diff options
48 files changed, 430 insertions, 472 deletions
@@ -1,105 +1,103 @@ # DMAAP_DATAROUTER
-
+
## OVERVIEW
-
-The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require.
+
+The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require.
The delivery of data from these kinds of production systems is the domain of the Data Routing System. Its primary goal is to make it easier to move data from existing applications that may not have been designed from the ground up to share data.
The Data Routing System is different from many existing platforms for distributing messages from producers to consumers which focus on real-time delivery of small messages (on the order of a few kilobytes or so) for more
Provisioning is implemented as a Java servlet running under Jetty in one JVM
-
+
Provisioning data is stored in a MariaDB database
-
+
The backup provisioning server and each node is informed any time provisioning data changes
-
+
The backup provisioning server and each node may request the complete set of provisioning data at any time
-
+
A Node is implemented as a Java servlet running under Jetty in one JVM
Assumptions
For 95% of all feeds (there will be some exceptions):
-
+
Number of Publishing Endpoints per Feed: 1 – 10
-
+
Number of Subscribers per Feed: 2 – 10
-
+
File Size: 105 – 1010 bytes
-
+
with a distribution towards the high end
-
+
Frequency of Publishing: 1/day – 10/minute
-
+
Lifetime of a Feed: months to years
-
+
Lifetime of a Subscription: months to years
-
-
+
+
Data Router and Sensitive Data Handling
-
+
A publisher of a Data Router feed of sensitive (e.g., PCI, SPI, etc.) data needs to encrypt that data prior to delivering it to the Data Router
-
+
The Data Router will distribute that data to all of the subscribers of that feed.
-
+
Data Router does not examine the Feed content or enforce any restrictions or Validations on the Feed Content in any way
-
+
It is the responsibility of the subscribers to work with the publisher to determine how to decrypt that data
-
-
+
+
What the Data Router is NOT:
Does not support streaming data
-
+
Does not tightly couple to any specific publish endpoint or subscriber
-
+
Agnostic as to source and sink of data residing in an RDBMS, NoSQL DB, Other DBMS, Flat Files, etc.
-
+
Does not transform any published data
-
+
Does not “examine” any published data
-
+
Does not verify the integrity of a published file
-
+
Does not perform any data “cleansing”
-
+
Does not store feeds (not a repository or archive)
-
+
There is no long-term storage – assumes subscribers are responsive most of the time
-
+
Does not encrypt data when queued on a node
-
+
Does not provide guaranteed order of delivery
-
+
Per-file metadata can be used for ordering
-
- External customers supported is via DITREX (MOTS 18274)
-
-
-
-## BUILD
-
-Datarouter can be cloned and repository and builb using Maven
-In the repository
+
+
+
+## BUILD
+
+Datarouter can be cloned and repository and builb using Maven
+In the repository
Go to datarouter-prov in the root
mvn clean install
-
+
Go to datarouter-node in the root
mvn clean install
-
+
Project Build will be Successful
-## RUN
+## RUN
-Datarouter is a Unix based service
+Datarouter is a Unix based service
Pre-requisites to run the service
@@ -111,39 +109,39 @@ Install MariaDB and load needed table into the database Sample sql_init_01.sql is provided in the datarouter-prov/src/main/resources/misc
-Go to datarouter-prov module and run the service using main.java
-
-Go to datarouter-node module and run the service using nodemain.java
+Go to datarouter-prov module and run the service using main.java
+
+Go to datarouter-node module and run the service using nodemain.java
Curl Commands to test:
create a feed:
-curl -v -X POST -H "Content-Type : application/vnd.att-dr.feed" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://prov.datarouternew.com:8443
+curl -v -X POST -H "Content-Type : application/vnd.att-dr.feed" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://dmaap-dr-prov:8443
Subscribe to feed:
-curl -v -X POST -H "Content-Type: application/vnd.att-dr.subscription" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addSubscriber.txt --post301 --location-trusted -k https://prov.datarouternew.com:8443/subscribe/1
+curl -v -X POST -H "Content-Type: application/vnd.att-dr.subscription" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addSubscriber.txt --post301 --location-trusted -k https://dmaap-dr-prov:8443/subscribe/1
Publish to feed:
-curl -v -X PUT --user rs873m:rs873m -H "Content-Type: application/octet-stream" --data-binary @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://prov.datarouternew.com:8443/publish/1/test1
+curl -v -X PUT --user rs873m:rs873m -H "Content-Type: application/octet-stream" --data-binary @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://dmaap-dr-prov:8443/publish/1/test1
+
-
- ## CONFIGURATION
+ ## CONFIGURATION
-Recommended
+Recommended
Environment - Unix based
Java - 1.8
-Maven - 3.2.5
+Maven - 3.2.5
MariaDB - 10.2.14
Self Signed SSL certificates
-
-
+
+
diff --git a/datarouter-node/aaf_certs/org.onap.dmaap-dr.jks b/datarouter-node/aaf_certs/org.onap.dmaap-dr.jks Binary files differnew file mode 100644 index 00000000..4529cccb --- /dev/null +++ b/datarouter-node/aaf_certs/org.onap.dmaap-dr.jks diff --git a/datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks b/datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks Binary files differnew file mode 100644 index 00000000..096fbb26 --- /dev/null +++ b/datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks diff --git a/datarouter-node/pom.xml b/datarouter-node/pom.xml index c6bd3e94..18743db8 100755 --- a/datarouter-node/pom.xml +++ b/datarouter-node/pom.xml @@ -376,10 +376,10 @@ <goal>copy-resources</goal> </goals> <configuration> - <outputDirectory>${basedir}/target/opt/app/datartr/self_signed</outputDirectory> + <outputDirectory>${basedir}/target/opt/app/datartr/aaf_certs</outputDirectory> <resources> <resource> - <directory>${basedir}/self_signed</directory> + <directory>${basedir}/aaf_certs</directory> <includes> <include>misc/**</include> <include>**/**</include> diff --git a/datarouter-node/self_signed/cacerts.jks b/datarouter-node/self_signed/cacerts.jks Binary files differdeleted file mode 100644 index dfd81433..00000000 --- a/datarouter-node/self_signed/cacerts.jks +++ /dev/null diff --git a/datarouter-node/self_signed/keystore.jks b/datarouter-node/self_signed/keystore.jks Binary files differdeleted file mode 100644 index e5a4e781..00000000 --- a/datarouter-node/self_signed/keystore.jks +++ /dev/null diff --git a/datarouter-node/self_signed/mykey.cer b/datarouter-node/self_signed/mykey.cer Binary files differdeleted file mode 100644 index 2a5c9d70..00000000 --- a/datarouter-node/self_signed/mykey.cer +++ /dev/null diff --git a/datarouter-node/self_signed/nodekey.cer b/datarouter-node/self_signed/nodekey.cer Binary files differdeleted file mode 100644 index 4cdfdfe3..00000000 --- a/datarouter-node/self_signed/nodekey.cer +++ /dev/null diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java index 375a38e3..2c013ca5 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java @@ -28,26 +28,30 @@ import static com.att.eelf.configuration.Configuration.MDC_SERVER_FQDN; import static com.att.eelf.configuration.Configuration.MDC_SERVER_IP_ADDRESS; import static com.att.eelf.configuration.Configuration.MDC_SERVICE_NAME; -import java.security.*; -import java.io.*; -import java.util.*; -import java.security.cert.*; -import java.net.*; -import java.text.