import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.DB;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
+import org.onap.dmaap.datarouter.provisioning.utils.Poker;
+import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter;
import org.slf4j.MDC;
public static final String BEHALF_HEADER = "X-DMAAP-DR-ON-BEHALF-OF";
- public static final String EXCLUDE_AAF_HEADER = "X-EXCLUDE-AAF";
-
- private static final String AAF_CADI_FEED_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.feed.type";
- private static final String AAF_CADI_SUB_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.sub.type";
- private static final String AAF_INSTANCE = "org.onap.dmaap.datarouter.provserver.aaf.instance";
- private static final String AAF_CADI_FEED = "org.onap.dmaap-dr.feed";
- private static final String AAF_CADI_SUB = "org.onap.dmaap-dr.sub";
-
- static final String CREATE_PERMISSION = "create";
- static final String EDIT_PERMISSION = "edit";
- static final String DELETE_PERMISSION = "delete";
- private static final String PUBLISH_PERMISSION = "publish";
- private static final String SUSPEND_PERMISSION = "suspend";
- private static final String RESTORE_PERMISSION = "restore";
- private static final String SUBSCRIBE_PERMISSION = "subscribe";
- static final String APPROVE_SUB_PERMISSION = "approveSub";
-
static final String FEED_BASECONTENT_TYPE = "application/vnd.dmaap-dr.feed";
public static final String FEED_CONTENT_TYPE = "application/vnd.dmaap-dr.feed; version=2.0";
public static final String FEEDFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.feed-full; version=2.0";
public static final String SUBFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-full; version=2.0";
static final String SUBLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-list; version=1.0";
-
//Adding groups functionality, ...1610
static final String GROUP_BASECONTENT_TYPE = "application/vnd.dmaap-dr.group";
static final String GROUP_CONTENT_TYPE = "application/vnd.dmaap-dr.group; version=2.0";
static final String GROUPFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.group-full; version=2.0";
public static final String GROUPLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.fegrouped-list; version=1.0";
-
public static final String LOGLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.log-list; version=1.0";
public static final String PROVFULL_CONTENT_TYPE1 = "application/vnd.dmaap-dr.provfeed-full; version=1.0";
public static final String PROVFULL_CONTENT_TYPE2 = "application/vnd.dmaap-dr.provfeed-full; version=2.0";
public static final String CERT_ATTRIBUTE = "javax.servlet.request.X509Certificate";
static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you "
- + "try the operation again.";
+ + "try the operation again.";
private static final int DEFAULT_MAX_FEEDS = 10000;
private static final int DEFAULT_MAX_SUBS = 100000;
public static final String API = "/api/";
static final String LOGS = "/logs/";
- static final String TEXT_CT = "text/plain";
+ public static final String TEXT_CT = "text/plain";
static final String INGRESS = "/ingress/";
static final String EGRESS = "/egress/";
static final String NETWORK = "/network/";
static final String START_TIME = "start_time";
static final String END_TIME = "end_time";
static final String REASON_SQL = "reasonSQL";
-
+ static final String JSON_HASH_STRING = "password";
/**
* A boolean to trigger one time "provisioning changed" event on startup.
private InetAddress loopback;
//DMAAP-597 (Tech Dept) REST request source IP auth relaxation to accommodate OOM kubernetes deploy
- private static String isAddressAuthEnabled = (new DB()).getProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
-
- static String isCadiEnabled = (new DB()).getProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
+ private static String isAddressAuthEnabled = ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
/**
* Initialize data common to all the provisioning server servlets.
*/
protected BaseServlet() {
+ setUpFields();
+ if (authz == null) {
+ authz = new ProvAuthorizer(this);
+ }
+ String name = this.getClass().getName();
+ intlogger.info("PROV0002 Servlet " + name + " started.");
+ }
+
+ private static void setUpFields() {
if (eventlogger == null) {
eventlogger = EELFManager.getInstance().getLogger("EventLog");
}
if (intlogger == null) {
intlogger = EELFManager.getInstance().getLogger("InternalLog");
}
- if (authz == null) {
- authz = new ProvAuthorizer(this);
- }
if (startmsgFlag) {
startmsgFlag = false;
provisioningParametersChanged();
if (synctask == null) {
synctask = SynchronizerTask.getSynchronizer();
}
- String name = this.getClass().getName();
- intlogger.info("PROV0002 Servlet " + name + " started.");
}
@Override
try {
jo = new JSONObject(new JSONTokener(req.getInputStream()));
if (intlogger.isDebugEnabled()) {
- intlogger.debug("JSON: " + jo.toString());
+ intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString());
}
} catch (Exception e) {
intlogger.info("Error reading JSON: " + e);
return jo;
}
- /**
- * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation
- * header object in request before logging the JSON.
- *
- * @param jo the JSON passed in http request.
- * @param maskKey the key to be masked in the JSON passed.
- * @param action whether to mask the key or unmask it in a JSON passed.
- * @return the JSONObject, or null if the stream cannot be parsed.
