aboutsummaryrefslogtreecommitdiffstats
path: root/datarouter-prov/src/main
diff options
context:
space:
mode:
authorFiachra Corcoran <fiachra.corcoran@est.tech>2022-12-22 08:15:24 +0000
committerGerrit Code Review <gerrit@onap.org>2022-12-22 08:15:24 +0000
commit495ebf460ae2ca936981e4ed28a11224de69b64e (patch)
tree2881f80acede7dd8f907c8a42c08d3df180074bf /datarouter-prov/src/main
parent63b13a0cddf45b4cfd1691dd5b95a205af355898 (diff)
parentfaf64da8b0307b6c0afa6637617f61c7c48bb8e2 (diff)
Merge "[DMAAP-DR-PROV] Remove aaf & cadi"2.1.12
Diffstat (limited to 'datarouter-prov/src/main')
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java71
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java1
-rwxr-xr-xdatarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java112
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java59
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java65
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java2
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java23
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java37
-rwxr-xr-xdatarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java33
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java60
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java63
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java20
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java24
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java83
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java15
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java162
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java29
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java3
-rw-r--r--datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props17
-rw-r--r--datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile27
-rw-r--r--datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props8
-rw-r--r--datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12bin4217 -> 0 bytes
-rw-r--r--datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props24
-rw-r--r--datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jksbin1413 -> 0 bytes
-rwxr-xr-xdatarouter-prov/src/main/resources/misc/sql_init_01.sql9
-rwxr-xr-xdatarouter-prov/src/main/resources/provserver.properties13
26 files changed, 215 insertions, 745 deletions
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java
deleted file mode 100644
index b61c00e5..00000000
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/AuthRespSupplementImpl.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START==================================================
- * * org.onap.dmaap
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-
-
-package org.onap.dmaap.datarouter.authz.impl;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.onap.dmaap.datarouter.authz.AuthorizationResponseSupplement;
-
-/** Carries supplementary information--an advice or an obligation--from the authorization response returned
- * by a XACML Policy Decision Point. Not used in Data Router R1.
- * @author J. F. Lucas
- *
- */
-public class AuthRespSupplementImpl implements AuthorizationResponseSupplement {
-
- private String id;
- private Map<String, String> attributes;
-
- /** Constructor, available within the package.
- *
- * @param id The identifier for the advice or obligation element
- * @param attributes The attributes (name-value pairs) for the advice or obligation element.
- */
- AuthRespSupplementImpl(String id, Map<String, String> attributes) {
- this.id = id;
- this.attributes = new HashMap<>(attributes);
- }
-
- /** Return the identifier for the supplementary information element.
- *
- * @return a <code>String</code> containing the identifier.
- */
- @Override
- public String getId() {
- return id;
- }
-
- /** Return the attributes for the supplementary information element, as a <code>Map</code> in which
- * keys represent attribute identifiers and values represent attribute values.
- *
- * @return attributes for the supplementary information element.
- */
- @Override
- public Map<String, String> getAttributes() {
- return attributes;
- }
-
-}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
index 48e31bfe..97cdc120 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
@@ -106,7 +106,6 @@ public class ProvAuthorizer implements Authorizer {
decision = allowSubAccess(resource, method, subject, subjectgroup);
break;
default:
- decision = false;
break;
}
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
index 1942b148..c37c0a7d 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
@@ -85,23 +85,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
public static final String BEHALF_HEADER = "X-DMAAP-DR-ON-BEHALF-OF";
- public static final String EXCLUDE_AAF_HEADER = "X-EXCLUDE-AAF";
-
- private static final String AAF_CADI_FEED_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.feed.type";
- private static final String AAF_CADI_SUB_TYPE = "org.onap.dmaap.datarouter.provserver.aaf.sub.type";
- private static final String AAF_INSTANCE = "org.onap.dmaap.datarouter.provserver.aaf.instance";
- private static final String AAF_CADI_FEED = "org.onap.dmaap-dr.feed";
- private static final String AAF_CADI_SUB = "org.onap.dmaap-dr.sub";
-
- static final String CREATE_PERMISSION = "create";
- static final String EDIT_PERMISSION = "edit";
- static final String DELETE_PERMISSION = "delete";
- private static final String PUBLISH_PERMISSION = "publish";
- private static final String SUSPEND_PERMISSION = "suspend";
- private static final String RESTORE_PERMISSION = "restore";
- private static final String SUBSCRIBE_PERMISSION = "subscribe";
- static final String APPROVE_SUB_PERMISSION = "approveSub";
-
static final String FEED_BASECONTENT_TYPE = "application/vnd.dmaap-dr.feed";
public static final String FEED_CONTENT_TYPE = "application/vnd.dmaap-dr.feed; version=2.0";
public static final String FEEDFULL_CONTENT_TYPE = "application/vnd.dmaap-dr.feed-full; version=2.0";
@@ -261,9 +244,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
private static String isAddressAuthEnabled = ProvRunner.getProvProperties()
.getProperty("org.onap.dmaap.datarouter.provserver.isaddressauthenabled", "false");
- static String isCadiEnabled = ProvRunner.getProvProperties()
- .getProperty("org.onap.dmaap.datarouter.provserver.cadi.enabled", "false");
-
/**
* Initialize data common to all the provisioning server servlets.
