diff options
author | Fiachra Corcoran <fiachra.corcoran@est.tech> | 2022-12-22 08:15:24 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2022-12-22 08:15:24 +0000 |
commit | 495ebf460ae2ca936981e4ed28a11224de69b64e (patch) | |
tree | 2881f80acede7dd8f907c8a42c08d3df180074bf /datarouter-prov/src/main | |
parent | 63b13a0cddf45b4cfd1691dd5b95a205af355898 (diff) | |
parent | faf64da8b0307b6c0afa6637617f61c7c48bb8e2 (diff) |
Merge "[DMAAP-DR-PROV] Remove aaf & cadi"2.1.12
Diffstat (limited to 'datarouter-prov/src/main')
26 files changed, 215 insertions, 745 deletions
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java deleted file mode 100644 index b61c00e5..00000000 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java +++ /dev/null @@ -1,71 +0,0 @@ -/*******************************************************************************
- * ============LICENSE_START==================================================
- * * org.onap.dmaap
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-
-
-package org.onap.dmaap.datarouter.authz.impl;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.onap.dmaap.datarouter.authz.AuthorizationResponseSupplement;
-
-/** Carries supplementary information--an advice or an obligation--from the authorization response returned
- * by a XACML Policy Decision Point. Not used in Data Router R1.
- * @author J. F. Lucas
- *
- */
-public class AuthRespSupplementImpl implements AuthorizationResponseSupplement {
-
- private String id;
- private Map<String, String> attributes;
-
- /** Constructor, available within the package.
- *
- * @param id The identifier for the advice or obligation element
- * @param attributes The attributes (name-value pairs) for the advice or obligation element.
- */
- AuthRespSupplementImpl(String id, Map<String, String> attributes) {
- this.id = id;
- this.attributes = new HashMap<>(attributes);
- }
-
- /** Return the identifier for the supplementary information element.
- *
- * @return a <code>String</code> containing the identifier.
- */
- @Override
- public String getId() {
- return id;
- }
-
- /** Return the attributes for the supplementary information element, as a <code>Map</code> in which
- * keys represent attribute identifiers and values represent attribute values.
- *
- * @return attributes for the supplementary information element.
- */
- @Override
- public Map<String, String> getAttributes() {
- return attributes;
- }
-
-}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java index 48e31bfe..97cdc120 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java @@ -106,7 +106,6 @@ public class ProvAuthorizer implements Authorizer { decision = allowSubAccess(resource, method, subject, subjectgroup); break; default: - decision = false; break; } } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index 1942b148..c37c0a7d 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -85,23 +85,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { public static final String BEHALF_HEADER = "X-DMAAP-DR-ON-BEHALF-OF"; - public static final String EXCLUDE_AAF_HEADER = "X-EXCLUDE-AAF"; - - private static final String AAF_CADI_FEED_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.feed.type"; - private static final String AAF_CADI_SUB_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.sub.type"; - private static final String AAF_INSTANCE = "org.onap.dmaap.datarouter.provserver.aaf.instance"; - private static final String AAF_CADI_FEED = "org.onap.dmaap-dr.feed"; - private static final String AAF_CADI_SUB = "org.onap.dmaap-dr.sub"; - - static final String CREATE_PERMISSION = "create"; - static final String EDIT_PERMISSION = "edit"; - static final String DELETE_PERMISSION = "delete"; - private static final String PUBLISH_PERMISSION = "publish"; - private static final String SUSPEND_PERMISSION = "suspend"; - private static final String RESTORE_PERMISSION = "restore"; - private static final String SUBSCRIBE_PERMISSION = "subscribe"; - static final String APPROVE_SUB_PERMISSION = "approveSub"; - static final String FEED_BASECONTENT_TYPE = "application/vnd.dmaap-dr.feed"; public static final String FEED_CONTENT_TYPE = "application/vnd.dmaap-dr.feed; version=2.0"; public static final String FEEDFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.feed-full; version=2.0"; @@ -261,9 +244,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { private static String isAddressAuthEnabled = ProvRunner.getProvProperties() .getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false"); - static String isCadiEnabled = ProvRunner.getProvProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"); - /** * Initialize data common to all the provisioning server servlets. */ @@ -959,96 +939,4 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { } } - - /* - * AAF changes: TDP EPIC US# 307413 - * @Method - getFeedPermission - Forming permission string for feed part to check AAF access in CADI Framework - * @Params - aafInstance Passing aafInstance as it's used in permission string - * @Params - userAction Passing CONST values to set different actions in permission string - */ - String getFeedPermission(String aafInstance, String userAction) { - try { - Properties props = ProvRunner.getProvProperties(); - String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED); - String action; - switch (userAction) { - case CREATE_PERMISSION: - action = CREATE_PERMISSION; - break; - case EDIT_PERMISSION: - action = EDIT_PERMISSION; - break; - case DELETE_PERMISSION: - action = DELETE_PERMISSION; - break; - case PUBLISH_PERMISSION: - action = PUBLISH_PERMISSION; - break; - case SUSPEND_PERMISSION: - action = SUSPEND_PERMISSION; - break; - case RESTORE_PERMISSION: - action = RESTORE_PERMISSION; - break; - default: - action = "*"; - } - if (aafInstance == null || "".equals(aafInstance)) { - aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined"); - } - return type + "|" + aafInstance + "|" + action; - } catch (Exception e) { - intlogger.error("PROV7005 BaseServlet.getFeedPermission: " + e.getMessage(), e); - } - return null; - } - - /* - * AAF changes: TDP EPIC US# 307413 - * @Method - getSubscriberPermission - Forming permission string for subscription part to check - * AAF access in CADI Framework - * @Params - aafInstance Passing aafInstance as it's used in permission string - * @Params - userAction Passing CONST values to set different actions in permission string - */ - String getSubscriberPermission(String aafInstance, String userAction) { - try { - Properties props = ProvRunner.getProvProperties(); - String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB); - String action; - switch (userAction) { - case SUBSCRIBE_PERMISSION: - action = SUBSCRIBE_PERMISSION; - type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED); - break; - case EDIT_PERMISSION: - action = EDIT_PERMISSION; - break; - case DELETE_PERMISSION: - action = DELETE_PERMISSION; - break; - case RESTORE_PERMISSION: - action = RESTORE_PERMISSION; - break; - case SUSPEND_PERMISSION: - action = SUSPEND_PERMISSION; - break; - case PUBLISH_PERMISSION: - action = PUBLISH_PERMISSION; - break; - case APPROVE_SUB_PERMISSION: - action = APPROVE_SUB_PERMISSION; - type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED); - break; - default: - action = "*"; - } - if (aafInstance == null || "".equals(aafInstance)) { - aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined"); - } - return type + "|" + aafInstance + "|" + action; - } catch (Exception e) { - intlogger.error("PROV7005 BaseServlet.getSubscriberPermission: " + e.getMessage(), e); - } - return null; - } } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java index a0df71ce..7266ee69 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java @@ -28,11 +28,11 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.InvalidObjectException; import java.util.List; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; @@ -289,61 +289,6 @@ public class DRFeedsServlet extends ProxyServlet { return; } - /* - * START - AAF changes - * TDP EPIC US# 307413 - * CADI code - No legacy user check as all new users will be AAF users - */ - String aafInstance = feed.getAafInstance(); - if (Boolean.parseBoolean(isCadiEnabled)) { - if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance)) - && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) { - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = POLICY_ENGINE; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } else { - if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) { - message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing " - + "AAF_Instance value= " + aafInstance; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION); - eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission); - if (!req.isUserInRole(permission)) { - message = "AAF disallows access to permission - " + permission; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } - } else { - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = POLICY_ENGINE; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } - /* - * END - AAF changes - */ - feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header // Check if this feed already exists diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java index 5182cc23..475054d1 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java @@ -28,7 +28,6 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; @@ -108,37 +107,6 @@ public class FeedServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger); return; } - /* - * START - AAF changes - * TDP EPIC US# 307413 - * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove feed - */ - String aafInstance = feed.getAafInstance(); - if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) { - AuthorizationResponse aresp = authz.decide(req); - if (! aresp.isAuthorized()) { - message = POLICY_ENGINE; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } else { - String permission = getFeedPermission(aafInstance, BaseServlet.DELETE_PERMISSION); - eventlogger.info("FeedServlet.doDelete().. Permission String - " + permission); - if (!req.isUserInRole(permission)) { - message = "AAF disallows access to permission - " + permission; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } - /* - * END - AAF changes - */ // Delete FEED table entry (set DELETED flag) feed.setDeleted(true); if (doUpdate(feed)) { @@ -352,39 +320,6 @@ public class FeedServlet extends ProxyServlet { return; } - /* - * START - AAF changes - * TDP EPIC US# 307413 - * CADI code - check on permissions based on Legacy/AAF users to allow feed edit/update/modify - */ - String aafInstance = feed.getAafInstance(); - if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) { - // Check with the Authorizer - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = POLICY_ENGINE; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } else { - String permission = getFeedPermission(aafInstance, BaseServlet.EDIT_PERMISSION); - eventlogger.info("FeedServlet.doPut().. Permission String - " + permission); - if (!req.isUserInRole(permission)) { - message = "AAF disallows access to permission - " + permission; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } - /* - * END - AAF changes - */ - // Update FEEDS table entries if (doUpdate(feed)) { // send response diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java index 06959eef..0fb879e9 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java @@ -162,7 +162,7 @@ public class InternalServlet extends ProxyServlet { private static final Object lock = new Object(); private static Integer logseq = 0; // another piece of info to make log spool file names unique //Adding EELF Logger Rally:US664892 - private static EELFLogger eelfLogger = EELFManager.getInstance() + private static final EELFLogger eelfLogger = EELFManager.getInstance() .getLogger(InternalServlet.class); /** diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java index 747530ab..4777be8c 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java @@ -29,16 +29,15 @@ import static java.lang.System.getProperty; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.util.Properties; import java.util.Timer; import