added encryption

e902d50b · Spiros Koulouzis · a9a921fd · e902d50b · e902d50b · e902d50b
Commit e902d50b authored Jun 05, 2020 by Spiros Koulouzis
6 changed files
--- a/manager/src/main/java/nl/uva/sne/drip/service/CredentialService.java
+++ b/manager/src/main/java/nl/uva/sne/drip/service/CredentialService.java
@@ -6,12 +6,22 @@
 package nl.uva.sne.drip.service;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import nl.uva.sne.drip.commons.utils.Converter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import nl.uva.sne.drip.dao.CredentialDAO;
 import nl.uva.sne.drip.model.tosca.Credential;
+import org.springframework.beans.factory.annotation.Value;
 /**
 *
@@ -20,17 +30,21 @@ import nl.uva.sne.drip.model.tosca.Credential;
 @Service
 public class CredentialService {
+    @Value("${credential.secret}")
+    private String credentialSecret;
    @Autowired
    private CredentialDAO dao;
-    public String save(Credential document) {
+    public String save(Credential document) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
-        dao.save(document);
+        dao.save(encryptCredential(document));
        return document.getId();
    }
-    public Credential findByID(String id) throws JsonProcessingException {
+    public Credential findByID(String id) {
-        Credential credentials = dao.findById(id).get();
+        Credential credential = dao.findById(id).get();
-        return credentials;
+        return credential;
    }
    public void deleteByID(String id) {
@@ -54,4 +68,21 @@ public class CredentialService {
        return dao.findBycloudProviderName(provider);
    }
+    private Credential encryptCredential(Credential credential) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+        Map<String, String> credKeys = credential.getKeys();
+        Set<String> keySet = credKeys.keySet();
+        for (String key : keySet) {
+            String credKey = credKeys.get(key);
+            if (credKey != null) {
+                credKeys.put(key, Converter.encryptString(credKey, credentialSecret));
+            }
+        }
+        String token = credential.getToken();
+        if (token != null) {
+            credential.setToken(Converter.encryptString(token, credentialSecret));
+        }
+        return credential;
+    }
 }
--- a/manager/src/main/resources/application.properties
+++ b/manager/src/main/resources/application.properties
@@ -19,3 +19,5 @@ db.username=drip-user
 db.password=drip-pass
 sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
+credential.secret=top_secret
\ No newline at end of file
--- a/manager/src/test/java/nl/uva/sne/drip/service/ServiceTests.java
+++ b/manager/src/test/java/nl/uva/sne/drip/service/ServiceTests.java
@@ -28,6 +28,8 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.List;
@@ -37,6 +39,9 @@ import java.util.Set;
 import java.util.concurrent.TimeoutException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
 import nl.uva.sne.drip.Swagger2SpringBoot;
 import nl.uva.sne.drip.api.NotFoundException;
 import nl.uva.sne.drip.commons.utils.Constants;
@@ -301,7 +306,7 @@ public class ServiceTests {
     * Test of save method, of class CredentialService.
     */
    @Test
-    public void testCredentialServiceSave() {
+    public void testCredentialServiceSave() throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Logger.getLogger(ServiceTests.class.getName()).log(Level.INFO, "save");
        saveCredential();
    }
@@ -332,7 +337,7 @@ public class ServiceTests {
        assertEquals(keystorFileChecksum, keystorFileCopyChecksum);
    }
-    public String saveCredential() {
+    public String saveCredential() throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Logger.getLogger(ServiceTests.class.getName()).log(Level.INFO, "saveCredential");
        Credential document = new Credential();
        document.setCloudProviderName("exogeni");
@@ -364,7 +369,7 @@ public class ServiceTests {
     * @throws com.fasterxml.jackson.core.JsonProcessingException
     */
    @Test
-    public void testCredentialServiceDeleteByID() throws JsonProcessingException {
+    public void testCredentialServiceDeleteByID() throws JsonProcessingException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Logger.getLogger(ServiceTests.class.getName()).log(Level.INFO, "deleteByID");
        String id = saveCredential();
        credentialService.deleteByID(id);
@@ -382,7 +387,7 @@ public class ServiceTests {
     * Test of getAllIds method, of class CredentialService.
     */
    @Test
-    public void testCredentialServiceGetAllIds() {
+    public void testCredentialServiceGetAllIds() throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Logger.getLogger(ServiceTests.class.getName()).log(Level.INFO, "getAllIds");
        testCredentialServiceDeleteAll();
        int numOfINst = 3;
@@ -404,7 +409,7 @@ public class ServiceTests {
    }
    @Test
-    public void testSetProvisionerOperation() throws FileNotFoundException, IOException, MissingCredentialsException, ApiException, TypeExeption, JsonProcessingException, TimeoutException, InterruptedException, NotFoundException, MissingVMTopologyException {
+    public void testSetProvisionerOperation() throws FileNotFoundException, IOException, MissingCredentialsException, ApiException, TypeExeption, JsonProcessingException, TimeoutException, InterruptedException, NotFoundException, MissingVMTopologyException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        if (ToscaHelper.isServiceUp(sureToscaBasePath) && ToscaHelper.isServiceUp("http://" + messageBrokerHost + ":15672")) {
            addRandomCredential("ExoGENI");
@@ -447,7 +452,7 @@ public class ServiceTests {
        }
    }
-    private void addRandomCredential(String providerName) {
+    private void addRandomCredential(String providerName) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Credential document = new Credential();
        document.setCloudProviderName(providerName);
        Map<String, String> keys = new HashMap<>();

--- a/provisioner/Dockerfile
+++ b/provisioner/Dockerfile
@@ -8,7 +8,7 @@ CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties &
    sed -ie "s#^message.broker.host=.*#message.broker.host=$RABBITMQ_HOST#" application.properties && \ 
    sed -ie "s#^sure-tosca.base.path=.*#sure-tosca.base.path=$SURE_TOSCA_BASE_PATH#" application.properties && \
    ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \
-    sed -ie "s#^secret=.*#secret=$ENCRYPTION_PASSWORD#" application.properties && \
+    echo "cloud.storm.secret=$ENCRYPTION_PASSWORD" >> application.properties && \
    echo "cloud.storm.db.path=/etc/UD" >> application.properties && \
    cat application.properties && \
    jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \

--- a/provisioner/src/main/java/nl/uva/sne/drip/provisioner/CloudStormService.java
+++ b/provisioner/src/main/java/nl/uva/sne/drip/provisioner/CloudStormService.java
@@ -113,7 +113,7 @@ class CloudStormService {
        if (sureToscaBasePath == null) {
            throw new NullPointerException("sureToscaBasePath cannot be null");
        }
-        secret = properties.getProperty("secret");
+        secret = properties.getProperty("cloud.storm.secret");
        if (secret == null) {
            throw new NullPointerException("secret cannot be null");
        }

--- a/provisioner/src/main/resources/application.properties
+++ b/provisioner/src/main/resources/application.properties
@@ -6,4 +6,4 @@ message.broker.queue.planner=planner
 message.broker.queue.deployer=deployer
 sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
 cloud.storm.db.path=etc/UD
-secret=top_secret
+cloud.storm.secret=top_secret
\ No newline at end of file