X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FBaseServlet.java;h=52629ffb18ddb46273056fb1ee02d1da74a4d92f;hb=0ad65c47b4fbddd5d1b653c5e38dcdf84884de9f;hp=c6b1cde7c549a6a7ad601f10b268e25b7c55fc1c;hpb=534c164c124950a2019acf71d253ac96be12c78c;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index c6b1cde7..52629ffb 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -33,7 +33,6 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.net.InetAddress; import java.net.UnknownHostException; -import java.security.GeneralSecurityException; import java.security.cert.X509Certificate; import java.sql.Connection; import java.sql.SQLException; @@ -49,6 +48,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.Nullable; import org.json.JSONArray; @@ -66,8 +66,9 @@ import org.onap.dmaap.datarouter.provisioning.beans.NodeClass; import org.onap.dmaap.datarouter.provisioning.beans.Parameters; import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.beans.Updateable; -import org.onap.dmaap.datarouter.provisioning.utils.DB; -import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor; +import org.onap.dmaap.datarouter.provisioning.utils.Poker; +import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils; +import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; import org.slf4j.MDC; @@ -110,26 +111,24 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public static final String SUBFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-full; version=2.0"; static final String SUBLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-list; version=1.0"; - //Adding groups functionality, ...1610 static final String GROUP_BASECONTENT_TYPE = "application/vnd.dmaap-dr.group"; static final String GROUP_CONTENT_TYPE = "application/vnd.dmaap-dr.group; version=2.0"; static final String GROUPFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.group-full; version=2.0"; public static final String GROUPLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.fegrouped-list; version=1.0"; - public static final String LOGLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.log-list; version=1.0"; public static final String PROVFULL_CONTENT_TYPE1 = "application/vnd.dmaap-dr.provfeed-full; version=1.0"; public static final String PROVFULL_CONTENT_TYPE2 = "application/vnd.dmaap-dr.provfeed-full; version=2.0"; public static final String CERT_ATTRIBUTE = "javax.servlet.request.X509Certificate"; - static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you try the operation again."; + static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you " + + "try the operation again."; private static final int DEFAULT_MAX_FEEDS = 10000; private static final int DEFAULT_MAX_SUBS = 100000; private static final int DEFAULT_POKETIMER1 = 5; private static final int DEFAULT_POKETIMER2 = 30; - private static final String DEFAULT_DOMAIN = "onap"; private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov"; //Common Errors @@ -143,7 +142,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public static final String API = "/api/"; static final String LOGS = "/logs/"; - static final String TEXT_CT = "text/plain"; + public static final String TEXT_CT = "text/plain"; static final String INGRESS = "/ingress/"; static final String EGRESS = "/egress/"; static final String NETWORK = "/network/"; @@ -156,7 +155,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { static final String START_TIME = "start_time"; static final String END_TIME = "end_time"; static final String REASON_SQL = "reasonSQL"; - + static final String JSON_HASH_STRING = "password"; /** * A boolean to trigger one time "provisioning changed" event on startup. @@ -202,10 +201,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { * Array of nodes names and/or FQDNs. */ private static String[] nodes = new String[0]; - /** - * [DATARTR-27] Poke all the DR nodes : Array of nodes names and/or FQDNs. - */ - private static String[] drnodes = new String[0]; /** * Array of node IP addresses. */ @@ -231,11 +226,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ static int activeSubs = 0; - /** - * The domain used to generate a FQDN from the "bare" node names. - */ - private static String provDomain = "web.att.com"; - /** * The standard FQDN of the provisioning server in this Data Router ecosystem. */ @@ -268,24 +258,30 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private InetAddress loopback; //DMAAP-597 (Tech Dept) REST request source IP auth relaxation to accommodate OOM kubernetes deploy - private static String isAddressAuthEnabled = (new DB()).getProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false"); + private static String isAddressAuthEnabled = ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false"); - static String isCadiEnabled = (new DB()).getProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"); + static String isCadiEnabled = ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"); /** * Initialize data common to all the provisioning server servlets. */ protected BaseServlet() { + setUpFields(); + if (authz == null) { + authz = new ProvAuthorizer(this); + } + String name = this.getClass().getName(); + intlogger.info("PROV0002 Servlet " + name + " started."); + } + + private static void setUpFields() { if (eventlogger == null) { eventlogger = EELFManager.getInstance().getLogger("EventLog"); } if (intlogger == null) { - this.intlogger = EELFManager.getInstance().getLogger("InternalLog"); - } - if (authz == null) { - authz = new ProvAuthorizer(this); + intlogger = EELFManager.getInstance().getLogger("InternalLog"); } if (startmsgFlag) { startmsgFlag = false; @@ -294,8 +290,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { if (synctask == null) { synctask = SynchronizerTask.getSynchronizer(); } - String name = this.getClass().getName(); - intlogger.info("PROV0002 Servlet " + name + " started."); } @Override @@ -309,6 +303,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } } + /** + * Get ID from Path. + * @param req HTTPServletRequest + * @return int ID + */ public static int getIdFromPath(HttpServletRequest req) { String path = req.getPathInfo(); if (path == null || path.length() < 2) { @@ -332,7 +331,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { try { jo = new JSONObject(new JSONTokener(req.getInputStream())); if (intlogger.isDebugEnabled()) { - intlogger.debug("JSON: " + jo.toString()); + intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString()); } } catch (Exception e) { intlogger.info("Error reading JSON: " + e); @@ -340,38 +339,37 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { return jo; } - /** - * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation - * header object in request before logging the JSON. - * - * @param jo the JSON passed in http request. - * @param maskKey the key to be masked in the JSON passed. - * @param action whether to mask the key or unmask it in a JSON passed. - * @return the JSONObject, or null if the stream cannot be parsed. - */ - static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) { + public static JSONObject hashPasswords(JSONObject jo) { if (!jo.isNull("authorization")) { JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids"); for (int index = 0; index < endpointIds.length(); index++) { - if ((!endpointIds.getJSONObject(index).isNull(maskKey))) { - String password = endpointIds.getJSONObject(index).get(maskKey).toString(); - processPassword(maskKey, action, endpointIds, index, password); + if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) { + String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString(); + processPassword(endpointIds, index, password); } } } + if (!jo.isNull("delivery")) { + JSONObject deliveryObj = jo.getJSONObject("delivery"); + String password = deliveryObj.get(JSON_HASH_STRING).toString(); + processPassword(deliveryObj, password); + } return jo; } - private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index, - String password) { + private static void processPassword(JSONArray endpointIds, int index, String password) { try { - if (action) { - endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password)); - } else { - endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password)); - } - } catch (JSONException | GeneralSecurityException e) { - intlogger.info("Error reading JSON while masking: " + e); + endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password)); + } catch (JSONException e) { + intlogger.info("Error reading JSON while hashing: " + e); + } + } + + private static void processPassword(JSONObject deliveryObj, String password) { + try { + deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password)); + } catch (JSONException e) { + intlogger.info("Error reading JSON while hashing: " + e); } } @@ -470,18 +468,18 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { * Check if an IP address matches a network address. * * @param ip the IP address - * @param s the network address; a bare IP address may be matched also + * @param str the network address; a bare IP address may be matched also * @return true if they intersect */ - private static boolean addressMatchesNetwork(InetAddress ip, String s) { + private static boolean addressMatchesNetwork(InetAddress ip, String str) { int mlen = -1; - int n = s.indexOf('/'); - if (n >= 0) { - mlen = Integer.parseInt(s.substring(n + 1)); - s = s.substring(0, n); + int substr = str.indexOf('/'); + if (substr >= 0) { + mlen = Integer.parseInt(str.substring(substr + 1)); + str = str.substring(0, substr); } try { - InetAddress i2 = InetAddress.getByName(s); + InetAddress i2 = InetAddress.getByName(str); byte[] b1 = ip.getAddress(); byte[] b2 = i2.getAddress(); if (b1.length != b2.length) { @@ -489,18 +487,18 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } if (mlen > 0) { byte[] masks = { - (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0, - (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE + (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0, + (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE }; byte mask = masks[mlen % 8]; - for (n = mlen / 8; n < b1.length; n++) { - b1[n] &= mask; - b2[n] &= mask; + for (substr = mlen / 8; substr < b1.length; substr++) { + b1[substr] &= mask; + b2[substr] &= mask; mask = 0; } } - for (n = 0; n < b1.length; n++) { - if (b1[n] != b2[n]) { + for (substr = 0; substr < b1.length; substr++) { + if (b1[substr] != b2[substr]) { return false; } } @@ -515,16 +513,16 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { * Something has changed in the provisioning data. Start the timers that will cause the pre-packaged JSON string to * be regenerated, and cause nodes and the other provisioning server to be notified. */ - static void provisioningDataChanged() { + public static void provisioningDataChanged() { long now = System.currentTimeMillis(); - Poker p = Poker.getPoker(); - p.