*/
@@ -959,96 +939,4 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
}
}
-
- /*
- * AAF changes: TDP EPIC US# 307413
- * @Method - getFeedPermission - Forming permission string for feed part to check AAF access in CADI Framework
- * @Params - aafInstance Passing aafInstance as it's used in permission string
- * @Params - userAction Passing CONST values to set different actions in permission string
- */
- String getFeedPermission(String aafInstance, String userAction) {
- try {
- Properties props = ProvRunner.getProvProperties();
- String type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- String action;
- switch (userAction) {
- case CREATE_PERMISSION:
- action = CREATE_PERMISSION;
- break;
- case EDIT_PERMISSION:
- action = EDIT_PERMISSION;
- break;
- case DELETE_PERMISSION:
- action = DELETE_PERMISSION;
- break;
- case PUBLISH_PERMISSION:
- action = PUBLISH_PERMISSION;
- break;
- case SUSPEND_PERMISSION:
- action = SUSPEND_PERMISSION;
- break;
- case RESTORE_PERMISSION:
- action = RESTORE_PERMISSION;
- break;
- default:
- action = "*";
- }
- if (aafInstance == null || "".equals(aafInstance)) {
- aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined");
- }
- return type + "|" + aafInstance + "|" + action;
- } catch (Exception e) {
- intlogger.error("PROV7005 BaseServlet.getFeedPermission: " + e.getMessage(), e);
- }
- return null;
- }
-
- /*
- * AAF changes: TDP EPIC US# 307413
- * @Method - getSubscriberPermission - Forming permission string for subscription part to check
- * AAF access in CADI Framework
- * @Params - aafInstance Passing aafInstance as it's used in permission string
- * @Params - userAction Passing CONST values to set different actions in permission string
- */
- String getSubscriberPermission(String aafInstance, String userAction) {
- try {
- Properties props = ProvRunner.getProvProperties();
- String type = props.getProperty(AAF_CADI_SUB_TYPE, AAF_CADI_SUB);
- String action;
- switch (userAction) {
- case SUBSCRIBE_PERMISSION:
- action = SUBSCRIBE_PERMISSION;
- type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- break;
- case EDIT_PERMISSION:
- action = EDIT_PERMISSION;
- break;
- case DELETE_PERMISSION:
- action = DELETE_PERMISSION;
- break;
- case RESTORE_PERMISSION:
- action = RESTORE_PERMISSION;
- break;
- case SUSPEND_PERMISSION:
- action = SUSPEND_PERMISSION;
- break;
- case PUBLISH_PERMISSION:
- action = PUBLISH_PERMISSION;
- break;
- case APPROVE_SUB_PERMISSION:
- action = APPROVE_SUB_PERMISSION;
- type = props.getProperty(AAF_CADI_FEED_TYPE, AAF_CADI_FEED);
- break;
- default:
- action = "*";
- }
- if (aafInstance == null || "".equals(aafInstance)) {
- aafInstance = props.getProperty(AAF_INSTANCE, "org.onap.dmaap-dr.NoInstanceDefined");
- }
- return type + "|" + aafInstance + "|" + action;
- } catch (Exception e) {
- intlogger.error("PROV7005 BaseServlet.getSubscriberPermission: " + e.getMessage(), e);
- }
- return null;
- }
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
index a0df71ce..7266ee69 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
@@ -28,11 +28,11 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.util.List;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
import org.json.JSONObject;
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
@@ -289,61 +289,6 @@ public class DRFeedsServlet extends ProxyServlet {
return;
}
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - No legacy user check as all new users will be AAF users
- */
- String aafInstance = feed.getAafInstance();
- if (Boolean.parseBoolean(isCadiEnabled)) {
- if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance))
- && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) {
- // Check with the Authorizer
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) {
- message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing "
- + "AAF_Instance value= " + aafInstance;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION);
- eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- } else {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
-
feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
// Check if this feed already exists
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
index 5182cc23..475054d1 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
@@ -28,7 +28,6 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
-import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
@@ -108,37 +107,6 @@ public class FeedServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
return;
}
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove feed
- */
- String aafInstance = feed.getAafInstance();
- if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {
- AuthorizationResponse aresp = authz.decide(req);
- if (! aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- String permission = getFeedPermission(aafInstance, BaseServlet.DELETE_PERMISSION);
- eventlogger.info("FeedServlet.doDelete().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
// Delete FEED table entry (set DELETED flag)
feed.setDeleted(true);
if (doUpdate(feed)) {
@@ -352,39 +320,6 @@ public class FeedServlet extends ProxyServlet {
return;
}
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow feed edit/update/modify
- */
- String aafInstance = feed.getAafInstance();
- if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {
- // Check with the Authorizer
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- String permission = getFeedPermission(aafInstance, BaseServlet.EDIT_PERMISSION);
- eventlogger.info("FeedServlet.doPut().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
-
// Update FEEDS table entries
if (doUpdate(feed)) {
// send response
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 06959eef..0fb879e9 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -162,7 +162,7 @@ public class InternalServlet extends ProxyServlet {
private static final Object lock = new Object();
private static Integer logseq = 0; // another piece of info to make log spool file names unique
//Adding EELF Logger Rally:US664892
- private static EELFLogger eelfLogger = EELFManager.getInstance()
+ private static final EELFLogger eelfLogger = EELFManager.getInstance()
.getLogger(InternalServlet.class);
/**
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java
index 747530ab..4777be8c 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java
@@ -29,16 +29,15 @@ import static java.lang.System.getProperty;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
-import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import java.util.Timer;
import org.eclipse.jetty.server.Server;
-import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils;
import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader;
import org.onap.dmaap.datarouter.provisioning.utils.Poker;
import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
+import org.onap.dmaap.datarouter.provisioning.utils.ProvTlsManager;
import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask;
import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
@@ -76,7 +75,7 @@ public class ProvRunner {
public static final EELFLogger intlogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.provisioning.internal");
