xan/awips2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added all the remaining files from the most recent updates to unidata_18.2.1

Browse source 
- still need to rename (move) all the xml files that were moved
This commit is contained in:
Shay Carter 2021-06-03 16:38:43 -06:00
parent 73e9c4abd7
commit 5512593838
9 changed files with 681 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

364
edexOsgi/com.raytheon.uf.edex.registry.ebxml/src/com/raytheon/uf/edex/registry/ebxml/web/security/CredentialCache.java Normal file
View file

@ -0,0 +1,364 @@
/**
* This software was developed and / or modified by Raytheon Company,
* pursuant to Contract DG133W-05-CQ-1067 with the US Government.
*
* U.S. EXPORT CONTROLLED TECHNICAL DATA
* This software product contains export-restricted data whose
* export/transfer/disclosure is restricted by U.S. law. Dissemination
* to non-U.S. persons whether in the United States or abroad requires
* an export license or other authorization.
*
* Contractor Name: Raytheon Company
* Contractor Address: 6825 Pine Street, Suite 340
* Mail Stop B8
* Omaha, NE 68106
* 402.291.0100
*
* See the AWIPS II Master Rights File ("Master Rights File.pdf") for
* further licensing information.
**/
package com.raytheon.uf.edex.registry.ebxml.web.security;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.xml.ws.WebServiceException;
import oasis.names.tc.ebxml.regrep.xsd.rim.v4.PersonType;
import oasis.names.tc.ebxml.regrep.xsd.rim.v4.RegistryObjectType;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionTemplate;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.eventbus.AllowConcurrentEvents;
import com.google.common.eventbus.Subscribe;
import com.raytheon.uf.common.registry.constants.RegistryObjectTypes;
import com.raytheon.uf.common.registry.handler.RegistryHandlerException;
import com.raytheon.uf.common.registry.services.RegistryServiceException;
import com.raytheon.uf.common.security.encryption.AESEncryptor;
import com.raytheon.uf.common.status.IUFStatusHandler;
import com.raytheon.uf.common.status.UFStatus;
import com.raytheon.uf.common.status.UFStatus.Priority;
import com.raytheon.uf.edex.registry.ebxml.RegistryUsers;
import com.raytheon.uf.edex.registry.ebxml.dao.PersonDao;
import com.raytheon.uf.edex.registry.ebxml.services.RegistryRESTServices;
import com.raytheon.uf.edex.registry.ebxml.services.rest.RegistryFederationManager;
import com.raytheon.uf.edex.registry.events.CreateAuditTrailEvent;
import com.raytheon.uf.edex.security.SecurityConfiguration;
/**
*
* Cache object for holding users' credentials for accessing registry web
* services
*
* <pre>
*
* SOFTWARE HISTORY
*
* Date Ticket# Engineer Description
* ------------- -------- --------- --------------------------------------------
* Jul 10, 2014 1717 bphillip Initial creation
* Jul 24, 2014 1712 bphillip No longer singleton
* Jan 06, 2015 3918 dhladky Fixed issue where clients can't start
* without central registry.
* May 29, 2015 4448 bphillip Added default user to registry on startup
* Oct 20, 2015 4992 dhladky Improve error handling.
* Mar 04, 2016 5388 dhladky Changed AESEncryptor constructor
* Aug 09, 2016 5771 rjpeter Allow concurrent event processing
*
* </pre>
*
* @author bphillip
**/
public class CredentialCache {
/** The registry REST services */
private RegistryRESTServices restServices;
/** Data access object for person type */
private PersonDao personDao;
/** The Hibernate Transaction template */
private TransactionTemplate txTemplate;
/** The security configuration */
private SecurityConfiguration securityConfig;
/** AESEncryptor object */
private AESEncryptor encryption;
/** Field denoting if this registry is running in centralRegistry mode */
public static final boolean centralRegistry = System.getProperty(
"edex.run.mode").equals("centralRegistry");
/** States whether this node will join the federation */
public static final boolean isFederationEnabled = Boolean
.getBoolean("ebxml.registry.federation.enabled");
/** Address of the central registry */
private static final String CENTRAL_REGISTRY_ADDRESS = "https://"
+ (System.getProperty("ncf.host")) + ":"
+ (System.getProperty("ebxml.registry.webserver.port"));
private static final IUFStatusHandler statusHandler = UFStatus
.getHandler(CredentialCache.class);
/** used in non federated standalone environment */
private static final String DEFAULT_ROLE = "RegistryLocalAdministrator";
/** Cache holding users' credentials */
private final LoadingCache<String, String[]> credentialCache = CacheBuilder
.newBuilder().maximumSize(1000)
.expireAfterAccess(60, TimeUnit.MINUTES)
.build(new CacheLoader<String, String[]>() {
@Override
public String[] load(final String userName)
throws RegistryHandlerException {
return txTemplate
.execute(new TransactionCallback<String[]>() {
@Override
public String[] doInTransaction(
TransactionStatus status) {
String localUserName = userName;
PersonType user = null;
String password = null;
String role = null;
/*
* If we are the central registry, directly