*; - +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.InetAddress; +import java.security.KeyStore; +import java.security.MessageDigest; +import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Enumeration; +import java.util.TimeZone; import org.apache.commons.codec.binary.Base64; import org.apache.log4j.Logger; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; import org.slf4j.MDC; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - /** * Utility functions for the data router node */ public class NodeUtils { - private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.node.NodeUtils"); + + private static EELFLogger eelfLogger = EELFManager.getInstance() + .getLogger("org.onap.dmaap.datarouter.node.NodeUtils"); private static Logger nodeUtilsLogger = Logger.getLogger("org.onap.dmaap.datarouter.node.NodeUtils"); private static SimpleDateFormat logDate; @@ -72,7 +76,7 @@ public class NodeUtils { /** * Given a user and password, generate the credentials * - * @param user User name + * @param user User name * @param password User password * @return Authorization header value */ @@ -96,13 +100,15 @@ public class NodeUtils { md.update(key.getBytes()); return (getAuthHdr(node, base64Encode(md.digest()))); } catch (Exception exception) { - nodeUtilsLogger.error("Exception in generating Credentials for given node name:= " + exception.toString(), exception); + nodeUtilsLogger + .error("Exception in generating Credentials for given node name:= " + exception.toString(), exception); return (null); } } /** - * Given a keystore file and its password, return the value of the CN of the first private key entry with a certificate. + * Given a keystore file and its password, return the value of the CN of the first private key entry with a + * certificate. * * @param kstype The type of keystore * @param ksfile The file name of the keystore @@ -110,15 +116,16 @@ public class NodeUtils { * @return CN of the certificate subject or null */ public static String getCanonicalName(String kstype, String ksfile, String kspass) { - KeyStore ks=null; + KeyStore ks; try { ks = KeyStore.getInstance(kstype); - try(FileInputStream fileInputStream=new FileInputStream(ksfile)) { + try (FileInputStream fileInputStream = new FileInputStream(ksfile)) { ks.load(fileInputStream, kspass.toCharArray()); + } catch (IOException ioException) { + nodeUtilsLogger.error("IOException occurred while opening FileInputStream: " + ioException.getMessage(), + ioException); + return (null); } - } catch(IOException ioException) { - nodeUtilsLogger.error("Exception occurred while opening FileInputStream",ioException); - return (null); } catch (Exception e) { setIpAndFqdnForEelf("getCanonicalName"); eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_LOAD_ERROR, ksfile, e.toString()); @@ -147,7 +154,7 @@ public class NodeUtils { if (parts.length < 1) { return (null); } - subject = parts[0].trim(); + subject = parts[5].trim(); if (!subject.startsWith("CN=")) { return (null); @@ -172,7 +179,8 @@ public class NodeUtils { try { return (InetAddress.getByName(ip).getAddress()); } catch (Exception exception) { - nodeUtilsLogger.error("Exception in generating byte array for given IP address := " + exception.toString(), exception); + nodeUtilsLogger + .error("Exception in generating byte array for given IP address := " + exception.toString(), exception); } return (null); } @@ -202,7 +210,8 @@ public class NodeUtils { } /** - * Escape fields that might contain vertical bar, backslash, or newline by replacing them with backslash p, backslash e and backslash n. + * Escape fields that might contain vertical bar, backslash, or newline by replacing them with backslash p, + * backslash e and backslash n. */ public static String loge(String s) { if (s == null) { @@ -246,7 +255,8 @@ public class NodeUtils { MDC.put(MDC_SERVER_FQDN, InetAddress.getLocalHost().getHostName()); MDC.put(MDC_SERVER_IP_ADDRESS, InetAddress.getLocalHost().getHostAddress()); } catch (Exception exception) { - nodeUtilsLogger.error("Exception in generating byte array for given IP address := " + exception.toString(), exception); + nodeUtilsLogger + .error("Exception in generating byte array for given IP address := " + exception.toString(), exception); } } diff --git a/datarouter-node/src/main/resources/misc/node.properties b/datarouter-node/src/main/resources/misc/node.properties deleted file mode 100644 index fc707413..00000000 --- a/datarouter-node/src/main/resources/misc/node.properties +++ /dev/null @@ -1,111 +0,0 @@ -#-------------------------------------------------------------------------------
-# ============LICENSE_START==================================================
-# * org.onap.dmaap
-# * ===========================================================================
-# * Copyright 2017 AT&T Intellectual Property. All rights reserved.
-# * ===========================================================================
-# * Licensed under the Apache License, Version 2.0 (the "License");
-# * you may not use this file except in compliance with the License.
-# * You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-# * ============LICENSE_END====================================================
-# *
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
-# *
-#-------------------------------------------------------------------------------
-#
-# Configuration parameters fixed at startup for the DataRouter node
-#
-# URL to retrieve dynamic configuration
-#
-#ProvisioningURL: ${DRTR_PROV_INTURL}
-ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov
-
-#
-# URL to upload PUB/DEL/EXP logs
-#
-#LogUploadURL: ${DRTR_LOG_URL}
-LogUploadURL=https://prov.datarouternew.com:8443/internal/logs
-
-#
-# The port number for http as seen within the server
-#
-#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort=8080
-#
-# The port number for https as seen within the server
-#
-IntHttpsPort=8443
-#
-# The external port number for https taking port mapping into account
-#
-ExtHttpsPort=443
-#
-# The minimum interval between fetches of the dynamic configuration
-# from the provisioning server
-#
-MinProvFetchInterval=10000
-#
-# The minimum interval between saves of the redirection data file
-#
-MinRedirSaveInterval=10000
-#
-# The path to the directory where log files are stored
-#
-LogDir=/opt/app/datartr/logs
-#
-# The retention interval (in days) for log files
-#
-LogRetention=30
-#
-# The path to the directories where data and meta data files are stored
-#
-SpoolDir=/opt/app/datartr/spool
-#
-# The path to the redirection data file
-#
-#RedirectionFile: etc/redirections.dat
-#
-# The type of keystore for https
-KeyStoreType: jks
-#
-# The path to the keystore for https
-#
-KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks
-#
-# The password for the https keystore
-#
-KeyStorePassword=changeit
-#
-# The password for the private key in the https keystore
-#
-KeyPassword=changeit
-#
-# The type of truststore for https
-#
-TrustStoreType=jks
-#
-# The path to the truststore for https
-#
-#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
-TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks
-#
-# The password for the https truststore
-#
-TrustStorePassword=changeit
-#
-# The path to the file used to trigger an orderly shutdown
-#
-QuiesceFile=etc/SHUTDOWN
-#
-# The key used to generate passwords for node to node transfers
-#
-NodeAuthKey=Node123!
-
diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties index 411cc2b9..de38cb6f 100644 --- a/datarouter-node/src/main/resources/node.properties +++ b/datarouter-node/src/main/resources/node.properties @@ -1,112 +1,111 @@ -#-------------------------------------------------------------------------------
-# ============LICENSE_START==================================================
-# * org.onap.dmaap
-# * ===========================================================================
-# * Copyright 2017 AT&T Intellectual Property. All rights reserved.
-# * ===========================================================================
-# * Licensed under the Apache License, Version 2.0 (the "License");
-# * you may not use this file except in compliance with the License.