private static Server provServer;
- private static AafPropsUtils aafPropsUtils;
+ private static ProvTlsManager provTlsManager;
private static Properties provProperties;
private static Boolean tlsEnabled;
@@ -92,13 +91,11 @@ public class ProvRunner {
exit(1);
}
if (Boolean.TRUE.equals(getTlsEnabled())) {
- // Set up AAF properties
+ // Set up TLS Manager
try {
- aafPropsUtils = new AafPropsUtils(new File(getProvProperties().getProperty(
- "org.onap.dmaap.datarouter.provserver.aafprops.path",
- "/opt/app/osaaf/local/org.onap.dmaap-dr.props")));
- } catch (IOException e) {
- intlogger.error("NODE0314 Failed to load AAF props. Exiting", e);
+ provTlsManager = new ProvTlsManager(ProvRunner.getProvProperties(), true);
+ } catch (Exception e) {
+ intlogger.error("NODE0314 Failed to load TLS config. Exiting", e);
exit(1);
}
}
@@ -153,10 +150,6 @@ public class ProvRunner {
return provProperties;
}
- public static AafPropsUtils getAafPropsUtils() {
- return aafPropsUtils;
- }
-
public static Boolean getTlsEnabled() {
if (tlsEnabled == null) {
tlsEnabled = Boolean.parseBoolean(getProvProperties()
@@ -164,4 +157,8 @@ public class ProvRunner {
}
return tlsEnabled;
}
+
+ public static ProvTlsManager getProvTlsManager() {
+ return provTlsManager;
+ }
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java
index 9eb91178..102d4a24 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java
@@ -42,7 +42,6 @@ import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.jetbrains.annotations.NotNull;
-import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils;
public class ProvServer {
@@ -106,14 +105,16 @@ public class ProvServer {
httpsConfiguration.setRequestHeaderSize(8192);
// HTTPS connector
try (ServerConnector httpsServerConnector = new ServerConnector(server,
- new SslConnectionFactory(getSslContextFactory(provProps), HttpVersion.HTTP_1_1.asString()),
+ new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfiguration))) {
httpsServerConnector.setPort(httpsPort);
httpsServerConnector.setIdleTimeout(30000);
httpsServerConnector.setAcceptQueueSize(2);
+ intlogger.info("ProvServer: TLS enabled. Setting up both HTTP/S connectors.");
server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
}
} else {
+ intlogger.info("ProvServer: TLS disabled. Setting up HTTP connector only.");
server.setConnectors(new Connector[]{httpServerConnector});
}
server.setHandler(handlerCollection);
@@ -132,18 +133,9 @@ public class ProvServer {
}
@NotNull
- private static SslContextFactory.Server getSslContextFactory(Properties provProps) {
- SslContextFactory sslContextFactory = new SslContextFactory.Server();
- sslContextFactory.setKeyStoreType(AafPropsUtils.KEYSTORE_TYPE_PROPERTY);
- sslContextFactory.setKeyStorePath(ProvRunner.getAafPropsUtils().getKeystorePathProperty());
- sslContextFactory.setKeyStorePassword(ProvRunner.getAafPropsUtils().getKeystorePassProperty());
- sslContextFactory.setKeyManagerPassword(ProvRunner.getAafPropsUtils().getKeystorePassProperty());
-
- sslContextFactory.setTrustStoreType(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY);
- sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty());
- sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty());
-
- sslContextFactory.setExcludeCipherSuites(
+ private static SslContextFactory.Server getSslContextFactory() {
+ SslContextFactory.Server sslContextFactoryServer = ProvRunner.getProvTlsManager().getSslContextFactoryServer();
+ sslContextFactoryServer.setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
@@ -152,17 +144,12 @@ public class ProvServer {
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
);
- sslContextFactory.addExcludeProtocols("SSLv3");
- sslContextFactory.setIncludeProtocols(provProps.getProperty(
- "org.onap.dmaap.datarouter.provserver.https.include.protocols",
- "TLSv1.1|TLSv1.2").trim().split("\\|"));
-
- intlogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
- intlogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
- intlogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
- intlogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
-
- return (SslContextFactory.Server) sslContextFactory;
+ sslContextFactoryServer.addExcludeProtocols("SSLv3");
+ intlogger.info("Unsupported protocols: " + String.join(",", sslContextFactoryServer.getExcludeProtocols()));
+ intlogger.info("Supported protocols: " + String.join(",", sslContextFactoryServer.getIncludeProtocols()));
+ intlogger.info("Unsupported ciphers: " + String.join(",", sslContextFactoryServer.getExcludeCipherSuites()));
+ intlogger.info("Supported ciphers: " + String.join(",", sslContextFactoryServer.getIncludeCipherSuites()));
+ return sslContextFactoryServer;
}
@NotNull
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
index 49be5aa0..86b583a5 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
@@ -30,14 +30,9 @@ import jakarta.servlet.ServletConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
import java.util.Collections;
import java.util.List;
import org.apache.commons.io.IOUtils;
@@ -53,7 +48,6 @@ import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.BasicHttpEntity;
import org.apache.http.impl.client.AbstractHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
-import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils;
import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities;
@@ -81,20 +75,7 @@ public class ProxyServlet extends BaseServlet {
super.init(config);
try {
if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) {
- // Set up keystore
- String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY;
- String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty();
- String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty();
- KeyStore keyStore = readStore(store, pass, type);
- // Set up truststore
- store = ProvRunner.getAafPropsUtils().getTruststorePathProperty();
- pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty();
- KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY);
-
- // We are connecting with the node name, but the certificate will have the CNAME
- // So we need to accept a non-matching certificate name
- SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
- ProvRunner.getAafPropsUtils().getKeystorePassProperty(), trustStore);
+ SSLSocketFactory socketFactory = ProvRunner.getProvTlsManager().getSslSocketFactory();
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sch = new Scheme("https", 443, socketFactory);
} else {
@@ -108,18 +89,6 @@ public class ProxyServlet extends BaseServlet {
intlogger.info("ProxyServlet: inited = " + inited);
}
- private KeyStore readStore(String store, String pass, String type) throws KeyStoreException {
- KeyStore ks = KeyStore.getInstance(type);
- try (FileInputStream instream = new FileInputStream(new File(store))) {
- ks.load(instream, pass.toCharArray());
- } catch (FileNotFoundException fileNotFoundException) {
- intlogger.error("ProxyServlet.readStore: " + fileNotFoundException.getMessage(), fileNotFoundException);
- } catch (Exception x) {
- intlogger.error("READING TRUSTSTORE: " + x);
- }
- return ks;
- }
-
/**
* Return <i>true</i> if the requester has NOT set the <i>noproxy</i> CGI variable. If they have, this indicates
* they want to forcibly turn the proxy off.
