import com.att.eelf.configuration.EELFManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.DB;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
+import org.onap.dmaap.datarouter.provisioning.utils.Poker;
+import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter;
import org.slf4j.MDC;
public static final String SUBFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-full; version=2.0";
static final String SUBLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-list; version=1.0";
-
//Adding groups functionality, ...1610
static final String GROUP_BASECONTENT_TYPE = "application/vnd.dmaap-dr.group";
static final String GROUP_CONTENT_TYPE = "application/vnd.dmaap-dr.group; version=2.0";
static final String GROUPFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.group-full; version=2.0";
public static final String GROUPLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.fegrouped-list; version=1.0";
-
public static final String LOGLIST_CONTENT_TYPE = "application/vnd.dmaap-dr.log-list; version=1.0";
public static final String PROVFULL_CONTENT_TYPE1 = "application/vnd.dmaap-dr.provfeed-full; version=1.0";
public static final String PROVFULL_CONTENT_TYPE2 = "application/vnd.dmaap-dr.provfeed-full; version=2.0";
public static final String CERT_ATTRIBUTE = "javax.servlet.request.X509Certificate";
static final String DB_PROBLEM_MSG = "There has been a problem with the DB. It is suggested you "
- + "try the operation again.";
+ + "try the operation again.";
private static final int DEFAULT_MAX_FEEDS = 10000;
private static final int DEFAULT_MAX_SUBS = 100000;
private static final int DEFAULT_POKETIMER1 = 5;
private static final int DEFAULT_POKETIMER2 = 30;
- private static final String DEFAULT_DOMAIN = "onap";
private static final String DEFAULT_PROVSRVR_NAME = "dmaap-dr-prov";
//Common Errors
public static final String API = "/api/";
static final String LOGS = "/logs/";
- static final String TEXT_CT = "text/plain";
+ public static final String TEXT_CT = "text/plain";
static final String INGRESS = "/ingress/";
static final String EGRESS = "/egress/";
static final String NETWORK = "/network/";
static final String START_TIME = "start_time";
static final String END_TIME = "end_time";
static final String REASON_SQL = "reasonSQL";
-
+ static final String JSON_HASH_STRING = "password";
/**
* A boolean to trigger one time "provisioning changed" event on startup.
*/
static int activeSubs = 0;
- /**
- * The domain used to generate a FQDN from the "bare" node names.
- */
- private static String provDomain = "web.att.com";
-
/**
* The standard FQDN of the provisioning server in this Data Router ecosystem.
*/
private InetAddress loopback;
//DMAAP-597 (Tech Dept) REST request source IP auth relaxation to accommodate OOM kubernetes deploy
- private static String isAddressAuthEnabled = (new DB()).getProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
+ private static String isAddressAuthEnabled = ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
- static String isCadiEnabled = (new DB()).getProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
+ static String isCadiEnabled = ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
/**
* Initialize data common to all the provisioning server servlets.
*/
protected BaseServlet() {
+ setUpFields();
+ if (authz == null) {
+ authz = new ProvAuthorizer(this);
+ }
+ String name = this.getClass().getName();
+ intlogger.info("PROV0002 Servlet " + name + " started.");
+ }
+
+ private static void setUpFields() {
if (eventlogger == null) {
eventlogger = EELFManager.getInstance().getLogger("EventLog");
}
if (intlogger == null) {
intlogger = EELFManager.getInstance().getLogger("InternalLog");
}
- if (authz == null) {
- authz = new ProvAuthorizer(this);
- }
if (startmsgFlag) {
startmsgFlag = false;
provisioningParametersChanged();
if (synctask == null) {
synctask = SynchronizerTask.getSynchronizer();
}
- String name = this.getClass().getName();
- intlogger.info("PROV0002 Servlet " + name + " started.");
}
@Override
try {
jo = new JSONObject(new JSONTokener(req.getInputStream()));
if (intlogger.isDebugEnabled()) {
- intlogger.debug("JSON: " + jo.toString());
+ intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString());
}
} catch (Exception e) {
intlogger.info("Error reading JSON: " + e);
return jo;
}
- /**
- * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation
- * header object in request before logging the JSON.
- *
- * @param jo the JSON passed in http request.
- * @param maskKey the key to be masked in the JSON passed.
- * @param action whether to mask the key or unmask it in a JSON passed.
- * @return the JSONObject, or null if the stream cannot be parsed.
- */
- static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) {
+ public static JSONObject hashPasswords(JSONObject jo) {
if (!jo.isNull("authorization")) {
JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids");
for (int index = 0; index < endpointIds.length(); index++) {
- if ((!endpointIds.getJSONObject(index).isNull(maskKey))) {
- String password = endpointIds.getJSONObject(index).get(maskKey).toString();
- processPassword(maskKey, action, endpointIds, index, password);
+ if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) {
+ String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString();
+ processPassword(endpointIds, index, password);
}
}
}
+ if (!jo.isNull("delivery")) {
+ JSONObject deliveryObj = jo.getJSONObject("delivery");
+ String password = deliveryObj.get(JSON_HASH_STRING).toString();
+ processPassword(deliveryObj, password);
+ }
return jo;
}
- private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index,
- String password) {
+ private static void processPassword(JSONArray endpointIds, int index, String password) {
try {
- if (action) {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password));
- } else {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password));
- }
- } catch (JSONException | GeneralSecurityException e) {
- intlogger.info("Error reading JSON while masking: " + e);
+ endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
+ }
+ }
+
+ private static void processPassword(JSONObject deliveryObj, String password) {
+ try {
+ deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
}
}
* Something has changed in the provisioning data. Start the timers that will cause the pre-packaged JSON string to
* be regenerated, and cause nodes and the other provisioning server to be notified.
*/
- static void provisioningDataChanged() {
+ public static void provisioningDataChanged() {
long now = System.currentTimeMillis();
Poker pkr = Poker.getPoker();
pkr.setTimers(now + (pokeTimer1 * 1000L), now + (pokeTimer2 * 1000L));
/**
* Something in the parameters has changed, reload all parameters from the DB.
*/
- static void provisioningParametersChanged() {
+ public static void provisioningParametersChanged() {
Map<String, String> map = Parameters.getParameters();
requireSecure = getBoolean(map, Parameters.PROV_REQUIRE_SECURE);
requireCert = getBoolean(map, Parameters.PROV_REQUIRE_CERT);
pokeTimer2 = getInt(map, Parameters.PROV_POKETIMER2, DEFAULT_POKETIMER2);
// The domain used to generate a FQDN from the "bare" node names
- provDomain = getString(map, Parameters.PROV_DOMAIN, DEFAULT_DOMAIN);
provName = getString(map, Parameters.PROV_NAME, DEFAULT_PROVSRVR_NAME);
activeProvName = getString(map, Parameters.PROV_ACTIVE_NAME, provName);
initialActivePod = getString(map, Parameters.ACTIVE_POD, "");
return provName;
}
- static String getActiveProvName() {
+ public static String getActiveProvName() {
return activeProvName;
}
*/
protected boolean doInsert(Insertable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doInsert(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0005 doInsert: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
protected boolean doUpdate(Updateable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doUpdate(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0006 doUpdate: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
protected boolean doDelete(Deleteable bean) {
boolean rv;
- DB db = new DB();
- Connection conn = null;
- try {
- conn = db.getConnection();
+ try (Connection conn = ProvDbUtils.getInstance().getConnection()) {
rv = bean.doDelete(conn);
} catch (SQLException e) {
rv = false;
intlogger.warn("PROV0007 doDelete: " + e.getMessage(), e);
- } finally {
- if (conn != null) {
- db.release(conn);
- }
}
return rv;
}
*/
String getFeedPermission(String aafInstance, String userAction) {
try {
- Properties props = (new DB()).getProperties();
+ Properties props = ProvRunner.getProvProperties();
String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
String action;
switch (userAction) {
*/
String getSubscriberPermission(String aafInstance, String userAction) {
try {
- Properties props = (new DB()).getProperties();
+ Properties props = ProvRunner.getProvProperties();
String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB);
String action;
switch (userAction) {
Code Review / dmaap / datarouter.git / blobdiff