From da7323ca54971da34b0f18da7463e408951f67f2 Mon Sep 17 00:00:00 2001 From: Sri Balaji Marripud Date: Wed, 9 Dec 2020 12:57:59 -0500 Subject: [PATCH] Password Encrypted in portal schedular.prop Issue-ID: PORTAL-1045 Change-Id: Iecb72f31ec930907fd0e18b363a2ef99c5a0edd2 Signed-off-by: Sri Balaji Marripud --- .../portal/scheduler/SchedulerRestInterface.java | 80 ++++++++++++---------- .../portal/scheduler/client/HttpsBasicClient.java | 14 +++- .../portal/service/EPAppCommonServiceImpl.java | 9 ++- .../main/webapp/WEB-INF/conf/scheduler.properties | 8 +-- 4 files changed, 68 insertions(+), 43 deletions(-) diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java index 0f6f3cea..6b4319ed 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInterface.java @@ -54,6 +54,10 @@ import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum; import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.scheduler.restobjects.RestObject; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; +import org.onap.portalsdk.core.onboarding.util.CipherUtil; +import org.onap.portalsdk.core.onboarding.util.KeyConstants; +import org.onap.portalsdk.core.onboarding.util.KeyProperties; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; import org.springframework.web.client.HttpClientErrorException; @@ -70,8 +74,8 @@ import lombok.NoArgsConstructor; public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { private static final String APPLICATION_JSON = "application/json"; private static final String PASSWORD_IS_EMPTY = "Password is Empty"; - private static final String HTTP_CLIENT_ERROR = " HttpClientErrorException: Exception For the POST ." - + " MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON"; + private static final String HTTP_CLIENT_ERROR = " HttpClientErrorException: Exception For the POST ." + + " MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON"; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerRestInterface.class); private static WebClient client = null; @@ -85,7 +89,7 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { // Register an adapter to manage the date types as long values builder.registerTypeAdapter(Date.class, - (JsonDeserializer) (json, typeOfT, context) -> new Date(json.getAsJsonPrimitive().getAsLong())); + (JsonDeserializer) (json, typeOfT, context) -> new Date(json.getAsJsonPrimitive().getAsLong())); gson = builder.create(); } @@ -96,7 +100,7 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { init(); final String username; - final String password; + String password; /* Setting user name based on properties */ String retrievedUsername = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULER_USER_NAME_VAL); @@ -111,11 +115,15 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { if (retrievedPassword.isEmpty()) { password = StringUtils.EMPTY; } else { - if (retrievedPassword.contains("OBF:")) { - password = Password.deobfuscate(retrievedPassword); - } else { + + try { + password = CipherUtil.decryptPKC(retrievedPassword, + KeyProperties.getProperty(KeyConstants.CIPHER_ENCRYPTION_KEY)); + } catch (CipherUtilException e) { + logger.error(EELFLoggerDelegate.errorLogger, "failed to decrypt; Using as is", e); password = retrievedPassword; } + } try { if (StringUtils.isBlank(password)) { @@ -131,28 +139,29 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { commonHeaders = new MultivaluedHashMap<>(); commonHeaders.put("Authorization", Collections.singletonList(("Basic " + authStringEnc))); - // try { - // if (!username.isEmpty()) { + // try { + // if (!username.isEmpty()) { // - // client = HttpBasicClient.getClient(); - // } else { + // client = HttpBasicClient.getClient(); + // } else { // - // client = HttpsBasicClient.getClient(); - // } - // } catch (Exception e) { - // logger.debug(EELFLoggerDelegate.debugLogger, "Unable to initialize rest client",e.getMessage()); + // client = HttpsBasicClient.getClient(); + // } + // } catch (Exception e) { + // logger.debug(EELFLoggerDelegate.debugLogger, "Unable to initialize rest + // client",e.getMessage()); // - // } - + // } + client = WebClient.create(URI); client.