import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;
-
+import javax.json.JsonException;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.persistence.PersistenceException;
import org.onap.policy.common.im.AdministrativeStateException;
import org.onap.policy.common.im.ForwardProgressException;
import org.onap.policy.common.im.IntegrityMonitor;
+import org.onap.policy.common.im.IntegrityMonitorException;
import org.onap.policy.common.im.IntegrityMonitorProperties;
import org.onap.policy.common.im.StandbyStatusException;
import org.onap.policy.common.logging.ONAPLoggingContext;
import org.onap.policy.rest.XACMLRest;
import org.onap.policy.rest.XACMLRestProperties;
import org.onap.policy.rest.dao.PolicyDBException;
+import org.onap.policy.utils.CryptoUtils;
import org.onap.policy.utils.PolicyUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.api.pap.ONAPPapEngineFactory;
private static final String AUDIT_PAP_PERSISTENCE_UNIT = "auditPapPU";
// Client Headers.
private static final String ENVIRONMENT_HEADER = "Environment";
+ private static final String ADD_GROUP_ERROR = "addGroupError";
+ private static final String PERSISTENCE_JDBC_PWD = "javax.persistence.jdbc.password";
+
+ private static final String REGEX = "[0-9a-zA-Z._ ]*";
+
/*
* List of Admin Console URLs.
* Used to send notifications when configuration changes.
+ "\n papDbDriver = " + papDbDriver
+ "\n papDbUrl = " + papDbUrl
+ "\n papDbUser = " + papDbUser
- + "\n papDbPassword = " + papDbPassword
+ "\n papTransWait = " + papTransWait
+ "\n papTransTimeout = " + papTransTimeout
+ "\n papAuditTimeout = " + papAuditTimeout
throw new ServletException(e.getMessage(), e.getCause());
}
// Create an IntegrityMonitor
+ if(properties.getProperty(PERSISTENCE_JDBC_PWD) != null ){
+ properties.setProperty(PERSISTENCE_JDBC_PWD, CryptoUtils.decryptTxtNoExStr(properties.getProperty(PERSISTENCE_JDBC_PWD, "")));
+ }
im = IntegrityMonitor.getInstance(papResourceName,properties);
// Create an IntegrityAudit
ia = new IntegrityAudit(papResourceName, AUDIT_PAP_PERSISTENCE_UNIT, properties);
throw new PAPException("papDbUser is null");
}
setPapDbUser(papDbUser);
- papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD);
+ papDbPassword = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD, ""));
if(papDbPassword == null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE,"XACMLPapServlet", " ERROR: Bad papDbPassword property entry");
throw new PAPException("papDbPassword is null");
} catch (AdministrativeStateException ae){
String message = "POST interface called for PAP " + papResourceName + " but it has an Administrative"
+ " state of " + im.getStateManager().getAdminState()
- + "\n Exception Message: " + ae.getMessage();
+ + "\n Exception Message: " + PolicyUtils.CATCH_EXCEPTION;
LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, ae);
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ } catch (IntegrityMonitorException e) {
+ String message = "POST interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message, e);
+ loggingContext.metricEnded();
+ PolicyLogger.metrics("XACMLPapServlet doPost im startTransaction");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
}
try {
loggingContext.metricStarted();
private void setResponseError(HttpServletResponse response,int responseCode, String message) {
try {
- response.sendError(responseCode, message);
+ if(message != null && !message.isEmpty()){
+ response.sendError(responseCode, message);
+ }
} catch (IOException e) {
LOGGER.error("Error setting Error response Header ", e);
}
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ } catch (IntegrityMonitorException e) {
+ String message = "GET interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
}
// Request from the API to get the gitPath
String apiflag = request.getParameter("apiflag");
im.startTransaction();
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
- } catch (AdministrativeStateException | StandbyStatusException e) {
- String message = "PUT interface called for PAP " + papResourceName;
- if (e instanceof AdministrativeStateException) {
- message += " but it has an Administrative state of "
- + im.getStateManager().getAdminState();
- } else if (e instanceof StandbyStatusException) {
- message += " but it has a Standby Status of "
- + im.getStateManager().getStandbyStatus();
-
- }
- message += "\n Exception Message: " + e.getMessage();
-
- LOGGER.info(message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
