From aaf2df8b908fcb48043d2cd51803d8fd99f18b43 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:56:38 -0400 Subject:  [DMAAP-48] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I3e65371093487d7de167ec6c29f327f366f1e299 Signed-off-by: sg481n --- Subscriber/src/SSASubscriber.java | 115 ++++++++++++++++++++++++++ Subscriber/src/SubscriberServlet.java | 149 ++++++++++++++++++++++++++++++++++ Subscriber/src/log4j.properties | 9 ++ 3 files changed, 273 insertions(+) create mode 100644 Subscriber/src/SSASubscriber.java create mode 100644 Subscriber/src/SubscriberServlet.java create mode 100644 Subscriber/src/log4j.properties (limited to 'Subscriber') diff --git a/Subscriber/src/SSASubscriber.java b/Subscriber/src/SSASubscriber.java new file mode 100644 index 00000000..5ec099bd --- /dev/null +++ b/Subscriber/src/SSASubscriber.java @@ -0,0 +1,115 @@ +/******************************************************************************* + * ============LICENSE_START================================================== + * * org.onap.dmaap + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ + + +import org.eclipse.jetty.http.HttpVersion; +import org.eclipse.jetty.servlet.*; +import org.eclipse.jetty.util.ssl.*; +import org.eclipse.jetty.server.*; +import org.apache.log4j.Logger; + +/** + * Example stand alone subscriber + */ +public class SSASubscriber { + private static final int Port = 8447; + private static final String KeyStoreType = "jks"; + private static final String KeyStoreFile = "/root/sub/subscriber.jks"; + //private static final String KeyStoreFile = "c:/tmp/subscriber.jks"; + private static final String KeyStorePassword = "changeit"; + private static final String KeyPassword = "changeit"; + private static final String ContextPath = "/"; + private static final String URLPattern = "/*"; + + public static void main(String[] args) throws Exception { + //User story # US792630 -Jetty Upgrade to 9.3.11 + //SSASubscriber register Jetty server. + Server server = new Server(); + HttpConfiguration http_config = new HttpConfiguration(); + http_config.setSecureScheme("https"); + http_config.setSecurePort(Port); + http_config.setRequestHeaderSize(8192); + + // HTTP connector + ServerConnector http = new ServerConnector(server, + new HttpConnectionFactory(http_config)); + http.setPort(7070); + http.setIdleTimeout(30000); + + // SSL Context Factory + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStoreType(KeyStoreType); + sslContextFactory.setKeyStorePath(KeyStoreFile); + sslContextFactory.setKeyStorePassword(KeyStorePassword); + sslContextFactory.setKeyManagerPassword(KeyPassword); + + // sslContextFactory.setTrustStorePath(ncm.getKSFile()); + // sslContextFactory.setTrustStorePassword("changeit"); + sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); + + // SSL HTTP Configuration + HttpConfiguration https_config = new HttpConfiguration(http_config); + https_config.addCustomizer(new SecureRequestCustomizer()); + + // SSL Connector + ServerConnector sslConnector = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); + sslConnector.setPort(Port); + server.addConnector(sslConnector); + + /**Skip SSLv3 Fixes*/ + sslContextFactory.addExcludeProtocols("SSLv3"); + System.out.println("Excluded protocols SSASubscriber-"+sslContextFactory.getExcludeProtocols().toString()); + /**End of SSLv3 Fixes*/ + + // HTTPS Configuration + ServerConnector https = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config)); + https.setPort(Port); + https.setIdleTimeout(30000); + //server.setConnectors(new Connector[] { http, https }); + server.setConnectors(new Connector[] { http }); + ServletContextHandler ctxt = new ServletContextHandler(0); + ctxt.setContextPath(ContextPath); + server.setHandler(ctxt); + + ctxt.addServlet(new ServletHolder(new SubscriberServlet()), "/*"); + + try { + server.start(); + } catch ( Exception e ) { + System.out.println("Jetty failed to start. Reporting will we unavailable-"+e); + }; + server.join(); + + System.out.println("Subscriber started-"+ server.getState()); + + } +} \ No newline at end of file diff --git a/Subscriber/src/SubscriberServlet.java b/Subscriber/src/SubscriberServlet.java new file mode 100644 index 00000000..1af62a63 --- /dev/null +++ b/Subscriber/src/SubscriberServlet.java @@ -0,0 +1,149 @@ +/******************************************************************************* + * ============LICENSE_START================================================== + * * org.onap.dmaap + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URLEncoder; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.codec.binary.Base64; +import org.apache.log4j.Logger; + +/** + * Example