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON); - //client.path(""); + // client.path(""); client.headers(commonHeaders); - + logger.debug(EELFLoggerDelegate.debugLogger, "Client Initialized"); - - } + } + @SuppressWarnings("unchecked") public void Get(T t, String sourceId, String path, org.onap.portalapp.portal.scheduler.restobjects.RestObject restObject) { @@ -163,12 +172,13 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { logger.debug(EELFLoggerDelegate.debugLogger, "URL FOR GET : ", url); try { initRestClient(url); - - - //final Response cres = client.target(url).request().accept(APPLICATION_JSON).headers(commonHeaders).get(); - final ResponseImpl cres = (ResponseImpl)client.get(); - logger.debug(EELFLoggerDelegate.debugLogger, "The implemenation class of Response : ", cres.getClass().getName()); + // final Response cres = + // client.target(url).request().accept(APPLICATION_JSON).headers(commonHeaders).get(); + final ResponseImpl cres = (ResponseImpl) client.get(); + + logger.debug(EELFLoggerDelegate.debugLogger, "The implemenation class of Response : ", + cres.getClass().getName()); int status = cres.getStatus(); restObject.setStatusCode(status); @@ -196,12 +206,12 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { restObject.set(t); } } catch (HttpClientErrorException e) { - String message = String.format( - HTTP_CLIENT_ERROR, methodName, url); + String message = String.format(HTTP_CLIENT_ERROR, methodName, url); logger.error(EELFLoggerDelegate.errorLogger, message, e); EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value()); } catch (Exception e) { - String message = String.format("Exception For the POST . MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON", methodName, url); + String message = String.format( + "Exception For the POST . MethodName: %APPLICATION_JSON, Url: %APPLICATION_JSON", methodName, url); logger.error(EELFLoggerDelegate.errorLogger, message, e); EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value()); @@ -224,7 +234,7 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { initRestClient(url); // Change the content length - final ResponseImpl cres = (ResponseImpl)client.post(requestDetails.toJSONString()); + final ResponseImpl cres = (ResponseImpl) client.post(requestDetails.toJSONString()); if (cres != null && cres.getEntity() != null) { @@ -253,19 +263,18 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { logger.debug(EELFLoggerDelegate.debugLogger, message); } else { - String message = String.format(" FAILED with http status . MethodName: %APPLICATION_JSON, Status: %APPLICATION_JSON, Url: %APPLICATION_JSON", + String message = String.format( + " FAILED with http status . MethodName: %APPLICATION_JSON, Status: %APPLICATION_JSON, Url: %APPLICATION_JSON", methodName, status, url); logger.debug(EELFLoggerDelegate.debugLogger, message); } } catch (HttpClientErrorException e) { - String message = String.format( - HTTP_CLIENT_ERROR, methodName, url); + String message = String.format(HTTP_CLIENT_ERROR, methodName, url); logger.error(EELFLoggerDelegate.errorLogger, message, e); EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value()); } catch (Exception e) { - String message = String.format( - HTTP_CLIENT_ERROR, methodName, url); + String message = String.format(HTTP_CLIENT_ERROR, methodName, url); logger.error(EELFLoggerDelegate.errorLogger, message, e); EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value()); throw e; @@ -277,5 +286,4 @@ public class SchedulerRestInterface implements SchedulerRestInterfaceIfc { throw new UnsupportedOperationException(); } - } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java index c79d6c05..3360104c 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java @@ -58,6 +58,10 @@ import org.onap.portalapp.portal.scheduler.SchedulerProperties; import org.onap.portalapp.portal.scheduler.util.CustomJacksonJaxBJsonProvider; import