X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FBaseServlet.java;h=52629ffb18ddb46273056fb1ee02d1da74a4d92f;hb=0ad65c47b4fbddd5d1b653c5e38dcdf84884de9f;hp=f8b5934e8dfd23b0cb347a789163fb286592418a;hpb=06a86fa387e05f57bb1cec4295901e6d7786aa98;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index f8b5934e..52629ffb 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -33,7 +33,6 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.net.InetAddress; import java.net.UnknownHostException; -import java.security.GeneralSecurityException; import java.security.cert.X509Certificate; import java.sql.Connection; import java.sql.SQLException; @@ -49,6 +48,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.Nullable; import org.json.JSONArray; @@ -66,8 +66,9 @@ import org.onap.dmaap.datarouter.provisioning.beans.NodeClass; import org.onap.dmaap.datarouter.provisioning.beans.Parameters; import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.beans.Updateable; -import org.onap.dmaap.datarouter.provisioning.utils.DB; -import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor; +import org.onap.dmaap.datarouter.provisioning.utils.Poker; +import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils; +import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; import org.slf4j.MDC; @@ -110,21 +111,19 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public static final String SUBFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-full; version=2.0"; static final String SUBLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-list; version=1.0"; - //Adding groups functionality, ...1610 static final String GROUP_BASECONTENT_TYPE = "application/vnd.dmaap-dr.group"; static final String GROUP_CONTENT_TYPE = "application/vnd.dmaap-dr.group; version=2.0"; static final String GROUPFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.group-full; version=2.0"; public static final String GROUPLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.fegrouped-list; version=1.0"; - public static final String LOGLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.log-list; version=1.0"; public static final String PROVFULL_CONTENT_TYPE1 = "application/vnd.dmaap-dr.provfeed-full; version=1.0"; public static final String PROVFULL_CONTENT_TYPE2 = "application/vnd.dmaap-dr.provfeed-full; version=2.0"; public static final String CERT_ATTRIBUTE = "javax.servlet.request.X509Certificate"; static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you " - + "try the operation again."; + + "try the operation again."; private static final int DEFAULT_MAX_FEEDS = 10000; private static final int DEFAULT_MAX_SUBS = 100000; @@ -143,7 +142,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public static final String API = "/api/"; static final String LOGS = "/logs/"; - static final String TEXT_CT = "text/plain"; + public static final String TEXT_CT = "text/plain"; static final String INGRESS = "/ingress/"; static final String EGRESS = "/egress/"; static final String NETWORK = "/network/"; @@ -156,7 +155,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { static final String START_TIME = "start_time"; static final String END_TIME = "end_time"; static final String REASON_SQL = "reasonSQL"; - + static final String JSON_HASH_STRING = "password"; /** * A boolean to trigger one time "provisioning changed" event on startup. @@ -259,25 +258,31 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private InetAddress loopback; //DMAAP-597 (Tech Dept) REST request source IP auth relaxation to accommodate OOM kubernetes deploy - private static String isAddressAuthEnabled = (new DB()).getProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false"); + private static String isAddressAuthEnabled = ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false"); - static String isCadiEnabled = (new DB()).getProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"); + static String isCadiEnabled = ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"); /** * Initialize data common to all the provisioning server servlets. */ protected BaseServlet() { + setUpFields(); + if (authz == null) { + authz = new ProvAuthorizer(this); + } + String name = this.getClass().getName(); + intlogger.info("PROV0002 Servlet " + name + " started."); + } + + private static void setUpFields() { if (eventlogger == null) { eventlogger = EELFManager.getInstance().getLogger("EventLog"); } if (intlogger == null) { intlogger = EELFManager.getInstance().getLogger("InternalLog"); } - if (authz == null) { - authz = new ProvAuthorizer(this); - } if (startmsgFlag) { startmsgFlag = false; provisioningParametersChanged(); @@ -285,8 +290,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { if (synctask == null) { synctask = SynchronizerTask.getSynchronizer(); } - String name = this.getClass().getName(); - intlogger.info("PROV0002 Servlet " + name + " started."); } @Override @@ -328,7 +331,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { try { jo = new JSONObject(new JSONTokener(req.getInputStream())); if (intlogger.isDebugEnabled()) { - intlogger.debug("JSON: " + jo.toString()); + intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString()); } } catch (Exception e) { intlogger.info("Error reading JSON: " + e); @@ -336,38 +339,37 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { return jo; } - /** - * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation - * header object in request before logging the JSON. - * - * @param jo the JSON passed in http request. - * @param maskKey the key to be masked in the JSON passed. - * @param action whether to mask the key or unmask it in a JSON passed. - * @return the JSONObject, or null if the stream cannot be parsed. - */ - static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) { + public static JSONObject hashPasswords(JSONObject jo) { if (!jo.isNull("authorization")) { JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids"); for (int index = 0; index < endpointIds.length(); index++) { - if ((!endpointIds.getJSONObject(index).isNull(maskKey))) { - String password = endpointIds.getJSONObject(index).get(maskKey).toString(); - processPassword(maskKey, action, endpointIds, index, password); + if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) { + String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString(); + processPassword(endpointIds, index, password); } } } + if (!jo.isNull("delivery")) { + JSONObject deliveryObj = jo.getJSONObject("delivery"); + String password = deliveryObj.get(JSON_HASH_STRING).toString(); + processPassword(deliveryObj, password); + } return jo; } - private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index, - String password) { + private static void processPassword(JSONArray endpointIds, int index, String password) { try { - if (action) { - endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password)); - } else { - endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password)); - } - } catch (JSONException | GeneralSecurityException e) { - intlogger.info("Error reading JSON while masking: " + e); + endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password)); + } catch (JSONException e) { + intlogger.info("Error reading JSON while hashing: " + e); + } + } + + private static void processPassword(JSONObject deliveryObj, String password) { + try { + deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password)); + } catch (JSONException e) { + intlogger.info("Error reading JSON while hashing: " + e); } } @@ -511,7 +513,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { * Something has changed in the provisioning data. Start the timers that will cause the pre-packaged JSON string to * be regenerated, and cause nodes and the other provisioning server to be notified. */ - static void provisioningDataChanged() { + public static void provisioningDataChanged() { long now = System.currentTimeMillis(); Poker pkr = Poker.getPoker(); pkr.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L)); @@ -520,7 +522,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { /** * Something in the parameters has changed, reload all parameters from the DB. */ - static void provisioningParametersChanged() { + public static void provisioningParametersChanged() { Map map = Parameters.getParameters(); requireSecure = getBoolean(map, Parameters.PROV_REQUIRE_SECURE); requireCert = getBoolean(map, Parameters.PROV_REQUIRE_CERT); @@ -600,7 +602,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { return provName; } - static String getActiveProvName() { + public static String getActiveProvName() { return activeProvName; } @@ -670,18 +672,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ protected boolean doInsert(Insertable bean) { boolean rv; - DB db = new DB(); - Connection conn = null; - try { - conn = db.getConnection(); + try (Connection conn = ProvDbUtils.getInstance().getConnection()) { rv = bean.doInsert(conn); } catch (SQLException e) { rv = false; intlogger.warn("PROV0005 doInsert: " + e.getMessage(), e); - } finally { - if (conn != null) { - db.release(conn); - } } return rv; } @@ -694,18 +689,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ protected boolean doUpdate(Updateable bean) { boolean rv; - DB db = new DB(); - Connection conn = null; - try { - conn = db.getConnection(); + try (Connection conn = ProvDbUtils.getInstance().getConnection()) { rv = bean.doUpdate(conn); } catch (SQLException e) { rv = false; intlogger.warn("PROV0006 doUpdate: " + e.getMessage(), e); - } finally { - if (conn != null) { - db.release(conn); - } } return rv; } @@ -718,18 +706,11 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ protected boolean doDelete(Deleteable bean) { boolean rv; - DB db = new DB(); - Connection conn = null; - try { - conn = db.getConnection(); + try (Connection conn = ProvDbUtils.getInstance().getConnection()) { rv = bean.doDelete(conn); } catch (SQLException e) { rv = false; intlogger.warn("PROV0007 doDelete: " + e.getMessage(), e); - } finally { - if (conn != null) { - db.release(conn); - } } return rv; } @@ -987,7 +968,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ String getFeedPermission(String aafInstance, String userAction) { try { - Properties props = (new DB()).getProperties(); + Properties props = ProvRunner.getProvProperties(); String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED); String action; switch (userAction) { @@ -1031,7 +1012,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { */ String getSubscriberPermission(String aafInstance, String userAction) { try { - Properties props = (new DB()).getProperties(); + Properties props = ProvRunner.getProvProperties(); String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB); String action; switch (userAction) {