Fix this problem by removing the CryptoUtils that could be replaced by AAF cadi call (this was already in place in the code). The OOM sdc controller password will have to be modified as well.
Issue-ID: POLICY-3201
Issue-ID: POLICY-3200
Change-Id: I6dfd9abb691afb3548d4e68c8759351ad02a30da
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
"consumerId": "consumerId1",
"environmentName": "AUTO",
"sdcAddress": "localhost:8443",
- "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"pollingInterval":30,
"pollingTimeout":30,
"activateServerTLSAuth":"false",
"consumerId": "consumerId1",
"environmentName": "AUTO",
"sdcAddress": "localhost:8443",
- "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"pollingInterval":30,
"pollingTimeout":30,
"activateServerTLSAuth":"false",
A [docker-compose example file](extra/docker/clamp/docker-compose.yml) can be found under the [extra/docker/clamp/ folder](extra/docker/).
-Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a prepopullated database and a clamp instance available on [https://localhost:3000](https://localhost:3000).
+Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a pre-populated database, and a clamp instance available on [https://localhost:3000](https://localhost:3000).
### Logs
cadi_latitude[0.000]=10.0
cadi_longitude[0.000]=10.0
- Certs should created, you can get them in /var/lib/docker/volumes/clamp_config/_data/local
- If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re used) : docker volume rm clamp_config
+ If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re-used) : docker volume rm clamp_config
- wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar
-- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi digest changeit testos.key
+- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi <digest|undigest> changeit testos.key
- you can also use the agent.sh script to decrypt the passwords, by running the showpass commands (see wiki below)
- Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key'
- Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem'
<version>3.10.0</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-api-mockito2</artifactId>
- <version>2.0.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4</artifactId>
- <version>2.0.4</version>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java-core</artifactId>
private String keyStoreType;
- @Value("${clamp.config.keyFile:#{null}}")
+ @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}")
private String keyFile;
@Autowired
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Modifications Copyright (c) 2019 Samsung
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.policy.clamp.clds.config.sdc;
import com.google.gson.JsonObject;
import java.io.IOException;
+import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
private static final String CONTROLLER_SUBTREE_KEY = "sdc-connections";
@Autowired
protected ApplicationContext appContext;
+
+ @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}")
+ private String keyFile;
+
/**
* The file name that will be loaded by Spring.
*/
- @Value("${clamp.config.files.sdcController:'classpath:/clds/sdc-controllers-config.json'}")
+ @Value("${clamp.config.files.sdcController:classpath:/clds/sdc-controllers-config.json}")
protected String sdcControllerFile;
/**
* The root of the JSON.
*/
@PostConstruct
public void loadConfiguration() throws IOException {
- Resource resource = appContext.getResource(sdcControllerFile);
- // Try to load json tree
- jsonRootNode = JsonUtils.GSON.fromJson(new InputStreamReader(
- resource.getInputStream(), StandardCharsets.UTF_8),
- JsonObject.class);
+ try (InputStreamReader controllerFile = new InputStreamReader(
+ appContext.getResource(sdcControllerFile).getInputStream(), StandardCharsets.UTF_8)) {
+ jsonRootNode = JsonUtils.GSON.fromJson(controllerFile, JsonObject.class);
+ }
}
public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) {
Map<String, SdcSingleControllerConfiguration> result = new HashMap<>();
if (jsonRootNode.get(CONTROLLER_SUBTREE_KEY) != null) {
jsonRootNode.get(CONTROLLER_SUBTREE_KEY).getAsJsonObject().entrySet().forEach(
- entry -> result.put(entry.getKey(),
- new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey())));
+ entry -> result.put(entry.getKey(),
+ new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey(),
+ keyFile)));
} else {
throw new SdcParametersException(
CONTROLLER_SUBTREE_KEY + " key not found in the file: " + sdcControllerFile);
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.policy.clamp.clds.config.sdc;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
import com.google.gson.JsonObject;
-import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collections;
import java.util.List;
-import org.apache.commons.codec.DecoderException;
import org.onap.policy.clamp.clds.exception.sdc.controller.SdcParametersException;
-import org.onap.policy.clamp.clds.util.CryptoUtils;
+import org.onap.policy.clamp.util.PassDecoder;
import org.onap.sdc.api.consumer.IConfiguration;
/**
*/
public class SdcSingleControllerConfiguration implements IConfiguration {
- private static final EELFLogger logger = EELFManager.getInstance()
- .getLogger(SdcSingleControllerConfiguration.class);
+ private final String keyFile;
+
/**
* The sdc Controller name corresponding.
