import com.att.eelf.configuration.EELFManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.DB;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
+import org.onap.dmaap.datarouter.provisioning.utils.Poker;
+import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter;
import org.slf4j.MDC;
public static final String SUBFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-full; version=2.0";
static final String SUBLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-list; version=1.0";
-
//Adding groups functionality, ...1610
static final String GROUP_BASECONTENT_TYPE = "application/vnd.dmaap-dr.group";
static final String GROUP_CONTENT_TYPE = "application/vnd.dmaap-dr.group; version=2.0";
static final String GROUPFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.group-full; version=2.0";
public static final String GROUPLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.fegrouped-list; version=1.0";
-
public static final String LOGLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.log-list; version=1.0";
public static final String PROVFULL_CONTENT_TYPE1 = "application/vnd.dmaap-dr.provfeed-full; version=1.0";
public static final String PROVFULL_CONTENT_TYPE2 = "application/vnd.dmaap-dr.provfeed-full; version=2.0";
public static final String CERT_ATTRIBUTE = "javax.servlet.request.X509Certificate";
- static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you try the operation again.";
+ static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you "
+ + "try the operation again.";
private static final int DEFAULT_MAX_FEEDS = 10000;
private static final int DEFAULT_MAX_SUBS = 100000;
private static final int DEFAULT_POKETIMER1 = 5;
private static final int DEFAULT_POKETIMER2 = 30;
- private static final String DEFAULT_DOMAIN = "onap";
private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov";
//Common Errors
public static final String API = "/api/";
static final String LOGS = "/logs/";
- static final String TEXT_CT = "text/plain";
+ public static final String TEXT_CT = "text/plain";
static final String INGRESS = "/ingress/";
static final String EGRESS = "/egress/";
static final String NETWORK = "/network/";
static final String START_TIME = "start_time";
static final String END_TIME = "end_time";
static final String REASON_SQL = "reasonSQL";
-
+ static final String JSON_HASH_STRING = "password";
/**
* A boolean to trigger one time "provisioning changed" event on startup.
* Array of nodes names and/or FQDNs.
*/
private static String[] nodes = new String[0];
- /**
- * [DATARTR-27] Poke all the DR nodes : Array of nodes names and/or FQDNs.
- */
- private static String[] drnodes = new String[0];
/**
* Array of node IP addresses.
*/
*/
static int activeSubs = 0;
- /**
- * The domain used to generate a FQDN from the "bare" node names.
- */
- private static String provDomain = "web.att.com";
-
/**
* The standard FQDN of the provisioning server in this Data Router ecosystem.
*/
private InetAddress loopback;
//DMAAP-597 (Tech Dept) REST request source IP auth relaxation to accommodate OOM kubernetes deploy
- private static String isAddressAuthEnabled = (new DB()).getProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
+ private static String isAddressAuthEnabled = ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
- static String isCadiEnabled = (new DB()).getProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
+ static String isCadiEnabled = ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
/**
* Initialize data common to all the provisioning server servlets.
*/
protected BaseServlet() {
+ setUpFields();
+ if (authz == null) {
+ authz = new ProvAuthorizer(this);
+ }
+ String name = this.getClass().getName();
+ intlogger.info("PROV0002 Servlet " + name + " started.");
+ }
+
+ private static void setUpFields() {
if (eventlogger == null) {
eventlogger = EELFManager.getInstance().getLogger("EventLog");
}
if (intlogger == null) {
- this.intlogger = EELFManager.getInstance().getLogger("InternalLog");
- }
- if (authz == null) {
- authz = new ProvAuthorizer(this);
+ intlogger = EELFManager.getInstance().getLogger("InternalLog");
}
if (startmsgFlag) {
startmsgFlag = false;
if (synctask == null) {
synctask = SynchronizerTask.getSynchronizer();
}
- String name = this.getClass().getName();
- intlogger.info("PROV0002 Servlet " + name + " started.");
}
@Override
}
}
+ /**
+ * Get ID from Path.
