Code Review / portal.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: a49678c)
Password Encrypted in portal schedular.prop 69/116269/2
authorSri Balaji Marripud <sri.balaji.marripud@att.com>
Wed, 9 Dec 2020 17:57:59 +0000 (12:57 -0500)
committerSri Balaji Marripud <sri.balaji.marripud@att.com>
Mon, 14 Dec 2020 19:01:08 +0000 (14:01 -0500)
Issue-ID: PORTAL-1045
Change-Id: Iecb72f31ec930907fd0e18b363a2ef99c5a0edd2
Signed-off-by: Sri Balaji Marripud <sri.balaji.marripud@att.com>
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java patch | blob | history
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java patch | blob | history
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java patch | blob | history
ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties patch | blob | history

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java
index 0f6f3ce..6b4319e 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java
@@ -54,6 +54,10 @@ import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum;
 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
 import org.onap.portalapp.portal.scheduler.restobjects.RestObject;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
+import org.onap.portalsdk.core.onboarding.util.CipherUtil;
+import org.onap.portalsdk.core.onboarding.util.KeyConstants;
+import org.onap.portalsdk.core.onboarding.util.KeyProperties;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.HttpClientErrorException;
@@ -70,8 +74,8 @@ import lombok.NoArgsConstructor;
 public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
        private static final String APPLICATION_JSON = "application/json";
        private static final String PASSWORD_IS_EMPTY = "Password is Empty";
-       private static final String HTTP_CLIENT_ERROR = " HttpClientErrorException: Exception For the POST  ." 
-                                                                                                       + " MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON";
+       private static final String HTTP_CLIENT_ERROR = " HttpClientErrorException: Exception For the POST  ."
+                       + " MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON";
 
        private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerRestInterface.class);
        private static WebClient client = null;
@@ -85,7 +89,7 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
 
                // Register an adapter to manage the date types as long values
                builder.registerTypeAdapter(Date.class,
-                       (JsonDeserializer<Date>) (json, typeOfT, context) -> new Date(json.getAsJsonPrimitive().getAsLong()));
+                               (JsonDeserializer<Date>) (json, typeOfT, context) -> new Date(json.getAsJsonPrimitive().getAsLong()));
 
                gson = builder.create();
        }
@@ -96,7 +100,7 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                init();
 
                final String username;
-               final String password;
+               String password;
 
                /* Setting user name based on properties */
                String retrievedUsername = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULER_USER_NAME_VAL);
@@ -111,11 +115,15 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                if (retrievedPassword.isEmpty()) {
                        password = StringUtils.EMPTY;
                } else {
-                       if (retrievedPassword.contains("OBF:")) {
-                               password = Password.deobfuscate(retrievedPassword);
-                       } else {
+
+                       try {
+                               password = CipherUtil.decryptPKC(retrievedPassword,
+                                               KeyProperties.getProperty(KeyConstants.CIPHER_ENCRYPTION_KEY));
+                       } catch (CipherUtilException e) {
+                               logger.error(EELFLoggerDelegate.errorLogger, "failed to decrypt; Using as is", e);
                                password = retrievedPassword;
                        }
+
                }
                try {
                        if (StringUtils.isBlank(password)) {
@@ -131,28 +139,29 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                commonHeaders = new MultivaluedHashMap<>();
                commonHeaders.put("Authorization", Collections.singletonList(("Basic " + authStringEnc)));
 
-               //              try {
-               //                      if (!username.isEmpty()) {
+               // try {
+               // if (!username.isEmpty()) {
                //
-               //                              client = HttpBasicClient.getClient();
-               //                      } else {
+               // client = HttpBasicClient.getClient();
+               // } else {
                //
-               //                              client = HttpsBasicClient.getClient();
-               //                      }
-               //              } catch (Exception e) {
-               //                      logger.debug(EELFLoggerDelegate.debugLogger, "Unable to initialize rest client",e.getMessage());
+               // client = HttpsBasicClient.getClient();
+               // }
+               // } catch (Exception e) {
+               // logger.debug(EELFLoggerDelegate.debugLogger, "Unable to initialize rest
+               // client",e.getMessage());
                //
-               //              }
-               
+               // }
+
                client = WebClient.create(URI);
                client.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON);
-               //client.path("");
+               // client.path("");
                client.headers(commonHeaders);
-                               
+
                logger.debug(EELFLoggerDelegate.debugLogger, "Client Initialized");
-               
-       }
 