-# * You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-# * ============LICENSE_END====================================================
-# *
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
-# *
-#-------------------------------------------------------------------------------
-#
-# Configuration parameters fixed at startup for the DataRouter node
-#
-# URL to retrieve dynamic configuration
-#
-#ProvisioningURL: ${DRTR_PROV_INTURL}
-ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov
-
-#
-# URL to upload PUB/DEL/EXP logs
-#
-#LogUploadURL: ${DRTR_LOG_URL}
-LogUploadURL=https://prov.datarouternew.com:8443/internal/logs
-
-#
-# The port number for http as seen within the server
-#
-#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort=8080
-#
-# The port number for https as seen within the server
-#
-IntHttpsPort=8443
-#
-# The external port number for https taking port mapping into account
-#
-ExtHttpsPort=443
-#
-# The minimum interval between fetches of the dynamic configuration
-# from the provisioning server
-#
-MinProvFetchInterval=10000
-#
-# The minimum interval between saves of the redirection data file
-#
-MinRedirSaveInterval=10000
-#
-# The path to the directory where log files are stored
-#
-LogDir=/opt/app/datartr/logs
-#
-# The retention interval (in days) for log files
-#
-LogRetention=30
-#
-# The path to the directories where data and meta data files are stored
-#
-SpoolDir=/opt/app/datartr/spool
-#
-# The path to the redirection data file
-#
-#RedirectionFile: etc/redirections.dat
-#
-# The type of keystore for https
-#
-KeyStoreType: jks
-#
-# The path to the keystore for https
-#
-KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks
-#
-# The password for the https keystore
-#
-KeyStorePassword=changeit
-#
-# The password for the private key in the https keystore
-#
-KeyPassword=changeit
-#
-# The type of truststore for https
-#
-TrustStoreType=jks
-#
-# The path to the truststore for https
-#
-#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
-TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks
-#
-# The password for the https truststore
-#
-TrustStorePassword=changeit
-#
-# The path to the file used to trigger an orderly shutdown
-#
-QuiesceFile=etc/SHUTDOWN
-#
-# The key used to generate passwords for node to node transfers
-#
-NodeAuthKey=Node123!
-
+#------------------------------------------------------------------------------- +# ============LICENSE_START================================================== +# * org.onap.dmaap +# * =========================================================================== +# * Copyright 2017 AT&T Intellectual Property. All rights reserved. +# * =========================================================================== +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * ============LICENSE_END==================================================== +# * +# * ECOMP is a trademark and service mark of AT&T Intellectual Property. +# * +#------------------------------------------------------------------------------- +# +# Configuration parameters fixed at startup for the DataRouter node +# +# URL to retrieve dynamic configuration +# +#ProvisioningURL: ${DRTR_PROV_INTURL} +ProvisioningURL=https://dmaap-dr-prov:8443/internal/prov + +# +# URL to upload PUB/DEL/EXP logs +# +#LogUploadURL: ${DRTR_LOG_URL} +LogUploadURL=https://dmaap-dr-prov:8443/internal/logs + +# +# The port number for http as seen within the server +# +#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} +IntHttpPort=8080 +# +# The port number for https as seen within the server +# +IntHttpsPort=8443 +# +# The external port number for https taking port mapping into account +# +ExtHttpsPort=443 +# +# The minimum interval between fetches of the dynamic configuration +# from the provisioning server +# +MinProvFetchInterval=10000 +# +# The minimum interval between saves of the redirection data file +# +MinRedirSaveInterval=10000 +# +# The path to the directory where log files are stored +# +LogDir=/opt/app/datartr/logs +# +# The retention interval (in days) for log files +# +LogRetention=30 +# +# The path to the directories where data and meta data files are stored +# +SpoolDir=/opt/app/datartr/spool +# +# The path to the redirection data file +# +#RedirectionFile: etc/redirections.dat +# +# The type of keystore for https +KeyStoreType: jks +# +# The path to the keystore for https +# +KeyStoreFile:/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks +# +# The password for the https keystore +# +KeyStorePassword=4*&GD+w58RUM]01No.CYY;z6 +# +# The password for the private key in the https keystore +# +KeyPassword=4*&GD+w58RUM]01No.CYY;z6 +# +# The type of truststore for https +# +TrustStoreType=jks +# +# The path to the truststore for https +# +#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts +TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks +# +# The password for the https truststore +# +TrustStorePassword=UDXlT6Iu[F)k,Htk92+B,0Xj +# +# The path to the file used to trigger an orderly shutdown +# +QuiesceFile=etc/SHUTDOWN +# +# The key used to generate passwords for node to node transfers +# +NodeAuthKey=Node123! + diff --git a/datarouter-prov/aaf_certs/org.onap.dmaap-dr.jks b/datarouter-prov/aaf_certs/org.onap.dmaap-dr.jks Binary files differnew file mode 100755 index 00000000..155991ab --- /dev/null +++ b/datarouter-prov/aaf_certs/org.onap.dmaap-dr.jks diff --git a/datarouter-prov/aaf_certs/org.onap.dmaap-dr.trust.jks b/datarouter-prov/aaf_certs/org.onap.dmaap-dr.trust.jks Binary files differnew file mode 100755 index 00000000..c8f9ee66 --- /dev/null +++ b/datarouter-prov/aaf_certs/org.onap.dmaap-dr.trust.jks diff --git a/datarouter-prov/pom.xml b/datarouter-prov/pom.xml index a970f715..84731413 100755 --- a/datarouter-prov/pom.xml +++ b/datarouter-prov/pom.xml @@ -426,10 +426,10 @@ <goal>copy-resources</goal>
</goals>
<configuration>
- <outputDirectory>${basedir}/target/opt/app/datartr/self_signed</outputDirectory>
+ <outputDirectory>${basedir}/target/opt/app/datartr/aaf_certs</outputDirectory>
<resources>
<resource>
- <directory>${basedir}/self_signed</directory>
+ <directory>${basedir}/aaf_certs</directory>
<includes>
<include>misc/**</include>
<include>**/**</include>
diff --git a/datarouter-prov/self_signed/cacerts.jks b/datarouter-prov/self_signed/cacerts.jks Binary files differdeleted file mode 100644 index 76a480ad..00000000 --- a/datarouter-prov/self_signed/cacerts.jks +++ /dev/null diff --git a/datarouter-prov/self_signed/keystore.jks b/datarouter-prov/self_signed/keystore.jks Binary files differdeleted file mode 100644 index 2c22b4ac..00000000 --- a/datarouter-prov/self_signed/keystore.jks +++ /dev/null diff --git a/datarouter-prov/self_signed/mykey.cer b/datarouter-prov/self_signed/mykey.cer Binary files differdeleted file mode 100644 index 2a5c9d70..00000000 --- a/datarouter-prov/self_signed/mykey.cer +++ /dev/null diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index 412e1322..047043b1 100644..100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -319,7 +319,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { * @return an error string, or null if all is OK */ String isAuthorizedForProvisioning(HttpServletRequest request) { - if (Boolean.parseBoolean(isAddressAuthEnabled)) { + if (!Boolean.parseBoolean(isAddressAuthEnabled)) { return null; } // Is the request https? @@ -369,7 +369,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { boolean isAuthorizedForInternal(HttpServletRequest request) { try { - if (Boolean.parseBoolean(isAddressAuthEnabled)) { + if (!Boolean.parseBoolean(isAddressAuthEnabled)) { return true; } InetAddress ip = InetAddress.getByName(request.getRemoteAddr()); @@ -492,9 +492,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { // Normalize the nodes, and fill in nodeAddresses InetAddress[] na = new InetAddress[nodes.length]; for (int i = 0; i < nodes.length; i++) { - if (nodes[i].indexOf('.') < 0) { - nodes[i] += "." + provDomain; - } try { na[i] = InetAddress.getByName(nodes[i]); intlogger.debug("PROV0003 DNS lookup: " + nodes[i] + " => " + na[i].toString()); @@ -520,9 +517,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { String[] pods = getPods(); na = new InetAddress[pods.length]; for (int i = 0; i < pods.length; i++) { - if (pods[i].indexOf('.') < 0) { - pods[i] += "." + provDomain; - } try { na[i] = InetAddress.getByName(pods[i]); intlogger.debug("PROV0003 DNS lookup: " + pods[i] + " => " + na[i].toString()); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java index 87979be6..800bd9af 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java @@ -185,8 +185,6 @@ public class Main { sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE); sslContextFactory.setTrustStorePassword("changeit"); } - sslContextFactory.setTrustStorePath("/opt/app/datartr/self_signed/cacerts.jks"); - sslContextFactory.setTrustStorePassword("changeit"); sslContextFactory.setWantClientAuth(true); // Servlet and Filter configuration diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java index c560299a..8d6bfcf0 100644..100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java @@ -35,12 +35,10 @@ import java.security.KeyStoreException; import java.util.Collections; import java.util.List; import java.util.Properties; - import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.apache.commons.io.IOUtils; import org.apache.http.Header; import org.apache.http.HttpEntity; @@ -57,16 +55,16 @@ import org.onap.dmaap.datarouter.provisioning.utils.DB; import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities; /** - * This class is the base class for those servlets that need to proxy their requests from the - * standby to active server. Its methods perform the proxy function to the active server. If the - * active server is not reachable, a 503 (SC_SERVICE_UNAVAILABLE) is returned. Only - * DELETE/GET/PUT/POST are supported. + * This class is the base class for those servlets that need to proxy their requests from the standby to active server. + * Its methods perform the proxy function to the active server. If the active server is not reachable, a 503 + * (SC_SERVICE_UNAVAILABLE) is returned. Only DELETE/GET/PUT/POST are supported. * * @author Robert Eby * @version $Id: ProxyServlet.java,v 1.3 2014/03/24 18:47:10 eby Exp $ */ @SuppressWarnings("serial") public class ProxyServlet extends BaseServlet { + private boolean inited = false; private Scheme sch; @@ -80,13 +78,13 @@ public class ProxyServlet extends BaseServlet { try { // Set up keystore Properties props = (new DB()).getProperties(); - String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks"); + String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks"); String store = props.getProperty(Main.KEYSTORE_PATH_PROPERTY); - String pass = props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY); + String pass = props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY); KeyStore keyStore = readStore(store, pass, type); store = props.getProperty(Main.TRUSTSTORE_PATH_PROPERTY); - pass = props.getProperty(Main.TRUSTSTORE_PASSWORD_PROPERTY); + pass = props.getProperty(Main.TRUSTSTORE_PASSWORD_PROPERTY); if (store == null || store.length() == 0) { store = Main.DEFAULT_TRUSTSTORE; pass = "changeit"; @@ -95,30 +93,34 @@ public class ProxyServlet extends BaseServlet { // We are connecting with the node name, but the certificate will have the CNAME // So we need to accept a non-matching certificate name - SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "changeit", trustStore); + SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, + props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY), trustStore); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sch = new Scheme("https", 443, socketFactory); inited = true; } catch (Exception e) { e.printStackTrace(); } - intlogger.info("ProxyServlet: inited = "+inited); + intlogger.info("ProxyServlet: inited = " + inited); } - private KeyStore readStore(String store, String pass, String type) throws KeyStoreException, FileNotFoundException { + + private KeyStore readStore(String store, String pass, String type) throws KeyStoreException { KeyStore ks = KeyStore.getInstance(type); - FileInputStream instream = new FileInputStream(new File(store)); - try { + try (FileInputStream instream = new FileInputStream(new File(store))) { ks.load(instream, pass.toCharArray()); + } catch (FileNotFoundException fileNotFoundException) { + System.err.println("ProxyServlet: " + fileNotFoundException); + fileNotFoundException.printStackTrace(); } catch (Exception x) { - System.err.println("READING TRUSTSTORE: "+x); - } finally { - try { instream.close(); } catch (Exception ignore) {} + System.err.println("READING TRUSTSTORE: " + x); } return ks; } + /** - * Return <i>true</i> if the requester has NOT set the <i>noproxy</i> CGI variable. - * If they have, this indicates they want to forcibly turn the proxy off. + * Return <i>true</i> if the requester has NOT set the <i>noproxy</i> CGI variable. If they have, this indicates + * they want to forcibly turn the proxy off. + * * @param req the HTTP request * @return true or false */ @@ -127,22 +129,25 @@ public class ProxyServlet extends BaseServlet { if (t != null) { t = t.replaceAll("&", "&"); for (String s : t.split("&")) { - if (s.equals("noproxy") || s.startsWith("noproxy=")) + if (s.equals("noproxy") || s.startsWith("noproxy=")) { return false; + } } } return true; } + /** - * Is this the standby server? If it is, the proxy functions can be used. - * If not, the proxy functions should not be called, and will send a response of 500 - * (Internal Server Error). + * Is this the standby server? If it is, the proxy functions can be used. If not, the proxy functions should not be + * called, and will send a response of 500 (Internal Server Error). + * * @return true if this server is the standby (and hence a proxy server). */ public boolean isProxyServer() { SynchronizerTask st = SynchronizerTask.getSynchronizer(); return st.getState() == SynchronizerTask.STANDBY; } + /** * Issue a proxy DELETE to the active provisioning server. */ @@ -150,6 +155,7 @@ public class ProxyServlet extends BaseServlet { public void doDelete(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "DELETE"); } + /** * Issue a proxy GET to the active provisioning server. */ @@ -157,6 +163,7 @@ public class ProxyServlet extends BaseServlet { public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "GET"); } + /** * Issue a proxy PUT to the active provisioning server. */ @@ -164,6 +171,7 @@ public class ProxyServlet extends BaseServlet { public void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "PUT"); } + /** * Issue a proxy POST to the active provisioning server. */ @@ -171,58 +179,61 @@ public class ProxyServlet extends BaseServlet { public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "POST"); } + /** - * Issue a proxy GET to the active provisioning server. Unlike doGet() above, - * this method will allow the caller to fall back to other code if the remote server is unreachable. + * Issue a proxy GET to the active provisioning server. Unlike doGet() above, this method will allow the caller to + * fall back to other code if the remote server is unreachable. + * * @return true if the proxy succeeded */ public boolean doGetWithFallback(HttpServletRequest req, HttpServletResponse resp) throws IOException { boolean rv = false; if (inited) { String url = buildUrl(req); - intlogger.info("ProxyServlet: proxying with fallback GET "+url); - try(AbstractHttpClient httpclient = new DefaultHttpClient()){ - HttpRequestBase proxy = new HttpGet(url); - try { - httpclient.getConnectionManager().getSchemeRegistry().register(sch); - - // Copy request headers and request body - copyRequestHeaders(req, proxy); - - // Execute the request - HttpResponse pxy_response = httpclient.execute(proxy); - - // Get response headers and body - int code = pxy_response.getStatusLine().getStatusCode(); - resp.setStatus(code); - copyResponseHeaders(pxy_response, resp); - - HttpEntity entity = pxy_response.getEntity(); - if (entity != null) { - InputStream in = entity.getContent(); - IOUtils.copy(in, resp.getOutputStream()); - in.close(); + intlogger.info("ProxyServlet: proxying with fallback GET " + url); + try (AbstractHttpClient httpclient = new DefaultHttpClient()) { + HttpRequestBase