ui/src/main/java/org/akraino/validation/ui/conf/UiInitializer.java

   1 /*
   2  * Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License"); you may
   5  * not use this file except in compliance with the License. You may obtain
   6  * a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
  13  * implied. See the License for the specific language governing
  14  * permissions and limitations under the License.
  15  */
  16 package org.akraino.validation.ui.conf;
  17
  18 import java.io.IOException;
  19 import java.security.KeyManagementException;
  20 import java.security.NoSuchAlgorithmException;
  21 import java.security.cert.X509Certificate;
  22 import java.util.List;
  23 import java.util.Map;
  24
  25 import javax.net.ssl.HostnameVerifier;
  26 import javax.net.ssl.HttpsURLConnection;
  27 import javax.net.ssl.SSLContext;
  28 import javax.net.ssl.SSLSession;
  29 import javax.net.ssl.TrustManager;
  30 import javax.net.ssl.X509TrustManager;
  31
  32 import org.onap.portalsdk.core.domain.User;
  33 import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
  34 import org.onap.portalsdk.core.onboarding.util.CipherUtil;
  35 import org.onap.portalsdk.core.service.UserProfileService;
  36 import org.springframework.beans.factory.annotation.Autowired;
  37 import org.springframework.context.event.ContextRefreshedEvent;
  38 import org.springframework.context.event.EventListener;
  39 import org.springframework.stereotype.Component;
  40
  41 import com.sun.jersey.api.client.config.DefaultClientConfig;
  42 import com.sun.jersey.client.urlconnection.HTTPSProperties;
  43
  44 @Component
  45 public class UiInitializer {
  46
  47     @Autowired
  48     UserProfileService userService;
  49
  50     // Create all-trusting host name verifier
  51     private final HostnameVerifier hostnameVerifier = new HostnameVerifier() {
  52         @Override
  53         public boolean verify(String hostname, SSLSession session) {
  54             return true;
  55         }
  56     };
  57     // Create a trust manager that does not validate certificate chains
  58     private final TrustManager[] trustAll = new TrustManager[] { new X509TrustManager() {
  59         @Override
  60         public X509Certificate[] getAcceptedIssuers() {
  61             return null; // Not relevant.
  62         }
  63
  64         @Override
  65         public void checkClientTrusted(X509Certificate[] certs, String authType) {
  66             // Do nothing. Just allow them all.
  67         }
  68
  69         @Override
  70         public void checkServerTrusted(X509Certificate[] certs, String authType) {
  71             // Do nothing. Just allow them all.
  72         }
  73     } };
  74
  75     @EventListener(ContextRefreshedEvent.class)
  76     public void setHttpProperties() throws NoSuchAlgorithmException, KeyManagementException {
  77         if (System.getenv("TRUST_ALL") != null && System.getenv("TRUST_ALL").equals("true")) {
  78             SSLContext sslContext = SSLContext.getInstance("SSL");
  79             sslContext.init(null, this.trustAll, new java.security.SecureRandom());
  80             HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
  81             // Install the all-trusting host verifier
  82             HttpsURLConnection.setDefaultHostnameVerifier(this.hostnameVerifier);
  83             DefaultClientConfig config = new DefaultClientConfig();
  84             Map<String, Object> properties = config.getProperties();
  85             HTTPSProperties httpsProperties = new HTTPSProperties((str, sslSession) -> true, sslContext);
  86             properties.put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, httpsProperties);
  87         }
  88     }
  89
  90     @EventListener(ContextRefreshedEvent.class)
  91     public void updateAdminUser() throws RuntimeException, IOException, CipherUtilException {
  92         User admin = null;
  93         List<User> users = userService.findAllActive();
  94         for (User user : users) {
  95             if (user.getLoginId().equals("admin")) {
  96                 admin = user;
  97             }
  98         }
  99         if (admin == null) {
 100             throw new RuntimeException("Admin user does not exist");
 101         }
 102         if (admin.getLoginPwd().equals("admin_password")) {
 103             admin.setLoginPwd(
 104                     CipherUtil.encryptPKC(System.getenv("UI_ADMIN_PASSWORD"), System.getenv("ENCRYPTION_KEY")));
 105             userService.saveUser(admin);
 106         }
 107     }
 108
 109 }