entaxy/entaxy-public
14
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

release version 1.10.0

Browse Source
This commit is contained in:
Валерия Бородина
2024-12-14 04:07:49 +03:00
parent a5088587f7
commit c6b3d793c4
1916 changed files with 254306 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
platform/runtime/security/security-integration/htpasswd/src/main/java/ru/entaxy/esb/system/auth/basic/htpasswd/HtpasswdGenerator.java Normal file
View File

@ -0,0 +1,99 @@
/*-
* ~~~~~~licensing~~~~~~
* htpasswd
* ==========
* Copyright (C) 2020 - 2024 EmDev LLC
* ==========
* You may not use this file except in accordance with the License Terms of the Copyright
* Holder located at: https://entaxy.ru/eula . All copyrights, all intellectual property
* rights to the Software and any copies are the property of the Copyright Holder. Unless
* it is explicitly allowed the Copyright Holder, the User is prohibited from using the
* Software for commercial purposes to provide services to third parties.
*
* The Copyright Holder hereby declares that the Software is provided on an "AS IS".
* Under no circumstances does the Copyright Holder guarantee or promise that the
* Software provided by him will be suitable or not suitable for the specific purposes
* of the User, that the Software will meet all commercial and personal subjective
* expectations of the User, that the Software will work properly, without technical
* errors, quickly and uninterruptedly.
*
* Under no circumstances shall the Copyright Holder or its Affiliates is not liable
* to the User for any direct or indirect losses of the User, his expenses or actual
* damage, including, downtime; loss of bussines; lost profit; lost earnings; loss
* or damage to data, property, etc.
* ~~~~~~/licensing~~~~~~
*/
package ru.entaxy.esb.system.auth.basic.htpasswd;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import ru.entaxy.esb.system.auth.basic.htpasswd.entity.Htpasswd;
import ru.entaxy.esb.system.auth.basic.jpa.api.entity.BasicAuthAccount;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.util.List;
public class HtpasswdGenerator {
private static final Log LOG = LogFactory.getLog(HtpasswdGenerator.class);
private String checkSumFileName;
public Htpasswd htpasswd;
public void generateHtpasswd(List<BasicAuthAccount> accounts, String salt) throws IOException, NoSuchAlgorithmException {
htpasswd.setMasterSalt(salt);
htpasswd.prepare(accounts);
createFile();
}
private void createFile() throws IOException {
String content = htpasswd.toString();
LOG.trace("HTTPASSWD " + content);
String storeFolder = htpasswd.getDirectory();
File folder = new File(storeFolder);
folder.mkdirs();
File htpasswdFile = new File(folder.getAbsolutePath() + File.separator + htpasswd.getFileName());
Path path = Paths.get(htpasswdFile.getAbsolutePath());
Files.write(path, content.getBytes());
String checkSum = calculateCheckSum(path);
File checkSumFile = new File(folder.getAbsolutePath() + File.separator + checkSumFileName);
path = Paths.get(checkSumFile.getAbsolutePath());
Files.write(path, checkSum.getBytes());
}
private String calculateCheckSum(Path path) throws IOException {
String md5;
try (InputStream is = Files.newInputStream(path)) {
md5 = DigestUtils.md5Hex(is);
}
return md5;
}
public Htpasswd getHtpasswd() {
return htpasswd;
}
public void setHtpasswd(Htpasswd htpasswd) {
this.htpasswd = htpasswd;
}
public String getCheckSumFileName() {
return checkSumFileName;
}
public void setCheckSumFileName(String checkSumFileName) {
this.checkSumFileName = checkSumFileName;
}
}

104
platform/runtime/security/security-integration/htpasswd/src/main/java/ru/entaxy/esb/system/auth/basic/htpasswd/entity/Htpasswd.java Normal file
View File