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L)); + Poker pkr = Poker.getPoker(); + pkr.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L)); } /** * Something in the parameters has changed, reload all parameters from the DB. */ - static void provisioningParametersChanged() { + public static void provisioningParametersChanged() { Map map = Parameters.getParameters(); requireSecure = getBoolean(map, Parameters.PROV_REQUIRE_SECURE); requireCert = getBoolean(map, Parameters.PROV_REQUIRE_CERT); @@ -537,7 +535,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { pokeTimer2 = getInt(map, Parameters.PROV_POKETIMER2, DEFAULT_POKETIMER2); // The domain used to generate a FQDN from the "bare" node names - provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN); provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME); activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName); initialActivePod = getString(map, Parameters.ACTIVE_POD, ""); @@ -566,9 +563,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } } - //[DATARTR-27] Poke all the DR nodes: assigning DR Nodes - drnodes = nodes.clone(); - //Reset Nodes arr after - removing static routing Nodes, Rally Userstory - US664862 . List filterNodes = new ArrayList<>(); for (String node : nodes) { @@ -608,7 +602,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { return provName; } - static String getActiveProvName() { + public static String getActiveProvName() { return activeProvName; } @@ -660,7 +654,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } /** - * Gets the FQDN of the initially STANDBY_POD provisioning server (POD). Note: this used to be called isStandbyPOD(), + * Gets the FQDN of the initially STANDBY_POD provisioning server (POD).Note: this used to be called isStandbyPOD(), * however, that is a misnomer, as the standby status could shift to the active POD without these parameters * changing. Hence, the function names have been changed to more accurately reflect their purpose. * @@ -678,18 +672,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ protected boolean doInsert(Insertable bean) { boolean rv; - DB db = new DB(); - Connection conn = null; - try { - conn = db.getConnection(); + try (Connection conn = ProvDbUtils.getInstance().getConnection()) { rv = bean.doInsert(conn); } catch (SQLException e) { rv = false; intlogger.warn("PROV0005 doInsert: " + e.getMessage(), e); - } finally { - if (conn != null) { - db.release(conn); - } } return rv; } @@ -702,18 +689,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ protected boolean doUpdate(Updateable bean) { boolean rv; - DB db = new DB(); - Connection conn = null; - try { - conn = db.getConnection(); + try (Connection conn = ProvDbUtils.getInstance().getConnection()) { rv = bean.doUpdate(conn); } catch (SQLException e) { rv = false; intlogger.warn("PROV0006 doUpdate: " + e.getMessage(), e); - } finally { - if (conn != null) { - db.release(conn); - } } return rv; } @@ -726,36 +706,29 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ protected boolean doDelete(Deleteable bean) { boolean rv; - DB db = new DB(); - Connection conn = null; - try { - conn = db.getConnection(); + try (Connection conn = ProvDbUtils.getInstance().getConnection()) { rv = bean.doDelete(conn); } catch (SQLException e) { rv = false; intlogger.warn("PROV0007 doDelete: " + e.getMessage(), e); - } finally { - if (conn != null) { - db.release(conn); - } } return rv; } private static boolean getBoolean(Map map, String name) { - String s = map.get(name); - return "true".equalsIgnoreCase(s); + String str = map.get(name); + return "true".equalsIgnoreCase(str); } private static String getString(Map map, String name, String dflt) { - String s = map.get(name); - return (s != null) ? s : dflt; + String str = map.get(name); + return (str != null) ? str : dflt; } private static int getInt(Map map, String name, int dflt) { try { - String s = map.get(name); - return Integer.parseInt(s); + String str = map.get(name); + return Integer.parseInt(str); } catch (NumberFormatException e) { return dflt; } @@ -763,9 +736,9 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private static Set getSet(Map map, String name) { Set set = new HashSet<>(); - String s = map.get(name); - if (s != null) { - String[] pp = s.split("\\|"); + String str = map.get(name); + if (str != null) { + String[] pp = str.split("\\|"); if (pp != null) { for (String t : pp) { String t2 = t.trim(); @@ -791,9 +764,9 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { this("", "1.0"); } - ContentHeader(String t, String v) { - type = t.trim(); - map.put("version", v); + ContentHeader(String headertype, String version) { + type = headertype.trim(); + map.put("version", version); } public String getType() { @@ -801,11 +774,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } String getAttribute(String key) { - String s = map.get(key); - if (s == null) { - s = ""; + String str = map.get(key); + if (str == null) { + str = ""; } - return s; + return str; } } @@ -817,16 +790,16 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ ContentHeader getContentHeader(HttpServletRequest req) { ContentHeader ch = new ContentHeader(); - String s = req.getHeader("Content-Type"); - if (s != null) { - String[] pp = s.split(";"); + String str = req.getHeader("Content-Type"); + if (str != null) { + String[] pp = str.split(";"); ch.type = pp[0].trim(); for (int i = 1; i < pp.length; i++) { int ix = pp[i].indexOf('='); if (ix > 0) { - String k = pp[i].substring(0, ix).trim(); - String v = pp[i].substring(ix + 1).trim(); - ch.map.put(k, v); + String type = pp[i].substring(0, ix).trim(); + String version = pp[i].substring(ix + 1).trim(); + ch.map.put(type, version); } else { ch.map.put(pp[i].trim(), ""); } @@ -839,10 +812,10 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { @Override public String getFeedOwner(String feedId) { try { - int n = Integer.parseInt(feedId); - Feed f = Feed.getFeedById(n); - if (f != null) { - return f.getPublisher(); + int intID = Integer.parseInt(feedId); + Feed feed = Feed.getFeedById(intID); + if (feed != null) { + return feed.getPublisher(); } } catch (NumberFormatException e) { // ignore @@ -853,10 +826,10 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { @Override public String getFeedClassification(String feedId) { try { - int n = Integer.parseInt(feedId); - Feed f = Feed.getFeedById(n); - if (f != null) { - return f.getAuthorization().getClassification(); + int intID = Integer.parseInt(feedId); + Feed feed = Feed.getFeedById(intID); + if (feed != null) { + return feed.getAuthorization().getClassification(); } } catch (NumberFormatException e) { // ignore @@ -867,10 +840,10 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { @Override public String getSubscriptionOwner(String subId) { try { - int n = Integer.parseInt(subId); - Subscription s = Subscription.getSubscriptionById(n); - if (s != null) { - return s.getSubscriber(); + int intID = Integer.parseInt(subId); + Subscription sub = Subscription.getSubscriptionById(intID); + if (sub != null) { + return sub.getSubscriber(); } } catch (NumberFormatException e) { // ignore @@ -886,9 +859,9 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private boolean isUserMemberOfGroup(Group group, String user) { String groupDetails = group.getMembers().replace("]", "").replace("[", ""); - String[] s = groupDetails.split("},"); + String[] str = groupDetails.split("},"); - for (String value : s) { + for (String value : str) { JSONObject jsonObj; try { jsonObj = new JSONObject(value + "}"); @@ -911,9 +884,9 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { @Override public String getGroupByFeedGroupId(String owner, String feedId) { try { - Feed f = Feed.getFeedById(Integer.parseInt(feedId)); - if (f != null) { - int groupid = f.getGroupid(); + Feed feed = Feed.getFeedById(Integer.parseInt(feedId)); + if (feed != null) { + int groupid = feed.getGroupid(); if (groupid > 0) { Group group = Group.getGroupById(groupid); if (group != null && isUserMemberOfGroup(group, owner)) { @@ -935,10 +908,10 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { @Override public String getGroupBySubGroupId(String owner, String subId) { try { - int n = Integer.parseInt(subId); - Subscription s = Subscription.getSubscriptionById(n); - if (s != null) { - int groupid = s.getGroupid(); + int intID = Integer.parseInt(subId); + Subscription sub = Subscription.getSubscriptionById(intID); + if (sub != null) { + int groupid = sub.getGroupid(); if (groupid > 0) { Group group = Group.getGroupById(groupid); if (group != null && isUserMemberOfGroup(group, owner)) { @@ -995,7 +968,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ String getFeedPermission(String aafInstance, String userAction) { try { - Properties props = (new DB()).getProperties(); + Properties props = ProvRunner.getProvProperties(); String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED); String action; switch (userAction) { @@ -1032,13 +1005,14 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { /* * AAF changes: TDP EPIC US# 307413 - * @Method - getSubscriberPermission - Forming permission string for subscription part to check AAF access in CADI Framework + * @Method - getSubscriberPermission - Forming permission string for subscription part to check + * AAF access in CADI Framework * @Params - aafInstance Passing aafInstance as it's used in permission string * @Params - userAction Passing CONST values to set different actions in permission string */ String getSubscriberPermission(String aafInstance, String userAction) { try { - Properties props = (new DB()).getProperties(); + Properties props = ProvRunner.getProvProperties(); String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB); String action; switch (userAction) {