Add encryption/decryption to subscription passwords (#390)

* Add encryption/decryption to subscription passwords

Author: Christoffer-Cortes

src/functionaltests/java/com/ericsson/ei/encryption/EncryptionSteps.java

@@ -0,0 +1,168 @@
+package com.ericsson.ei.encryption;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockserver.integration.ClientAndServer.startClientAndServer;
+import static org.mockserver.model.HttpRequest.request;
+import static org.mockserver.model.HttpResponse.response;
+import static org.slf4j.LoggerFactory.getLogger;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import org.json.JSONObject;
+import org.junit.Ignore;
+import org.mockserver.integration.ClientAndServer;
+import org.mockserver.verify.VerificationTimes;
+import org.slf4j.Logger;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.TestPropertySource;
+
+import com.ericsson.ei.utils.FunctionalTestBase;
+import com.ericsson.ei.utils.HttpRequest;
+import com.ericsson.eiffelcommons.subscriptionobject.RestPostSubscriptionObject;
+
+import cucumber.api.java.Before;
+import cucumber.api.java.en.Then;
+import cucumber.api.java.en.When;
+
+@Ignore
+@TestPropertySource(properties = { "spring.data.mongodb.database: EncryptionSteps",
+        "missedNotificationDataBaseName: EncryptionSteps-missedNotifications",
+        "rabbitmq.exchange.name: EncryptionSteps-exchange",
+        "rabbitmq.consumerName: EncryptionSteps-consumer",
+        "jasypt.encryptor.password: secret" })
+public class EncryptionSteps extends FunctionalTestBase {
+
+    private static final Logger LOGGER = getLogger(EncryptionSteps.class);
+
+    private static final String EIFFEL_EVENTS_JSON_PATH = "src/functionaltests/resources/eiffel_events_for_test.json";
+    private static final String SUBSCRIPTION_GET_ENDPOINT = "/subscriptions/<name>";
+    private static final String SUBSCRIPTION_ROOT_ENDPOINT = "/subscriptions";
+    private static final String MOCK_ENDPOINT = "/notify-me";
+    private static final String AUTH_HEADER_NAME = "Authorization";
+    private static final String AUTH_HEADER_VALUE = "Basic dXNlcm5hbWU6cGFzc3dvcmQ=";
+    private static final int NOTIFICATION_SLEEP = 5;
+
+    private static final String SUBSCRIPTION_NAME = "MySubscription";
+    private static final String MEDIA_TYPE = "application/x-www-form-urlencoded";
+    private static final String NOTIFICATION_META = "http://localhost:{port}/notify-me";
+    private static final String CONDITION_KEY = "jmespath";
+    private static final String CONDITION_VALUE = "split(identity, '/') | [1] =='com.mycompany.myproduct'";
+    private static final String USERNAME = "username";
+    private static final String PASSWORD = "password";
+    private static final String AUTH_TYPE = "BASIC_AUTH";
+
+    @LocalServerPort
+    private int applicationPort;
+
+    private ResponseEntity response;
+    private String mockServerPort;
+    private ClientAndServer clientAndServer;
+
+    @Before
+    public void init() throws IOException {
+        clientAndServer = startClientAndServer();
+        mockServerPort = String.valueOf(clientAndServer.getLocalPort());
+        setUpMock();
+    }
+
+    @When("^a subscription is created$")
+    public void subscriptionIsCreated() throws Exception {
+        LOGGER.debug("Creating a subscription.");
+        RestPostSubscriptionObject subscription = new RestPostSubscriptionObject(SUBSCRIPTION_NAME);
+        subscription.setNotificationMeta(NOTIFICATION_META.replace("{port}", mockServerPort));
+        subscription.setRestPostBodyMediaType(MEDIA_TYPE);
+        subscription.addNotificationMessageKeyValue("json", "dummy");
+        JSONObject condition = new JSONObject().put(CONDITION_KEY, CONDITION_VALUE);
+        subscription.addConditionToRequirement(0, condition);
+        subscription.setUsername(USERNAME);
+        subscription.setPassword(PASSWORD);
+        subscription.setAuthenticationType(AUTH_TYPE);
+
+        List<String> subscriptionsToSend = new ArrayList<>();
+        subscriptionsToSend.add(subscription.toString());