+       }
+       
        @SuppressWarnings("unchecked")
        public <T> void Get(T t, String sourceId, String path,
                        org.onap.portalapp.portal.scheduler.restobjects.RestObject<T> restObject) {
@@ -163,12 +172,13 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                logger.debug(EELFLoggerDelegate.debugLogger, "URL FOR GET : ", url);
                try {
                        initRestClient(url);
-                       
-                       
-                       //final Response cres = client.target(url).request().accept(APPLICATION_JSON).headers(commonHeaders).get();
-                       final ResponseImpl cres = (ResponseImpl)client.get();
 
-                       logger.debug(EELFLoggerDelegate.debugLogger, "The implemenation class of Response : ", cres.getClass().getName());
+                       // final Response cres =
+                       // client.target(url).request().accept(APPLICATION_JSON).headers(commonHeaders).get();
+                       final ResponseImpl cres = (ResponseImpl) client.get();
+
+                       logger.debug(EELFLoggerDelegate.debugLogger, "The implemenation class of Response : ",
+                                       cres.getClass().getName());
                        int status = cres.getStatus();
                        restObject.setStatusCode(status);
 
@@ -196,12 +206,12 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                                restObject.set(t);
                        }
                } catch (HttpClientErrorException e) {
-                       String message = String.format(
-                                       HTTP_CLIENT_ERROR, methodName, url);
+                       String message = String.format(HTTP_CLIENT_ERROR, methodName, url);
                        logger.error(EELFLoggerDelegate.errorLogger, message, e);
                        EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value());
                } catch (Exception e) {
-                       String message = String.format("Exception For the POST . MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON", methodName, url);
+                       String message = String.format(
+                                       "Exception For the POST . MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON", methodName, url);
 
                        logger.error(EELFLoggerDelegate.errorLogger, message, e);
                        EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value());
@@ -224,7 +234,7 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                        initRestClient(url);
 
                        // Change the content length
-                       final ResponseImpl cres = (ResponseImpl)client.post(requestDetails.toJSONString());
+                       final ResponseImpl cres = (ResponseImpl) client.post(requestDetails.toJSONString());
 
                        if (cres != null && cres.getEntity() != null) {
 
@@ -253,19 +263,18 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                                logger.debug(EELFLoggerDelegate.debugLogger, message);
 
                        } else {
-                               String message = String.format(" FAILED with http status  . MethodName: %APPLICATION_JSON, Status: %APPLICATION_JSON, Url: %APPLICATION_JSON",
+                               String message = String.format(
+                                               " FAILED with http status  . MethodName: %APPLICATION_JSON, Status: %APPLICATION_JSON, Url: %APPLICATION_JSON",
                                                methodName, status, url);
                                logger.debug(EELFLoggerDelegate.debugLogger, message);
                        }
 
                } catch (HttpClientErrorException e) {
-                       String message = String.format(
-                                       HTTP_CLIENT_ERROR, methodName, url);
+                       String message = String.format(HTTP_CLIENT_ERROR, methodName, url);
                        logger.error(EELFLoggerDelegate.errorLogger, message, e);
                        EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value());
                } catch (Exception e) {
-                       String message = String.format(
-                                       HTTP_CLIENT_ERROR, methodName, url);
+                       String message = String.format(HTTP_CLIENT_ERROR, methodName, url);
                        logger.error(EELFLoggerDelegate.errorLogger, message, e);
                        EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value());
                        throw e;
@@ -277,5 +286,4 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc {
                throw new UnsupportedOperationException();
        }
 
-
 }
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java
index c79d6c0..3360104 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java
@@ -58,6 +58,10 @@ import org.onap.portalapp.portal.scheduler.SchedulerProperties;
 import org.onap.portalapp.portal.scheduler.util.CustomJacksonJaxBJsonProvider;
 import org.onap.portalapp.util.DateUtil;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
+import org.onap.portalsdk.core.onboarding.util.CipherUtil;
+import org.onap.portalsdk.core.onboarding.util.KeyConstants;
+import org.onap.portalsdk.core.onboarding.util.KeyProperties;
 
  /**
   *  General SSL client using the VID tomcat keystore. It doesn't use client certificates.
@@ -93,7 +97,15 @@ public class HttpsBasicClient{
                        String truststorePassword = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_PASSWD_X);
                        
