diff options
58 files changed, 779 insertions, 1129 deletions
diff --git a/csit/scripts/dmaap-datarouter/docker-compose/node.properties b/csit/scripts/dmaap-datarouter/docker-compose/node.properties index 1e684b43..d9c7b824 100644 --- a/csit/scripts/dmaap-datarouter/docker-compose/node.properties +++ b/csit/scripts/dmaap-datarouter/docker-compose/node.properties @@ -51,35 +51,36 @@ SpoolDir = /opt/app/datartr/spool # The path to the redirection data file RedirectionFile = etc/redirections.dat # +# https security required for publish request +TlsEnabled = false +# +# Enabled TLS protocols +NodeHttpsProtocols = TLSv1.1|TLSv1.2 +# # The type of keystore for https KeyStoreType = PKCS12 # +# The path to your KeyStoreFile +KeyStorePath = /opt/app/datartr/certs/org.onap.dmaap-dr-node.p12 +# +# The key store password +KeyStorePass = changeit +# +# The key manager password +KeyManagerPass = changeit +# # The type of truststore for https TrustStoreType = jks # +# The path to your trust store +TrustStorePath = /opt/app/datartr/certs/truststore.jks +# +# The trust store password +TrustStorePass = changeit +# # The path to the file used to trigger an orderly shutdown QuiesceFile = etc/SHUTDOWN # # The key used to generate passwords for node to node transfers NodeAuthKey = Node123! -# -# DR_NODE DEFAULT ENABLED TLS PROTOCOLS -NodeHttpsProtocols = TLSv1.1|TLSv1.2 -# -# AAF type to generate permission string -AAFType = org.onap.dmaap-dr.feed -# -# AAF default instance to generate permission string - default should be legacy -AAFInstance = legacy -# -# AAF action to generate permission string - default should be publish -AAFAction = publish -# -# AAF CADI enabled flag -CadiEnabled = false -# -# AAF Props file path -AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props -# https security required for publish request -TlsEnabled = false diff --git a/datarouter-node/pom.xml b/datarouter-node/pom.xml index b3fdd3ca..ffaa2602 100755 --- a/datarouter-node/pom.xml +++ b/datarouter-node/pom.xml @@ -101,10 +101,6 @@ <artifactId>jetty-http</artifactId> </dependency> <dependency> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>aaf-cadi-core</artifactId> - </dependency> - <dependency> <groupId>com.intellij</groupId> <artifactId>annotations</artifactId> </dependency> @@ -342,47 +338,6 @@ </resources> </configuration> </execution> - <execution> - <id>copy-resources-etc</id> - <phase>validate</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${basedir}/target/docker-stage/opt/app/datartr/etc</outputDirectory> - <resources> - <resource> - <directory>${basedir}/src/main/resources</directory> - <includes> - <include>misc/**</include> - <include>**/**</include> - </includes> - <excludes> - <exclude>aaf/**</exclude> - <exclude>docker/**</exclude> - </excludes> - </resource> - </resources> - </configuration> - </execution> - <execution> - <id>copy-aaf-props</id> - <phase>validate</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${basedir}/target/docker-stage/opt/app/osaaf/local</outputDirectory> - <resources> - <resource> - <directory>${basedir}/src/main/resources/aaf</directory> - <includes> - <include>**/**</include> - </includes> - </resource> - </resources> - </configuration> - </execution> </executions> </plugin> <plugin> diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfo.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfo.java index f5fa6e98..ac8c3186 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfo.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfo.java @@ -24,6 +24,8 @@ package org.onap.dmaap.datarouter.node; +import org.onap.dmaap.datarouter.node.config.NodeConfig; + /** * Information for a delivery destination that doesn't change from message to message. */ diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfoBuilder.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfoBuilder.java index 00c5cd8b..2b9db95b 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfoBuilder.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DestInfoBuilder.java @@ -66,7 +66,7 @@ public class DestInfoBuilder { return destInfoLogData; } - DestInfoBuilder setLogdata(String logdata) { + public DestInfoBuilder setLogdata(String logdata) { this.destInfoLogData = logdata; return this; } @@ -84,7 +84,7 @@ public class DestInfoBuilder { return destInfoAuthUser; } - DestInfoBuilder setAuthuser(String authuser) { + public DestInfoBuilder setAuthuser(String authuser) { this.destInfoAuthUser = authuser; return this; } @@ -93,7 +93,7 @@ public class DestInfoBuilder { return destInfoAuthentication; } - DestInfoBuilder setAuthentication(String authentication) { + public DestInfoBuilder setAuthentication(String authentication) { this.destInfoAuthentication = authentication; return this; } @@ -102,7 +102,7 @@ public class DestInfoBuilder { return destInfoMetaOnly; } - DestInfoBuilder setMetaonly(boolean metaonly) { + public DestInfoBuilder setMetaonly(boolean metaonly) { this.destInfoMetaOnly = metaonly; return this; } @@ -111,7 +111,7 @@ public class DestInfoBuilder { return destInfoUse100; } - DestInfoBuilder setUse100(boolean use100) { + public DestInfoBuilder setUse100(boolean use100) { this.destInfoUse100 = use100; return this; } @@ -120,7 +120,7 @@ public class DestInfoBuilder { return destInfoPrivilegedSubscriber; } - DestInfoBuilder setPrivilegedSubscriber(boolean privilegedSubscriber) { + public DestInfoBuilder setPrivilegedSubscriber(boolean privilegedSubscriber) { this.destInfoPrivilegedSubscriber = privilegedSubscriber; return this; } @@ -129,7 +129,7 @@ public class DestInfoBuilder { return destInfoFollowRedirects; } - DestInfoBuilder setFollowRedirects(boolean followRedirects) { + public DestInfoBuilder setFollowRedirects(boolean followRedirects) { this.destInfoFollowRedirects = followRedirects; return this; } @@ -138,12 +138,12 @@ public class DestInfoBuilder { return destInfoDecompress; } - DestInfoBuilder setDecompress(boolean decompress) { + public DestInfoBuilder setDecompress(boolean decompress) { this.destInfoDecompress = decompress; return this; } - DestInfo createDestInfo() { + public DestInfo createDestInfo() { return new DestInfo(this); } }
\ No newline at end of file diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java deleted file mode 100644 index ec49807e..00000000 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Copyright (C) 2019 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.datarouter.node; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import org.onap.aaf.cadi.PropAccess; - -class NodeAafPropsUtils { - - private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeAafPropsUtils.class); - private final PropAccess propAccess; - - NodeAafPropsUtils(File propsFile) throws IOException { - propAccess = new PropAccess(); - try { - propAccess.load(new FileInputStream(propsFile.getPath())); - } catch (IOException e) { - eelfLogger.error("Failed to load props file: " + propsFile + "\n" + e.getMessage(), e); - throw e; - } - } - - String getDecryptedPass(String password) { - String decryptedPass = ""; - try { - decryptedPass = propAccess.decrypt(propAccess.getProperty(password), false); - } catch (IOException e) { - eelfLogger.error("Failed to decrypt " + password + " : " + e.getMessage(), e); - } - return decryptedPass; - } - - PropAccess getPropAccess() { - return propAccess; - } -} diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java index 1debcf63..d02bedb2 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java @@ -36,10 +36,17 @@ import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.nio.file.Files; +import java.util.HashSet; +import java.util.Iterator; import java.util.Objects; import java.util.Properties; import java.util.Timer; +import org.onap.dmaap.datarouter.node.config.NodeConfig; +import org.onap.dmaap.datarouter.node.config.ProvData; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueueHelper; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; +import org.onap.dmaap.datarouter.node.utils.NodeTlsManager; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; /** @@ -56,8 +63,6 @@ public class NodeConfigManager implements DeliveryQueueHelper { private static final String NODE_CONFIG_MANAGER = "NodeConfigManager"; private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeConfigManager.class); - private static NodeConfigManager base; - private long maxfailuretimer; private long initfailuretimer; private long waitForFileProcessFailureTimer; @@ -73,19 +78,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { private final int intHttpPort; private final int intHttpsPort; private final int extHttpsPort; - private String[] enabledprotocols; - private final boolean cadiEnabled; - private String aafType; - private String aafInstance; - private String aafAction; private final boolean tlsEnabled; - private String kstype; - private String ksfile; - private String kspass; - private String kpass; - private String tstype; - private String tsfile; - private String tspass; private String myname; private final String nak; private final File quiesce; @@ -103,8 +96,9 @@ public class NodeConfigManager implements DeliveryQueueHelper { private final RedirManager rdmgr; private final Timer timer = new Timer("Node Configuration Timer", true); private final RateLimitedOperation pfetcher; - private NodeConfig config; - private NodeAafPropsUtils nodeAafPropsUtils; + private static NodeConfigManager base; + private static NodeTlsManager nodeTlsManager; + private NodeConfig nodeConfig; private static Properties drNodeProperties; public static Properties getDrNodeProperties() { @@ -135,42 +129,24 @@ public class NodeConfigManager implements DeliveryQueueHelper { } eelfLogger.debug("NODE0303 Provisioning server is at: " + provhost); provcheck = new IsFrom(provhost); - - cadiEnabled = Boolean.parseBoolean(getDrNodeProperties().getProperty("CadiEnabled", "false")); - if (cadiEnabled) { - aafType = getDrNodeProperties().getProperty("AAFType", "org.onap.dmaap-dr.feed"); - aafInstance = getDrNodeProperties().getProperty("AAFInstance", "legacy"); - aafAction = getDrNodeProperties().getProperty("AAFAction", "publish"); - } tlsEnabled = Boolean.parseBoolean(getDrNodeProperties().getProperty("TlsEnabled", "true")); if (isTlsEnabled()) { try { - kstype = getDrNodeProperties().getProperty("KeyStoreType", "PKCS12"); - tstype = getDrNodeProperties().getProperty("TrustStoreType", "jks"); - enabledprotocols = ((getDrNodeProperties().getProperty("NodeHttpsProtocols")).trim()).split("\\|"); - nodeAafPropsUtils = new NodeAafPropsUtils(new File(getDrNodeProperties() - .getProperty("AAFPropsFilePath", "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); - getSslContextData(); - if (tsfile != null && tsfile.length() > 0) { - System.setProperty("javax.net.ssl.trustStoreType", tstype); - System.setProperty("javax.net.ssl.trustStore", tsfile); - System.setProperty("javax.net.ssl.trustStorePassword", tspass); - } - myname = NodeUtils.getCanonicalName(kstype, ksfile, kspass); + nodeTlsManager = new NodeTlsManager(getDrNodeProperties()); + myname = nodeTlsManager.getMyNameFromCertificate(); if (myname == null) { NodeUtils.setIpAndFqdnForEelf(NODE_CONFIG_MANAGER); - eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_FETCH_ERROR, ksfile); - eelfLogger.error("NODE0309 Unable to fetch canonical name from keystore file " + ksfile); + eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_FETCH_ERROR, nodeTlsManager.getKeyStorefile()); + eelfLogger.error("NODE0309 Unable to fetch canonical name from keystore file {}", nodeTlsManager.getKeyStorefile()); exit(1); } - eelfLogger.debug("NODE0304 My certificate says my name is " + myname); + eelfLogger.debug("NODE0304 My certificate says my name is {}", myname); } catch (Exception e) { eelfLogger.error("NODE0314 Failed to load AAF props. Exiting", e); exit(1); } } myname = "dmaap-dr-node"; - eventlogurl = getDrNodeProperties().getProperty("LogUploadURL", "https://feeds-drtr.web.att.com/internal/logs"); intHttpPort = Integer.parseInt(getDrNodeProperties().getProperty("IntHttpPort", "80")); intHttpsPort = Integer.parseInt(getDrNodeProperties().getProperty("IntHttpsPort", "443")); @@ -200,21 +176,13 @@ public class NodeConfigManager implements DeliveryQueueHelper { pfetcher = new RateLimitedOperation( Long.parseLong(getDrNodeProperties().getProperty("MinProvFetchInterval", "10000")), timer) { public void run() { - fetchconfig(); + fetchNodeConfigFromProv(); } }; eelfLogger.debug("NODE0305 Attempting to fetch configuration at " + provurl); pfetcher.request(); } - private void getSslContextData() { - ksfile = nodeAafPropsUtils.getPropAccess().getProperty("cadi_keystore"); - kspass = nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password"); - kpass = nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password"); - tsfile = nodeAafPropsUtils.getPropAccess().getProperty("cadi_truststore"); - tspass = nodeAafPropsUtils.getDecryptedPass("cadi_truststore_password"); - } - /** * Get the default node configuration manager. */ @@ -303,19 +271,19 @@ public class NodeConfigManager implements DeliveryQueueHelper { } } - private void fetchconfig() { + private void fetchNodeConfigFromProv() { try { - eelfLogger.debug("NodeConfigMan.fetchConfig: provurl:: " + provurl); + eelfLogger.debug("NodeConfigMan.fetchNodeConfigFromProv: provurl:: {}", provurl); URL url = new URL(provurl); Reader reader = new InputStreamReader(url.openStream()); - config = new NodeConfig(new ProvData(reader), myname, spooldir, extHttpsPort, nak); + nodeConfig = new NodeConfig(new ProvData(reader), myname, spooldir, extHttpsPort, nak); localconfig(); configtasks.startRun(); runTasks(); } catch (Exception e) { - NodeUtils.setIpAndFqdnForEelf("fetchconfigs"); + NodeUtils.setIpAndFqdnForEelf("fetchNodeConfigFromProv"); eelfLogger.error(EelfMsgs.MESSAGE_CONF_FAILED, e.toString()); - eelfLogger.error("NODE0306 