@ -0,0 +1,104 @@
/*-
* ~~~~~~licensing~~~~~~
* htpasswd
* ==========
* Copyright (C) 2020 - 2024 EmDev LLC
* ==========
* You may not use this file except in accordance with the License Terms of the Copyright
* Holder located at: https://entaxy.ru/eula . All copyrights, all intellectual property
* rights to the Software and any copies are the property of the Copyright Holder. Unless
* it is explicitly allowed the Copyright Holder, the User is prohibited from using the
* Software for commercial purposes to provide services to third parties.
*
* The Copyright Holder hereby declares that the Software is provided on an "AS IS".
* Under no circumstances does the Copyright Holder guarantee or promise that the
* Software provided by him will be suitable or not suitable for the specific purposes
* of the User, that the Software will meet all commercial and personal subjective
* expectations of the User, that the Software will work properly, without technical
* errors, quickly and uninterruptedly.
*
* Under no circumstances shall the Copyright Holder or its Affiliates is not liable
* to the User for any direct or indirect losses of the User, his expenses or actual
* damage, including, downtime; loss of bussines; lost profit; lost earnings; loss
* or damage to data, property, etc.
* ~~~~~~/licensing~~~~~~
*/
package ru.entaxy.esb.system.auth.basic.htpasswd.entity;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import ru.entaxy.esb.system.auth.basic.jpa.api.entity.BasicAuthAccount;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
public class Htpasswd {
private static final Log LOG = LogFactory.getLog(Htpasswd.class);
private String directory;
private String fileName;
private String masterSalt = null;
private final List<HtpasswdEntry> entries = new ArrayList<>();
public Htpasswd() {
}
public void prepare(List<BasicAuthAccount> accounts) throws NoSuchAlgorithmException {
if (masterSalt == null || masterSalt.isEmpty()) {
throw new IllegalArgumentException("masterSalt not setted!");
}
if (accounts != null && accounts.size() > 0) {
entries.clear();
for (BasicAuthAccount account : accounts) {
entries.add(new HtpasswdEntry(
account.getLogin(),
account.getPasswordHash(),
masterSalt,
account.getEncryptionAlgorithm().getAlgorithmName()));
}
}
}
public void addString(String login, String passwordHash, String encryptionAlgorithm) throws NoSuchAlgorithmException {
entries.add(new HtpasswdEntry(
login,
passwordHash,
masterSalt,
encryptionAlgorithm));
}
public String getDirectory() {
return directory;
}
public void setDirectory(String directory) {
this.directory = directory;
}
public String getFileName() {
return fileName;
}
public void setFileName(String fileName) {
this.fileName = fileName;
}
public String getMasterSalt() {
return masterSalt;
}
public void setMasterSalt(String masterSalt) {
this.masterSalt = masterSalt;
}
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
for (HtpasswdEntry entry : entries) {
builder.append(entry.toString());
}
return builder.toString();
}
}

92
platform/runtime/security/security-integration/htpasswd/src/main/java/ru/entaxy/esb/system/auth/basic/htpasswd/entity/HtpasswdEntry.java Normal file
View File

