From bda6aeaa60607ab4fe5af508156019d7bd5c0ce4 Mon Sep 17 00:00:00 2001 From: efiacor Date: Wed, 7 Dec 2022 10:56:27 +0000 Subject: [DMAAP-DR] Remove AAF/TLS phase 1 Signed-off-by: efiacor Change-Id: Ifeae01dd8e7f0a737d8b74594a8061ae3d4ea647 Issue-ID: DMAAP-1642 --- .../onap/dmaap/datarouter/authz/Authorizer.java | 2 +- .../datarouter/authz/impl/ProvAuthorizer.java | 2 +- .../dmaap/datarouter/provisioning/BaseServlet.java | 8 +- .../datarouter/provisioning/DRFeedsServlet.java | 4 +- .../dmaap/datarouter/provisioning/FeedServlet.java | 8 +- .../datarouter/provisioning/GroupServlet.java | 4 +- .../datarouter/provisioning/InternalServlet.java | 4 +- .../dmaap/datarouter/provisioning/LogServlet.java | 6 +- .../dmaap/datarouter/provisioning/ProvRunner.java | 38 +-- .../dmaap/datarouter/provisioning/ProvServer.java | 126 ++++------ .../datarouter/provisioning/ProxyServlet.java | 44 ++-- .../datarouter/provisioning/PublishServlet.java | 11 +- .../datarouter/provisioning/RouteServlet.java | 4 +- .../datarouter/provisioning/StatisticsServlet.java | 6 +- .../datarouter/provisioning/SubscribeServlet.java | 4 +- .../provisioning/SubscriptionServlet.java | 11 +- .../provisioning/beans/EventLogRecord.java | 4 +- .../provisioning/beans/IngressRoute.java | 2 +- .../provisioning/utils/AafPropsUtils.java | 4 +- .../provisioning/utils/DRProvCadiFilter.java | 266 --------------------- .../datarouter/provisioning/utils/DRRouteCLI.java | 2 +- .../provisioning/utils/HttpServletUtils.java | 2 +- .../datarouter/provisioning/utils/ProvDbUtils.java | 2 +- .../provisioning/utils/SynchronizerTask.java | 61 ++--- .../provisioning/utils/ThrottleFilter.java | 16 +- .../provisioning/utils/URLUtilities.java | 11 +- .../src/main/resources/docker/Dockerfile | 2 +- .../src/main/resources/provserver.properties | 26 +- 28 files changed, 187 insertions(+), 493 deletions(-) delete mode 100644 datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRProvCadiFilter.java (limited to 'datarouter-prov/src/main') diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/Authorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/Authorizer.java index fb62f192..48ad7bdd 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/Authorizer.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/Authorizer.java @@ -24,8 +24,8 @@ package org.onap.dmaap.datarouter.authz; +import jakarta.servlet.http.HttpServletRequest; import java.util.Map; -import javax.servlet.http.HttpServletRequest; /** * A Data Router API that requires authorization of incoming requests creates an instance of a class that implements diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java index 761df097..48e31bfe 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java @@ -26,7 +26,7 @@ package org.onap.dmaap.datarouter.authz.impl; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.util.Map; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.authz.Authorizer; import org.onap.dmaap.datarouter.authz.impl.AuthzResource.ResourceType; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index 52629ffb..1942b148 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -31,6 +31,10 @@ import static com.att.eelf.configuration.Configuration.MDC_SERVICE_NAME; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import jakarta.servlet.ServletConfig; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; import java.net.InetAddress; import java.net.UnknownHostException; import java.security.cert.X509Certificate; @@ -44,10 +48,6 @@ import java.util.Map; import java.util.Properties; import java.util.Set; import java.util.UUID; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.Nullable; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java index eada4862..a0df71ce 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java @@ -31,8 +31,8 @@ import com.att.eelf.configuration.EELFManager; import java.io.IOException; import java.io.InvalidObjectException; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java index de27c652..5182cc23 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java @@ -28,10 +28,11 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.InvalidObjectException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.json.JSONException; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; @@ -53,8 +54,7 @@ import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; public class FeedServlet extends ProxyServlet { - //Adding EELF Logger Rally:US664892 - private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(FeedServlet.class); + private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(FeedServlet.class); /** * Delete the Feed at the address /feed/<feednumber>. diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java index 432ea3c0..94303e96 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java @@ -26,10 +26,10 @@ package org.onap.dmaap.datarouter.provisioning; import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.InvalidObjectException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.json.JSONObject; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java index efa1c102..06959eef 