Configuration failed " + e + " - try again later", e); + eelfLogger.error("NODE0306 Configuration failed {} - try again later", e); pfetcher.request(); } } @@ -348,8 +316,8 @@ public class NodeConfigManager implements DeliveryQueueHelper { /** * Am I configured. */ - boolean isConfigured() { - return config != null; + public boolean isConfigured() { + return nodeConfig != null; } /** @@ -366,7 +334,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return array of targets */ Target[] parseRouting(String routing) { - return config.parseRouting(routing); + return nodeConfig.parseRouting(routing); } /** @@ -377,7 +345,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return If the credentials and IP address are recognized, true, otherwise false. */ boolean isAnotherNode(String credentials, String ip) { - return config.isAnotherNode(credentials, ip); + return nodeConfig.isAnotherNode(credentials, ip); } /** @@ -389,18 +357,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return True if the IP and credentials are valid for the specified feed. */ String isPublishPermitted(String feedid, String credentials, String ip) { - return config.isPublishPermitted(feedid, credentials, ip); - } - - /** - * Check whether publication is allowed for AAF Feed. - * - * @param feedid The ID of the feed being requested - * @param ip The requesting IP address - * @return True if the IP and credentials are valid for the specified feed. - */ - String isPublishPermitted(String feedid, String ip) { - return config.isPublishPermitted(feedid, ip); + return nodeConfig.isPublishPermitted(feedid, credentials, ip); } /** @@ -410,7 +367,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return True if the delete file is permitted for the subscriber. */ boolean isDeletePermitted(String subId) { - return config.isDeletePermitted(subId); + return nodeConfig.isDeletePermitted(subId); } /** @@ -421,20 +378,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return Null if the credentials are invalid or the user if they are valid. */ String getAuthUser(String feedid, String credentials) { - return config.getAuthUser(feedid, credentials); - } - - /** - * AAF changes: TDP EPIC US# 307413 Check AAF_instance for feed ID in NodeConfig. - * - * @param feedid The ID of the feed specified - */ - String getAafInstance(String feedid) { - return config.getAafInstance(feedid); - } - - String getAafInstance() { - return aafInstance; + return nodeConfig.getAuthUser(feedid, credentials); } /** @@ -446,7 +390,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return Null if the request should be accepted or the correct hostname if it should be sent to another node. */ String getIngressNode(String feedid, String user, String ip) { - return config.getIngressNode(feedid, user, ip); + return nodeConfig.getIngressNode(feedid, user, ip); } /** @@ -456,7 +400,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return The value of the parameter or null if it is not defined. */ private String getProvParam(String name) { - return config.getProvParam(name); + return nodeConfig.getProvParam(name); } /** @@ -467,7 +411,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return The value of the parameter or deflt if it is not defined. */ private String getProvParam(String name, String defaultValue) { - name = config.getProvParam(name); + name = nodeConfig.getProvParam(name); if (name == null) { name = defaultValue; } @@ -484,14 +428,14 @@ public class NodeConfigManager implements DeliveryQueueHelper { /** * Get all the outbound spooling destinations. This will include both subscriptions and nodes. */ - DestInfo[] getAllDests() { - return config.getAllDests(); + public DestInfo[] getAllDests() { + return nodeConfig.getAllDests(); } /** * Register a task to run whenever the configuration changes. */ - void registerConfigTask(Runnable task) { + public void registerConfigTask(Runnable task) { configtasks.addTask(task); } @@ -601,7 +545,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return The targets this feed should be delivered to */ Target[] getTargets(String feedid) { - return config.getTargets(feedid); + return nodeConfig.getTargets(feedid); } /** @@ -616,7 +560,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { */ String getSpoolDir(String subid, String remoteaddr) { if (provcheck.isFrom(remoteaddr)) { - String sdir = config.getSpoolDir(subid); + String sdir = nodeConfig.getSpoolDir(subid); if (sdir != null) { eelfLogger.debug("NODE0310 Received subscription reset request for subscription " + subid + " from provisioning server " + remoteaddr); @@ -634,52 +578,11 @@ public class NodeConfigManager implements DeliveryQueueHelper { /** * Get the base directory for spool directories. */ - String getSpoolBase() { + public String getSpoolBase() { return spooldir; } /** - * Get the key store type. - */ - String getKSType() { - return kstype; - } - - /** - * Get the key store file. - */ - String getKSFile() { - return ksfile; - } - - /** - * Get the key store password. - */ - String getKSPass() { - return kspass; - } - - /** - * Get the key password. - */ - String getKPass() { - return kpass; - } - - - String getTstype() { - return tstype; - } - - String getTsfile() { - return tsfile; - } - - String getTspass() { - return tspass; - } - - /** * Get the http port. */ int getHttpPort() { @@ -703,42 +606,42 @@ public class NodeConfigManager implements DeliveryQueueHelper { /** * Get the external name of this machine. */ - String getMyName() { + public String getMyName() { return myname; } /** * Get the number of threads to use for delivery. */ - int getDeliveryThreads() { + public int getDeliveryThreads() { return deliverythreads; } /** * Get the URL for uploading the event log data. */ - String getEventLogUrl() { + public String getEventLogUrl() { return eventlogurl; } /** * Get the prefix for the names of event log files. */ - String getEventLogPrefix() { + public String getEventLogPrefix() { return eventlogprefix; } /** * Get the suffix for the names of the event log files. */ - String getEventLogSuffix() { + public String getEventLogSuffix() { return eventlogsuffix; } /** * Get the interval between event log file rollovers. */ - String getEventLogInterval() { + public String getEventLogInterval() { return eventloginterval; } @@ -752,14 +655,14 @@ public class NodeConfigManager implements DeliveryQueueHelper { /** * Get the directory where the event and node log files live. */ - String getLogDir() { + public String getLogDir() { return logdir; } /** * How long do I keep log files (in milliseconds). */ - long getLogRetention() { + public long getLogRetention() { return logretention; } @@ -777,7 +680,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { * @return The feed ID */ public String getFeedId(String subid) { - return config.getFeedId(subid); + return nodeConfig.getFeedId(subid); } /** @@ -785,15 +688,15 @@ public class NodeConfigManager implements DeliveryQueueHelper { * * @return The Authorization string for this node */ - String getMyAuth() { - return config.getMyAuth(); + public String getMyAuth() { + return nodeConfig.getMyAuth(); } /** * Get the fraction of free spool disk space where we start throwing away undelivered files. This is * FREE_DISK_RED_PERCENT / 100.0. Default is 0.05. Limited by 0.01 <= FreeDiskStart <= 0.5. */ - double getFreeDiskStart() { + public double getFreeDiskStart() { return fdpstart; } @@ -801,54 +704,138 @@ public class NodeConfigManager implements DeliveryQueueHelper { * Get the fraction of free spool disk space where we stop throwing away undelivered files. This is * FREE_DISK_YELLOW_PERCENT / 100.0. Default is 0.2. Limited by FreeDiskStart <= FreeDiskStop <= 0.5. */ - double getFreeDiskStop() { + public double getFreeDiskStop() { return fdpstop; } - /** - * Disable and enable protocols. - */ - String[] getEnabledprotocols() { - return enabledprotocols; + protected boolean isTlsEnabled() { + return tlsEnabled; } - String getAafType() { - return aafType; + public static NodeTlsManager getNodeTlsManager() { + return nodeTlsManager; } - String getAafAction() { - return aafAction; - } + /** + * Generate publish IDs. + */ + static class PublishId { - protected boolean isTlsEnabled() { - return tlsEnabled; - } + private long nextuid; + private final String myname; - boolean getCadiEnabled() { - return cadiEnabled; - } + /** + * Generate publish IDs for the specified name. + * + * @param myname Unique identifier for this publish ID generator (usually fqdn of server) + */ + public PublishId(String myname) { + this.myname = myname; + } - NodeAafPropsUtils getNodeAafPropsUtils() { - return nodeAafPropsUtils; + /** + * Generate a Data Router Publish ID that uniquely identifies the particular invocation of the Publish API for log + * correlation purposes. + */ + public synchronized String next() { + long now = System.currentTimeMillis(); + if (now < nextuid) { + now = nextuid; + } + nextuid = now + 1; + return (now + "." + myname); + } } /** - * Builds the permissions string to be verified. - * - * @param aafInstance The aaf instance - * @return The permissions - */ - String getPermission(String aafInstance) { - try { - String type = getAafType(); - String action = getAafAction(); - if ("".equals(aafInstance)) { - aafInstance = getAafInstance(); + * Manage a list of tasks to be executed when an event occurs. This makes the following guarantees: + * <ul> + * <li>Tasks can be safely added and removed in the middle of a run.</li> + * <li>No task will be returned more than once during a run.</li> + * <li>No task will be returned when it is not, at that moment, in the list of tasks.</li> + * <li>At the moment when next() returns null, all tasks on the list have been returned during the run.</li> + * <li>Initially and once next() returns null during a run, next() will continue to return null until startRun() is + * called. + * </ul> + */ + static class TaskList { + + private Iterator<Runnable> runlist; + private final HashSet<Runnable> tasks = new HashSet<>(); + private HashSet<Runnable> togo; + private HashSet<Runnable> sofar; + private HashSet<Runnable> added; + private HashSet<Runnable> removed; + + /** + * Start executing the sequence of tasks. + */ + synchronized void startRun() { + sofar = new HashSet<>(); + added = new HashSet<>(); + removed = new HashSet<>(); + togo = new HashSet<>(tasks); + runlist = togo.iterator(); + } + + /** + * Get the next task to execute. + */ + synchronized Runnable next() { + while (runlist != null) { + if (runlist.hasNext()) { + Runnable task = runlist.next(); + if (addTaskToSoFar(task)) { + return task; + } + } + if (!added.isEmpty()) { + togo = added; + added = new HashSet<>(); + removed.clear(); + runlist = togo.iterator(); + continue; + } + togo = null; + added = null; + removed = null; + sofar = null; + runlist = null; } - return type + "|" + aafInstance + "|" + action; - } catch (Exception e) { - eelfLogger.error("NODE0543 NodeConfigManager.getPermission: ", e); + return (null); + } + + /** + * Add a task to the list of tasks to run whenever the event occurs. + */ + synchronized void addTask(Runnable task) { + if (runlist != null) { + added.add(task); + removed.remove(task); + } + tasks.add(task); + } + + /** + * Remove a task from the list of tasks to run whenever the event occurs. + */ + synchronized void removeTask(Runnable task) { + if (runlist != null) { + removed.add(task); + added.remove(task); + } + tasks.remove(task); + } + + private boolean addTaskToSoFar(Runnable task) { + if (removed.contains(task)) { + return false; + } + if (sofar.contains(task)) { + return false; + } + sofar.add(task); + return true; } - return null; } } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeRunner.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeRunner.java index 485cdb20..036599a4 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeRunner.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeRunner.java @@ -28,6 +28,9 @@ import static java.lang.System.exit; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import org.eclipse.jetty.server.Server; +import org.onap.dmaap.datarouter.node.log.LogManager; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The main starting point for the Data Router node. @@ -49,7 +52,7 @@ public class NodeRunner { nodeMainLogger.debug("NODE0001 Data Router Node Starting"); IsFrom.setDNSCache(); NodeConfigManager nodeConfigManager = NodeConfigManager.getInstance(); - nodeMainLogger.debug("NODE0002 I am " + nodeConfigManager.getMyName()); + nodeMainLogger.debug("NODE0002 I am {}", nodeConfigManager.getMyName()); (new WaitForConfig(nodeConfigManager)).waitForConfig(); new LogManager(nodeConfigManager); try { @@ -58,8 +61,7 @@ public class NodeRunner { server.join(); nodeMainLogger.debug("NODE0006 Node Server started-" + server.getState()); } catch (Exception e) { - nodeMainLogger.error("NODE0006 Jetty failed to start. Reporting will we be unavailable: " - + e.getMessage(), e); + nodeMainLogger.error("NODE0006 Jetty failed to start. Reporting will we be unavailable: {}", e.getMessage()); exit(1); } nodeMainLogger.debug("NODE0007 Node Server joined"); diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java index cc07ab62..1a29f682 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java @@ -22,9 +22,6 @@ package org.onap.dmaap.datarouter.node; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import java.util.EnumSet; -import javax.servlet.DispatcherType; -import javax.servlet.ServletException; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.HttpConfiguration; @@ -33,11 +30,11 @@ import org.eclipse.jetty.server.SecureRequestCustomizer; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; -import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.jetbrains.annotations.NotNull; +import org.onap.dmaap.datarouter.node.delivery.Delivery; public class NodeServer { @@ -47,8 +44,7 @@ public class NodeServer { private static Server server; private static Delivery delivery; - private NodeServer(){ - } + private NodeServer(){} static Server getServerInstance(NodeConfigManager nodeConfigManager) { if (server == null) { @@ -77,7 +73,7 @@ public class NodeServer { servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*"); if (nodeConfigManager.isTlsEnabled()) { - initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector, servletContextHandler); + initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector); } else { eelfLogger.info("NODE0005 Adding HTTP Connector"); server.setConnectors(new Connector[]{httpServerConnector}); @@ -88,7 +84,7 @@ public class NodeServer { } private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration, - ServerConnector httpServerConnector, ServletContextHandler servletContextHandler) { + ServerConnector httpServerConnector) { HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setRequestHeaderSize(8192); @@ -99,9 +95,8 @@ public class NodeServer { // HTTPS connector try (ServerConnector httpsServerConnector = new ServerConnector(server, - new SslConnectionFactory(getSslContextFactory(nodeConfigManager), HttpVersion.HTTP_1_1.asString()), + new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfiguration))) { - httpsServerConnector.setPort(nodeConfigManager.getHttpsPort()); httpsServerConnector.setIdleTimeout(3600000); httpsServerConnector.setAcceptQueueSize(2); @@ -119,12 +114,16 @@ public class NodeServer { @NotNull - private static SslContextFactory.Server getSslContextFactory(NodeConfigManager nodeConfigManager) { - SslContextFactory sslContextFactory = new SslContextFactory.Server(); - sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType()); - sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile()); - sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass()); - sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass()); + private static SslContextFactory.Server getSslContextFactory() { + SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); + sslContextFactory.setKeyStoreType(NodeConfigManager.getNodeTlsManager().getKeyStoreType()); + sslContextFactory.setKeyStorePath(NodeConfigManager.getNodeTlsManager().getKeyStorefile()); + sslContextFactory.setKeyStorePassword(NodeConfigManager.getNodeTlsManager().getKeyStorePassword()); + sslContextFactory.setKeyManagerPassword(NodeConfigManager.getNodeTlsManager().getKeyManagerPassword()); + +// sslContextFactory.setTrustStoreType(NodeConfigManager.getNodeTlsManager().getTrustStoreType()); +// sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty()); +// sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty()); sslContextFactory.setExcludeCipherSuites( "SSL_RSA_WITH_DES_CBC_SHA", @@ -135,12 +134,12 @@ public class NodeServer { "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" ); - sslContextFactory.addExcludeProtocols("SSLv3"); + sslContextFactory.setIncludeProtocols(NodeConfigManager.getNodeTlsManager().getEnabledProtocols()); eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols())); eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols())); eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites())); eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites())); - return (SslContextFactory.Server) sslContextFactory; + return sslContextFactory; } } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index 80f7e3ad..4dbe0e75 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -24,7 +24,7 @@ package org.onap.dmaap.datarouter.node; -import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError; +import static org.onap.dmaap.datarouter.node.utils.NodeUtils.sendResponseError; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -44,7 +44,10 @@ import java.util.regex.Pattern; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.jetbrains.annotations.Nullable; +import org.onap.dmaap.datarouter.node.delivery.Delivery; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; +import org.onap.dmaap.datarouter.node.log.StatusLog; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; import org.slf4j.MDC; /** @@ -195,7 +198,6 @@ public class NodeServlet extends HttpServlet { String pubid = null; String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip; Target[] targets; - boolean isAAFFeed = false; if (fileid.startsWith("/delete/")) { deleteFile(req, resp, fileid, pubid); return; @@ -220,28 +222,6 @@ public class NodeServlet extends HttpServlet { return; } feedid = fileid.substring(0, index); - - if (config.getCadiEnabled()) { - String path = req.getPathInfo(); - if (!path.startsWith("/internal") && feedid != null) { - String aafInstance = config.getAafInstance(feedid); - if (!("legacy".equalsIgnoreCase(aafInstance))) { - isAAFFeed = true; - String permission = config.getPermission(aafInstance); - eelfLogger.debug("NodeServlet.common() permission string - " + permission); - //Check in CADI Framework API if user has AAF permission or not - if (!req.isUserInRole(permission)) { - String message = "AAF disallows access to permission string - " + permission; - eelfLogger.error("NODE0307 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() - + FROM + req.getRemoteAddr()); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, message); - eelfLogger.info(EelfMsgs.EXIT); - return; - } - } - } - } - fileid = fileid.substring(index + 1); pubid = config.getPublishId(); targets = config.getTargets(feedid); @@ -254,8 +234,6 @@ public class NodeServlet extends HttpServlet { } fileid = fileid.substring(18); pubid = generateAndValidatePublishId(req); - - user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING")); } else { eelfLogger.error("NODE0204 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req @@ -285,39 +263,15 @@ public class NodeServlet extends HttpServlet { String logurl = HTTPS + hp + INTERNAL_PUBLISH + fileid; if (feedid != null) { logurl = HTTPS + hp + PUBLISH + feedid + "/" + fileid; - //Cadi code starts - if (!isAAFFeed) { - String reason = config.isPublishPermitted(feedid, credentials, ip); - if (reason != null) { - eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil - .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil - .cleanString(ip) + " reason " + PathUtil.cleanString(reason)); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason); - eelfLogger.info(EelfMsgs.EXIT); - return; - } - user = config.getAuthUser(feedid, credentials); - } else { - String reason = config.isPublishPermitted(feedid, ip); - if (reason != null) { - eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil - .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil - .cleanString(ip) + " reason Invalid AAF user- " + PathUtil.cleanString(reason)); - String message = "Invalid AAF user- " + PathUtil.cleanString(reason); - eelfLogger.debug("NODE0308 Rejecting unauthenticated PUT or DELETE of " + PathUtil - .cleanString(req.getPathInfo()) + FROM + PathUtil.cleanString(req.getRemoteAddr())); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, message); - return; - } - if ((req.getUserPrincipal() != null) && (req.getUserPrincipal().getName() != null)) { - String userName = req.getUserPrincipal().getName(); - String[] attid = userName.split("@"); - user = attid[0]; - } else { - user = "AAFUser"; - } + String reason = config.isPublishPermitted(feedid, credentials, ip); + if (reason != null) { + eelfLogger.info("NODE0111 Rejecting unauthorized publish attempt to feed " + feedid + " fileid " + + fileid + " from " + ip + " reason " + reason); + resp.sendError(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN, reason); + eelfLogger.info(EelfMsgs.EXIT); + return; } - //Cadi code Ends + user = config.getAuthUser(feedid, credentials); String newnode = config.getIngressNode(feedid, user, ip); if (newnode != null) { String port = ""; @@ -601,4 +555,88 @@ public class NodeServlet extends HttpServlet { return -1; } } + + /** + * Utility class that validates the path url formed from + * the string passed in the request parameters. + */ + static class PathUtil { + + private PathUtil() { + throw new IllegalStateException("Utility Class"); + } + + /** + * This method takes String as the parameter and return the filtered path string. + * + * @param string String to clean + * @return A cleaned String + */ + static String cleanString(String string) { + if (string == null) { + return null; + } + StringBuilder cleanString = new StringBuilder(); + for (int i = 0; i < string.length(); ++i) { + cleanString.append(cleanChar(string.charAt(i))); + } + return cleanString.toString(); + } + + /** + * This method filters the valid special characters in path string. + * + * @param character The char to be cleaned + * @return The cleaned char + */ + private static char cleanChar(char character) { + // 0 - 9 + for (int i = 48; i < 58; ++i) { + if (character == i) { + return (char) i; + } + } + // 'A' - 'Z' + for (int i = 65; i < 91; ++i) { + if (character == i) { + return (char) i; + } + } + // 'a' - 'z' + for (int i = 97; i < 123; ++i) { + if (character == i) { + return (char) i; + } + } + return getValidCharacter(character); + } + + private static char getValidCharacter(char character) { + // other valid characters + switch (character) { + case '/': + return '/'; + case '.': + return '.'; + case '-': + return '-'; + case ':': + return ':'; + case '?': + return '?'; + case '&': + return '&'; + case '=': + return '='; + case '#': + return '#'; + case '_': + return '_'; + case ' ': + return ' '; + default: + return '%'; + } + } + } } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PathUtil.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PathUtil.java deleted file mode 100644 index d67c9094..00000000 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PathUtil.java +++ /dev/null @@ -1,106 +0,0 @@ -/*-
- * ============LICENSE_START=======================================================
- * Copyright (C) 2019 Nordix Foundation.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.datarouter.node;
-
-/**
- * FORTIFY SCAN FIXES.
- * <p>This Utility is used for Fortify fixes. It Validates the path url formed from
- * the string passed in the request parameters.</p>
- */
-class PathUtil {
-
- private PathUtil() {
- throw new IllegalStateException("Utility Class");
- }
-
- /**
- * This method takes String as the parameter and return the filtered path string.
- *
- * @param string String to clean
- * @return A cleaned String
- */
- static String cleanString(String string) {
- if (string == null) {
- return null;
- }
- StringBuilder cleanString = new StringBuilder();
- for (int i = 0; i < string.length(); ++i) {
- cleanString.append(cleanChar(string.charAt(i)));
- }
- return cleanString.toString();
- }
-
- /**
- * This method filters the valid special characters in path string.
- *
- * @param character The char to be cleaned
- * @return The cleaned char
- */
- private static char cleanChar(char character) {
- // 0 - 9
- for (int i = 48; i < 58; ++i) {
- if (character == i) {
- return (char) i;
- }
- }
- // 'A' - 'Z'
- for (int i = 65; i < 91; ++i) {
- if (character == i) {
- return (char) i;
- }
- }
- // 'a' - 'z'
- for (int i = 97; i < 123; ++i) {
- if (character == i) {
- return (char) i;
- }
- }
- return getValidCharacter(character);
- }
-
- private static char getValidCharacter(char character) {
- // other valid characters
- switch (character) {
- case '/':
- return '/';
- case '.':
- return '.';
- case '-':
- return '-';
- case ':':
- return ':';
- case '?':
- return '?';
- case '&':
- return '&';
- case '=':
- return '=';
- case '#':
- return '#';
- case '_':
- return '_';
- case ' ':
- return ' ';
- default:
- return '%';
- }
- }
-}
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PublishId.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PublishId.java deleted file mode 100644 index 1ffc9ec4..00000000 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PublishId.java +++ /dev/null @@ -1,56 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START================================================== - * * org.onap.dmaap - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ - - -package org.onap.dmaap.datarouter.node; - -/** - * Generate publish IDs. - */ -public class PublishId { - - private long nextuid; - private final String myname; - - /** - * Generate publish IDs for the specified name. - * - * @param myname Unique identifier for this publish ID generator (usually fqdn of server) - */ - public PublishId(String myname) { - this.myname = myname; - } - - /** - * Generate a Data Router Publish ID that uniquely identifies the particular invocation of the Publish API for log - * correlation purposes. - */ - public synchronized String next() { - long now = System.currentTimeMillis(); - if (now < nextuid) { - now = nextuid; - } - nextuid = now + 1; - return (now + "." + myname); - } -} diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/TaskList.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/TaskList.java index a77277f2..26031854 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/TaskList.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/TaskList.java @@ -41,7 +41,7 @@ import java.util.Iterator; class TaskList { private Iterator<Runnable> runlist; - private HashSet<Runnable> tasks = new HashSet<>(); + private final HashSet<Runnable> tasks = new HashSet<>(); private HashSet<Runnable> togo; private HashSet<Runnable> sofar; private HashSet<Runnable> added; diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfig.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/NodeConfig.java index 127668ff..33b7bd0e 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfig.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/NodeConfig.java @@ -22,7 +22,7 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.config; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -32,6 +32,11 @@ import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import org.jetbrains.annotations.NotNull; +import org.onap.dmaap.datarouter.node.DestInfo; +import org.onap.dmaap.datarouter.node.DestInfoBuilder; +import org.onap.dmaap.datarouter.node.IsFrom; +import org.onap.dmaap.datarouter.node.Target; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; /** * Processed configuration for this node. @@ -43,16 +48,16 @@ import org.jetbrains.annotations.NotNull; public class NodeConfig { private static final String PUBLISHER_NOT_PERMITTED = "Publisher not permitted for this feed"; - private static EELFLogger logger = EELFManager.getInstance().getLogger(NodeConfig.class); - private HashMap<String, String> params = new HashMap<>(); - private HashMap<String, Feed> feeds = new HashMap<>(); - private HashMap<String, DestInfo> nodeinfo = new HashMap<>(); - private HashMap<String, DestInfo> subinfo = new HashMap<>(); - private HashMap<String, IsFrom> nodes = new HashMap<>(); - private HashMap<String, ProvSubscription> provSubscriptions = new HashMap<>(); - private String myname; + private static final EELFLogger logger = EELFManager.getInstance().getLogger(NodeConfig.class); + private final HashMap<String, String> params = new HashMap<>(); + private final HashMap<String, Feed> feeds = new HashMap<>(); + private final HashMap<String, DestInfo> nodeinfo = new HashMap<>(); + private final HashMap<String, DestInfo> subinfo = new HashMap<>(); + private final HashMap<String, IsFrom> nodes = new HashMap<>(); + private final HashMap<String, ProvSubscription> provSubscriptions = new HashMap<>(); + private final String myname; private String myauth; - private DestInfo[] alldests; + private final DestInfo[] alldests; private int rrcntr; /** @@ -228,11 +233,6 @@ public class NodeConfig { feed.createdDate = pfx.getCreatedDate(); feed.loginfo = pfx.getLogData(); feed.status = pfx.getStatus(); - /* - * AAF changes: TDP EPIC US# 307413 - * Passing aafInstance from ProvFeed to identify legacy/AAF feeds - */ - feed.aafInstance = pfx.getAafInstance(); ArrayList<SubnetMatcher> v1 = pfstab.get(fid); if (v1 == null) { feed.subnets = new SubnetMatcher[0]; @@ -330,33 +330,6 @@ public class NodeConfig { } /** - * Check whether publication is allowed for AAF Feed. - * - * @param feedid The ID of the feed being requested. - * @param ip The requesting IP address - */ - public String isPublishPermitted(String feedid, String ip) { - Feed feed = feeds.get(feedid); - String nf = "Feed does not exist"; - if (feed != null) { - nf = feed.status; - } - if (nf != null) { - return nf; - } - if (feed.subnets.length == 0) { - return null; - } - byte[] addr = NodeUtils.getInetAddress(ip); - for (SubnetMatcher snm : feed.subnets) { - if (snm.matches(addr)) { - return null; - } - } - return PUBLISHER_NOT_PERMITTED; - } - - /** * Check whether delete file is allowed. * * @param subId The ID of the subscription being requested. @@ -374,16 +347,6 @@ public class NodeConfig { } /** - * AAF changes: TDP EPIC US# 307413 Check AAF_instance for feed ID. - * - * @param feedid The ID of the feed specified - */ - public String getAafInstance(String feedid) { - Feed feed = feeds.get(feedid); - return feed.aafInstance; - } - - /** * Check if the request should be redirected to a different ingress node. */ public String getIngressNode(String feedid, String user, String ip) { @@ -586,15 +549,10 @@ public class NodeConfig { */ public static class ProvFeed { - private String id; - private String logdata; - private String status; - private String createdDate; - /* - * AAF changes: TDP EPIC US# 307413 - * Passing aafInstance from to identify legacy/AAF feeds - */ - private String aafInstance; + private final String id; + private final String logdata; + private final String status; + private final String createdDate; /** * Construct a feed configuration entry. @@ -604,12 +562,11 @@ public class NodeConfig { * @param status The reason why this feed cannot be used (Feed has been deleted, Feed has been suspended) or * null if it is valid. */ - public ProvFeed(String id, String logdata, String status, String createdDate, String aafInstance) { + public ProvFeed(String id, String logdata, String status, String createdDate) { this.id = id; this.logdata = logdata; this.status = status; this.createdDate = createdDate; - this.aafInstance = aafInstance; } /** @@ -620,13 +577,6 @@ public class NodeConfig { } /** - * Get the aafInstance of the data feed. - */ - public String getAafInstance() { - return aafInstance; - } - - /** * Get the feed id of the data feed. */ public String getId() { @@ -653,9 +603,9 @@ public class NodeConfig { */ public static class ProvFeedUser { - private String feedid; - private String user; - private String credentials; + private final String feedid; + private final String user; + private final String credentials; /** * Construct a feed user configuration entry. @@ -697,8 +647,8 @@ public class NodeConfig { */ public static class ProvFeedSubnet { - private String feedid; - private String cidr; + private final String feedid; + private final String cidr; /** * Construct a feed subnet configuration entry. @@ -731,16 +681,16 @@ public class NodeConfig { */ public static class ProvSubscription { - private String subid; - private String feedid; - private String url; - private String authuser; - private String credentials; - private boolean metaonly; - private boolean use100; - private boolean privilegedSubscriber; - private boolean followRedirect; - private boolean decompress; + private final String subid; + private final String feedid; + private final String url; + private final String authuser; + private final String credentials; + private final boolean metaonly; + private final boolean use100; + private final boolean privilegedSubscriber; + private final boolean followRedirect; + private final boolean decompress; /** * Construct a subscription configuration entry. @@ -839,7 +789,7 @@ public class NodeConfig { * New field is added - FOLLOW_REDIRECTS feature iTrack:DATARTR-17 - 1706 Get the followRedirect of this * destination. */ - boolean getFollowRedirect() { + public boolean getFollowRedirect() { return (followRedirect); } } @@ -849,10 +799,10 @@ public class NodeConfig { */ public static class ProvForceIngress { - private String feedid; - private String subnet; - private String user; - private String[] nodes; + private final String feedid; + private final String subnet; + private final String user; + private final String[] nodes; /** * Construct a forced ingress configuration entry. @@ -909,8 +859,8 @@ public class NodeConfig { */ public static class ProvForceEgress { - private String subid; - private String node; + private final String subid; + private final String node; /** * Construct a forced egress configuration entry. @@ -943,9 +893,9 @@ public class NodeConfig { */ public static class ProvHop { - private String from; - private String to; - private String via; + private final String from; + private final String to; + private final String via; /** * Construct a hop entry. @@ -1005,6 +955,5 @@ public class NodeConfig { Redirection[] redirections; Target[] targets; String createdDate; - String aafInstance; } } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PathFinder.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/PathFinder.java index fe3fdb6e..b911df2c 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/PathFinder.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/PathFinder.java @@ -22,23 +22,24 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.config; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; import org.jetbrains.annotations.Nullable; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvHop; +import org.onap.dmaap.datarouter.node.config.NodeConfig; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvHop; /** * Given a set of node names and next hops, identify and ignore any cycles and figure out the sequence of next hops to * get from this node to any other node. */ -class PathFinder { +public class PathFinder { - private ArrayList<String> errors = new ArrayList<>(); - private HashMap<String, String> routes = new HashMap<>(); + private final ArrayList<String> errors = new ArrayList<>(); + private final HashMap<String, String> routes = new HashMap<>(); /** * Find routes from a specified origin to all of the nodes given a set of specified next hops. @@ -47,7 +48,7 @@ class PathFinder { * @param nodes where we can go * @param hops detours along the way */ - PathFinder(String origin, String[] nodes, NodeConfig.ProvHop[] hops) { + public PathFinder(String origin, String[] nodes, NodeConfig.ProvHop[] hops) { HashSet<String> known = new HashSet<>(); HashMap<String, HashMap<String, Hop>> ht = new HashMap<>(); for (String n : nodes) { @@ -77,7 +78,7 @@ class PathFinder { * * @return array of error descriptions */ - String[] getErrors() { + public String[] getErrors() { return (errors.toArray(new String[0])); } @@ -87,7 +88,7 @@ class PathFinder { * @param destination node * @return list of node names separated by and ending with "/" */ - String getPath(String destination) { + public String getPath(String destination) { String ret = routes.get(destination); if (ret == null) { return (""); diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/ProvData.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/ProvData.java index 2c205804..1c584fd7 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/ProvData.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/ProvData.java @@ -22,7 +22,7 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.config; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -34,16 +34,17 @@ import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; import org.json.JSONTokener; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvFeed; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvFeedSubnet; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvFeedUser; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvForceEgress; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvForceIngress; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvHop; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvNode; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvParam; -import org.onap.dmaap.datarouter.node.NodeConfig.ProvSubscription; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvFeed; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvFeedSubnet; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvFeedUser; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvForceEgress; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvForceIngress; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvHop; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvNode; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvParam; +import org.onap.dmaap.datarouter.node.config.NodeConfig.ProvSubscription; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; /** * Parser for provisioning data from the provisioning server. @@ -55,16 +56,16 @@ public class ProvData { private static final String FEED_ID = "feedid"; - private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(ProvData.class); - private NodeConfig.ProvNode[] pn; - private NodeConfig.ProvParam[] pp; - private NodeConfig.ProvFeed[] pf; - private NodeConfig.ProvFeedUser[] pfu; - private NodeConfig.ProvFeedSubnet[] pfsn; - private NodeConfig.ProvSubscription[] ps; - private NodeConfig.ProvForceIngress[] pfi; - private NodeConfig.ProvForceEgress[] pfe; - private NodeConfig.ProvHop[] ph; + private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(ProvData.class); + private final NodeConfig.ProvNode[] provNodes; + private final NodeConfig.ProvParam[] provParams; + private final NodeConfig.ProvFeed[] provFeeds; + private final NodeConfig.ProvFeedUser[] provFeedUsers; + private final NodeConfig.ProvFeedSubnet[] provFeedSubnets; + private final NodeConfig.ProvSubscription[] provSubscriptions; + private final NodeConfig.ProvForceIngress[] provForceIngresses; + private final NodeConfig.ProvForceEgress[] provForceEgresses; + private final NodeConfig.ProvHop[] provHops; /** * Construct raw provisioing data entries from the text (JSON) provisioning document received from the provisioning @@ -73,27 +74,27 @@ public class ProvData { * @param reader The reader for the JSON text. */ public ProvData(Reader reader) throws IOException { - ArrayList<ProvNode> pnv = new ArrayList<>(); - ArrayList<NodeConfig.ProvParam> ppv = new ArrayList<>(); - ArrayList<NodeConfig.ProvFeed> pfv = new ArrayList<>(); - ArrayList<NodeConfig.ProvFeedUser> pfuv = new ArrayList<>(); - ArrayList<NodeConfig.ProvFeedSubnet> pfsnv = new ArrayList<>(); - ArrayList<NodeConfig.ProvSubscription> psv = new ArrayList<>(); - ArrayList<NodeConfig.ProvForceIngress> pfiv = new ArrayList<>(); - ArrayList<NodeConfig.ProvForceEgress> pfev = new ArrayList<>(); - ArrayList<NodeConfig.ProvHop> phv = new ArrayList<>(); + ArrayList<ProvNode> provNodeArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvParam> provParamArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvFeed> provFeedArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvFeedUser> provFeedUserArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvFeedSubnet> provFeedSubnetArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvSubscription> provSubscriptionArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvForceIngress> provForceIngressArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvForceEgress> provForceEgressArrayList = new ArrayList<>(); + ArrayList<NodeConfig.ProvHop> provHopArrayList = new ArrayList<>(); try { - JSONTokener jtx = new JSONTokener(reader); - JSONObject jcfg = new JSONObject(jtx); - char cch = jtx.nextClean(); - if (cch != '\0') { + JSONTokener