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
index 2ee58d6e..6faecff5 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
@@ -263,66 +263,6 @@ public class SubscribeServlet extends ProxyServlet {
}
sub.setFeedid(feedid);
sub.setSubscriber(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow to create/add subscription
- */
- String feedAafInstance = feed.getAafInstance();
- String subAafInstance = sub.getAafInstance();
- boolean subAafLegacyEmptyOrNull = (subAafInstance == null
- || "".equals(subAafInstance) || "legacy".equalsIgnoreCase(subAafInstance));
-
- // This extra check added to verify AAF feed with AAF subscriber having empty aaf instance check
- if (feedAafInstance == null || "".equals(feedAafInstance) || "legacy".equalsIgnoreCase(feedAafInstance)) {
- if (subAafLegacyEmptyOrNull) {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- //If Legacy Feed and AAF instance provided in Subscriber JSON
- message = "AAF Subscriber can not be added to legacy Feed- " + feedid;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- //New AAF Requirement to add legacy subscriber to AAF Feed
- if (subAafLegacyEmptyOrNull) {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- //New AAF Requirement to add subscriber by publisher on publisher approval only
- String permission = getSubscriberPermission(subAafInstance, BaseServlet.APPROVE_SUB_PERMISSION);
- eventlogger.info("SubscribeServlet.doPost().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- }
- /*
- * END - AAF changes
- */
// Check if this subscription already exists; not an error (yet), just warn
Subscription sub2 = Subscription.getSubscriptionMatching(sub);
if (sub2 != null) {
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
index 1851d03a..f4f3c9b0 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
@@ -111,37 +111,6 @@ public class SubscriptionServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
return;
}
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription
- */
- String aafInstance = sub.getAafInstance();
- if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- String permission = getSubscriberPermission(aafInstance, BaseServlet.DELETE_PERMISSION);
- eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
// Delete Subscription
if (doDelete(sub)) {
activeSubs--;
@@ -321,38 +290,6 @@ public class SubscriptionServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
-
- /*
- * START - AAF changes
- * TDP EPIC US# 307413
- * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription
- */
- String aafInstance = sub.getAafInstance();
- if (aafInstance == null || "".equals(aafInstance) || "legacy".equalsIgnoreCase(aafInstance)) {
- AuthorizationResponse aresp = authz.decide(req);
- if (!aresp.isAuthorized()) {
- message = POLICY_ENGINE;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- } else {
- String permission = getSubscriberPermission(aafInstance, BaseServlet.EDIT_PERMISSION);
- eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);
- if (!req.isUserInRole(permission)) {
- message = "AAF disallows access to permission - " + permission;
- elr.setMessage(message);
- elr.setResult(HttpServletResponse.SC_FORBIDDEN);
- eventlogger.error(elr.toString());
- sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
- return;
- }
- }
- /*
- * END - AAF changes
- */
sub.setSubid(oldsub.getSubid());
sub.setFeedid(oldsub.getFeedid());
sub.setSubscriber(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
index c6344301..af6b3575 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
@@ -77,7 +77,6 @@ public class Feed extends Syncable {
private boolean suspended;
private Date lastMod;
private Date createdDate;
- private String aafInstance;
public Feed() {
this("", "", "", "");
@@ -104,7 +103,6 @@ public class Feed extends Syncable {
this.suspended = false;
this.lastMod = new Date();
this.createdDate = new Date();
- this.aafInstance = "";
}
/**
@@ -133,7 +131,6 @@ public class Feed extends Syncable {
this.suspended = rs.getBoolean("SUSPENDED");
this.lastMod = rs.getDate("LAST_MOD");
this.createdDate = rs.getTimestamp("CREATED_DATE");
- this.aafInstance = rs.getString("AAF_INSTANCE");
}
/**
@@ -148,10 +145,6 @@ public class Feed extends Syncable {
this.feedid = jo.optInt(FEED_ID, -1);
this.groupid = jo.optInt("groupid");
this.name = jo.getString("name");
- this.aafInstance = jo.optString("aaf_instance", "legacy");
- if (!("legacy".equalsIgnoreCase(aafInstance)) && aafInstance.length() > 255) {
- throw new InvalidObjectException("aaf_instance field is too long");
- }
if (name.length() > 255) {
throw new InvalidObjectException("name field is too long");
}
@@ -440,10 +433,6 @@ public class Feed extends Syncable {
fl.setLog(URLUtilities.generateFeedLogURL(feedid));
}
- public String getAafInstance() {
- return aafInstance;
- }
-
//new getter setters for groups- Rally:US708115 - 1610
public int getGroupid() {
return groupid;
@@ -553,7 +542,6 @@ public class Feed extends Syncable {
jo.put("suspend", suspended);
jo.put(LAST_MOD, lastMod.getTime());
jo.put(CREATED_DATE, createdDate.getTime());
- jo.put("aaf_instance", aafInstance);
return jo;
}
@@ -634,8 +622,8 @@ public class Feed extends Syncable {
try (PreparedStatement ps = conn.prepareStatement(
"insert into FEEDS (FEEDID, NAME, VERSION, DESCRIPTION, AUTH_CLASS, PUBLISHER, SELF_LINK, "
+ "PUBLISH_LINK, SUBSCRIBE_LINK, LOG_LINK, DELETED, SUSPENDED,"
- + "BUSINESS_DESCRIPTION, GROUPID, AAF_INSTANCE) "
- + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
+ + "BUSINESS_DESCRIPTION, GROUPID) "
+ + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
ps.setInt(1, feedid);
ps.setString(2, getName());
ps.setString(3, getVersion());
@@ -650,7 +638,6 @@ public class Feed extends Syncable {
ps.setBoolean(12, isSuspended());
ps.setString(13, getBusinessDescription());
ps.setInt(14, groupid);
- ps.setString(15, getAafInstance());
ps.executeUpdate();
}
} catch (SQLException e) {
