From: Benjamin, Max (mb388a) Date: Thu, 24 Jan 2019 22:33:54 +0000 (-0500) Subject: use encrypted auth for dmaap X-Git-Tag: 1.4.1~304^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=c8b4ff6dfea3e28ec4d505022453f0730f707a66;p=so.git use encrypted auth for dmaap remove deobfuscate as crypto is already used. update based on the feedback to use crypto utils to decrypt Re-Factor DMAAP Credentials to use encrypted auth credential Change-Id: I2ac5be84594d84f0f24ae554d99cef274dbb6c16 Issue-ID: SO-1425 Signed-off-by: Benjamin, Max (mb388a) --- diff --git a/bpmn/MSOCommonBPMN/src/main/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisher.java b/bpmn/MSOCommonBPMN/src/main/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisher.java index 382852886e..17b99e2741 100644 --- a/bpmn/MSOCommonBPMN/src/main/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisher.java +++ b/bpmn/MSOCommonBPMN/src/main/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisher.java @@ -38,22 +38,21 @@ public class GlobalDmaapPublisher extends DmaapPublisher { } @Override - public String getUserName() { + public String getAuth() { - return UrnPropertiesReader.getVariable("mso.global.dmaap.username"); + return UrnPropertiesReader.getVariable("mso.global.dmaap.auth"); } @Override - public String getPassword() { + public String getKey() { - return UrnPropertiesReader.getVariable("mso.global.dmaap.password"); + return UrnPropertiesReader.getVariable("mso.msoKey"); } @Override public String getTopic() { - return UrnPropertiesReader.getVariable("mso.global.dmaap.publisher.topic"); } diff --git a/bpmn/MSOCommonBPMN/src/test/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisherTest.java b/bpmn/MSOCommonBPMN/src/test/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisherTest.java index 47e05831ad..d380536a48 100644 --- a/bpmn/MSOCommonBPMN/src/test/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisherTest.java +++ b/bpmn/MSOCommonBPMN/src/test/java/org/onap/so/client/dmaapproperties/GlobalDmaapPublisherTest.java @@ -33,8 +33,8 @@ public class GlobalDmaapPublisherTest extends BaseTest{ @Test public void testGetters() { - assertEquals("dmaapUsername", globalDmaapPublisher.getUserName()); - assertEquals("ZG1hYXBQYXNzd29yZA==", globalDmaapPublisher.getPassword()); + assertEquals("81B7E3533B91A6706830611FB9A8ECE529BBCCE754B1F1520FA7C8698B42F97235BEFA993A387E664D6352C63A6185D68DA7F0B1D360637CBA102CB166E3E62C11EB1F75386D3506BCECE51E54", globalDmaapPublisher.getAuth()); + assertEquals("07a7159d3bf51a0e53be7a8f89699be7", globalDmaapPublisher.getKey()); assertEquals("com.att.mso.asyncStatusUpdate", globalDmaapPublisher.getTopic()); assertEquals("http://localhost:" + wireMockPort, globalDmaapPublisher.getHost().get()); } diff --git a/bpmn/MSOCommonBPMN/src/test/resources/application-test.yaml b/bpmn/MSOCommonBPMN/src/test/resources/application-test.yaml index 18f94f3b88..b229fbd26a 100644 --- a/bpmn/MSOCommonBPMN/src/test/resources/application-test.yaml +++ b/bpmn/MSOCommonBPMN/src/test/resources/application-test.yaml @@ -146,6 +146,7 @@ mso: host: http://localhost:${wiremock.server.port} publisher: topic: com.att.mso.asyncStatusUpdate + auth: 81B7E3533B91A6706830611FB9A8ECE529BBCCE754B1F1520FA7C8698B42F97235BEFA993A387E664D6352C63A6185D68DA7F0B1D360637CBA102CB166E3E62C11EB1F75386D3506BCECE51E54 oof: auth: test timeout: PT10S @@ -163,6 +164,16 @@ sdnc: auth: Basic YWRtaW46YWRtaW4= host: http://localhost:8446 path: /restconf/operations/GENERIC-RESOURCE-API +sdno: + health-check: + dmaap: + password: alRyMzJ3NUNeakxl + publisher: + topic: com.att.sdno.test-health-diagnostic-v02 + host: https://olsd004.wnsnet.attws.com:3905 + subscriber: + topic: com.att.sdno.test-health-diagnostic-v02 + auth: 81B7E3533B91A6706830611FB9A8ECE529BBCCE754B1F1520FA7C8698B42F97235BEFA993A387E664D6352C63A6185D68DA7F0B1D360637CBA102CB166E3E62C11EB1F75386D3506BCECE51E54 sniro: conductor: enabled: true @@ -178,7 +189,15 @@ sniro: headers.patchVersion: 1 headers.minorVersion: 1 headers.latestVersion: 2 - +ruby: + create-ticket-request: + dmaap: + username: m04768@mso.ecomp.att.com + password: alRyMzJ3NUNeakxl + publisher: + topic: com.att.pdas.exp.msoCMFallout-v1 + host: https://olsd004.wnsnet.attws.com:3905 + auth: 81B7E3533B91A6706830611FB9A8ECE529BBCCE754B1F1520FA7C8698B42F97235BEFA993A387E664D6352C63A6185D68DA7F0B1D360637CBA102CB166E3E62C11EB1F75386D3506BCECE51E54 spring: datasource: jdbc-url: jdbc:mariadb://localhost:3307/camundabpmn diff --git a/common/src/main/java/org/onap/so/client/dmaap/DmaapClient.java b/common/src/main/java/org/onap/so/client/dmaap/DmaapClient.java index dde0b31c90..dea00dd08f 100644 --- a/common/src/main/java/org/onap/so/client/dmaap/DmaapClient.java +++ b/common/src/main/java/org/onap/so/client/dmaap/DmaapClient.java @@ -17,10 +17,11 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - + package org.onap.so.client.dmaap; import java.io.IOException; +import java.security.GeneralSecurityException; import java.util.Base64; import java.util.Map; import java.util.Optional; @@ -31,13 +32,14 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; - +import org.onap.so.utils.CryptoUtils; public abstract class DmaapClient { - + protected static Logger logger = LoggerFactory.getLogger(DmaapClient.class); protected final Map msoProperties; protected final Properties properties; + public DmaapClient(String filepath) throws IOException { Resource resource = new ClassPathResource(filepath); DmaapProperties dmaapProperties = DmaapPropertiesLoader.getInstance().getNewImpl(); @@ -48,27 +50,34 @@ public abstract class DmaapClient { this.msoProperties = dmaapProperties.getProperties(); this.properties = new Properties(); this.properties.load(resource.getInputStream()); - this.properties.put("password", this.deobfuscatePassword(this.getPassword())); - this.properties.put("username", this.getUserName()); + try { + this.properties.put("auth", CryptoUtils.decrypt(this.getAuth(), this.getKey()).getBytes()); + } catch (GeneralSecurityException e) { + logger.error(e.getMessage(), e); + } + this.properties.put("key", this.getKey()); this.properties.put("topic", this.getTopic()); Optional host = this.getHost(); if (host.isPresent()) { this.properties.put("host", host.get()); } } - protected String deobfuscatePassword(String password) { - + + protected String deobfuscatePassword(String decrypted_key) { + try { - return new String(Base64.getDecoder().decode(password.getBytes())); - } catch(IllegalArgumentException iae) { - logger.error("llegal Arguments",iae); - return password; + return new String(Base64.getDecoder().decode(decrypted_key.getBytes())); + } catch (IllegalArgumentException iae) { + logger.error("llegal Arguments", iae); + return decrypted_key; } } - - - public abstract String getUserName(); - public abstract String getPassword(); + + public abstract String getKey(); + + public abstract String getAuth(); + public abstract String getTopic(); + public abstract Optional getHost(); } diff --git a/common/src/main/java/org/onap/so/client/dmaap/rest/DMaaPRestClient.java b/common/src/main/java/org/onap/so/client/dmaap/rest/DMaaPRestClient.java index 0438ff237a..9fd8c05cb5 100644 --- a/common/src/main/java/org/onap/so/client/dmaap/rest/DMaaPRestClient.java +++ b/common/src/main/java/org/onap/so/client/dmaap/rest/DMaaPRestClient.java @@ -17,34 +17,37 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - + package org.onap.so.client.dmaap.rest; import java.net.URL; -import java.util.Base64; import java.util.Map; import org.onap.so.client.RestClient; +import org.onap.so.utils.CryptoUtils; import org.onap.so.utils.TargetEntity; public class DMaaPRestClient extends RestClient { - private final String username; - private final String password; - public DMaaPRestClient(URL url, String contentType, String username, String password) { + private final String auth; + private final String key; + + public DMaaPRestClient(URL url, String contentType, String auth, String key) { super(url, contentType); - this.username = username; - this.password = password; + this.auth = auth; + this.key = key; } - @Override - public TargetEntity getTargetEntity(){ - return