+ * @param req HTTPServletRequest
+ * @return int ID
+ */
public static int getIdFromPath(HttpServletRequest req) {
String path = req.getPathInfo();
if (path == null || path.length() < 2) {
try {
jo = new JSONObject(new JSONTokener(req.getInputStream()));
if (intlogger.isDebugEnabled()) {
- intlogger.debug("JSON: " + jo.toString());
+ intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString());
}
} catch (Exception e) {
intlogger.info("Error reading JSON: " + e);
return jo;
}
- /**
- * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation
- * header object in request before logging the JSON.
- *
- * @param jo the JSON passed in http request.
- * @param maskKey the key to be masked in the JSON passed.
- * @param action whether to mask the key or unmask it in a JSON passed.
- * @return the JSONObject, or null if the stream cannot be parsed.
- */
- static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) {
+ public static JSONObject hashPasswords(JSONObject jo) {
if (!jo.isNull("authorization")) {
JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids");
for (int index = 0; index < endpointIds.length(); index++) {
- if ((!endpointIds.getJSONObject(index).isNull(maskKey))) {
- String password = endpointIds.getJSONObject(index).get(maskKey).toString();
- processPassword(maskKey, action, endpointIds, index, password);
+ if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) {
+ String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString();
+ processPassword(endpointIds, index, password);
}
}
}
+ if (!jo.isNull("delivery")) {
+ JSONObject deliveryObj = jo.getJSONObject("delivery");
+ String password = deliveryObj.get(JSON_HASH_STRING).toString();
+ processPassword(deliveryObj, password);
+ }
return jo;
}
- private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index,
- String password) {
+ private static void processPassword(JSONArray endpointIds, int index, String password) {
try {
- if (action) {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password));
- } else {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password));
- }
- } catch (JSONException | GeneralSecurityException e) {
- intlogger.info("Error reading JSON while masking: " + e);
+ endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
+ }
+ }
+
+ private static void processPassword(JSONObject deliveryObj, String password) {
+ try {
+ deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
}
}
* Check if an IP address matches a network address.
*
* @param ip the IP address
- * @param s the network address; a bare IP address may be matched also
+ * @param str the network address; a bare IP address may be matched also
* @return true if they intersect
*/
- private static boolean addressMatchesNetwork(InetAddress ip, String s) {
+ private static boolean addressMatchesNetwork(InetAddress ip, String str) {
int mlen = -1;
- int n = s.indexOf('/');
- if (n >= 0) {
- mlen = Integer.parseInt(s.substring(n + 1));
- s = s.substring(0, n);
+ int substr = str.indexOf('/');
+ if (substr >= 0) {
+ mlen = Integer.parseInt(str.substring(substr + 1));
+ str = str.substring(0, substr);
}
try {
- InetAddress i2 = InetAddress.getByName(s);
+ InetAddress i2 = InetAddress.getByName(str);
byte[] b1 = ip.getAddress();
byte[] b2 = i2.getAddress();
if (b1.length != b2.length) {
}
if (mlen > 0) {
byte[] masks = {
- (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0,
- (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE
+ (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0,
+ (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE
};
byte mask = masks[mlen % 8];
- for (n = mlen / 8; n < b1.length; n++) {
- b1[n] &= mask;
- b2[n] &= mask;
+ for (substr = mlen / 8; substr < b1.length; substr++) {
+ b1[substr] &= mask;
+ b2[substr] &= mask;
mask = 0;
}
}
- for (n = 0; n < b1.length; n++) {
- if (b1[n] != b2[n]) {
+ for (substr = 0; substr < b1.length; substr++) {
+ if (b1[substr] != b2[substr]) {
return false;
}
}
* Something has changed in the provisioning data. Start the timers that will cause the pre-packaged JSON string to
* be regenerated, and cause nodes and the other provisioning server to be notified.
*/
- static void provisioningDataChanged() {
+ public static void provisioningDataChanged() {
long now = System.currentTimeMillis();
- Poker p = Poker.getPoker();
- p.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L));
+ Poker pkr = Poker.getPoker();
+ pkr.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L));
}
/**
* Something in the parameters has changed, reload all parameters from the DB.