@@ -799,9 +786,6 @@ public class Feed extends Syncable {
if (suspended != of.suspended) {
return false;
}
- if (!aafInstance.equals(of.aafInstance)) {
- return false;
- }
return true;
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java
index 5741881c..6928addf 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java
@@ -72,7 +72,6 @@ public class Subscription extends Syncable {
private Date lastMod;
private Date createdDate;
private boolean privilegedSubscriber;
- private String aafInstance;
private boolean decompress;
public Subscription() {
@@ -98,7 +97,6 @@ public class Subscription extends Syncable {
this.lastMod = new Date();
this.createdDate = new Date();
this.privilegedSubscriber = false;
- this.aafInstance = "";
this.decompress = false;
}
@@ -121,7 +119,6 @@ public class Subscription extends Syncable {
this.lastMod = rs.getDate("LAST_MOD");
this.createdDate = rs.getDate("CREATED_DATE");
this.privilegedSubscriber = rs.getBoolean("PRIVILEGED_SUBSCRIBER");
- this.aafInstance = rs.getString("AAF_INSTANCE");
this.decompress = rs.getBoolean("DECOMPRESS");
}
@@ -137,10 +134,6 @@ public class Subscription extends Syncable {
this.subid = jo.optInt(SUBID_KEY, -1);
this.feedid = jo.optInt(FEEDID_KEY, -1);
this.groupid = jo.optInt(GROUPID_KEY, -1); //New field is added - Groups feature Rally:US708115 - 1610
- this.aafInstance = jo.optString("aaf_instance", "legacy");
- if (!(aafInstance.equalsIgnoreCase("legacy")) && aafInstance.length() > 255) {
- throw new InvalidObjectException("aaf_instance field is too long");
- }
JSONObject jdeli = jo.getJSONObject("delivery");
String url = jdeli.getString("url");
String user = jdeli.getString("user");
@@ -334,14 +327,6 @@ public class Subscription extends Syncable {
sl.setFeed(URLUtilities.generateFeedURL(feedid));
}
- public String getAafInstance() {
- return aafInstance;
- }
-
- public void setAafInstance(String aafInstance) {
- this.aafInstance = aafInstance;
- }
-
//New getter setters for Groups feature Rally:US708115 - 1610
public int getGroupid() {
return groupid;
@@ -439,7 +424,6 @@ public class Subscription extends Syncable {
jo.put(LAST_MOD_KEY, lastMod.getTime());
jo.put(CREATED_DATE, createdDate.getTime());
jo.put("privilegedSubscriber", privilegedSubscriber);
- jo.put("aaf_instance", aafInstance);
jo.put("decompress", decompress);
return jo;
}
@@ -490,8 +474,8 @@ public class Subscription extends Syncable {
// Create the SUBSCRIPTIONS row
String sql = "insert into SUBSCRIPTIONS (SUBID, FEEDID, DELIVERY_URL, DELIVERY_USER, DELIVERY_PASSWORD, "
+ "DELIVERY_USE100, METADATA_ONLY, SUBSCRIBER, SUSPENDED, GROUPID, "
- + "PRIVILEGED_SUBSCRIBER, FOLLOW_REDIRECTS, DECOMPRESS, AAF_INSTANCE) "
- + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ + "PRIVILEGED_SUBSCRIBER, FOLLOW_REDIRECTS, DECOMPRESS) "
+ + "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
ps = conn.prepareStatement(sql, new String[]{SUBID_COL});
ps.setInt(1, subid);
ps.setInt(2, feedid);
@@ -506,7 +490,6 @@ public class Subscription extends Syncable {
ps.setBoolean(11, isPrivilegedSubscriber());
ps.setInt(12, isFollowRedirect() ? 1 : 0);
ps.setBoolean(13, isDecompress());
- ps.setString(14, getAafInstance());
ps.execute();
ps.close();
// Update the row to set the URLs
@@ -630,9 +613,6 @@ public class Subscription extends Syncable {
if (suspended != os.suspended) {
return false;
}
- if (!aafInstance.equals(os.aafInstance)) {
- return false;
- }
return true;
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java
deleted file mode 100644
index 57bc84bd..00000000
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * Copyright (C) 2019 Nordix Foundation.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.datarouter.provisioning.utils;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import org.onap.aaf.cadi.PropAccess;
-
-public class AafPropsUtils {
-
- private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(AafPropsUtils.class);
-
- public static final String KEYSTORE_TYPE_PROPERTY = "PKCS12";
- public static final String TRUESTSTORE_TYPE_PROPERTY = "jks";
- private static final String KEYSTORE_PATH_PROPERTY = "cadi_keystore";
- private static final String KEYSTORE_PASS_PROPERTY = "cadi_keystore_password_p12";
- private static final String TRUSTSTORE_PATH_PROPERTY = "cadi_truststore";
- private static final String TRUSTSTORE_PASS_PROPERTY = "cadi_truststore_password";
-
- private final PropAccess propAccess;
-
- public AafPropsUtils(File propsFile) throws IOException {
- propAccess = new PropAccess();
- try {
- propAccess.load(new FileInputStream(propsFile));
- } catch (IOException e) {
- eelfLogger.error("Failed to load props file: " + propsFile + "\n" + e.getMessage(), e);
- throw e;
- }
- }
-
- private String decryptedPass(String password) {
- String decryptedPass = null;
- try {
- decryptedPass = propAccess.decrypt(password, false);
- } catch (IOException e) {
- eelfLogger.error("Failed to decrypt " + password + " : " + e.getMessage(), e);
- }
- return decryptedPass;
- }
-
- public PropAccess getPropAccess() {
- return propAccess;
- }
-
- public String getKeystorePathProperty() {
- return propAccess.getProperty(KEYSTORE_PATH_PROPERTY);
- }
-
- public String getKeystorePassProperty() {
- return decryptedPass(propAccess.getProperty(KEYSTORE_PASS_PROPERTY));
- }
-
- public String getTruststorePathProperty() {
- return propAccess.getProperty(TRUSTSTORE_PATH_PROPERTY);
- }
-
- public String getTruststorePassProperty() {
- return decryptedPass(propAccess.getProperty(TRUSTSTORE_PASS_PROPERTY));
- }
-
-}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java
index c614c0ba..a0ece41a 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java
@@ -108,6 +108,7 @@ public class DRRouteCLI {
private int width = 120; // screen width (for list)
private AbstractHttpClient httpclient;
+ @SuppressWarnings("deprecation")
/**
* Create a DRRouteCLI object connecting to the specified server.