+ } catch(AdministrativeStateException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but it has an Administrative state of " + im.getStateManager().getAdminState() +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ } catch(StandbyStatusException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but it has a Standby Status of " + im.getStateManager().getStandbyStatus() +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ } catch (IntegrityMonitorException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but an exception occurred" +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
}
loggingContext.metricStarted();
return;
}
}
- //This would occur if we received a notification of a policy rename from AC
- String oldPolicyName = request.getParameter("oldPolicyName");
- String newPolicyName = request.getParameter("newPolicyName");
- if(oldPolicyName != null && newPolicyName != null){
- if(LOGGER.isDebugEnabled()){
- LOGGER.debug("\nXACMLPapServlet.doPut() - before decoding"
- + "\npolicyToCreateUpdate = " + " ");
- }
- //decode it
- try{
- oldPolicyName = URLDecoder.decode(oldPolicyName, "UTF-8");
- newPolicyName = URLDecoder.decode(newPolicyName, "UTF-8");
- if(LOGGER.isDebugEnabled()){
- LOGGER.debug("\nXACMLPapServlet.doPut() - after decoding"
- + "\npolicyToCreateUpdate = " + " ");
- }
- } catch(UnsupportedEncodingException e){
- PolicyLogger.error("\nXACMLPapServlet.doPut() - Unsupported URL encoding of policyToCreateUpdate (UTF-8)"
- + "\npolicyToCreateUpdate = " + " ");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToCreateUpdate encoding not supported"
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- //send it to PolicyDBDao
- PolicyDBDaoTransaction renameTransaction = policyDBDao.getNewTransaction();
- try{
- renameTransaction.renamePolicy(oldPolicyName,newPolicyName, "XACMLPapServlet.doPut");
- }catch(Exception e){
- renameTransaction.rollbackTransaction();
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"createUpdateTransaction.createPolicy(policyToCreateUpdate, XACMLPapServlet.doPut) "
- + "\nfailure with the following exception: " + e);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See error.log");
- im.endTransaction();
- return;
- }
- loggingContext.metricStarted();
- renameTransaction.commitTransaction();
- loggingContext.metricEnded();
- PolicyLogger.metrics("XACMLPapServlet goPut commitTransaction");
- response.setStatus(HttpServletResponse.SC_OK);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Ended Successfully");
- im.endTransaction();
- return;
- }
//
// See if this is Admin Console registering itself with us
//
PolicyLogger.audit("Transaction Ended Successfully");
im.endTransaction();
return;
- } else if (apiflag != null && apiflag.equalsIgnoreCase("api")) {
+ } else if (apiflag != null && "api".equalsIgnoreCase(apiflag)) {
// this request is from the Policy Creation API
if(authorizeRequest(request)){
APIRequestHandler apiRequestHandler = new APIRequestHandler();
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
return;
+ } catch (IntegrityMonitorException e) {
+ String message = "PUT interface called for PAP " + papResourceName + " but an exception occurred"
+ + "\n Exception Message: " + e.getMessage();
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ return;
}
loggingContext.metricStarted();
XACMLRest.dumpRequest(request);
LOGGER.info("Calling updatGroup() with new group");
papEngine.updateGroup(group);
-
String policyId = "empty";
- if(policy!=null){
+ if(policy !=null && policy.getId() != null){
policyId = policy.getId();
}
+ if(!policyId.matches(REGEX) ){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Policy Id is not valid");
+ return;
+ }
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
response.addHeader("operation", "push");
response.addHeader("policyId", policyId);
String message = XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception in request to update group from API - See Error.log on on the PAP.";
setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- response.addHeader("error","addGroupError");
+ response.addHeader("error",ADD_GROUP_ERROR);
response.addHeader("message", message);
return;
}
}
if (group == null) {
String message = "Unknown groupId '" + groupId + "'";
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "GroupId Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
} catch (Exception e) {
addPolicyToGroupTransaction.rollbackTransaction();
String message = "Policy '" + policyId + "' not copied to group '" + groupId +"': " + e;
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Policy Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
LOGGER.error(message);
setResponseError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- response.addHeader("error","addGroupError");