*/
public static final String OTHER = "OTHER";
public static final String TOSCA_CSAR = "TOSCA_CSAR";
public static final String VF_MODULES_METADATA = "VF_MODULES_METADATA";
- private static final String[] SUPPORTED_ARTIFACT_TYPES = {
- TOSCA_CSAR, VF_MODULES_METADATA
- };
- public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = Collections
- .unmodifiableList(Arrays.asList(SUPPORTED_ARTIFACT_TYPES));
+ private static final String[] SUPPORTED_ARTIFACT_TYPES = {TOSCA_CSAR, VF_MODULES_METADATA};
+ public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = List.of(SUPPORTED_ARTIFACT_TYPES);
/**
* This constructor builds a SdcSingleControllerConfiguration from the
* corresponding json.
- *
- * @param jsonNode
- * The JSON node
- * @param controllerName
- * The controller name that must appear in the JSON
+ *
+ * @param jsonNode The JSON node
+ * @param controllerName The controller name that must appear in the JSON
+ * @param keyFileLocation The location of the file to decode the password using CADI
*/
- public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName) {
+ public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName, String keyFileLocation) {
jsonRootNode = jsonNode;
+ keyFile = keyFileLocation;
setSdcControllerName(controllerName);
testAllRequiredParameters();
}
}
}
- private String getEncryptedStringConfig(String key) throws GeneralSecurityException, DecoderException {
+ private String getEncryptedStringConfig(String key) {
if (jsonRootNode != null && jsonRootNode.get(key) != null) {
return jsonRootNode.get(key).getAsString().isEmpty() ? null
- : CryptoUtils.decrypt(jsonRootNode.get(key).getAsString());
+ : PassDecoder.decode(jsonRootNode.get(key).getAsString(), keyFile);
}
return null;
}
@Override
public String getPassword() {
- try {
- return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME);
- } catch (GeneralSecurityException | DecoderException e) {
- logger.error("Unable to decrypt the SDC password", e);
- return null;
- }
+ return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME);
}
@Override
@Override
public String getKeyStorePassword() {
- try {
- return getEncryptedStringConfig(KEY_STORE_KEY);
- } catch (GeneralSecurityException | DecoderException e) {
- logger.error("Unable to decrypt the SDC password", e);
- return null;
- }
+ return getEncryptedStringConfig(KEY_STORE_KEY);
}
@Override
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.policy.clamp.clds.util;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import com.google.common.base.Charsets;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
-import java.util.Properties;
-import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang3.ArrayUtils;
-
-/**
- * CryptoUtils for encrypting/decrypting string based on a Key defined in
- * application.properties (Spring config file).
- */
-public final class CryptoUtils {
-
- /**
- * Used to log CryptoUtils class.
- */
- private static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class);
- // Openssl commands:
- // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key>
- // -iv <16 Bytes iv (HEX), be careful it's 32 Hex Chars> | xxd -u -g100
- // Final result is to put in properties file is: IV + Outcome of openssl
- // command
- // ************************************************************
- // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d
- // -K
- // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String, be
- // careful it's 32 Hex Chars>
- /**
- * Definition of encryption algorithm.
- */
- private static final String ALGORITHM = "AES";
-
- /**
- * AES Encryption Key environment variable for external configuration.
- */
- private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY";
-
- /**
- * Detailed definition of encryption algorithm.
- */
- private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
- private static final int IV_BLOCK_SIZE_IN_BITS = 128;
- /**
- * An Initial Vector of 16 Bytes, so 32 Hexadecimal Chars.
- */
- private static final int IV_BLOCK_SIZE_IN_BYTES = IV_BLOCK_SIZE_IN_BITS / 8;
- /**
- * Key to read in the key.properties file.
- */
- private static final String KEY_PARAM = "org.onap.policy.clamp.encryption.aes.key";
- private static final String PROPERTIES_FILE_NAME = "clds/key.properties";
- /**
- * The SecretKeySpec created from the Base 64 String key.
- */
- private static final SecretKeySpec SECRET_KEY_SPEC = readSecretKeySpec(PROPERTIES_FILE_NAME);
-
- /**
- * Private constructor to avoid creating instances of util class.
- */
- private CryptoUtils() {
- }
-
- /**
- * Encrypt a value based on the Clamp Encryption Key.
- *
- * @param value The value to encrypt
- * @return The encrypted string
- * @throws GeneralSecurityException In case of issue with the encryption
- * @throws UnsupportedEncodingException In case of issue with the charset
- * conversion
- */
- public static String encrypt(String value) throws GeneralSecurityException {
- Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
- byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
- SecureRandom.getInstance("SHA1PRNG").nextBytes(iv);
- IvParameterSpec ivspec = new IvParameterSpec(iv);
- cipher.init(Cipher.ENCRYPT_MODE, SECRET_KEY_SPEC, ivspec);
- return Hex.encodeHexString(ArrayUtils.addAll(iv, cipher.doFinal(value.getBytes(Charsets.UTF_8))));
- }
-
- /**
- * Decrypt a value based on the Clamp Encryption Key.