TargetEntity.DMAAP; - } + @Override + public TargetEntity getTargetEntity() { + return TargetEntity.DMAAP; + } @Override protected void initializeHeaderMap(Map headerMap) { - headerMap.put("Authorization", "Basic " + Base64.getEncoder().encodeToString((username + ":" + password).getBytes())); + if (auth != null && !auth.isEmpty() && key != null && !key.isEmpty()) { + addBasicAuthHeader(auth, key); + } } } diff --git a/common/src/main/java/org/onap/so/client/dmaap/rest/PropertiesBean.java b/common/src/main/java/org/onap/so/client/dmaap/rest/PropertiesBean.java index f43c65808a..18849217f8 100644 --- a/common/src/main/java/org/onap/so/client/dmaap/rest/PropertiesBean.java +++ b/common/src/main/java/org/onap/so/client/dmaap/rest/PropertiesBean.java @@ -24,8 +24,8 @@ import java.util.Properties; public class PropertiesBean { - private String username; - private String password; + private String auth; + private String key; private String environment; private String partition; private String contentType; @@ -35,8 +35,8 @@ public class PropertiesBean { public PropertiesBean(Properties properties) { - this.withUsername(properties.getProperty("username")) - .withPassword(properties.getProperty("password")) + this.withAuth(properties.getProperty("auth")) + .withKey(properties.getProperty("key")) .withTopic(properties.getProperty("topic")) .withEnvironment(properties.getProperty("environment")) .withHost(properties.getProperty("host")) @@ -44,24 +44,24 @@ public class PropertiesBean { .withPartition(properties.getProperty("partition")) .withContentType(properties.getProperty("contentType", "application/json")); } - public String getUsername() { - return username; + public String getAuth() { + return auth; } - public void setUsername(String username) { - this.username = username; + public void setAuth(String auth) { + this.auth = auth; } - public PropertiesBean withUsername(String username) { - this.username = username; + public PropertiesBean withAuth(String auth) { + this.auth = auth; return this; } - public String getPassword() { - return password; + public String getKey() { + return key; } - public void setPassword(String password) { - this.password = password; + public void setKey(String key) { + this.key = key; } - public PropertiesBean withPassword(String password) { - this.password = password; + public PropertiesBean withKey(String key) { + this.key = key; return this; } public String getEnvironment() { diff --git a/common/src/main/java/org/onap/so/client/dmaap/rest/RestConsumer.java b/common/src/main/java/org/onap/so/client/dmaap/rest/RestConsumer.java index 39af15635a..bee5a0c2ca 100644 --- a/common/src/main/java/org/onap/so/client/dmaap/rest/RestConsumer.java +++ b/common/src/main/java/org/onap/so/client/dmaap/rest/RestConsumer.java @@ -37,7 +37,7 @@ public class RestConsumer implements Consumer { private final RestClient client; public RestConsumer(Properties properties) { PropertiesBean bean = new PropertiesBean(properties); - client = new DMaaPRestClient(this.createURL(bean), bean.getContentType(), bean.getUsername(), bean.getPassword()); + client = new DMaaPRestClient(this.createURL(bean), bean.getContentType(), bean.getAuth(), bean.getKey()); } private URL createURL(PropertiesBean properties) { diff --git a/common/src/main/java/org/onap/so/client/dmaap/rest/RestPublisher.java b/common/src/main/java/org/onap/so/client/dmaap/rest/RestPublisher.java index 090e50543b..af660c2aa4 100644 --- a/common/src/main/java/org/onap/so/client/dmaap/rest/RestPublisher.java +++ b/common/src/main/java/org/onap/so/client/dmaap/rest/RestPublisher.java @@ -35,7 +35,7 @@ public class RestPublisher implements Publisher { public RestPublisher(Properties properties) { PropertiesBean bean = new PropertiesBean(properties); - client = new DMaaPRestClient(this.createURL(bean), bean.getContentType(), bean.getUsername(), bean.getPassword()); + client = new DMaaPRestClient(this.createURL(bean), bean.getContentType(), bean.getAuth(), bean.getKey()); } private URL createURL(PropertiesBean properties) { diff --git