From 1ccd9c36ba12849148f9eb73e8ff2ffe4ade5870 Mon Sep 17 00:00:00 2001 From: efiacor Date: Tue, 8 Oct 2019 16:24:28 +0100 Subject: Update AAF loading procedure Signed-off-by: efiacor Issue-ID: DMAAP-1318 Change-Id: I8dc75bdbcd05e5316b5c05cbc258010068fb63e8 --- .../onap/dmaap/datarouter/provisioning/Main.java | 91 +++++++----------- .../datarouter/provisioning/ProxyServlet.java | 19 ++-- .../datarouter/provisioning/SynchronizerTask.java | 26 +++--- .../provisioning/utils/AafPropsUtils.java | 102 +++++++++++++++++++++ .../dmaap/datarouter/provisioning/utils/DB.java | 3 +- .../datarouter/provisioning/utils/DRRouteCLI.java | 34 ++++--- .../resources/aaf/org.onap.dmaap-dr.cred.props | 17 ++++ .../main/resources/aaf/org.onap.dmaap-dr.keyfile | 27 ++++++ .../resources/aaf/org.onap.dmaap-dr.location.props | 8 ++ .../src/main/resources/aaf/org.onap.dmaap-dr.p12 | Bin 0 -> 4233 bytes .../src/main/resources/aaf/org.onap.dmaap-dr.props | 21 +++++ .../main/resources/aaf/org.onap.dmaap-dr.trust.jks | Bin 0 -> 1413 bytes .../src/main/resources/docker/Dockerfile | 6 +- .../src/main/resources/docker/startup.sh | 3 +- .../src/main/resources/drProvCadi.properties | 23 ----- .../src/main/resources/provserver.properties | 12 +-- 16 files changed, 265 insertions(+), 127 deletions(-) create mode 100644 datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java create mode 100644 datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props create mode 100644 datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile create mode 100644 datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props create mode 100644 datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 create mode 100644 datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props create mode 100644 datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks delete mode 100644 datarouter-prov/src/main/resources/drProvCadi.properties (limited to 'datarouter-prov/src/main') diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java index aefe8cdf..3269c843 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java @@ -24,10 +24,12 @@ package org.onap.dmaap.datarouter.provisioning; +import static java.lang.System.exit; + import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import java.io.File; import java.io.IOException; -import java.io.InputStream; import java.security.Security; import java.util.EnumSet; import java.util.Properties; @@ -51,8 +53,7 @@ import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.QueuedThreadPool; -import org.onap.aaf.cadi.PropAccess; - +import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; import org.onap.dmaap.datarouter.provisioning.utils.DB; import org.onap.dmaap.datarouter.provisioning.utils.DRProvCadiFilter; import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; @@ -90,15 +91,6 @@ import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; */ public class Main { - /** - * The truststore to use if none is specified. - */ - static final String DEFAULT_TRUSTSTORE = "/opt/java/jdk/jdk180/jre/lib/security/cacerts"; - static final String KEYSTORE_TYPE_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.type"; - static final String KEYSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.path"; - static final String KEYSTORE_PASS_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.password"; - static final String TRUSTSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.path"; - static final String TRUSTSTORE_PASS_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.password"; public static final EELFLogger intlogger = EELFManager.getInstance() .getLogger("org.onap.dmaap.datarouter.provisioning.internal"); @@ -106,18 +98,7 @@ public class Main { * The one and only {@link