X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2Fcomponents%2FPolicyDBDao.java;h=568830f53cb44e9fe5a4eb934644c2db1537ed3a;hb=5ba143338d6fbc2b4d1e36c0efcbbabe15c65301;hp=70745b9b30e72aee84deab7afd9e468ba76326b5;hpb=948367c08eb34ebaac24601cfc2b249b11925255;p=policy%2Fengine.git diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java index 70745b9b3..568830f53 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PAP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -69,8 +69,10 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathFactory; +import org.apache.commons.io.FileUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; +import org.elasticsearch.common.Strings; import org.onap.policy.common.logging.eelf.MessageCodes; import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.common.logging.flexlogger.FlexLogger; @@ -87,11 +89,13 @@ import org.onap.policy.rest.jpa.PdpEntity; import org.onap.policy.rest.jpa.PolicyDBDaoEntity; import org.onap.policy.rest.jpa.PolicyEntity; import org.onap.policy.rest.util.Webapps; +import org.onap.policy.utils.CryptoUtils; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; import org.onap.policy.xacml.std.pap.StdPDPGroup; import org.onap.policy.xacml.std.pap.StdPDPPolicy; +import org.onap.policy.xacml.util.XACMLPolicyScanner; import org.onap.policy.xacml.util.XACMLPolicyWriter; import org.w3c.dom.Document; import org.xml.sax.InputSource; @@ -323,7 +327,7 @@ public class PolicyDBDao { } } if(urlUserPass[2] == null || urlUserPass[2].equals("")){ - String passwordPropertyValue = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS); + String passwordPropertyValue = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); if(passwordPropertyValue != null){ urlUserPass[2] = passwordPropertyValue; } @@ -332,24 +336,6 @@ public class PolicyDBDao { return urlUserPass; } - private static String encryptPassword(String password) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{ - Cipher cipher = Cipher.getInstance("AES"); - cipher.init(Cipher.ENCRYPT_MODE, aesKey()); - byte[] encryption = cipher.doFinal(password.getBytes("UTF-8")); - logger.debug("Encryption value is " + encryption); - return new String(Base64.getMimeEncoder().encode(encryption),"UTF-8"); - } - - private static String decryptPassword(String encryptedPassword) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{ - Cipher cipher = Cipher.getInstance("AES"); - cipher.init(Cipher.DECRYPT_MODE, aesKey()); - byte[] password = cipher.doFinal(Base64.getDecoder().decode(encryptedPassword.getBytes("UTF-8"))); - return new String(password,"UTF-8"); - } - private static Key aesKey(){ - byte[] aesValue = (new String("njrmbklcxtoplawf")).getBytes(); - return new SecretKeySpec(aesValue,"AES"); - } /** * Register the PolicyDBDao instance in the PolicyDBDaoEntity table * @return Boolean, were we able to register? @@ -357,6 +343,11 @@ public class PolicyDBDao { private boolean register(){ logger.debug("register() as register() called"); String[] url = getPapUrlUserPass(); + //--- check URL length + if(url == null || url.length<3){ + return false; + } + EntityManager em = emf.createEntityManager(); try{ startTransactionSynced(em, 1000); @@ -390,18 +381,22 @@ public class PolicyDBDao { PolicyDBDaoEntity foundPolicyDBDaoEntity = em.find(PolicyDBDaoEntity.class, url[0]); Query getPolicyDBDaoEntityQuery = em.createQuery("SELECT e FROM PolicyDBDaoEntity e WHERE e.policyDBDaoUrl=:url"); getPolicyDBDaoEntityQuery.setParameter("url", url[0]); + // encrypt the password + String txt = null; + try{ + txt = CryptoUtils.encryptTxt(url[2].getBytes(StandardCharsets.UTF_8)); + } catch(Exception e){ + logger.debug(e); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password"); + } if(foundPolicyDBDaoEntity == null){ PolicyDBDaoEntity newPolicyDBDaoEntity = new PolicyDBDaoEntity(); em.persist(newPolicyDBDaoEntity); newPolicyDBDaoEntity.setPolicyDBDaoUrl(url[0]); newPolicyDBDaoEntity.setDescription("PAP server at "+url[0]); newPolicyDBDaoEntity.setUsername(url[1]); - try{ - newPolicyDBDaoEntity.setPassword(encryptPassword(url[2])); - } catch(Exception e){ - logger.debug(e); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password"); - } + newPolicyDBDaoEntity.setPassword(txt); + try{ em.getTransaction().commit(); } catch(Exception e){ @@ -415,19 +410,14 @@ public class PolicyDBDao { } } else { //just want to update in order to change modified date - String encryptedPassword = null; - try{ - encryptedPassword = encryptPassword(url[2]); - } catch(Exception e){ - logger.debug(e); - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not encrypt PAP password"); - } + if(url[1] != null && !stringEquals(url[1], foundPolicyDBDaoEntity.getUsername())){ foundPolicyDBDaoEntity.setUsername(url[1]); } - if(encryptedPassword != null && !stringEquals(encryptedPassword, foundPolicyDBDaoEntity.getPassword())){ - foundPolicyDBDaoEntity.setPassword(encryptedPassword); + if(txt != null && !stringEquals(txt, foundPolicyDBDaoEntity.getPassword())){ + foundPolicyDBDaoEntity.setPassword(txt); } + foundPolicyDBDaoEntity.preUpdate(); try{ em.getTransaction().commit(); @@ -491,16 +481,17 @@ public class PolicyDBDao { PolicyDBDaoEntity dbdEntity = (PolicyDBDaoEntity)obj; String o = dbdEntity.getPolicyDBDaoUrl(); String username = dbdEntity.getUsername(); - String password; + String txt; try{ - password = decryptPassword(dbdEntity.getPassword()); + txt = new String(CryptoUtils.decryptTxt(dbdEntity.getPassword()), StandardCharsets.UTF_8); } catch(Exception e){ logger.debug(e); //if we can't decrypt, might as well try it anyway - password = dbdEntity.getPassword(); + txt = dbdEntity.getPassword(); } + Base64.Encoder encoder = Base64.getEncoder(); - String encoding = encoder.encodeToString((username+":"+password).getBytes(StandardCharsets.UTF_8)); + String encoding = encoder.encodeToString((username+":"+txt).getBytes(StandardCharsets.UTF_8)); HttpURLConnection connection = null; UUID requestID = UUID.randomUUID(); URL url; @@ -537,7 +528,8 @@ public class PolicyDBDao { // // Open up the connection // - logger.debug("Connecting with url: "+url); + logger.info("PolicyDBDao: NotifyOtherThread: notifying other PAPs of an update"); + logger.info("Connecting with url: "+url); try { connection = (HttpURLConnection)url.openConnection(); } catch (Exception e) { @@ -595,6 +587,7 @@ public class PolicyDBDao { logger.warn("Caught Exception on: connection.getResponseCode() ", e); } + connection.disconnect(); } } @@ -894,7 +887,8 @@ public class PolicyDBDao { } else { //convert PolicyEntity object to PDPPolicy - String name = pdpPolicyId.replace(".xml", ""); + String name = null; + name = pdpPolicyId.replace(".xml", ""); name = name.substring(0, name.lastIndexOf(".")); InputStream policyStream = new ByteArrayInputStream(policy.getPolicyData().getBytes()); pdpGroup.copyPolicyToFile(pdpPolicyId,name,policyStream); @@ -1077,7 +1071,7 @@ public class PolicyDBDao { try { if(policy != null){ policyName = policy.getPolicyName(); - logger.debug("Deleting Policy: " + policy.getPolicyName()); + logger.info("Deleting old Policy Config File for " + policy.getPolicyName()); action = "delete"; Path subFile = null; @@ -1114,7 +1108,7 @@ public class PolicyDBDao { } private Path getPolicySubFile(String filename, String subFileType){ - logger.debug("getPolicySubFile(" + filename + ", " + subFileType + ")"); + logger.info("getPolicySubFile(" + filename + ", " + subFileType + ")"); Path filePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_WEBAPPS).toString(), subFileType); File file = null; @@ -1131,7 +1125,7 @@ public class PolicyDBDao { finalPath = Paths.get(file.getAbsolutePath()); } - logger.debug("end of getPolicySubFile: " + finalPath); + logger.info("end of getPolicySubFile: " + finalPath); return finalPath; } @@ -1211,28 +1205,34 @@ public class PolicyDBDao { EntityManager em = emf.createEntityManager(); em.getTransaction().begin(); - StdPDPGroup updatedGroup = null; - try { - Query groupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted"); - groupQuery.setParameter("groupId", group.getId()); - groupQuery.setParameter("deleted", false); - List groupQueryList = groupQuery.getResultList(); - if(groupQueryList!