2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.aai.restclient;
22 import org.apache.commons.io.IOUtils;
23 import org.slf4j.Logger;
24 import org.slf4j.LoggerFactory;
25 import org.springframework.context.ApplicationContextInitializer;
26 import org.springframework.context.ConfigurableApplicationContext;
27 import org.springframework.core.env.ConfigurableEnvironment;
28 import org.springframework.core.env.EnumerablePropertySource;
29 import org.springframework.core.env.MapPropertySource;
30 import org.springframework.core.env.PropertySource;
33 import java.io.FileInputStream;
34 import java.io.IOException;
35 import java.io.InputStream;
36 import java.util.LinkedHashMap;
38 import java.util.Properties;
39 import java.util.regex.Matcher;
40 import java.util.regex.Pattern;
42 public class PropertyPasswordConfiguration implements ApplicationContextInitializer<ConfigurableApplicationContext> {
44 private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)");
45 private PasswordDecoder passwordDecoder = new JettyPasswordDecoder();
46 private static final Logger logger = LoggerFactory.getLogger(PropertyPasswordConfiguration.class.getName());
49 public void initialize(ConfigurableApplicationContext applicationContext) {
50 ConfigurableEnvironment environment = applicationContext.getEnvironment();
51 String certPath = environment.getProperty("server.certs.location");
52 File passwordFile = null;
53 File passphrasesFile = null;
54 InputStream passwordStream = null;
55 InputStream passphrasesStream = null;
56 Map<String, Object> sslProps = new LinkedHashMap<>();
58 // Override the passwords from application.properties if we find AAF certman files
59 if (certPath != null) {
61 passwordFile = new File(certPath + ".password");
62 passwordStream = new FileInputStream(passwordFile);
64 if (passwordStream != null) {
65 String keystorePassword = null;
67 keystorePassword = IOUtils.toString(passwordStream);
68 if (keystorePassword != null) {
69 keystorePassword = keystorePassword.trim();
71 sslProps.put("server.ssl.key-store-password", keystorePassword);
72 sslProps.put("schema.service.ssl.key-store-password", keystorePassword);
73 sslProps.put("validation.service.ssl.key-store-password", keystorePassword);
75 logger.info("Not using AAF Certman password file");
77 } catch (IOException e) {
78 logger.warn("Not using AAF Certman password file, e=" + e.getMessage());
80 if (passwordStream != null) {
82 passwordStream.close();
83 } catch (Exception e) {
88 passphrasesFile = new File(certPath + ".passphrases");
89 passphrasesStream = new FileInputStream(passphrasesFile);
91 if (passphrasesStream != null) {
92 String truststorePassword = null;
93 Properties passphrasesProps = new Properties();
94 passphrasesProps.load(passphrasesStream);
95 truststorePassword = passphrasesProps.getProperty("cadi_truststore_password");
96 if (truststorePassword != null) {
97 truststorePassword = truststorePassword.trim();
99 sslProps.put("server.ssl.trust-store-password", truststorePassword);
100 sslProps.put("schema.service.ssl.trust-store-password", truststorePassword);
101 sslProps.put("validation.service.ssl.trust-store-password", truststorePassword);
103 logger.info("Not using AAF Certman passphrases file");
105 } catch (IOException e) {
106 logger.warn("Not using AAF Certman passphrases file, e=" + e.getMessage());
108 if (passphrasesStream != null) {
110 passphrasesStream.close();
111 } catch (Exception e) {
116 for (PropertySource<?> propertySource : environment.getPropertySources()) {
117 Map<String, Object> propertyOverrides = new LinkedHashMap<>();
118 decodePasswords(propertySource, propertyOverrides);
119 if (!propertyOverrides.isEmpty()) {
120 PropertySource<?> decodedProperties = new MapPropertySource("decoded "+ propertySource.getName(), propertyOverrides);
121 environment.getPropertySources().addBefore(propertySource.getName(), decodedProperties);
125 if (!sslProps.isEmpty()) {
126 logger.info("Using AAF Certman files");
127 PropertySource<?> additionalProperties = new MapPropertySource("additionalProperties", sslProps);
128 environment.getPropertySources().addFirst(additionalProperties);
132 private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) {
133 if (source instanceof EnumerablePropertySource) {
134 EnumerablePropertySource<?> enumerablePropertySource = (EnumerablePropertySource<?>) source;
135 for (String key : enumerablePropertySource.getPropertyNames()) {
136 Object rawValue = source.getProperty(key);
137 if (rawValue instanceof String) {
138 String decodedValue = decodePasswordsInString((String) rawValue);
139 propertyOverrides.put(key, decodedValue);
145 private String decodePasswordsInString(String input) {
146 if (input == null) return null;
147 StringBuffer output = new StringBuffer();
148 Matcher matcher = decodePasswordPattern.matcher(input);
149 while (matcher.find()) {
150 String replacement = passwordDecoder.decode(matcher.group(1));
151 matcher.appendReplacement(output, replacement);
153 matcher.appendTail(output);
154 return output.toString();