proxy = new HttpGet(url); + try { + httpclient.getConnectionManager().getSchemeRegistry().register(sch); + + // Copy request headers and request body + copyRequestHeaders(req, proxy); + + // Execute the request + HttpResponse pxy_response = httpclient.execute(proxy); + + // Get response headers and body + int code = pxy_response.getStatusLine().getStatusCode(); + resp.setStatus(code); + copyResponseHeaders(pxy_response, resp); + + HttpEntity entity = pxy_response.getEntity(); + if (entity != null) { + InputStream in = entity.getContent(); + IOUtils.copy(in, resp.getOutputStream()); + in.close(); + } + rv = true; + + } catch (IOException e) { + System.err.println("ProxyServlet: " + e); + e.printStackTrace(); + } finally { + proxy.releaseConnection(); + httpclient.getConnectionManager().shutdown(); } - rv = true; - - } catch (IOException e) { - System.err.println("ProxyServlet: "+e); - e.printStackTrace(); - } finally { - proxy.releaseConnection(); - httpclient.getConnectionManager().shutdown(); - } } } else { intlogger.warn("ProxyServlet: proxy disabled"); } return rv; } + private void doProxy(HttpServletRequest req, HttpServletResponse resp, final String method) throws IOException { if (inited && isProxyServer()) { String url = buildUrl(req); - intlogger.info("ProxyServlet: proxying "+method + " "+url); - try(AbstractHttpClient httpclient = new DefaultHttpClient()) { + intlogger.info("ProxyServlet: proxying " + method + " " + url); + try (AbstractHttpClient httpclient = new DefaultHttpClient()) { ProxyHttpRequest proxy = new ProxyHttpRequest(method, url); try { httpclient.getConnectionManager().getSchemeRegistry().register(sch); @@ -264,33 +275,40 @@ public class ProxyServlet extends BaseServlet { resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } + private String buildUrl(HttpServletRequest req) { StringBuilder sb = new StringBuilder("https://"); sb.append(URLUtilities.getPeerPodName()); sb.append(req.getRequestURI()); String q = req.getQueryString(); - if (q != null) + if (q != null) { sb.append("?").append(q); + } return sb.toString(); } + private void copyRequestHeaders(HttpServletRequest from, HttpRequestBase to) { @SuppressWarnings("unchecked") List<String> list = Collections.list(from.getHeaderNames()); for (String name : list) { // Proxy code will add this one - if (!name.equalsIgnoreCase("Content-Length")) + if (!name.equalsIgnoreCase("Content-Length")) { to.addHeader(name, from.getHeader(name)); + } } } + private void copyResponseHeaders(HttpResponse from, HttpServletResponse to) { for (Header hdr : from.getAllHeaders()) { // Don't copy Date: our Jetty will add another Date header - if (!hdr.getName().equals("Date")) + if (!hdr.getName().equals("Date")) { to.addHeader(hdr.getName(), hdr.getValue()); + } } } public class ProxyHttpRequest extends HttpEntityEnclosingRequestBase { + private final String method; public ProxyHttpRequest(final String method, final String uri) { @@ -298,6 +316,7 @@ public class ProxyServlet extends BaseServlet { this.method = method; setURI(URI.create(uri)); } + @Override public String getMethod() { return method; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java index 4c140490..f3eb1eb6 100644..100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java @@ -32,7 +32,6 @@ import java.util.HashMap; import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
-
import org.apache.log4j.Logger;
import org.onap.dmaap.datarouter.provisioning.utils.DB;
@@ -43,6 +42,7 @@ import org.onap.dmaap.datarouter.provisioning.utils.DB; * @version $Id: NodeClass.java,v 1.2 2014/01/15 16:08:43 eby Exp $
*/
public abstract class NodeClass extends Syncable {
+
private static Map<String, Integer> map;
private static Logger intLogger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal");
public NodeClass() {
@@ -53,19 +53,20 @@ public abstract class NodeClass extends Syncable { }
/**
- * Add nodes to the NODES table, when the NODES parameter value is changed.
- * Nodes are only added to the table, they are never deleted. The node name is normalized
- * to contain the domain (if missing).
+ * Add nodes to the NODES table, when the NODES parameter value is changed. Nodes are only added to the table, they
+ * are never deleted. The node name is normalized to contain the domain (if missing).
*
* @param nodes a pipe separated list of the current nodes
*/
public static void setNodes(String[] nodes) {
- if (map == null)
+ if (map == null) {
reload();
+ }
int nextid = 0;
for (Integer n : map.values()) {
- if (n >= nextid)
+ if (n >= nextid) {
nextid = n + 1;
+ }
}
// take | separated list, add domain if needed.
@@ -136,8 +137,9 @@ public abstract class NodeClass extends Syncable { public static Integer lookupNodeName(final String name) {
Integer n = map.get(name);
- if (n == null)
+ if (n == null) {
throw new IllegalArgumentException("Invalid node name: " + name);
+ }
return n;
}
@@ -148,8 +150,9 @@ public abstract class NodeClass extends Syncable { if (s.endsWith("*")) {
s = s.substring(0, s.length() - 1);
for (String s2 : keyset) {
- if (s2.startsWith(s))
+ if (s2.startsWith(s)) {
coll.add(s2);
+ }
}
} else if (keyset.contains(s)) {
coll.add(s);
@@ -162,14 +165,6 @@ public abstract class NodeClass extends Syncable { return coll;
}
- protected String lookupNodeID(int n) {
- for (String s : map.keySet()) {
- if (map.get(s) == n)
- return s;
- }
- return null;
- }
-
public static String normalizeNodename(String s) {
if (s != null && s.indexOf('.') <= 0) {
Parameters p = Parameters.getParameter(Parameters.PROV_DOMAIN);
@@ -184,4 +179,13 @@ public abstract class NodeClass extends Syncable { }
}
+
+ protected String lookupNodeID(int n) {
+ for (String s : map.keySet()) {
+ if (map.get(s) == n) {
+ return s;
+ }
+ }
+ return null;
+ }
}
diff --git a/datarouter-prov/src/main/resources/misc/sql_init_01.sql b/datarouter-prov/src/main/resources/misc/sql_init_01.sql index e01ce3b0..356a67a9 100644..100755 --- a/datarouter-prov/src/main/resources/misc/sql_init_01.sql +++ b/datarouter-prov/src/main/resources/misc/sql_init_01.sql @@ -124,18 +124,18 @@ CREATE TABLE GROUPS ( ); INSERT INTO PARAMETERS VALUES - ('ACTIVE_POD', 'prov.datarouternew.com'), - ('PROV_ACTIVE_NAME', 'prov.datarouternew.com'), + ('ACTIVE_POD', 'dmaap-dr-prov'), + ('PROV_ACTIVE_NAME', 'dmaap-dr-prov'), ('STANDBY_POD', ''), - ('PROV_NAME', 'prov.datarouternew.com'), - ('NODES', '172.100.0.1|node.datarouternew.com'), - ('PROV_DOMAIN', 'datarouternew.com'), + ('PROV_NAME', 'dmaap-dr-prov'), + ('NODES', 'dmaap-dr-node'), + ('PROV_DOMAIN', ''), ('DELIVERY_INIT_RETRY_INTERVAL', '10'), ('DELIVERY_MAX_AGE', '86400'), ('DELIVERY_MAX_RETRY_INTERVAL', '3600'), ('DELIVERY_RETRY_RATIO', '2'), ('LOGROLL_INTERVAL', '300'), - ('PROV_AUTH_ADDRESSES', '172.100.0.1|prov.datarouternew.com|node.datarouternew.com'), + ('PROV_AUTH_ADDRESSES', 'dmaap-dr-prov|dmaap-dr-node'), ('PROV_AUTH_SUBJECTS', ''), ('PROV_MAXFEED_COUNT', '10000'), ('PROV_MAXSUB_COUNT', '100000'), diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties index 7758a64d..744bc9ce 100644..100755 --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -27,11 +27,11 @@ org.onap.dmaap.datarouter.provserver.https.port = 8443 org.onap.dmaap.datarouter.provserver.https.relaxation = true org.onap.dmaap.datarouter.provserver.keystore.type = jks -org.onap.dmaap.datarouter.provserver.keymanager.password = changeit -org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/self_signed/keystore.jks -org.onap.dmaap.datarouter.provserver.keystore.password = changeit -org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/self_signed/cacerts.jks -org.onap.dmaap.datarouter.provserver.truststore.password = changeit +org.onap.dmaap.datarouter.provserver.keymanager.password = Qgw77oaQcdP*F8Pwa[&.,.Ab +org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks +org.onap.dmaap.datarouter.provserver.keystore.password = Qgw77oaQcdP*F8Pwa[&.,.Ab +org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks +org.onap.dmaap.datarouter.provserver.truststore.password = 9M?)