=null && !groupQueryList.isEmpty()){ - GroupEntity dbgroup = (GroupEntity)groupQueryList.get(0); - updatedGroup = synchronizeGroupPoliciesInFileSystem(group, dbgroup); - logger.info("Group was updated during file system audit: " + updatedGroup.toString()); - } - } catch (PAPException | PolicyDBException e) { - logger.error(e); - } catch (Exception e) { - logger.error(e); + Query groupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted"); + groupQuery.setParameter("groupId", group.getId()); + groupQuery.setParameter("deleted", false); + List groupQueryList; + try{ + groupQueryList = groupQuery.getResultList(); + }catch(Exception e){ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Caught Exception trying to check if group exists groupQuery.getResultList()"); throw new PersistenceException("Query failed trying to check if group "+group.getId()+" exists"); } + GroupEntity dbgroup = null; + if(groupQueryList!=null){ + dbgroup = (GroupEntity)groupQueryList.get(0); + } + em.getTransaction().commit(); em.close(); + StdPDPGroup updatedGroup = null; + try { + updatedGroup = synchronizeGroupPoliciesInFileSystem(group, dbgroup); + } catch (PAPException e) { + logger.error(e); + } catch (PolicyDBException e) { + logger.error(e); + } + logger.info("Group was updated during file system audit: " + updatedGroup.toString()); return updatedGroup; } @@ -2370,7 +2370,7 @@ public class PolicyDBDao { @Override public void updateGroup(OnapPDPGroup group, String username){ - logger.debug("updateGroup(PDPGroup group) as updateGroup("+group+","+username+") called"); + logger.info("PolicyDBDao: updateGroup(PDPGroup group) as updateGroup("+group+","+username+") called"); if(group == null){ throw new IllegalArgumentException("PDPGroup group must not be null"); } @@ -2397,12 +2397,12 @@ public class PolicyDBDao { PolicyLogger.error("Somehow, more than one group with the same id "+group.getId()+" and deleted status were found in the database"); throw new PersistenceException("Somehow, more than one group with the same id "+group.getId()+" and deleted status were found in the database"); } - GroupEntity groupToUpdate = (GroupEntity)getGroupQueryList.get(0); - if(!stringEquals(groupToUpdate.getModifiedBy(), username)){ - groupToUpdate.setModifiedBy(username); + GroupEntity groupToUpdateInDB = (GroupEntity)getGroupQueryList.get(0); + if(!stringEquals(groupToUpdateInDB.getModifiedBy(), username)){ + groupToUpdateInDB.setModifiedBy(username); } - if(group.getDescription() != null && !stringEquals(group.getDescription(),groupToUpdate.getDescription())){ - groupToUpdate.setDescription(group.getDescription()); + if(group.getDescription() != null && !stringEquals(group.getDescription(),groupToUpdateInDB.getDescription())){ + groupToUpdateInDB.setDescription(group.getDescription()); } //let's find out what policies have been deleted StdPDPGroup oldGroup = null; @@ -2414,7 +2414,6 @@ public class PolicyDBDao { if(oldGroup == null){ PolicyLogger.error("We cannot get the group from the papEngine to delete policies"); } else { - Set newPolicySet = new HashSet<>(group.getPolicies().size()); //a multiple of n runtime is faster than n^2, so I am using a hashset to do the comparison for(PDPPolicy pol: group.getPolicies()){ @@ -2424,19 +2423,45 @@ public class PolicyDBDao { //should be fast since getPolicies uses a HashSet in StdPDPGroup if(!newPolicySet.contains(pol.getId())){ String[] scopeAndName = getNameScopeAndVersionFromPdpPolicy(pol.getId()); - PolicyEntity policyToDelete; + PolicyEntity policyToDelete = null; try{ - policyToDelete = getPolicy(scopeAndName[0],scopeAndName[1]); + if(scopeAndName!