*
@@ -117,20 +118,18 @@ public class DRRouteCLI {
public DRRouteCLI(String server) throws Exception {
this.server = server;
this.httpclient = new DefaultHttpClient();
- AafPropsUtils aafPropsUtils = null;
+ ProvTlsManager provTlsManager = null;
Properties provProperties = ProvRunner.getProvProperties();
try {
- aafPropsUtils = new AafPropsUtils(new File(provProperties.getProperty(
- "org.onap.dmaap.datarouter.provserver.aafprops.path",
- "/opt/app/osaaf/local/org.onap.dmaap-dr.props")));
- } catch (IOException e) {
- intlogger.error("NODE0314 Failed to load AAF props. Exiting", e);
+ provTlsManager = new ProvTlsManager(provProperties, false);
+ } catch (Exception e) {
+ intlogger.error("NODE0314 Failed to load TLS config. Exiting", e);
exit(1);
}
- String truststoreFile = aafPropsUtils.getTruststorePathProperty();
- String truststorePw = aafPropsUtils.getTruststorePassProperty();
+ String truststoreFile = provTlsManager.getTrustStoreFile();
+ String truststorePw = provTlsManager.getTrustStorePassword();
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
if (truststoreFile == null || truststoreFile.equals("")) {
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java
new file mode 100644
index 00000000..4cf59066
--- /dev/null
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvTlsManager.java
@@ -0,0 +1,162 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2022 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.datarouter.provisioning.utils;
+
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Properties;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+public class ProvTlsManager {
+
+ private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(ProvTlsManager.class);
+
+ private final String keyStoreType;
+ private final String keyStorefile;
+ private final String keyStorePassword;
+ private final String keyManagerPassword;
+ private KeyStore keyStore;
+
+ private final String trustStoreType;
+ private final String trustStoreFile;
+ private final String trustStorePassword;
+ private KeyStore trustStore;
+
+ private final String[] enabledProtocols;
+
+ /**
+ * Utility class to handle Provisioning server SSL configuration
+ *
+ * @param properties DR provisioning server properties
+ * @throws Exception for any unrecoverable problem
+ */
+ public ProvTlsManager(Properties properties, boolean preLoadCerts) throws Exception {
+
+ keyStoreType = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystoretype", "PKCS12");
+ keyStorefile = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystorepath");
+ keyStorePassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystorepassword");
+ keyManagerPassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.keymanagerpassword");
+
+ trustStoreType = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststoretype", "jks");
+ trustStoreFile = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststorepath");
+ trustStorePassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststorepassword");
+
+ if (preLoadCerts) {
+ eelfLogger.debug("ProvTlsManager: Attempting to pre load certificate data from config.");
+ setUpKeyStore();
+ setUpTrustStore();
+ }
+
+ enabledProtocols = properties.getProperty(
+ "org.onap.dmaap.datarouter.provserver.https.include.protocols",
+ "TLSv1.1|TLSv1.2").trim().split("\\|");
+ }
+
+ /**
+ * Gets an SSLSocketFactory instance constructed using the relevant SSL properties
+ *
+ * @return SSLSocketFactory
+ * @throws KeyStoreException if SSL config is invalid
+ */
+ public SSLSocketFactory getSslSocketFactory()
+ throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+ eelfLogger.debug("ProvTlsManager.getSslSocketFactory: Setting up SSLSocketFactory");
+ if (this.trustStoreFile == null) {
+ eelfLogger.warn("Warning: No trust store available.");
+ return new SSLSocketFactory(this.keyStore, this.keyStorePassword);
+ }
+ return new SSLSocketFactory(this.keyStore, this.keyStorePassword, this.trustStore);
+ }
+
+ /**
+ * Gets an SslContextFactory.Server instance constructed using the relevant SSL properties
+ *
+ * @return SslContextFactory.Server
+ */
+ public SslContextFactory.Server getSslContextFactoryServer() {
+ eelfLogger.debug("ProvTlsManager.getSslContextFactoryServer: Setting up getSslContextFactoryServer");
+ SslContextFactory.Server sslContextFactoryServer = new SslContextFactory.Server();
+ sslContextFactoryServer.setKeyStoreType(this.keyStoreType);
+ sslContextFactoryServer.setKeyStorePath(this.keyStorefile);
+ sslContextFactoryServer.setKeyStorePassword(this.keyStorePassword);
+ sslContextFactoryServer.setKeyManagerPassword(this.keyManagerPassword);
+ if (this.trustStoreFile != null) {
+ sslContextFactoryServer.setTrustStoreType(this.trustStoreType);
+ sslContextFactoryServer.setTrustStorePath(this.trustStoreFile);
+ sslContextFactoryServer.setTrustStorePassword(this.trustStorePassword);
+ }
+ sslContextFactoryServer.setIncludeProtocols(this.enabledProtocols);
+ return sslContextFactoryServer;
+ }
+
+ /**
+ * Get the trust store file path from dr config
+ *
+ * @return String
+ */
+ public String getTrustStoreFile() {
+ return trustStoreFile;
+ }
+
+ /**
+ * Get the trust store password from dr config
+ *
+ * @return String
+ */
+ public String getTrustStorePassword() {
+ return trustStorePassword;
+ }
+
+ private void setUpKeyStore()
+ throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
+ eelfLogger.debug("ProvTlsManager.setUpKeyStore: Attempting to load keyStore {}", keyStorefile);
+ keyStore = readKeyStore(keyStorefile, keyStorePassword, keyStoreType);
+ }
+
+ private void setUpTrustStore()
+ throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
+ if (trustStoreFile != null && trustStorePassword != null) {