a/common/src/main/java/org/onap/so/client/ruby/dmaap/RubyCreateTicketRequestPublisher.java b/common/src/main/java/org/onap/so/client/ruby/dmaap/RubyCreateTicketRequestPublisher.java index 1d4e014300..93a2d96c5e 100644 --- a/common/src/main/java/org/onap/so/client/ruby/dmaap/RubyCreateTicketRequestPublisher.java +++ b/common/src/main/java/org/onap/so/client/ruby/dmaap/RubyCreateTicketRequestPublisher.java @@ -32,13 +32,13 @@ public class RubyCreateTicketRequestPublisher extends DmaapPublisher{ } @Override - public String getUserName() { - return msoProperties.get("ruby.create-ticket-request.dmaap.username"); + public String getAuth() { + return msoProperties.get("ruby.create-ticket-request.dmaap.auth"); } @Override - public String getPassword() { - return msoProperties.get("ruby.create-ticket-request.dmaap.password"); + public String getKey() { + return msoProperties.get("mso.msoKey"); } @Override diff --git a/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapConsumer.java b/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapConsumer.java index 8154b9137d..a76c47c805 100644 --- a/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapConsumer.java +++ b/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapConsumer.java @@ -42,13 +42,13 @@ public class SDNOHealthCheckDmaapConsumer extends DmaapConsumer { } @Override - public String getUserName() { - return msoProperties.get("sdno.health-check.dmaap.username"); + public String getAuth() { + return msoProperties.get("sdno.health-check.dmaap.auth"); } @Override - public String getPassword() { - return msoProperties.get("sdno.health-check.dmaap.password"); + public String getKey() { + return msoProperties.get("mso.msoKey"); } @Override diff --git a/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapPublisher.java b/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapPublisher.java index 2556e67e3c..f4af2052ac 100644 --- a/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapPublisher.java +++ b/common/src/main/java/org/onap/so/client/sdno/dmaap/SDNOHealthCheckDmaapPublisher.java @@ -33,13 +33,13 @@ public class SDNOHealthCheckDmaapPublisher extends DmaapPublisher { } @Override - public String getUserName() { - return msoProperties.get("sdno.health-check.dmaap.username"); + public String getAuth() { + return msoProperties.get("sdno.health-check.dmaap.auth"); } @Override - public String getPassword() { - return msoProperties.get("sdno.health-check.dmaap.password"); + public String getKey() { + return msoProperties.get("sdno.health-check.dmaap.msoKey"); } @Override diff --git a/common/src/test/java/org/onap/so/client/dmaap/DmaapPublisherTest.java b/common/src/test/java/org/onap/so/client/dmaap/DmaapPublisherTest.java index c0633c1cca..0836ed23eb 100644 --- a/common/src/test/java/org/onap/so/client/dmaap/DmaapPublisherTest.java +++ b/common/src/test/java/org/onap/so/client/dmaap/DmaapPublisherTest.java @@ -29,13 +29,13 @@ public class DmaapPublisherTest { DmaapPublisher dmaapPublisher = new DmaapPublisher(120) { @Override - public String getUserName() { - return "test"; + public String getAuth() { + return "8F73A1691F6271E769329C176EE3EA48F52786AF12A3E16259007EED2A0F0CC3CB965F4AB5318483015723CCE1C0B48AB6C4DED6E251869393B01E4EC532FC88D4A128B92F4CDB34719B171923"; } @Override - public String getPassword() { - return "test"; + public String getKey() { + return "07a7159d3bf51a0e53be7a8f89699be7"; } @Override diff --git a/common/src/test/resources/dmaap.properties b/common/src/test/resources/dmaap.properties index 7ce101996c..5593455da3 100644 --- a/common/src/test/resources/dmaap.properties +++ b/common/src/test/resources/dmaap.properties @@ -4,4 +4,7 @@ sdno.health-check.dmaap.subscriber.topic=com.att.sdno.test-health-diagnostic-v02 sdno.health-check.dmaap.publisher.topic=com.att.sdno.test-health-diagnostic-v02 ruby.create-ticket-request.dmaap.username=testuser ruby.create-ticket-request.dmaap.password=eHQ1cUJrOUc -ruby.create-ticket-request.publisher.topic=com.att.pdas.st1.msoCMFallout-v1 \ No newline at end of file +ruby.create-ticket-request.publisher.topic=com.att.pdas.st1.msoCMFallout-v1 +ruby.create-ticket-request.dmaap.auth=81B7E3533B91A6706830611FB9A8ECE529BBCCE754B1F1520FA7C8698B42F97235BEFA993A387E664D6352C63A6185D68DA7F0B1D360637CBA102CB166E3E62C11EB1F75386D3506BCECE51E54 +sdno.health-check.dmaap.auth=81B7E3533B91A6706830611FB9A8ECE529BBCCE754B1F1520FA7C8698B42F97235BEFA993A387E664D6352C63A6185D68DA7F0B1D360637CBA102CB166E3E62C11EB1F75386D3506BCECE51E54 +mso.msoKey=07a7159d3bf51a0e53be7a8f89699be7 \ No newline at end of file diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/DmaapPropertiesImpl.