=null){ + policyToDelete = getPolicy(scopeAndName[0],scopeAndName[1]); + + if ("XACMLPapServlet.doDelete".equals(username)) { + + Iterator dbPolicyIt = groupToUpdateInDB.getPolicies().iterator(); + String policyName = getPolicyNameAndVersionFromPolicyFileName(policyToDelete.getPolicyName())[0]; + + logger.info("PolicyDBDao: delete policy from GroupEntity"); + try{ + while(dbPolicyIt.hasNext()){ + PolicyEntity dbpolicy = dbPolicyIt.next(); + if(policyToDelete.getScope().equals(dbpolicy.getScope()) && + getPolicyNameAndVersionFromPolicyFileName(dbpolicy.getPolicyName())[0].equals(policyName)) { + dbPolicyIt.remove(); + + logger.info("PolicyDBDao: deleting policy from the existing group:\n " + + "policyName is " + policyToDelete.getScope()+"."+policyToDelete.getPolicyName() + "\n" + + "group is " + groupToUpdateInDB.getGroupId()); + } + } + }catch(Exception e){ + logger.debug(e); + PolicyLogger.error("Could not delete policy with name: "+ policyToDelete.getScope()+"."+policyToDelete.getPolicyName()+"\n ID: "+ policyToDelete.getPolicyId()); + } + } + } + }catch(Exception e){ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "Could not get policy to remove: "+pol.getId()); throw new PersistenceException("Could not get policy to remove: "+pol.getId()); } - groupToUpdate.getPolicies().remove(policyToDelete); - } } } - if(group.getName() != null && !stringEquals(group.getName(),groupToUpdate.getgroupName())){ + + if(group.getName() != null && !stringEquals(group.getName(),groupToUpdateInDB.getgroupName())){ //we need to check if the new id exists in the database String newGroupId = createNewPDPGroupId(group.getName()); Query checkGroupQuery = em.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId AND g.deleted=:deleted"); @@ -2453,13 +2478,13 @@ public class PolicyDBDao { PolicyLogger.error("The new group name already exists, group id "+newGroupId); throw new PersistenceException("The new group name already exists, group id "+newGroupId); } - groupToUpdate.setGroupId(newGroupId); - groupToUpdate.setGroupName(group.getName()); + groupToUpdateInDB.setGroupId(newGroupId); + groupToUpdateInDB.setGroupName(group.getName()); this.newGroupId = group.getId(); } em.flush(); - this.groupId = groupToUpdate.getGroupKey(); + this.groupId = groupToUpdateInDB.getGroupKey(); } } @@ -2839,7 +2864,8 @@ public class PolicyDBDao { try{ while(policyIt.hasNext()){ PolicyEntity pol = policyIt.next(); - if(getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)){ + if(policy.getScope().equals(pol.getScope()) && + getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0].equals(policyName)) { policyIt.remove(); } } @@ -2851,15 +2877,17 @@ public class PolicyDBDao { em.flush(); // After adding policy to the db group we need to make sure the filesytem group is in sync with the db group + StdPDPGroup pdpGroup = null; + StdPDPGroup updatedGroup = null; try { - StdPDPGroup pdpGroup = (StdPDPGroup) papEngine.getGroup(group.getGroupId()); - return synchronizeGroupPoliciesInFileSystem(pdpGroup, group); + pdpGroup = (StdPDPGroup) papEngine.getGroup(group.getGroupId()); + updatedGroup = synchronizeGroupPoliciesInFileSystem(pdpGroup, group); } catch (PAPException e) { logger.debug(e); PolicyLogger.error("PolicyDBDao: Could not synchronize the filesystem group with the database group. " + e.getMessage()); } - - return null; + + return updatedGroup; } } @@ -2917,12 +2945,6 @@ public class PolicyDBDao { String computeScope(String fullPath, String pathToExclude){ return PolicyDBDao.computeScope(fullPath, pathToExclude); } - String encryptPassword(String password) throws InvalidKeyException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException{ - return PolicyDBDao.encryptPassword(password); - } - String decryptPassword(String password) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{ - return PolicyDBDao.decryptPassword(password); - } String getDescriptionFromXacml(String xacmlData){ return PolicyDBDao.getDescriptionFromXacml(xacmlData); } @@ -2931,4 +2953,4 @@ public class PolicyDBDao { } } -} +} \ No newline at end of file