Server} instance in this JVM. */ private static Server server; - - class Inner { - InputStream getCadiProps() { - InputStream in = null; - try { - in = getClass().getClassLoader().getResourceAsStream("drProvCadi.properties"); - } catch (Exception e) { - intlogger.error("Exception in Main.getCadiProps(): " + e.getMessage(), e); - } - return in; - } - } + static AafPropsUtils aafPropsUtils; /** * Starts the Data Router Provisioning server. @@ -129,10 +110,11 @@ public class Main { Security.setProperty("networkaddress.cache.ttl", "4"); // Check DB is accessible and contains the expected tables if (!checkDatabase()) { - System.exit(1); + intlogger.error("Data Router Provisioning database init failure. Exiting."); + exit(1); } - intlogger.info("PROV0000 **** AT&T Data Router Provisioning Server starting...."); + intlogger.info("PROV0000 **** Data Router Provisioning Server starting...."); Security.setProperty("networkaddress.cache.ttl", "4"); Properties provProperties = (new DB()).getProperties(); @@ -180,6 +162,16 @@ public class Main { httpConfiguration.setSendServerVersion(true); httpConfiguration.setSendDateHeader(false); + try { + AafPropsUtils.init(new File(provProperties.getProperty( + "org.onap.dmaap.datarouter.provserver.aafprops.path", + "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); + } catch (IOException e) { + intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); + exit(1); + } + aafPropsUtils = AafPropsUtils.getInstance(); + //HTTP Connector HandlerCollection handlerCollection; try (ServerConnector httpServerConnector = @@ -190,19 +182,19 @@ public class Main { // SSL Context SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setKeyStoreType(provProperties.getProperty(KEYSTORE_TYPE_PROPERTY, "jks")); - sslContextFactory.setKeyStorePath(provProperties.getProperty(KEYSTORE_PATH_PROPERTY)); - sslContextFactory.setKeyStorePassword(provProperties.getProperty(KEYSTORE_PASS_PROPERTY)); - sslContextFactory.setKeyManagerPassword(provProperties - .getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); - - String ts = provProperties.getProperty(TRUSTSTORE_PATH_PROPERTY); - if (ts != null && ts.length() > 0) { - intlogger.info("@@ TS -> " + ts); - sslContextFactory.setTrustStorePath(ts); - sslContextFactory.setTrustStorePassword(provProperties.getProperty(TRUSTSTORE_PASS_PROPERTY)); + sslContextFactory.setKeyStoreType(AafPropsUtils.KEYSTORE_TYPE_PROPERTY); + sslContextFactory.setKeyStorePath(aafPropsUtils.getKeystorePathProperty()); + sslContextFactory.setKeyStorePassword(aafPropsUtils.getKeystorePassProperty()); + sslContextFactory.setKeyManagerPassword(aafPropsUtils.getKeystorePassProperty()); + + String truststorePathProperty = aafPropsUtils.getTruststorePathProperty(); + if (truststorePathProperty != null && truststorePathProperty.length() > 0) { + intlogger.info("@@ TS -> " + truststorePathProperty); + sslContextFactory.setTrustStoreType(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); + sslContextFactory.setTrustStorePath(truststorePathProperty); + sslContextFactory.setTrustStorePassword(aafPropsUtils.getTruststorePassProperty()); } else { - sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE); + sslContextFactory.setTrustStorePath(AafPropsUtils.DEFAULT_TRUSTSTORE); sslContextFactory.setTrustStorePassword("changeit"); } @@ -263,23 +255,9 @@ public class Main { //CADI Filter activation check if (Boolean.parseBoolean(provProperties.getProperty( "org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"))) { - //Get cadi properties - Properties cadiProperties = null; - try { - intlogger.info("PROV0001 Prov - Loading CADI properties"); - cadiProperties = new Properties(); - Inner obj = new Main().new Inner(); - InputStream in = obj.getCadiProps(); - cadiProperties.load(in); - } catch (IOException ioe) { - intlogger.error("PROV0001 Exception loading CADI properties: " + ioe.getMessage(), ioe); - } - cadiProperties.setProperty("aaf_locate_url", provProperties.getProperty("org.onap.dmaap.datarouter.provserver.cadi.aaf.url", "https://aaf-onap-test.osaaf.org:8095")); - intlogger.info("PROV0001 aaf_url set to - " + cadiProperties.getProperty("aaf_url")); - - PropAccess access = new PropAccess(cadiProperties); - servletContextHandler.addFilter(new FilterHolder(new DRProvCadiFilter(true, access)), + servletContextHandler.addFilter(new FilterHolder(new DRProvCadiFilter(true, aafPropsUtils.getPropAccess())), "/*", EnumSet.of(DispatcherType.REQUEST)); + intlogger.info("PROV0001 AAF CADI Auth enabled for "); } ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection(); @@ -306,7 +284,8 @@ public class Main { server.start(); intlogger.info("Prov Server started-" + server.getState()); } catch (Exception e) { - intlogger.info("Jetty failed to start. Reporting will we unavailable: " + e.getMessage(), e); + intlogger.error("Jetty failed to start. Exiting: " + e.getMessage(), e); + exit(1); } server.join(); intlogger.info("PROV0001 **** AT&T Data Router Provisioning Server halted."); @@ -325,7 +304,7 @@ public class Main { try { server.stop(); Thread.sleep(5000L); - System.exit(0); + exit(0); } catch (Exception e) { intlogger.error("Exception in Main.shutdown(): " + e.getMessage(), e); } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java index c9075b0c..72d55a4c 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java @@ -53,6 +53,7 @@ import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.entity.BasicHttpEntity; import org.apache.http.impl.client.AbstractHttpClient; import org.apache.http.impl.client.DefaultHttpClient; +import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; import org.onap.dmaap.datarouter.provisioning.utils.DB; import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities; @@ -80,21 +81,23 @@ public class ProxyServlet extends BaseServlet { super.init(config); try { // Set up keystore - Properties props = (new DB()).getProperties(); - String store = props.getProperty(Main.TRUSTSTORE_PATH_PROPERTY); - String pass = props.getProperty(Main.TRUSTSTORE_PASS_PROPERTY); + String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; + String store = Main.aafPropsUtils.getKeystorePathProperty(); + String pass = Main.aafPropsUtils.getKeystorePassProperty(); + KeyStore keyStore = readStore(store, pass, type); + // Set up truststore + store = Main.aafPropsUtils.getTruststorePathProperty(); + pass = Main.aafPropsUtils.getTruststorePassProperty(); if (store == null || store.length() == 0) { - store = Main.DEFAULT_TRUSTSTORE; + store = AafPropsUtils.DEFAULT_TRUSTSTORE; pass = "changeit"; } - KeyStore trustStore = readStore(store, pass, KeyStore.getDefaultType()); + KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); // We are connecting with the node name, but the certificate will have the CNAME // So we need to accept a non-matching certificate name - String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks"); - KeyStore keyStore = readStore(store, pass, type); SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, - props.getProperty(Main.KEYSTORE_PASS_PROPERTY), trustStore); + Main.aafPropsUtils.getKeystorePassProperty(), trustStore); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sch = new Scheme("https", 443, socketFactory); inited = true; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java index 5d0592c3..2a907fb7 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SynchronizerTask.java @@ -77,6 +77,7 @@ import org.onap.dmaap.datarouter.provisioning.beans.NetworkRoute; import