4 files changed, 69 insertions, 16 deletions

diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
index f11a85a0..0691d721 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
@@ -1,7 +1,7 @@
 /*-
  * ============LICENSE_START======================================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
  * ===============================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -234,6 +234,10 @@ public class AppConfig {
         this.certificateConfiguration = certificateConfig;
         this.sftpConfiguration = sftpConfig;
 
+        if (!certificateConfig.enableCertAuth()) {
+            logger.debug("External TLS certificate disabled, skipping setup HTTPS client");
+            return;
+        }
         HttpsClientConnectionManagerUtil.setupOrUpdate(certificateConfig.keyCert(), certificateConfig.keyPasswordPath(),
             certificateConfig.trustedCa(), certificateConfig.trustedCaPasswordPath(),
             certificateConfig.httpsHostnameVerify());
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
index 78be36d3..668fcc77 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
@@ -1,6 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
- * Copyright (C) 2018-2021 NOKIA Intellectual Property, 2019 Nordix Foundation. All rights reserved.
+ * Copyright (C) 2018-2022 Nokia. All rights reserved.
+ * Copyright (C) 2019 Nordix Foundation. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,4 +51,7 @@ public abstract class CertificateConfig implements Serializable {
 
     @Value.Parameter
     public abstract Boolean httpsHostnameVerify();
+
+    @Value.Parameter
+    public abstract Boolean enableCertAuth();
 }
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
index 025166c2..db811fac 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
@@ -1,7 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,6 +48,8 @@ import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys;
 import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore;
 import org.onap.dcaegen2.services.sdk.security.ssl.Passwords;
 import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Parses the cloud configuration.
@@ -74,6 +76,8 @@ public class CloudConfigParser {
     private static final int EXPECTED_NUMBER_OF_SOURCE_TOPICS = 1;
     private static final int FIRST_SOURCE_INDEX = 0;
 
+    private static final Logger logger = LoggerFactory.getLogger(CloudConfigParser.class);
+
     private final Properties systemEnvironment;
 
     private final JsonObject jsonObject;
@@ -103,10 +107,10 @@ public class CloudConfigParser {
                 .publishUrl(getAsString(feedConfig, "publish_url")) //
                 .password(getAsString(feedConfig, "password")) //
                 .userName(getAsString(feedConfig, "username")) //
-                .trustStorePath(getAsString(jsonObject, DMAAP_SECURITY_TRUST_STORE_PATH)) //
-                .trustStorePasswordPath(getAsString(jsonObject, DMAAP_SECURITY_TRUST_STORE_PASS_PATH)) //
-                .keyStorePath(getAsString(jsonObject, DMAAP_SECURITY_KEY_STORE_PATH)) //
-                .keyStorePasswordPath(getAsString(jsonObject, DMAAP_SECURITY_KEY_STORE_PASS_PATH)) //
+                .trustStorePath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_TRUST_STORE_PATH,"")) //
+                .trustStorePasswordPath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_TRUST_STORE_PASS_PATH, "")) //
+                .keyStorePath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_KEY_STORE_PATH,"")) //
+                .keyStorePasswordPath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_KEY_STORE_PASS_PATH,"")) //
                 .enableDmaapCertAuth(get(jsonObject, DMAAP_SECURITY_ENABLE_DMAAP_CERT_AUTH).getAsBoolean()) //
                 .changeIdentifier(changeIdentifier) //
                 .logUrl(getAsString(feedConfig, "log_url")) //
@@ -189,12 +193,38 @@ public class CloudConfigParser {
      * @throws DatafileTaskException if a member of the configuration is missing.
      */
     public @NotNull CertificateConfig getCertificateConfig() throws DatafileTaskException {
+        boolean enableCertAuth = getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.enableCertAuth",
+            Boolean.TRUE);
+
+        String keyCert = "";
+        String keyPasswordPath = "";
+        String trustedCa = "";
+        String trustedCaPasswordPath = "";
+        boolean httpsHostnameVerify = true;
+
+        if (enableCertAuth) {
+            logger.debug("TlS enabled, attempt to read certificates property");
+            try {
+                keyCert = getAsString(jsonObject, "dmaap.certificateConfig.keyCert");
+                keyPasswordPath = getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath");
+                trustedCa = getAsString(jsonObject, "dmaap.certificateConfig.trustedCa");
+                trustedCaPasswordPath = getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath");
+                httpsHostnameVerify = getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify",
+                    Boolean.TRUE);
+            } catch (DatafileTaskException e) {
+                throw new DatafileTaskException(
+                    "Wrong configuration. External certificate enabled but configs are missing: "
+                        + e.getMessage());
+            }
+        }
+
         return new ImmutableCertificateConfig.Builder() //
-            .keyCert(getAsString(jsonObject, "dmaap.certificateConfig.keyCert"))
-            .keyPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath"))
-            .trustedCa(getAsString(jsonObject, "dmaap.certificateConfig.trustedCa"))
-            .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath")) //
-            .httpsHostnameVerify(getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify", Boolean.TRUE))
+            .keyCert(keyCert)
+            .keyPasswordPath(keyPasswordPath)
+            .trustedCa(trustedCa)
+            .trustedCaPasswordPath(trustedCaPasswordPath) //
+            .httpsHostnameVerify(httpsHostnameVerify)
+            .enableCertAuth(enableCertAuth)
             .build();
     }
 
@@ -219,6 +249,15 @@ public class CloudConfigParser {
         return get(obj, memberName).getAsString();
     }
 
+    private static String getAsOptionalStringOrDefault(JsonObject obj, String memberName, String def) {
+        try {
+            return get(obj, memberName).getAsString();
+        } catch (DatafileTaskException e) {
+            return def;
+        }
+    }
+
+
     private static @NotNull Boolean getAsBoolean(JsonObject obj, String memberName) throws DatafileTaskException {
         return get(obj, memberName).getAsBoolean();
     }
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
index 70380437..0df57a2c 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
@@ -1,7 +1,7 @@
 /*-
  * ============LICENSE_START======================================================================
  * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
- * Copyright (C) 2020-2021 Nokia. All rights reserved.
+ * Copyright (C) 2020-2022 Nokia. All rights reserved.
  * ===============================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
@@ -175,8 +175,11 @@ public class FileCollector {
             new SftpClientSettings(datafileAppConfig.getSftpConfiguration()));
     }
 
-    protected FtpesClient createFtpesClient(FileData fileData) {
+    protected FtpesClient createFtpesClient(FileData fileData) throws DatafileTaskException {
         CertificateConfig config = datafileAppConfig.getCertificateConfiguration();
+        if (!config.enableCertAuth()) {
+            throw new DatafileTaskException("FTPES error: TLS connection is disabled");
+        }
         return new FtpesClient(fileData.fileServerData(), Paths.get(config.keyCert()), config.keyPasswordPath(),
             Paths.get(config.trustedCa()), config.trustedCaPasswordPath());
     }
@@ -186,6 +189,9 @@ public class FileCollector {
     }
 
     protected FileCollectClient createHttpsClient(FileData fileData) throws DatafileTaskException {
+        if (!datafileAppConfig.getCertificateConfiguration().enableCertAuth()) {
+            throw new DatafileTaskException("HTTPS error: TLS connection is disabled");
+        }
         return new DfcHttpsClient(fileData.fileServerData(), HttpsClientConnectionManagerUtil.instance());
     }
 }