org.onap.portalapp.util.DateUtil; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; +import org.onap.portalsdk.core.onboarding.util.CipherUtil; +import org.onap.portalsdk.core.onboarding.util.KeyConstants; +import org.onap.portalsdk.core.onboarding.util.KeyProperties; /** * General SSL client using the VID tomcat keystore. It doesn't use client certificates. @@ -93,7 +97,15 @@ public class HttpsBasicClient{ String truststorePassword = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_PASSWD_X); - String decryptedTruststorePassword = Password.deobfuscate(truststorePassword); + String decryptedTruststorePassword = null; + try { + decryptedTruststorePassword = CipherUtil.decryptPKC(truststorePassword, KeyProperties.getProperty(KeyConstants.CIPHER_ENCRYPTION_KEY)); + } + catch (CipherUtilException e) { + logger.error(EELFLoggerDelegate.errorLogger, "failed to decrypt; Using as is", e); + decryptedTruststorePassword = truststorePassword; + } + //logger.debug(dateFormat.format(new Date()) + " " + methodName + " decrypted_truststore_password=" + decrypted_truststore_password); File tr = new File (truststorePath); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java index 53b85183..cec4f419 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java @@ -115,6 +115,8 @@ import com.att.nsa.cambria.client.CambriaClient.CambriaApiException; import com.att.nsa.cambria.client.CambriaClientBuilders; import com.att.nsa.cambria.client.CambriaIdentityManager; import com.att.nsa.cambria.client.CambriaTopicManager; +import java.security.SecureRandom; + public class EPAppCommonServiceImpl implements EPAppService { @@ -206,6 +208,8 @@ public class EPAppCommonServiceImpl implements EPAppService { return fieldsValidator; } + + @Override public List getUserAsAdminApps(EPUser user) { if (adminRolesService.isAccountAdmin(user)) { @@ -1639,11 +1643,12 @@ public class EPAppCommonServiceImpl implements EPAppService { protected String constructImageName(OnboardingApp onboardingApp) { String appLandingPageURL = onboardingApp.getLandingPage(); + SecureRandom rand = new SecureRandom(); if(appLandingPageURL == null) { appLandingPageURL = ""; } - return "portal_" + String.valueOf(appLandingPageURL.hashCode() + "_" + (int) (Math.random() * 100000.0)) - + ".png"; + return "portal_" + String.valueOf(appLandingPageURL.hashCode() + "_" + rand.nextInt(100000)) + + ".png"; } // Don't encrypt or decrypt the password if it is null or the empty string diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties index ce52554c..34a4da89 100644 --- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties +++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/scheduler.properties @@ -39,23 +39,23 @@ ##scheduler authentication credentials scheduler.user.name=test1 -scheduler.password=test2 +scheduler.password=ybAJqWgt80miu7DqqrgvnfrS5eOLqYcrbmWScQsGThg= #scheduler properties scheduler.server.url=http://mtanjv9sdlg10.aic.cip.onap.com:8989/scheduler scheduler.create.new.vnf.change.instance=/v1/ChangeManagement/schedules/ scheduler.get.time.slots=/v1/ChangeManagement/schedules/ scheduler.submit.new.vnf.change=/v1/ChangeManagement/schedules/{scheduleId}/approvals vid.truststore.filename=C:\\Temp\\vid_keystore.jks -vid.truststore.passwd.x=OBF:1wgg1wfq1uus1uui1x131x0r1x1v1x1j1uvo1uve1wg81wfi +vid.truststore.passwd.x=rtImmgTrIcS4XeO7njFerYdMHYeSSw66XpiqJwVd558= #scheduler-policy properties policy.server.url=https://policypdp-conexus-e2e.ecomp.cci.onap.com:8081/pdp policy.get.config=/api/getConfig policy.ClientAuth=UHlQRFBTZXJ2ZXI6dGVzdA== policy.client.mechId=m06814@controller.dcae.ecomp.onap.com -policy.client.password=OBF:1ffu1qvu1t2z1l161fuk1i801nz91ro41xf71xfv1rqi1nx51i7y1fuq1kxw1t371qxw1fh0 +policy.client.password=tq4kmgERjAlIt43IPm8WmqeRrBpH8VnLqYbTNNd8D6I4HyrI8oEoNJ2U6uiawA++ policy.username=testpdp -policy.password=OBF:1igd1kft1l1a1sw61svs1kxs1kcl1idt +policy.password=GcbRxrKsHAkIqOn9AHhtrPZ0Sb7ERvn2YOAjWKgSqOk= policy.Authorization=dGVzdHBkcDphbHBoYTEyMw== policy.environment=TEST -- 2.16.6