From 5ada29b64cb08cbddca09fd89517c4d75c77d330 Mon Sep 17 00:00:00 2001
From: da490c <dave.adams@amdocs.com>
Date: Tue, 3 Apr 2018 23:58:17 -0400
Subject: [PATCH] Add support for obfuscated keystore password

Issue-ID: AAI-989
Change-Id: I2c6806e93fc20d19ea2dad4aa02a86e829d1e668
Signed-off-by: da490c <dave.adams@amdocs.com>
---
 sparkybe-onap-application/pom.xml                  | 52 +++++++++++-----------
 .../src/main/docker/Dockerfile                     |  6 +--
 .../main/java/org/onap/aai/sparky/Application.java | 51 +++++++++++++++++----
 .../config/PropertyPasswordConfiguration.java      | 50 +++++++++++++++++++++
 .../aai/sparky/config/SparkyHttpConfigLoader.java  |  4 +-
 .../aai/sparky/config/SparkySslConfigLoader.java   |  4 +-
 .../src/main/scripts/start.sh                      |  2 +-
 7 files changed, 126 insertions(+), 43 deletions(-)
 create mode 100644 sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java

diff --git a/sparkybe-onap-application/pom.xml b/sparkybe-onap-application/pom.xml
index e68439b..e58e54a 100644
--- a/sparkybe-onap-application/pom.xml
+++ b/sparkybe-onap-application/pom.xml
@@ -28,9 +28,6 @@
 		<docker.image.name>sparky-be</docker.image.name>
 	</properties>
 
-
-
-
 	<dependencyManagement>
 		<dependencies>
 
@@ -109,8 +106,8 @@
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/com.sun.xml.bind/jaxb-impl -->
-		<!-- <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-impl</artifactId>
-			</dependency> <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-core</artifactId>
+		<!-- <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-impl</artifactId> 
+			</dependency> <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-core</artifactId> 
 			</dependency> -->
 
 		<!-- Camel -->
@@ -165,17 +162,17 @@
 			<version>1.2</version>
 		</dependency>
 
-		<!-- <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-jasper</artifactId>
+		<!-- <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-jasper</artifactId> 
 			</dependency> -->
 
 
 		<!-- https://mvnrepository.com/artifact/org.apache.camel/camel-http-common -->
-		<!-- <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-http</artifactId>
-			<version>2.15.5</version> </dependency> <dependency> <groupId>abc.def</groupId>
-			<artifactId>att-camel-dme2-servlet</artifactId> <version>2.15.5</version>
-			<scope>system</scope> <systemPath>x:/222/att-camel-dme2-servlet-2.15.5.jar</systemPath>
-			</dependency> <dependency> <groupId>abc.def</groupId> <artifactId>att-camel-static-content</artifactId>
-			<version>2.11.2.1</version> <scope>system</scope> <systemPath>x:/222/att-camel-static-content-2.11.2.1.jar</systemPath>
+		<!-- <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-http</artifactId> 
+			<version>2.15.5</version> </dependency> <dependency> <groupId>abc.def</groupId> 
+			<artifactId>att-camel-dme2-servlet</artifactId> <version>2.15.5</version> 
+			<scope>system</scope> <systemPath>x:/222/att-camel-dme2-servlet-2.15.5.jar</systemPath> 
+			</dependency> <dependency> <groupId>abc.def</groupId> <artifactId>att-camel-static-content</artifactId> 
+			<version>2.11.2.1</version> <scope>system</scope> <systemPath>x:/222/att-camel-static-content-2.11.2.1.jar</systemPath> 
 			</dependency> -->
 
 		<!-- Utility dependencies -->
@@ -389,7 +386,7 @@
 					</folders>
 				</configuration>
 			</plugin>
-
+			
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-resources-plugin</artifactId>
@@ -464,14 +461,14 @@
 									<artifactId>${frontEndArtifactId}</artifactId>
 									<version>${frontEndVersion}</version>
 									<type>war</type>
-									<outputDirectory>${basedir}/target/static/</outputDirectory>
+									<outputDirectory>${basedir}/target/static/services/aai/webapp/</outputDirectory>
 								</artifactItem>
 							</artifactItems>
 						</configuration>
 					</execution>
 				</executions>
-			</plugin>
-
+			</plugin>			
+			
 			<plugin>
 				<groupId>org.jacoco</groupId>
 				<artifactId>jacoco-maven-plugin</artifactId>
@@ -524,12 +521,12 @@
 				</configuration>
 			</plugin>
 