+ eelfLogger.debug("ProvTlsManager.setUpTrustStore: Attempting to load trustStore {}", trustStoreFile);
+ trustStore = readKeyStore(trustStoreFile, trustStorePassword, trustStoreType);
+ } else {
+ eelfLogger.warn("No truststore provided from properties. Skipping.");
+ }
+ }
+
+ private KeyStore readKeyStore(String keyStore, String pass, String type)
+ throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
+ eelfLogger.debug("ProvTlsManager.readKeyStore: Verifying load of keystore {}", keyStore);
+ KeyStore ks = KeyStore.getInstance(type);
+ try (FileInputStream stream = new FileInputStream(keyStore)) {
+ ks.load(stream, pass.toCharArray());
+ }
+ return ks;
+ }
+} \ No newline at end of file
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java
index ef282618..86c178a3 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java
@@ -140,33 +140,7 @@ public class SynchronizerTask extends TimerTask {
try (AbstractHttpClient hc = new DefaultHttpClient()) {
Scheme sch;
if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) {
- // Set up keystore
- String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY;
- String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty();
- String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty();
- KeyStore keyStore = KeyStore.getInstance(type);
- try (FileInputStream instream = new FileInputStream(store)) {
- keyStore.load(instream, pass.toCharArray());
-
- }
- // Set up truststore
- store = ProvRunner.getAafPropsUtils().getTruststorePathProperty();
- pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty();
- KeyStore trustStore = null;
- if (store != null && store.length() > 0) {
- trustStore = KeyStore.getInstance(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY);
- try (FileInputStream instream = new FileInputStream(store)) {
- trustStore.load(instream, pass.toCharArray());
-
- }
- }
- // We are connecting with the node name, but the certificate will have the CNAME
- // So we need to accept a non-matching certificate name
- String keystorepass = ProvRunner.getAafPropsUtils().getKeystorePassProperty();
- SSLSocketFactory socketFactory =
- (trustStore == null)
- ? new SSLSocketFactory(keyStore, keystorepass)
- : new SSLSocketFactory(keyStore, keystorepass, trustStore);
+ SSLSocketFactory socketFactory = ProvRunner.getProvTlsManager().getSslSocketFactory();
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sch = new Scheme("https", 443, socketFactory);
} else {
@@ -180,6 +154,7 @@ public class SynchronizerTask extends TimerTask {
} catch (Exception e) {
logger.warn("PROV5005: Problem starting the synchronizer: " + e);
}
+ logger.info("PROV5000: SynchronizerTask started");
}
private void setSynchTimer(String strInterval) {
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
index 89403488..a5eb4590 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
@@ -161,7 +161,8 @@ public class URLUtilities {
private static String getAppropriateUrlPort() {
if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) {
- return "";
+ return ":" + ProvRunner.getProvProperties()
+ .getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443");
}
return ":" + ProvRunner.getProvProperties()
.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080");
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props
deleted file mode 100644
index bb86e9d0..00000000
--- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props
+++ /dev/null
@@ -1,17 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# by root
-# on 2022-03-22T12:34:23.012+0000
-# @copyright 2019, AT&T
-############################################################
-Challenge=enc:v6yuDc_Lu1OgeFEthckOsa7R0XW6h0iZqUQXnw4CpstwzjmN0x9VOsf27um5fC5z
-cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org
-cadi_key_password=enc:CBXkw5IMQ8IeOhERa_oK4XcS1BsKy3T9BiZgAOIBqI46Nvy0USwgXCyOkTgVlJn7
-cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile
-cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr.p12
-cadi_keystore_password=enc:Qd78mq7KSyK4G-gmnA0YVrB4jpMLgMX_4jDmwkdkKpD-MmonHNXlDA0TzRd3oxWe
-cadi_keystore_password_jks=enc:GuyybAMtPX21LbCx_AXGnO7nz3NlPenZESuLVgrw-_cK55re75K4YOLYVzQswUYU
-cadi_keystore_password_p12=enc:Qd78mq7KSyK4G-gmnA0YVrB4jpMLgMX_4jDmwkdkKpD-MmonHNXlDA0TzRd3oxWe
-cadi_truststore=/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks
-cadi_truststore_password=enc:y10bIyzTHei-rxWnWgHUUFUD_9TfOBdxmIn6vEf0zsyZtWmeP8ZjFE1LoPn7Ri4g
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile
deleted file mode 100644
index 86092892..00000000
--- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-gf-I4kLSg98uxwCXpklt-W2Qfa0mFgvXDoQk_qsLs4uuLI9FmWkrdlgdqzEgISL1sf6SAhoXFXO4
-BSm8fSPPrjaFEQ-uZcho1bY63lG710ZLh7vf0Bc7WPieRXesloH07CRXXjUdTkXXU8qTP6Ufru16
-mbGODzcZ-Ygm2GLVbkLk7953CJYIvuYT0M3ggrDr51eOalpgwXA1uO2DCTmY_fyqFNpZbLEtcYAx
-EEBkbaT0KhKwSfXfPINjpfCVMNBr3eK2m75RFJzTmA4Nq_WFgQQBUJkYu6EaWR8xwKEnX3brIFN-
-uY8Xk-Wxh8hhqNQWSxaSa_w6BfbP5CwUpIk9Ex1v_gCa63NIy4WzoRxOHKuCQAS26vLJFxTTNOlP
-d_DVC0gmvL-q8VnedNVSsRw1zuDOtOzKg3iUbTjopba3YryelxwL2xUJzkxv8RiOVvTCdZ34lPP0
-vQCaGJYg52OKOCMaIs4e6bqfCFMT4nlbad--mPeZGS3X5pJ0xSAMRa8L2_ksHbTOvcjOlCvmWNDK
-puP22sdegP-mV6Ygm30Gyn7TnUodDA3bzIiA70zrkrlt8pBMhKmCbmWvGfjItoRnfGwtlsm1OU73
-Jst8pQ_mvCK486UoH4Lui1kNBTqAJIrzYT_m-MrL6w9lx7Lu-ZG0HqdDVO4zB06WTyCXT-I2r-XS
-F9ddoQ3GOUMA4kIckEeEVYfZiVaoPeizNwynSLHZDA3Xztc-kz7HEqdUCypM5pM32qGN-z4Gzbh0
-K4GO7_cGyctMGNY5za3iANK3BBBx9d3G3XKuCH2EDF9aj_kFarMaJjTHwn9-OAeD2GXtdYQqarod
-4Yw11CD8JjyF6PdYstTh9t5_iK3pZjFaLMBPlLFN_tDu_5zsVagJjM7nMjfn8iWH5o3rj7WAIqBC
-NoxZhIRUVpEmDKkhsnq9i9gdjoiKjrNwEsswX2vGsXEAf1vTXH2YsgraTjEhlW0cIb4PBLd4YoSE
-AW3MXhwu5rYFgGooHyB99OKZOX6-5Y44fA0TE0ypn8HZ5oVrERCHVHNXsiXg1pRjTHjoIYUFoSQQ
