From d70c2ca145d2b3eac7ed6a4f16d41e322962cf59 Mon Sep 17 00:00:00 2001
From: "david.mcweeney" <david.mcweeney@est.tech>
Date: Wed, 16 Mar 2022 16:08:44 +0000
Subject: DMAAP-1714 - DR Making TLS Configurable

Change-Id: I0c3bc05182691c12c9d0f0b76d09f7dfea3e09eb
Signed-off-by: david.mcweeney <david.mcweeney@est.tech>
Issue-ID: DMAAP-1714
---
 .../org/onap/dmaap/datarouter/node/NodeConfigManager.java |  7 +++++++
 .../java/org/onap/dmaap/datarouter/node/NodeServlet.java  |  2 +-
 datarouter-node/src/main/resources/node.properties        |  3 +++
 .../onap/dmaap/datarouter/node/NodeConfigManagerTest.java |  1 +
 .../org/onap/dmaap/datarouter/node/NodeServletTest.java   | 15 +++++++++++++--
 datarouter-node/src/test/resources/node_test.properties   |  3 +++
 6 files changed, 28 insertions(+), 3 deletions(-)

(limited to 'datarouter-node')

diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java
index 5b5245da..3b950232 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java
@@ -102,6 +102,7 @@ public class NodeConfigManager implements DeliveryQueueHelper {
     private String aafType;
     private String aafInstance;
     private String aafAction;
+    private boolean tlsEnabled;
     private boolean cadiEnabled;
     private NodeAafPropsUtils nodeAafPropsUtils;
 
@@ -159,6 +160,8 @@ public class NodeConfigManager implements DeliveryQueueHelper {
         svcport = Integer.parseInt(drNodeProperties.getProperty("IntHttpsPort", "8443"));
         port = Integer.parseInt(drNodeProperties.getProperty("ExtHttpsPort", "443"));
         spooldir = drNodeProperties.getProperty("SpoolDir", "spool");
+        tlsEnabled = Boolean.parseBoolean(drNodeProperties.getProperty("TlsEnabled", "true"));
+
         File fdir = new File(spooldir + "/f");
         fdir.mkdirs();
         for (File junk : Objects.requireNonNull(fdir.listFiles())) {
@@ -811,6 +814,10 @@ public class NodeConfigManager implements DeliveryQueueHelper {
         return aafAction;
     }
 
+    protected boolean isTlsEnabled() {
+        return tlsEnabled;
+    }
+
     boolean getCadiEnabled() {
         return cadiEnabled;
     }
diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index 139c7492..ee1f5b7d 100644
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -549,7 +549,7 @@ public class NodeServlet extends HttpServlet {
             eelfLogger.info(EelfMsgs.EXIT);
             return null;
         }
-        if (!req.isSecure()) {
+        if (!req.isSecure() && config.isTlsEnabled()) {
             eelfLogger.error(
                     "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req
                             .getRemoteAddr());
diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties
index 1d7a5d42..f7c24fab 100644
--- a/datarouter-node/src/main/resources/node.properties
+++ b/datarouter-node/src/main/resources/node.properties
@@ -85,3 +85,6 @@ CadiEnabled = false
 #
 #    AAF Props file path
 AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
+#    https security required for publish request
+TlsEnabled = true
diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java
index e64579ed..82038fba 100644
--- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java
+++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java
@@ -112,6 +112,7 @@ public class NodeConfigManagerTest {
         Assert.assertEquals("publish", nodeConfigManager.getAafAction());
         Assert.assertFalse(nodeConfigManager.getCadiEnabled());
         Assert.assertFalse(nodeConfigManager.isShutdown());
+        Assert.assertTrue(nodeConfigManager.isTlsEnabled());
         Assert.assertTrue(nodeConfigManager.isConfigured());
         Assert.assertEquals("legacy", nodeConfigManager.getAafInstance("1"));
         Assert.assertNotNull(nodeConfigManager.getPublishId());
diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
index 4340b018..f7e3d7c8 100644
--- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
+++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java
@@ -23,7 +23,6 @@
 package org.onap.dmaap.datarouter.node;
 
 import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyObject;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.anyString;
@@ -144,8 +143,9 @@ public class NodeServletTest {
     }
 
     @Test
-    public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_Then_Forbidden_Response_Is_Generated() throws Exception {
+    public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_And_TLS_Enabled_Then_Forbidden_Response_Is_Generated() throws Exception {
         when(request.isSecure()).thenReturn(false);
+        when(config.isTlsEnabled()).thenReturn(true);
         nodeServlet.doPut(request, response);
         verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
         verifyEnteringExitCalled(listAppender);
@@ -284,6 +284,17 @@ public class NodeServletTest {
         verifyEnteringExitCalled(listAppender);
     }
 
+    @Test
+    public void Given_Request_Is_HTTP_DELETE_File_And_Request_Is_Not_Secure_But_TLS_Disabled_Then_Request_Succeeds() throws Exception {
+        when(request.isSecure()).thenReturn(false);
+        when(config.isTlsEnabled()).thenReturn(false);
+        when(request.getPathInfo()).thenReturn("/delete/1/dmaap-dr-node.1234567");
+        createFilesAndDirectories();
+        nodeServlet.doDelete(request, response);
+        verify(response).setStatus(eq(HttpServletResponse.SC_OK));
+        verifyEnteringExitCalled(listAppender);
+    }
+
     @Test
     public void Given_Request_Is_HTTP_DELETE_File_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws IOException {
         when(request.getPathInfo()).thenReturn("/delete/1/nonExistingFile");
diff --git a/datarouter-node/src/test/resources/node_test.properties b/datarouter-node/src/test/resources/node_test.properties
index 9359e8dc..3c96ed25 100644
--- a/datarouter-node/src/test/resources/node_test.properties
+++ b/datarouter-node/src/test/resources/node_test.properties
@@ -86,3 +86,6 @@ CadiEnabled = false
 #    AAF Props file path
 AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props
 
+#    https security required for publish request 
+TlsEnabled = true
+
-- 
cgit 1.2.3-korg