* query the registry
*/
if (centralRegistry) {
user = personDao.getById(userName
+ RegistryUsers.USER_SUFFIX);
} else {
// This is a case required if you are
// connected to a central registry.
if (isFederationEnabled) {
String compareLocalUser = securityConfig
.getProperty(RegistryFederationManager.EDEX_SECURITY_AUTH_USER);
if (!compareLocalUser
.equals(userName)) {
statusHandler
.error("local registry and security.properties usernames are mismatched! registry userName: "
+ userName
+ " security.properties user: "
+ compareLocalUser);
}
/*
* If we are not the central
* registry, query the central
* registry to get the user's
* information
*/
try {
user = restServices
.getRegistryObject(
CENTRAL_REGISTRY_ADDRESS,
userName
+ RegistryUsers.USER_SUFFIX);
} catch (Exception e) {
throw new WebServiceException(
"Unable to authenicate user with central registry! userName: "
+ userName, e);
}
}
}
if (isFederationEnabled) {
/*
* User not found in federation mode
* means unauthorized
*/
if (user == null) {
throw new WebServiceException(
"userName: "
+ userName
+ " Is not Authorized!!!! Check your security.properties file for a mismatch!");
} else {
/*
* Put the user name, password, and
* role in the return array. Decrypt
* the password.
*/
localUserName = user
.getSlotValue(RegistryUsers.USER_SLOT_NAME);
try {
password = getEncryption()
.decrypt(
(String) user
.getSlotValue(RegistryUsers.PASSWORD_SLOT_NAME));
} catch (Exception e) {
throw new RegistryServiceException(
"Error decrypting password! userName: "
+ localUserName,
e);
}
role = user
.getSlotValue(RegistryUsers.ROLE_SLOT_NAME);
}
} else {
/*
* This is a case where you are not
* connected to a central registry
* (Standalone server and edge
* condition), use defaults.
*/
statusHandler
.handle(Priority.INFO,
"Federation not enabled! Proceeding with default user, pass, and role!");
localUserName = securityConfig
.getProperty(RegistryFederationManager.EDEX_SECURITY_AUTH_USER);
password = securityConfig
.getSecurityProperties()
.getProperty(
RegistryFederationManager.EDEX_SECURITY_AUTH_PASSWORD);
role = DEFAULT_ROLE;
}
return new String[] { localUserName,
password, role };
}
});
}
});
/**
* Protected constructor
*/
protected CredentialCache() {
}
/**
* Listens for updates to users and invalidates their entries in the cache
* if they have changed
*
* @param event
* The event to examine
*/
@Subscribe
@AllowConcurrentEvents
@Transactional(propagation = Propagation.REQUIRED)
public void processEvent(CreateAuditTrailEvent event) {
List<RegistryObjectType> objsAffected = event.getObjectsAffected();
for (RegistryObjectType affectedObj : objsAffected) {
if (RegistryObjectTypes.PERSON.equals(affectedObj.getObjectType())) {
credentialCache.invalidate(affectedObj.getId());
}
}
}
/**
* Gets a user from the provided user name
*
* @param userName
* The user name of the user
* @return An array containing the user name, password, and role of the user
* @throws RegistryServiceException
* If errors occur while accessing the cache
*/
public String[] getUser(String userName) throws RegistryServiceException {
try {
return credentialCache.get(userName);
} catch (ExecutionException e) {
throw new RegistryServiceException("Error retrieving user "
+ userName);
}
}
/**
* Gets the role of the given user
*
* @param userName
* The user name to get the role for
* @return The role of the given user
* @throws RegistryServiceException
* If errors occur while accessing the cache
*/
public String getUserRole(String userName) throws RegistryServiceException {
try {
return credentialCache.get(userName)[0];
} catch (ExecutionException e) {
throw new RegistryServiceException(
"Error retrieving role for user " + userName);
}
}
/**
* Gets the password for the given user
*
* @param userName
* The user to get the password for
* @return The password for the given user
* @throws RegistryServiceException
* If errors occur while accessing the cache
*/
public String getUserPassword(String userName)
throws RegistryServiceException {
try {
return credentialCache.get(userName)[1];
} catch (ExecutionException e) {
throw new RegistryServiceException(
"Error retrieving password for user " + userName);
}
}
/**
* @param restServices
* the restServices to set
*/
public void setRestServices(RegistryRESTServices restServices) {
this.restServices = restServices;
}
/**
* @param personDao
* the personDao to set
*/
public void setPersonDao(PersonDao personDao) {
this.personDao = personDao;
}
/**
* @param txTemplate
* the txTemplate to set
*/
public void setTxTemplate(TransactionTemplate txTemplate) {
this.txTemplate = txTemplate;
}
/**
* @param securityConfig
* the securityConfig to set
*/
public void setSecurityConfig(SecurityConfiguration securityConfig) {
this.securityConfig = securityConfig;
}
/**
* Loads the populated encryptor
*
* @return
*/
public AESEncryptor getEncryption() {
if ((securityConfig != null) && (encryption == null)) {
encryption = new AESEncryptor(securityConfig.getEncryptionKey());
}
return encryption;
}
}