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/DmaapPropertiesImpl.java index 813299c370..8409d9c300 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/DmaapPropertiesImpl.java +++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/DmaapPropertiesImpl.java @@ -31,8 +31,8 @@ public class DmaapPropertiesImpl implements DmaapProperties { private final Map props = new HashMap<>(); private static final String[] propertyNames = { - "mso.so.operational-environment.dmaap.username", - "mso.so.operational-environment.dmaap.password", + "mso.so.operational-environment.dmaap.auth", + "mso.msoKey", "mso.so.operational-environment.publisher.topic", "mso.so.operational-environment.dmaap.host" }; diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisher.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisher.java index 52c395e1d1..31bc6fcb4f 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisher.java +++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisher.java @@ -37,15 +37,15 @@ public class OperationalEnvironmentPublisher extends DmaapPublisher { } @Override - public String getUserName() { + public String getAuth() { - return this.msoProperties.get("mso.so.operational-environment.dmaap.username"); + return this.msoProperties.get("mso.so.operational-environment.dmaap.auth"); } @Override - public String getPassword() { + public String getKey() { - return this.msoProperties.get("mso.so.operational-environment.dmaap.password"); + return this.msoProperties.get("mso.msoKey"); } @Override diff --git a/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisherTest.java b/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisherTest.java index 59df7ae960..7329f313a5 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisherTest.java +++ b/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/tenantisolation/dmaap/OperationalEnvironmentPublisherTest.java @@ -43,8 +43,8 @@ public class OperationalEnvironmentPublisherTest extends BaseTest { @Test public void getProperties() throws FileNotFoundException, IOException { - assertEquals("testuser", publisher.getUserName()); - assertEquals("VjR5NDcxSzA=", publisher.getPassword()); + assertEquals("B3705D6C2D521257CC2422ACCF03B001811ACC49F564DDB3A2CF2A1378B6D35A23CDCB696F2E1EDFBE6758DFE7C74B94F4A7DF84A0E2BB904935AC4D900D5597DF981ADE6CE1FF3AF993BED0", publisher.getAuth()); + assertEquals("07a7159d3bf51a0e53be7a8f89699be7", publisher.getKey()); assertEquals("test.operationalEnvironmentEvent", publisher.getTopic()); assertEquals("http://localhost:" + env.getProperty("wiremock.server.port"), publisher.getHost().get()); } diff --git a/mso-api-handlers/mso-api-handler-infra/src/test/resources/application-test.yaml b/mso-api-handlers/mso-api-handler-infra/src/test/resources/application-test.yaml index 63eb0534ea..4826c8756f 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/test/resources/application-test.yaml +++ b/mso-api-handlers/mso-api-handler-infra/src/test/resources/application-test.yaml @@ -1,10 +1,10 @@ # will be used as entry in DB to say SITE OFF/ON for healthcheck -server: - port: 8080 - tomcat: - max-threads: 50 -ssl-enable: false +server: + port: 8080 + tomcat: + max-threads: 50 + mso: health: @@ -77,6 +77,7 @@ mso: username: testuser password: VjR5NDcxSzA= host: http://localhost:${wiremock.server.port} + auth: B3705D6C2D521257CC2422ACCF03B001811ACC49F564DDB3A2CF2A1378B6D35A23CDCB696F2E1EDFBE6758DFE7C74B94F4A7DF84A0E2BB904935AC4D900D5597DF981ADE6CE1FF3AF993BED0 publisher: topic: test.operationalEnvironmentEvent