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java @@ -39,8 +39,8 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.StandardCopyOption; import java.util.Properties; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.json.JSONArray; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.LogRecord; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/LogServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/LogServlet.java index 9cde4804..5f7ed337 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/LogServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/LogServlet.java @@ -28,6 +28,7 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import jakarta.servlet.ServletOutputStream; import java.io.IOException; import java.sql.Connection; import java.sql.PreparedStatement; @@ -38,9 +39,8 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; import java.util.Map; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.onap.dmaap.datarouter.provisioning.beans.DeliveryRecord; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.ExpiryRecord; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java index 8a0ef448..747530ab 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvRunner.java @@ -73,12 +73,12 @@ import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; */ public class ProvRunner { - public static final EELFLogger intlogger = EELFManager.getInstance() - .getLogger("org.onap.dmaap.datarouter.provisioning.internal"); + public static final EELFLogger intlogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.provisioning.internal"); private static Server provServer; private static AafPropsUtils aafPropsUtils; private static Properties provProperties; + private static Boolean tlsEnabled; /** * Starts the Data Router Provisioning server. @@ -91,14 +91,16 @@ public class ProvRunner { intlogger.error("Data Router Provisioning database init failure. Exiting."); exit(1); } - // Set up AAF properties - try { - aafPropsUtils = new AafPropsUtils(new File(getProvProperties().getProperty( - "org.onap.dmaap.datarouter.provserver.aafprops.path", - "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); - } catch (IOException e) { - intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); - exit(1); + if (Boolean.TRUE.equals(getTlsEnabled())) { + // Set up AAF properties + try { + aafPropsUtils = new AafPropsUtils(new File(getProvProperties().getProperty( + "org.onap.dmaap.datarouter.provserver.aafprops.path", + "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); + } catch (IOException e) { + intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); + exit(1); + } } // Daemon to clean up the log directory on a daily basis Timer rolex = new Timer(); @@ -138,11 +140,11 @@ public class ProvRunner { public static Properties getProvProperties() { if (provProperties == null) { - try { + try (FileInputStream props = new FileInputStream(getProperty( + "org.onap.dmaap.datarouter.provserver.properties", + "/opt/app/datartr/etc/provserver.properties"))) { provProperties = new Properties(); - provProperties.load(new FileInputStream(getProperty( - "org.onap.dmaap.datarouter.provserver.properties", - "/opt/app/datartr/etc/provserver.properties"))); + provProperties.load(props); } catch (IOException e) { intlogger.error("Failed to load PROV properties: " + e.getMessage(), e); exit(1); @@ -154,4 +156,12 @@ public class ProvRunner { public static AafPropsUtils getAafPropsUtils() { return aafPropsUtils; } + + public static Boolean getTlsEnabled() { + if (tlsEnabled == null) { + tlsEnabled = Boolean.parseBoolean(getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true")); + } + return tlsEnabled; + } } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java index e1d4568f..9eb91178 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProvServer.java @@ -23,16 +23,13 @@ package org.onap.dmaap.datarouter.provisioning; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.security.Security; -import java.util.EnumSet; import java.util.Properties; -import javax.servlet.DispatcherType; -import javax.servlet.ServletException; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.CustomRequestLog; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; -import org.eclipse.jetty.server.NCSARequestLog; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; @@ -40,21 +37,17 @@ import org.eclipse.jetty.server.handler.ContextHandlerCollection; import org.eclipse.jetty.server.handler.DefaultHandler; import org.eclipse.jetty.server.handler.HandlerCollection; import org.eclipse.jetty.server.handler.RequestLogHandler; -import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.jetbrains.annotations.NotNull; import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; -import org.onap.dmaap.datarouter.provisioning.utils.DRProvCadiFilter; -import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; public class ProvServer { - public static final EELFLogger intlogger = EELFManager.getInstance() - .getLogger("InternalLog"); + public static final EELFLogger intlogger = EELFManager.getInstance().getLogger("InternalLog"); private static Server server; @@ -69,9 +62,6 @@ public class ProvServer { } private static Server createProvServer(Properties provProps) { - final int httpsPort = Integer.parseInt( - provProps.