org.eclipse.jetty.server.Server; -import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; import org.onap.dmaap.datarouter.provisioning.utils.Poker; import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils; +import org.onap.dmaap.datarouter.provisioning.utils.ProvTlsManager; import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask; import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; @@ -76,7 +75,7 @@ public class ProvRunner { public static final EELFLogger intlogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.provisioning.internal"); private static Server provServer; - private static AafPropsUtils aafPropsUtils; + private static ProvTlsManager provTlsManager; private static Properties provProperties; private static Boolean tlsEnabled; @@ -92,13 +91,11 @@ public class ProvRunner { exit(1); } if (Boolean.TRUE.equals(getTlsEnabled())) { - // Set up AAF properties + // Set up TLS Manager try { - aafPropsUtils = new AafPropsUtils(new File(getProvProperties().getProperty( - "org.onap.dmaap.datarouter.provserver.aafprops.path", - "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); - } catch (IOException e) { - intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); + provTlsManager = new ProvTlsManager(ProvRunner.getProvProperties(), true); + } catch (Exception e) { + intlogger.error("NODE0314 Failed to load TLS config. Exiting", e); exit(1); } } @@ -153,10 +150,6 @@ public class ProvRunner { return provProperties; } - public static AafPropsUtils getAafPropsUtils() { - return aafPropsUtils; - } - public static Boolean getTlsEnabled() { if (tlsEnabled == null) { tlsEnabled = Boolean.parseBoolean(getProvProperties() @@ -164,4 +157,8 @@ public class ProvRunner { } return tlsEnabled; } + + public static ProvTlsManager getProvTlsManager() { + return provTlsManager; + } } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java index 9eb91178..102d4a24 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java @@ -42,7 +42,6 @@ import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.jetbrains.annotations.NotNull; -import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; public class ProvServer { @@ -106,14 +105,16 @@ public class ProvServer { httpsConfiguration.setRequestHeaderSize(8192); // HTTPS connector try (ServerConnector httpsServerConnector = new ServerConnector(server, - new SslConnectionFactory(getSslContextFactory(provProps), HttpVersion.HTTP_1_1.asString()), + new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfiguration))) { httpsServerConnector.setPort(httpsPort); httpsServerConnector.setIdleTimeout(30000); httpsServerConnector.setAcceptQueueSize(2); + intlogger.info("ProvServer: TLS enabled. Setting up both HTTP/S connectors."); server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); } } else { + intlogger.info("ProvServer: TLS disabled. Setting up HTTP connector only."); server.setConnectors(new Connector[]{httpServerConnector}); } server.setHandler(handlerCollection); @@ -132,18 +133,9 @@ public class ProvServer { } @NotNull - private static SslContextFactory.Server getSslContextFactory(Properties provProps) { - SslContextFactory sslContextFactory = new SslContextFactory.Server(); - sslContextFactory.setKeyStoreType(AafPropsUtils.KEYSTORE_TYPE_PROPERTY); - sslContextFactory.setKeyStorePath(ProvRunner.getAafPropsUtils().getKeystorePathProperty()); - sslContextFactory.setKeyStorePassword(ProvRunner.getAafPropsUtils().getKeystorePassProperty()); - sslContextFactory.setKeyManagerPassword(ProvRunner.getAafPropsUtils().getKeystorePassProperty()); - - sslContextFactory.setTrustStoreType(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); - sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty()); - sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty()); - - sslContextFactory.setExcludeCipherSuites( + private static SslContextFactory.Server getSslContextFactory() { + SslContextFactory.Server sslContextFactoryServer = ProvRunner.getProvTlsManager().getSslContextFactoryServer(); + sslContextFactoryServer.setExcludeCipherSuites( "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", @@ -152,17 +144,12 @@ public class ProvServer { "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" ); - sslContextFactory.addExcludeProtocols("SSLv3"); - sslContextFactory.setIncludeProtocols(provProps.getProperty( - "org.onap.dmaap.datarouter.provserver.https.include.protocols", - "TLSv1.1|TLSv1.2").trim().split("\\|")); - - intlogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols())); - intlogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols())); - intlogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites())); - intlogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites())); - - return (SslContextFactory.Server) sslContextFactory; + sslContextFactoryServer.addExcludeProtocols("SSLv3"); + intlogger.info("Unsupported protocols: " + String.join(",", sslContextFactoryServer.getExcludeProtocols())); + intlogger.info("Supported protocols: " + String.join(",", sslContextFactoryServer.getIncludeProtocols())); + intlogger.info("Unsupported ciphers: " + String.join(",", sslContextFactoryServer.getExcludeCipherSuites())); + intlogger.info("Supported ciphers: " + String.join(",", sslContextFactoryServer.getIncludeCipherSuites())); + return sslContextFactoryServer; } @NotNull diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java index 49be5aa0..86b583a5 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java @@ -30,14 +30,9 @@ import jakarta.servlet.ServletConfig; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.URI; -import java.security.KeyStore; -import java.security.KeyStoreException; import java.util.Collections; import java.util.List; import org.apache.commons.io.IOUtils; @@ -53,7 +48,6 @@ import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.entity.BasicHttpEntity; import org.apache.http.impl.client.AbstractHttpClient; import org.apache.http.impl.client.DefaultHttpClient; -import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities; @@ -81,20 +75,7 @@ public class ProxyServlet extends BaseServlet { super.init(config); try { if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { - // Set up keystore - String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; - String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty(); - String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); - KeyStore keyStore = readStore(store, pass, type); - // Set up truststore - store = ProvRunner.getAafPropsUtils().getTruststorePathProperty(); - pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty(); - KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); - - // We are connecting with the node name, but the certificate will have the CNAME - // So we need to accept a non-matching certificate name - SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, - ProvRunner.getAafPropsUtils().getKeystorePassProperty(), trustStore); + SSLSocketFactory socketFactory = ProvRunner.getProvTlsManager().getSslSocketFactory(); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sch = new Scheme("https", 443, socketFactory); } else { @@ -108,18 +89,6 @@ public class ProxyServlet extends BaseServlet { intlogger.info("ProxyServlet: inited = " + inited); } - private KeyStore readStore(String store, String pass, String type) throws KeyStoreException { - KeyStore ks = KeyStore.getInstance(type); - try (FileInputStream instream = new FileInputStream(new File(store))) { - ks.load(instream, pass.toCharArray()); - } catch (FileNotFoundException fileNotFoundException) { - intlogger.error("ProxyServlet.readStore: " + fileNotFoundException.getMessage(), fileNotFoundException); - } catch (Exception x) { - intlogger.error("READING TRUSTSTORE: " + x); - } - return ks; - } - /** * Return <i>true</i> if the requester has NOT set the <i>noproxy</i> CGI variable. If they have, this indicates * they want to forcibly turn the proxy off. diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java index 2ee58d6e..6faecff5 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java @@ -263,66 +263,6 @@ public class SubscribeServlet extends ProxyServlet { } sub.setFeedid(feedid); sub.setSubscriber(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header - /* - * START - AAF changes - * TDP EPIC US# 307413 - * CADI code - check on permissions based on Legacy/AAF users to allow to create/add subscription - */ - String feedAafInstance = feed.getAafInstance(); - String subAafInstance = sub.getAafInstance(); - boolean subAafLegacyEmptyOrNull = (subAafInstance == null - || "".equals(subAafInstance) || "legacy".equalsIgnoreCase(subAafInstance)); - - // This extra check added to verify AAF feed with AAF subscriber having empty aaf instance check - if (feedAafInstance == null || "".equals(feedAafInstance) || "legacy".equalsIgnoreCase(feedAafInstance)) { - if (subAafLegacyEmptyOrNull) { - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = POLICY_ENGINE; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } else { - //If Legacy Feed and AAF instance provided in Subscriber JSON - message = "AAF Subscriber can not be added to legacy Feed- " + feedid; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } else { - //New AAF Requirement to add legacy subscriber to AAF Feed - if (subAafLegacyEmptyOrNull) { - AuthorizationResponse aresp = authz.decide(req); - if (!aresp.isAuthorized()) { - message = POLICY_ENGINE; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } else { - //New AAF Requirement to add subscriber by publisher on publisher approval only - String permission = getSubscriberPermission(subAafInstance, BaseServlet.APPROVE_SUB_PERMISSION); - eventlogger.info("SubscribeServlet.doPost().. Permission String - " + permission); - if (!req.isUserInRole(permission)) { - message = "AAF disallows access to permission - " + permission; - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_FORBIDDEN); - eventlogger.error(elr.toString()); - sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger); - return; - } - } - } - /* - * END - AAF changes - */ // Check if this subscription already exists; not an error (yet), just warn Subscription sub2 = Subscription.getSubscriptionMatching(sub); if (sub2 != null) { diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java index 1851d03a..f4f3c9b0 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java @@ -111,37 +111,6 @@ public class SubscriptionServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
return;
}
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription
- */
- String aafInstance = sub.getAafInstance();
- if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- String permission = getSubscriberPermission(aafInstance, BaseServlet.DELETE_PERMISSION);
- eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
// Delete Subscription
if (doDelete(sub)) {
activeSubs--;
@@ -321,38 +290,6 @@ public class SubscriptionServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
-
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription
- */
- String aafInstance = sub.getAafInstance();
- if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- String permission = getSubscriberPermission(aafInstance, BaseServlet.EDIT_PERMISSION);
- eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
sub.setSubid(oldsub.getSubid());
sub.setFeedid(oldsub.getFeedid());
sub.setSubscriber(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java index c6344301..af6b3575 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java @@ -77,7 +77,6 @@ public class Feed extends Syncable { private boolean suspended;
private Date lastMod;
private Date createdDate;
- private String aafInstance;
public Feed() {
this("", "", "", "");
@@ -104,7 +103,6 @@ public class Feed extends Syncable { this.suspended = false;
this.lastMod = new Date();
this.createdDate = new Date();
- this.aafInstance = "";
}
/**
@@ -133,7 +131,6 @@ public class Feed extends Syncable { this.suspended = rs.getBoolean("SUSPENDED");
this.lastMod = rs.getDate("LAST_MOD");
this.createdDate = rs.getTimestamp("CREATED_DATE");
- this.aafInstance = rs.getString("AAF_INSTANCE");
}
/**
@@ -148,10 +145,6 @@ public class Feed extends Syncable { this.feedid = jo.optInt(FEED_ID, -1);
this.groupid = jo.optInt("groupid");