@ -0,0 +1,92 @@
/*-
* ~~~~~~licensing~~~~~~
* htpasswd
* ==========
* Copyright (C) 2020 - 2024 EmDev LLC
* ==========
* You may not use this file except in accordance with the License Terms of the Copyright
* Holder located at: https://entaxy.ru/eula . All copyrights, all intellectual property
* rights to the Software and any copies are the property of the Copyright Holder. Unless
* it is explicitly allowed the Copyright Holder, the User is prohibited from using the
* Software for commercial purposes to provide services to third parties.
*
* The Copyright Holder hereby declares that the Software is provided on an "AS IS".
* Under no circumstances does the Copyright Holder guarantee or promise that the
* Software provided by him will be suitable or not suitable for the specific purposes
* of the User, that the Software will meet all commercial and personal subjective
* expectations of the User, that the Software will work properly, without technical
* errors, quickly and uninterruptedly.
*
* Under no circumstances shall the Copyright Holder or its Affiliates is not liable
* to the User for any direct or indirect losses of the User, his expenses or actual
* damage, including, downtime; loss of bussines; lost profit; lost earnings; loss
* or damage to data, property, etc.
* ~~~~~~/licensing~~~~~~
*/
package ru.entaxy.esb.system.auth.basic.htpasswd.entity;
import org.apache.commons.codec.binary.Base64;
import ru.entaxy.esb.system.auth.basic.jpa.api.entity.field.EncryptionAlgorithm;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
public class HtpasswdEntry {
private static final String APR1_PREFIX = "$apr1$";
private static final String SHA512_PREFIX = "$6$";
private static final String SALTED_SHA1_PREFIX = "{SSHA}";
private static final String PLAIN_PREFIX = "{PLAIN}";
private static final String COLON = ":";
private final String resultLine;
public HtpasswdEntry(String login, String passwordHash, String salt, String encryptionAlgorithm) throws NoSuchAlgorithmException {
this(login, passwordHash, salt, encryptionAlgorithm, true);
}
public HtpasswdEntry(String login, String passwordHash, String salt, String encryptionAlgorithm, boolean addLineSeparator) throws NoSuchAlgorithmException {
StringBuilder content = new StringBuilder();
content.append(login).append(COLON);
if (EncryptionAlgorithm.MD5.equalsName(encryptionAlgorithm)) {
content
.append(APR1_PREFIX)
.append(salt)
.append("$")
.append(passwordHash);
} else if (EncryptionAlgorithm.SHA1.equalsName(encryptionAlgorithm)) {
content.append(SALTED_SHA1_PREFIX);
byte[] digest = Base64.decodeBase64(passwordHash);
byte[] saltBytes = salt.getBytes(StandardCharsets.UTF_8);
int l1 = digest.length;
int l2 = saltBytes.length;
byte[] resultArr = new byte[l1 + l2];
System.arraycopy(digest, 0, resultArr, 0, l1);
System.arraycopy(saltBytes, 0, resultArr, l1, l2);
content.append(Base64.encodeBase64String(resultArr));
} else if (EncryptionAlgorithm.SHA512.equalsName(encryptionAlgorithm)) {
content
.append(SHA512_PREFIX)
.append(salt)
.append("$")
.append(passwordHash);
} else if (EncryptionAlgorithm.PLAIN.equalsName(encryptionAlgorithm)) {
content
.append(PLAIN_PREFIX)
.append(passwordHash);
} else {
content.append(passwordHash);
}
content.append(System.lineSeparator());
this.resultLine = content.toString();
}
@Override
public String toString() {
return resultLine;
}
}

49
platform/runtime/security/security-integration/htpasswd/src/main/java/ru/entaxy/esb/system/auth/basic/htpasswd/rest/HtpasswdService.java Normal file
View File

@ -0,0 +1,49 @@
/*-
* ~~~~~~licensing~~~~~~
* htpasswd
* ==========
* Copyright (C) 2020 - 2024 EmDev LLC
* ==========
* You may not use this file except in accordance with the License Terms of the Copyright
* Holder located at: https://entaxy.ru/eula . All copyrights, all intellectual property
* rights to the Software and any copies are the property of the Copyright Holder. Unless
* it is explicitly allowed the Copyright Holder, the User is prohibited from using the
* Software for commercial purposes to provide services to third parties.
*
* The Copyright Holder hereby declares that the Software is provided on an "AS IS".
* Under no circumstances does the Copyright Holder guarantee or promise that the
* Software provided by him will be suitable or not suitable for the specific purposes
* of the User, that the Software will meet all commercial and personal subjective
* expectations of the User, that the Software will work properly, without technical
* errors, quickly and uninterruptedly.
*
* Under no circumstances shall the Copyright Holder or its Affiliates is not liable
* to the User for any direct or indirect losses of the User, his expenses or actual
* damage, including, downtime; loss of bussines; lost profit; lost earnings; loss
* or damage to data, property, etc.
* ~~~~~~/licensing~~~~~~
*/
package ru.entaxy.esb.system.auth.basic.htpasswd.rest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import java.io.File;
@Path("/")
public class HtpasswdService {
@GET
@Produces("application/octet-stream")
public File getFile() {
return null;
}
@GET
@Path("/checksum")
@Produces("plain/text")
public String getCheckSum() {
return null;
}
}