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443")); - Security.setProperty("networkaddress.cache.ttl", "4"); QueuedThreadPool queuedThreadPool = getQueuedThreadPool(); @@ -81,48 +71,52 @@ public class ProvServer { server.setDumpAfterStart(false); server.setDumpBeforeStop(false); - NCSARequestLog ncsaRequestLog = getRequestLog(provProps); - RequestLogHandler requestLogHandler = new RequestLogHandler(); - requestLogHandler.setRequestLog(ncsaRequestLog); - - server.setRequestLog(ncsaRequestLog); - - HttpConfiguration httpConfiguration = getHttpConfiguration(httpsPort); + HttpConfiguration httpConfiguration = getHttpConfiguration(); //HTTP Connector try (ServerConnector httpServerConnector = new ServerConnector(server, new HttpConnectionFactory(httpConfiguration))) { httpServerConnector.setPort(Integer.parseInt(provProps.getProperty( - "org.onap.dmaap.datarouter.provserver.http.port", "8080"))); + "org.onap.dmaap.datarouter.provserver.http.port", "80"))); httpServerConnector.setAcceptQueueSize(2); httpServerConnector.setIdleTimeout(30000); - SslContextFactory sslContextFactory = getSslContextFactory(provProps); - - // HTTPS configuration - HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); - httpsConfiguration.setRequestHeaderSize(8192); - - // HTTPS connector - try (ServerConnector httpsServerConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpsConfiguration))) { - httpsServerConnector.setPort(httpsPort); - httpsServerConnector.setIdleTimeout(30000); - httpsServerConnector.setAcceptQueueSize(2); - - ServletContextHandler servletContextHandler = getServletContextHandler(provProps); - ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection(); - contextHandlerCollection.addHandler(servletContextHandler); - - // Server's Handler collection - HandlerCollection handlerCollection = new HandlerCollection(); - handlerCollection.setHandlers(new Handler[]{contextHandlerCollection, new DefaultHandler()}); - handlerCollection.addHandler(requestLogHandler); - - server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); - server.setHandler(handlerCollection); + ServletContextHandler servletContextHandler = getServletContextHandler(provProps); + ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection(); + contextHandlerCollection.addHandler(servletContextHandler); + + CustomRequestLog customRequestLog = getCustomRequestLog(provProps); + RequestLogHandler requestLogHandler = new RequestLogHandler(); + requestLogHandler.setRequestLog(customRequestLog); + + server.setRequestLog(customRequestLog); + + // Server's Handler collection + HandlerCollection handlerCollection = new HandlerCollection(); + handlerCollection.setHandlers(new Handler[]{contextHandlerCollection, new DefaultHandler()}); + handlerCollection.addHandler(requestLogHandler); + + if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { + // HTTPS configuration + int httpsPort = Integer.parseInt( + provProps.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "443")); + httpConfiguration.setSecureScheme("https"); + httpConfiguration.setSecurePort(httpsPort); + HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); + httpsConfiguration.setRequestHeaderSize(8192); + // HTTPS connector + try (ServerConnector httpsServerConnector = new ServerConnector(server, + new SslConnectionFactory(getSslContextFactory(provProps), HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(httpsConfiguration))) { + httpsServerConnector.setPort(httpsPort); + httpsServerConnector.setIdleTimeout(30000); + httpsServerConnector.setAcceptQueueSize(2); + server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); + } + } else { + server.setConnectors(new Connector[]{httpServerConnector}); } + server.setHandler(handlerCollection); } return server; } @@ -138,7 +132,7 @@ public class ProvServer { } @NotNull - private static SslContextFactory getSslContextFactory(Properties provProps) { + private static SslContextFactory.Server getSslContextFactory(Properties provProps) { SslContextFactory sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStoreType(AafPropsUtils.KEYSTORE_TYPE_PROPERTY); sslContextFactory.setKeyStorePath(ProvRunner.getAafPropsUtils().getKeystorePathProperty()); @@ -149,7 +143,6 @@ public class ProvServer { sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty()); sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty()); - sslContextFactory.setWantClientAuth(true); sslContextFactory.setExcludeCipherSuites( "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", @@ -169,28 +162,20 @@ public class ProvServer { intlogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites())); intlogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites())); - return sslContextFactory; + return (SslContextFactory.Server) sslContextFactory; } @NotNull - private static NCSARequestLog getRequestLog(Properties provProps) { - NCSARequestLog ncsaRequestLog = new