*/
- static void provisioningParametersChanged() {
+ public static void provisioningParametersChanged() {
Map<String, String> map = Parameters.getParameters();
requireSecure = getBoolean(map, Parameters.PROV_REQUIRE_SECURE);
requireCert = getBoolean(map, Parameters.PROV_REQUIRE_CERT);
pokeTimer2 = getInt(map, Parameters.PROV_POKETIMER2, DEFAULT_POKETIMER2);
// The domain used to generate a FQDN from the "bare" node names
- provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN);
provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME);
activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName);
initialActivePod = getString(map, Parameters.ACTIVE_POD, "");
}
}
- //[DATARTR-27] Poke all the DR nodes: assigning DR Nodes
- drnodes = nodes.clone();
-
//Reset Nodes arr after - removing static routing Nodes, Rally Userstory - US664862 .
List<String> filterNodes = new ArrayList<>();
for (String node : nodes) {
return provName;
}
- static String getActiveProvName() {
+ public static String getActiveProvName() {
return activeProvName;
}
return nodes;
}
- /**
- * [DATARTR-27] Poke all the DR nodes
- * Get an array of all node names in the DR network.
- *
- * @return an array of Strings
- */
- public static String[] getDRNodes() {
- return drnodes;
- }
-
/**
* Get an array of all node InetAddresses in the DR network.
*
}
/**
- * Gets the FQDN of the initially STANDBY_POD provisioning server (POD). Note: this used to be called isStandbyPOD(),
+ * Gets the FQDN of the initially STANDBY_POD provisioning server (POD).Note: this used to be called isStandbyPOD(),
* however, that is a misnomer, as the standby status could shift to the active POD without these parameters
* changing. Hence, the function names have been changed to more accurately reflect their purpose.
*
*/
protected boolean doInsert(Insertable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doInsert(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0005 doInsert: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
protected boolean doUpdate(Updateable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doUpdate(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0006 doUpdate: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
protected boolean doDelete(Deleteable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doDelete(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0007 doDelete: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
private static boolean getBoolean(Map<String, String> map, String name) {
- String s = map.get(name);
- return "true".equalsIgnoreCase(s);
+ String str = map.get(name);
+ return "true".equalsIgnoreCase(str);
}
private static String getString(Map<String, String> map, String name, String dflt) {
- String s = map.get(name);
- return (s != null) ? s : dflt;
+ String str = map.get(name);
+ return (str != null) ? str : dflt;
}
private static int getInt(Map<String, String> map, String name, int dflt) {
try {
- String s = map.get(name);
- return Integer.parseInt(s);
+ String str = map.get(name);
+ return Integer.parseInt(str);
} catch (NumberFormatException e) {
return dflt;
}
private static Set<String> getSet(Map<String, String> map, String name) {
Set<String> set = new HashSet<>();
- String s = map.get(name);
- if (s != null) {
- String[] pp = s.split("\\|");
+ String str = map.get(name);
+ if (str != null) {
+ String[] pp = str.split("\\|");
if (pp != null) {
for (String t : pp) {
String t2 = t.trim();
this("", "1.0");
}
- ContentHeader(String t, String v) {
- type = t.trim();
- map.put("version", v);
+ ContentHeader(String headertype, String version) {
+ type = headertype.trim();
+ map.put("version", version);
}
public String getType() {
}
String getAttribute(String key) {
- String s = map.get(key);
- if (s == null) {
- s = "";
+ String str = map.get(key);
+ if (str == null) {
+ str = "";
}
- return s;
+ return str;
}
}
*/
ContentHeader getContentHeader(HttpServletRequest req) {
ContentHeader ch = new ContentHeader();
- String s = req.getHeader("Content-Type");
