summaryrefslogtreecommitdiffstats
path: root/datarouter-node
diff options
context:
space:
mode:
authordavid.mcweeney <david.mcweeney@est.tech>2022-03-16 16:08:44 +0000
committerdavid.mcweeney <david.mcweeney@est.tech>2022-04-04 16:27:53 +0100
commitd70c2ca145d2b3eac7ed6a4f16d41e322962cf59 (patch)
treea71e61d38753a5b258b103f56a5ac3b19c6325eb /datarouter-node
parent9602193f94e88e8d82936ba36fc20203227a4eec (diff)
DMAAP-1714 - DR Making TLS Configurable
Change-Id: I0c3bc05182691c12c9d0f0b76d09f7dfea3e09eb Signed-off-by: david.mcweeney <david.mcweeney@est.tech> Issue-ID: DMAAP-1714
Diffstat (limited to 'datarouter-node')
-rw-r--r--datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java7
-rw-r--r--datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java2
-rw-r--r--datarouter-node/src/main/resources/node.properties3
-rw-r--r--datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java1
-rw-r--r--datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java15
-rw-r--r--datarouter-node/src/test/resources/node_test.properties3
6 files changed, 28 insertions, 3 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java
index 5b5245da..3b950232 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java
@@ -102,6 +102,7 @@ public class NodeConfigManager implements DeliveryQueueHelper {
private String aafType;
private String aafInstance;
private String aafAction;
+ private boolean tlsEnabled;
private boolean cadiEnabled;
private NodeAafPropsUtils nodeAafPropsUtils;
@@ -159,6 +160,8 @@ public class NodeConfigManager implements DeliveryQueueHelper {
svcport = Integer.parseInt(drNodeProperties.getProperty("IntHttpsPort", "8443"));
port = Integer.parseInt(drNodeProperties.getProperty("ExtHttpsPort", "443"));
spooldir = drNodeProperties.getProperty("SpoolDir", "spool");
+ tlsEnabled = Boolean.parseBoolean(drNodeProperties.getProperty("TlsEnabled", "true"));
+
File fdir = new File(spooldir + "/f");
fdir.mkdirs();
for (File junk : Objects.requireNonNull(fdir.listFiles())) {
@@ -811,6 +814,10 @@ public class NodeConfigManager implements DeliveryQueueHelper {
return aafAction;
}
+ protected boolean isTlsEnabled() {
+ return tlsEnabled;
+ }
+
boolean getCadiEnabled() {
return cadiEnabled;
}
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index 139c7492..ee1f5b7d 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -549,7 +549,7 @@ public class NodeServlet extends HttpServlet {
eelfLogger.info(EelfMsgs.EXIT);
return null;
}
- if (!req.isSecure()) {
+ if (!req.isSecure() && config.isTlsEnabled()) {
eelfLogger.error(
"NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req
.getRemoteAddr());
diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties
index 1d7a5d42..f7c24fab 100644
--- a/datarouter-node/src/main/resources/node.properties
+++ b/datarouter-node/src/main/resources/node.properties
@@ -85,3 +85,6 @@ CadiEnabled = false
#
# AAF Props file path
AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
+# https security required for publish request
+TlsEnabled = true
diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java
index e64579ed..82038fba 100644
--- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java
+++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java
@@ -112,6 +112,7 @@ public class NodeConfigManagerTest {
Assert.assertEquals("publish", nodeConfigManager.getAafAction());
Assert.assertFalse(nodeConfigManager.getCadiEnabled());
Assert.assertFalse(nodeConfigManager.isShutdown());
+ Assert.assertTrue(nodeConfigManager.isTlsEnabled());
Assert.assertTrue(nodeConfigManager.isConfigured());
Assert.assertEquals("legacy", nodeConfigManager.getAafInstance("1"));
Assert.assertNotNull(nodeConfigManager.getPublishId());
diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
index 4340b018..f7e3d7c8 100644
--- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
+++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
@@ -23,7 +23,6 @@
package org.onap.dmaap.datarouter.node;
import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyObject;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.anyString;
@@ -144,8 +143,9 @@ public class NodeServletTest {
}
@Test
- public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_Then_Forbidden_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_And_TLS_Enabled_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ when(config.isTlsEnabled()).thenReturn(true);
nodeServlet.doPut(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
verifyEnteringExitCalled(listAppender);
@@ -285,6 +285,17 @@ public class NodeServletTest {
}
@Test
+ public void Given_Request_Is_HTTP_DELETE_File_And_Request_Is_Not_Secure_But_TLS_Disabled_Then_Request_Succeeds() throws Exception {
+ when(request.isSecure()).thenReturn(false);
+ when(config.isTlsEnabled()).thenReturn(false);
+ when(request.getPathInfo()).thenReturn("/delete/1/dmaap-dr-node.1234567");
+ createFilesAndDirectories();
+ nodeServlet.doDelete(request, response);
+ verify(response).setStatus(eq(HttpServletResponse.SC_OK));
+ verifyEnteringExitCalled(listAppender);
+ }
+
+ @Test
public void Given_Request_Is_HTTP_DELETE_File_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws IOException {
when(request.getPathInfo()).thenReturn("/delete/1/nonExistingFile");
nodeServlet.doDelete(request, response);
diff --git a/datarouter-node/src/test/resources/node_test.properties b/datarouter-node/src/test/resources/node_test.properties
index 9359e8dc..3c96ed25 100644
--- a/datarouter-node/src/test/resources/node_test.properties
+++ b/datarouter-node/src/test/resources/node_test.properties
@@ -86,3 +86,6 @@ CadiEnabled = false
# AAF Props file path
AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props
+# https security required for publish request
+TlsEnabled = true
+