jsonTokener = new JSONTokener(reader); + JSONObject jsonObject = new JSONObject(jsonTokener); + char nextCleanChar = jsonTokener.nextClean(); + if (nextCleanChar != '\0') { throw new JSONException("Spurious characters following configuration"); } reader.close(); - addJSONFeeds(pfv, pfuv, pfsnv, jcfg); - addJSONSubs(psv, jcfg); - addJSONParams(pnv, ppv, jcfg); - addJSONRoutingInformation(pfiv, pfev, phv, jcfg); + addJSONFeeds(provFeedArrayList, provFeedUserArrayList, provFeedSubnetArrayList, jsonObject); + addJSONSubs(provSubscriptionArrayList, jsonObject); + addJSONParams(provNodeArrayList, provParamArrayList, jsonObject); + addJSONRoutingInformation(provForceIngressArrayList, provForceEgressArrayList, provHopArrayList, jsonObject); } catch (JSONException jse) { NodeUtils.setIpAndFqdnForEelf("ProvData"); eelfLogger.error(EelfMsgs.MESSAGE_PARSING_ERROR, jse.toString()); @@ -101,15 +102,15 @@ public class ProvData { .error("NODE0201 Error parsing configuration data from provisioning server " + jse.toString(), jse); throw new IOException(jse.toString(), jse); } - pn = pnv.toArray(new NodeConfig.ProvNode[pnv.size()]); - pp = ppv.toArray(new NodeConfig.ProvParam[ppv.size()]); - pf = pfv.toArray(new NodeConfig.ProvFeed[pfv.size()]); - pfu = pfuv.toArray(new NodeConfig.ProvFeedUser[pfuv.size()]); - pfsn = pfsnv.toArray(new NodeConfig.ProvFeedSubnet[pfsnv.size()]); - ps = psv.toArray(new NodeConfig.ProvSubscription[psv.size()]); - pfi = pfiv.toArray(new NodeConfig.ProvForceIngress[pfiv.size()]); - pfe = pfev.toArray(new NodeConfig.ProvForceEgress[pfev.size()]); - ph = phv.toArray(new NodeConfig.ProvHop[phv.size()]); + provNodes = provNodeArrayList.toArray(new ProvNode[0]); + provParams = provParamArrayList.toArray(new ProvParam[0]); + provFeeds = provFeedArrayList.toArray(new ProvFeed[0]); + provFeedUsers = provFeedUserArrayList.toArray(new ProvFeedUser[0]); + provFeedSubnets = provFeedSubnetArrayList.toArray(new ProvFeedSubnet[0]); + provSubscriptions = provSubscriptionArrayList.toArray(new ProvSubscription[0]); + provForceIngresses = provForceIngressArrayList.toArray(new ProvForceIngress[0]); + provForceEgresses = provForceEgressArrayList.toArray(new ProvForceEgress[0]); + provHops = provHopArrayList.toArray(new ProvHop[0]); } private static String[] gvasa(JSONObject object, String key) { @@ -156,63 +157,63 @@ public class ProvData { * Get the raw node configuration entries. */ public NodeConfig.ProvNode[] getNodes() { - return (pn); + return (provNodes); } /** * Get the raw parameter configuration entries. */ public NodeConfig.ProvParam[] getParams() { - return (pp); + return (provParams); } /** * Ge the raw feed configuration entries. */ public NodeConfig.ProvFeed[] getFeeds() { - return (pf); + return (provFeeds); } /** * Get the raw feed user configuration entries. */ public NodeConfig.ProvFeedUser[] getFeedUsers() { - return (pfu); + return (provFeedUsers); } /** * Get the raw feed subnet configuration entries. */ public NodeConfig.ProvFeedSubnet[] getFeedSubnets() { - return (pfsn); + return (provFeedSubnets); } /** * Get the raw subscription entries. */ public NodeConfig.ProvSubscription[] getSubscriptions() { - return (ps); + return (provSubscriptions); } /** * Get the raw forced ingress entries. */ public NodeConfig.ProvForceIngress[] getForceIngress() { - return (pfi); + return (provForceIngresses); } /** * Get the raw forced egress entries. */ public NodeConfig.ProvForceEgress[] getForceEgress() { - return (pfe); + return (provForceEgresses); } /** * Get the raw next hop entries. */ public NodeConfig.ProvHop[] getHops() { - return (ph); + return (provHops); } @Nullable @@ -245,16 +246,7 @@ public class ProvData { String fname = gvas(jfeed, "name"); String fver = gvas(jfeed, "version"); String createdDate = gvas(jfeed, "created_date"); - /* - * START - AAF changes - * TDP EPIC US# 307413 - * Passing aafInstance to ProvFeed from feeds json passed by prov to identify legacy/AAF feeds - */ - String aafInstance = gvas(jfeed, "aaf_instance"); - pfv.add(new ProvFeed(fid, fname + "//" + fver, stat, createdDate, aafInstance)); - /* - * END - AAF changes - */ + pfv.add(new ProvFeed(fid, fname + "//" + fver, stat, createdDate)); addJSONFeedAuthArrays(pfuv, pfsnv, jfeed, fid); } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/SubnetMatcher.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/SubnetMatcher.java index 2f510120..602c283e 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/SubnetMatcher.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/config/SubnetMatcher.java @@ -22,7 +22,9 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.config; + +import org.onap.dmaap.datarouter.node.utils.NodeUtils; /** * Compare IP addresses as byte arrays to a subnet specified as a CIDR. diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/Delivery.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/Delivery.java index 0326fb08..5164e612 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/Delivery.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/Delivery.java @@ -21,7 +21,7 @@ * * ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.delivery; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -32,6 +32,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.Objects; +import org.onap.dmaap.datarouter.node.DestInfo; +import org.onap.dmaap.datarouter.node.NodeConfigManager; /** * Main control point for delivering files to destinations. @@ -277,7 +279,7 @@ public class Delivery { return false; } - static class DelItem implements Comparable<DelItem> { + public static class DelItem implements Comparable<DelItem> { private String pubid; private String spool; diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryQueue.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryQueue.java index d447bcc1..de1defca 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryQueue.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryQueue.java @@ -22,7 +22,7 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.delivery; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -32,6 +32,8 @@ import java.util.Arrays; import java.util.HashMap; import java.util.List; import org.jetbrains.annotations.Nullable; +import org.onap.dmaap.datarouter.node.DestInfo; +import org.onap.dmaap.datarouter.node.log.StatusLog; /** * Mechanism for monitoring and controlling delivery of files to a destination. @@ -85,7 +87,7 @@ public class DeliveryQueue implements Runnable, DeliveryTaskHelper { /** * Create a delivery queue for a given destination info. */ - DeliveryQueue(DeliveryQueueHelper deliveryQueueHelper, DestInfo destinationInfo) { + public DeliveryQueue(DeliveryQueueHelper deliveryQueueHelper, DestInfo destinationInfo) { this.deliveryQueueHelper = deliveryQueueHelper; this.destinationInfo = destinationInfo; dir = new File(destinationInfo.getSpool()); @@ -97,7 +99,7 @@ public class DeliveryQueue implements Runnable, DeliveryTaskHelper { * * @return The length of the task in bytes or 0 if the task cannot be cancelled. */ - synchronized long cancelTask(String pubid) { + public synchronized long cancelTask(String pubid) { if (working.get(pubid) != null) { return (0); } @@ -197,7 +199,7 @@ public class DeliveryQueue implements Runnable, DeliveryTaskHelper { /** * Get the next task. */ - synchronized DeliveryTask getNext() { + public synchronized DeliveryTask getNext() { DeliveryTask ret = peekNext(); if (ret != null) { todoindex++; @@ -209,7 +211,7 @@ public class DeliveryQueue implements Runnable, DeliveryTaskHelper { /** * Peek at the next task. */ - synchronized DeliveryTask peekNext() { + public synchronized DeliveryTask peekNext() { long now = System.currentTimeMillis(); long mindate = now - deliveryQueueHelper.getExpirationTimer(); if (failed) { @@ -364,14 +366,14 @@ public class DeliveryQueue implements Runnable, DeliveryTaskHelper { /** * Reset the retry timer. */ - void resetQueue() { + public void resetQueue() { resumetime = System.currentTimeMillis(); } /** * Get task if in queue and mark as success. */ - boolean markTaskSuccess(String pubId) { + public boolean markTaskSuccess(String pubId) { DeliveryTask task = working.get(pubId); if (task != null) { markSuccess(task); diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryQueueHelper.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryQueueHelper.java index 5427fafd..ec69fff1 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryQueueHelper.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryQueueHelper.java @@ -22,7 +22,9 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.delivery; + +import org.onap.dmaap.datarouter.node.DestInfo; /** * Interface to allow independent testing of the DeliveryQueue code diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryTask.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryTask.java index 55ad6aa8..744a4476 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryTask.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryTask.java @@ -22,10 +22,10 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.delivery; import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID; -import static org.onap.dmaap.datarouter.node.NodeUtils.isFiletypeGzip; +import static org.onap.dmaap.datarouter.node.utils.NodeUtils.isFiletypeGzip; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -45,6 +45,8 @@ import java.util.Arrays; import java.util.UUID; import java.util.zip.GZIPInputStream; import org.jetbrains.annotations.Nullable; +import org.onap.dmaap.datarouter.node.DestInfo; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; import org.slf4j.MDC; @@ -86,7 +88,7 @@ public class DeliveryTask implements Runnable, Comparable<DeliveryTask> { * @param pubid The publish ID for this file. This is used as the base for the file name in the spool directory and * is of the form (milliseconds since 1970).(fqdn of initial data router node) */ - DeliveryTask(DeliveryTaskHelper deliveryTaskHelper, String pubid) { + public DeliveryTask(DeliveryTaskHelper deliveryTaskHelper, String pubid) { this.deliveryTaskHelper = deliveryTaskHelper; this.pubid = pubid; destInfo = deliveryTaskHelper.getDestinationInfo(); @@ -177,7 +179,7 @@ public class DeliveryTask implements Runnable, Comparable<DeliveryTask> { /** * Get the publish ID. */ - String getPublishId() { + public String getPublishId() { return (pubid); } @@ -356,7 +358,7 @@ public class DeliveryTask implements Runnable, Comparable<DeliveryTask> { /** * Remove meta and data files. */ - void clean() { + public void clean() { deleteWithRetry(datafile); deleteWithRetry(metafile); eelfLogger.info(EelfMsgs.INVOKE, newInvocationId); @@ -389,14 +391,14 @@ public class DeliveryTask implements Runnable, Comparable<DeliveryTask> { /** * Set the resume time for a delivery task. */ - void setResumeTime(long resumeTime) { + public void setResumeTime(long resumeTime) { this.resumeTime = resumeTime; } /** * Has this delivery task been cleaned. */ - boolean isCleaned() { + public boolean isCleaned() { return (hdrs == null); } @@ -410,7 +412,7 @@ public class DeliveryTask implements Runnable, Comparable<DeliveryTask> { /** * Get creation date as encoded in the publish ID. */ - long getDate() { + public long getDate() { return (date); } @@ -424,49 +426,49 @@ public class DeliveryTask implements Runnable, Comparable<DeliveryTask> { /** * Get the content type. */ - String getCType() { + public String getCType() { return (ctype); } /** * Get the method. */ - String getMethod() { + public String getMethod() { return (method); } /** * Get the file ID. */ - String getFileId() { + public String getFileId() { return (fileid); } /** * Get the number of delivery attempts. */ - int getAttempts() { + public int getAttempts() { return (attempts); } /** * Get the (space delimited list of) subscription ID for this delivery task. */ - String getSubId() { + public String getSubId() { return (subid); } /** * Get the feed ID for this delivery task. */ - String getFeedId() { + public String getFeedId() { return (feedid); } /** * Get the followRedirects for this delivery task. */ - boolean getFollowRedirects() { + public boolean getFollowRedirects() { return (followRedirects); } } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryTaskHelper.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryTaskHelper.java index b9068f2f..529acfe0 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DeliveryTaskHelper.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/delivery/DeliveryTaskHelper.java @@ -22,7 +22,9 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.delivery; + +import org.onap.dmaap.datarouter.node.DestInfo; /** * Interface to allow independent testing of the DeliveryTask code. diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/eelf/MetricsFilter.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/eelf/MetricsFilter.java index af820797..5f29683f 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/eelf/MetricsFilter.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/eelf/MetricsFilter.java @@ -36,8 +36,6 @@ public class MetricsFilter extends Filter<ILoggingEvent> { "PBF|") && !event.getMessage().contains("EXP|") && !event.getMessage().contains("DLX|")) { return FilterReply.ACCEPT; } - } else { - return FilterReply.DENY; } return FilterReply.DENY; } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/LogManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/log/LogManager.java index 4c7ea9c8..47739739 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/LogManager.