added encryption

7ac714b8 · Spiros Koulouzis · c89d2adb · 7ac714b8 · 7ac714b8 · 7ac714b8
Commit 7ac714b8 authored Jun 05, 2020 by Spiros Koulouzis
6 changed files
--- a/commons/src/main/java/nl/uva/sne/drip/commons/utils/Converter.java
+++ b/commons/src/main/java/nl/uva/sne/drip/commons/utils/Converter.java
@@ -41,6 +41,7 @@ import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 import java.util.zip.ZipOutputStream;
@@ -49,6 +50,7 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.SecretKeySpec;
+import nl.uva.sne.drip.model.tosca.Credential;
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.springframework.web.multipart.MultipartFile;
@@ -191,4 +193,37 @@ public class Converter {
        return new SecretKeySpec(key, "AES");
    }

+    public static Credential encryptCredential(Credential credential, String credentialSecret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+        Map<String, String> credKeys = credential.getKeys();
+        Set<String> keySet = credKeys.keySet();
+        for (String key : keySet) {
+            String credKey = credKeys.get(key);
+            if (credKey != null) {
+                credKeys.put(key, encryptString(credKey, credentialSecret));
+            }
+        }
+        String token = credential.getToken();
+        if (token != null) {
+            credential.setToken(encryptString(token, credentialSecret));
+        }
+        return credential;
+    }
+
+    public static Credential dencryptCredential(Credential credential, String credentialSecret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+        Map<String, String> credKeys = credential.getKeys();
+        Set<String> keySet = credKeys.keySet();
+        for (String key : keySet) {
+            String credKey = credKeys.get(key);
+            if (credKey != null) {
+                credKeys.put(key, decryptString(credKey, credentialSecret));
+            }
+        }
+        String token = credential.getToken();
+        if (token != null) {
+            credential.setToken(decryptString(token, credentialSecret));
+        }
+        return credential;
+    }
+
 }
--- a/k8s/CONF/deployer-deployment.yaml
+++ b/k8s/CONF/deployer-deployment.yaml
@@ -34,7 +34,9 @@ spec:
        - name: SURE_TOSCA_BASE_PATH
          value: http://sure-tosca:8081/tosca-sure/1.0.0
        - name: SEMAPHORE_BASE_PATH
-          value: http://semaphore:3000/api       
+          value: http://semaphore:3000/api     
+        - name: CREDENTIAL_SECRET
+          value: top_secret          
        image: qcdis/deployer:3.0.0
        name: deployer
        imagePullPolicy: Always

--- a/k8s/CONF/manager-deployment.yaml
+++ b/k8s/CONF/manager-deployment.yaml
@@ -35,6 +35,8 @@ spec:
          value: rabbit
        - name: SURE_TOSCA_BASE_PATH
          value: http://sure-tosca:8081/tosca-sure/1.0.0
+        - name: CREDENTIAL_SECRET
+          value: top_secret
        image: qcdis/manager:3.0.0
        name: manager
        imagePullPolicy: Always

--- a/provisioner/Dockerfile
+++ b/provisioner/Dockerfile
@@ -10,6 +10,7 @@ CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties &
    ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \
    echo "cloud.storm.secret=$ENCRYPTION_PASSWORD" >> application.properties && \
    echo "cloud.storm.db.path=/etc/UD" >> application.properties && \
+    echo "credential.secret=$CREDENTIAL_SECRET" >> application.properties && \
    cat application.properties && \
    jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
    sleep 5 && \

--- a/provisioner/src/main/java/nl/uva/sne/drip/provisioner/CloudStormService.java
+++ b/provisioner/src/main/java/nl/uva/sne/drip/provisioner/CloudStormService.java
@@ -69,6 +69,7 @@ import topology.analysis.TopologyAnalysisMain;
 class CloudStormService {

    private String secret;
+    private String credentialSecret;

    /**
     * @return the helper
@@ -117,6 +118,11 @@ class CloudStormService {
        if (secret == null) {
            throw new NullPointerException("secret cannot be null");
        }
+        credentialSecret = properties.getProperty("credential.secret");
+        if (credentialSecret == null) {
+            throw new NullPointerException("secret cannot be null");
+        }
+
        Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath);
        this.helper = new ToscaHelper(sureToscaBasePath);
        this.helper.uploadToscaTemplate(toscaTemplate);
@@ -138,7 +144,7 @@ class CloudStormService {
                String encryptedFileContents = (String) provisionedFiles.get("file_contents");
                if (encryptedFileContents != null) {
                    File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX);
-                    String fileContentsBase64 = Converter.decryptString(encryptedFileContents,secret);
+                    String fileContentsBase64 = Converter.decryptString(encryptedFileContents, secret);
                    Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath());
                    Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath());

@@ -295,6 +301,7 @@ class CloudStormService {
        int i = 0;
        for (NodeTemplateMap vmTopologyMap : vmTopologiesMaps) {
            Credential toscaCredentials = getHelper().getCredentialsFromVMTopology(vmTopologyMap);
+            toscaCredentials = Converter.dencryptCredential(toscaCredentials, credentialSecret);
            CloudCred cloudStormCredential = new CloudCred();
            cloudStormCredential.setCloudProvider(toscaCredentials.getCloudProviderName());
            String credInfoFile = toscaCredentials.getCloudProviderName() + i + ".yml";
@@ -429,7 +436,7 @@ class CloudStormService {
        Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath);

        String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath);
-        String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64,secret);
+        String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64, secret);
        provisionedFiles.put("file_contents", encryptedCloudStormZipFileContents);
        provisionedFiles.put("encoding", "base64");
        provisionedFiles.put("file_ext", "zip");

--- a/provisioner/src/main/resources/application.properties
+++ b/provisioner/src/main/resources/application.properties
@@ -6,4 +6,5 @@ message.broker.queue.planner=planner
 message.broker.queue.deployer=deployer
 sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
 cloud.storm.db.path=etc/UD
-cloud.storm.secret=top_secret
\ No newline at end of file
+cloud.storm.secret=top_secret
+credential.secret=top_secret
\ No newline at end of file