59
edexOsgi/com.raytheon.uf.edex.registry.ebxml/src/com/raytheon/uf/edex/registry/ebxml/web/security/RegistryIPAccessHandler.java Normal file
View file

@ -0,0 +1,59 @@
/**
* This software was developed and / or modified by Raytheon Company,
* pursuant to Contract DG133W-05-CQ-1067 with the US Government.
*
* U.S. EXPORT CONTROLLED TECHNICAL DATA
* This software product contains export-restricted data whose
* export/transfer/disclosure is restricted by U.S. law. Dissemination
* to non-U.S. persons whether in the United States or abroad requires
* an export license or other authorization.
*
* Contractor Name: Raytheon Company
* Contractor Address: 6825 Pine Street, Suite 340
* Mail Stop B8
* Omaha, NE 68106
* 402.291.0100
*
* See the AWIPS II Master Rights File ("Master Rights File.pdf") for
* further licensing information.
**/
package com.raytheon.uf.edex.registry.ebxml.web.security;
import org.eclipse.jetty.server.handler.IPAccessHandler;
/**
*
* IP Access handler class used by Jetty to control white/black list IPs
*
* <pre>
*
* SOFTWARE HISTORY
*
* Date Ticket# Engineer Description
* ------------ ---------- ----------- --------------------------
* 2/27/2014 1712 bphillip Initial Creation
* </pre>
*
* @author bphillip
* @version 1
**/
public class RegistryIPAccessHandler extends IPAccessHandler {
private static final String DELIMITER = ";";
private static final String WHITELIST_PROPERTY = "ebxml-webserver-ip-whitelist";
private static final String BLACKLIST_PROPERTY = "ebxml-webserver-ip-blacklist";
public void setIPAccessControl() {
String whiteList = System.getProperty(WHITELIST_PROPERTY);
if (whiteList != null && !whiteList.trim().isEmpty()) {
setWhite(whiteList.split(DELIMITER));
}
String blackList = System.getProperty(BLACKLIST_PROPERTY);
if (blackList != null && !blackList.trim().isEmpty()) {
setBlack(blackList.split(DELIMITER));
}
}
}

93
edexOsgi/com.raytheon.uf.edex.registry.ebxml/src/com/raytheon/uf/edex/registry/ebxml/web/security/RegistryLoginModule.java Normal file
View file

