From 1ccd9c36ba12849148f9eb73e8ff2ffe4ade5870 Mon Sep 17 00:00:00 2001 From: efiacor Date: Tue, 8 Oct 2019 16:24:28 +0100 Subject: Update AAF loading procedure Signed-off-by: efiacor Issue-ID: DMAAP-1318 Change-Id: I8dc75bdbcd05e5316b5c05cbc258010068fb63e8 --- .../dmaap/datarouter/node/DRNodeCadiFilter.java | 2 +- .../org/onap/dmaap/datarouter/node/Delivery.java | 4 +- .../dmaap/datarouter/node/NodeAafPropsUtils.java | 58 ++++++ .../dmaap/datarouter/node/NodeConfigManager.java | 27 ++- .../org/onap/dmaap/datarouter/node/NodeMain.java | 44 +--- .../resources/aaf/org.onap.dmaap-dr.cred.props | 17 ++ .../main/resources/aaf/org.onap.dmaap-dr.keyfile | 27 +++ .../resources/aaf/org.onap.dmaap-dr.location.props | 8 + .../src/main/resources/aaf/org.onap.dmaap-dr.p12 | Bin 0 -> 4233 bytes .../src/main/resources/aaf/org.onap.dmaap-dr.props | 21 ++ .../main/resources/aaf/org.onap.dmaap-dr.trust.jks | Bin 0 -> 1413 bytes .../src/main/resources/docker/Dockerfile | 6 +- .../src/main/resources/docker/startup.sh | 3 +- .../src/main/resources/drNodeCadi.properties | 23 --- datarouter-node/src/main/resources/node.properties | 24 +-- .../datarouter/node/NodeAafPropsUtilsTest.java | 39 ++++ .../datarouter/node/NodeConfigManagerTest.java | 6 +- .../resources/aaf/org.onap.dmaap-dr.cred.props | 17 ++ .../test/resources/aaf/org.onap.dmaap-dr.keyfile | 27 +++ .../src/test/resources/aaf/org.onap.dmaap-dr.p12 | Bin 0 -> 4233 bytes .../src/test/resources/aaf/org.onap.dmaap-dr.props | 21 ++ .../src/test/resources/logback-test.xml | 225 +++++++++++++++++++++ .../src/test/resources/node_test.properties | 23 +-- 23 files changed, 504 insertions(+), 118 deletions(-) create mode 100644 datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java create mode 100644 datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props create mode 100644 datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile create mode 100644 datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props create mode 100644 datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 create mode 100644 datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props create mode 100644 datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks delete mode 100644 datarouter-node/src/main/resources/drNodeCadi.properties create mode 100644 datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java create mode 100644 datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props create mode 100644 datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile create mode 100644 datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 create mode 100644 datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props create mode 100644 datarouter-node/src/test/resources/logback-test.xml (limited to 'datarouter-node/src') diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DRNodeCadiFilter.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DRNodeCadiFilter.java index 245dbccd..9cdaeecd 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DRNodeCadiFilter.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/DRNodeCadiFilter.java @@ -35,7 +35,7 @@ import org.onap.aaf.cadi.filter.CadiFilter; public class DRNodeCadiFilter extends CadiFilter { - private static EELFLogger logger = EELFManager.getInstance().getLogger(NodeServlet.class); + private static EELFLogger logger = EELFManager.getInstance().getLogger(DRNodeCadiFilter.class); DRNodeCadiFilter(boolean init, PropAccess access) throws ServletException { super(init, access); diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/Delivery.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/Delivery.java index 46750812..83d5186a 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/Delivery.