104
platform/runtime/security/security-integration/htpasswd/src/main/resources/OSGI-INF/blueprint/htpasswd-context.xml Normal file
View File

@ -0,0 +1,104 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~~~~~~licensing~~~~~~
htpasswd
==========
Copyright (C) 2020 - 2024 EmDev LLC
==========
You may not use this file except in accordance with the License Terms of the Copyright
Holder located at: https://entaxy.ru/eula . All copyrights, all intellectual property
rights to the Software and any copies are the property of the Copyright Holder. Unless
it is explicitly allowed the Copyright Holder, the User is prohibited from using the
Software for commercial purposes to provide services to third parties.
The Copyright Holder hereby declares that the Software is provided on an "AS IS".
Under no circumstances does the Copyright Holder guarantee or promise that the
Software provided by him will be suitable or not suitable for the specific purposes
of the User, that the Software will meet all commercial and personal subjective
expectations of the User, that the Software will work properly, without technical
errors, quickly and uninterruptedly.
Under no circumstances shall the Copyright Holder or its Affiliates is not liable
to the User for any direct or indirect losses of the User, his expenses or actual
damage, including, downtime; loss of bussines; lost profit; lost earnings; loss
or damage to data, property, etc.
~~~~~~/licensing~~~~~~
-->
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xmlns:camelcxf="http://camel.apache.org/schema/blueprint/cxf"
xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
<cm:property-placeholder persistent-id="ru.entaxy.esb.system.basic_auth.htpasswd" update-strategy="reload">
<cm:default-properties>
<cm:property name="htpasswd.file.directory" value="securityTest"/>
<cm:property name="htpasswd.file.name" value="htpasswd"/>
<cm:property name="htpasswd.file.checksum" value="MD5.md5"/>
<cm:property name="htpasswd.service.host" value="http://localhost"/>
<cm:property name="htpasswd.service.port" value="9091"/>
<cm:property name="htpasswd.service.root.path" value="/htpasswd"/>
</cm:default-properties>
</cm:property-placeholder>
<bean id="htpasswd" class="ru.entaxy.esb.system.auth.basic.htpasswd.entity.Htpasswd">
<property name="fileName" value="${htpasswd.file.name}"/>
<property name="directory" value="${htpasswd.file.directory}"/>
</bean>
<service ref="htpasswdGenerator" interface="ru.entaxy.esb.system.auth.basic.htpasswd.HtpasswdGenerator"/>
<bean id="htpasswdGenerator" class="ru.entaxy.esb.system.auth.basic.htpasswd.HtpasswdGenerator">
<property name="htpasswd" ref="htpasswd"/>
<property name="checkSumFileName" value="${htpasswd.file.checksum}"/>
</bean>
<!-- <reference id="phaseInterceptor" -->
<!-- interface="org.apache.cxf.phase.PhaseInterceptor" -->
<!-- filter="(type=system)" -->
<!-- timeout="30000" -->
<!-- availability="optional"/> -->
<!-- <cxf:bus id="entaxy"> -->
<!-- <cxf:inInterceptors> -->
<!-- <ref component-id="phaseInterceptor"/> -->
<!-- </cxf:inInterceptors> -->
<!-- </cxf:bus> -->
<camelcxf:rsServer id="rsServer"
address="${htpasswd.service.host}:${htpasswd.service.port}${htpasswd.service.root.path}"
serviceClass="ru.entaxy.esb.system.auth.basic.htpasswd.rest.HtpasswdService"
loggingFeatureEnabled="false" loggingSizeLimit="20"/>
<camelContext id="htpasswd-camel-context" xmlns="http://camel.apache.org/schema/blueprint">
<route id="htpasswdServiceRouter">
<from uri="cxfrs:bean:rsServer?bindingStyle=SimpleConsumer"/>
<log loggingLevel="DEBUG" message="Htpassed service operation ${header.operationName}"/>
