import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
import org.onap.dmaap.datarouter.provisioning.utils.Poker;
import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
public static final String BEHALF_HEADER = "X-DMAAP-DR-ON-BEHALF-OF";
- public static final String EXCLUDE_AAF_HEADER = "X-EXCLUDE-AAF";
-
- private static final String AAF_CADI_FEED_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.feed.type";
- private static final String AAF_CADI_SUB_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.sub.type";
- private static final String AAF_INSTANCE = "org.onap.dmaap.datarouter.provserver.aaf.instance";
- private static final String AAF_CADI_FEED = "org.onap.dmaap-dr.feed";
- private static final String AAF_CADI_SUB = "org.onap.dmaap-dr.sub";
-
- static final String CREATE_PERMISSION = "create";
- static final String EDIT_PERMISSION = "edit";
- static final String DELETE_PERMISSION = "delete";
- private static final String PUBLISH_PERMISSION = "publish";
- private static final String SUSPEND_PERMISSION = "suspend";
- private static final String RESTORE_PERMISSION = "restore";
- private static final String SUBSCRIBE_PERMISSION = "subscribe";
- static final String APPROVE_SUB_PERMISSION = "approveSub";
-
static final String FEED_BASECONTENT_TYPE = "application/vnd.dmaap-dr.feed";
public static final String FEED_CONTENT_TYPE = "application/vnd.dmaap-dr.feed; version=2.0";
public static final String FEEDFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.feed-full; version=2.0";
static final String START_TIME = "start_time";
static final String END_TIME = "end_time";
static final String REASON_SQL = "reasonSQL";
+ static final String JSON_HASH_STRING = "password";
/**
* A boolean to trigger one time "provisioning changed" event on startup.
private static String isAddressAuthEnabled = ProvRunner.getProvProperties()
.getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
- static String isCadiEnabled = ProvRunner.getProvProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
-
/**
* Initialize data common to all the provisioning server servlets.
*/
try {
jo = new JSONObject(new JSONTokener(req.getInputStream()));
if (intlogger.isDebugEnabled()) {
- intlogger.debug("JSON: " + jo.toString());
+ intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString());
}
} catch (Exception e) {
intlogger.info("Error reading JSON: " + e);
return jo;
}
- /**
- * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation
- * header object in request before logging the JSON.
- *
- * @param jo the JSON passed in http request.
- * @param maskKey the key to be masked in the JSON passed.
- * @param action whether to mask the key or unmask it in a JSON passed.
- * @return the JSONObject, or null if the stream cannot be parsed.
- */
- static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) {
+ public static JSONObject hashPasswords(JSONObject jo) {
if (!jo.isNull("authorization")) {
JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids");
for (int index = 0; index < endpointIds.length(); index++) {
- if ((!endpointIds.getJSONObject(index).isNull(maskKey))) {
- String password = endpointIds.getJSONObject(index).get(maskKey).toString();
- processPassword(maskKey, action, endpointIds, index, password);
+ if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) {
+ String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString();
+ processPassword(endpointIds, index, password);
}
}
}
+ if (!jo.isNull("delivery")) {
+ JSONObject deliveryObj = jo.getJSONObject("delivery");
+ String password = deliveryObj.get(JSON_HASH_STRING).toString();
+ processPassword(deliveryObj, password);
+ }
return jo;
}
- private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index,
- String password) {
+ private static void processPassword(JSONArray endpointIds, int index, String password) {
try {
- if (action) {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password));
- } else {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password));
- }
- } catch (JSONException | GeneralSecurityException e) {
- intlogger.info("Error reading JSON while masking: " + e);
+ endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
+ }
+ }
+
+ private static void processPassword(JSONObject deliveryObj, String password) {
+ try {
+ deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
}
}
}
}
-
- /*
- * AAF changes: TDP EPIC US# 307413
- * @Method - getFeedPermission - Forming permission string for feed part to check AAF access in CADI Framework
- * @Params - aafInstance Passing aafInstance as it's used in permission string
- * @Params - userAction Passing CONST values to set different actions in permission string
- */
- String getFeedPermission(String aafInstance, String userAction) {
- try {
- Properties props = ProvRunner.getProvProperties();
- String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- String action;
- switch (userAction) {
- case CREATE_PERMISSION:
- action = CREATE_PERMISSION;
- break;
- case EDIT_PERMISSION:
- action = EDIT_PERMISSION;
- break;
- case DELETE_PERMISSION:
- action = DELETE_PERMISSION;
- break;
- case PUBLISH_PERMISSION:
- action = PUBLISH_PERMISSION;
- break;
- case SUSPEND_PERMISSION:
- action = SUSPEND_PERMISSION;
- break;
- case RESTORE_PERMISSION:
- action = RESTORE_PERMISSION;
- break;
- default:
- action = "*";
- }
- if (aafInstance == null || "".equals(aafInstance)) {
- aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined");
- }
- return type + "|" + aafInstance + "|" + action;
- } catch (Exception e) {
- intlogger.error("PROV7005 BaseServlet.getFeedPermission: " + e.getMessage(), e);
- }
- return null;
- }
-
- /*
- * AAF changes: TDP EPIC US# 307413
- * @Method - getSubscriberPermission - Forming permission string for subscription part to check
- * AAF access in CADI Framework
- * @Params - aafInstance Passing aafInstance as it's used in permission string
- * @Params - userAction Passing CONST values to set different actions in permission string
- */
- String getSubscriberPermission(String aafInstance, String userAction) {
- try {
- Properties props = ProvRunner.getProvProperties();
- String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB);
- String action;
- switch (userAction) {
- case SUBSCRIBE_PERMISSION:
- action = SUBSCRIBE_PERMISSION;
- type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- break;
- case EDIT_PERMISSION:
- action = EDIT_PERMISSION;
- break;
- case DELETE_PERMISSION:
- action = DELETE_PERMISSION;
- break;
- case RESTORE_PERMISSION:
- action = RESTORE_PERMISSION;
- break;
- case SUSPEND_PERMISSION:
- action = SUSPEND_PERMISSION;
- break;
- case PUBLISH_PERMISSION:
- action = PUBLISH_PERMISSION;
- break;
- case APPROVE_SUB_PERMISSION:
- action = APPROVE_SUB_PERMISSION;
- type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- break;
- default:
- action = "*";
- }
- if (aafInstance == null || "".equals(aafInstance)) {
- aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined");
- }
- return type + "|" + aafInstance + "|" + action;
- } catch (Exception e) {
- intlogger.error("PROV7005 BaseServlet.getSubscriberPermission: " + e.getMessage(), e);
- }
- return null;
- }
}
Code Review / dmaap / datarouter.git / blobdiff