- *
- * @param message The encrypted string that must be decrypted using the Clamp
- * Encryption Key
- * @return The String decrypted
- * @throws GeneralSecurityException In case of issue with the encryption
- * @throws DecoderException In case of issue to decode the HexString
- */
- public static String decrypt(String message) throws GeneralSecurityException, DecoderException {
- byte[] encryptedMessage = Hex.decodeHex(message.toCharArray());
- Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
- IvParameterSpec ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, IV_BLOCK_SIZE_IN_BYTES));
- byte[] realData = ArrayUtils.subarray(encryptedMessage, IV_BLOCK_SIZE_IN_BYTES, encryptedMessage.length);
- cipher.init(Cipher.DECRYPT_MODE, SECRET_KEY_SPEC, ivspec);
- byte[] decrypted = cipher.doFinal(realData);
- return new String(decrypted);
- }
-
- /**
- * Method used to generate the SecretKeySpec from a Base64 String.
- *
- * @param keyString The key as a string in Base 64
- * @return The SecretKeySpec created
- * @throws DecoderException In case of issues with the decoding of Base64
- */
- private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException {
- byte[] key = Hex.decodeHex(keyString.toCharArray());
- return new SecretKeySpec(key, ALGORITHM);
- }
-
- /**
- * Reads SecretKeySpec from file specified by propertiesFileName.
- *
- * @param propertiesFileName File name with properties
- * @return SecretKeySpec secret key spec read from propertiesFileName
- */
- private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
- Properties props = new Properties();
- try {
- // Workaround fix to make encryption key configurable
- // System environment variable takes precedence for over clds/key.properties
- String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
- if (encryptionKey != null && encryptionKey.trim().length() > 0) {
- return getSecretKeySpec(encryptionKey);
- } else {
- props.load(ResourceFileUtils.getResourceAsStream(propertiesFileName));
- return getSecretKeySpec(props.getProperty(KEY_PARAM));
- }
- } catch (IOException | DecoderException e) {
- logger.error("Exception occurred during the key reading", e);
- return null;
- }
- }
-}
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* @return The file as inputStream
*/
public static InputStream getResourceAsStream(String fileName) {
- InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(
- fileName.startsWith(CLASSPATH_PREFIX) ? fileName.replaceFirst(CLASSPATH_PREFIX, "") : fileName);
+ InputStream is = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream(fileName.replaceFirst("^" + CLASSPATH_PREFIX, ""));
if (is == null) {
throw new IllegalArgumentException("Unable to find resource: " + fileName);
}
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* PassDecoder for decrypting the truststore and keystore password.
*/
public class PassDecoder {
+
+ private PassDecoder() {
+ }
+
/**
* Used to log PassDecoder class.
*/
* Decode the password.
*
* @param encryptedPass The encrypted password
- * @param keyFileName The key file name in String
+ * @param keyFileName The key file name in String
*/
public static String decode(String encryptedPass, String keyFileName) {
if (null == keyFileName) {
+++ /dev/null
-org.onap.policy.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
\ No newline at end of file
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
StandardCharsets.UTF_8);
JsonObject jsonNode = JsonUtils.GSON.fromJson(streamReader, JsonObject.class);
- return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName);
+ return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName,
+ "classpath:clds/aaf/org.onap.clamp.keyfile");
}
@Test
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@Test
public void testGetAllDefinedControllers() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config.json");
+ loadFile("classpath:clds/sdc-controllers-config.json");
Map<String, SdcSingleControllerConfiguration> mapResult = sdcControllersConfiguration
.getAllDefinedControllers();
assertTrue(mapResult.size() == 2);
@Test
public void testGetSdcSingleControllerConfiguration() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config.json");
+ loadFile("classpath:clds/sdc-controllers-config.json");
assertEquals("sdc-controller1", sdcControllersConfiguration
.getSdcSingleControllerConfiguration("sdc-controller1").getSdcControllerName());
assertEquals("sdc-controller2", sdcControllersConfiguration
@Test(expected = JsonSyntaxException.class)
public void testBadJsonLoading() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config-bad.json");
+ loadFile("classpath:clds/sdc-controllers-config-bad.json");
fail("Should have raised an exception");
}
@Test(expected = SdcParametersException.class)
public void testMissingParamInJsonLoading() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config-missing-param.json");
+ loadFile("classpath:clds/sdc-controllers-config-missing-param.json");
sdcControllersConfiguration.getAllDefinedControllers();
fail("Should have raised an exception");
}
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Modifications Copyright (c) 2019 Samsung
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.policy.clamp.clds.util;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.mockito.ArgumentMatchers.eq;
-