?:KAj1z6gpLhNrVUG@0T org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool diff --git a/datarouter-prov/src/test/java/datarouter/provisioning/IntegrationTestBase.java b/datarouter-prov/src/test/java/datarouter/provisioning/IntegrationTestBase.java index 71446219..3e5e1d04 100644..100755 --- a/datarouter-prov/src/test/java/datarouter/provisioning/IntegrationTestBase.java +++ b/datarouter-prov/src/test/java/datarouter/provisioning/IntegrationTestBase.java @@ -114,7 +114,7 @@ public class IntegrationTestBase { } } - SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "changeit", trustStore); + SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, props.getProperty("test.kspassword"), trustStore); Scheme sch = new Scheme("https", 443, socketFactory); httpclient.getConnectionManager().getSchemeRegistry().register(sch); @@ -164,7 +164,7 @@ public class IntegrationTestBase { // shut down the connection manager to ensure // immediate deallocation of all system resources httpclient.getConnectionManager().shutdown(); - FileUtils.deleteDirectory(new File("./unit-test-logs")); + FileUtils.deleteDirectory(new File("." + File.pathSeparator+ "unit-test-logs")); } protected void ckResponse(HttpResponse response, int expect) { diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java index 61d030d9..8cc48683 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java @@ -40,6 +40,7 @@ import java.util.HashSet; import java.util.Set; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.nullValue; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThat; import static org.mockito.Matchers.anyInt; import static org.mockito.Mockito.mock; @@ -84,7 +85,7 @@ public class BaseServletTest extends DrServletTestBase { authAddressesAndNetworks.add(("127.0.0.1")); FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true); FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", true, true); - assertThat(baseServlet.isAuthorizedForProvisioning(request), is("Client certificate is missing.")); + assertNull(baseServlet.isAuthorizedForProvisioning(request)); } @Test diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServletTest.java index 35bc85d8..87390bc5 100644..100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServletTest.java @@ -22,6 +22,21 @@ ******************************************************************************/ package org.onap.dmaap.datarouter.provisioning; +import static org.hamcrest.Matchers.notNullValue; +import static org.mockito.Mockito.anyInt; +import static org.mockito.Mockito.anyString; +import static org.mockito.Mockito.argThat; +import static org.mockito.Mockito.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER; + +import java.util.HashSet; +import java.util.Set; +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.reflect.FieldUtils; import org.jetbrains.annotations.NotNull; import org.json.JSONArray; @@ -38,20 +53,11 @@ import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; import org.powermock.modules.junit4.PowerMockRunner; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.HashSet; -import java.util.Set; - -import static org.hamcrest.Matchers.notNullValue; -import static org.mockito.Mockito.*; -import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER; - @RunWith(PowerMockRunner.class) @SuppressStaticInitializationFor("org.onap.dmaap.datarouter.provisioning.beans.Feed") public class DRFeedsServletTest extends DrServletTestBase { + private static DRFeedsServlet drfeedsServlet; @Mock @@ -77,14 +83,17 @@ public class DRFeedsServletTest extends DrServletTestBase { } @Test - public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() + throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); drfeedsServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @Test - public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() + throws Exception { setBehalfHeader(null); drfeedsServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class))); @@ -92,7 +101,8 @@ public class DRFeedsServletTest extends DrServletTestBase { @Test - public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated() + throws Exception { when(request.getRequestURI()).thenReturn("/123"); drfeedsServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class))); @@ -100,7 +110,8 @@ public class DRFeedsServletTest extends DrServletTestBase { @Test - public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() + throws Exception { setAuthoriserToReturnRequestNotAuthorized(); drfeedsServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); @@ -146,14 +157,17 @@ public class DRFeedsServletTest extends DrServletTestBase { @Test - public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() + throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); drfeedsServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @Test - public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() + throws Exception { setBehalfHeader(null); drfeedsServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class))); @@ -161,7 +175,8 @@ public class DRFeedsServletTest extends DrServletTestBase { @Test - public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated() + throws Exception { when(request.getRequestURI()).thenReturn("/123"); drfeedsServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class))); @@ -169,28 +184,33 @@ public class DRFeedsServletTest extends DrServletTestBase { @Test - public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() + throws Exception { when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed; version=1.1"); when(request.getContentType()).thenReturn("stub_contentType"); drfeedsServlet.doPost(request, response); - verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class))); + verify(response) + .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class))); } @Test - public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() + throws Exception { setAuthoriserToReturnRequestNotAuthorized(); drfeedsServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @Test - public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() + throws Exception { drfeedsServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class))); } @Test - public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated() + throws Exception { FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 0, true); DRFeedsServlet drfeedsServlet = new DRFeedsServlet() { protected JSONObject getJSONfromInput(HttpServletRequest req) { @@ -202,7 +222,8 @@ public class DRFeedsServletTest extends DrServletTestBase { } @Test - public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated() + throws Exception { when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null); JSONObject JSObject = buildRequestJsonObject(); @@ -218,7 +239,8 @@ public class DRFeedsServletTest extends DrServletTestBase { } @Test - public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated() + throws Exception { setFeedToReturnInvalidFeedIdSupplied(); JSONObject JSObject = buildRequestJsonObject(); DRFeedsServlet drfeedsServlet = new DRFeedsServlet() { @@ -252,12 +274,14 @@ public class DRFeedsServletTest extends DrServletTestBase { } }; drfeedsServlet.doPost(request, response); - verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class))); + verify(response) + .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class))); } @Test - public void Given_Request_Is_HTTP_POST_And_Change_On_Feeds_Succeeds_A_STATUS_OK_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_POST_And_Change_On_Feeds_Succeeds_A_STATUS_OK_Response_Is_Generated() + throws Exception { ServletOutputStream outStream = mock(ServletOutputStream.class); when(response.getOutputStream()).thenReturn(outStream); JSONObject JSObject = buildRequestJsonObject(); @@ -301,7 +325,9 @@ public class DRFeedsServletTest extends DrServletTestBase { when(request.isSecure()).thenReturn(true); Set<String> authAddressesAndNetworks = new HashSet<String>(); authAddressesAndNetworks.add(("127.0.0.1")); - FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true); + FieldUtils + .