- */
- static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) {
+ public static JSONObject hashPasswords(JSONObject jo) {
if (!jo.isNull("authorization")) {
JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids");
for (int index = 0; index < endpointIds.length(); index++) {
- if ((!endpointIds.getJSONObject(index).isNull(maskKey))) {
- String password = endpointIds.getJSONObject(index).get(maskKey).toString();
- processPassword(maskKey, action, endpointIds, index, password);
+ if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) {
+ String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString();
+ processPassword(endpointIds, index, password);
}
}
}
+ if (!jo.isNull("delivery")) {
+ JSONObject deliveryObj = jo.getJSONObject("delivery");
+ String password = deliveryObj.get(JSON_HASH_STRING).toString();
+ processPassword(deliveryObj, password);
+ }
return jo;
}
- private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index,
- String password) {
+ private static void processPassword(JSONArray endpointIds, int index, String password) {
try {
- if (action) {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password));
- } else {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password));
- }
- } catch (JSONException | GeneralSecurityException e) {
- intlogger.info("Error reading JSON while masking: " + e);
+ endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
+ }
+ }
+
+ private static void processPassword(JSONObject deliveryObj, String password) {
+ try {
+ deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
}
}
* Something has changed in the provisioning data. Start the timers that will cause the pre-packaged JSON string to
* be regenerated, and cause nodes and the other provisioning server to be notified.
*/
- static void provisioningDataChanged() {
+ public static void provisioningDataChanged() {
long now = System.currentTimeMillis();
Poker pkr = Poker.getPoker();
pkr.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L));
/**
* Something in the parameters has changed, reload all parameters from the DB.
*/
- static void provisioningParametersChanged() {
+ public static void provisioningParametersChanged() {
Map<String, String> map = Parameters.getParameters();
requireSecure = getBoolean(map, Parameters.PROV_REQUIRE_SECURE);
requireCert = getBoolean(map, Parameters.PROV_REQUIRE_CERT);
return provName;
}
- static String getActiveProvName() {
+ public static String getActiveProvName() {
return activeProvName;
}
*/
protected boolean doInsert(Insertable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doInsert(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0005 doInsert: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
protected boolean doUpdate(Updateable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doUpdate(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0006 doUpdate: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
protected boolean doDelete(Deleteable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doDelete(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0007 doDelete: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
}
}
-
- /*
- * AAF changes: TDP EPIC US# 307413
- * @Method - getFeedPermission - Forming permission string for feed part to check AAF access in CADI Framework
- * @Params - aafInstance Passing aafInstance as it's used in permission string
- * @Params - userAction Passing CONST values to set different actions in permission string
- */
- String getFeedPermission(String aafInstance, String userAction) {
- try {
- Properties props = (new DB()).getProperties();
- String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- String action;
- switch (userAction) {
- case CREATE_PERMISSION:
- action = CREATE_PERMISSION;
- break;
- case EDIT_PERMISSION:
- action = EDIT_PERMISSION;
- break;
- case DELETE_PERMISSION:
- action = DELETE_PERMISSION;
- break;
- case PUBLISH_PERMISSION:
- action = PUBLISH_PERMISSION;
- break;
- case SUSPEND_PERMISSION:
- action = SUSPEND_PERMISSION;
- break;
- case RESTORE_PERMISSION:
- action = RESTORE_PERMISSION;
- break;
- default:
- action = "*";
- }
- if (aafInstance == null || "".equals(aafInstance)) {
- aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined");
- }
- return type + "|" + aafInstance + "|" + action;
- } catch (Exception e) {
- intlogger.error("PROV7005 BaseServlet.getFeedPermission: " + e.getMessage(), e);
- }
- return null;
- }
-
- /*
- * AAF changes: TDP EPIC US# 307413
- * @Method - getSubscriberPermission - Forming permission string for subscription part to check
- * AAF access in CADI Framework
- * @Params - aafInstance Passing aafInstance as it's used in permission string
- * @Params - userAction Passing CONST values to set different actions in permission string
- */
- String getSubscriberPermission(String aafInstance, String userAction) {
- try {
- Properties props = (new DB()).getProperties();
- String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB);
- String action;
- switch (userAction) {
- case SUBSCRIBE_PERMISSION:
- action = SUBSCRIBE_PERMISSION;
- type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- break;
- case EDIT_PERMISSION:
- action = EDIT_PERMISSION;
- break;
- case DELETE_PERMISSION:
- action = DELETE_PERMISSION;
- break;
- case RESTORE_PERMISSION:
- action = RESTORE_PERMISSION;
- break;
- case SUSPEND_PERMISSION:
- action = SUSPEND_PERMISSION;
- break;
- case PUBLISH_PERMISSION:
- action = PUBLISH_PERMISSION;
- break;
- case APPROVE_SUB_PERMISSION:
- action = APPROVE_SUB_PERMISSION;
- type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- break;
- default:
- action = "*";
- }
- if (aafInstance == null || "".equals(aafInstance)) {
- aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined");
- }
- return type + "|" + aafInstance + "|" + action;
- } catch (Exception e) {
- intlogger.error("PROV7005 BaseServlet.getSubscriberPermission: " + e.getMessage(), e);
- }
- return null;
- }
}
Code Review / dmaap / datarouter.git / blobdiff