.settings
target/
**/logs/
-bundleconfig-local/etc/auth/aai-client-cert.p12
-bundleconfig-local/etc/auth/tomcat_keystore
bundleconfig-local/etc/oxm
src/main/aai_schema
bundleconfig-local/etc/logback.xml
</profile>
</profiles>
<dependencies>
- <dependency>
- <groupId>com.att.eelf</groupId>
- <artifactId>eelf-core</artifactId>
- </dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<resource>
<directory>${project.basedir}/src/main/resources/etc/auth/</directory>
<includes>
- <include>aai-client-cert.p12</include>
- <include>tomcat_keystore</include>
<include>aai_policy.json</include>
</includes>
<targetPath>${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig</targetPath>
import org.onap.aai.aailog.logs.AaiDebugLog;
import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.schemaservice.config.PropertyPasswordConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
SpringApplication app = new SpringApplication(SchemaServiceApp.class);
app.setLogStartupInfo(false);
app.setRegisterShutdownHook(true);
- app.addInitializers(new PropertyPasswordConfiguration());
Environment env = app.run(args).getEnvironment();
+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aai.schemaservice.config;
-
-import org.eclipse.jetty.util.security.Password;
-
-public class JettyPasswordDecoder implements PasswordDecoder {
-
- @Override
- public String decode(String input) {
- if (input.startsWith("OBF:")) {
- return Password.deobfuscate(input);
- }
- return Password.deobfuscate("OBF:" + input);
- }
-}
+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aai.schemaservice.config;
-
-public interface PasswordDecoder {
-
- String decode(String input);
-}
+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aai.schemaservice.config;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.core.env.ConfigurableEnvironment;
-import org.springframework.core.env.EnumerablePropertySource;
-import org.springframework.core.env.MapPropertySource;
-import org.springframework.core.env.PropertySource;
-
-public class PropertyPasswordConfiguration
- implements ApplicationContextInitializer<ConfigurableApplicationContext> {
-
- private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)");
- private PasswordDecoder passwordDecoder = new JettyPasswordDecoder();
- private static final Logger logger =
- LoggerFactory.getLogger(PropertyPasswordConfiguration.class.getName());
-
- @Override
- public void initialize(ConfigurableApplicationContext applicationContext) {
-
- ConfigurableEnvironment environment = applicationContext.getEnvironment();
- String certPath = environment.getProperty("server.certs.location");
- Map<String, Object> sslProps = new LinkedHashMap<>();
-
- // Override the passwords from application.properties if we find AAF certman files
- if (certPath != null) {
- File passwordFile = new File(certPath + ".password");
- try (InputStream passwordStream = new FileInputStream(passwordFile)) {
- String keystorePassword = null;
-
- keystorePassword = IOUtils.toString(passwordStream, Charset.defaultCharset());
- if (keystorePassword != null) {
- keystorePassword = keystorePassword.trim();
- sslProps.put("server.ssl.key-store-password", keystorePassword);
- } else {
- logger.warn("Keystore password is null in AAF Certman password file");
- }
- } catch (IOException e) {
- logger.warn("Not using AAF Certman password file " + passwordFile.getName() + " e="
- + e.getMessage());
- }
-
- File passphrasesFile = new File(certPath + ".passphrases");
- try (InputStream passphrasesStream = new FileInputStream(passphrasesFile)) {
- String truststorePassword = null;
- Properties passphrasesProps = new Properties();
- passphrasesProps.load(passphrasesStream);
- truststorePassword = passphrasesProps.getProperty("cadi_truststore_password");
- if (truststorePassword != null) {
- truststorePassword = truststorePassword.trim();
- sslProps.put("server.ssl.trust-store-password", truststorePassword);
- } else {
- logger.warn("Truststore password is null in AAF Certman passphrases file");
- }
- } catch (IOException e) {
- logger.warn("Not using AAF Certman passphrases file " + passphrasesFile.getName()
- + " e=" + e.getMessage());
- }
- }
- for (PropertySource<?> propertySource : environment.getPropertySources()) {
- Map<String, Object> propertyOverrides = new LinkedHashMap<>();
- decodePasswords(propertySource, propertyOverrides);
- if (!propertyOverrides.isEmpty()) {
- PropertySource<?> decodedProperties =
- new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides);
- environment.getPropertySources().addBefore(propertySource.getName(),
- decodedProperties);
- }
-
- }
- if (!sslProps.isEmpty()) {
- logger.info("Using AAF Certman files");
- PropertySource<?> additionalProperties =