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, + true); FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true); FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 100, true); } diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/FeedServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/FeedServletTest.java index f5302cb9..cb8a28da 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/FeedServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/FeedServletTest.java @@ -76,6 +76,7 @@ public class FeedServletTest extends DrServletTestBase { public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); feedServlet.doDelete(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -147,6 +148,7 @@ public class FeedServletTest extends DrServletTestBase { public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); feedServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -200,6 +202,7 @@ public class FeedServletTest extends DrServletTestBase { public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); feedServlet.doPut(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/GroupServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/GroupServletTest.java index a0831b73..fa0caea6 100644..100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/GroupServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/GroupServletTest.java @@ -76,6 +76,7 @@ public class GroupServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); groupServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -105,6 +106,7 @@ public class GroupServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); groupServlet.doPut(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -184,6 +186,7 @@ public class GroupServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); groupServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/InternalServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/InternalServletTest.java index f8342449..97900d4d 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/InternalServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/InternalServletTest.java @@ -89,6 +89,8 @@ public class InternalServletTest extends DrServletTestBase { public void Given_Request_Is_HTTP_GET_And_Address_Not_Authorized_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.getRemoteAddr()).thenReturn("127.100.0.3"); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); + internalServlet.doGet(request, response); verify(response) .sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); @@ -188,6 +190,7 @@ public class InternalServletTest extends DrServletTestBase { public void Given_Request_Is_HTTP_PUT_And_Address_Not_Authorized_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.getRemoteAddr()).thenReturn("127.100.0.3"); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); internalServlet.doPut(request, response); verify(response) .sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); @@ -232,6 +235,7 @@ public class InternalServletTest extends DrServletTestBase { public void Given_Request_Is_HTTP_DELETE_And_Address_Not_Authorized_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.getRemoteAddr()).thenReturn("127.100.0.3"); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); internalServlet.doDelete(request, response); verify(response) .sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); @@ -278,6 +282,7 @@ public class InternalServletTest extends DrServletTestBase { throws Exception { when(request.getRemoteAddr()).thenReturn("127.100.0.3"); internalServlet.doPost(request, response); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); verify(response) .sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/RouteServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/RouteServletTest.java index 63715804..34421f52 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/RouteServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/RouteServletTest.java @@ -69,6 +69,7 @@ public class RouteServletTest extends DrServletTestBase @Test public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Authorized() throws Exception { + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); routeServlet.doDelete(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -207,6 +208,7 @@ public class RouteServletTest extends DrServletTestBase @Test public void Given_Request_Is_HTTP_GET_And_Is_Not_Authorized() throws Exception { + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); routeServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -290,6 +292,7 @@ public class RouteServletTest extends DrServletTestBase @Test public void Given_Request_Is_HTTP_POST_And_Is_Not_Authorized() throws Exception { routeServlet.doPost(request, response); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscribeServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscribeServletTest.java index cdf96ba6..25341d42 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscribeServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscribeServletTest.java @@ -81,6 +81,7 @@ public class SubscribeServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); subscribeServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -137,6 +138,7 @@ public class SubscribeServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); subscribeServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java index b42e3a76..c5660672 100644..100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java @@ -73,6 +73,7 @@ public class SubscriptionServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_DELETE_SC_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); subscriptionServlet.doDelete(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -130,6 +131,7 @@ public class SubscriptionServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); subscriptionServlet.doGet(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -184,6 +186,7 @@ public class SubscriptionServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); subscriptionServlet.doPut(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } @@ -323,6 +326,7 @@ public class SubscriptionServletTest extends DrServletTestBase { @Test public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true); subscriptionServlet.doPost(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class))); } diff --git a/datarouter-prov/src/test/resources/integration_test.properties b/datarouter-prov/src/test/resources/integration_test.properties index 36b2ac3c..9ac1850a 100644 --- a/datarouter-prov/src/test/resources/integration_test.properties +++ b/datarouter-prov/src/test/resources/integration_test.properties @@ -1,5 +1,5 @@ -test.keystore=self_signed/keystore.jks -test.kspassword=changeit -test.truststore=self_signed/cacerts.jks -test.tspassword=changeit -test.host=https://prov.datarouternew.com:8443
\ No newline at end of file +test.keystore=aaf_certs/org.onap.dmaap-dr.jks +test.kspassword=Qgw77oaQcdP*F8Pwa[&.,.Ab +test.truststore=aaf_certs/org.onap.dmaap-dr.trust.jks +test.tspassword=9M?)?:KAj1z6gpLhNrVUG@0T +test.host=https://dmaap-dr-prov:8443
\ No newline at end of file diff --git a/docker-compose/database/sql_init_01.sql b/docker-compose/database/sql_init_01.sql index e01ce3b0..356a67a9 100644..100755 --- a/docker-compose/database/sql_init_01.sql +++ b/docker-compose/database/sql_init_01.sql @@ -124,18 +124,18 @@ CREATE TABLE GROUPS ( ); INSERT INTO PARAMETERS VALUES - ('ACTIVE_POD', 'prov.datarouternew.com'), - ('PROV_ACTIVE_NAME', 'prov.datarouternew.com'), + ('ACTIVE_POD', 'dmaap-dr-prov'), + ('PROV_ACTIVE_NAME', 'dmaap-dr-prov'), ('STANDBY_POD', ''), - ('PROV_NAME', 'prov.datarouternew.com'), - ('NODES', '172.100.0.1|node.datarouternew.com'), - ('PROV_DOMAIN', 'datarouternew.com'), + ('PROV_NAME', 'dmaap-dr-prov'), + ('NODES', 'dmaap-dr-node'), + ('PROV_DOMAIN', ''), ('DELIVERY_INIT_RETRY_INTERVAL', '10'), ('DELIVERY_MAX_AGE', '86400'), ('DELIVERY_MAX_RETRY_INTERVAL', '3600'), ('DELIVERY_RETRY_RATIO', '2'), ('LOGROLL_INTERVAL', '300'), - ('PROV_AUTH_ADDRESSES', '172.100.0.1|prov.datarouternew.com|node.datarouternew.com'), + ('PROV_AUTH_ADDRESSES', 'dmaap-dr-prov|dmaap-dr-node'), ('PROV_AUTH_SUBJECTS', ''), ('PROV_MAXFEED_COUNT', '10000'), ('PROV_MAXSUB_COUNT', '100000'), diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index f8a4d843..35ed74c3 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -7,9 +7,9 @@ # * Licensed under the Apache License, Version 2.0 (the "License"); # * you may not use this file except in compliance with the