aboutsummaryrefslogtreecommitdiffstats
path: root/datafile-app-server/src/main
diff options
context:
space:
mode:
authorTomasz Wrobel <tomasz.wrobel@nokia.com>2022-05-13 09:01:26 +0200
committerTomasz Wrobel <tomasz.wrobel@nokia.com>2022-07-06 06:09:50 +0200
commit5da97dc829f00e8549ccf5617b434aa911578d8b (patch)
treefb0a293b051a7f2e46ea736356cd6edf98a9371d /datafile-app-server/src/main
parent7fdc015b330cf36d4a272af7e9ce31f60248bfd6 (diff)
Make TLS connection optional1.8.0
Issue-ID: DCAEGEN2-3039 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: Id637ba17c655407009a4f40f6c93f518b99e45ff
Diffstat (limited to 'datafile-app-server/src/main')
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java8
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java6
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java61
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java10
4 files changed, 69 insertions, 16 deletions
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
index f11a85a0..0691d721 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START======================================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -234,6 +234,10 @@ public class AppConfig {
this.certificateConfiguration = certificateConfig;
this.sftpConfiguration = sftpConfig;
+ if (!certificateConfig.enableCertAuth()) {
+ logger.debug("External TLS certificate disabled, skipping setup HTTPS client");
+ return;
+ }
HttpsClientConnectionManagerUtil.setupOrUpdate(certificateConfig.keyCert(), certificateConfig.keyPasswordPath(),
certificateConfig.trustedCa(), certificateConfig.trustedCaPasswordPath(),
certificateConfig.httpsHostnameVerify());
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
index 78be36d3..668fcc77 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
@@ -1,6 +1,7 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2018-2021 NOKIA Intellectual Property, 2019 Nordix Foundation. All rights reserved.
+ * Copyright (C) 2018-2022 Nokia. All rights reserved.
+ * Copyright (C) 2019 Nordix Foundation. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -50,4 +51,7 @@ public abstract class CertificateConfig implements Serializable {
@Value.Parameter
public abstract Boolean httpsHostnameVerify();
+
+ @Value.Parameter
+ public abstract Boolean enableCertAuth();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
index 025166c2..db811fac 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -48,6 +48,8 @@ import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys;
import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore;
import org.onap.dcaegen2.services.sdk.security.ssl.Passwords;
import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Parses the cloud configuration.
@@ -74,6 +76,8 @@ public class CloudConfigParser {
private static final int EXPECTED_NUMBER_OF_SOURCE_TOPICS = 1;
private static final int FIRST_SOURCE_INDEX = 0;
+ private static final Logger logger = LoggerFactory.getLogger(CloudConfigParser.class);
+
private final Properties systemEnvironment;
private final JsonObject jsonObject;
@@ -103,10 +107,10 @@ public class CloudConfigParser {
.publishUrl(getAsString(feedConfig, "publish_url")) //
.password(getAsString(feedConfig, "password")) //
.userName(getAsString(feedConfig, "username")) //
- .trustStorePath(getAsString(jsonObject, DMAAP_SECURITY_TRUST_STORE_PATH)) //
- .trustStorePasswordPath(getAsString(jsonObject, DMAAP_SECURITY_TRUST_STORE_PASS_PATH)) //
- .keyStorePath(getAsString(jsonObject, DMAAP_SECURITY_KEY_STORE_PATH)) //
- .keyStorePasswordPath(getAsString(jsonObject, DMAAP_SECURITY_KEY_STORE_PASS_PATH)) //
+ .trustStorePath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_TRUST_STORE_PATH,"")) //
+ .trustStorePasswordPath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_TRUST_STORE_PASS_PATH, "")) //
+ .keyStorePath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_KEY_STORE_PATH,"")) //
+ .keyStorePasswordPath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_KEY_STORE_PASS_PATH,"")) //
.enableDmaapCertAuth(get(jsonObject, DMAAP_SECURITY_ENABLE_DMAAP_CERT_AUTH).getAsBoolean()) //
.changeIdentifier(changeIdentifier) //
.logUrl(getAsString(feedConfig, "log_url")) //
@@ -189,12 +193,38 @@ public class CloudConfigParser {
* @throws DatafileTaskException if a member of the configuration is missing.