org.onap.dmaap.datarouter.provisioning.beans.Parameters; import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.beans.Syncable; +import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; import org.onap.dmaap.datarouter.provisioning.utils.DB; import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; import org.onap.dmaap.datarouter.provisioning.utils.RLEBitSet; @@ -144,20 +145,21 @@ public class SynchronizerTask extends TimerTask { logger.info("PROV5000: Sync task starting, server podState is UNKNOWN_POD"); try { - Properties props = (new DB()).getProperties(); - String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks"); - String store = props.getProperty(Main.KEYSTORE_PATH_PROPERTY); - String pass = props.getProperty(Main.KEYSTORE_PASS_PROPERTY); + // Set up keystore + String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; + String store = Main.aafPropsUtils.getKeystorePathProperty(); + String pass = Main.aafPropsUtils.getKeystorePassProperty(); KeyStore keyStore = KeyStore.getInstance(type); try (FileInputStream instream = new FileInputStream(new File(store))) { keyStore.load(instream, pass.toCharArray()); } - store = props.getProperty(Main.TRUSTSTORE_PATH_PROPERTY); - pass = props.getProperty(Main.TRUSTSTORE_PASS_PROPERTY); + // Set up truststore + store = Main.aafPropsUtils.getTruststorePathProperty(); + pass = Main.aafPropsUtils.getTruststorePassProperty(); KeyStore trustStore = null; if (store != null && store.length() > 0) { - trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + trustStore = KeyStore.getInstance(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); try (FileInputStream instream = new FileInputStream(new File(store))) { trustStore.load(instream, pass.toCharArray()); @@ -166,7 +168,7 @@ public class SynchronizerTask extends TimerTask { // We are connecting with the node name, but the certificate will have the CNAME // So we need to accept a non-matching certificate name - String keystorepass = props.getProperty(Main.KEYSTORE_PASS_PROPERTY); + String keystorepass = Main.aafPropsUtils.getKeystorePassProperty(); try (AbstractHttpClient hc = new DefaultHttpClient()) { SSLSocketFactory socketFactory = (trustStore == null) @@ -177,18 +179,18 @@ public class SynchronizerTask extends TimerTask { hc.getConnectionManager().getSchemeRegistry().register(sch); httpclient = hc; } - setSynchTimer(props); + setSynchTimer(new DB().getProperties().getProperty( + "org.onap.dmaap.datarouter.provserver.sync_interval", "5000")); } catch (Exception e) { logger.warn("PROV5005: Problem starting the synchronizer: " + e); } } - private void setSynchTimer(Properties props) { + private void setSynchTimer(String strInterval) { // Run once every 5 seconds to check DNS, etc. long interval; try { - String str = props.getProperty("org.onap.dmaap.datarouter.provserver.sync_interval", "5000"); - interval = Long.parseLong(str); + interval = Long.parseLong(strInterval); } catch (NumberFormatException e) { interval = 5000L; } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java new file mode 100644 index 00000000..68981599 --- /dev/null +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java @@ -0,0 +1,102 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.datarouter.provisioning.utils; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import org.onap.aaf.cadi.PropAccess; + +public class AafPropsUtils { + + private static AafPropsUtils aafPropsUtilsInstance = null; + private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(AafPropsUtils.class); + + public static final String DEFAULT_TRUSTSTORE = "/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks"; + public static final String KEYSTORE_TYPE_PROPERTY = "PKCS12"; + public static final String