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/Delivery.java @@ -168,7 +168,9 @@ public class Delivery { } } try { - Files.delete(sxf.toPath()); // won't if anything still in it + if (sxf.list().length == 0) { + Files.delete(sxf.toPath()); // won't if anything still in it + } } catch (IOException e) { logger.error("Failed to delete file: " + sxf.getPath(), e); } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java new file mode 100644 index 00000000..542dfd08 --- /dev/null +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtils.java @@ -0,0 +1,58 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.datarouter.node; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import org.onap.aaf.cadi.PropAccess; + +class NodeAafPropsUtils { + + private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeAafPropsUtils.class); + private PropAccess propAccess; + + NodeAafPropsUtils(File propsFile) throws IOException { + propAccess = new PropAccess(); + try { + propAccess.load(new FileInputStream(propsFile.getPath())); + } catch (IOException e) { + eelfLogger.error("Failed to load props file: " + propsFile + "\n" + e.getMessage(), e); + throw e; + } + } + + String getDecryptedPass(String password) { + String decryptedPass = ""; + try { + decryptedPass = getPropAccess().decrypt(getPropAccess().getProperty(password), false); + } catch (IOException e) { + eelfLogger.error("Failed to decrypt " + password + " : " + e.getMessage(), e); + } + return decryptedPass; + } + + PropAccess getPropAccess() { + return propAccess; + } +} diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java index 0283f5cb..aeddc729 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java @@ -105,6 +105,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { private String aafAction; private String aafURL; private boolean cadiEnabled; + private NodeAafPropsUtils nodeAafPropsUtils; /** @@ -124,6 +125,14 @@ public class NodeConfigManager implements DeliveryQueueHelper { "/opt/app/datartr/etc/node.properties")); } provurl = drNodeProperties.getProperty("ProvisioningURL", "https://dmaap-dr-prov:8443/internal/prov"); + String aafPropsFilePath = drNodeProperties + .getProperty("AAFPropsFilePath", "/opt/app/osaaf/local/org.onap.dmaap-dr.props"); + try { + nodeAafPropsUtils = new NodeAafPropsUtils(new File(aafPropsFilePath)); + } catch (IOException e) { + eelfLogger.error("NODE0314 Failed to load AAF props. Exiting", e); + exit(1); + } /* * START - AAF changes: TDP EPIC US# 307413 * Pull AAF settings from node.properties @@ -131,8 +140,8 @@ public class NodeConfigManager implements DeliveryQueueHelper { aafType = drNodeProperties.getProperty("AAFType", "org.onap.dmaap-dr.feed"); aafInstance = drNodeProperties.getProperty("AAFInstance", "legacy"); aafAction = drNodeProperties.getProperty("AAFAction", "publish"); - aafURL = drNodeProperties.getProperty("AafUrl", "https://aaf-onap-test.osaaf.org:8095"); cadiEnabled = Boolean.parseBoolean(drNodeProperties.getProperty("CadiEnabled", "false")); + aafURL = nodeAafPropsUtils.getPropAccess().getProperty("aaf_locate_url", "https://aaf-locate:8095"); /* * END - AAF changes: TDP EPIC US# 307413 * Pull AAF settings from node.properties @@ -168,13 +177,13 @@ public class NodeConfigManager implements DeliveryQueueHelper { eventlogprefix = logdir + "/events"; eventlogsuffix = ".log"; redirfile = drNodeProperties.getProperty("RedirectionFile", "etc/redirections.dat"); - kstype = drNodeProperties.getProperty("KeyStoreType", "jks"); - ksfile = drNodeProperties.getProperty("KeyStoreFile", "etc/keystore"); - kspass = drNodeProperties.getProperty("KeyStorePassword", CHANGE_ME); - kpass = drNodeProperties.getProperty("KeyPassword", CHANGE_ME); + kstype = drNodeProperties.getProperty("KeyStoreType", "PKCS12"); + ksfile = nodeAafPropsUtils.getPropAccess().getProperty("cadi_keystore"); + kspass = nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password"); + kpass = nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password"); tstype = drNodeProperties.getProperty("TrustStoreType", "jks"); - tsfile = drNodeProperties.getProperty("TrustStoreFile"); - tspass = drNodeProperties.getProperty("TrustStorePassword", CHANGE_ME); + tsfile = nodeAafPropsUtils.getPropAccess().getProperty("cadi_truststore"); + tspass = nodeAafPropsUtils.getDecryptedPass("cadi_truststore_password"); if (tsfile != null && tsfile.length() > 0) { System.setProperty("javax.net.ssl.trustStoreType", tstype); System.setProperty("javax.net.ssl.trustStore", tsfile); @@ -802,6 +811,10 @@ public class NodeConfigManager implements DeliveryQueueHelper { return cadiEnabled; } + public NodeAafPropsUtils getNodeAafPropsUtils() { + return nodeAafPropsUtils; + } + /** * Builds the permissions string to be verified. * diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java index fcc3f897..56086301 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeMain.java @@ -25,12 +25,8 @@ package org.onap.dmaap.datarouter.node; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import java.io.IOException; -import java.io.InputStream; import java.util.EnumSet; -import java.util.Properties; import javax.servlet.DispatcherType; -import javax.servlet.ServletException; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.HttpConfiguration; @@ -43,7 +39,6 @@ import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.onap.aaf.cadi.PropAccess; /** * The main starting point for the Data Router node. @@ -144,7 +139,8 @@ public class NodeMain { //CADI Filter activation check if (nodeConfigManager.getCadiEnabled()) { - enableCadi(servletContextHandler); + servletContextHandler.addFilter(new FilterHolder(new DRNodeCadiFilter(true, + nodeConfigManager.getNodeAafPropsUtils().getPropAccess())), "/*", EnumSet.of(DispatcherType.REQUEST)); } server.setHandler(servletContextHandler); @@ -163,24 +159,6 @@ public class NodeMain { nodeMainLogger.debug("NODE00007 Node Server joined - " + server.getState()); } - private static void enableCadi(ServletContextHandler servletContextHandler) throws ServletException { - Properties cadiProperties = new Properties(); - try { - Inner obj = new NodeMain().new Inner(); - InputStream in = obj.getCadiProps(); - cadiProperties.load(in); - } catch (IOException e1) { - nodeMainLogger - .error("NODE00005 Exception in NodeMain.Main() loading CADI properties " + e1.getMessage(), e1); - } - cadiProperties.setProperty("aaf_locate_url", nodeConfigManager.getAafURL()); - nodeMainLogger.debug("NODE00005 aaf_url set to - " + cadiProperties.getProperty("aaf_url")); - - PropAccess access = new PropAccess(cadiProperties); - servletContextHandler.addFilter(new FilterHolder(new DRNodeCadiFilter(true, access)), "/*", EnumSet - .of(DispatcherType.REQUEST)); - } - private static class WaitForConfig implements Runnable { private NodeConfigManager localNodeConfigManager; @@ -200,26 +178,12 @@ public class NodeMain { try { wait(); } catch (Exception exception) { - nodeMainLogger - .error("NodeMain: waitForConfig exception. Exception Message:- " + exception.toString(), - exception); + nodeMainLogger.error("NodeMain: waitForConfig exception. Exception Message:- " + + exception.toString(), exception); } } localNodeConfigManager.deregisterConfigTask(this); nodeMainLogger.debug("NODE0004 Node Configuration Data Received"); } } - - class Inner { - - InputStream getCadiProps() { - InputStream in = null; - try { - in = getClass().getClassLoader().getResourceAsStream("drNodeCadi.properties"); - } catch (Exception e) { - nodeMainLogger.error("Exception in Inner.getCadiProps() method ", e); - } - return in; - } - } } diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props new file mode 100644 index 00000000..173d2fd1 --- /dev/null +++ b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:25:19.002+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=enc:wQM4uZbepQQWfJd9uhcfPZJc7TAOnfTnj5xv9uCRteQOTuc7mSXAWjg9heC7lXod +cadi_alias=dmaap-dr-node@dmaap-dr.onap.org +cadi_key_password=enc:YhS5u9Fqt-ssUs-1wWrv7xkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile +cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr.p12 +cadi_keystore_password=enc:NwhywpJzc4rlcpwkPRs4GWkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_keystore_password_jks=enc:McsNbnuHb5tgoa_UMgdTdHqWEG4bt6VcPsc_NTzS277aDcrNRutDSBDYyyLD5no2 +cadi_keystore_password_p12=enc:NwhywpJzc4rlcpwkPRs4GWkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_truststore=/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks +cadi_truststore_password=enc:xWbQBg4WdbHbQgvKGrol0ns16g9jgFYteR3nQkwTl65BtvtWf_ZKhSVP8w_Z0VHU +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile new file mode 100644 index 00000000..cbed0407 --- /dev/null +++ b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.keyfile @@ -0,0 +1,27 @@ +hPUFfq-4kxkPy1LmRi50b_bhcRn9BKecnkq0u-Uec6JnRIsMgqUiEYJMbxGCGEZquBLszBBPj2Ux +udBAZ5FPIp5IkQFX6NpXJTCqPW9lb4k6KVhRSqSocascKnbYdZxrdThqOaw26kDiw04NFzA7jwxF +G9m2IVWF9AaKx7jQAqaoy4SSK5g1OaI4fGqWQn4HW3HuVJ7cc52JUmrcIGIV-I_6pR0ZAPezHxGn +5k-0rErQEZBHfj0S1M74Lx-eOa7gRlj0b3O8Zq-yfOllRLBZiMLuTmWlVz4ikbmL_eNC2RmjuEyy +v-wFva0Y4dqXEVEj9FoBUAQy7vE-I6VxGRffQRAi4Mnz0v4ISkHPmiOJsYmIzjT2bWyLKloJENfQ +LhV180qF-7UrjWGI2DhlVV_r4AY32-KLU7HLECpKRSjeqhWva_nZAj7ELGvBBTftGDu3HKts_MqU +hb14f5482rHZGPDYv3dCsere31ShIF6WF_YNhO494RgdSMugvWDZwxQYngNjGTgxS8hKezD5erp_ +BoqMuI3xotgaKZluV8yrxsc-M-0F97hJGxn7k1y37jKQugGUNDEwsX5MiHFd9OYY5jY9Pdr2tEXk +PqEmZQXBeCXJOku7KQFwEl4nqkw-52JJS1PAks4v_dlkrJIL95q6zAQOrgSgc597_-0x90k22Zd8 +FowwHQ42R-bo9oRyO0Qbypzd1Ftzu7kCalYH35qcLyAiIOO9NYAwSi5tYldzHgUhVq4wb1aoomeP +HISpNJfT2rK-AGMZw3d3nXWK1b3ztkF-74nD2s-WuTLeomBni1eMiLED850GyRD4uB4j4zF_4dZF +OmT6iShH7RR-gTolGZSAG7sBbwNs3lks9usVWI0qSulQvHBs14QvOY7EmO4SMRueUMo6ZIaOJIkB +uxNzoM_yQ2mMb24AZm_tT1xqMbGf76oYcx8Mu4zcXFkoe-4xDA1D-HXiPtyOzj6K0ByR86aytY2J +SI8mltJwtPx_t5t1fb0nFMQYCM5DzODKXgd-QhEJ8Q64uw6kSFFkv09ZCP0fvWy5Q7AEOAw_Y1YJ +lYyG7Bzu4E8PAQrihKhyYnFsp7WmMak_DGB2oskfHjffsb9Yh4FSM9EyB8x40ryQ6c8SAoP9LmYh +87-NvfQfuinLlHl7BcqCWmA7jwHo44r_L8guXWQ0wSRdCnfphc4_FthK2VQrURzFXTPnb3UvNE4I +U93lmmbwSlCoBjI2SwJAQvBpztlmbaFxgDA2Tbk6Mh6_cKiza2EcXCJzVXghFIqXtPQpAXPwHBZv +NrmKRamZBlMSkWPzPuIbfH6XYqCw3bodTEktzJZYzABFVkyIZ4JtstvoDGxaQDy6Ob2POLhuq0YY +ZW9eVhfvGWNyBK5sWSzEuCrd-nPN-XuDZjt8kWN4GTmokXnV_j20GDHyqwczikrCnlfReA1u2-O8 +VXmHvKMSHI3ckLdGP8QIOWoC4FfFi0QG62McYZO83ZA2wjRZVnS3bAz04uhLryqafm-aJ7tg1XBg +BNTIuJSrWA1WIU-UngRV0TheiNIGtmhBeNdZfWg5MHXaVzSYj0w6A7A7Kwf4cXt2dJosX_8fCLzY +2Q8XA8NjG9_gkE7hwav8UdmUAw86HQW6mTpjOIdSsQ0NauwNbREq4tec-9kuzZGkW4JwlJsxl_xn +yOP1eMHDoV_Xmiz8UxTiWjHHeh3AQcV7G6J0uyjcRTHESAR-jxptepD_iZr-cptrUb43H_spNtSY +dGZ3OvZIl2W-sFbO78ioCaLqYA0Uq35vwMIUpdjFIYb9vUA4JFTXNk3J5oCYX3vibIpACqYODFQ3 +CSqWg_Xg0Eci7VshNXZ9S69hX2KZFnf-qpnvOnRvrOCPJ2HqnZ8RaAkRygT5Nk0VRgLT8BM_1ao5 +MNCgoVw3C_tJlq66i7ve3TY2jamg6_jPxcb_7aKnbTWvKaP0p3dqlnrj3Irc35SD1k_cq1Nh8CYP +Fd06LzCFxS4Ws_ueZ9GJpREYnh6rleFVj-qI6F73rfHiGhFta-4Q_XJeZuplJkrRbHmo5GRb \ No newline at end of file diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props new file mode 100644 index 00000000..3bb069c6 --- /dev/null +++ b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.location.props @@ -0,0 +1,8 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:24:02.091+0000 +# @copyright 2019, AT&T +############################################################ +cadi_latitude=0.00 +cadi_longitude=0.00 diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 new file mode 100644 index 00000000..b5c30479 Binary files /dev/null and b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.p12 differ diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props new file mode 100644 index 00000000..c379da51 --- /dev/null +++ b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.props @@ -0,0 +1,21 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:24:02.090+0000 +# @copyright 2019, AT&T +############################################################ +aaf_env=DEV +aaf_id=dmaap-dr-node@dmaap-dr.onap.org +aaf_locate_url=https://aaf-locate:8095 +aaf_locator_container=oom +aaf_locator_container_ns=onap +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token +aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 +aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 +aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 +aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 +aaf_url_hello=https://aaf-locate:8095/locate/onap.org.osaaf.aaf.hello:2.1 +aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 +cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-dr.location.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props +cadi_protocols=TLSv1.1,TLSv1.2 \ No newline at end of file diff --git a/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks new file mode 100644 index 00000000..c837fa05 Binary files /dev/null and b/datarouter-node/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks differ diff --git a/datarouter-node/src/main/resources/docker/Dockerfile b/datarouter-node/src/main/resources/docker/Dockerfile index 01880bbb..c6f6c61f 100644 --- a/datarouter-node/src/main/resources/docker/Dockerfile +++ b/datarouter-node/src/main/resources/docker/Dockerfile @@ -34,7 +34,7 @@ RUN chmod 0700 startup.sh ENTRYPOINT ["sh", "startup.sh"] RUN addgroup -S -g 1001 onap \ - && adduser -S -u 1000 datarouter -G onap \ - && chown -R datarouter:onap /opt/ /var/ + && adduser -S -u 1000 dradmin -G onap \ + && chown -R dradmin:onap /opt/ /var/ -USER datarouter \ No newline at end of file +USER dradmin \ No newline at end of file diff --git a/datarouter-node/src/main/resources/docker/startup.sh b/datarouter-node/src/main/resources/docker/startup.sh index c4a655fb..8843b221 100644 --- a/datarouter-node/src/main/resources/docker/startup.sh +++ b/datarouter-node/src/main/resources/docker/startup.sh @@ -16,4 +16,5 @@ java -classpath $CLASSPATH org.onap.dmaap.datarouter.node.NodeMain runner_file="$LIB/datarouter-node-jar-with-dependencies.jar" echo "Starting using" $runner_file -java -Dcom.att.eelf.logging.file=/opt/app/datartr/etc/logback.xml -Dcom.att.eelf.logging.path=/root -Dorg.onap.dmaap.datarouter.node.properties=/opt/app/datartr/etc/node.properties -jar $runner_file \ No newline at end of file +java -Dcom.att.eelf.logging.file=/opt/app/datartr/etc/logback.xml -Dcom.att.eelf.logging.path=/root \ +-Dorg.onap.dmaap.datarouter.node.properties=/opt/app/datartr/etc/node.properties -jar $runner_file \ No newline at end of file diff --git a/datarouter-node/src/main/resources/drNodeCadi.properties b/datarouter-node/src/main/resources/drNodeCadi.properties deleted file mode 100644 index 8dfcab1c..00000000 --- a/datarouter-node/src/main/resources/drNodeCadi.properties +++ /dev/null @@ -1,23 +0,0 @@ -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.keyfile -cadi_keystore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -cadi_keystore_password=]3V)($O&.Mv]W{f8^]6SxGNL -cadi_key_password=]3V)($O&.Mv]W{f8^]6SxGNL -cadi_alias=dmaap-dr-node@dmaap-dr.onap.org -cadi_truststore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=(Rd,&{]%ePdp}4JZjqoJ2G+g - -aaf_env=DEV -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_protocols=TLSv1.1,TLSv1.2 -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 -fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 -gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 - -cadi_latitude=53.423 -cadi_longitude=7.940 - -cadi_loglevel=DEBUG \ No newline at end of file diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties index 7c076359..1d7a5d42 100644 --- a/datarouter-node/src/main/resources/node.properties +++ b/datarouter-node/src/main/resources/node.properties @@ -57,26 +57,11 @@ SpoolDir = /opt/app/datartr/spool RedirectionFile = etc/redirections.dat # # The type of keystore for https -KeyStoreType = jks -# -# The path to the keystore for https -KeyStoreFile = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -# -# The password for the https keystore -KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8 -# -# The password for the private key in the https keystore -KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8 +KeyStoreType = PKCS12 # # The type of truststore for https TrustStoreType = jks # -# The path to the truststore for https -TrustStoreFile = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -# -# The password for the https truststore -TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1& -# # The path to the file used to trigger an orderly shutdown QuiesceFile = etc/SHUTDOWN # @@ -95,9 +80,8 @@ AAFInstance = legacy # AAF action to generate permission string - default should be publish AAFAction = publish # -# AAF URL to connect to AAF server -AafUrl = https://aaf-onap-test.osaaf.org:8095 -# # AAF CADI enabled flag CadiEnabled = false - +# +# AAF Props file path +AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java new file mode 100644 index 00000000..aa5368b5 --- /dev/null +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java @@ -0,0 +1,39 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.dmaap.datarouter.node; + +import java.io.File; +import java.io.IOException; +import org.junit.Assert; +import org.junit.Test; + +public class NodeAafPropsUtilsTest { + + @Test + public void Veirfy_Aaf_Pass_Decryp_Successful() { + NodeAafPropsUtils nodeAafPropsUtils = null; + try { + nodeAafPropsUtils = new NodeAafPropsUtils(new File("src/test/resources/aaf/org.onap.dmaap-dr.props")); + } catch (IOException e) { + e.printStackTrace(); + } + Assert.assertEquals("tVac2#@Stx%tIOE^x[c&2fgZ", nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password")); + } +} diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java index 87c2bdf6..578053aa 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java @@ -35,7 +35,7 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; @RunWith(PowerMockRunner.class) -@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.x500.X500Principal"}) +@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.x500.X500Principal", "javax.crypto.*"}) @PrepareForTest({InetAddress.class, URL.class}) public class NodeConfigManagerTest { @@ -57,7 +57,7 @@ public class NodeConfigManagerTest { Assert.assertEquals("legacy", nodeConfigManager.getAafInstance()); Assert.assertEquals("src/test/resources/spool/f", nodeConfigManager.getSpoolDir()); Assert.assertEquals("src/test/resources/spool", nodeConfigManager.getSpoolBase()); - Assert.assertEquals("jks", nodeConfigManager.getKSType()); + Assert.assertEquals("PKCS12", nodeConfigManager.getKSType()); Assert.assertEquals(8080, nodeConfigManager.getHttpPort()); Assert.assertEquals(8443, nodeConfigManager.getHttpsPort()); Assert.assertEquals(443, nodeConfigManager.getExtHttpsPort()); @@ -70,7 +70,7 @@ public class NodeConfigManagerTest { Assert.assertEquals(new