*/
public @NotNull CertificateConfig getCertificateConfig() throws DatafileTaskException {
+ boolean enableCertAuth = getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.enableCertAuth",
+ Boolean.TRUE);
+
+ String keyCert = "";
+ String keyPasswordPath = "";
+ String trustedCa = "";
+ String trustedCaPasswordPath = "";
+ boolean httpsHostnameVerify = true;
+
+ if (enableCertAuth) {
+ logger.debug("TlS enabled, attempt to read certificates property");
+ try {
+ keyCert = getAsString(jsonObject, "dmaap.certificateConfig.keyCert");
+ keyPasswordPath = getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath");
+ trustedCa = getAsString(jsonObject, "dmaap.certificateConfig.trustedCa");
+ trustedCaPasswordPath = getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath");
+ httpsHostnameVerify = getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify",
+ Boolean.TRUE);
+ } catch (DatafileTaskException e) {
+ throw new DatafileTaskException(
+ "Wrong configuration. External certificate enabled but configs are missing: "
+ + e.getMessage());
+ }
+ }
+
return new ImmutableCertificateConfig.Builder() //
- .keyCert(getAsString(jsonObject, "dmaap.certificateConfig.keyCert"))
- .keyPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath"))
- .trustedCa(getAsString(jsonObject, "dmaap.certificateConfig.trustedCa"))
- .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath")) //
- .httpsHostnameVerify(getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify", Boolean.TRUE))
+ .keyCert(keyCert)
+ .keyPasswordPath(keyPasswordPath)
+ .trustedCa(trustedCa)
+ .trustedCaPasswordPath(trustedCaPasswordPath) //
+ .httpsHostnameVerify(httpsHostnameVerify)
+ .enableCertAuth(enableCertAuth)
.build();
}
@@ -219,6 +249,15 @@ public class CloudConfigParser {
return get(obj, memberName).getAsString();
}
+ private static String getAsOptionalStringOrDefault(JsonObject obj, String memberName, String def) {
+ try {
+ return get(obj, memberName).getAsString();
+ } catch (DatafileTaskException e) {
+ return def;
+ }
+ }
+
+
private static @NotNull Boolean getAsBoolean(JsonObject obj, String memberName) throws DatafileTaskException {
return get(obj, memberName).getAsBoolean();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
index 70380437..0df57a2c 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START======================================================================
* Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
- * Copyright (C) 2020-2021 Nokia. All rights reserved.
+ * Copyright (C) 2020-2022 Nokia. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -175,8 +175,11 @@ public class FileCollector {
new SftpClientSettings(datafileAppConfig.getSftpConfiguration()));
}
- protected FtpesClient createFtpesClient(FileData fileData) {
+ protected FtpesClient createFtpesClient(FileData fileData) throws DatafileTaskException {
CertificateConfig config = datafileAppConfig.getCertificateConfiguration();
+ if (!config.enableCertAuth()) {
+ throw new DatafileTaskException("FTPES error: TLS connection is disabled");
+ }
return new FtpesClient(fileData.fileServerData(), Paths.get(config.keyCert()), config.keyPasswordPath(),
Paths.get(config.trustedCa()), config.trustedCaPasswordPath());
}
@@ -186,6 +189,9 @@ public class FileCollector {
}
protected FileCollectClient createHttpsClient(FileData fileData) throws DatafileTaskException {
+ if (!datafileAppConfig.getCertificateConfiguration().enableCertAuth()) {
+ throw new DatafileTaskException("HTTPS error: TLS connection is disabled");
+ }
return new DfcHttpsClient(fileData.fileServerData(), HttpsClientConnectionManagerUtil.instance());
}
}