TRUESTSTORE_TYPE_PROPERTY = "jks"; + private static final String KEYSTORE_PATH_PROPERTY = "cadi_keystore"; + private static final String KEYSTORE_PASS_PROPERTY = "cadi_keystore_password_p12"; + private static final String TRUSTSTORE_PATH_PROPERTY = "cadi_truststore"; + private static final String TRUSTSTORE_PASS_PROPERTY = "cadi_truststore_password"; + + private PropAccess propAccess; + + private AafPropsUtils(File propsFile) throws IOException { + propAccess = new PropAccess(); + try { + propAccess.load(new FileInputStream(propsFile)); + } catch (IOException e) { + eelfLogger.error("Failed to load props file: " + propsFile + "\n" + e.getMessage(), e); + throw e; + } + } + + public static synchronized void init(File propsFile) throws IOException { + if (aafPropsUtilsInstance != null) { + throw new IllegalStateException("Already initialized"); + } + aafPropsUtilsInstance = new AafPropsUtils(propsFile); + } + + public static AafPropsUtils getInstance() { + if (aafPropsUtilsInstance == null) { + throw new IllegalStateException("Call AafPropsUtils.init(File propsFile) first"); + } + return aafPropsUtilsInstance; + } + + private String decryptedPass(String password) { + String decryptedPass = null; + try { + decryptedPass = propAccess.decrypt(password, false); + } catch (IOException e) { + eelfLogger.error("Failed to decrypt " + password + " : " + e.getMessage(), e); + } + return decryptedPass; + } + + public PropAccess getPropAccess() { + if (propAccess == null) { + throw new IllegalStateException("Call AafPropsUtils.init(File propsFile) first"); + } + return propAccess; + } + + public String getKeystorePathProperty() { + return propAccess.getProperty(KEYSTORE_PATH_PROPERTY); + } + + public String getKeystorePassProperty() { + return decryptedPass(propAccess.getProperty(KEYSTORE_PASS_PROPERTY)); + } + + public String getTruststorePathProperty() { + return propAccess.getProperty(TRUSTSTORE_PATH_PROPERTY); + } + + public String getTruststorePassProperty() { + return decryptedPass(propAccess.getProperty(TRUSTSTORE_PASS_PROPERTY)); + } + +} diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DB.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DB.java index 340b4213..a83f81a5 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DB.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DB.java @@ -114,8 +114,7 @@ public class DB { synchronized (queue) { try { connection = queue.remove(); - } catch (NoSuchElementException nseEx) { - intlogger.error("PROV9006 No connection on queue: " + nseEx.getMessage(), nseEx); + } catch (NoSuchElementException ignore) { int num = 0; do { // Try up to 3 times to get a connection diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java index 867d1163..f078d80e 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java @@ -23,6 +23,8 @@ package org.onap.dmaap.datarouter.provisioning.utils; +import static java.lang.System.exit; + import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.io.File; @@ -96,9 +98,9 @@ public class DRRouteCLI { } } - public static final String ENV_VAR = "PROVSRVR"; - public static final String PROMPT = "dr-route> "; - public static final String DEFAULT_TRUSTSTORE_PATH = /* $JAVA_HOME + */ "/jre/lib/security/cacerts"; + private static final String ENV_VAR = "PROVSRVR"; + private static final String PROMPT = "dr-route> "; + private static final String DEFAULT_TRUSTSTORE_PATH = /* $JAVA_HOME + */ "/jre/lib/security/cacerts"; private static final EELFLogger intlogger = EELFManager.getInstance().getLogger("InternalLog"); private final String server; @@ -113,12 +115,20 @@ public class DRRouteCLI { */ public DRRouteCLI(String server) throws Exception { this.server = server; - this.width = 120; this.httpclient = new