Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * */ package org.apache.ranger.common; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.security.KeyStore; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.Set; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.credentialapi.CredentialReader; import org.springframework.beans.BeansException; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; public class PropertiesUtil extends PropertyPlaceholderConfigurer { private static Map<String, String> propertiesMap = new HashMap<String, String>(); private static final Logger logger = Logger.getLogger(PropertiesUtil.class); protected List<String> xmlPropertyConfigurer = new ArrayList<String>(); private PropertiesUtil() { } @Override protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props) throws BeansException { // First let's add the system properties Set<Object> keySet = System.getProperties().keySet(); for (Object key : keySet) { String keyStr = key.toString(); propertiesMap.put(keyStr, System.getProperties().getProperty(keyStr).trim()); } // Let's add our properties now keySet = props.keySet(); for (Object key : keySet) { String keyStr = key.toString(); propertiesMap.put(keyStr, props.getProperty(keyStr).trim()); } // update system trust store path with custom trust store. if (propertiesMap != null && propertiesMap.containsKey("ranger.truststore.file")) { if (!StringUtils.isEmpty(propertiesMap.get("ranger.truststore.file"))) { System.setProperty("javax.net.ssl.trustStore", propertiesMap.get("ranger.truststore.file")); System.setProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); Path trustStoreFile = Paths.get(propertiesMap.get("ranger.truststore.file")); if (!Files.exists(trustStoreFile) || !Files.isReadable(trustStoreFile)) { logger.debug("Could not find or read truststore file '" + propertiesMap.get("ranger.truststore.file") + "'"); } else { if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path")) { String path = propertiesMap.get("ranger.credential.provider.path"); String trustStoreAlias = getProperty("ranger.truststore.alias", "trustStoreAlias"); if (path != null && trustStoreAlias != null) { String trustStorePassword = CredentialReader.getDecryptedString(path.trim(), trustStoreAlias.trim()); if (trustStorePassword != null && !trustStorePassword.trim().isEmpty() && !trustStorePassword.trim().equalsIgnoreCase("none")) { propertiesMap.put("ranger.truststore.password", trustStorePassword); props.put("ranger.truststore.password", trustStorePassword); } else { logger.info( "trustStorePassword password not applied; clear text password shall be applicable"); } } } } } System.setProperty("javax.net.ssl.trustStorePassword", propertiesMap.get("ranger.truststore.password")); } // update system key store path with custom key store. if (propertiesMap != null && propertiesMap.containsKey("ranger.keystore.file")) { if (!StringUtils.isEmpty(propertiesMap.get("ranger.keystore.file"))) { System.setProperty("javax.net.ssl.keyStore", propertiesMap.get("ranger.keystore.file")); System.setProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); Path keyStoreFile = Paths.get(propertiesMap.get("ranger.keystore.file")); if (!Files.exists(keyStoreFile) || !Files.isReadable(keyStoreFile)) { logger.debug("Could not find or read keystore file '" + propertiesMap.get("ranger.keystore.file") + "'"); } else { if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path")) { String path = propertiesMap.get("ranger.credential.provider.path"); String keyStoreAlias = getProperty("ranger.keystore.alias", "keyStoreAlias"); if (path != null && keyStoreAlias != null) { String keyStorePassword = CredentialReader.getDecryptedString(path.trim(), keyStoreAlias.trim()); if (keyStorePassword != null && !keyStorePassword.trim().isEmpty() && !keyStorePassword.trim().equalsIgnoreCase("none")) { propertiesMap.put("ranger.keystore.password", keyStorePassword); props.put("ranger.keystore.password", keyStorePassword); } else { logger.info( "keyStorePassword password not applied; clear text password shall be applicable"); } } } } } System.setProperty("javax.net.ssl.keyStorePassword", propertiesMap.get("ranger.keystore.password")); } //update unixauth keystore and truststore credentials if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path")) { String path = propertiesMap.get("ranger.credential.provider.path"); if (path != null) { String unixAuthKeyStoreAlias = getProperty("ranger.unixauth.keystore.alias", "unixAuthKeyStoreAlias"); if (unixAuthKeyStoreAlias != null) { String unixAuthKeyStorePass = CredentialReader.getDecryptedString(path.trim(), unixAuthKeyStoreAlias.trim()); if (unixAuthKeyStorePass != null && !unixAuthKeyStorePass.trim().isEmpty() && !unixAuthKeyStorePass.trim().equalsIgnoreCase("none")) { propertiesMap.put("ranger.unixauth.keystore.password", unixAuthKeyStorePass); props.put("ranger.unixauth.keystore.password", unixAuthKeyStorePass); } else { logger.info( "unixauth keystore password not applied; clear text password shall be applicable"); } } // String unixAuthTrustStoreAlias = getProperty("ranger.unixauth.truststore.alias", "unixAuthTrustStoreAlias"); if (unixAuthTrustStoreAlias != null) { String unixAuthTrustStorePass = CredentialReader.getDecryptedString(path.trim(), unixAuthTrustStoreAlias.trim()); if (unixAuthTrustStorePass != null && !unixAuthTrustStorePass.trim().isEmpty() && !unixAuthTrustStorePass.trim().equalsIgnoreCase("none")) { propertiesMap.put("ranger.unixauth.truststore.password", unixAuthTrustStorePass); props.put("ranger.unixauth.truststore.password", unixAuthTrustStorePass); } else { logger.info( "unixauth truststore password not applied; clear text password shall be applicable"); } } } } //update credential from keystore if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.jpa.jdbc.credential.alias")) { String path = propertiesMap.get("ranger.credential.provider.path"); String alias = propertiesMap.get("ranger.jpa.jdbc.credential.alias"); if (path != null && alias != null) { String xaDBPassword = CredentialReader.getDecryptedString(path.trim(), alias.trim()); if (xaDBPassword != null && !xaDBPassword.trim().isEmpty() && !"none".equalsIgnoreCase(xaDBPassword.trim())) { propertiesMap.put("ranger.jpa.jdbc.password", xaDBPassword); props.put("ranger.jpa.jdbc.password", xaDBPassword); } else { logger.info( "Credential keystore password not applied for Ranger DB; clear text password shall be applicable"); } } } if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.jpa.audit.jdbc.credential.alias")) { String path = propertiesMap.get("ranger.credential.provider.path"); String alias = propertiesMap.get("ranger.jpa.audit.jdbc.credential.alias"); if (path != null && alias != null) { String auditDBPassword = CredentialReader.getDecryptedString(path.trim(), alias.trim()); if (auditDBPassword != null && !auditDBPassword.trim().isEmpty() && !"none".equalsIgnoreCase(auditDBPassword.trim())) { propertiesMap.put("ranger.jpa.audit.jdbc.password", auditDBPassword); props.put("ranger.jpa.audit.jdbc.password", auditDBPassword); } else { logger.info( "Credential keystore password not applied for Audit DB; clear text password shall be applicable"); } } } if (propertiesMap != null && propertiesMap.containsKey("ranger.authentication.method")) { String authenticationMethod = propertiesMap.get("ranger.authentication.method"); if (authenticationMethod != null && ("ACTIVE_DIRECTORY".equalsIgnoreCase(authenticationMethod) || "AD".equalsIgnoreCase(authenticationMethod))) { if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.ldap.ad.binddn.credential.alias")) { String path = propertiesMap.get("ranger.credential.provider.path"); String alias = propertiesMap.get("ranger.ldap.ad.binddn.credential.alias"); if (path != null && alias != null) { String bindDNPassword = CredentialReader.getDecryptedString(path.trim(), alias.trim()); if (bindDNPassword != null && !bindDNPassword.trim().isEmpty() && !"none".equalsIgnoreCase(bindDNPassword.trim())) { propertiesMap.put("ranger.ldap.ad.bind.password", bindDNPassword); props.put("ranger.ldap.ad.bind.password", bindDNPassword); } else { logger.info( "Credential keystore password not applied for AD Bind DN; clear text password shall be applicable"); } } } } } if (propertiesMap != null && propertiesMap.containsKey("ranger.authentication.method")) { String authenticationMethod = propertiesMap.get("ranger.authentication.method"); if (authenticationMethod != null && ("LDAP".equalsIgnoreCase(authenticationMethod))) { if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.ldap.binddn.credential.alias")) { String path = propertiesMap.get("ranger.credential.provider.path"); String alias = propertiesMap.get("ranger.ldap.binddn.credential.alias"); if (path != null && alias != null) { String bindDNPassword = CredentialReader.getDecryptedString(path.trim(), alias.trim()); if (bindDNPassword != null && !bindDNPassword.trim().isEmpty() && !"none".equalsIgnoreCase(bindDNPassword.trim())) { propertiesMap.put("ranger.ldap.bind.password", bindDNPassword); props.put("ranger.ldap.bind.password", bindDNPassword); } else { logger.info( "Credential keystore password not applied for LDAP Bind DN; clear text password shall be applicable"); } } } } } if (propertiesMap != null && propertiesMap.containsKey("ranger.audit.source.type")) { String auditStore = propertiesMap.get("ranger.audit.source.type"); if (auditStore != null && ("solr".equalsIgnoreCase(auditStore))) { if (propertiesMap != null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.solr.audit.credential.alias")) { String path = propertiesMap.get("ranger.credential.provider.path"); String alias = propertiesMap.get("ranger.solr.audit.credential.alias"); if (path != null && alias != null) { String solrAuditPassword = CredentialReader.getDecryptedString(path.trim(), alias.trim()); if (solrAuditPassword != null && !solrAuditPassword.trim().isEmpty() && !"none".equalsIgnoreCase(solrAuditPassword.trim())) { propertiesMap.put("ranger.solr.audit.user.password", solrAuditPassword); props.put("ranger.solr.audit.user.password", solrAuditPassword); } else { logger.info( "Credential keystore password not applied for Solr; clear text password shall be applicable"); } } } } } if (propertiesMap != null) { String sha256PasswordUpdateDisable = "false"; if (propertiesMap.containsKey("ranger.sha256Password.update.disable")) { sha256PasswordUpdateDisable = propertiesMap.get("ranger.sha256Password.update.disable"); if (sha256PasswordUpdateDisable == null || sha256PasswordUpdateDisable.trim().isEmpty() || !"true".equalsIgnoreCase(sha256PasswordUpdateDisable)) { sha256PasswordUpdateDisable = "false"; } } propertiesMap.put("ranger.sha256Password.update.disable", sha256PasswordUpdateDisable); props.put("ranger.sha256Password.update.disable", sha256PasswordUpdateDisable); } if (RangerBizUtil.getDBFlavor() == AppConstants.DB_FLAVOR_MYSQL) { if (propertiesMap != null && propertiesMap.containsKey("ranger.db.ssl.enabled")) { String db_ssl_enabled = propertiesMap.get("ranger.db.ssl.enabled"); if (StringUtils.isEmpty(db_ssl_enabled) || !"true".equalsIgnoreCase(db_ssl_enabled)) { db_ssl_enabled = "false"; } db_ssl_enabled = db_ssl_enabled.toLowerCase(); if ("true".equalsIgnoreCase(db_ssl_enabled)) { String db_ssl_required = propertiesMap.get("ranger.db.ssl.required"); if (StringUtils.isEmpty(db_ssl_required) || !"true".equalsIgnoreCase(db_ssl_required)) { db_ssl_required = "false"; } db_ssl_required = db_ssl_required.toLowerCase(); String db_ssl_verifyServerCertificate = propertiesMap .get("ranger.db.ssl.verifyServerCertificate"); if (StringUtils.isEmpty(db_ssl_verifyServerCertificate) || !"true".equalsIgnoreCase(db_ssl_verifyServerCertificate)) { db_ssl_verifyServerCertificate = "false"; } db_ssl_verifyServerCertificate = db_ssl_verifyServerCertificate.toLowerCase(); propertiesMap.put("ranger.db.ssl.enabled", db_ssl_enabled); props.put("ranger.db.ssl.enabled", db_ssl_enabled); propertiesMap.put("ranger.db.ssl.required", db_ssl_required); props.put("ranger.db.ssl.required", db_ssl_required); propertiesMap.put("ranger.db.ssl.verifyServerCertificate", db_ssl_verifyServerCertificate); props.put("ranger.db.ssl.verifyServerCertificate", db_ssl_verifyServerCertificate); String ranger_jpa_jdbc_url = propertiesMap.get("ranger.jpa.jdbc.url"); if (!StringUtils.isEmpty(ranger_jpa_jdbc_url)) { StringBuffer ranger_jpa_jdbc_url_ssl = new StringBuffer(ranger_jpa_jdbc_url); ranger_jpa_jdbc_url_ssl.append("?useSSL=" + db_ssl_enabled + "&requireSSL=" + db_ssl_required + "&verifyServerCertificate=" + db_ssl_verifyServerCertificate); propertiesMap.put("ranger.jpa.jdbc.url", ranger_jpa_jdbc_url_ssl.toString()); props.put("ranger.jpa.jdbc.url", ranger_jpa_jdbc_url_ssl.toString()); logger.info("ranger.jpa.jdbc.url=" + ranger_jpa_jdbc_url_ssl.toString()); } } } } super.processProperties(beanFactory, props); } public static String getProperty(String key, String defaultValue) { if (key == null) { return null; } String rtrnVal = propertiesMap.get(key); if (rtrnVal == null) { rtrnVal = defaultValue; } return rtrnVal; } public static String getProperty(String key) { if (key == null) { return null; } return propertiesMap.get(key); } public static String[] getPropertyStringList(String key) { if (key == null) { return null; } String value = propertiesMap.get(key); if (value != null) { String[] splitValues = value.split(","); String[] returnValues = new String[splitValues.length]; for (int i = 0; i < splitValues.length; i++) { returnValues[i] = splitValues[i].trim(); } return returnValues; } else { return new String[0]; } } public static Integer getIntProperty(String key, int defaultValue) { if (key == null) { return defaultValue; } String rtrnVal = propertiesMap.get(key); if (rtrnVal == null) { return defaultValue; } return Integer.valueOf(rtrnVal); } public static long getLongProperty(String key, long defaultValue) { if (key == null) { return defaultValue; } String rtrnVal = propertiesMap.get(key); if (rtrnVal == null) { return defaultValue; } return Long.valueOf(rtrnVal); } public static Integer getIntProperty(String key) { if (key == null) { return null; } String rtrnVal = propertiesMap.get(key); if (rtrnVal == null) { return null; } return Integer.valueOf(rtrnVal); } public static boolean getBooleanProperty(String key, boolean defaultValue) { if (key == null) { return defaultValue; } String value = getProperty(key); if (value == null) { return defaultValue; } return Boolean.parseBoolean(value); } public static Map<String, String> getPropertiesMap() { return propertiesMap; } public static Properties getProps() { Properties ret = new Properties(); if (propertiesMap != null) { ret.putAll(propertiesMap); } return ret; } }