Commit 7ac714b8 authored by Spiros Koulouzis's avatar Spiros Koulouzis

added encryption

parent c89d2adb
...@@ -41,6 +41,7 @@ import java.util.Enumeration; ...@@ -41,6 +41,7 @@ import java.util.Enumeration;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
import java.util.zip.ZipEntry; import java.util.zip.ZipEntry;
import java.util.zip.ZipFile; import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream; import java.util.zip.ZipOutputStream;
...@@ -49,6 +50,7 @@ import javax.crypto.Cipher; ...@@ -49,6 +50,7 @@ import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException; import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import nl.uva.sne.drip.model.tosca.Credential;
import org.json.JSONException; import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
...@@ -191,4 +193,37 @@ public class Converter { ...@@ -191,4 +193,37 @@ public class Converter {
return new SecretKeySpec(key, "AES"); return new SecretKeySpec(key, "AES");
} }
public static Credential encryptCredential(Credential credential, String credentialSecret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Map<String, String> credKeys = credential.getKeys();
Set<String> keySet = credKeys.keySet();
for (String key : keySet) {
String credKey = credKeys.get(key);
if (credKey != null) {
credKeys.put(key, encryptString(credKey, credentialSecret));
}
}
String token = credential.getToken();
if (token != null) {
credential.setToken(encryptString(token, credentialSecret));
}
return credential;
}
public static Credential dencryptCredential(Credential credential, String credentialSecret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Map<String, String> credKeys = credential.getKeys();
Set<String> keySet = credKeys.keySet();
for (String key : keySet) {
String credKey = credKeys.get(key);
if (credKey != null) {
credKeys.put(key, decryptString(credKey, credentialSecret));
}
}
String token = credential.getToken();
if (token != null) {
credential.setToken(decryptString(token, credentialSecret));
}
return credential;
}
} }
...@@ -34,7 +34,9 @@ spec: ...@@ -34,7 +34,9 @@ spec:
- name: SURE_TOSCA_BASE_PATH - name: SURE_TOSCA_BASE_PATH
value: http://sure-tosca:8081/tosca-sure/1.0.0 value: http://sure-tosca:8081/tosca-sure/1.0.0
- name: SEMAPHORE_BASE_PATH - name: SEMAPHORE_BASE_PATH
value: http://semaphore:3000/api value: http://semaphore:3000/api
- name: CREDENTIAL_SECRET
value: top_secret
image: qcdis/deployer:3.0.0 image: qcdis/deployer:3.0.0
name: deployer name: deployer
imagePullPolicy: Always imagePullPolicy: Always
......
...@@ -35,6 +35,8 @@ spec: ...@@ -35,6 +35,8 @@ spec:
value: rabbit value: rabbit
- name: SURE_TOSCA_BASE_PATH - name: SURE_TOSCA_BASE_PATH
value: http://sure-tosca:8081/tosca-sure/1.0.0 value: http://sure-tosca:8081/tosca-sure/1.0.0
- name: CREDENTIAL_SECRET
value: top_secret
image: qcdis/manager:3.0.0 image: qcdis/manager:3.0.0
name: manager name: manager
imagePullPolicy: Always imagePullPolicy: Always
......
...@@ -10,6 +10,7 @@ CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties & ...@@ -10,6 +10,7 @@ CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties &
ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \ ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \
echo "cloud.storm.secret=$ENCRYPTION_PASSWORD" >> application.properties && \ echo "cloud.storm.secret=$ENCRYPTION_PASSWORD" >> application.properties && \
echo "cloud.storm.db.path=/etc/UD" >> application.properties && \ echo "cloud.storm.db.path=/etc/UD" >> application.properties && \
echo "credential.secret=$CREDENTIAL_SECRET" >> application.properties && \
cat application.properties && \ cat application.properties && \
jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \ jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
sleep 5 && \ sleep 5 && \
......
...@@ -69,6 +69,7 @@ import topology.analysis.TopologyAnalysisMain; ...@@ -69,6 +69,7 @@ import topology.analysis.TopologyAnalysisMain;
class CloudStormService { class CloudStormService {
private String secret; private String secret;
private String credentialSecret;
/** /**
* @return the helper * @return the helper
...@@ -117,6 +118,11 @@ class CloudStormService { ...@@ -117,6 +118,11 @@ class CloudStormService {
if (secret == null) { if (secret == null) {
throw new NullPointerException("secret cannot be null"); throw new NullPointerException("secret cannot be null");
} }
credentialSecret = properties.getProperty("credential.secret");
if (credentialSecret == null) {
throw new NullPointerException("secret cannot be null");
}
Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath); Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath);
this.helper = new ToscaHelper(sureToscaBasePath); this.helper = new ToscaHelper(sureToscaBasePath);
this.helper.uploadToscaTemplate(toscaTemplate); this.helper.uploadToscaTemplate(toscaTemplate);
...@@ -138,7 +144,7 @@ class CloudStormService { ...@@ -138,7 +144,7 @@ class CloudStormService {
String encryptedFileContents = (String) provisionedFiles.get("file_contents"); String encryptedFileContents = (String) provisionedFiles.get("file_contents");
if (encryptedFileContents != null) { if (encryptedFileContents != null) {
File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX); File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX);
String fileContentsBase64 = Converter.decryptString(encryptedFileContents,secret); String fileContentsBase64 = Converter.decryptString(encryptedFileContents, secret);
Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath()); Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath());
Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath()); Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath());
...@@ -295,6 +301,7 @@ class CloudStormService { ...@@ -295,6 +301,7 @@ class CloudStormService {
int i = 0; int i = 0;
for (NodeTemplateMap vmTopologyMap : vmTopologiesMaps) { for (NodeTemplateMap vmTopologyMap : vmTopologiesMaps) {
Credential toscaCredentials = getHelper().getCredentialsFromVMTopology(vmTopologyMap); Credential toscaCredentials = getHelper().getCredentialsFromVMTopology(vmTopologyMap);
toscaCredentials = Converter.dencryptCredential(toscaCredentials, credentialSecret);
CloudCred cloudStormCredential = new CloudCred(); CloudCred cloudStormCredential = new CloudCred();
cloudStormCredential.setCloudProvider(toscaCredentials.getCloudProviderName()); cloudStormCredential.setCloudProvider(toscaCredentials.getCloudProviderName());
String credInfoFile = toscaCredentials.getCloudProviderName() + i + ".yml"; String credInfoFile = toscaCredentials.getCloudProviderName() + i + ".yml";
...@@ -429,7 +436,7 @@ class CloudStormService { ...@@ -429,7 +436,7 @@ class CloudStormService {
Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath); Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath);
String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath); String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath);
String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64,secret); String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64, secret);
provisionedFiles.put("file_contents", encryptedCloudStormZipFileContents); provisionedFiles.put("file_contents", encryptedCloudStormZipFileContents);
provisionedFiles.put("encoding", "base64"); provisionedFiles.put("encoding", "base64");
provisionedFiles.put("file_ext", "zip"); provisionedFiles.put("file_ext", "zip");
......
...@@ -6,4 +6,5 @@ message.broker.queue.planner=planner ...@@ -6,4 +6,5 @@ message.broker.queue.planner=planner
message.broker.queue.deployer=deployer message.broker.queue.deployer=deployer
sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0 sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
cloud.storm.db.path=etc/UD cloud.storm.db.path=etc/UD
cloud.storm.secret=top_secret cloud.storm.secret=top_secret
\ No newline at end of file credential.secret=top_secret
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment