From ce73ff52ce9aafb07d1aa4c28405328d83c816b9 Mon Sep 17 00:00:00 2001 From: Ronan Keogh Date: Thu, 23 Aug 2018 11:04:45 +0100 Subject: preliminary AAF changes for DR Change-Id: I526648c42f8205c0f09b3c077aa1203e336f4f5f Issue-ID: DMAAP-558 Signed-off-by: Ronan Keogh --- datarouter-node/aaf_certs/org.onap.dmaap-dr.jks | Bin 0 -> 3659 bytes .../aaf_certs/org.onap.dmaap-dr.trust.jks | Bin 0 -> 1413 bytes datarouter-node/pom.xml | 4 +- datarouter-node/self_signed/cacerts.jks | Bin 1936 -> 0 bytes datarouter-node/self_signed/keystore.jks | Bin 2273 -> 0 bytes datarouter-node/self_signed/mykey.cer | Bin 921 -> 0 bytes datarouter-node/self_signed/nodekey.cer | Bin 921 -> 0 bytes .../org/onap/dmaap/datarouter/node/NodeUtils.java | 56 +++--- .../src/main/resources/misc/node.properties | 111 ---------- datarouter-node/src/main/resources/node.properties | 223 ++++++++++----------- 10 files changed, 146 insertions(+), 248 deletions(-) create mode 100644 datarouter-node/aaf_certs/org.onap.dmaap-dr.jks create mode 100644 datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks delete mode 100644 datarouter-node/self_signed/cacerts.jks delete mode 100644 datarouter-node/self_signed/keystore.jks delete mode 100644 datarouter-node/self_signed/mykey.cer delete mode 100644 datarouter-node/self_signed/nodekey.cer delete mode 100644 datarouter-node/src/main/resources/misc/node.properties (limited to 'datarouter-node') diff --git a/datarouter-node/aaf_certs/org.onap.dmaap-dr.jks b/datarouter-node/aaf_certs/org.onap.dmaap-dr.jks new file mode 100644 index 00000000..4529cccb Binary files /dev/null and b/datarouter-node/aaf_certs/org.onap.dmaap-dr.jks differ diff --git a/datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks b/datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks new file mode 100644 index 00000000..096fbb26 Binary files /dev/null and b/datarouter-node/aaf_certs/org.onap.dmaap-dr.trust.jks differ diff --git a/datarouter-node/pom.xml b/datarouter-node/pom.xml index c6bd3e94..18743db8 100755 --- a/datarouter-node/pom.xml +++ b/datarouter-node/pom.xml @@ -376,10 +376,10 @@ copy-resources - ${basedir}/target/opt/app/datartr/self_signed + ${basedir}/target/opt/app/datartr/aaf_certs - ${basedir}/self_signed + ${basedir}/aaf_certs misc/** **/** diff --git a/datarouter-node/self_signed/cacerts.jks b/datarouter-node/self_signed/cacerts.jks deleted file mode 100644 index dfd81433..00000000 Binary files a/datarouter-node/self_signed/cacerts.jks and /dev/null differ diff --git a/datarouter-node/self_signed/keystore.jks b/datarouter-node/self_signed/keystore.jks deleted file mode 100644 index e5a4e781..00000000 Binary files a/datarouter-node/self_signed/keystore.jks and /dev/null differ diff --git a/datarouter-node/self_signed/mykey.cer b/datarouter-node/self_signed/mykey.cer deleted file mode 100644 index 2a5c9d70..00000000 Binary files a/datarouter-node/self_signed/mykey.cer and /dev/null differ diff --git a/datarouter-node/self_signed/nodekey.cer b/datarouter-node/self_signed/nodekey.cer deleted file mode 100644 index 4cdfdfe3..00000000 Binary files a/datarouter-node/self_signed/nodekey.cer and /dev/null differ diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java index 375a38e3..2c013ca5 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java @@ -28,26 +28,30 @@ import static com.att.eelf.configuration.Configuration.MDC_SERVER_FQDN; import static com.att.eelf.configuration.Configuration.MDC_SERVER_IP_ADDRESS; import static com.att.eelf.configuration.Configuration.MDC_SERVICE_NAME; -import java.security.*; -import java.io.*; -import java.util.*; -import java.security.cert.*; -import java.net.*; -import java.text.*; - +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.InetAddress; +import java.security.KeyStore; +import java.security.MessageDigest; +import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Enumeration; +import java.util.TimeZone; import org.apache.commons.codec.binary.Base64; import org.apache.log4j.Logger; import org.onap.dmaap.datarouter.node.eelf.EelfMsgs; import org.slf4j.MDC; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - /** * Utility functions for the data router node */ public class NodeUtils { - private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.node.NodeUtils"); + + private static EELFLogger eelfLogger = EELFManager.getInstance() + .getLogger("org.onap.dmaap.datarouter.node.NodeUtils"); private static Logger nodeUtilsLogger = Logger.getLogger("org.onap.dmaap.datarouter.node.NodeUtils"); private static SimpleDateFormat logDate; @@ -72,7 +76,7 @@ public class NodeUtils { /** * Given a user and password, generate the credentials * - * @param user User name + * @param user User name * @param password User password * @return Authorization header value */ @@ -96,13 +100,15 @@ public class NodeUtils { md.update(key.getBytes()); return (getAuthHdr(node, base64Encode(md.digest()))); } catch (Exception exception) { - nodeUtilsLogger.error("Exception in generating Credentials for given node name:= " + exception.toString(), exception); + nodeUtilsLogger + .error("Exception in generating Credentials for given node name:= " + exception.toString(), exception); return (null); } } /** - * Given a keystore file and its password, return the value of the CN of the first private key entry with a certificate. + * Given a keystore file and its password, return the value of the CN of the first private key entry with a + * certificate. * * @param kstype The type of keystore * @param ksfile The file name of the keystore @@ -110,15 +116,16 @@ public class NodeUtils { * @return CN of the certificate subject or null */ public static String getCanonicalName(String kstype, String ksfile, String kspass) { - KeyStore ks=null; + KeyStore ks; try { ks = KeyStore.getInstance(kstype); - try(FileInputStream fileInputStream=new FileInputStream(ksfile)) { + try (FileInputStream fileInputStream = new FileInputStream(ksfile)) { ks.load(fileInputStream, kspass.toCharArray()); + } catch (IOException ioException) { + nodeUtilsLogger.error("IOException occurred while opening FileInputStream: " + ioException.getMessage(), + ioException); + return (null); } - } catch(IOException ioException) { - nodeUtilsLogger.error("Exception occurred while opening FileInputStream",ioException); - return (null); } catch (Exception e) { setIpAndFqdnForEelf("getCanonicalName"); eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_LOAD_ERROR, ksfile, e.toString()); @@ -147,7 +154,7 @@ public class NodeUtils { if (parts.length < 1) { return (null); } - subject = parts[0].trim(); + subject = parts[5].trim(); if (!subject.startsWith("CN=")) { return (null); @@ -172,7 +179,8 @@ public class NodeUtils { try { return (InetAddress.getByName(ip).getAddress()); } catch (Exception exception) { - nodeUtilsLogger.error("Exception in generating byte array for given IP address := " + exception.toString(), exception); + nodeUtilsLogger + .error("Exception in generating byte array for given IP address := " + exception.toString(), exception); } return (null); } @@ -202,7 +210,8 @@ public class NodeUtils { } /** - * Escape fields that might contain vertical bar, backslash, or newline by replacing them with backslash p, backslash e and backslash n. + * Escape fields that might contain vertical bar, backslash, or newline by replacing them with backslash p, + * backslash e and backslash n. */ public static String loge(String s) { if (s == null) { @@ -246,7 +255,8 @@ public class NodeUtils { MDC.put(MDC_SERVER_FQDN, InetAddress.getLocalHost().getHostName()); MDC.put(MDC_SERVER_IP_ADDRESS, InetAddress.getLocalHost().getHostAddress()); } catch (Exception exception) { - nodeUtilsLogger.error("Exception in generating byte array for given IP address := " + exception.toString(), exception); + nodeUtilsLogger + .error("Exception in generating byte array for given IP address := " + exception.toString(), exception); } } diff --git a/datarouter-node/src/main/resources/misc/node.properties b/datarouter-node/src/main/resources/misc/node.properties deleted file mode 100644 index fc707413..00000000 --- a/datarouter-node/src/main/resources/misc/node.properties +++ /dev/null @@ -1,111 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -# -# Configuration parameters fixed at startup for the DataRouter node -# -# URL to retrieve dynamic configuration -# -#ProvisioningURL: ${DRTR_PROV_INTURL} -ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov - -# -# URL to upload PUB/DEL/EXP logs -# -#LogUploadURL: ${DRTR_LOG_URL} -LogUploadURL=https://prov.datarouternew.com:8443/internal/logs - -# -# The port number for http as seen within the server -# -#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort=8080 -# -# The port number for https as seen within the server -# -IntHttpsPort=8443 -# -# The external port number for https taking port mapping into account -# -ExtHttpsPort=443 -# -# The minimum interval between fetches of the dynamic configuration -# from the provisioning server -# -MinProvFetchInterval=10000 -# -# The minimum interval between saves of the redirection data file -# -MinRedirSaveInterval=10000 -# -# The path to the directory where log files are stored -# -LogDir=/opt/app/datartr/logs -# -# The retention interval (in days) for log files -# -LogRetention=30 -# -# The path to the directories where data and meta data files are stored -# -SpoolDir=/opt/app/datartr/spool -# -# The path to the redirection data file -# -#RedirectionFile: etc/redirections.dat -# -# The type of keystore for https -KeyStoreType: jks -# -# The path to the keystore for https -# -KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks -# -# The password for the https keystore -# -KeyStorePassword=changeit -# -# The password for the private key in the https keystore -# -KeyPassword=changeit -# -# The type of truststore for https -# -TrustStoreType=jks -# -# The path to the truststore for https -# -#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks -# -# The password for the https truststore -# -TrustStorePassword=changeit -# -# The path to the file used to trigger an orderly shutdown -# -QuiesceFile=etc/SHUTDOWN -# -# The key used to generate passwords for node to node transfers -# -NodeAuthKey=Node123! - diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties index 411cc2b9..de38cb6f 100644 --- a/datarouter-node/src/main/resources/node.properties +++ b/datarouter-node/src/main/resources/node.properties @@ -1,112 +1,111 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -# -# Configuration parameters fixed at startup for the DataRouter node -# -# URL to retrieve dynamic configuration -# -#ProvisioningURL: ${DRTR_PROV_INTURL} -ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov - -# -# URL to upload PUB/DEL/EXP logs -# -#LogUploadURL: ${DRTR_LOG_URL} -LogUploadURL=https://prov.datarouternew.com:8443/internal/logs - -# -# The port number for http as seen within the server -# -#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort=8080 -# -# The port number for https as seen within the server -# -IntHttpsPort=8443 -# -# The external port number for https taking port mapping into account -# -ExtHttpsPort=443 -# -# The minimum interval between fetches of the dynamic configuration -# from the provisioning server -# -MinProvFetchInterval=10000 -# -# The minimum interval between saves of the redirection data file -# -MinRedirSaveInterval=10000 -# -# The path to the directory where log files are stored -# -LogDir=/opt/app/datartr/logs -# -# The retention interval (in days) for log files -# -LogRetention=30 -# -# The path to the directories where data and meta data files are stored -# -SpoolDir=/opt/app/datartr/spool -# -# The path to the redirection data file -# -#RedirectionFile: etc/redirections.dat -# -# The type of keystore for https -# -KeyStoreType: jks -# -# The path to the keystore for https -# -KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks -# -# The password for the https keystore -# -KeyStorePassword=changeit -# -# The password for the private key in the https keystore -# -KeyPassword=changeit -# -# The type of truststore for https -# -TrustStoreType=jks -# -# The path to the truststore for https -# -#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks -# -# The password for the https truststore -# -TrustStorePassword=changeit -# -# The path to the file used to trigger an orderly shutdown -# -QuiesceFile=etc/SHUTDOWN -# -# The key used to generate passwords for node to node transfers -# -NodeAuthKey=Node123! - +#------------------------------------------------------------------------------- +# ============LICENSE_START================================================== +# * org.onap.dmaap +# * =========================================================================== +# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# * =========================================================================== +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * ============LICENSE_END==================================================== +# * +# * ECOMP is a trademark and service mark of AT&T Intellectual Property. +# * +#------------------------------------------------------------------------------- +# +# Configuration parameters fixed at startup for the DataRouter node +# +# URL to retrieve dynamic configuration +# +#ProvisioningURL: ${DRTR_PROV_INTURL} +ProvisioningURL=https://dmaap-dr-prov:8443/internal/prov + +# +# URL to upload PUB/DEL/EXP logs +# +#LogUploadURL: ${DRTR_LOG_URL} +LogUploadURL=https://dmaap-dr-prov:8443/internal/logs + +# +# The port number for http as seen within the server +# +#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} +IntHttpPort=8080 +# +# The port number for https as seen within the server +# +IntHttpsPort=8443 +# +# The external port number for https taking port mapping into account +# +ExtHttpsPort=443 +# +# The minimum interval between fetches of the dynamic configuration +# from the provisioning server +# +MinProvFetchInterval=10000 +# +# The minimum interval between saves of the redirection data file +# +MinRedirSaveInterval=10000 +# +# The path to the directory where log files are stored +# +LogDir=/opt/app/datartr/logs +# +# The retention interval (in days) for log files +# +LogRetention=30 +# +# The path to the directories where data and meta data files are stored +# +SpoolDir=/opt/app/datartr/spool +# +# The path to the redirection data file +# +#RedirectionFile: etc/redirections.dat +# +# The type of keystore for https +KeyStoreType: jks +# +# The path to the keystore for https +# +KeyStoreFile:/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks +# +# The password for the https keystore +# +KeyStorePassword=4*&GD+w58RUM]01No.CYY;z6 +# +# The password for the private key in the https keystore +# +KeyPassword=4*&GD+w58RUM]01No.CYY;z6 +# +# The type of truststore for https +# +TrustStoreType=jks +# +# The path to the truststore for https +# +#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts +TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks +# +# The password for the https truststore +# +TrustStorePassword=UDXlT6Iu[F)k,Htk92+B,0Xj +# +# The path to the file used to trigger an orderly shutdown +# +QuiesceFile=etc/SHUTDOWN +# +# The key used to generate passwords for node to node transfers +# +NodeAuthKey=Node123! + -- cgit 1.2.3-korg