@ -0,0 +1,93 @@
/**
* This software was developed and / or modified by Raytheon Company,
* pursuant to Contract DG133W-05-CQ-1067 with the US Government.
*
* U.S. EXPORT CONTROLLED TECHNICAL DATA
* This software product contains export-restricted data whose
* export/transfer/disclosure is restricted by U.S. law. Dissemination
* to non-U.S. persons whether in the United States or abroad requires
* an export license or other authorization.
*
* Contractor Name: Raytheon Company
* Contractor Address: 6825 Pine Street, Suite 340
* Mail Stop B8
* Omaha, NE 68106
* 402.291.0100
*
* See the AWIPS II Master Rights File ("Master Rights File.pdf") for
* further licensing information.
**/
package com.raytheon.uf.edex.registry.ebxml.web.security;
import java.util.ArrayList;
import java.util.List;
import javax.xml.ws.WebServiceException;
import org.eclipse.jetty.jaas.spi.AbstractLoginModule;
import org.eclipse.jetty.jaas.spi.UserInfo;
import org.eclipse.jetty.util.security.Credential;
import org.eclipse.jetty.util.security.Password;
import com.raytheon.uf.common.registry.services.RegistryServiceException;
import com.raytheon.uf.edex.core.EDEXUtil;
/**
*
* The registry login module used by the Jetty server hosting the registry
* services
*
* <pre>
*
* SOFTWARE HISTORY
*
* Date Ticket# Engineer Description
* ------------ ---------- ----------- --------------------------
* 7/10/2014 1717 bphillip Initial creation
* 7/24/2014 1712 bphillip Spring injection of CredentialCache
* 11/10/2015 4839 nabowle Jetty9 compatibility.
* </pre>
*
* @author bphillip
* @version 1
**/
public class RegistryLoginModule extends AbstractLoginModule {
/** Cache of user credentials */
private CredentialCache credentialCache;
/**
* Creates a new RegistryLoginModule
*/
public RegistryLoginModule() {
super();
/*
* This class is instantiated via reflection by the Jetty server. Therefore
* direct spring injection is not possible
*/
this.credentialCache = (CredentialCache) EDEXUtil
.getESBComponent("credentialCache");
}
@Override
public UserInfo getUserInfo(final String userName) {
String[] user = null;
try {
user = credentialCache.getUser(userName);
} catch (RegistryServiceException e) {
throw new WebServiceException("User [" + userName
+ " Not authorized!", e);
}
for (String userField : user) {
if (userField == null) {
throw new WebServiceException("User [" + userName
+ " Not authorized!");
}
}
List<String> roleList = new ArrayList<String>(1);
roleList.add(user[2]);
Credential credential = new Password(user[1]);
UserInfo userInfo = new UserInfo(userName, credential, roleList);
return userInfo;
}
}

87
edexOsgi/com.raytheon.uf.edex.registry.ebxml/src/com/raytheon/uf/edex/registry/ebxml/web/security/RegistrySSLContextFactory.java Normal file
View file

@ -0,0 +1,87 @@
/**
* This software was developed and / or modified by Raytheon Company,
* pursuant to Contract DG133W-05-CQ-1067 with the US Government.
*
* U.S. EXPORT CONTROLLED TECHNICAL DATA
* This software product contains export-restricted data whose
* export/transfer/disclosure is restricted by U.S. law. Dissemination
* to non-U.S. persons whether in the United States or abroad requires
* an export license or other authorization.
*
* Contractor Name: Raytheon Company
* Contractor Address: 6825 Pine Street, Suite 340
* Mail Stop B8
* Omaha, NE 68106
* 402.291.0100
*
* See the AWIPS II Master Rights File ("Master Rights File.pdf") for
* further licensing information.
**/
package com.raytheon.uf.edex.registry.ebxml.web.security;
import java.io.IOException;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import com.raytheon.uf.common.security.encryption.AESEncryptor;
import com.raytheon.uf.edex.security.SecurityConfiguration;
/**
*
* Custom SslContextFacotry implementation which accepts encrypted values for passwords
*
* <pre>
*
* SOFTWARE HISTORY
*
* Date Ticket# Engineer Description
* ------------ ---------- ----------- --------------------------
* 7/10/2014 1717 bphillip Initial creation
* Mar 04, 2016 5388 dhladky Changed AESEncryptor constructor
* </pre>
*
* @author bphillip
* @version 1
**/
public class RegistrySSLContextFactory extends SslContextFactory {
private AESEncryptor encryption;
private SecurityConfiguration securityConfiguration;
public RegistrySSLContextFactory() throws IOException {
super();
this.securityConfiguration = new SecurityConfiguration();
this.encryption = new AESEncryptor(securityConfiguration.getEncryptionKey());
}
@Override
public void setKeyStorePassword(String password) {
try {
super.setKeyStorePassword(encryption.decrypt(password));
} catch (Exception e) {
throw new RuntimeException("Error setting web server properties!",
e);
}
}
@Override
public void setTrustStorePassword(String password) {
try {
super.setTrustStorePassword(encryption.decrypt(password));
} catch (Exception e) {
throw new RuntimeException("Error setting web server properties!",
e);
}
}
public void setKeyManagerPassword(String password) {
try {
super.setKeyManagerPassword(encryption.decrypt(password));
} catch (Exception e) {
throw new RuntimeException("Error setting web server properties!",
e);
}
}
}