+        postSubscriptions(subscriptionsToSend.toString());
+        validateSubscriptionsSuccessfullyAdded();
+    }
+
+    @When("^eiffel events are sent$")
+    public void eiffelEventsAreSent() throws IOException, InterruptedException {
+        LOGGER.debug("Sending Eiffel events.");
+        List<String> eventNamesToSend = getEventNamesToSend();
+        eventManager.sendEiffelEvents(EIFFEL_EVENTS_JSON_PATH, eventNamesToSend);
+        List<String> eventsIdList = eventManager.getEventsIdList(EIFFEL_EVENTS_JSON_PATH,
+                eventNamesToSend);
+        List<String> missingEventIds = dbManager.verifyEventsInDB(eventsIdList, 0);
+        String errorMessage = "The following events are missing in mongoDB: "
+                + missingEventIds.toString();
+        assertEquals(errorMessage, 0, missingEventIds.size());
+    }
+
+    @Then("^the password should be encrypted in the database$")
+    public void passwordShouldBeEncrypted() {
+        LOGGER.debug("Verifying encoded password in subscription.");
+        String json = dbManager.getSubscription(SUBSCRIPTION_NAME);
+        JSONObject subscription = new JSONObject(json);
+        String password = subscription.getString("password");
+        assertTrue(EncryptionFormatter.isEncrypted(password));
+    }
+
+    @Then("^the subscription should trigger$")
+    public void subscriptionShouldTrigger() throws InterruptedException {
+        LOGGER.info("Verifying that subscription was triggered");
+        TimeUnit.SECONDS.sleep(NOTIFICATION_SLEEP);
+        clientAndServer.verify(request().withPath(MOCK_ENDPOINT).withBody(""),
+                VerificationTimes.atLeast(1));
+    }
+
+    @Then("^the notification should be sent with a decrypted password$")
+    public void notificationShouldBeSentWithDecryptedPassword() {
+        LOGGER.info("Verifying that notification contains decrypted password");
+        clientAndServer.verify(
+                request().withPath(MOCK_ENDPOINT).withHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE),
+                VerificationTimes.atLeast(1));
+    }
+
+    private void postSubscriptions(String jsonDataAsString) throws Exception {
+        HttpRequest postRequest = new HttpRequest(HttpRequest.HttpMethod.POST);
+        response = postRequest.setHost(getHostName())
+                              .setPort(applicationPort)
+                              .addHeader("content-type", "application/json")
+                              .addHeader("Accept", "application/json")
+                              .setEndpoint(SUBSCRIPTION_ROOT_ENDPOINT)
+                              .setBody(jsonDataAsString)
+                              .performRequest();
+        assertEquals("Expected to add subscription to EI", HttpStatus.OK.value(),
+                response.getStatusCodeValue());
+    }
+
+    private void validateSubscriptionsSuccessfullyAdded()
+            throws Exception {
+        String endpoint = SUBSCRIPTION_GET_ENDPOINT.replaceAll("<name>", SUBSCRIPTION_NAME);
+        HttpRequest getRequest = new HttpRequest(HttpRequest.HttpMethod.GET);
+        response = getRequest.setHost(getHostName())
+                             .setPort(applicationPort)
+                             .addHeader("content-type", "application/json")
+                             .addHeader("Accept", "application/json")
+                             .setEndpoint(endpoint)
+                             .performRequest();
+        assertEquals("Subscription successfully added in EI: ", HttpStatus.OK.value(),
+                response.getStatusCodeValue());
+    }
+
+    private List<String> getEventNamesToSend() {
+        List<String> eventNames = new ArrayList<>();
+        eventNames.add("event_EiffelArtifactCreatedEvent_3");
+        return eventNames;
+    }
+
+    private void setUpMock() {
+        clientAndServer.when(request().withMethod("POST").withPath(MOCK_ENDPOINT))
+                       .respond(response().withStatusCode(200).withBody(""));
+    }
+}