                        
-                       String decryptedTruststorePassword = Password.deobfuscate(truststorePassword);
+                       String decryptedTruststorePassword = null;
+                       try {
+                                       decryptedTruststorePassword = CipherUtil.decryptPKC(truststorePassword, KeyProperties.getProperty(KeyConstants.CIPHER_ENCRYPTION_KEY));
+                               } 
+                       catch (CipherUtilException e) {
+                               logger.error(EELFLoggerDelegate.errorLogger, "failed to decrypt; Using as is", e);
+                               decryptedTruststorePassword = truststorePassword;
+                       }
+
                        //logger.debug(dateFormat.format(new Date()) + " " + methodName + " decrypted_truststore_password=" + decrypted_truststore_password);
                        
                        File tr = new File (truststorePath);
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java
index 53b8518..cec4f41 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java
@@ -115,6 +115,8 @@ import com.att.nsa.cambria.client.CambriaClient.CambriaApiException;
 import com.att.nsa.cambria.client.CambriaClientBuilders;
 import com.att.nsa.cambria.client.CambriaIdentityManager;
 import com.att.nsa.cambria.client.CambriaTopicManager;
+import java.security.SecureRandom;
+
 
 public class EPAppCommonServiceImpl implements EPAppService {
 
@@ -206,6 +208,8 @@ public class EPAppCommonServiceImpl implements EPAppService {
                return fieldsValidator;
        }
 
+       
+       
        @Override
        public List<EPApp> getUserAsAdminApps(EPUser user) {
                if (adminRolesService.isAccountAdmin(user)) {
@@ -1639,11 +1643,12 @@ public class EPAppCommonServiceImpl implements EPAppService {
 
        protected String constructImageName(OnboardingApp onboardingApp) {
                String appLandingPageURL = onboardingApp.getLandingPage();
+               SecureRandom rand = new SecureRandom();
                if(appLandingPageURL == null) {
                        appLandingPageURL = "";
                }
-               return "portal_" + String.valueOf(appLandingPageURL.hashCode() + "_" + (int) (Math.random() * 100000.0))
-                               + ".png";
+                return "portal_" + String.valueOf(appLandingPageURL.hashCode() + "_" +  rand.nextInt(100000))
+         + ".png";
        }
 
        // Don't encrypt or decrypt the password if it is null or the empty string
diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties
index ce52554..34a4da8 100644 (file)
--- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties
+++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties
@@ -39,23 +39,23 @@
 
 ##scheduler authentication credentials
 scheduler.user.name=test1
-scheduler.password=test2
+scheduler.password=ybAJqWgt80miu7DqqrgvnfrS5eOLqYcrbmWScQsGThg=
 #scheduler properties
 scheduler.server.url=http://mtanjv9sdlg10.aic.cip.onap.com:8989/scheduler
 scheduler.create.new.vnf.change.instance=/v1/ChangeManagement/schedules/
 scheduler.get.time.slots=/v1/ChangeManagement/schedules/
 scheduler.submit.new.vnf.change=/v1/ChangeManagement/schedules/{scheduleId}/approvals
 vid.truststore.filename=C:\\Temp\\vid_keystore.jks
-vid.truststore.passwd.x=OBF:1wgg1wfq1uus1uui1x131x0r1x1v1x1j1uvo1uve1wg81wfi
+vid.truststore.passwd.x=rtImmgTrIcS4XeO7njFerYdMHYeSSw66XpiqJwVd558=
 
 #scheduler-policy properties
 policy.server.url=https://policypdp-conexus-e2e.ecomp.cci.onap.com:8081/pdp
 policy.get.config=/api/getConfig
 policy.ClientAuth=UHlQRFBTZXJ2ZXI6dGVzdA==
 policy.client.mechId=m06814@controller.dcae.ecomp.onap.com
-policy.client.password=OBF:1ffu1qvu1t2z1l161fuk1i801nz91ro41xf71xfv1rqi1nx51i7y1fuq1kxw1t371qxw1fh0
+policy.client.password=tq4kmgERjAlIt43IPm8WmqeRrBpH8VnLqYbTNNd8D6I4HyrI8oEoNJ2U6uiawA++
 policy.username=testpdp
-policy.password=OBF:1igd1kft1l1a1sw61svs1kxs1kcl1idt
+policy.password=GcbRxrKsHAkIqOn9AHhtrPZ0Sb7ERvn2YOAjWKgSqOk=
 policy.Authorization=dGVzdHBkcDphbHBoYTEyMw==
 policy.environment=TEST
 
ARCHIVED- 2022-02-15 at the request of the project