- new MapPropertySource("additionalProperties", sslProps);
- environment.getPropertySources().addFirst(additionalProperties);
- }
-
- }
-
- private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
- if (source instanceof EnumerablePropertySource) {
- EnumerablePropertySource<?> enumerablePropertySource =
- (EnumerablePropertySource<?>) source;
- for (String key : enumerablePropertySource.getPropertyNames()) {
- Object rawValue = source.getProperty(key);
- if (rawValue instanceof String) {
- String decodedValue = decodePasswordsInString((String) rawValue);
- propertyOverrides.put(key, decodedValue);
- }
- }
- }
- }
-
- private String decodePasswordsInString(String input) {
- if (input == null) {
- return null;
- }
- StringBuffer output = new StringBuffer();
- Matcher matcher = decodePasswordPattern.matcher(input);
- while (matcher.find()) {
- String replacement = passwordDecoder.decode(matcher.group(1));
- matcher.appendReplacement(output, replacement);
- }
- matcher.appendTail(output);
- return output.toString();
- }
-
-}
# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=aai-schema-service/src/main/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8452
-# Server SSL Related Attributes
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
-server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
-server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.schemaservice.config.PropertyPasswordConfiguration;
import org.onap.aai.util.AAIConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.TestPropertySource;
import org.springframework.web.client.RestTemplate;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = SchemaServiceApp.class)
-// @TestPropertySource(locations = "classpath:application-test.properties")
-@ContextConfiguration(initializers = PropertyPasswordConfiguration.class)
@Import(SchemaServiceTestConfiguration.class)
public class SchemaServiceTest {
package org.onap.aai.schemaservice;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyStore;
import javax.net.ssl.SSLContext;
RestTemplate restTemplate = null;
if (env.acceptsProfiles(Profiles.of("one-way-ssl", "two-way-ssl"))) {
- char[] trustStorePassword =
- env.getProperty("server.ssl.trust-store-password").toCharArray();
- char[] keyStorePassword =
- env.getProperty("server.ssl.key-store-password").toCharArray();
-
- String keyStore = env.getProperty("server.ssl.key-store");
- String trustStore = env.getProperty("server.ssl.trust-store");
- SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
-
- if (env.acceptsProfiles(Profiles.of("two-way-ssl"))) {
- sslContextBuilder = sslContextBuilder
- .loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword);
- }
-
- SSLContext sslContext = sslContextBuilder
- .loadTrustMaterial(ResourceUtils.getFile(trustStore), trustStorePassword).build();
+ SSLContext sslContext = SSLContextBuilder.create().build();
- HttpClient client = HttpClients.custom().setSSLContext(sslContext)
- .setSSLHostnameVerifier((s, sslSession) -> true).build();
+ HttpClient client = HttpClients.custom()
+ .setSSLContext(sslContext)
+ .setSSLHostnameVerifier((s, sslSession) -> true)
+ .build();
restTemplate = builder
.requestFactory(() -> new HttpComponentsClientHttpRequestFactory(client)).build();
return restTemplate;
}
-
- private KeyStore loadPfx(String file, char[] password) throws Exception {
- KeyStore keyStore = KeyStore.getInstance("PKCS12");
- File key = ResourceUtils.getFile(file);
- try (InputStream in = new FileInputStream(key)) {
- keyStore.load(in, password);
- }
- return keyStore;
- }
}
# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=src/main/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8452
-security.require-ssl=false
-server.ssl.enabled=false
-# Server SSL Related Attributes
-#server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-#server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
-#server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-#server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
-#server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-#server.ssl.client-auth=want
-#server.ssl.key-store-type=JKS
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.15.2</version>
+ <version>1.15.4</version>
</parent>
<groupId>org.onap.aai.schema-service</groupId>
<artifactId>schema-service</artifactId>
<!-- GMaven plugin uses this property to figure out the name of the docker tag -->
<aai.project.version>${project.version}</aai.project.version>
<checkstyle.skip>false</checkstyle.skip>
- <aai.common.version>1.15.2</aai.common.version>
+ <aai.common.version>1.15.5-SNAPSHOT</aai.common.version>
<spring-cloud.version>2021.0.9</spring-cloud.version>
</properties>
<dependencyManagement>
Code Review / aai / schema-service.git / commitdiff