DefaultHttpClient(); - Properties prop = (new DB()).getProperties(); - String truststoreFile = prop.getProperty("org.onap.dmaap.datarouter.provserver.truststore.path"); - String truststorePw = prop.getProperty("org.onap.dmaap.datarouter.provserver.truststore.password"); + Properties provProperties = (new DB()).getProperties(); + try { + AafPropsUtils.init(new File(provProperties.getProperty( + "org.onap.dmaap.datarouter.provserver.aafprops.path", + "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); + } catch (IOException e) { + intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); + exit(1); + } + + String truststoreFile = AafPropsUtils.getInstance().getTruststorePathProperty(); + String truststorePw = AafPropsUtils.getInstance().getTruststorePassProperty(); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); if (truststoreFile == null || truststoreFile.equals("")) { @@ -139,8 +149,8 @@ public class DRRouteCLI { } finally { try { instream.close(); - } catch (Exception ignore) { - intlogger.error("Ignore error closing input stream: " + ignore.getMessage(), ignore); + } catch (Exception e) { + intlogger.error("Ignore error closing input stream: " + e.getMessage(), e); } } } @@ -178,7 +188,7 @@ public class DRRouteCLI { * @param args The command line arguments. * @return true if the command was valid and succeeded */ - public boolean runCommand(String[] args) { + boolean runCommand(String[] args) { String cmd = args[0].trim().toLowerCase(); if (cmd.equals("add")) { if (args.length > 2) { @@ -471,12 +481,12 @@ public class DRRouteCLI { return rv; } - private void printErrorText(HttpEntity entity) throws IllegalStateException, IOException { + private void printErrorText(HttpEntity entity) throws IOException { // Look for and print only the part of the output between 
...
InputStream is = entity.getContent(); StringBuilder sb = new StringBuilder(); byte[] bite = new byte[512]; - int num = 0; + int num; while ((num = is.read(bite)) > 0) { sb.append(new String(bite, 0, num)); } diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props new file mode 100644 index 00000000..ddc3da56 --- /dev/null +++ b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:52:33.828+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=enc:D1K4bZlKwIDTY6RYX4V1nCgj1mJruMZ4qDaO80iSwm20J8zpUa0qEzOwM-aFjKCe +cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org +cadi_key_password=enc:d80GqeXpOhPOmZAn76t5xgKlq54yAPYQw-OoVqFwcXkCwd58zwHfzZQ3Rgitj30- +cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile +cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr.p12 +cadi_keystore_password=enc:xcPI_-oWnLvQ8SFDyafZG7ii7yZdcgaUwVQFp7x9mkHTnyODGDUaPHb5svAE2euP +cadi_keystore_password_jks=enc:EO1-8pk7wWbiGMriX0aAOX0zxoQ9-ow7LRqOlKgMYVlYGs59yappGzKd0FxkcqM0 +cadi_keystore_password_p12=enc:xcPI_-oWnLvQ8SFDyafZG7ii7yZdcgaUwVQFp7x9mkHTnyODGDUaPHb5svAE2euP +cadi_truststore=/opt/app/osaaf/local/org.onap.dmaap-dr.trust.jks +cadi_truststore_password=enc:XawqMezvaPspcdG9J9tdYx-pEtIu4VaY_QG3ZyLtyWg_gsxvrfg2tInmj95fAkrj +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile new file mode 100644 index 00000000..c5d9d876 --- /dev/null +++ b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.keyfile @@ -0,0 +1,27 @@ +0wlntBQae2B_RCqlj0vFvThyNkGfB47eGQ-JDX2LvNaIWjhg6P114TZ1dVwoqIUO_GvGdZfXvTNe +9W-86XLVDuaom2Ep0bWGpweiIfnRuXuMWwZy7vNRS_jj1GQ8Y30_SrXft3YVHR_r1AC3XTOk1LSS +Yeo356B7juJuOnkRpZwyZflEZM_U72EymWOd5JKb5ugrtdRBCXzh_pmQ24kxepi8XMFoaViI2ccL +KbL3fjSsberNKsSYqeGtXmcElEvDUfNam_ylxTStu-BbZRjelr5zY-rQnvXl01Tapkdl_ejIo8fT +FcdZTSMH2eic32WGO5QJzIhaEXoJu3oNzK0x-rfyURtE15tJAn6FiFvtWFb8nSnWH8TBUYnTLXiJ +6cBE2ER7MQwf5NMGBa1CaLYzrx4B0ZbrbtBr2ETt7k9r1RxjxAoBBxpiMz9ivRj_KzO1mg8Cc47R +PXkjlspPGsx--568_TVSrrFA5nM8By33kDTZCpQbAboFophLRyQ8r6LPp6qEY5OD3YAzTL09nZsD +brZPLowktube0wJLfsomvtPdol6eg44QuQgdZ4RyOaxbeQl5H9M2t6q9G6vRfyVGDkEwbF-rwllX +XjSmltoUZwhjy7gtYZEnbPjwQcdCho0Pub2jj9xLNKf68oJFRQFB8orYNDoaqVdvRRLyeWOs6P86 +deRMIYPz3DzgzIINxZLyOivxlWXNX-fs5WOe3OUER_q5ONkvV2zXg9qnwQLiqbU_98GE6EA3w5X2 +BXTZsvPQTk9G9K3B-hCb9NIxmCPnlTTAHvmgwI7e4yrXOvHbbW4kAaLiT5CzBrcm7cUv-5ADecCM +NUTHKYqu0HeRr1L5f56OQESp_G16NtStQ3j-9G_bFMrc6gkGMioWaFxdTfBvKYoP7Mbnkaw5L0Tt +TK7PR_3VfET4fdMg33l7YnnRu-B114qGxCQCz7KvcoLfKRwYKi-F5Hf_t36IAAFJheflKkSqzLCF +WjY6cO9DrVz2L60iybXwaNXROVzt2HMLnMLI9e7EQMX7censpQ-NW6vhN7udWiIJ9flerZe3ofK6 +EO70sIAhS0ZkZvTDxiFfc2vryZc3sgtJAW-65D3DRhZyFLW8PerD4NUMpdu-Np-Dt89z4WxElFX5 +ZFs5hkSUSht8-mp84RDLju4y_3jcha5rhptGQMJBOwx9mtnkEoD6U2282dpYsCl3xgXICF1QPCD- +v0oLlded24Tjm9WWeooYo7Gb_tKj8wtNmJwPQ7E9o5gd8XVwrckWugTdXufMmbedKQPZ4bmuqlkx +VI3k05VIYuriTB4t1OsU8OgzoFyTn-38X00dzjJrE40vbX6GdJ51BdcULFz2gJuHKVrLXWPrqEFE +S0moPSU7DyfrgIuRidDwtawAA-JHtgiuf_wrmpShQri1CJ3JCQ6yPAPTBXUjVjzlTCaVkIpmgMoe +tclMBS4AaWP2ac5OPwxP3ldnZcMuHLSVhhxyNLk9nhn8BB8_vtNEZUopU2tb7OKHKgdX47qsP5aa +ueb1_T_0ojj9grruiWO_C0_DaKlpmTh7xKzhCOt3w4IOTezN4If9oJ0AB-3vL7XHb6qs3OZw9Iop +MB1ztIrv1QAE87ZfdyZzZVuNgmosZtNJa2IOjRe83ipr5-DolUgR5OYFNVNg-fFO59SwILdM38U9 +Nq4B_rzR9R7dEdOMp-rs4YBJxqLlL6zZE1tdEP6yba09Dx1fqeh1oXHlWjGSX5JZMnjwrgai_z3q +2h2SeLOUlbyi-i-rMlrqbzro4-kFONIqZdAAsocjGfkoXBtGNJgkmGhHq2TMI2SCXDYqCKtFYOQa +2XSGyJ1QsvOGcHlJhGK-hwFj_JcbnxDx6b_24RrEzWSTXlW0R03JAl9fM24Nk9Y1v5iO6fPfWXU0 +J5BniYOohauEGbogRLwupN9-Deh5JzZlaFCFEDup32oxm4RC6tVk_Ik6jA7C3wVU5pfu8t2lgG6M +PhH0efEjQWNbX5Uv1pbTY8W5bIJ3BSYI4o-cRabaA8UbuCViJ8uvHvFIXew6O3pWDB7vcGKA \ No newline at end of file diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props new file mode 100644 index 00000000..4f6befb8 --- /dev/null +++ b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.location.props @@ -0,0 +1,8 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:52:10.009+0000 +# @copyright 2019, AT&T +############################################################ +cadi_latitude=0.00 +cadi_longitude=0.00 diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 new file mode 100644 index 00000000..bd60d26e Binary files /dev/null and b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.p12 differ diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props new file mode 100644 index 00000000..561a8782 --- /dev/null +++ b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.props @@ -0,0 +1,21 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2019-10-02T14:52:10.008+0000 +# @copyright 2019, AT&T +############################################################ +aaf_env=DEV +aaf_id=dmaap-dr-prov@dmaap-dr.onap.org +aaf_locate_url=https://aaf-locate:8095 +aaf_locator_container=docker +aaf_locator_container_ns=onap +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token +aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 +aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 +aaf_url_fs=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 +aaf_url_gui=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 +aaf_url_hello=https://aaf-locate:8095/locate/onap.org.osaaf.aaf.hello:2.1 +aaf_url_oauth=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1 +cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-dr.location.