stand alone subscriber servlet with Authorization header checking + */ +public class SubscriberServlet extends HttpServlet { + private static Logger logger = Logger.getLogger("com.att.datarouter.pubsub.ssasubscribe.SubscriberServlet"); + private String Login = "LOGIN"; + private String Password = "PASSWORD"; + private String OutputDirectory = "/root/sub/received"; + + private String auth; + + private static String gp(ServletConfig config, String param, String deflt) { + param = config.getInitParameter(param); + if (param == null || param.length() == 0) { + param = deflt; + } + return(param); + } + /** + * Configure this subscriberservlet. Configuration parameters from config.getInitParameter() are: + * + */ + public void init(ServletConfig config) throws ServletException { + Login = gp(config, "Login", Login); + Password = gp(config, "Password", Password); + OutputDirectory = gp(config, "OutputDirectory", OutputDirectory); + (new File(OutputDirectory)).mkdirs(); + auth = "Basic " + Base64.encodeBase64String((Login + ":" + Password).getBytes()); + } + /** + * Invoke common(req, resp, false). + */ + protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + common(req, resp, false); + } + /** + * Invoke common(req, resp, true). + */ + protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + common(req, resp, true); + } + /** + * Process a PUT or DELETE request. + *
    + *
  1. Verify that the request contains an Authorization header + * or else UNAUTHORIZED. + *
  2. Verify that the Authorization header matches the configured + * Login and Password or else FORBIDDEN. + *
  3. If the request is PUT, store the message body as a file + * in the configured OutputDirectory directory protecting against + * evil characters in the received FileID. The file is created + * initially with its name prefixed with a ".", and once it is complete, it is + * renamed to remove the leading "." character. + *
  4. If the request is DELETE, instead delete the file (if it exists) from the configured OutputDirectory directory. + *
  5. Respond with NO_CONTENT. + *
+ */ + protected void common(HttpServletRequest req, HttpServletResponse resp, boolean isdelete) throws ServletException, IOException { + String ah = req.getHeader("Authorization"); + if (ah == null) { + logger.info("Rejecting request with no Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo()); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + if (!auth.equals(ah)) { + logger.info("Rejecting request with incorrect Authorization header from " + req.getRemoteAddr() + ": " + req.getPathInfo()); + resp.sendError(HttpServletResponse.SC_FORBIDDEN); + return; + } + String fileid = req.getPathInfo(); + fileid = fileid.substring(fileid.lastIndexOf('/') + 1); + String qs = req.getQueryString(); + if (qs != null) { + fileid = fileid + "?" + qs; + } + String publishid = req.getHeader("X-ATT-DR-PUBLISH-ID"); + String filename = URLEncoder.encode(fileid, "UTF-8").replaceAll("^\\.", "%2E").replaceAll("\\*", "%2A"); + String finalname = OutputDirectory + "/" + filename; + String tmpname = OutputDirectory + "/." + filename; + try { + if (isdelete) { + (new File(finalname)).delete(); + logger.info("Received delete for file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname); + } else { + InputStream is = req.getInputStream(); + OutputStream os = new FileOutputStream(tmpname); + byte[] buf = new byte[65536]; + int i; + while ((i = is.read(buf)) > 0) { + os.write(buf, 0, i); + } + is.close(); + os.close(); + (new File(tmpname)).renameTo(new File(finalname)); + logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname); + resp.setStatus(HttpServletResponse.SC_NO_CONTENT); + logger.info("Received file id " + fileid + " from " + req.getRemoteAddr() + " publish id " + publishid + " as " + finalname); + } + resp.setStatus(HttpServletResponse.SC_NO_CONTENT); + } catch (IOException ioe) { + (new File(tmpname)).delete(); + logger.info("Failure to save file " + finalname + " from " + req.getRemoteAddr() + ": " + req.getPathInfo(), ioe); + throw ioe; + } + } +} diff --git a/Subscriber/src/log4j.properties b/Subscriber/src/log4j.properties new file mode 100644 index 00000000..8c12d5ca --- /dev/null +++ b/Subscriber/src/log4j.properties @@ -0,0 +1,9 @@ +log4j.debug=FALSE +log4j.rootLogger=INFO,Root + +log4j.appender.Root=org.apache.log4j.DailyRollingFileAppender +log4j.appender.Root.file=/opt/app/datartr/logs/subscriber.log +log4j.appender.Root.datePattern='.'yyyyMMdd +log4j.appender.Root.append=true +log4j.appender.Root.layout=org.apache.log4j.PatternLayout +log4j.appender.Root.layout.ConversionPattern=%d %p %t %m%n -- cgit 1.2.3-korg