-import java.security.InvalidKeyException;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang3.ArrayUtils;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.powermock.api.mockito.PowerMockito;
-import org.powermock.core.classloader.annotations.PowerMockIgnore;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-
-@RunWith(PowerMockRunner.class)
-@PowerMockIgnore({ "javax.crypto.*", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*" })
-public class CryptoUtilsTest {
-
- private final String data = "This is a test string";
-
- @Test
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryption() throws Exception {
- String encodedString = CryptoUtils.encrypt(data);
- assertNotNull(encodedString);
- assertEquals(data, CryptoUtils.decrypt(encodedString));
- }
-
- @Test
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryptedStringIsDifferent() throws Exception {
- String encodedString1 = CryptoUtils.encrypt(data);
- String encodedString2 = CryptoUtils.encrypt(data);
- byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray());
- byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray());
- assertNotNull(encryptedMessage1);
- assertNotNull(encryptedMessage2);
- assertNotEquals(encryptedMessage1, encryptedMessage2);
- byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length);
- byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length);
- assertNotEquals(subData1, subData2);
- }
-
- @Test
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryptionBaseOnRandomKey() throws Exception {
- SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
- final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded()));
- setAesEncryptionKeyEnv(encryptionKey);
-
- String encodedString = CryptoUtils.encrypt(data);
- String decodedString = CryptoUtils.decrypt(encodedString);
- assertEquals(data, decodedString);
- }
-
- @Test(expected = InvalidKeyException.class)
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryptionBadKey() throws Exception {
- final String badEncryptionKey = "93210sd";
- setAesEncryptionKeyEnv(badEncryptionKey);
-
- CryptoUtils.encrypt(data);
- }
-
- private static void setAesEncryptionKeyEnv(String value) {
- PowerMockito.mockStatic(System.class);
- PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value);
- }
-}
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+ * you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.policy.clamp.util;
public final void testDecryption() throws Exception {
String decodedPass = PassDecoder.decode(encrypted, "classpath:clds/aaf/org.onap.clamp.keyfile");
assertEquals(decodedPass, "China in the Spring");
+ assertEquals("Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", PassDecoder
+ .decode("enc:JPV4p067JlSXt2Fet9bfuI8JpkS4ZGYVcgypcPs98gXjgjCjTze_d3JxqmlKaaakdiOjIcEC_MJh6-5pJTLgdc",
+ "classpath:clds/aaf/org.onap.clamp.keyfile"));
}
}
#server.ssl.key-store-password=pass
#server.ssl.key-password=pass
+clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile
+
### In order to be user friendly when HTTPS is enabled,
### you can add another HTTP port that will be automatically redirected to HTTPS
### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)
"consumerId": "consumerId",
"environmentName": "environmentName",
"sdcAddress": "hostname:8080",
- "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"pollingInterval":10,
"pollingTimeout":30,
"activateServerTLSAuth": true,
- "keyStorePassword":"bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
+ "keyStorePassword":"QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"keyStorePath": "/test",
"messageBusAddresses":["localhost"]
}
{
- "sdc-connections":{
- "sdc-controller1":{
- "user": "User1",
- "consumerGroup": "consumerGroup1",
- "consumerId": "consumerId1",
- "environmentName": "environmentName1",
- "sdcAddress": "localhost:${docker.http-cache.port.host}",
- "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
- "pollingInterval":10,
- "pollingTimeout":30,
- "messageBusAddresses":["localhost"]
+ "sdc-connections": {
+ "sdc-controller1": {
+ "user": "User1",
+ "consumerGroup": "consumerGroup1",
+ "consumerId": "consumerId1",
+ "environmentName": "environmentName1",
+ "sdcAddress": "localhost:${docker.http-cache.port.host}",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
+ "pollingInterval": 10,
+ "pollingTimeout": 30,
+ "messageBusAddresses": [
+ "localhost"
+ ]
},
- "sdc-controller2":{
- "user": "User2",
- "consumerGroup": "consumerGroup2",
- "consumerId": "consumerId2",
- "environmentName": "environmentName2",
- "sdcAddress": "localhost:${docker.http-cache.port.host}",
- "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
- "pollingInterval":10,
- "pollingTimeout":30,
- "messageBusAddresses":["localhost"]
-
+ "sdc-controller2": {
+ "user": "User2",
+ "consumerGroup": "consumerGroup2",
+ "consumerId": "consumerId2",
+ "environmentName": "environmentName2",
+ "sdcAddress": "localhost:${docker.http-cache.port.host}",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
+ "pollingInterval": 10,
+ "pollingTimeout": 30,
+ "messageBusAddresses": [
+ "localhost"
+ ]
}
}
}
#server.ssl.key-store-password=pass
#server.ssl.key-password=pass
+clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile
+
### In order to be user friendly when HTTPS is enabled,
### you can add another HTTP port that will be automatically redirected to HTTPS
### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)
Code Review / policy / clamp.git / commitdiff