src/functionaltests/java/com/ericsson/ei/encryption/TestEncryptionRunner.java

@@ -0,0 +1,14 @@
+package com.ericsson.ei.encryption;
+
+import org.junit.runner.RunWith;
+
+import cucumber.api.CucumberOptions;
+import cucumber.api.junit.Cucumber;
+
+@RunWith(Cucumber.class)
+@CucumberOptions(features = "src/functionaltests/resources/features/encryption.feature", glue = {
+        "com.ericsson.ei.encryption" }, plugin = {
+                "html:target/cucumber-reports/TestEncryptionRunner" })
+public class TestEncryptionRunner {
+
+}

src/functionaltests/java/com/ericsson/ei/notifications/trigger/SubscriptionNotificationSteps.java

@@ -211,7 +211,6 @@ public void missed_notification_db_should_contain_x_objects(int maxObjectsInDB)
         String condition = "{}";
         int missedNotifications = getDbSizeForCondition(minWaitTime, maxWaittime, maxObjectsInDB, condition);
 
-        assertEquals(missedNotifications, maxObjectsInDB);
         assertEquals("Number of missed notifications saved in the database: " + missedNotifications, maxObjectsInDB,
                 missedNotifications);
     }
@@ -451,6 +450,7 @@ private int getDbSizeForCondition(int minWaitTime, int maxWaitTime, int expected
         }
         System.out.println("##########################################################");
         LOGGER.error("DB size did not match expected, Subsctiptions:\n{}", queryResult);
+
         return queryResult.size();
     }
 }

src/functionaltests/java/com/ericsson/ei/utils/DataBaseManager.java

@@ -5,6 +5,7 @@
 import java.util.concurrent.TimeUnit;
 
 import org.bson.Document;
+import org.bson.conversions.Bson;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.mongo.MongoProperties;
@@ -13,6 +14,7 @@
 import com.mongodb.MongoClient;
 import com.mongodb.client.MongoCollection;
 import com.mongodb.client.MongoDatabase;
+import com.mongodb.client.model.Filters;
 
 import gherkin.deps.com.google.gson.JsonObject;
 import gherkin.deps.com.google.gson.JsonParser;
@@ -25,14 +27,17 @@ public class DataBaseManager {
     private String database;
 
     @Value("${event_object_map.collection.name}")
-    private String collection;
+    private String eventMapCollection;
 
     @Value("${aggregated.collection.name}")
     private String aggregatedCollectionName;
 
     @Value("${waitlist.collection.name}")
     private String waitlistCollectionName;
 
+    @Value("${subscription.collection.name}")
+    private String subscriptionCollectionName;
+
     @Getter
     @Autowired
     private MongoProperties mongoProperties;
@@ -78,8 +83,8 @@ public boolean verifyAggregatedObjectExistsInDB() throws InterruptedException {
         while (stopTime > System.currentTimeMillis()) {
             mongoClient = new MongoClient(getMongoDbHost(), getMongoDbPort());
             MongoDatabase db = mongoClient.getDatabase(database);
-            MongoCollection<Document> table = db.getCollection(aggregatedCollectionName);
-            List<Document> documents = table.find().into(new ArrayList<>());
+            MongoCollection<Document> collection = db.getCollection(aggregatedCollectionName);
+            List<Document> documents = collection.find().into(new ArrayList<>());
             TimeUnit.MILLISECONDS.sleep(1000);
             if (!documents.isEmpty()) {
                 return true;
@@ -98,8 +103,8 @@ public boolean verifyAggregatedObjectExistsInDB() throws InterruptedException {
     private List<String> compareArgumentsWithAggregatedObjectInDB(List<String> checklist) {
         mongoClient = new MongoClient(getMongoDbHost(), getMongoDbPort());
         MongoDatabase db = mongoClient.getDatabase(database);
-        MongoCollection<Document> table = db.getCollection(aggregatedCollectionName);
-        List<Document> documents = table.find().into(new ArrayList<>());
+        MongoCollection<Document> collection = db.getCollection(aggregatedCollectionName);
+        List<Document> documents = collection.find().into(new ArrayList<>());
         for (Document document : documents) {
             for (String expectedValue : new ArrayList<>(checklist)) {
                 if (document.toString().contains(expectedValue)) {
@@ -140,8 +145,8 @@ public List<String> verifyEventsInDB(List<String> eventsIdList, int extraCheckDe
     private List<String> compareSentEventsWithEventsInDB(List<String> checklist) {
         mongoClient = new MongoClient(getMongoDbHost(), getMongoDbPort());
         MongoDatabase db = mongoClient.getDatabase(database);
-        MongoCollection<Document> table = db.getCollection(collection);
-        List<Document> documents = table.find().into(new ArrayList<>());
+        MongoCollection<Document> collection = db.getCollection(eventMapCollection);
+        List<Document> documents = collection.find().into(new ArrayList<>());
         for (Document document : documents) {
             for (String expectedID : new ArrayList<>(checklist)) {
                 if (expectedID.equals(document.get("_id").toString())) {
@@ -174,8 +179,23 @@ public String getValueFromQuery(List<String> databaseQueryResult, String key, in
     public int waitListSize() {
         mongoClient = new MongoClient(getMongoDbHost(), getMongoDbPort());
         MongoDatabase db = mongoClient.getDatabase(database);
-        MongoCollection<Document> table = db.getCollection(waitlistCollectionName);
-        List<Document> documents = table.find().into(new ArrayList<>());
+        MongoCollection<Document> collection = db.getCollection(waitlistCollectionName);
+        List<Document> documents = collection.find().into(new ArrayList<>());
         return documents.size();
     }
+
+    /**
+     * Get a specific subscription from the database based on the subscription name.
+     *
+     * @param subscriptionName
+     * @return the document as JSON string
+     */
+    public String getSubscription(String subscriptionName) {
+        mongoClient = new MongoClient(getMongoDbHost(), getMongoDbPort());
+        MongoDatabase db = mongoClient.getDatabase(database);
+        MongoCollection<Document> collection = db.getCollection(subscriptionCollectionName);
+        Bson filter = Filters.eq("subscriptionName", subscriptionName);
+        Document document = collection.find(filter).first();
+        return document.toJson();
+    }
 }