License. # * You may obtain a copy of the License at -# * +# * # * http://www.apache.org/licenses/LICENSE-2.0 -# * +# * # * Unless required by applicable law or agreed to in writing, software # * distributed under the License is distributed on an "AS IS" BASIS, # * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,10 +25,11 @@ services: datarouter-prov: image: nexus3.onap.org:10003/onap/dmaap/datarouter-prov container_name: datarouter-prov - hostname: prov.datarouternew.com + hostname: dmaap-dr-prov ports: + - "443:8443" - "8443:8443" - - "8080:8080" + - "8080:8080" volumes: - ./prov_data/provserver.properties:/opt/app/datartr/etc/provserver.properties - ./prov_data/addSubscriber.txt:/opt/app/datartr/addSubscriber.txt @@ -37,12 +38,12 @@ services: mariadb_container: condition: service_healthy healthcheck: - test: ["CMD", "curl", "-f", "http://prov.datarouternew.com:8080/internal/prov"] + test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"] interval: 10s timeout: 10s retries: 5 extra_hosts: - - "node.datarouternew.com:172.100.0.4" + - "dmaap-dr-node:172.100.0.4" networks: testing_net: ipv4_address: 172.100.0.3 @@ -50,7 +51,7 @@ services: datarouter-node: image: nexus3.onap.org:10003/onap/dmaap/datarouter-node container_name: datarouter-node - hostname: node.datarouternew.com + hostname: dmaap-dr-node ports: - "9443:8443" - "9090:8080" @@ -60,7 +61,7 @@ services: datarouter-prov: condition: service_healthy extra_hosts: - - "prov.datarouternew.com:172.100.0.3" + - "dmaap-dr-prov:172.100.0.3" networks: testing_net: ipv4_address: 172.100.0.4 @@ -76,7 +77,7 @@ services: networks: testing_net: ipv4_address: 172.100.0.5 - + mariadb_container: image: mariadb:10.2.14 container_name: mariadb diff --git a/docker-compose/node_data/aaf_certs/org.onap.dmaap-dr.jks b/docker-compose/node_data/aaf_certs/org.onap.dmaap-dr.jks Binary files differnew file mode 100755 index 00000000..4529cccb --- /dev/null +++ b/docker-compose/node_data/aaf_certs/org.onap.dmaap-dr.jks diff --git a/docker-compose/node_data/aaf_certs/org.onap.dmaap-dr.trust.jks b/docker-compose/node_data/aaf_certs/org.onap.dmaap-dr.trust.jks Binary files differnew file mode 100755 index 00000000..096fbb26 --- /dev/null +++ b/docker-compose/node_data/aaf_certs/org.onap.dmaap-dr.trust.jks diff --git a/docker-compose/node_data/node.properties b/docker-compose/node_data/node.properties index 20c5af12..de38cb6f 100644 --- a/docker-compose/node_data/node.properties +++ b/docker-compose/node_data/node.properties @@ -2,7 +2,7 @@ # ============LICENSE_START================================================== # * org.onap.dmaap # * =========================================================================== -# * Copyright � 2017 AT&T Intellectual Property. All rights reserved. +# * Copyright 2017 AT&T Intellectual Property. All rights reserved. # * =========================================================================== # * Licensed under the Apache License, Version 2.0 (the "License"); # * you may not use this file except in compliance with the License. @@ -25,14 +25,14 @@ # # URL to retrieve dynamic configuration # -#ProvisioningURL: ${DRTR_PROV_INTURL:-https://feeds-drtr.web.att.com/internal/prov} -ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov +#ProvisioningURL: ${DRTR_PROV_INTURL} +ProvisioningURL=https://dmaap-dr-prov:8443/internal/prov # # URL to upload PUB/DEL/EXP logs # -#LogUploadURL: ${DRTR_LOG_URL:-https://feeds-drtr.web.att.com/internal/logs} -LogUploadURL=https://prov.datarouternew.com:8443/internal/logs +#LogUploadURL: ${DRTR_LOG_URL} +LogUploadURL=https://dmaap-dr-prov:8443/internal/logs # # The port number for http as seen within the server @@ -74,20 +74,19 @@ SpoolDir=/opt/app/datartr/spool #RedirectionFile: etc/redirections.dat # # The type of keystore for https -# KeyStoreType: jks # # The path to the keystore for https # -KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks +KeyStoreFile:/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks # # The password for the https keystore # -KeyStorePassword=changeit +KeyStorePassword=4*&GD+w58RUM]01No.CYY;z6 # # The password for the private key in the https keystore # -KeyPassword=changeit +KeyPassword=4*&GD+w58RUM]01No.CYY;z6 # # The type of truststore for https # @@ -96,11 +95,11 @@ TrustStoreType=jks # The path to the truststore for https # #TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks +TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks # # The password for the https truststore # -TrustStorePassword=changeit +TrustStorePassword=UDXlT6Iu[F)k,Htk92+B,0Xj # # The path to the file used to trigger an orderly shutdown # diff --git a/docker-compose/node_data/self_signed/cacerts.jks b/docker-compose/node_data/self_signed/cacerts.jks Binary files differdeleted file mode 100644 index dfd81433..00000000 --- a/docker-compose/node_data/self_signed/cacerts.jks +++ /dev/null diff --git a/docker-compose/node_data/self_signed/keystore.jks b/docker-compose/node_data/self_signed/keystore.jks Binary files differdeleted file mode 100644 index e5a4e781..00000000 --- a/docker-compose/node_data/self_signed/keystore.jks +++ /dev/null diff --git a/docker-compose/node_data/self_signed/mykey.cer b/docker-compose/node_data/self_signed/mykey.cer Binary files differdeleted file mode 100644 index 2a5c9d70..00000000 --- a/docker-compose/node_data/self_signed/mykey.cer +++ /dev/null diff --git a/docker-compose/node_data/self_signed/nodekey.cer b/docker-compose/node_data/self_signed/nodekey.cer Binary files differdeleted file mode 100644 index 4cdfdfe3..00000000 --- a/docker-compose/node_data/self_signed/nodekey.cer +++ /dev/null diff --git a/docker-compose/prov_data/aaf_certs/org.onap.dmaap-dr.jks b/docker-compose/prov_data/aaf_certs/org.onap.dmaap-dr.jks Binary files differnew file mode 100755 index 00000000..155991ab --- /dev/null +++ b/docker-compose/prov_data/aaf_certs/org.onap.dmaap-dr.jks diff --git a/docker-compose/prov_data/aaf_certs/org.onap.dmaap-dr.trust.jks b/docker-compose/prov_data/aaf_certs/org.onap.dmaap-dr.trust.jks Binary files differnew file mode 100755 index 00000000..c8f9ee66 --- /dev/null +++ b/docker-compose/prov_data/aaf_certs/org.onap.dmaap-dr.trust.jks diff --git a/docker-compose/prov_data/provserver.properties b/docker-compose/prov_data/provserver.properties index 7758a64d..744bc9ce 100644..100755 --- a/docker-compose/prov_data/provserver.properties +++ b/docker-compose/prov_data/provserver.properties @@ -27,11 +27,11 @@ org.onap.dmaap.datarouter.provserver.https.port = 8443 org.onap.dmaap.datarouter.provserver.https.relaxation = true org.onap.dmaap.datarouter.provserver.keystore.type = jks -org.onap.dmaap.datarouter.provserver.keymanager.password = changeit -org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/self_signed/keystore.jks -org.onap.dmaap.datarouter.provserver.keystore.password = changeit -org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/self_signed/cacerts.jks -org.onap.dmaap.datarouter.provserver.truststore.password = changeit +org.onap.dmaap.datarouter.provserver.keymanager.password = Qgw77oaQcdP*F8Pwa[&.,.Ab +org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks +org.onap.dmaap.datarouter.provserver.keystore.password = Qgw77oaQcdP*F8Pwa[&.,.Ab +org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks +org.onap.dmaap.datarouter.provserver.truststore.password = 9M?)?:KAj1z6gpLhNrVUG@0T org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool diff --git a/docker-compose/prov_data/self_signed/cacerts.jks b/docker-compose/prov_data/self_signed/cacerts.jks Binary files differdeleted file mode 100644 index 76a480ad..00000000 --- a/docker-compose/prov_data/self_signed/cacerts.jks +++ /dev/null diff --git a/docker-compose/prov_data/self_signed/keystore.jks b/docker-compose/prov_data/self_signed/keystore.jks Binary files differdeleted file mode 100644 index 2c22b4ac..00000000 --- a/docker-compose/prov_data/self_signed/keystore.jks +++ /dev/null diff --git a/docker-compose/prov_data/self_signed/mykey.cer b/docker-compose/prov_data/self_signed/mykey.cer Binary files differdeleted file mode 100644 index 2a5c9d70..00000000 --- a/docker-compose/prov_data/self_signed/mykey.cer +++ /dev/null |