this.name = jo.getString("name");
- this.aafInstance = jo.optString("aaf_instance", "legacy");
- if (!("legacy".equalsIgnoreCase(aafInstance)) && aafInstance.length() > 255) {
- throw new InvalidObjectException("aaf_instance field is too long");
- }
if (name.length() > 255) {
throw new InvalidObjectException("name field is too long");
}
@@ -440,10 +433,6 @@ public class Feed extends Syncable { fl.setLog(URLUtilities.generateFeedLogURL(feedid));
}
- public String getAafInstance() {
- return aafInstance;
- }
-
//new getter setters for groups- Rally:US708115 - 1610
public int getGroupid() {
return groupid;
@@ -553,7 +542,6 @@ public class Feed extends Syncable { jo.put("suspend", suspended);
jo.put(LAST_MOD, lastMod.getTime());
jo.put(CREATED_DATE, createdDate.getTime());
- jo.put("aaf_instance", aafInstance);
return jo;
}
@@ -634,8 +622,8 @@ public class Feed extends Syncable { try (PreparedStatement ps = conn.prepareStatement(
"insert into FEEDS (FEEDID, NAME, VERSION, DESCRIPTION, AUTH_CLASS, PUBLISHER, SELF_LINK, "
+ "PUBLISH_LINK, SUBSCRIBE_LINK, LOG_LINK, DELETED, SUSPENDED,"
- + "BUSINESS_DESCRIPTION, GROUPID, AAF_INSTANCE) "
- + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
+ + "BUSINESS_DESCRIPTION, GROUPID) "
+ + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
ps.setInt(1, feedid);
ps.setString(2, getName());
ps.setString(3, getVersion());
@@ -650,7 +638,6 @@ public class Feed extends Syncable { ps.setBoolean(12, isSuspended());
ps.setString(13, getBusinessDescription());
ps.setInt(14, groupid);
- ps.setString(15, getAafInstance());
ps.executeUpdate();
}
} catch (SQLException e) {
@@ -799,9 +786,6 @@ public class Feed extends Syncable { if (suspended != of.suspended) {
return false;
}
- if (!aafInstance.equals(of.aafInstance)) {
- return false;
- }
return true;
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java index 5741881c..6928addf 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java @@ -72,7 +72,6 @@ public class Subscription extends Syncable { private Date lastMod;
private Date createdDate;
private boolean privilegedSubscriber;
- private String aafInstance;
private boolean decompress;
public Subscription() {
@@ -98,7 +97,6 @@ public class Subscription extends Syncable { this.lastMod = new Date();
this.createdDate = new Date();
this.privilegedSubscriber = false;
- this.aafInstance = "";
this.decompress = false;
}
@@ -121,7 +119,6 @@ public class Subscription extends Syncable { this.lastMod = rs.getDate("LAST_MOD");
this.createdDate = rs.getDate("CREATED_DATE");
this.privilegedSubscriber = rs.getBoolean("PRIVILEGED_SUBSCRIBER");
- this.aafInstance = rs.getString("AAF_INSTANCE");
this.decompress = rs.getBoolean("DECOMPRESS");
}
@@ -137,10 +134,6 @@ public class Subscription extends Syncable { this.subid = jo.optInt(SUBID_KEY, -1);
this.feedid = jo.optInt(FEEDID_KEY, -1);
this.groupid = jo.optInt(GROUPID_KEY, -1); //New field is added - Groups feature Rally:US708115 - 1610
- this.aafInstance = jo.optString("aaf_instance", "legacy");
- if (!(aafInstance.equalsIgnoreCase("legacy")) && aafInstance.length() > 255) {
- throw new InvalidObjectException("aaf_instance field is too long");
- }
JSONObject jdeli = jo.getJSONObject("delivery");
String url = jdeli.getString("url");
String user = jdeli.getString("user");
@@ -334,14 +327,6 @@ public class Subscription extends Syncable { sl.setFeed(URLUtilities.generateFeedURL(feedid));
}
- public String getAafInstance() {
- return aafInstance;
- }
-
- public void setAafInstance(String aafInstance) {
- this.aafInstance = aafInstance;
- }
-
//New getter setters for Groups feature Rally:US708115 - 1610
public int getGroupid() {
return groupid;
@@ -439,7 +424,6 @@ public class Subscription extends Syncable { jo.put(LAST_MOD_KEY, lastMod.getTime());
jo.put(CREATED_DATE, createdDate.getTime());
jo.put("privilegedSubscriber", privilegedSubscriber);
- jo.put("aaf_instance", aafInstance);
jo.put("decompress", decompress);
return jo;
}
@@ -490,8 +474,8 @@ public class Subscription extends Syncable { // Create the SUBSCRIPTIONS row
String sql = "insert into SUBSCRIPTIONS (SUBID, FEEDID, DELIVERY_URL, DELIVERY_USER, DELIVERY_PASSWORD, "
+ "DELIVERY_USE100, METADATA_ONLY, SUBSCRIBER, SUSPENDED, GROUPID, "
- + "PRIVILEGED_SUBSCRIBER, FOLLOW_REDIRECTS, DECOMPRESS, AAF_INSTANCE) "
- + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ + "PRIVILEGED_SUBSCRIBER, FOLLOW_REDIRECTS, DECOMPRESS) "
+ + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
ps = conn.prepareStatement(sql, new String[]{SUBID_COL});
ps.setInt(1, subid);
ps.setInt(2, feedid);
@@ -506,7 +490,6 @@ public class Subscription extends Syncable { ps.setBoolean(11, isPrivilegedSubscriber());
ps.setInt(12, isFollowRedirect() ? 1 : 0);
ps.setBoolean(13, isDecompress());
- ps.setString(14, getAafInstance());
ps.execute();
ps.close();
// Update the row to set the URLs
@@ -630,9 +613,6 @@ public class Subscription extends Syncable { if (suspended != os.suspended) {
return false;
}
- if (!aafInstance.equals(os.aafInstance)) {
- return false;
- }
return true;
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java deleted file mode 100644 index 57bc84bd..00000000 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Copyright (C) 2019 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.datarouter.provisioning.utils; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import org.onap.aaf.cadi.PropAccess; - -public class AafPropsUtils { - - private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(AafPropsUtils.class); - - public static final String KEYSTORE_TYPE_PROPERTY = "PKCS12"; - public static final String TRUESTSTORE_TYPE_PROPERTY = "jks"; - private static final String KEYSTORE_PATH_PROPERTY = "cadi_keystore"; - private static final String KEYSTORE_PASS_PROPERTY = "cadi_keystore_password_p12"; - private static final String TRUSTSTORE_PATH_PROPERTY = "cadi_truststore"; - private static final String TRUSTSTORE_PASS_PROPERTY = "cadi_truststore_password"; - - private final PropAccess propAccess; - - public AafPropsUtils(File propsFile) throws IOException { - propAccess = new PropAccess(); - try { - propAccess.load(new FileInputStream(propsFile)); - } catch (IOException e) { - eelfLogger.error("Failed to load props file: " + propsFile + "\n" + e.getMessage(), e); - throw e; - } - } - - private String decryptedPass(String password) { - String decryptedPass = null; - try { - decryptedPass = propAccess.decrypt(password, false); - } catch (IOException e) { - eelfLogger.error("Failed to decrypt " + password + " : " + e.getMessage(), e); - } - return decryptedPass; - } - - public PropAccess getPropAccess() { - return propAccess; - } - - public String getKeystorePathProperty() { - return propAccess.getProperty(KEYSTORE_PATH_PROPERTY); - } - - public String getKeystorePassProperty() { - return decryptedPass(propAccess.getProperty(KEYSTORE_PASS_PROPERTY)); - } - - public String getTruststorePathProperty() { - return propAccess.getProperty(TRUSTSTORE_PATH_PROPERTY); - } - - public String getTruststorePassProperty() { - return decryptedPass(propAccess.getProperty(TRUSTSTORE_PASS_PROPERTY)); - } - -} diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java index c614c0ba..a0ece41a 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java @@ -108,6 +108,7 @@ public class DRRouteCLI { private int width = 120; // screen width (for list) private AbstractHttpClient httpclient; + @SuppressWarnings("deprecation") /** * Create a DRRouteCLI object connecting to the specified server. * @@ -117,20 +118,18 @@ public class DRRouteCLI { public DRRouteCLI(String server) throws Exception { this.server = server; this.httpclient = new DefaultHttpClient(); - AafPropsUtils aafPropsUtils = null; + ProvTlsManager provTlsManager = null; Properties provProperties = ProvRunner.getProvProperties(); try { - aafPropsUtils = new AafPropsUtils(new File(provProperties.getProperty( - "org.onap.dmaap.datarouter.provserver.aafprops.path", - "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); - } catch (IOException e) { - intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); + provTlsManager = new ProvTlsManager(provProperties, false); + } catch (Exception e) { + intlogger.error("NODE0314 Failed to load TLS config. Exiting", e); exit(1); } - String truststoreFile = aafPropsUtils.getTruststorePathProperty(); - String truststorePw = aafPropsUtils.getTruststorePassProperty(); + String truststoreFile = provTlsManager.getTrustStoreFile(); + String truststorePw = provTlsManager.getTrustStorePassword(); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); if (truststoreFile == null || truststoreFile.equals("")) { diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java new file mode 100644 index 00000000..4cf59066 --- /dev/null +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java @@ -0,0 +1,162 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2022 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.datarouter.provisioning.utils; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Properties; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.eclipse.jetty.util.ssl.SslContextFactory; + +public class ProvTlsManager { + + private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(ProvTlsManager.class); + + private final String keyStoreType; + private final String keyStorefile; + private final String keyStorePassword; + private final String keyManagerPassword; + private KeyStore keyStore; + + private final String trustStoreType; + private final String trustStoreFile; + private final String trustStorePassword; + private KeyStore trustStore; + + private final String[] enabledProtocols; + + /** + * Utility class to handle Provisioning server SSL configuration + * + * @param properties DR provisioning server properties + * @throws Exception for any unrecoverable problem + */ + public ProvTlsManager(Properties properties, boolean preLoadCerts) throws Exception { + + keyStoreType = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystoretype", "PKCS12"); + keyStorefile = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystorepath"); + keyStorePassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystorepassword"); + keyManagerPassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.keymanagerpassword"); + + trustStoreType = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststoretype", "jks"); + trustStoreFile = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststorepath"); + trustStorePassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststorepassword"); + + if (preLoadCerts) { + eelfLogger.debug("ProvTlsManager: Attempting to pre load certificate data from config."); + setUpKeyStore(); + setUpTrustStore(); + } + + enabledProtocols = properties.getProperty( + "org.onap.dmaap.datarouter.provserver.https.include.protocols", + "TLSv1.1|TLSv1.2").trim().split("\\|"); + } + + /** + * Gets an SSLSocketFactory instance constructed using the relevant SSL properties + * + * @return SSLSocketFactory + * @throws KeyStoreException if SSL config is invalid + */ + public SSLSocketFactory getSslSocketFactory() + throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException { + eelfLogger.debug("ProvTlsManager.getSslSocketFactory: Setting up SSLSocketFactory"); + if (this.trustStoreFile == null) { + eelfLogger.warn("Warning: No trust store available."); + return new SSLSocketFactory(this.keyStore, this.keyStorePassword); + } + return new SSLSocketFactory(this.keyStore, this.keyStorePassword, this.trustStore); + } + + /** + * Gets an SslContextFactory.Server instance constructed using the relevant SSL properties + * + * @return SslContextFactory.Server + */ + public SslContextFactory.Server getSslContextFactoryServer() { + eelfLogger.debug("ProvTlsManager.getSslContextFactoryServer: Setting up getSslContextFactoryServer"); + SslContextFactory.Server sslContextFactoryServer = new SslContextFactory.Server(); + sslContextFactoryServer.setKeyStoreType(this.keyStoreType); + sslContextFactoryServer.setKeyStorePath(this.keyStorefile); + sslContextFactoryServer.setKeyStorePassword(this.keyStorePassword); + sslContextFactoryServer.setKeyManagerPassword(this.keyManagerPassword); + if (this.trustStoreFile != null) { + sslContextFactoryServer.setTrustStoreType(this.trustStoreType); + sslContextFactoryServer.setTrustStorePath(this.trustStoreFile); + sslContextFactoryServer.setTrustStorePassword(this.trustStorePassword); + } + sslContextFactoryServer.setIncludeProtocols(this.enabledProtocols); + return sslContextFactoryServer; + } + + /** + * Get the trust store file path from dr config + * + * @return String + */ + public String getTrustStoreFile() { + return trustStoreFile; + } + + /** + * Get the trust store password from dr config + * + * @return String + */ + public String getTrustStorePassword() { + return trustStorePassword; + } + + private void setUpKeyStore() + throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException { + eelfLogger.debug("ProvTlsManager.setUpKeyStore: Attempting to load keyStore {}", keyStorefile); + keyStore = readKeyStore(keyStorefile, keyStorePassword, keyStoreType); + } + + private void setUpTrustStore() + throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException { + if (trustStoreFile != null && trustStorePassword != null) { + eelfLogger.debug("ProvTlsManager.setUpTrustStore: Attempting to load trustStore {}", trustStoreFile); + trustStore = readKeyStore(trustStoreFile, trustStorePassword, trustStoreType); + } else { + eelfLogger.warn("No truststore provided from properties. Skipping."); + } + } + + private KeyStore readKeyStore(String keyStore, String pass, String type) + throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException { + eelfLogger.debug("ProvTlsManager.readKeyStore: Verifying load of keystore {}", keyStore); + KeyStore ks = KeyStore.getInstance(type); + try (FileInputStream stream = new FileInputStream(keyStore)) { + ks.load(stream, pass.toCharArray()); + } + return ks; + } +}
\ No newline at end of file diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java index ef282618..86c178a3 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java @@ -140,33 +140,7 @@ public class SynchronizerTask extends TimerTask { try (AbstractHttpClient hc = new DefaultHttpClient()) { Scheme sch; if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { - // Set up keystore - String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; - String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty(); - String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); - KeyStore keyStore = KeyStore.getInstance(type); - try (FileInputStream instream = new FileInputStream(store)) { - keyStore.load(instream, pass.toCharArray()); - - } - // Set up truststore - store = ProvRunner.getAafPropsUtils().getTruststorePathProperty(); - pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty(); - KeyStore trustStore = null; - if (store != null && store.length() > 0) { - trustStore = KeyStore.getInstance(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); - try (FileInputStream instream = new FileInputStream(store)) { - trustStore.load(instream, pass.toCharArray()); - - } - } - // We are connecting with the node name, but the certificate will have the CNAME - // So we need to accept a non-matching certificate name - String keystorepass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); - SSLSocketFactory socketFactory = - (trustStore == null) - ? new SSLSocketFactory(keyStore, keystorepass) - : new SSLSocketFactory(keyStore, keystorepass, trustStore); + SSLSocketFactory socketFactory = ProvRunner.getProvTlsManager().getSslSocketFactory(); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sch = new Scheme("https", 443, socketFactory); } else { @@ -180,6 +154,7 @@ public class SynchronizerTask extends TimerTask { } catch (Exception e) { logger.warn("PROV5005: Problem starting the synchronizer: " + e); } + logger.info("PROV5000: SynchronizerTask started"); } private void setSynchTimer(String strInterval) { diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java index 89403488..a5eb4590 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java @@ -161,7 +161,8 @@ public class URLUtilities { private static String getAppropriateUrlPort() {
if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) {
- return "";
+ return ":" + ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443");
}
return ":" + ProvRunner.getProvProperties()
.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080");
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props deleted file mode 100644 index bb86e9d0..00000000 --- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props +++ /dev/null @@ -1,17 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:34:23.012+0000 -# @copyright 2019, AT&T -############################################################ -Challenge=enc:v6yuDc_Lu1OgeFEthckOsa7R0XW6h0iZqUQXnw4CpstwzjmN0x9VOsf27um5fC5z -cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org -cadi_key_password=enc:CBXkw5IMQ8IeOhERa_oK4XcS1BsKy3T9BiZgAOIBqI46Nvy0USwgXCyOkTgVlJn7 -cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile -cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr.p12 -cadi_keystore_password=enc:Qd78mq7KSyK4G-gmnA0YVrB4jpMLgMX_4jDmwkdkKpD-MmonHNXlDA0TzRd3oxWe -cadi_keystore_password_jks=enc:GuyybAMtPX21LbCx_AXGnO7nz3NlPenZESuLVgrw-_cK55re75K4YOLYVzQswUYU -cadi_keystore_password_p12=enc:Qd78mq7KSyK4G-gmnA0YVrB4jpMLgMX_4jDmwkdkKpD-MmonHNXlDA0TzRd3oxWe -cadi_truststore=/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=enc:y10bIyzTHei-rxWnWgHUUFUD_9TfOBdxmIn6vEf0zsyZtWmeP8ZjFE1LoPn7Ri4g -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile deleted file mode 100644 index 86092892..00000000 --- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -gf-I4kLSg98uxwCXpklt-W2Qfa0mFgvXDoQk_qsLs4uuLI9FmWkrdlgdqzEgISL1sf6SAhoXFXO4 -BSm8fSPPrjaFEQ-uZcho1bY63lG710ZLh7vf0Bc7WPieRXesloH07CRXXjUdTkXXU8qTP6Ufru16 -mbGODzcZ-Ygm2GLVbkLk7953CJYIvuYT0M3ggrDr51eOalpgwXA1uO2DCTmY_fyqFNpZbLEtcYAx -EEBkbaT0KhKwSfXfPINjpfCVMNBr3eK2m75RFJzTmA4Nq_WFgQQBUJkYu6EaWR8xwKEnX3brIFN- -uY8Xk-Wxh8hhqNQWSxaSa_w6BfbP5CwUpIk9Ex1v_gCa63NIy4WzoRxOHKuCQAS26vLJFxTTNOlP -d_DVC0gmvL-q8VnedNVSsRw1zuDOtOzKg3iUbTjopba3YryelxwL2xUJzkxv8RiOVvTCdZ34lPP0 -vQCaGJYg52OKOCMaIs4e6bqfCFMT4nlbad--mPeZGS3X5pJ0xSAMRa8L2_ksHbTOvcjOlCvmWNDK -puP22sdegP-mV6Ygm30Gyn7TnUodDA3bzIiA70zrkrlt8pBMhKmCbmWvGfjItoRnfGwtlsm1OU73 -Jst8pQ_mvCK486UoH4Lui1kNBTqAJIrzYT_m-MrL6w9lx7Lu-ZG0HqdDVO4zB06WTyCXT-I2r-XS -F9ddoQ3GOUMA4kIckEeEVYfZiVaoPeizNwynSLHZDA3Xztc-kz7HEqdUCypM5pM32qGN-z4Gzbh0 -K4GO7_cGyctMGNY5za3iANK3BBBx9d3G3XKuCH2EDF9aj_kFarMaJjTHwn9-OAeD2GXtdYQqarod -4Yw11CD8JjyF6PdYstTh9t5_iK3pZjFaLMBPlLFN_tDu_5zsVagJjM7nMjfn8iWH5o3rj7WAIqBC -NoxZhIRUVpEmDKkhsnq9i9gdjoiKjrNwEsswX2vGsXEAf1vTXH2YsgraTjEhlW0cIb4PBLd4YoSE -AW3MXhwu5rYFgGooHyB99OKZOX6-5Y44fA0TE0ypn8HZ5oVrERCHVHNXsiXg1pRjTHjoIYUFoSQQ -lT8eVUo5MUxQ0SVKUi03wA7EduWrwvuD_KyLeNnvECj6IDuK7qiqH86UV7AyQhwjSZPj4N3KIlvD -VJNLmt6s8b6SLZpO23P-ZceFEIIYG7E1IGmo2s5VkWTNTkvqD7blxoOsfBIxb-SjttnMtbKCcXPj -aKMC1oqr5xLsvtg9XDKKXt4kELElRBiKtrud8t7qqYMfC-q6lIddmG8x_196qsYiErKd9mLyDT2H -DG9wmz3dDds_bUnXA7_-LsriDI4t_fAqAKnvR8tLi9DjhU1g9yjlGuKn4yd3y8aK-UFFfBi1AKxA -WoxSt2Omw_sl9Jc6bzoZ2_NHPZz7IaDhSu1imAAcAms4SIr3g-MnBffVpxarrXYsoaxurMRMoqLx -r0DyV1Y9IZSwo-xsWk42CxrvEF31AmFWewI0ykA8bZ-zpWux3z7BfbKDqxglg3Lp5uIfVFHamds3 -ya-KMBCtaSgiJ9fB7Q183Lt0tMxrOLe3hln55I4SRgHT5blh1LEznIigIfhFEOo514JEdctkVrDS -bDSbCO-yZE_0BcznTsjoyImwObeVRbDDu0feM9uGs4fL7zwVCbzEurGU2js-0o0rcyDiv30tsL5S -LaxA-xz7x5HO4JAd7BeaeF4-v0-IeLKPH4HzYk0g1PKskZaZHMWBWSPaJWin68ahh9Eh44xSjsCW -TUcoddf4-5HZS_RWlrLvbnfbEBAm7Ikbno1zLJz7_H3tmLKv2axkGEu-YWIAffb7xMzG0T9m6S3B -Iz1jWxtJ41gTE5kGFmaezDeUGPrioaqOq0bCq6DStQMc_5kcKAIg6GffOX75ZvagC2E6E_B58AGU -iVDzz_yi4Xcssf2jN-MIiHes0HsMQILrLAu1PLZh9qOIGOnVgLdwr0o5CGsg0h7Bxxl6jFQubwAZ -rc2foRg7arAcRHYasoC34f9pH0hfBzHfTGg5S7bWU6mDaldpWS8Na0EoCoFoZATkdzG77w6c
\ No newline at end of file diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props deleted file mode 100644 index eef8aac6..00000000 --- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props +++ /dev/null @@ -1,8 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:34:21.359+0000 -# @copyright 2019, AT&T -############################################################ -cadi_latitude=38.0 -cadi_longitude=-72.0 diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 Binary files differdeleted file mode 100644 index 69948c25..00000000 --- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 +++ /dev/null diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props deleted file mode 100644 index a392a489..00000000 --- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props +++ /dev/null @@ -1,24 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:34:21.357+0000 -# @copyright 2019, AT&T -############################################################ -aaf_env=DEV -aaf_id=dmaap-dr-prov@dmaap-dr.onap.org -aaf_locate_url=https://aaf-locate.onap:8095 -aaf_locator_app_ns=org.osaaf.aaf -aaf_locator_container=oom -aaf_locator_container_ns=onap -aaf_locator_fqdn=dmaap-dr-prov -aaf_locator_public_fqdn=aaf.osaaf.org -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 -aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 -aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 -aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 -aaf_url_hello=https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.hello:2.1 -aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 -cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-dr.location.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props -cadi_protocols=TLSv1.1,TLSv1.2 diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks Binary files differdeleted file mode 100644 index 3666b965..00000000 --- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks +++ /dev/null diff --git a/datarouter-prov/src/main/resources/misc/sql_init_01.sql b/datarouter-prov/src/main/resources/misc/sql_init_01.sql index a1980d29..17884f66 100755 --- a/datarouter-prov/src/main/resources/misc/sql_init_01.sql +++ b/datarouter-prov/src/main/resources/misc/sql_init_01.sql @@ -14,8 +14,7 @@ CREATE TABLE FEEDS ( DELETED BOOLEAN DEFAULT FALSE, LAST_MOD TIMESTAMP DEFAULT CURRENT_TIMESTAMP, SUSPENDED BOOLEAN DEFAULT FALSE, - CREATED_DATE TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - AAF_INSTANCE VARCHAR(256) + CREATED_DATE TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE FEED_ENDPOINT_IDS ( @@ -46,9 +45,7 @@ CREATE TABLE SUBSCRIPTIONS ( SUSPENDED BOOLEAN DEFAULT FALSE, PRIVILEGED_SUBSCRIBER BOOLEAN DEFAULT FALSE, CREATED_DATE TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - DECOMPRESS BOOLEAN DEFAULT FALSE, - AAF_INSTANCE VARCHAR(256) - + DECOMPRESS BOOLEAN DEFAULT FALSE ); CREATE TABLE PARAMETERS ( @@ -145,6 +142,6 @@ INSERT INTO PARAMETERS VALUES ('PROV_MAXFEED_COUNT', '10000'), ('PROV_MAXSUB_COUNT', '100000'), ('PROV_REQUIRE_CERT', 'false'), - ('PROV_REQUIRE_SECURE', 'true'), + ('PROV_REQUIRE_SECURE', 'false'), ('_INT_VALUES', 'LOGROLL_INTERVAL|PROV_MAXFEED_COUNT|PROV_MAXSUB_COUNT|DELIVERY_INIT_RETRY_INTERVAL|DELIVERY_MAX_RETRY_INTERVAL|DELIVERY_RETRY_RATIO|DELIVERY_MAX_AGE|DELIVERY_FILE_PROCESS_INTERVAL') ;
\ No newline at end of file diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties index 66d4e6c4..25824988 100755 --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -31,12 +31,17 @@ org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spoo org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc org.onap.dmaap.datarouter.provserver.logretention = 30 -org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false - -org.onap.dmaap.datarouter.provserver.cadi.enabled = false - org.onap.dmaap.datarouter.provserver.tlsenabled = false +# If tlsenabled is true, the following keystore info must be set +org.onap.dmaap.datarouter.provserver.keystoretype = PKCS12 +org.onap.dmaap.datarouter.provserver.keystorepath = /opt/app/datartr/certs/org.onap.dmaap-dr-prov.p12 +org.onap.dmaap.datarouter.provserver.keystorepassword = secret +org.onap.dmaap.datarouter.provserver.keymanagerpassword = secret +org.onap.dmaap.datarouter.provserver.truststoretype = jks +org.onap.dmaap.datarouter.provserver.truststorepath = /opt/app/datartr/certs/truststore.jks +org.onap.dmaap.datarouter.provserver.truststorepassword = secret + org.onap.dmaap.datarouter.nodeserver.https.port = 8443 org.onap.dmaap.datarouter.nodeserver.http.port = 8080 |