src/functionaltests/resources/features/encryption.feature

@@ -0,0 +1,10 @@
+@Encryption
+Feature: Test Encryption on subscription passwords
+
+  @EncryptionScenario
+  Scenario: Encryption and decryption of subscription password
+    When a subscription is created
+    Then the password should be encrypted in the database
+    When eiffel events are sent
+    Then the subscription should trigger
+    And the notification should be sent with a decrypted password

src/main/java/com/ericsson/ei/EndpointSecurity.java

@@ -19,11 +19,11 @@
 
 import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.codec.binary.StringUtils;
-import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 import org.json.JSONArray;
 import org.json.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -33,8 +33,9 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 
+import com.ericsson.ei.encryption.EncryptionFormatter;
+import com.ericsson.ei.encryption.Encryptor;
 import com.ericsson.ei.exception.AbortExecutionException;
-import com.ericsson.ei.utils.TextFormatter;
 
 @Configuration
 @EnableWebSecurity
@@ -48,8 +49,8 @@ public class EndpointSecurity extends WebSecurityConfigurerAdapter {
     @Value("${ldap.server.list:}")
     private String ldapServerList;
 
-    @Value("${jasypt.encryptor.password:}")
-    private String jasyptEncryptorPassword;
+    @Autowired
+    private Encryptor encryptor;;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
@@ -97,7 +98,7 @@ private void addLDAPServersFromList(JSONArray serverList, AuthenticationManagerB
             JSONObject server = (JSONObject) serverList.get(i);
             String password = server.getString("password");
 
-            if (checkIfPasswordEncrypted(password)) {
+            if (EncryptionFormatter.isEncrypted(password)) {
                 password = decryptPassword(password);
             }
             else {
@@ -116,23 +117,13 @@ private void addLDAPServersFromList(JSONArray serverList, AuthenticationManagerB
         }
     }
 
-    private boolean checkIfPasswordEncrypted(final String password) {
-        return (password.startsWith("ENC(") && password.endsWith(")"));
-    }
-    
     private String decryptPassword(final String inputEncryptedPassword) throws Exception {
-        TextFormatter textFormatter = new TextFormatter();
-        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
-
-        if (jasyptEncryptorPassword.isEmpty()) {
+        if (encryptor.isJasyptPasswordSet()) {
             LOGGER.error("Property -jasypt.encryptor.password need to be set for decrypting LDAP password.");
             throw new AbortExecutionException("Failed to initiate LDAP when password is encrypted. " + 
                                 "Property -jasypt.encryptor.password need to be set for decrypting LDAP password.");
         }
 
-        encryptor.setPassword(jasyptEncryptorPassword);
-
-        String encryptedPassword = textFormatter.removeEncryptionParentheses(inputEncryptedPassword);
-        return encryptor.decrypt(encryptedPassword);
+        return encryptor.decrypt(inputEncryptedPassword);
     }
 }

src/main/java/com/ericsson/ei/controller/model/AuthenticationType.java

@@ -0,0 +1,16 @@
+package com.ericsson.ei.controller.model;
+
+public enum AuthenticationType {
+    NO_AUTH("NO_AUTH"), BASIC_AUTH("BASIC_AUTH"),
+    BASIC_AUTH_JENKINS_CSRF("BASIC_AUTH_JENKINS_CSRF");
+
+    private final String authenticationType;
+
+    private AuthenticationType(String authenticationType) {
+        this.authenticationType = authenticationType;
+    }
+
+    public String getValue() {
+        return this.authenticationType;
+    }
+}