-			<!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId>
-				<version>2.7</version> <executions> <execution> <id>copy-docker-file</id>
-				<phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration>
-				<outputDirectory>target</outputDirectory> <overwrite>true</overwrite> <resources>
-				<resource> <directory>${basedir}/src/main/docker</directory> <filtering>true</filtering>
-				<includes> <include>**/*</include> </includes> </resource> <resource> <directory>${basedir}/src/main/scripts/</directory>
+			<!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> 
+				<version>2.7</version> <executions> <execution> <id>copy-docker-file</id> 
+				<phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> 
+				<outputDirectory>target</outputDirectory> <overwrite>true</overwrite> <resources> 
+				<resource> <directory>${basedir}/src/main/docker</directory> <filtering>true</filtering> 
+				<includes> <include>**/*</include> </includes> </resource> <resource> <directory>${basedir}/src/main/scripts/</directory> 
 				</resource> </resources> </configuration> </execution> </executions> </plugin> -->
 			<plugin>
 				<groupId>com.spotify</groupId>
@@ -547,10 +544,10 @@
 				</configuration>
 			</plugin>
 			<!-- license plugin -->
-			<!-- <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId>
-				<version>3.0</version> <configuration> <header>LICENSE</header> <includes>
-				<include>src/main/java/**</include> </includes> </configuration> <executions>
-				<execution> <goals> <goal>format</goal> </goals> <phase>process-sources</phase>
+			<!-- <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> 
+				<version>3.0</version> <configuration> <header>LICENSE</header> <includes> 
+				<include>src/main/java/**</include> </includes> </configuration> <executions> 
+				<execution> <goals> <goal>format</goal> </goals> <phase>process-sources</phase> 
 				</execution> </executions> </plugin> -->
 		</plugins>
 	</build>
@@ -568,3 +565,6 @@
 	</distributionManagement>
 
 </project>
+
+
+
diff --git a/sparkybe-onap-application/src/main/docker/Dockerfile b/sparkybe-onap-application/src/main/docker/Dockerfile
index f5e620c..ea68606 100644
--- a/sparkybe-onap-application/src/main/docker/Dockerfile
+++ b/sparkybe-onap-application/src/main/docker/Dockerfile
@@ -17,18 +17,16 @@ RUN export JAVA_HOME
 RUN mkdir -p $MICRO_HOME
 RUN mkdir -p $BIN_HOME
 RUN mkdir -p $MICRO_HOME/lib/
-RUN mkdir -p $MICRO_HOME/static/services/aai/webapp/
+RUN mkdir -p $MICRO_HOME/static/
 
 ADD *.jar $MICRO_HOME/lib/
 ADD scripts/* $MICRO_HOME/bin/
-COPY static/ $MICRO_HOME/static/services/aai/webapp/
+COPY static/ $MICRO_HOME/static/
 
 RUN chmod 755 $MICRO_HOME/bin/*
 RUN chmod 755 $MICRO_HOME/lib/*
 RUN chmod 755 $MICRO_HOME/static/*
 
-#RUN ls -la $BIN_HOME/
-
 RUN ln -s /logs $MICRO_HOME/logs
 
 EXPOSE 8000 8000
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
index 1077642..f4df67f 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/Application.java
@@ -22,23 +22,59 @@ package org.onap.aai.sparky;
 
 import javax.servlet.Filter;
 
-import org.onap.aai.sparky.security.filter.LoginFilter;
-
 import org.apache.camel.component.servlet.CamelHttpTransportServlet;
+import org.onap.aai.sparky.config.PropertyPasswordConfiguration;
+import org.onap.aai.sparky.security.filter.LoginFilter;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class Application {
-
+  
+  private static final String SPARKY_SSL_ENABLED = "sparky.ssl.enabled";
+  private static final String SPARKY_PORTAL_ENABLED = "sparky.portal.enabled";
+  
   private Filter loginFilter = new LoginFilter();
-
+   
   public static void main(String[] args) {
-    SpringApplication.run(Application.class, args);
+
+    setDefaultProperties();
+    SpringApplication app = new SpringApplication(Application.class);
+    app.addInitializers(new PropertyPasswordConfiguration());
+    app.run(args);
+    
+  }
+  
+  protected static void setDefaultProperties() {
+
+    /*
+     * By default we want ssl and portal integration, however it is possible to turn these off with
+     * properties for local development and interop in some situations.
+     */
+
+    if (System.getenv(SPARKY_SSL_ENABLED) == null) {
+      System.setProperty(SPARKY_SSL_ENABLED, "true");
+    } else {
+      System.setProperty(SPARKY_SSL_ENABLED, System.getenv(SPARKY_SSL_ENABLED));
+    }
+
+    boolean sslEnabled = Boolean.parseBoolean(System.getProperty(SPARKY_SSL_ENABLED));
+
+    if (sslEnabled) {
+      System.setProperty("server.ssl.key-store-password", System.getenv("KEYSTORE_PASSWORD"));
+      System.setProperty("server.ssl.key-password", System.getenv("KEYSTORE_ALIAS_PASSWORD"));
+    }
+
+    if (System.getenv(SPARKY_PORTAL_ENABLED) == null) {
+      System.setProperty(SPARKY_PORTAL_ENABLED, "true");
+    } else {
+      System.setProperty(SPARKY_PORTAL_ENABLED, System.getenv(SPARKY_PORTAL_ENABLED));
+    }
+
   }
 