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/log/LogManager.java @@ -21,7 +21,7 @@ * * ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.log; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -38,6 +38,11 @@ import java.util.TimerTask; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.jetbrains.annotations.NotNull; +import org.onap.dmaap.datarouter.node.DestInfo; +import org.onap.dmaap.datarouter.node.DestInfoBuilder; +import org.onap.dmaap.datarouter.node.NodeConfigManager; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueue; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueueHelper; /** * Cleanup of old log files. @@ -93,7 +98,7 @@ public class LogManager extends TimerTask { return worker; } - class Uploader extends Thread implements DeliveryQueueHelper { + public class Uploader extends Thread implements DeliveryQueueHelper { private static final String META = "/.meta"; private EELFLogger logger = EELFManager.getInstance().getLogger(Uploader.class); diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/StatusLog.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/log/StatusLog.java index 2e646043..ba248a58 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/StatusLog.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/log/StatusLog.java @@ -21,7 +21,7 @@ * * ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.log; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; @@ -35,6 +35,8 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.regex.Matcher; import java.util.regex.Pattern; +import org.onap.dmaap.datarouter.node.NodeConfigManager; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; /** * Logging for data router delivery events (PUB/DEL/EXP). diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/utils/NodeTlsManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/utils/NodeTlsManager.java new file mode 100644 index 00000000..a32699d4 --- /dev/null +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/utils/NodeTlsManager.java @@ -0,0 +1,169 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2022 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.datarouter.node.utils; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Enumeration; +import java.util.Properties; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; +import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; + +public class NodeTlsManager { + + private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeTlsManager.class); + + private String keyStoreType; + private String keyStorefile; + private String keyStorePassword; + private String keyManagerPassword; + private final String[] enabledProtocols; + + public NodeTlsManager(Properties properties) { + enabledProtocols = properties.getProperty("NodeHttpsProtocols", + "TLSv1.1|TLSv1.2").trim().split("\\|"); + setUpKeyStore(properties); + setUpTrustStore(properties); + } + + private void setUpKeyStore(Properties properties) { + keyStoreType = properties.getProperty("KeyStoreType", "PKCS12"); + keyStorefile = properties.getProperty("KeyStorePath"); + keyStorePassword = properties.getProperty("KeyStorePass"); + keyManagerPassword = properties.getProperty("KeyManagerPass"); + } + + private void setUpTrustStore(Properties properties) { + String trustStoreType = properties.getProperty("TrustStoreType", "jks"); + String trustStoreFile = properties.getProperty("TrustStorePath"); + String trustStorePassword = properties.getProperty("TrustStorePass"); + if (trustStoreFile != null && trustStoreFile.length() > 0) { + eelfLogger.info("TrustStore found. Loading {} file {} to System Properties.", trustStoreType, trustStoreFile); + System.setProperty("javax.net.ssl.trustStoreType", trustStoreType); + System.setProperty("javax.net.ssl.trustStore", trustStoreFile); + System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword); + return; + } + eelfLogger.error("TrustStore not found. Falling back to 1 way TLS"); + } + + public String getKeyStoreType() { + return keyStoreType; + } + + public String getKeyStorefile() { + return keyStorefile; + } + + public String getKeyStorePassword() { + return keyStorePassword; + } + + public String getKeyManagerPassword() { + return keyManagerPassword; + } + + public String[] getEnabledProtocols() { + return enabledProtocols; + } + + /** + * Get the CN value of the first private key entry with a certificate. + * + * @return CN of the certificate subject or null + */ + public String getMyNameFromCertificate() { + return getCanonicalName(this.keyStoreType, this.keyStorefile, this.keyStorePassword); + } + + private String getCanonicalName(String kstype, String ksfile, String kspass) { + KeyStore ks; + try { + ks = KeyStore.getInstance(kstype); + if (loadKeyStore(ksfile, kspass, ks)) { + return (null); + } + } catch (Exception e) { + NodeUtils.setIpAndFqdnForEelf("getCanonicalName"); + eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_LOAD_ERROR, e, ksfile); + return (null); + } + return (getCanonicalName(ks)); + } + + private String getCanonicalName(KeyStore ks) { + try { + Enumeration<String> aliases = ks.aliases(); + while (aliases.hasMoreElements()) { + String name = getNameFromSubject(ks, aliases); + if (name != null) { + return name; + } + } + } catch (Exception e) { + eelfLogger.error("NODE0402 Error extracting my name from my keystore file " + e); + } + return (null); + } + + private boolean loadKeyStore(String ksfile, String kspass, KeyStore ks) + throws NoSuchAlgorithmException, CertificateException { + try (FileInputStream fileInputStream = new FileInputStream(ksfile)) { + ks.load(fileInputStream, kspass.toCharArray()); + } catch (IOException ioException) { + eelfLogger.error("IOException occurred while opening FileInputStream: " + ioException.getMessage(), + ioException); + return true; + } + return false; + } + + private String getNameFromSubject(KeyStore ks, Enumeration<String> aliases) throws KeyStoreException { + String alias = aliases.nextElement(); + String nameFromSubject = null; + if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { + X509Certificate cert = (X509Certificate) ks.getCertificate(alias); + if (cert != null) { + String subject = cert.getSubjectX500Principal().getName(); + try { + LdapName ln = new LdapName(subject); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("CN")) { + nameFromSubject = rdn.getValue().toString(); + } + } + } catch (InvalidNameException e) { + eelfLogger.error("No valid CN not found for dr-node cert", e); + } + } + } + return nameFromSubject; + } +} diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/utils/NodeUtils.java index 5cca7375..bd233d3e 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/utils/NodeUtils.java @@ -22,7 +22,7 @@ ******************************************************************************/ -package org.onap.dmaap.datarouter.node; +package org.onap.dmaap.datarouter.node.utils; import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID; import static com.att.eelf.configuration.Configuration.MDC_SERVER_FQDN; @@ -112,51 +112,6 @@ public class NodeUtils { } /** - * Given a keystore file and its password, return the value of the CN of the first private key entry with a - * certificate. - * - * @param kstype The type of keystore - * @param ksfile The file name of the keystore - * @param kspass The password of the keystore - * @return CN of the certificate subject or null - */ - public static String getCanonicalName(String kstype, String ksfile, String kspass) { - KeyStore ks; - try { - ks = KeyStore.getInstance(kstype); - if (loadKeyStore(ksfile, kspass, ks)) { - return (null); - } - } catch (Exception e) { - setIpAndFqdnForEelf("getCanonicalName"); - eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_LOAD_ERROR, e, ksfile); - return (null); - } - return (getCanonicalName(ks)); - } - - /** - * Given a keystore, return the value of the CN of the first private key entry with a certificate. - * - * @param ks The KeyStore - * @return CN of the certificate subject or null - */ - public static String getCanonicalName(KeyStore ks) { - try { - Enumeration<String> aliases = ks.aliases(); - while (aliases.hasMoreElements()) { - String name = getNameFromSubject(ks, aliases); - if (name != null) { - return name; - } - } - } catch (Exception e) { - eelfLogger.error("NODE0402 Error extracting my name from my keystore file " + e.toString(), e); - } - return (null); - } - - /** * Given a string representation of an IP address, get the corresponding byte array. * * @param ip The IP address as a string @@ -281,54 +236,18 @@ public class NodeUtils { } /** - * Method to check to see if file is of type gzip. + * If file is of type gzip. * * @param file The name of the file to be checked * @return True if the file is of type gzip */ public static boolean isFiletypeGzip(File file) { try (FileInputStream fileInputStream = new FileInputStream(file); - GZIPInputStream gzip = new GZIPInputStream(fileInputStream)) { - + GZIPInputStream ignored = new GZIPInputStream(fileInputStream)) { return true; } catch (IOException e) { - eelfLogger.error("NODE0403 " + file.toString() + " Not in gzip(gz) format: " + e.toString() + e); + eelfLogger.error("NODE0403 " + file + " Not in gzip(gz) format: " + e + e); return false; } } - - - private static boolean loadKeyStore(String ksfile, String kspass, KeyStore ks) - throws NoSuchAlgorithmException, CertificateException { - try (FileInputStream fileInputStream = new FileInputStream(ksfile)) { - ks.load(fileInputStream, kspass.toCharArray()); - } catch (IOException ioException) { - eelfLogger.error("IOException occurred while opening FileInputStream: " + ioException.getMessage(), - ioException); - return true; - } - return false; - } - - - private static String getNameFromSubject(KeyStore ks, Enumeration<String> aliases) throws KeyStoreException { - String alias = aliases.nextElement(); - if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { - X509Certificate cert = (X509Certificate) ks.getCertificate(alias); - if (cert != null) { - String subject = cert.getSubjectX500Principal().getName(); - try { - LdapName ln = new LdapName(subject); - for (Rdn rdn : ln.getRdns()) { - if (rdn.getType().equalsIgnoreCase("CN")) { - return rdn.getValue().toString(); - } - } - } catch (InvalidNameException e) { - eelfLogger.error("No valid CN not found for dr-node cert", e); - } - } - } - return null; - } } diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props deleted file mode 100644 index 9a43f584..00000000 --- a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props +++ /dev/null @@ -1,17 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:31:16.865+0000 -# @copyright 2019, AT&T -############################################################ -Challenge=enc:2dZO7B2UVelU01IezilQ9hUYptjIvurC6JWO9vJHOiiqg9qUna3AdEMxzBpXcgIO -cadi_alias=dmaap-dr-node@dmaap-dr.onap.org -cadi_key_password=enc:ow380FBQU5xvQEDzTiXdfx-BD_0dEWbRCXjnUPxVFatk_7KaejgiLCVew6C6x8_9 -cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile -cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr.p12 -cadi_keystore_password=enc:Urky1AuqpokGwoSl72ypmhVONokY0H1Gy28S9P8jfvK1-d7W8SODXf87K37EubDo -cadi_keystore_password_jks=enc:lwXWmxaVAHy207uNeiHPYLho3qezj4xu7_iH4myTitXuj_bo9esv0e1L19HluXlM -cadi_keystore_password_p12=enc:Urky1AuqpokGwoSl72ypmhVONokY0H1Gy28S9P8jfvK1-d7W8SODXf87K37EubDo -cadi_truststore=/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=enc:stAsWWKk5FOcWxyWsNqyQlSdkwWSxcy3Jed6RW_r4jyZosqV8kmSCJLSHNLyWyTH -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile deleted file mode 100644 index 987cae1f..00000000 --- a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -uXr3OodaCvEvTDHfkpgh-_5UdpEkBowSRpKF18WNxMG0A9Y9k2REr-d075mNHshr5gOUYAlykgaX -ImvY-oFtG71N-Q0uqYnYuU7eX7zgcOOFNpeT4q2db3wkiScaZgdv2UnfDOVX2Aq53GzyYeKcGB1W -u0jKX8ryHVC0uvj69y1boiJBxQY1HwAqsh9q39Ut1XxyB42D7xDM7sa9G1I6YosQlthXPMt7Q_i0 -0CUHrozT6Wtnxfb8-qR6rM5PNmAxp8r5Jb4cnSbxJGEWpx1DkZPPZNvLjE9bBfinVftzrpIlqHd3 -2CCp3k6xrqui2c_0HaNILtKHX5VVKttRf9zoADk_l5_MowEJgh1fgu8m0r-iEB6oH18AWZ_PCtSr -A0cqEDGbP-h7e8w-Dwb0yS_oSfeDISarZ1Q46CQFcDz7f4bVB3AW67YGM4SQBaFGivWS_Lz_juOx -fhyo55HW_wL_92xRvAyXD1Eg64Lw0Cx0f9rn4uM7NkKaSCP8MmIvs84egCvDzCiWkT6SGzUTeZ7M -qI0ow2tJPFUuvhozcYxJW9sFzTqTFL7iLtrO5nHmo7YUVf2WU8ByGOfC-ylZPjw0fiKpe-7MXVSz -MIOxl3pgWSYt6kImBtZCateif6TgF_A-91yAOoQLm72baJKhOo-F-aJ4k6ToT4bZ-9-Hjs5Wk9sO -4thYzDcMaGrWsssnR9QMBjl9x3uw5bfOYGduyyRCWC_TYNorrW6Bvh7gFZAWk_f6cK-pPahRo_3O -erNlUHx6xaektjqUsmp91LzjCEWbmt5nDGw16VUSPhrtkca2ReWDL0vTnpjvPuRI7mWHdfyoVYMw -KUDkRgn61QvELC0Rl0C12polUEjqSxCRvGzL8QiOrU_Z1hXhVyp2gVIYvDKyuyguvJlniEBQ2qbM -3Y5savSaANj-b2-_J0ofhvYFGz1k_bjcCE6Wx2RSWk1nSJFJ0gFjp1Ky2cyKhhVMXCiWcbbA3vC8 -E1cE9Ixn4z5WYyHOAFyzrsiiapdn5MhB_kI-ObR2HuRy_GRJHMVpxqX15Bv3OXxWy51bXeYeRfit -SVCoyfXMXbx12eVG4tvf3WyYg9RqK_QN57VAmnffq09MAXuzFB1NuxSeJeBHGtBW6XIvb6E32K6I -rL7vfxGHhD7ZHqQzzie5I42HufANtBb1KNKHikeeACxxlpjOIHjjEZ6yffhoyhNbSHx4TNs7UYOf -FUKs0TCO9ffSJ8JT67X-baqlnSYFkdqR6QTGhltZq1ssPYq6Y6NGN1iEHJMfapev07AQgp6mBBxJ -dEwDZMAwlmb1yVkU1gfzcrGdAUeAAuM6LowPHUKYLJJvvaFLQJKbwwLvjnm_Tf9UR5QJ8a3JKiLt -F0Ykc1AeO-fyiNPUVRnkc3--Gs0bLUpLe0_medGOZ_LLk45GarEzBCGajgF_joz8fsndKtDrEnB0 -z-8iiQ4bTZb_ALjKnnhcdKjoJNhZ-e3AsmadYO7ve2K3ApwOelWWh24iZ-ZSUbnlw-OQMu4RvI9h -9KOTbu4gWokep3O2uT8-cVN-ax1FYRpmexHgIxZy-tmYjDdJTJQv3dMp5UngUs6xmIy5nyIBr51B -YORSQmXRvbdvYeY7jOEQUGfXfS2yYtzLfJ07f8ODQJ24APDKsVEGWVBcBMqp53o9W7cPJ-4vnMLU -mVYCKqVrT2bThRWb38OtaaJuA4A8GboDDe5Q0IZao0v3gqwgfCzJIjQx97AEHzEbLzEBxio_z8a0 -AYLi-_f7kMtgrMsj61gcRVUan5NVqnL7oVwFn8FuqeTRzMMbgJHUHfFzrgLxpRwnscGRzygZf39Q -JqqOLGriWe_IOhXQ7aIp3uyBF-brJnrXcQIp3PF0fbVTGK_VyKDB6J0BjJyjmyL0TA37hDr8usna -TgMtjF1qq9kOrJr2582n8TW-ogpyqm1ft7R18VT9_1JjtnCcTCudW-oJX87jv3UTJdaEkBMhc1Pe -euLti-qSG3Q5QeO5AxM8mP_9YbLHB9YQboRWnbfC9oIFRmVgGAcdbHNFn0hfILBOTIYStQL4
