diff options
author | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2022-01-25 11:00:42 +0100 |
---|---|---|
committer | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2022-02-11 12:27:06 +0100 |
commit | 9d02ea09cac22c177688622ed50a7eb3f6fd38ce (patch) | |
tree | 430c1dfc64d505a24a380d7eeef48d0f1c3d37db /src/main | |
parent | 6fa1dfca682711066189bef2f946433b614239fe (diff) |
Fix loading SSL Context when certpaths not exist in configuration1.8.0
- Make cert paths field optional in configuration.
- Allow to skip ssl context load.
- Make PublisherConfig and SubscriberConfig fields optional.
- Remove Auth Header when AAF credentials are empty
Issue-ID: DCAEGEN2-3032
Issue-ID: DCAEGEN2-3038
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I27d44cf8c2887b3a75c5ad16f833439b7b5757ee
Diffstat (limited to 'src/main')
8 files changed, 65 insertions, 28 deletions
diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/App.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/App.java index 0da2b7e..0c49a96 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/App.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/App.java @@ -1,7 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019-2020 Nordix Foundation. - * Copyright (C) 2021-2022 Nokia. + * Copyright (C) 2021-2022 Nokia. All rights reserved. * Copyright (C) 2021 Samsung Electronics. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -169,7 +169,7 @@ public class App { this.serverResources = Arrays.asList(healthCheckHandler, deliveryHandler, dynamicConfiguration); try { this.applicationServer = server(this.mapperConfig, this.serverResources); - } catch (IOException e) { + } catch (IOException | MapperConfigException e ) { logger.unwrap().error("Failed to create server instance.", e); throw new IllegalStateException("Server instantiation failed"); } @@ -194,7 +194,10 @@ public class App { private Undertow server(MapperConfig config, List<ServerResource> serverResources) throws IOException { SSLContextFactory sslContextFactory = new SSLContextFactory(config); SSLContext sslContext = sslContextFactory.createSSLContext(config); - SSLContext.setDefault(sslContext); + if (sslContext != null) { + SSLContext.setDefault(sslContext); + logger.unwrap().info("SSL Context loaded"); + } Undertow.Builder builder = Undertow.builder(); if (config.getEnableHttp()) { builder.addHttpListener(this.httpPort, "0.0.0.0"); diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/config/ConfigHandler.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/config/ConfigHandler.java index 6c93d2f..ff28634 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/config/ConfigHandler.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/config/ConfigHandler.java @@ -1,7 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation. - * Copyright (C) 2022 Nokia. + * Copyright (C) 2022 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -102,8 +102,8 @@ public class ConfigHandler { .create() .fromJson(jsonObject, MapperConfig.class); } catch (Exception exception) { - String exceptionMessage = "Error parsing configuration, mapper config:\n" + mapperConfig; - logger.unwrap().error(exceptionMessage); + String exceptionMessage = "Error parsing configuration, mapper config: " + mapperConfig; + logger.unwrap().error("Error parsing configuration", exception); throw new MapperConfigException(exceptionMessage, exception); } logger.unwrap().info("PM-mapper configuration processed successful"); diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/exceptions/MapperConfigException.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/exceptions/MapperConfigException.java index 4669871..56e2d23 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/exceptions/MapperConfigException.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/exceptions/MapperConfigException.java @@ -1,6 +1,7 @@ /*-
* ============LICENSE_START=======================================================
* Copyright (C) 2019 Nordix Foundation.
+ * Copyright (C) 2022 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -23,4 +24,8 @@ public class MapperConfigException extends RuntimeException { public MapperConfigException(String message, Throwable cause) {
super(message, cause);
}
+
+ public MapperConfigException(String message) {
+ super(message);
+ }
}
diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/model/MapperConfig.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/model/MapperConfig.java index a71696b..18b9388 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/model/MapperConfig.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/model/MapperConfig.java @@ -1,6 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation. + * Copyright (C) 2022 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -41,19 +42,15 @@ public class MapperConfig implements Configurable { @SerializedName("enable_http") private Boolean enableHttp; - @GSONRequired @SerializedName("key_store_path") private String keyStorePath; - @GSONRequired @SerializedName("key_store_pass_path") private String keyStorePassPath; - @GSONRequired @SerializedName("trust_store_path") private String trustStorePath; - @GSONRequired @SerializedName("trust_store_pass_path") private String trustStorePassPath; @@ -66,11 +63,9 @@ public class MapperConfig implements Configurable { @JsonAdapter(MeasFilterConfigAdapter.class) private MeasFilterConfig filterConfig; - @GSONRequired @SerializedName("aaf_identity") private String aafUsername; - @GSONRequired @SerializedName("aaf_password") private String aafPassword; @@ -127,4 +122,4 @@ public class MapperConfig implements Configurable { ", publisherConfig=" + publisherConfig + '}'; } -}