- if (s != null) {
- String[] pp = s.split(";");
+ String str = req.getHeader("Content-Type");
+ if (str != null) {
+ String[] pp = str.split(";");
ch.type = pp[0].trim();
for (int i = 1; i < pp.length; i++) {
int ix = pp[i].indexOf('=');
if (ix > 0) {
- String k = pp[i].substring(0, ix).trim();
- String v = pp[i].substring(ix + 1).trim();
- ch.map.put(k, v);
+ String type = pp[i].substring(0, ix).trim();
+ String version = pp[i].substring(ix + 1).trim();
+ ch.map.put(type, version);
} else {
ch.map.put(pp[i].trim(), "");
}
@Override
public String getFeedOwner(String feedId) {
try {
- int n = Integer.parseInt(feedId);
- Feed f = Feed.getFeedById(n);
- if (f != null) {
- return f.getPublisher();
+ int intID = Integer.parseInt(feedId);
+ Feed feed = Feed.getFeedById(intID);
+ if (feed != null) {
+ return feed.getPublisher();
}
} catch (NumberFormatException e) {
// ignore
@Override
public String getFeedClassification(String feedId) {
try {
- int n = Integer.parseInt(feedId);
- Feed f = Feed.getFeedById(n);
- if (f != null) {
- return f.getAuthorization().getClassification();
+ int intID = Integer.parseInt(feedId);
+ Feed feed = Feed.getFeedById(intID);
+ if (feed != null) {
+ return feed.getAuthorization().getClassification();
}
} catch (NumberFormatException e) {
// ignore
@Override
public String getSubscriptionOwner(String subId) {
try {
- int n = Integer.parseInt(subId);
- Subscription s = Subscription.getSubscriptionById(n);
- if (s != null) {
- return s.getSubscriber();
+ int intID = Integer.parseInt(subId);
+ Subscription sub = Subscription.getSubscriptionById(intID);
+ if (sub != null) {
+ return sub.getSubscriber();
}
} catch (NumberFormatException e) {
// ignore
private boolean isUserMemberOfGroup(Group group, String user) {
String groupDetails = group.getMembers().replace("]", "").replace("[", "");
- String[] s = groupDetails.split("},");
+ String[] str = groupDetails.split("},");
- for (String value : s) {
+ for (String value : str) {
JSONObject jsonObj;
try {
jsonObj = new JSONObject(value + "}");
@Override
public String getGroupByFeedGroupId(String owner, String feedId) {
try {
- Feed f = Feed.getFeedById(Integer.parseInt(feedId));
- if (f != null) {
- int groupid = f.getGroupid();
+ Feed feed = Feed.getFeedById(Integer.parseInt(feedId));
+ if (feed != null) {
+ int groupid = feed.getGroupid();
if (groupid > 0) {
Group group = Group.getGroupById(groupid);
if (group != null && isUserMemberOfGroup(group, owner)) {
@Override
public String getGroupBySubGroupId(String owner, String subId) {
try {
- int n = Integer.parseInt(subId);
- Subscription s = Subscription.getSubscriptionById(n);
- if (s != null) {
- int groupid = s.getGroupid();
+ int intID = Integer.parseInt(subId);
+ Subscription sub = Subscription.getSubscriptionById(intID);
+ if (sub != null) {
+ int groupid = sub.getGroupid();
if (groupid > 0) {
Group group = Group.getGroupById(groupid);
if (group != null && isUserMemberOfGroup(group, owner)) {
*/
String getFeedPermission(String aafInstance, String userAction) {
try {
- Properties props = (new DB()).getProperties();
+ Properties props = ProvRunner.getProvProperties();
String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
String action;
switch (userAction) {
/*
* AAF changes: TDP EPIC US# 307413
- * @Method - getSubscriberPermission - Forming permission string for subscription part to check AAF access in CADI Framework
+ * @Method - getSubscriberPermission - Forming permission string for subscription part to check
+ * AAF access in CADI Framework
* @Params - aafInstance Passing aafInstance as it's used in permission string
* @Params - userAction Passing CONST values to set different actions in permission string
*/
String getSubscriberPermission(String aafInstance, String userAction) {
try {
- Properties props = (new DB()).getProperties();
+ Properties props = ProvRunner.getProvProperties();
String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB);
String action;
switch (userAction) {
Code Review / dmaap / datarouter.git / blobdiff