\ No newline at end of file diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props deleted file mode 100644 index c30adee4..00000000 --- a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props +++ /dev/null @@ -1,8 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:31:14.170+0000 -# @copyright 2019, AT&T -############################################################ -cadi_latitude=0.0 -cadi_longitude=0.0 diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 Binary files differdeleted file mode 100644 index 4238c868..00000000 --- a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 +++ /dev/null diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props deleted file mode 100644 index fd5c5aa4..00000000 --- a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props +++ /dev/null @@ -1,24 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:31:14.169+0000 -# @copyright 2019, AT&T -############################################################ -aaf_env=DEV -aaf_id=dmaap-dr-node@dmaap-dr.onap.org -aaf_locate_url=https://aaf-locate.onap:8095 -aaf_locator_app_ns=org.osaaf.aaf -aaf_locator_container=oom -aaf_locator_container_ns=onap -aaf_locator_fqdn=dmaap-dr-node -aaf_locator_public_fqdn=dmaap-dr.onap.org -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 -aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 -aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 -aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 -aaf_url_hello=https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.hello:2.1 -aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 -cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-dr.location.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props -cadi_protocols=TLSv1.1,TLSv1.2 diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks Binary files differdeleted file mode 100644 index e09e2e61..00000000 --- a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks +++ /dev/null diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties index ac9aec22..68580f73 100644 --- a/datarouter-node/src/main/resources/node.properties +++ b/datarouter-node/src/main/resources/node.properties @@ -56,35 +56,35 @@ SpoolDir = /opt/app/datartr/spool # The path to the redirection data file RedirectionFile = etc/redirections.dat # +# https security required for publish request +TlsEnabled = false +# +# Enabled TLS protocols +NodeHttpsProtocols = TLSv1.1|TLSv1.2 +# # The type of keystore for https KeyStoreType = PKCS12 # +# The path to your KeyStoreFile +KeyStorePath = /opt/app/datartr/certs/org.onap.dmaap-dr-node.p12 +# +# The key store password +KeyStorePass = changeit +# +# The key manager password +KeyManagerPass = changeit +# # The type of truststore for https TrustStoreType = jks # +# The path to your trust store +TrustStorePath = /opt/app/datartr/certs/truststore.jks +# +# The trust store password +TrustStorePass = changeit +# # The path to the file used to trigger an orderly shutdown QuiesceFile = etc/SHUTDOWN # # The key used to generate passwords for node to node transfers NodeAuthKey = Node123! -# -# DR_NODE DEFAULT ENABLED TLS PROTOCOLS -NodeHttpsProtocols = TLSv1.1|TLSv1.2 -# -# AAF CADI enabled flag -CadiEnabled = false -# -# AAF type to generate permission string -AAFType = org.onap.dmaap-dr.feed -# -# AAF default instance to generate permission string - default should be legacy -AAFInstance = legacy -# -# AAF action to generate permission string - default should be publish -AAFAction = publish -# -# AAF Props file path -AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props - -# https security required for publish request -TlsEnabled = false diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryQueueTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryQueueTest.java index d1194279..ea221cbd 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryQueueTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryQueueTest.java @@ -44,6 +44,9 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueue; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueueHelper; +import org.onap.dmaap.datarouter.node.delivery.DeliveryTask; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTaskTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTaskTest.java index 0f019161..b749afec 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTaskTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTaskTest.java @@ -33,6 +33,8 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueue; +import org.onap.dmaap.datarouter.node.delivery.DeliveryTask; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTest.java index 25830cdd..61c53180 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/DeliveryTest.java @@ -29,7 +29,6 @@ import static org.mockito.Mockito.verify; import java.io.File; import java.io.IOException; import java.util.HashMap; -import java.util.Hashtable; import org.apache.commons.lang3.reflect.FieldUtils; import org.junit.After; import org.junit.Assert; @@ -37,7 +36,9 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; -import org.onap.dmaap.datarouter.node.Delivery.DelItem; +import org.onap.dmaap.datarouter.node.delivery.Delivery; +import org.onap.dmaap.datarouter.node.delivery.Delivery.DelItem; +import org.onap.dmaap.datarouter.node.delivery.DeliveryQueue; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/LogManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/LogManagerTest.java index cb3c88a4..1875a220 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/LogManagerTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/LogManagerTest.java @@ -30,13 +30,13 @@ import java.io.IOException; import java.util.Timer; import org.apache.commons.io.FileUtils; import org.apache.commons.lang3.reflect.FieldUtils; -import org.junit.After; import org.junit.AfterClass; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; -import org.onap.dmaap.datarouter.node.LogManager.Uploader; +import org.onap.dmaap.datarouter.node.log.LogManager; +import org.onap.dmaap.datarouter.node.log.LogManager.Uploader; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java deleted file mode 100644 index fbb93324..00000000 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Copyright (C) 2019 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ -package org.onap.dmaap.datarouter.node; - -import java.io.File; -import java.io.IOException; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class NodeAafPropsUtilsTest { - - private NodeAafPropsUtils nodeAafPropsUtils; - - @Before - public void setUp() throws IOException { - nodeAafPropsUtils = new NodeAafPropsUtils(new File("src/test/resources/aaf/org.onap.dmaap-dr.props")); - } - - @Test - public void Veirfy_Aaf_Pass_Decryp_Successful() { - Assert.assertEquals("w7(O#.QV#kQ;L(8fsaoT7cY&", nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password")); - } -} diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java index 046a56e2..10732dfa 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java @@ -45,6 +45,7 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.mockito.Mock; +import org.onap.dmaap.datarouter.node.config.NodeConfig; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; @@ -95,10 +96,8 @@ public class NodeConfigManagerTest { @Test public void Verify_NodeConfigMan_Getters_Secure() { NodeConfigManager nodeConfigManager = NodeConfigManager.getInstance(); - Assert.assertEquals("legacy", nodeConfigManager.getAafInstance()); Assert.assertEquals("src/test/resources/spool/f", nodeConfigManager.getSpoolDir()); Assert.assertEquals("src/test/resources/spool", nodeConfigManager.getSpoolBase()); - Assert.assertEquals("PKCS12", nodeConfigManager.getKSType()); Assert.assertEquals(8080, nodeConfigManager.getHttpPort()); Assert.assertEquals(8443, nodeConfigManager.getHttpsPort()); Assert.assertEquals(443, nodeConfigManager.getExtHttpsPort()); @@ -108,12 +107,8 @@ public class NodeConfigManagerTest { Assert.assertEquals(".log", nodeConfigManager.getEventLogSuffix()); Assert.assertEquals("src/test/resources/logs", nodeConfigManager.getLogDir()); Assert.assertEquals((86400000L * 30), nodeConfigManager.getLogRetention()); - Assert.assertEquals(new String[] {"TLSv1.1", "TLSv1.2"}, nodeConfigManager.getEnabledprotocols()); - Assert.assertEquals("org.onap.dmaap-dr.feed", nodeConfigManager.getAafType()); - Assert.assertEquals("publish", nodeConfigManager.getAafAction()); - Assert.assertTrue(nodeConfigManager.getCadiEnabled()); Assert.assertFalse(nodeConfigManager.isShutdown()); - Assert.assertTrue(nodeConfigManager.isTlsEnabled()); + Assert.assertFalse(nodeConfigManager.isTlsEnabled()); Assert.assertTrue(nodeConfigManager.isConfigured()); Assert.assertNotNull(nodeConfigManager.getPublishId()); Assert.assertNotNull(nodeConfigManager.getAllDests()); @@ -126,9 +121,6 @@ public class NodeConfigManagerTest { Assert.assertEquals(60000, nodeConfigManager.getFairTimeLimit()); Assert.assertNotNull(nodeConfigManager.getTargets("1")); Assert.assertEquals("src/test/resources/spool/f", nodeConfigManager.getSpoolDir()); - Assert.assertEquals("src/test/resources/aaf/org.onap.dmaap-dr.p12", nodeConfigManager.getKSFile()); - Assert.assertEquals("jks", nodeConfigManager.getTstype()); - Assert.assertEquals("src/test/resources/aaf/org.onap.dmaap-dr.trust.jks", nodeConfigManager.getTsfile()); Assert.assertEquals(40, nodeConfigManager.getDeliveryThreads()); Assert.assertEquals("30", nodeConfigManager.getEventLogInterval()); Assert.assertFalse(nodeConfigManager.isFollowRedirects()); @@ -137,7 +129,6 @@ public class NodeConfigManagerTest { Assert.assertEquals("Basic ZG1hYXAtZHItbm9kZTp2OStFanZpWVBXSURrazVxRlF5ZkoxSC9LdHBuYWo4K0NVTXlNL0lRRUp2UGdjOUxpU2s5ZnpKTjdFazl3SzZkaG11S1E4S3RtcC9kelpBU3BRUGZCdz09", nodeConfigManager.getMyAuth()); Assert.assertEquals(0.05, nodeConfigManager.getFreeDiskStart(), 0.0); Assert.assertEquals(0.2, nodeConfigManager.getFreeDiskStop(), 0.0); - Assert.assertEquals("org.onap.dmaap-dr.feed|legacy|publish", nodeConfigManager.getPermission("legacy")); } /** diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigTest.java index 6804ebfe..1272f3c2 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigTest.java @@ -31,12 +31,14 @@ import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.onap.dmaap.datarouter.node.config.NodeConfig; +import org.onap.dmaap.datarouter.node.config.ProvData; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; import org.powermock.modules.junit4.PowerMockRunner; @RunWith(PowerMockRunner.class) -@SuppressStaticInitializationFor({"org.onap.dmaap.datarouter.node.ProvData"}) +@SuppressStaticInitializationFor({"org.onap.dmaap.datarouter.node.config.ProvData"}) @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*"}) public class NodeConfigTest { @@ -79,7 +81,6 @@ public class NodeConfigTest { endpointAddrs.put("172.0.0.1"); auth.put("endpoint_addrs", endpointAddrs); feed.put("authorization", auth); - feed.put("aaf_instance", "legacy"); feeds.put(feed); provData.put("feeds", feeds); } diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServerTest.java index af43e5d8..8d0b2a2d 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServerTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServerTest.java @@ -27,12 +27,15 @@ import static org.mockito.Mockito.when; import java.io.File; import java.io.IOException; +import java.util.Properties; import org.apache.commons.lang3.reflect.FieldUtils; import org.junit.AfterClass; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.onap.dmaap.datarouter.node.delivery.Delivery; +import org.onap.dmaap.datarouter.node.utils.NodeTlsManager; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor; @@ -44,9 +47,11 @@ import org.powermock.modules.junit4.PowerMockRunner; public class NodeServerTest { private final NodeConfigManager config = mock(NodeConfigManager.class); + private NodeTlsManager nodeTlsManager; @Before public void setUp() throws Exception { setUpConfig(); + setUpNodeTlsMan(); setUpNodeMainDelivery(); createFilesAndDirectories(); } @@ -61,7 +66,7 @@ public class NodeServerTest { Assert.assertNotNull(NodeServer.getServerInstance(config)); } - private void setUpConfig() throws IllegalAccessException { + private void setUpConfig() { PowerMockito.mockStatic(NodeConfigManager.class); when(config.isShutdown()).thenReturn(false); when(config.isConfigured()).thenReturn(true); @@ -74,15 +79,16 @@ public class NodeServerTest { when(config.isDeletePermitted("1")).thenReturn(true); when(config.getAllDests()).thenReturn(new DestInfo[0]); when(config.isTlsEnabled()).thenReturn(true); - when(config.getKSType()).thenReturn("PKCS12"); - when(config.getKSFile()).thenReturn("src/test/resources/aaf/org.onap.dmaap-dr.p12"); - when(config.getKSPass()).thenReturn("tVac2#@Stx%tIOE^x[c&2fgZ"); - when(config.getTstype()).thenReturn("jks"); - when(config.getTsfile()).thenReturn("src/test/resources/aaf/org.onap.dmaap-dr.trust.jks"); - when(config.getTspass()).thenReturn("XHX$2Vl?Lk*2CB.i1+ZFAhZd"); PowerMockito.when(NodeConfigManager.getInstance()).thenReturn(config); } + private void setUpNodeTlsMan() throws IOException { + Properties nodeProps = new Properties(); + nodeProps.load(NodeTlsManagerTest.class.getClassLoader().getResourceAsStream("node_test.properties")); + nodeTlsManager = new NodeTlsManager(nodeProps); + PowerMockito.when(NodeConfigManager.getNodeTlsManager()).thenReturn(nodeTlsManager); + } + private void setUpNodeMainDelivery() throws IllegalAccessException{ Delivery delivery = mock(Delivery.class); doNothing().when(delivery).resetQueue(anyObject()); diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java index 0dcc0a19..b48db880 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java @@ -24,7 +24,6 @@ package org.onap.dmaap.datarouter.node; import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.ArgumentMatchers.anyObject; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.anyString; @@ -50,10 +49,8 @@ import org.junit.AfterClass; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.BDDMockito; import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.internal.matchers.Any; +import org.onap.dmaap.datarouter.node.delivery.Delivery; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; @@ -238,16 +235,6 @@ public class NodeServletTest { verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString()); } - @Test - public void Given_Request_Is_HTTP_PUT_On_Publish_On_AAF_Feed_And_Cadi_Enabled_And_No_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception { - when(config.getCadiEnabled()).thenReturn(true); - when(config.getAafInstance("1")).thenReturn("*"); - when(request.getPathInfo()).thenReturn("/publish/1/fileName"); - setHeadersForValidRequest(true); - nodeServlet.doPut(request, response); - verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString()); - verifyEnteringExitCalled(listAppender); - } @Test public void Given_Request_Is_HTTP_DELETE_On_Publish_With_Meta_Data_Malformed_Then_Bad_Request_Response_Is_Generated() throws Exception { diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeTlsManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeTlsManagerTest.java new file mode 100644 index 00000000..f259d926 --- /dev/null +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeTlsManagerTest.java @@ -0,0 +1,51 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.dmaap.datarouter.node; + +import java.io.IOException; +import java.util.Properties; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.dmaap.datarouter.node.utils.NodeTlsManager; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.modules.junit4.PowerMockRunner; + +@RunWith(PowerMockRunner.class) +@PowerMockIgnore({"java.net.ssl", "javax.security.auth.x500.X500Principal", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*"}) +public class NodeTlsManagerTest { + + private static NodeTlsManager nodeTlsManager; + + @BeforeClass + public static void setUpClass() throws IOException { + Properties nodeProps = new Properties(); + nodeProps.load(NodeTlsManagerTest.class.getClassLoader().getResourceAsStream("node_test.properties")); + nodeTlsManager = new NodeTlsManager(nodeProps); + } + + @Test + public void Given_Get_CanonicalName_Called_Valid_CN_Returned_From_JKS() { + String canonicalName = nodeTlsManager.getMyNameFromCertificate(); + Assert.assertEquals("dmaap-dr-node", canonicalName); + } + +} diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java index 40cb11fb..9469ce0f 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java @@ -29,12 +29,13 @@ import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; +import org.onap.dmaap.datarouter.node.utils.NodeUtils; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.modules.junit4.PowerMockRunner; import org.slf4j.MDC; @RunWith(PowerMockRunner.class) -@PowerMockIgnore({"java.net.ssl", "javax.security.auth.x500.X500Principal", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*"}) +@PowerMockIgnore({"java.net.ssl", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*"}) public class NodeUtilsTest { @Mock @@ -76,16 +77,4 @@ public class NodeUtilsTest { Assert.assertEquals("123", MDC.get("RequestId")); Assert.assertEquals("456", MDC.get("InvocationId")); } - - @Test - public void Given_Get_CanonicalName_Called_Valid_CN_Returned_From_JKS() { - String canonicalName = NodeUtils.getCanonicalName("jks", "src/test/resources/org.onap.dmaap-dr-test-cert.jks", "WGxd2P6MDo*Bi4+UdzWs{?$8"); - Assert.assertEquals("dmaap-dr-node", canonicalName); - } - - @Test - public void Given_Get_CanonicalName_Called_Valid_CN_Returned_From_P12() { - String canonicalName = NodeUtils.getCanonicalName("PKCS12", "src/test/resources/aaf/org.onap.dmaap-dr.p12", "w7(O#.QV#kQ;L(8fsaoT7cY&"); - Assert.assertEquals("dmaap-dr-node", canonicalName); - } } diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/PathFinderTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/PathFinderTest.java index 25edd0c0..2bf320b3 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/PathFinderTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/PathFinderTest.java @@ -26,6 +26,8 @@ import static org.junit.Assert.assertThat; import org.junit.Test; import org.junit.runner.RunWith; +import org.onap.dmaap.datarouter.node.config.NodeConfig; +import org.onap.dmaap.datarouter.node.config.PathFinder; import org.powermock.modules.junit4.PowerMockRunner; @RunWith(PowerMockRunner.class) diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/ProvDataTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/ProvDataTest.java index 1a4564ab..1747fc12 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/ProvDataTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/ProvDataTest.java @@ -29,6 +29,7 @@ import java.io.Reader; import java.nio.charset.StandardCharsets; import org.junit.Test; import org.junit.runner.RunWith; +import org.onap.dmaap.datarouter.node.config.ProvData; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.modules.junit4.PowerMockRunner; diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/StatusLogTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/StatusLogTest.java index 28dcba9a..5cd46e88 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/StatusLogTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/StatusLogTest.java @@ -29,6 +29,7 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.onap.dmaap.datarouter.node.log.StatusLog; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props deleted file mode 100644 index 452a0112..00000000 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props +++ /dev/null @@ -1,17 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:31:16.865+0000 -# @copyright 2019, AT&T -############################################################ -Challenge=enc:2dZO7B2UVelU01IezilQ9hUYptjIvurC6JWO9vJHOiiqg9qUna3AdEMxzBpXcgIO -cadi_alias=dmaap-dr-node@dmaap-dr.onap.org -cadi_key_password=enc:ow380FBQU5xvQEDzTiXdfx-BD_0dEWbRCXjnUPxVFatk_7KaejgiLCVew6C6x8_9 -cadi_keyfile=src/test/resources/aaf/org.onap.dmaap-dr.keyfile -cadi_keystore=src/test/resources/aaf/org.onap.dmaap-dr.p12 -cadi_keystore_password=enc:Urky1AuqpokGwoSl72ypmhVONokY0H1Gy28S9P8jfvK1-d7W8SODXf87K37EubDo -cadi_keystore_password_jks=enc:lwXWmxaVAHy207uNeiHPYLho3qezj4xu7_iH4myTitXuj_bo9esv0e1L19HluXlM -cadi_keystore_password_p12=enc:Urky1AuqpokGwoSl72ypmhVONokY0H1Gy28S9P8jfvK1-d7W8SODXf87K37EubDo -cadi_truststore=src/test/resources/aaf/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=enc:stAsWWKk5FOcWxyWsNqyQlSdkwWSxcy3Jed6RW_r4jyZosqV8kmSCJLSHNLyWyTH -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile deleted file mode 100644 index 987cae1f..00000000 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -uXr3OodaCvEvTDHfkpgh-_5UdpEkBowSRpKF18WNxMG0A9Y9k2REr-d075mNHshr5gOUYAlykgaX -ImvY-oFtG71N-Q0uqYnYuU7eX7zgcOOFNpeT4q2db3wkiScaZgdv2UnfDOVX2Aq53GzyYeKcGB1W -u0jKX8ryHVC0uvj69y1boiJBxQY1HwAqsh9q39Ut1XxyB42D7xDM7sa9G1I6YosQlthXPMt7Q_i0 -0CUHrozT6Wtnxfb8-qR6rM5PNmAxp8r5Jb4cnSbxJGEWpx1DkZPPZNvLjE9bBfinVftzrpIlqHd3 -2CCp3k6xrqui2c_0HaNILtKHX5VVKttRf9zoADk_l5_MowEJgh1fgu8m0r-iEB6oH18AWZ_PCtSr -A0cqEDGbP-h7e8w-Dwb0yS_oSfeDISarZ1Q46CQFcDz7f4bVB3AW67YGM4SQBaFGivWS_Lz_juOx -fhyo55HW_wL_92xRvAyXD1Eg64Lw0Cx0f9rn4uM7NkKaSCP8MmIvs84egCvDzCiWkT6SGzUTeZ7M -qI0ow2tJPFUuvhozcYxJW9sFzTqTFL7iLtrO5nHmo7YUVf2WU8ByGOfC-ylZPjw0fiKpe-7MXVSz -MIOxl3pgWSYt6kImBtZCateif6TgF_A-91yAOoQLm72baJKhOo-F-aJ4k6ToT4bZ-9-Hjs5Wk9sO -4thYzDcMaGrWsssnR9QMBjl9x3uw5bfOYGduyyRCWC_TYNorrW6Bvh7gFZAWk_f6cK-pPahRo_3O -erNlUHx6xaektjqUsmp91LzjCEWbmt5nDGw16VUSPhrtkca2ReWDL0vTnpjvPuRI7mWHdfyoVYMw -KUDkRgn61QvELC0Rl0C12polUEjqSxCRvGzL8QiOrU_Z1hXhVyp2gVIYvDKyuyguvJlniEBQ2qbM -3Y5savSaANj-b2-_J0ofhvYFGz1k_bjcCE6Wx2RSWk1nSJFJ0gFjp1Ky2cyKhhVMXCiWcbbA3vC8 -E1cE9Ixn4z5WYyHOAFyzrsiiapdn5MhB_kI-ObR2HuRy_GRJHMVpxqX15Bv3OXxWy51bXeYeRfit -SVCoyfXMXbx12eVG4tvf3WyYg9RqK_QN57VAmnffq09MAXuzFB1NuxSeJeBHGtBW6XIvb6E32K6I -rL7vfxGHhD7ZHqQzzie5I42HufANtBb1KNKHikeeACxxlpjOIHjjEZ6yffhoyhNbSHx4TNs7UYOf -FUKs0TCO9ffSJ8JT67X-baqlnSYFkdqR6QTGhltZq1ssPYq6Y6NGN1iEHJMfapev07AQgp6mBBxJ -dEwDZMAwlmb1yVkU1gfzcrGdAUeAAuM6LowPHUKYLJJvvaFLQJKbwwLvjnm_Tf9UR5QJ8a3JKiLt -F0Ykc1AeO-fyiNPUVRnkc3--Gs0bLUpLe0_medGOZ_LLk45GarEzBCGajgF_joz8fsndKtDrEnB0 -z-8iiQ4bTZb_ALjKnnhcdKjoJNhZ-e3AsmadYO7ve2K3ApwOelWWh24iZ-ZSUbnlw-OQMu4RvI9h -9KOTbu4gWokep3O2uT8-cVN-ax1FYRpmexHgIxZy-tmYjDdJTJQv3dMp5UngUs6xmIy5nyIBr51B -YORSQmXRvbdvYeY7jOEQUGfXfS2yYtzLfJ07f8ODQJ24APDKsVEGWVBcBMqp53o9W7cPJ-4vnMLU -mVYCKqVrT2bThRWb38OtaaJuA4A8GboDDe5Q0IZao0v3gqwgfCzJIjQx97AEHzEbLzEBxio_z8a0 -AYLi-_f7kMtgrMsj61gcRVUan5NVqnL7oVwFn8FuqeTRzMMbgJHUHfFzrgLxpRwnscGRzygZf39Q -JqqOLGriWe_IOhXQ7aIp3uyBF-brJnrXcQIp3PF0fbVTGK_VyKDB6J0BjJyjmyL0TA37hDr8usna -TgMtjF1qq9kOrJr2582n8TW-ogpyqm1ft7R18VT9_1JjtnCcTCudW-oJX87jv3UTJdaEkBMhc1Pe -euLti-qSG3Q5QeO5AxM8mP_9YbLHB9YQboRWnbfC9oIFRmVgGAcdbHNFn0hfILBOTIYStQL4
\ No newline at end of file diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.location.props b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.location.props deleted file mode 100644 index c30adee4..00000000 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.location.props +++ /dev/null @@ -1,8 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:31:14.170+0000 -# @copyright 2019, AT&T -############################################################ -cadi_latitude=0.0 -cadi_longitude=0.0 diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 Binary files differdeleted file mode 100644 index 4238c868..00000000 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 +++ /dev/null diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props deleted file mode 100644 index c408b9ca..00000000 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props +++ /dev/null @@ -1,24 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2022-03-22T12:31:14.169+0000 -# @copyright 2019, AT&T -############################################################ -aaf_env=DEV -aaf_id=dmaap-dr-node@dmaap-dr.onap.org -aaf_locate_url=https://aaf-locate.onap:8095 -aaf_locator_app_ns=org.osaaf.aaf -aaf_locator_container=oom -aaf_locator_container_ns=onap -aaf_locator_fqdn=dmaap-dr-node -aaf_locator_public_fqdn=dmaap-dr.onap.org -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 -aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 -aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 -aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 -aaf_url_hello=https://aaf-locate.onap:8095/locate/onap.org.osaaf.aaf.hello:2.1 -aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 -cadi_prop_files=src/test/resources/aaf/org.onap.dmaap-dr.location.props:src/test/resources/aaf/org.onap.dmaap-dr.cred.props -cadi_protocols=TLSv1.1,TLSv1.2 diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.trust.jks b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.trust.jks Binary files differdeleted file mode 100644 index e09e2e61..00000000 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.trust.jks +++ /dev/null diff --git a/datarouter-node/src/test/resources/certs/org.onap.dmaap-dr-node.p12 b/datarouter-node/src/test/resources/certs/org.onap.dmaap-dr-node.p12 Binary files differnew file mode 100644 index 00000000..3793a9d4 --- /dev/null +++ b/datarouter-node/src/test/resources/certs/org.onap.dmaap-dr-node.p12 diff --git a/datarouter-node/src/test/resources/certs/truststore.jks b/datarouter-node/src/test/resources/certs/truststore.jks Binary files differnew file mode 100644 index 00000000..91547c60 --- /dev/null +++ b/datarouter-node/src/test/resources/certs/truststore.jks diff --git a/datarouter-node/src/test/resources/node_test.properties b/datarouter-node/src/test/resources/node_test.properties index 407d37c6..7560bd78 100644 --- a/datarouter-node/src/test/resources/node_test.properties +++ b/datarouter-node/src/test/resources/node_test.properties @@ -56,36 +56,35 @@ SpoolDir = src/test/resources/spool # The path to the redirection data file RedirectionFile = src/test/redirections.dat # +# https security required for publish request +TlsEnabled = false +# +# Enabled TLS protocols +NodeHttpsProtocols = TLSv1.1|TLSv1.2 +# # The type of keystore for https KeyStoreType = PKCS12 # +# The path to your KeyStoreFile +KeyStorePath = src/test/resources/certs/org.onap.dmaap-dr-node.p12 +# +# The key store password +KeyStorePass = secret +# +# The key manager password +KeyManagerPass = secret +# # The type of truststore for https TrustStoreType = jks # +# The path to your trust store +TrustStorePath = src/test/certs/truststore.jks +# +# The trust store password +TrustStorePass = secret +# # The path to the file used to trigger an orderly shutdown QuiesceFile = etc/SHUTDOWN # # The key used to generate passwords for node to node transfers NodeAuthKey = Node123! -# -# DR_NODE DEFAULT ENABLED TLS PROTOCOLS -NodeHttpsProtocols = TLSv1.1|TLSv1.2 -# -# AAF CADI enabled flag -CadiEnabled = true -# -# AAF type to generate permission string -AAFType = org.onap.dmaap-dr.feed -# -# AAF default instance to generate permission string - default should be legacy -AAFInstance = legacy -# -# AAF action to generate permission string - default should be publish -AAFAction = publish -# -# AAF Props file path -AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props - -# https security required for publish request -TlsEnabled = true - diff --git a/datarouter-node/src/test/resources/org.onap.dmaap-dr-test-cert.jks b/datarouter-node/src/test/resources/org.onap.dmaap-dr-test-cert.jks Binary files differdeleted file mode 100644 index 2320dc9f..00000000 --- a/datarouter-node/src/test/resources/org.onap.dmaap-dr-test-cert.jks +++ /dev/null diff --git a/datarouter-node/src/test/resources/prov_data.json b/datarouter-node/src/test/resources/prov_data.json index cf455c71..8b9985c3 100644 --- a/datarouter-node/src/test/resources/prov_data.json +++ b/datarouter-node/src/test/resources/prov_data.json @@ -22,7 +22,6 @@ "feedid": 1, "name": "Default PM Feed", "business_description": "Default Feed", - "aaf_instance": "legacy", "publisher": "dradmin", "links": { "subscribe": "https://dmaap-dr-prov/subscribe/1", @@ -60,7 +59,6 @@ "feedid": 1, "follow_redirect": false, "decompress": true, - "aaf_instance": "legacy", "links": { "feed": "https://dmaap-dr-prov/feed/1", "log": "https://dmaap-dr-prov/sublog/1", |