   /*
@@ -67,5 +103,4 @@ public class Application {
   }
 
 
-
 }
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
new file mode 100644
index 0000000..b554375
--- /dev/null
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/PropertyPasswordConfiguration.java
@@ -0,0 +1,50 @@
+package org.onap.aai.sparky.config;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.EnumerablePropertySource;
+import org.springframework.core.env.MapPropertySource;
+import org.springframework.core.env.PropertySource;
+
+public class PropertyPasswordConfiguration
+    implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+  private static final String JETTY_OBFUSCATION_PATTERN = "OBF:";
+
+  @Override
+  public void initialize(ConfigurableApplicationContext applicationContext) {
+    ConfigurableEnvironment environment = applicationContext.getEnvironment();
+    for (PropertySource<?> propertySource : environment.getPropertySources()) {
+      Map<String, Object> propertyOverrides = new LinkedHashMap<>();
+      decodePasswords(propertySource, propertyOverrides);
+      if (!propertyOverrides.isEmpty()) {
+        PropertySource<?> decodedProperties =
+            new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides);
+        environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
+      }
+    }
+
+  }
+
+  private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
+    if (source instanceof EnumerablePropertySource) {
+      EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
+      for (String key : enumerablePropertySource.getPropertyNames()) {
+        Object rawValue = source.getProperty(key);
+        if (rawValue instanceof String) {
+          String rawValueString = (String) rawValue;
+          if (rawValueString.startsWith(JETTY_OBFUSCATION_PATTERN)) {
+            String decodedValue = Password.deobfuscate(rawValueString);
+            propertyOverrides.put(key, decodedValue);
+          }
+        }
+      }
+    }
+  }
+
+}
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
index 4c1d541..f6b739c 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkyHttpConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 @Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
-@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
+@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
 public class SparkyHttpConfigLoader {
 
 }
diff --git a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
index c493f64..c216ddd 100644
--- a/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
+++ b/sparkybe-onap-application/src/main/java/org/onap/aai/sparky/config/SparkySslConfigLoader.java
@@ -25,8 +25,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 @Configuration
-@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "false")
-@PropertySource("file:${CONFIG_HOME}/sparky-http-config.properties")
+@ConditionalOnProperty(value="sparky.ssl.enabled", havingValue = "true")
+@PropertySource("file:${CONFIG_HOME}/sparky-ssl-config.properties")
 public class SparkySslConfigLoader {
 
 }
diff --git a/sparkybe-onap-application/src/main/scripts/start.sh b/sparkybe-onap-application/src/main/scripts/start.sh
index f2f6f31..e1a1e57 100644
--- a/sparkybe-onap-application/src/main/scripts/start.sh
+++ b/sparkybe-onap-application/src/main/scripts/start.sh
@@ -7,5 +7,5 @@ PROPS="-DAPP_HOME=${APP_HOME} -DCONFIG_HOME=${CONFIG_HOME}"
 
 set -x
 jar ufv ${APP_HOME}/lib/sparkybe-onap-application*.jar -C ${CONFIG_HOME}/portal/ BOOT-INF/classes/portal.properties
-java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar --sparky.ssl.enabled=${UI_SSL_ENABLED} --sparky.portal.enabled=${UI_PORTAL_ENABLED}
+java -Xms1024m -Xmx4096m $PROPS -jar ${APP_HOME}/lib/sparkybe-onap-application*.jar 
 
-- 
2.16.6