+ response.addHeader("error",ADD_GROUP_ERROR);
response.addHeader("message", message);
return;
}
}
if (group == null) {
String message = "Unknown groupId '" + groupId + "'";
+ //for fixing Header Manipulation of Fortify issue
+ if(!message.matches(REGEX)){
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ response.addHeader("error",ADD_GROUP_ERROR);
+ response.addHeader("message", "Group Id is not valid");
+ return;
+ }
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " PDP new/update had bad input. pdpId=" + pdpId + " objectFromJSON="+objectFromJSON);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, pdpid="+pdpId+" object="+objectFromJSON);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input pdpid for object:"+objectFromJSON);
}
StdPDP pdp = (StdPDP) objectFromJSON;
if(pdp != null){
PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " Group update had bad input. id=" + group.getId() + " objectFromJSON="+objectFromJSON);
loggingContext.transactionEnded();
PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input, id="+group.getId() +" object="+objectFromJSON);
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Bad input id for object:"+objectFromJSON);
}
// The Path on the PAP side is not carried on the RESTful interface with the AC
// (because it is local to the PAP)
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
+ } catch (IOException | JsonException e) {
+ LOGGER.debug(e);
+ acPutTransaction.rollbackTransaction();
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ return;
}
}
* @throws IOException
*/
private void doACDelete(HttpServletRequest request, HttpServletResponse response, String groupId, ONAPLoggingContext loggingContext) throws IOException {
- //This code is to allow deletes to propagate to the database since delete is not implemented
- String isDeleteNotify = request.getParameter("isDeleteNotify");
- if(isDeleteNotify != null){
- String policyToDelete = request.getParameter("policyToDelete");
- try{
- policyToDelete = URLDecoder.decode(policyToDelete,"UTF-8");
- } catch(UnsupportedEncodingException e){
- LOGGER.error("Unsupported URL encoding of policyToDelete (UTF-8", e);
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"policyToDelete encoding not supported");
- return;
- }
- PolicyDBDaoTransaction deleteTransaction = policyDBDao.getNewTransaction();
- try{
- deleteTransaction.deletePolicy(policyToDelete);
- } catch(Exception e){
- deleteTransaction.rollbackTransaction();
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"deleteTransaction.deleteTransaction(policyToDelete) "
- + "\nfailure with the following exception: " + e);
- return;
- }
- loggingContext.metricStarted();
- deleteTransaction.commitTransaction();
- loggingContext.metricEnded();
- PolicyLogger.metrics("XACMLPapServlet doACPut commitTransaction");
- response.setStatus(HttpServletResponse.SC_OK);
- return;
- }
PolicyDBDaoTransaction removePdpOrGroupTransaction = policyDBDao.getNewTransaction();
try {
// for all DELETE operations the group must exist before the operation can be done
}
}
// remove any ACs that are no longer connected
- if (disconnectedACs.size() > 0) {
+ if (!disconnectedACs.isEmpty()) {
adminConsoleURLStringList.removeAll(disconnectedACs);
}
}
PolicyLogger.audit("Transaction Failed - See Error.log");
response.setStatus(HttpServletResponse.SC_OK);
return;
- }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
- String submsg;
- if (e instanceof ForwardProgressException) {
- submsg = " is not making forward progress.";
- } else if (e instanceof AdministrativeStateException) {
- submsg = " Administrative State is LOCKED.";
- } else {
- submsg = " Standby Status is NOT PROVIDING SERVICE.";
- }
-
- String message = "GET:/pap/test called and PAP " + papResourceName + submsg
- + " Exception Message: " + e.getMessage();
- LOGGER.info(message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
+ }catch (ForwardProgressException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ }catch (AdministrativeStateException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ }catch (StandbyStatusException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
}catch (Exception e) {
//A subsystem is not making progress, is locked, standby or is not responding
String eMsg = e.getMessage();
public static void setMsPolicyName(String msPolicyName) {
XACMLPapServlet.msPolicyName = msPolicyName;
}
+
+ private void logMessage(Exception e, String message, ONAPLoggingContext loggingContext, HttpServletResponse response) {
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ }
}