diff options
Diffstat (limited to 'datarouter-node/src')
6 files changed, 28 insertions, 3 deletions
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java index 5b5245da..3b950232 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java @@ -102,6 +102,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { private String aafType; private String aafInstance; private String aafAction; + private boolean tlsEnabled; private boolean cadiEnabled; private NodeAafPropsUtils nodeAafPropsUtils; @@ -159,6 +160,8 @@ public class NodeConfigManager implements DeliveryQueueHelper { svcport = Integer.parseInt(drNodeProperties.getProperty("IntHttpsPort", "8443")); port = Integer.parseInt(drNodeProperties.getProperty("ExtHttpsPort", "443")); spooldir = drNodeProperties.getProperty("SpoolDir", "spool"); + tlsEnabled = Boolean.parseBoolean(drNodeProperties.getProperty("TlsEnabled", "true")); + File fdir = new File(spooldir + "/f"); fdir.mkdirs(); for (File junk : Objects.requireNonNull(fdir.listFiles())) { @@ -811,6 +814,10 @@ public class NodeConfigManager implements DeliveryQueueHelper { return aafAction; } + protected boolean isTlsEnabled() { + return tlsEnabled; + } + boolean getCadiEnabled() { return cadiEnabled; } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index 139c7492..ee1f5b7d 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -549,7 +549,7 @@ public class NodeServlet extends HttpServlet { eelfLogger.info(EelfMsgs.EXIT); return null; } - if (!req.isSecure()) { + if (!req.isSecure() && config.isTlsEnabled()) { eelfLogger.error( "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req .getRemoteAddr()); diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties index 1d7a5d42..f7c24fab 100644 --- a/datarouter-node/src/main/resources/node.properties +++ b/datarouter-node/src/main/resources/node.properties @@ -85,3 +85,6 @@ CadiEnabled = false # # AAF Props file path AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props + +# https security required for publish request +TlsEnabled = true diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java index e64579ed..82038fba 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java @@ -112,6 +112,7 @@ public class NodeConfigManagerTest { Assert.assertEquals("publish", nodeConfigManager.getAafAction()); Assert.assertFalse(nodeConfigManager.getCadiEnabled()); Assert.assertFalse(nodeConfigManager.isShutdown()); + Assert.assertTrue(nodeConfigManager.isTlsEnabled()); Assert.assertTrue(nodeConfigManager.isConfigured()); Assert.assertEquals("legacy", nodeConfigManager.getAafInstance("1")); Assert.assertNotNull(nodeConfigManager.getPublishId()); diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java index 4340b018..f7e3d7c8 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java @@ -23,7 +23,6 @@ package org.onap.dmaap.datarouter.node; import static org.junit.Assert.assertEquals; -import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyObject; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.anyString; @@ -144,8 +143,9 @@ public class NodeServletTest { } @Test - public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_Then_Forbidden_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_And_TLS_Enabled_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + when(config.isTlsEnabled()).thenReturn(true); nodeServlet.doPut(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString()); verifyEnteringExitCalled(listAppender); @@ -285,6 +285,17 @@ public class NodeServletTest { } @Test + public void Given_Request_Is_HTTP_DELETE_File_And_Request_Is_Not_Secure_But_TLS_Disabled_Then_Request_Succeeds() throws Exception { + when(request.isSecure()).thenReturn(false); + when(config.isTlsEnabled()).thenReturn(false); + when(request.getPathInfo()).thenReturn("/delete/1/dmaap-dr-node.1234567"); + createFilesAndDirectories(); + nodeServlet.doDelete(request, response); + verify(response).setStatus(eq(HttpServletResponse.SC_OK)); + verifyEnteringExitCalled(listAppender); + } + + @Test public void Given_Request_Is_HTTP_DELETE_File_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws IOException { when(request.getPathInfo()).thenReturn("/delete/1/nonExistingFile"); nodeServlet.doDelete(request, response); diff --git a/datarouter-node/src/test/resources/node_test.properties b/datarouter-node/src/test/resources/node_test.properties index 9359e8dc..3c96ed25 100644 --- a/datarouter-node/src/test/resources/node_test.properties +++ b/datarouter-node/src/test/resources/node_test.properties @@ -86,3 +86,6 @@ CadiEnabled = false # AAF Props file path AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props +# https security required for publish request +TlsEnabled = true + |