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/ServiceDecompositionTest.java b/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/ServiceDecompositionTest.java index ba20a88..771ca99 100644 --- a/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/ServiceDecompositionTest.java +++ b/pomba/service-decomposition/src/test/java/org/onap/sdnc/apps/pomba/servicedecomposition/test/ServiceDecompositionTest.java @@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; +import org.eclipse.jetty.util.security.Password; import org.json.JSONArray; import org.json.JSONObject; import org.junit.Rule; @@ -61,11 +62,12 @@ import org.springframework.test.context.web.WebAppConfiguration; "aai.host=localhost", "aai.port=8081", "basicAuth.username=admin", - "basicAuth.password=admin" + "basicAuth.password=OBF:1u2a1toa1w8v1tok1u30" }) public class ServiceDecompositionTest { - private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString("admin:admin".getBytes()); + private static final String AUTH = "Basic " + Base64.getEncoder().encodeToString(( + "admin:" + Password.deobfuscate("OBF:1u2a1toa1w8v1tok1u30")).getBytes()); // TODO missing code coverage for VNFC resources -- cgit 1.2.3-korg