\ No newline at end of file +} diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/model/PublisherConfig.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/model/PublisherConfig.java index 16ab941..4b0cdac 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/model/PublisherConfig.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/model/PublisherConfig.java @@ -1,6 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation. + * Copyright (C) 2022 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,15 +31,12 @@ public class PublisherConfig { @SerializedName("topic_url") private String topicUrl; - @GSONRequired @SerializedName("client_role") private String clientRole; - @GSONRequired @SerializedName("client_id") private String clientId; - @GSONRequired @SerializedName("location") private String clusterLocation; diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/model/SubscriberConfig.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/model/SubscriberConfig.java index c53d36d..89cc243 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/model/SubscriberConfig.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/model/SubscriberConfig.java @@ -1,6 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation. + * Copyright (C) 2022 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,15 +27,13 @@ import org.onap.dcaegen2.services.pmmapper.utils.GSONRequired; @Data public class SubscriberConfig { - @GSONRequired + @SerializedName("username") private String username; - @GSONRequired @SerializedName("password") private String password; - @GSONRequired @SerializedName("location") private String drLocation; diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/ssl/SSLContextFactory.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/ssl/SSLContextFactory.java index e7c317d..007ba86 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/ssl/SSLContextFactory.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/ssl/SSLContextFactory.java @@ -2,6 +2,7 @@ * ============LICENSE_START======================================================= * Copyright (C) 2019-2020 Nordix Foundation. * Copyright (C) 2021 Samsung Electronics. + * Copyright (C) 2022 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,6 +24,7 @@ package org.onap.dcaegen2.services.pmmapper.ssl; import org.onap.dcaegen2.services.pmmapper.exceptions.CreateContextException; import org.onap.dcaegen2.services.pmmapper.exceptions.KeyManagerException; import org.onap.dcaegen2.services.pmmapper.exceptions.LoadKeyStoreException; +import org.onap.dcaegen2.services.pmmapper.exceptions.MapperConfigException; import org.onap.dcaegen2.services.pmmapper.exceptions.TrustManagerException; import org.onap.dcaegen2.services.pmmapper.model.MapperConfig; import org.onap.logging.ref.slf4j.ONAPLogAdapter; @@ -48,14 +50,18 @@ import static java.nio.file.Files.readAllBytes; public class SSLContextFactory { private static final ONAPLogAdapter logger = new ONAPLogAdapter(LoggerFactory.getLogger(SSLContextFactory.class)); - private MapperConfig mapperConfig; + private final MapperConfig mapperConfig; public SSLContextFactory(MapperConfig config) { mapperConfig = config; } public SSLContext createSSLContext(MapperConfig mapperConfig) throws IOException { - SSLContext sslContext = null; + logger.unwrap().info("Attempt to Create SSL Context"); + if (isSslDisabled(mapperConfig)) { + logger.unwrap().warn("SSL is disabled. Skip creating SSL Context"); + return null; + } try { KeyStore keyStore = loadKeyStore(mapperConfig.getKeyStorePath(), mapperConfig.getKeyStorePassPath()); @@ -64,15 +70,36 @@ public class SSLContextFactory { KeyStore trustStore = loadKeyStore(mapperConfig.getTrustStorePath(), mapperConfig.getTrustStorePassPath()); TrustManager[] trustManagers = createTrustManager(trustStore); - sslContext = SSLContext.getInstance("TLSv1.2"); + SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(keyManagers, trustManagers, null); + return sslContext; } catch(KeyManagementException | NoSuchAlgorithmException e) { logger.unwrap().error("Failed to create SSL Context.", e); throw new CreateContextException("Failed to create SSL Context", e); } - return sslContext; } + private boolean isSslDisabled(MapperConfig mapperConfig) { + boolean isCertPathMissing = !areCertPathsConfigured(mapperConfig); + if (isCertPathMissing && !mapperConfig.getEnableHttp()) { + throw new MapperConfigException("Certificate paths are missing, HTTP is disabled. Not allowed configuration"); + } + + return isCertPathMissing; + } + + private boolean areCertPathsConfigured(MapperConfig mapperConfig) { + return isNotBlank(mapperConfig.getKeyStorePath()) && + isNotBlank(mapperConfig.getKeyStorePassPath()) && + isNotBlank(mapperConfig.getTrustStorePath()) && + isNotBlank(mapperConfig.getTrustStorePassPath()); + } + + private boolean isNotBlank(String str) { + return str != null && !str.isEmpty(); + } + + private KeyManager[] createKeyManager(KeyStore keyStore) throws NoSuchAlgorithmException, IOException { KeyManager[] keyManager; KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); diff --git a/src/main/java/org/onap/dcaegen2/services/pmmapper/utils/DmaapRequestSender.java b/src/main/java/org/onap/dcaegen2/services/pmmapper/utils/DmaapRequestSender.java index 1a7c59e..e7898af 100644 --- a/src/main/java/org/onap/dcaegen2/services/pmmapper/utils/DmaapRequestSender.java +++ b/src/main/java/org/onap/dcaegen2/services/pmmapper/utils/DmaapRequestSender.java @@ -1,6 +1,6 @@ /*- * ============LICENSE_START======================================================= - * Copyright (C) 2021 Nokia. + * Copyright (C) 2021-2022 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,6 +25,7 @@ import com.google.gson.JsonParser; import io.vavr.control.Try; import org.onap.dcaegen2.services.sdk.model.streams.AafCredentials; import org.onap.dcaegen2.services.sdk.model.streams.dmaap.ImmutableMessageRouterSink; +import org.onap.dcaegen2.services.sdk.model.streams.dmaap.ImmutableMessageRouterSink.Builder; import org.onap.dcaegen2.services.sdk.model.streams.dmaap.MessageRouterSink; import org.onap.dcaegen2.services.sdk.rest.services.dmaap.client.ContentType; import org.onap.dcaegen2.services.sdk.rest.services.dmaap.client.api.DmaapClientFactory; @@ -88,10 +89,19 @@ public class DmaapRequestSender { } private static MessageRouterSink sink(String topicUrl, AafCredentials credentials) { - return ImmutableMessageRouterSink.builder() - .aafCredentials(credentials) - .topicUrl(topicUrl) - .build(); + Builder builder = ImmutableMessageRouterSink.builder(); + if (credentialsExists(credentials)) { + builder.aafCredentials(credentials); + } + return builder.topicUrl(topicUrl).build(); + } + + private static boolean credentialsExists(AafCredentials credentials) { + return isNotBlank(credentials.username()) && isNotBlank(credentials.password()); + } + + private static boolean isNotBlank(String str) { + return str != null && !str.isEmpty(); } private static RequestDiagnosticContext diagnosticContext() { |