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props +cadi_protocols=TLSv1.1,TLSv1.2 diff --git a/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks new file mode 100644 index 00000000..0c9da2e5 Binary files /dev/null and b/datarouter-prov/src/main/resources/aaf/org.onap.dmaap-dr.trust.jks differ diff --git a/datarouter-prov/src/main/resources/docker/Dockerfile b/datarouter-prov/src/main/resources/docker/Dockerfile index 115dc7cb..61d32473 100644 --- a/datarouter-prov/src/main/resources/docker/Dockerfile +++ b/datarouter-prov/src/main/resources/docker/Dockerfile @@ -34,7 +34,7 @@ RUN chmod 0700 startup.sh ENTRYPOINT ["sh", "startup.sh"] RUN addgroup -S -g 1001 onap \ - && adduser -S -u 1000 datarouter -G onap \ - && chown -R datarouter:onap /opt/ + && adduser -S -u 1000 dradmin -G onap \ + && chown -R dradmin:onap /opt/ /var/ -USER datarouter +USER dradmin diff --git a/datarouter-prov/src/main/resources/docker/startup.sh b/datarouter-prov/src/main/resources/docker/startup.sh index ba0f7351..aa2f69b6 100644 --- a/datarouter-prov/src/main/resources/docker/startup.sh +++ b/datarouter-prov/src/main/resources/docker/startup.sh @@ -13,4 +13,5 @@ java -classpath $CLASSPATH org.onap.dmaap.datarouter.provisioning.Main runner_file="$LIB/datarouter-prov-jar-with-dependencies.jar" echo "Starting using" $runner_file -java -Dorg.onap.dmaap.datarouter.provserver.properties=/opt/app/datartr/etc/provserver.properties -Dcom.att.eelf.logging.file=/opt/app/datartr/etc/logback.xml -Dcom.att.eelf.logging.path=/root -jar $runner_file \ No newline at end of file +java -Dorg.onap.dmaap.datarouter.provserver.properties=/opt/app/datartr/etc/provserver.properties \ +-Dcom.att.eelf.logging.file=/opt/app/datartr/etc/logback.xml -Dcom.att.eelf.logging.path=/root -jar $runner_file \ No newline at end of file diff --git a/datarouter-prov/src/main/resources/drProvCadi.properties b/datarouter-prov/src/main/resources/drProvCadi.properties deleted file mode 100644 index 56f2e5c0..00000000 --- a/datarouter-prov/src/main/resources/drProvCadi.properties +++ /dev/null @@ -1,23 +0,0 @@ -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.keyfile -cadi_keystore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -cadi_keystore_password=AT{];bvaDiytVD&oWhMZj0N5 -cadi_key_password=AT{];bvaDiytVD&oWhMZj0N5 -cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org -cadi_truststore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -cadi_truststore_password=ljlS@Y}0]{UO(TnwvEWkgJ%] - -aaf_env=DEV -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_protocols=TLSv1.1,TLSv1.2 -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 -fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 -gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 - -cadi_latitude=53.423 -cadi_longitude=7.940 - -cadi_loglevel=DEBUG \ No newline at end of file diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties index 59b791dc..20b5cb92 100755 --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -26,12 +26,7 @@ org.onap.dmaap.datarouter.provserver.http.port = 8080 org.onap.dmaap.datarouter.provserver.https.port = 8443 org.onap.dmaap.datarouter.provserver.https.relaxation = true -org.onap.dmaap.datarouter.provserver.keystore.type = jks -org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX -org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -org.onap.dmaap.datarouter.provserver.keystore.password = FZNkU,B%NJzcT1v7;^v]M#ZX -org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -org.onap.dmaap.datarouter.provserver.truststore.password = +mzf@J.D^;3!![*Xr.z$c#?b +org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool @@ -62,7 +57,4 @@ org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.fe org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub org.onap.dmaap.datarouter.provserver.aaf.instance = legacy org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish -org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe - -# AAF URL to connect to AAF server -org.onap.dmaap.datarouter.provserver.cadi.aaf.url = https://aaf-onap-test.osaaf.org:8095 \ No newline at end of file +org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe \ No newline at end of file -- cgit 1.2.3-korg