16
rpms/awips2.upc/Installer.ldm/patch/dev/checkENI.csh Normal file
View file

@ -0,0 +1,16 @@
#!/bin/csh
#determine if ENI DTA time series script is running
set iRun = `ps -ef | grep processDTAtimeseries.csh | grep -v grep | wc -l`
#if not
if ($iRun < 1) then
#remove the contents of the /tmp directory
rm -Rvf /tmp/eniTSwork/*
#re-run the script
csh /usr/local/ldm/bin/eni/processDTAtimeseries.csh bg1 &
#if so
else
#everything is okay
echo "There are $iRun processes running..."
endif

34
rpms/awips2.upc/Installer.ldm/patch/dev/checkFileTime.pl Normal file
View file

@ -0,0 +1,34 @@
#!/bin/perl
#$path="/awips2/data_store/grid";
@paths=("/awips2/data_store/grid","/awips2/data_store/modelsounding");
foreach $path(@paths)
{
#find files that haven't been touched in the past 5 minutes
$syscmd="find $path -name \"*-concat-*\" -mmin +5";
print "\t$syscmd\n";
@output=`$syscmd`;
foreach $line(@output)
{
chomp $line;
if($line!~/\/staging\//) { next; }
@dirs=split(/\//, $line);
$outPath="";
for($i=0; $i<$#dirs-1; $i++)
{ $outPath.=$dirs[$i]."/"; }
$file=$dirs[-1];
$syscmd = "mv $line $outPath";
print "\t$syscmd\n";
`$syscmd`;
$syscmd=" /awips2/python/bin/python /awips2/ldm/dev/notifyAWIPS2-unidata.py $outPath/$file";
print "\t$syscmd\n";
`$syscmd`;
}
}

0
rpms/awips2.upc/Installer.ldm/patch/dev/logs/purgeRadar.log Normal file
View file

23
rpms/awips2.upc/Installer.ldm/patch/dev/notifyAWIPS2-unidata.py Normal file
View file

@ -0,0 +1,23 @@
#!/awips2/python/bin/python
#from ufpy import qpidingest
from sys import argv
from os import path
from awips.qpidingest import *
#read in command line argument as path
inPath = argv[1]
header = path.basename(inPath)
#make connection to QPID
#conn = qpidingest.IngestViaQPID(host='cpsbn1',port=5672,ssl=True)
conn = IngestViaQPID()
#send message to QPID
print "sending %s with a header of %s"%(inPath,header)
conn.sendmessage(inPath,header)
#close QPID connection
conn.close()

5
rpms/awips2.upc/Installer.ldm/patch/etc/pqact.radar Normal file
View file

@ -0,0 +1,5 @@
#
# NEXRAD3 site products
#
NEXRAD3|HDS ^SDUS[235678]. (....) (..)(..)(..).*/p(...)(...)
FILE -overwrite -close -edex /awips2/data_store/radar/(\2:yyyy)(\2:mm)\2//\3/\6/\6_\5_(\2:yyyy)(\2:mm)\2_\3\4