<toD uri="direct:${header.operationName}"/>
</route>
<route id="file">
<from uri="direct:getFile"/>
<pollEnrich timeout="0">
<simple>file:${properties:htpasswd.file.directory}?noop=true&amp;fileName=${properties:htpasswd.file.name}&amp;idempotent=false</simple>
</pollEnrich>
<convertBodyTo type="String"/>
<setHeader name="moddate">
<simple>${file:modified}</simple>
</setHeader>
<log loggingLevel="DEBUG" message="Return htpasswd file with modification date ${date:header.moddate:dd.MM.yyyy HH:mm:ss}"/>
</route>
<route id="checkSum">
<from uri="direct:getCheckSum"/>
<pollEnrich timeout="0">
<simple>file:${properties:htpasswd.file.directory}?noop=true&amp;fileName=${properties:htpasswd.file.checksum}&amp;idempotent=false</simple>
</pollEnrich>
<convertBodyTo type="String"/>
<log loggingLevel="DEBUG" message="Current htpasswd checkSum ${body}"/>
</route>
</camelContext>
</blueprint>

73
platform/runtime/security/security-integration/htpasswd/src/main/resources/script/htpasswd-checker.sh Normal file
View File

@ -0,0 +1,73 @@
###
# ~~~~~~licensing~~~~~~
# htpasswd
# ==========
# Copyright (C) 2020 - 2024 EmDev LLC
# ==========
# You may not use this file except in accordance with the License Terms of the Copyright
# Holder located at: https://entaxy.ru/eula . All copyrights, all intellectual property
# rights to the Software and any copies are the property of the Copyright Holder. Unless
# it is explicitly allowed the Copyright Holder, the User is prohibited from using the
# Software for commercial purposes to provide services to third parties.
#
# The Copyright Holder hereby declares that the Software is provided on an "AS IS".
# Under no circumstances does the Copyright Holder guarantee or promise that the
# Software provided by him will be suitable or not suitable for the specific purposes
# of the User, that the Software will meet all commercial and personal subjective
# expectations of the User, that the Software will work properly, without technical
# errors, quickly and uninterruptedly.
#
# Under no circumstances shall the Copyright Holder or its Affiliates is not liable
# to the User for any direct or indirect losses of the User, his expenses or actual
# damage, including, downtime; loss of bussines; lost profit; lost earnings; loss
# or damage to data, property, etc.
# ~~~~~~/licensing~~~~~~
###
#!/bin/bash
KARAF_HOST_NAMES=("http://192.168.122.93:9091" "http://192.168.122.94:9091")
HTPASSWD_PATH=/htpasswd
CHECKSUM_PATH=$HTPASSWD_PATH/checksum
HTPASSWD_STORAGE=/etc/nginx/htpasswd
LOGFILE="htpasswd-sync.log"
TIMESTAMP=`date "+%Y-%m-%d %H:%M:%S"`
currentChecksum=`md5sum $HTPASSWD_STORAGE | awk '{ print $1 }'`
log(){
echo "$TIMESTAMP $1" >> $LOGFILE
}
#download actual checksum from karaf
for actualHost in ${KARAF_HOST_NAMES[*]}; do
wget -O checksum $actualHost$CHECKSUM_PATH
newChecksum=`cat checksum`
rm checksum
if [[ -n $newChecksum ]]
then
log "checksum received from host $actualHost"
break
else
log "host $actualHost did not give checksum data"
fi
done
log "newChecksum $newChecksum"
log "currentChecksum $currentChecksum"
if [[ -n $newChecksum ]] && { [[ -z $currentChecksum ]] || [ $currentChecksum != $newChecksum ]; };
then
wget -O htpasswd $actualHost$HTPASSWD_PATH
sudo mv htpasswd $HTPASSWD_STORAGE
sudo chmod 644 $HTPASSWD_STORAGE
sudo chown root:root $HTPASSWD_STORAGE
sudo systemctl reload nginx
log ">>>>>>>>>>>>>>>>> Htpasswd updated"
else
if [[ -n $newChecksum ]]
then
log ">>>>>>>>>>>>>>>>> Htpasswd is up to date"
else
log ">>>>>>>>>>>>>>>>> Script finished with error: new checksum not received!"
#error action
fi
fi