-lT8eVUo5MUxQ0SVKUi03wA7EduWrwvuD_KyLeNnvECj6IDuK7qiqH86UV7AyQhwjSZPj4N3KIlvD
-VJNLmt6s8b6SLZpO23P-ZceFEIIYG7E1IGmo2s5VkWTNTkvqD7blxoOsfBIxb-SjttnMtbKCcXPj
-aKMC1oqr5xLsvtg9XDKKXt4kELElRBiKtrud8t7qqYMfC-q6lIddmG8x_196qsYiErKd9mLyDT2H
-DG9wmz3dDds_bUnXA7_-LsriDI4t_fAqAKnvR8tLi9DjhU1g9yjlGuKn4yd3y8aK-UFFfBi1AKxA
-WoxSt2Omw_sl9Jc6bzoZ2_NHPZz7IaDhSu1imAAcAms4SIr3g-MnBffVpxarrXYsoaxurMRMoqLx
-r0DyV1Y9IZSwo-xsWk42CxrvEF31AmFWewI0ykA8bZ-zpWux3z7BfbKDqxglg3Lp5uIfVFHamds3
-ya-KMBCtaSgiJ9fB7Q183Lt0tMxrOLe3hln55I4SRgHT5blh1LEznIigIfhFEOo514JEdctkVrDS
-bDSbCO-yZE_0BcznTsjoyImwObeVRbDDu0feM9uGs4fL7zwVCbzEurGU2js-0o0rcyDiv30tsL5S
-LaxA-xz7x5HO4JAd7BeaeF4-v0-IeLKPH4HzYk0g1PKskZaZHMWBWSPaJWin68ahh9Eh44xSjsCW
-TUcoddf4-5HZS_RWlrLvbnfbEBAm7Ikbno1zLJz7_H3tmLKv2axkGEu-YWIAffb7xMzG0T9m6S3B
-Iz1jWxtJ41gTE5kGFmaezDeUGPrioaqOq0bCq6DStQMc_5kcKAIg6GffOX75ZvagC2E6E_B58AGU
-iVDzz_yi4Xcssf2jN-MIiHes0HsMQILrLAu1PLZh9qOIGOnVgLdwr0o5CGsg0h7Bxxl6jFQubwAZ
-rc2foRg7arAcRHYasoC34f9pH0hfBzHfTGg5S7bWU6mDaldpWS8Na0EoCoFoZATkdzG77w6c \ No newline at end of file
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props
deleted file mode 100644
index eef8aac6..00000000
--- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props
+++ /dev/null
@@ -1,8 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# by root
-# on 2022-03-22T12:34:21.359+0000
-# @copyright 2019, AT&T
-############################################################
-cadi_latitude=38.0
-cadi_longitude=-72.0
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12
deleted file mode 100644
index 69948c25..00000000
--- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12
+++ /dev/null
Binary files differ
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props
deleted file mode 100644
index a392a489..00000000
--- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props
+++ /dev/null
@@ -1,24 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# by root
-# on 2022-03-22T12:34:21.357+0000
-# @copyright 2019, AT&T
-############################################################
-aaf_env=DEV
-aaf_id=dmaap-dr-prov@dmaap-dr.onap.org
-aaf_locate_url=https://aaf-locate.onap:8095
-aaf_locator_app_ns=org.osaaf.aaf
-aaf_locator_container=oom
-aaf_locator_container_ns=onap
-aaf_locator_fqdn=dmaap-dr-prov
-aaf_locator_public_fqdn=aaf.osaaf.org
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token
-aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1
-aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1
-aaf_url_hello=https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.hello:2.1
-aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1
-cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-dr.location.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props
-cadi_protocols=TLSv1.1,TLSv1.2
diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks
deleted file mode 100644
index 3666b965..00000000
--- a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks
+++ /dev/null
Binary files differ
diff --git a/datarouter-prov/src/main/resources/misc/sql_init_01.sql b/datarouter-prov/src/main/resources/misc/sql_init_01.sql
index a1980d29..17884f66 100755
--- a/datarouter-prov/src/main/resources/misc/sql_init_01.sql
+++ b/datarouter-prov/src/main/resources/misc/sql_init_01.sql
@@ -14,8 +14,7 @@ CREATE TABLE FEEDS (
DELETED BOOLEAN DEFAULT FALSE,
LAST_MOD TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
SUSPENDED BOOLEAN DEFAULT FALSE,
- CREATED_DATE TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
- AAF_INSTANCE VARCHAR(256)
+ CREATED_DATE TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE FEED_ENDPOINT_IDS (
@@ -46,9 +45,7 @@ CREATE TABLE SUBSCRIPTIONS (
SUSPENDED BOOLEAN DEFAULT FALSE,
PRIVILEGED_SUBSCRIBER BOOLEAN DEFAULT FALSE,
CREATED_DATE TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
- DECOMPRESS BOOLEAN DEFAULT FALSE,
- AAF_INSTANCE VARCHAR(256)
-
+ DECOMPRESS BOOLEAN DEFAULT FALSE
);
CREATE TABLE PARAMETERS (
@@ -145,6 +142,6 @@ INSERT INTO PARAMETERS VALUES
('PROV_MAXFEED_COUNT', '10000'),
('PROV_MAXSUB_COUNT', '100000'),
('PROV_REQUIRE_CERT', 'false'),
- ('PROV_REQUIRE_SECURE', 'true'),
+ ('PROV_REQUIRE_SECURE', 'false'),
('_INT_VALUES', 'LOGROLL_INTERVAL|PROV_MAXFEED_COUNT|PROV_MAXSUB_COUNT|DELIVERY_INIT_RETRY_INTERVAL|DELIVERY_MAX_RETRY_INTERVAL|DELIVERY_RETRY_RATIO|DELIVERY_MAX_AGE|DELIVERY_FILE_PROCESS_INTERVAL')
; \ No newline at end of file
diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties
index 66d4e6c4..25824988 100755
--- a/datarouter-prov/src/main/resources/provserver.properties
+++ b/datarouter-prov/src/main/resources/provserver.properties
@@ -31,12 +31,17 @@ org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spoo
org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
org.onap.dmaap.datarouter.provserver.logretention = 30
-org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props
org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
-
-org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-
org.onap.dmaap.datarouter.provserver.tlsenabled = false
+# If tlsenabled is true, the following keystore info must be set
+org.onap.dmaap.datarouter.provserver.keystoretype = PKCS12
+org.onap.dmaap.datarouter.provserver.keystorepath = /opt/app/datartr/certs/org.onap.dmaap-dr-prov.p12
+org.onap.dmaap.datarouter.provserver.keystorepassword = secret
+org.onap.dmaap.datarouter.provserver.keymanagerpassword = secret
+org.onap.dmaap.datarouter.provserver.truststoretype = jks
+org.onap.dmaap.datarouter.provserver.truststorepath = /opt/app/datartr/certs/truststore.jks
+org.onap.dmaap.datarouter.provserver.truststorepassword = secret
+
org.onap.dmaap.datarouter.nodeserver.https.port = 8443
org.onap.dmaap.datarouter.nodeserver.http.port = 8080