String[] {"TLSv1.1", "TLSv1.2"}, nodeConfigManager.getEnabledprotocols()); Assert.assertEquals("org.onap.dmaap-dr.feed", nodeConfigManager.getAafType()); Assert.assertEquals("publish", nodeConfigManager.getAafAction()); - Assert.assertEquals("https://aaf-onap-test.osaaf.org:8095", nodeConfigManager.getAafURL()); + Assert.assertEquals("https://aaf-locate:8095", nodeConfigManager.getAafURL()); Assert.assertFalse(nodeConfigManager.getCadiEnabled()); Assert.assertFalse(nodeConfigManager.isShutdown()); Assert.assertFalse(nodeConfigManager.isConfigured()); diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props new file mode 100644 index 00000000..3f081b5d --- /dev/null +++ b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:25:19.002+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=enc:wQM4uZbepQQWfJd9uhcfPZJc7TAOnfTnj5xv9uCRteQOTuc7mSXAWjg9heC7lXod +cadi_alias=dmaap-dr-node@dmaap-dr.onap.org +cadi_key_password=enc:YhS5u9Fqt-ssUs-1wWrv7xkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_keyfile=src/test/resources/aaf/org.onap.dmaap-dr.keyfile +cadi_keystore=src/test/resources/aaf/org.onap.dmaap-dr.p12 +cadi_keystore_password=enc:NwhywpJzc4rlcpwkPRs4GWkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_keystore_password_jks=enc:McsNbnuHb5tgoa_UMgdTdHqWEG4bt6VcPsc_NTzS277aDcrNRutDSBDYyyLD5no2 +cadi_keystore_password_p12=enc:NwhywpJzc4rlcpwkPRs4GWkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_truststore=/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks +cadi_truststore_password=enc:xWbQBg4WdbHbQgvKGrol0ns16g9jgFYteR3nQkwTl65BtvtWf_ZKhSVP8w_Z0VHU +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile new file mode 100644 index 00000000..cbed0407 --- /dev/null +++ b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile @@ -0,0 +1,27 @@ +hPUFfq-4kxkPy1LmRi50b_bhcRn9BKecnkq0u-Uec6JnRIsMgqUiEYJMbxGCGEZquBLszBBPj2Ux +udBAZ5FPIp5IkQFX6NpXJTCqPW9lb4k6KVhRSqSocascKnbYdZxrdThqOaw26kDiw04NFzA7jwxF +G9m2IVWF9AaKx7jQAqaoy4SSK5g1OaI4fGqWQn4HW3HuVJ7cc52JUmrcIGIV-I_6pR0ZAPezHxGn +5k-0rErQEZBHfj0S1M74Lx-eOa7gRlj0b3O8Zq-yfOllRLBZiMLuTmWlVz4ikbmL_eNC2RmjuEyy +v-wFva0Y4dqXEVEj9FoBUAQy7vE-I6VxGRffQRAi4Mnz0v4ISkHPmiOJsYmIzjT2bWyLKloJENfQ +LhV180qF-7UrjWGI2DhlVV_r4AY32-KLU7HLECpKRSjeqhWva_nZAj7ELGvBBTftGDu3HKts_MqU +hb14f5482rHZGPDYv3dCsere31ShIF6WF_YNhO494RgdSMugvWDZwxQYngNjGTgxS8hKezD5erp_ +BoqMuI3xotgaKZluV8yrxsc-M-0F97hJGxn7k1y37jKQugGUNDEwsX5MiHFd9OYY5jY9Pdr2tEXk +PqEmZQXBeCXJOku7KQFwEl4nqkw-52JJS1PAks4v_dlkrJIL95q6zAQOrgSgc597_-0x90k22Zd8 +FowwHQ42R-bo9oRyO0Qbypzd1Ftzu7kCalYH35qcLyAiIOO9NYAwSi5tYldzHgUhVq4wb1aoomeP +HISpNJfT2rK-AGMZw3d3nXWK1b3ztkF-74nD2s-WuTLeomBni1eMiLED850GyRD4uB4j4zF_4dZF +OmT6iShH7RR-gTolGZSAG7sBbwNs3lks9usVWI0qSulQvHBs14QvOY7EmO4SMRueUMo6ZIaOJIkB +uxNzoM_yQ2mMb24AZm_tT1xqMbGf76oYcx8Mu4zcXFkoe-4xDA1D-HXiPtyOzj6K0ByR86aytY2J +SI8mltJwtPx_t5t1fb0nFMQYCM5DzODKXgd-QhEJ8Q64uw6kSFFkv09ZCP0fvWy5Q7AEOAw_Y1YJ +lYyG7Bzu4E8PAQrihKhyYnFsp7WmMak_DGB2oskfHjffsb9Yh4FSM9EyB8x40ryQ6c8SAoP9LmYh +87-NvfQfuinLlHl7BcqCWmA7jwHo44r_L8guXWQ0wSRdCnfphc4_FthK2VQrURzFXTPnb3UvNE4I +U93lmmbwSlCoBjI2SwJAQvBpztlmbaFxgDA2Tbk6Mh6_cKiza2EcXCJzVXghFIqXtPQpAXPwHBZv +NrmKRamZBlMSkWPzPuIbfH6XYqCw3bodTEktzJZYzABFVkyIZ4JtstvoDGxaQDy6Ob2POLhuq0YY +ZW9eVhfvGWNyBK5sWSzEuCrd-nPN-XuDZjt8kWN4GTmokXnV_j20GDHyqwczikrCnlfReA1u2-O8 +VXmHvKMSHI3ckLdGP8QIOWoC4FfFi0QG62McYZO83ZA2wjRZVnS3bAz04uhLryqafm-aJ7tg1XBg +BNTIuJSrWA1WIU-UngRV0TheiNIGtmhBeNdZfWg5MHXaVzSYj0w6A7A7Kwf4cXt2dJosX_8fCLzY +2Q8XA8NjG9_gkE7hwav8UdmUAw86HQW6mTpjOIdSsQ0NauwNbREq4tec-9kuzZGkW4JwlJsxl_xn +yOP1eMHDoV_Xmiz8UxTiWjHHeh3AQcV7G6J0uyjcRTHESAR-jxptepD_iZr-cptrUb43H_spNtSY +dGZ3OvZIl2W-sFbO78ioCaLqYA0Uq35vwMIUpdjFIYb9vUA4JFTXNk3J5oCYX3vibIpACqYODFQ3 +CSqWg_Xg0Eci7VshNXZ9S69hX2KZFnf-qpnvOnRvrOCPJ2HqnZ8RaAkRygT5Nk0VRgLT8BM_1ao5 +MNCgoVw3C_tJlq66i7ve3TY2jamg6_jPxcb_7aKnbTWvKaP0p3dqlnrj3Irc35SD1k_cq1Nh8CYP +Fd06LzCFxS4Ws_ueZ9GJpREYnh6rleFVj-qI6F73rfHiGhFta-4Q_XJeZuplJkrRbHmo5GRb \ No newline at end of file diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 new file mode 100644 index 00000000..b5c30479 Binary files /dev/null and b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 differ diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props new file mode 100644 index 00000000..53c6de05 --- /dev/null +++ b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.props @@ -0,0 +1,21 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:24:02.090+0000 +# @copyright 2019, AT&T +############################################################ +aaf_env=DEV +aaf_id=dmaap-dr-node@dmaap-dr.onap.org +aaf_locate_url=https://aaf-locate:8095 +aaf_locator_container=docker +aaf_locator_container_ns=onap +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token +aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 +aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 +aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 +aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 +aaf_url_hello=https://aaf-locate:8095/locate/onap.org.osaaf.aaf.hello:2.1 +aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 +cadi_prop_files=src/test/resources/aaf/org.onap.dmaap-dr.location.props:src/test/resources/aaf/org.onap.dmaap-dr.cred.props +cadi_protocols=TLSv1.1,TLSv1.2 diff --git a/datarouter-node/src/test/resources/logback-test.xml b/datarouter-node/src/test/resources/logback-test.xml new file mode 100644 index 00000000..77c471ec --- /dev/null +++ b/datarouter-node/src/test/resources/logback-test.xml @@ -0,0 +1,225 @@ + + + + + + + + + + + + + + + + + + + + ${defaultPattern} + + + + + + + + + + + + ${logDirectory}/${auditLog}.log + + + + ${logDirectory}/${auditLog}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + + ${logDirectory}/${metricsLog}.log + + + + ${logDirectory}/${metricsLog}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + + + ${logDirectory}/${debugLog}.log + + + + ${logDirectory}/${debugLog}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + + ${logDirectory}/${errorLog}.log + + + + ${logDirectory}/${errorLog}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + ${logDirectory}/${jettyLog}.log + + + ${logDirectory}/${jettyLog}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/datarouter-node/src/test/resources/node_test.properties b/datarouter-node/src/test/resources/node_test.properties index 9e0cd994..9359e8dc 100644 --- a/datarouter-node/src/test/resources/node_test.properties +++ b/datarouter-node/src/test/resources/node_test.properties @@ -57,26 +57,11 @@ SpoolDir = src/test/resources/spool RedirectionFile = src/test/redirections.dat # # The type of keystore for https -KeyStoreType = jks -# -# The path to the keystore for https -KeyStoreFile = aaf_certs/org.onap.dmaap-dr.jks -# -# The password for the https keystore -KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8 -# -# The password for the private key in the https keystore -KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8 +KeyStoreType = PKCS12 # # The type of truststore for https TrustStoreType = jks # -# The path to the truststore for https -TrustStoreFile = aaf_certs/org.onap.dmaap-dr.trust.jks -# -# The password for the https truststore -TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1& -# # The path to the file used to trigger an orderly shutdown QuiesceFile = etc/SHUTDOWN # @@ -95,9 +80,9 @@ AAFInstance = legacy # AAF action to generate permission string - default should be publish AAFAction = publish # -# AAF URL to connect to AAF server -AafUrl = https://aaf-onap-test.osaaf.org:8095 -# # AAF CADI enabled flag CadiEnabled = false +# +# AAF Props file path +AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props -- cgit 1.2.3-korg