From 40d7f92673108ce09dce9c796a8633686e12828e Mon Sep 17 00:00:00 2001
From: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Date: Fri, 29 Jan 2021 23:47:51 +0100
Subject: Add HTTPS as new protocol to collect files from xNFs - documentation

Issue-ID: DCAEGEN2-2528

Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I0fe0117a1b36207e9332ab8d99911a6f962036a7
---
 docs/sections/services/dfc/architecture.rst    |  4 +-
 docs/sections/services/dfc/http-notes.rst      | 55 +++++++++++++++++++++++++-
 docs/sections/services/dfc/troubleshooting.rst |  6 +++
 3 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/docs/sections/services/dfc/architecture.rst b/docs/sections/services/dfc/architecture.rst
index cbd1876d..6d44b7a8 100644
--- a/docs/sections/services/dfc/architecture.rst
+++ b/docs/sections/services/dfc/architecture.rst
@@ -30,7 +30,9 @@ Interaction
 """""""""""
 DFC will interact with the DMaaP Message Router, using json, and with the Data Router, using metadata in the header and
 file in the body, via secured protocol.
-So far, the implemented protocols to communicate with xNFs are http (with basic authentication), sftp and ftpes.
+So far, the implemented protocols to communicate with xNFs are http (with basic authentication), https, sftp and ftpes.
+When https protocol is used, the following ways of connection are possible: client certificate authentication, basic
+authentication, and no authentication.
 
 Retry mechanism
 """""""""""""""
diff --git a/docs/sections/services/dfc/http-notes.rst b/docs/sections/services/dfc/http-notes.rst
index bd297b14..7f65b6ca 100644
--- a/docs/sections/services/dfc/http-notes.rst
+++ b/docs/sections/services/dfc/http-notes.rst
@@ -1,8 +1,8 @@
 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0
 
-HTTP notes
-==========
+HTTP/HTTPS notes
+================
 
 HTTP Basic Authentication in FileReady messages
 """""""""""""""""""""""""""""""""""""""""""""""
@@ -61,3 +61,54 @@ Example file ready message is as follows:
 
 Note, more than one file from the same location can be added to the "arrayOfNamedHashMap". If so, they are downloaded
 from the endpoint through single http connection.
+
+HTTPS connection with DFC
+"""""""""""""""""""""""""
+The file ready message for https server is the same as used in other protocols and http. The only difference is that the scheme is set to
+"https":
+
+.. code-block:: bash
+
+   ...
+   "arrayOfNamedHashMap": [
+           {
+             "name": "C_28532_measData_file.xml",
+             "hashMap": {
+               "location": "https://login:password@server.com:443/file.xml.gz",
+   ...
+
+The processed uri depends on the https connection type that has to be established (client certificate authentication, basic
+authentication, and no authentication).
+
+For client certificate authentication:
+
+.. code-block:: bash
+
+   scheme://host:port/path
+   i.e.
+   https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Authentication is based on the certificate used by the DFC.
+
+For basic authentication:
+
+.. code-block:: bash
+
+   scheme://userinfo@host:port/path
+   i.e.
+   https://demo:demo123456!@example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Authentication is based on the "userinfo" applied within the link.
+
+If no authentication is required:
+
+.. code-block:: bash
+
+   scheme://host:port/path
+   i.e.
+   https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Note, effective way of authentication depends of uri provided and http server configuration.
+
+If port number was not supplied , port 443 is used by default.
+Every file is sent through separate https connection.
diff --git a/docs/sections/services/dfc/troubleshooting.rst b/docs/sections/services/dfc/troubleshooting.rst
index 96816228..bdc0cd80 100644
--- a/docs/sections/services/dfc/troubleshooting.rst
+++ b/docs/sections/services/dfc/troubleshooting.rst
@@ -167,3 +167,9 @@ When StrictHostKeyChecking is enabled and DFC cannot find a known_hosts file, th
     |WARN     |StrictHostKeyChecking is enabled but environment variable KNOWN_HOSTS_FILE_PATH is not set or points to not existing file [/home/datafile/.ssh/known_hosts]  -->  falling back to StrictHostKeyChecking='no'.  
 
 To resolve this warning, provide a known_hosts file or disable StrictHostKeyChecking, see DFC config page - :ref:`strict_host_checking_config`.
+
+Inability to download file from xNF due to certificate problem
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+When collecting files using HTTPS and DFC contains certs from CMPv2 server, an exception like "unable to find valid certification path to requested target" may occur.
+Except obvious certificates problems make sure, that xNF which are connecting to the DFC are supplied with certificates coming from the same ONAP unit where DFC was installed.
\ No newline at end of file
-- 
cgit 1.2.3-korg