NCSARequestLog(); - ncsaRequestLog.setFilename(provProps.getProperty( - "org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd"); - ncsaRequestLog.setFilenameDateFormat("yyyyMMdd"); - ncsaRequestLog.setRetainDays(90); - ncsaRequestLog.setAppend(true); - ncsaRequestLog.setExtended(false); - ncsaRequestLog.setLogCookies(false); - ncsaRequestLog.setLogTimeZone("GMT"); - return ncsaRequestLog; + private static CustomRequestLog getCustomRequestLog(Properties provProps) { + String filename = provProps.getProperty( + "org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd"; + String format = "yyyyMMdd"; + return new CustomRequestLog(filename, format); } @NotNull - private static HttpConfiguration getHttpConfiguration(int httpsPort) { + private static HttpConfiguration getHttpConfiguration() { HttpConfiguration httpConfiguration = new HttpConfiguration(); - httpConfiguration.setSecureScheme("https"); - httpConfiguration.setSecurePort(httpsPort); httpConfiguration.setOutputBufferSize(32768); httpConfiguration.setRequestHeaderSize(8192); httpConfiguration.setResponseHeaderSize(8192); @@ -214,23 +199,6 @@ public class ProvServer { servletContextHandler.addServlet(new ServletHolder(new InternalServlet()), "/internal/*"); servletContextHandler.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*"); servletContextHandler.addServlet(new ServletHolder(new DRFeedsServlet()), "/"); - servletContextHandler.addFilter(new FilterHolder(new ThrottleFilter()), - "/publish/*", EnumSet.of(DispatcherType.REQUEST)); - setCadiFilter(servletContextHandler, provProps); return servletContextHandler; } - - private static void setCadiFilter(ServletContextHandler servletContextHandler, Properties provProps) { - if (Boolean.parseBoolean(provProps.getProperty( - "org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"))) { - try { - servletContextHandler.addFilter(new FilterHolder(new DRProvCadiFilter( - true, ProvRunner.getAafPropsUtils().getPropAccess())), "/*", EnumSet.of(DispatcherType.REQUEST)); - intlogger.info("PROV0001 AAF CADI filter enabled"); - } catch (ServletException e) { - intlogger.error("PROV0001 Failed to add CADI filter to server"); - } - - } - } } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java index 089ea755..49be5aa0 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java @@ -26,6 +26,10 @@ package org.onap.dmaap.datarouter.provisioning; import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; +import jakarta.servlet.ServletConfig; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -36,10 +40,6 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.util.Collections; import java.util.List; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.apache.commons.io.IOUtils; import org.apache.http.Header; import org.apache.http.HttpEntity; @@ -47,6 +47,7 @@ import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpEntityEnclosingRequestBase; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.conn.scheme.PlainSocketFactory; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.entity.BasicHttpEntity; @@ -79,22 +80,27 @@ public class ProxyServlet extends BaseServlet { public void init(ServletConfig config) throws ServletException { super.init(config); try { - // Set up keystore - String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; - String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty(); - String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); - KeyStore keyStore = readStore(store, pass, type); - // Set up truststore - store = ProvRunner.getAafPropsUtils().getTruststorePathProperty(); - pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty(); - KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); - - // We are connecting with the node name, but the certificate will have the CNAME - // So we need to accept a non-matching certificate name - SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, + if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { + // Set up keystore + String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; + String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty(); + String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); + KeyStore keyStore = readStore(store, pass, type); + // Set up truststore + store = ProvRunner.getAafPropsUtils().getTruststorePathProperty(); + pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty(); + KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); + + // We are connecting with the node name, but the certificate will have the CNAME + // So we need to accept a non-matching certificate name + SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, ProvRunner.getAafPropsUtils().getKeystorePassProperty(), trustStore); - socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); - sch = new Scheme("https", 443, socketFactory); + socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + sch = new Scheme("https", 443, socketFactory); + } else { + PlainSocketFactory socketFactory = new PlainSocketFactory(); + sch = new Scheme("http", 80, socketFactory); + } inited = true; } catch (Exception e) { intlogger.error("ProxyServlet.init: " + e.getMessage(), e); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java index 949019d1..db5470cc 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java @@ -27,14 +27,14 @@ package org.onap.dmaap.datarouter.provisioning; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import jakarta.servlet.ServletConfig; +import jakarta.servlet.ServletException; import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.json.JSONArray; @@ -159,8 +159,7 @@ public class PublishServlet extends BaseServlet { } else { // Generate new URL String nextnode = getRedirectNode(feedid, req); - if (Boolean.parseBoolean(ProvRunner.getProvProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) { + if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty( "org.onap.dmaap.datarouter.nodeserver.https.port", "8443"); } else { diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/RouteServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/RouteServlet.java index 8506530b..e164ea8a 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/RouteServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/RouteServlet.java @@ -28,8 +28,8 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send import java.io.IOException; import java.util.Set; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.json.JSONException; import org.json.JSONObject; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/StatisticsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/StatisticsServlet.java index 1a07ffae..1c324e5a 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/StatisticsServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/StatisticsServlet.java @@ -25,6 +25,7 @@ package org.onap.dmaap.datarouter.provisioning; import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError; +import jakarta.servlet.ServletOutputStream; import java.io.IOException; import java.sql.Connection; import java.sql.PreparedStatement; @@ -39,9 +40,8 @@ import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.TimeZone; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.json.JSONException; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.utils.LOGJSONObject; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java index fa4a24ff..2ee58d6e 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java @@ -31,8 +31,8 @@ import com.att.eelf.configuration.EELFManager; import java.io.IOException; import java.io.InvalidObjectException; import java.util.Collection; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java index b3bb679b..1851d03a 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java @@ -34,8 +34,8 @@ import java.net.HttpURLConnection; import java.net.URL; import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.json.JSONException; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; @@ -53,18 +53,13 @@ import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; * @author Robert Eby * @version $Id$ */ -@SuppressWarnings("serial") public class SubscriptionServlet extends ProxyServlet { private static final String SUBCNTRL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-control"; //Adding EELF Logger Rally:US664892 - private static EELFLogger eelfLogger = EELFManager.getInstance() + private static final EELFLogger eelfLogger = EELFManager.getInstance() .getLogger(SubscriptionServlet.class); - - - - /** * DELETE on the <subscriptionUrl> -- delete a subscription. See the Deleting a Subscription section in * the Provisioning API document for details on how this method should be invoked. diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/EventLogRecord.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/EventLogRecord.java index cfdda917..d801a556 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/EventLogRecord.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/EventLogRecord.java @@ -24,10 +24,8 @@ package org.onap.dmaap.datarouter.provisioning.beans; +import jakarta.servlet.http.HttpServletRequest; import java.security.cert.X509Certificate; - -import javax.servlet.http.HttpServletRequest; - import org.onap.dmaap.datarouter.provisioning.BaseServlet; /** diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/IngressRoute.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/IngressRoute.java index d520a417..973f868d 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/IngressRoute.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/IngressRoute.java @@ -36,7 +36,7 @@ import java.util.Collection; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.codec.binary.Base64; import org.json.JSONArray; import org.json.JSONObject; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java index 6b78d21d..57bc84bd 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/AafPropsUtils.java @@ -29,7 +29,7 @@ import org.onap.aaf.cadi.PropAccess; public class AafPropsUtils { - private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(AafPropsUtils.class); + private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(AafPropsUtils.class); public static final String KEYSTORE_TYPE_PROPERTY = "PKCS12"; public static final String TRUESTSTORE_TYPE_PROPERTY = "jks"; @@ -38,7 +38,7 @@ public class AafPropsUtils { private static final String TRUSTSTORE_PATH_PROPERTY = "cadi_truststore"; private static final String TRUSTSTORE_PASS_PROPERTY = "cadi_truststore_password"; - private PropAccess propAccess; + private final PropAccess propAccess; public AafPropsUtils(File propsFile) throws IOException { propAccess = new PropAccess(); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRProvCadiFilter.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRProvCadiFilter.java deleted file mode 100644 index 526bfd54..00000000 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRProvCadiFilter.java +++ /dev/null @@ -1,266 +0,0 @@ -/** - * - - * ============LICENSE_START======================================================= - * Copyright (C) 2019 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *

* http://www.apache.org/licenses/LICENSE-2.0 - * - *

Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - *

* SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.datarouter.provisioning.utils; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import java.io.IOException; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.filter.CadiFilter; -import org.onap.dmaap.datarouter.provisioning.BaseServlet; -import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; -import org.onap.dmaap.datarouter.provisioning.beans.Feed; -import org.onap.dmaap.datarouter.provisioning.beans.Subscription; - -public class DRProvCadiFilter extends CadiFilter { - protected static EELFLogger eventlogger = EELFManager.getInstance().getLogger("EventLog"); - protected static EELFLogger intlogger = EELFManager.getInstance().getLogger("InternalLog"); - private String aafInstance = ""; - - public DRProvCadiFilter(boolean init, PropAccess access) throws ServletException { - super(init, access); - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { - HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpServletResponse httpResponse = (HttpServletResponse) response; - - EventLogRecord elr = new EventLogRecord(httpRequest); - String excludeAAF = httpRequest.getHeader(BaseServlet.EXCLUDE_AAF_HEADER); - //send this param value as true, if want to add legacy feed/subscriber in AAF env - - String pathUrl = httpRequest.getServletPath(); - if (!(pathUrl.contains("internal") - || pathUrl.contains("sublog") - || pathUrl.contains("feedlog") - || pathUrl.contains("statistics") - || pathUrl.contains("publish") - || pathUrl.contains("group"))) { - - String method = httpRequest.getMethod().toUpperCase(); - if (!("POST".equals(method))) { - // if request method is PUT method (publish or Feed update) Needs to check for DELETE - if ("PUT".equals(method) || "DELETE".equals(method)) { - if ((pathUrl.contains("subs"))) { //edit subscriber - int subId = BaseServlet.getIdFromPath(httpRequest); - if (subId <= 0) { - String message = String.format("Invalid request URI - %s", httpRequest.getPathInfo()); - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.error(elr.toString()); - httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND, message); - return; - } - if (isAAFSubscriber(subId)) { //edit AAF Subscriber - String message = String.format("DRProvCadiFilter - " - + "Edit AAF Subscriber : %d : AAF Instance - %s", subId, aafInstance); - elr.setMessage(message); - eventlogger.info(elr.toString()); - //request.setAttribute("aafInstance", aafInstance);// - // no need to set it in request since it is taken care in respective servlets - super.doFilter(request, response, chain); - - } else { //Edit or publish legacy Subscriber - String message = "DRProvCadiFilter - Edit/Publish Legacy Subscriber :" + subId; - elr.setMessage(message); - eventlogger.info(elr.toString()); - chain.doFilter(request, response); - } - - } else { //edit or publish Feed - int feedId = BaseServlet.getIdFromPath(httpRequest); - if (feedId <= 0) { - String message = "Invalid request URI - " + httpRequest.getPathInfo(); - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.error(elr.toString()); - httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND, message); - return; - } - - if (isAAFFeed(feedId)) { //edit AAF Feed - String message = "DRProvCadiFilter - Edit AAF Feed:" - + feedId + ":" + "AAF Instance -" + aafInstance; - elr.setMessage(message); - eventlogger.info(elr.toString()); - super.doFilter(request, response, chain); - - } else { //Edit or publish legacy Feed - String message = "DRProvCadiFilter - Edit/Publish Legacy Feed:" + feedId; - elr.setMessage(message); - eventlogger.info(elr.toString()); - chain.doFilter(request, response); - } - } - } else { // in all other cases defaults to legacy behavior - String message = "DRProvCadiFilter - Default Legacy Feed/Subscriber URI -:" - + httpRequest.getPathInfo(); - elr.setMessage(message); - eventlogger.info(elr.toString()); - chain.doFilter(request, response); - } - } else { - //check to add legacy/AAF subscriber - if ((pathUrl.contains("subscribe"))) { //add subscriber - int feedId = BaseServlet.getIdFromPath(httpRequest); - if (feedId <= 0) { - String message = "Invalid request URI - " + httpRequest.getPathInfo(); - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_NOT_FOUND); - eventlogger.error(elr.toString()); - httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND, message); - return; - } - if (isAAFFeed(feedId)) { //check if AAF Feed or legacy to add new subscriber - if (excludeAAF == null) { - String message = "DRProvCadiFilter -Invalid request Header Parmeter " - + BaseServlet.EXCLUDE_AAF_HEADER - + " = " + httpRequest.getHeader(BaseServlet.EXCLUDE_AAF_HEADER); - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.error(elr.toString()); - httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - return; - } - if (excludeAAF.equalsIgnoreCase("true")) { //Check to add legacy subscriber to AAF Feed - String message = "DRProvCadiFilter - add legacy subscriber to AAF Feed, FeedID:" + feedId; - elr.setMessage(message); - eventlogger.info(elr.toString()); - chain.doFilter(request, response); - } else { - String message = "DRProvCadiFilter - Add AAF subscriber to AAF Feed, FeedID:" - + feedId + ":" + "AAF Instance -" + aafInstance; - elr.setMessage(message); - eventlogger.info(elr.toString()); - super.doFilter(request, response, chain); - } - } else { //Add legacy susbcriber to legacy Feed - String message = "DRProvCadiFilter - add legacy subscriber to legacy Feed:" + feedId; - elr.setMessage(message); - eventlogger.info(elr.toString()); - chain.doFilter(request, response); - } - } else { //add AAF feed - if (excludeAAF == null) { - String message = "DRProvCadiFilter -Invalid request Header Parmeter " - + BaseServlet.EXCLUDE_AAF_HEADER - + " = " + httpRequest.getHeader(BaseServlet.EXCLUDE_AAF_HEADER); - elr.setMessage(message); - elr.setResult(HttpServletResponse.SC_BAD_REQUEST); - eventlogger.error(elr.toString()); - httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - return; - } - if (excludeAAF.equalsIgnoreCase("true")) { //add legacy feed - String message = "DRProvCadiFilter - Create new legacy Feed : EXCLUDE_AAF = " + excludeAAF; - elr.setMessage(message); - eventlogger.info(elr.toString()); - chain.doFilter(request, response); - } else { //add AAF Feed - String message = "DRProvCadiFilter - Create new AAF Feed : EXCLUDE_AAF = " + excludeAAF; - elr.setMessage(message); - eventlogger.info(elr.toString()); - super.doFilter(request, response, chain); - } - } - } - } else { - //All other requests default to (Non CADI) legacy - chain.doFilter(request, response); - } - } - - /** - * Check if it is AAF feed OR existing feed. - * - * @param feedId the Feed ID - * @return true if it is valid - */ - @SuppressWarnings("resource") - private boolean isAAFFeed(int feedId) { - try { - Feed feed = Feed.getFeedById(feedId); - if (feed != null) { - if (!(("legacy".equalsIgnoreCase(feed.getAafInstance())) || feed.getAafInstance() == null - || feed.getAafInstance().equals(""))) { //also apply null check and empty check too - aafInstance = feed.getAafInstance(); - String message = "DRProvCadiFilter.isAAFFeed: aafInstance-:" + aafInstance + "; feedId:- " + feedId; - intlogger.debug(message); - return true; - } else { - return false; - } - } else { - String message = "DRProvCadiFilter.isAAFFeed; Feed does not exist FeedID:-" + feedId; - intlogger.debug(message); - } - - } catch (Exception e) { - intlogger.error("PROV0073 DRProvCadiFilter.isAAFFeed: " + e.getMessage(), e); - return false; - } - return false; - } - - /** - * Check if it is AAF sub OR existing sub. - * - * @param subId the Sub ID - * @return true if it is valid - */ - @SuppressWarnings("resource") - private boolean isAAFSubscriber(int subId) { - try { - Subscription subscriber = Subscription.getSubscriptionById(subId); - if (subscriber != null) { - if (!(("legacy".equalsIgnoreCase(subscriber.getAafInstance())) - || subscriber.getAafInstance() == null - || "".equals(subscriber.getAafInstance()))) { //also apply null check and empty check too - aafInstance = subscriber.getAafInstance(); - String message = "DRProvCadiFilter.isAAFSubscriber: aafInstance-:" + aafInstance + "; subId:- " - + subId; - intlogger.debug(message); - return true; - } else { - return false; - } - } else { - String message = "DRProvCadiFilter.isAAFSubscriber; Subscriber does not exist subId:-" + subId; - intlogger.debug(message); - } - } catch (Exception e) { - intlogger.error("PROV0073 DRProvCadiFilter.isAAFSubscriber: " + e.getMessage(), e); - return false; - } - return false; - } - -} diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java index 2d92276e..c614c0ba 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java @@ -37,7 +37,7 @@ import java.security.KeyStore; import java.util.Arrays; import java.util.Properties; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletResponse; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/HttpServletUtils.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/HttpServletUtils.java index ebd09127..40574ee9 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/HttpServletUtils.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/HttpServletUtils.java @@ -24,8 +24,8 @@ package org.onap.dmaap.datarouter.provisioning.utils; import com.att.eelf.configuration.EELFLogger; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; -import javax.servlet.http.HttpServletResponse; public class HttpServletUtils { diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvDbUtils.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvDbUtils.java index b654bf3c..b1e7a558 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvDbUtils.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ProvDbUtils.java @@ -41,7 +41,7 @@ import org.onap.dmaap.datarouter.provisioning.ProvRunner; public class ProvDbUtils { - private static EELFLogger intLogger = EELFManager.getInstance().getLogger("InternalLog"); + private static final EELFLogger intLogger = EELFManager.getInstance().getLogger("InternalLog"); private static DataSource dataSource; private static ProvDbUtils provDbUtils; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java index 5eeb45a2..ef282618 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/SynchronizerTask.java @@ -29,7 +29,6 @@ import static org.onap.dmaap.datarouter.provisioning.BaseServlet.TEXT_CT; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.io.ByteArrayOutputStream; -import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.net.InetAddress; @@ -50,11 +49,12 @@ import java.util.Set; import java.util.Timer; import java.util.TimerTask; import java.util.TreeSet; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletResponse; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; +import org.apache.http.conn.scheme.PlainSocketFactory; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.entity.ByteArrayEntity; @@ -137,43 +137,46 @@ public class SynchronizerTask extends TimerTask { nextsynctime = 0; logger.info("PROV5000: Sync task starting, server podState is UNKNOWN_POD"); - try { - // Set up keystore - String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; - String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty(); - String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); - KeyStore keyStore = KeyStore.getInstance(type); - try (FileInputStream instream = new FileInputStream(new File(store))) { - keyStore.load(instream, pass.toCharArray()); - - } - // Set up truststore - store = ProvRunner.getAafPropsUtils().getTruststorePathProperty(); - pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty(); - KeyStore trustStore = null; - if (store != null && store.length() > 0) { - trustStore = KeyStore.getInstance(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); - try (FileInputStream instream = new FileInputStream(new File(store))) { - trustStore.load(instream, pass.toCharArray()); + try (AbstractHttpClient hc = new DefaultHttpClient()) { + Scheme sch; + if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { + // Set up keystore + String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY; + String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty(); + String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); + KeyStore keyStore = KeyStore.getInstance(type); + try (FileInputStream instream = new FileInputStream(store)) { + keyStore.load(instream, pass.toCharArray()); } - } + // Set up truststore + store = ProvRunner.getAafPropsUtils().getTruststorePathProperty(); + pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty(); + KeyStore trustStore = null; + if (store != null && store.length() > 0) { + trustStore = KeyStore.getInstance(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); + try (FileInputStream instream = new FileInputStream(store)) { + trustStore.load(instream, pass.toCharArray()); - // We are connecting with the node name, but the certificate will have the CNAME - // So we need to accept a non-matching certificate name - String keystorepass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); - try (AbstractHttpClient hc = new DefaultHttpClient()) { + } + } + // We are connecting with the node name, but the certificate will have the CNAME + // So we need to accept a non-matching certificate name + String keystorepass = ProvRunner.getAafPropsUtils().getKeystorePassProperty(); SSLSocketFactory socketFactory = (trustStore == null) ? new SSLSocketFactory(keyStore, keystorepass) : new SSLSocketFactory(keyStore, keystorepass, trustStore); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); - Scheme sch = new Scheme("https", 443, socketFactory); - hc.getConnectionManager().getSchemeRegistry().register(sch); - httpclient = hc; + sch = new Scheme("https", 443, socketFactory); + } else { + PlainSocketFactory socketFactory = new PlainSocketFactory(); + sch = new Scheme("http", 80, socketFactory); } + hc.getConnectionManager().getSchemeRegistry().register(sch); + httpclient = hc; setSynchTimer(ProvRunner.getProvProperties().getProperty( - "org.onap.dmaap.datarouter.provserver.sync_interval", "5000")); + "org.onap.dmaap.datarouter.provserver.sync_interval", "5000")); } catch (Exception e) { logger.warn("PROV5005: Problem starting the synchronizer: " + e); } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java index f0f10671..e117d368 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/ThrottleFilter.java @@ -102,9 +102,9 @@ public class ThrottleFilter extends TimerTask implements Filter { private static int samplingPeriod = 0; // sampling period private static int action = ACTION_DROP; // action to take (throttle or drop) - private static EELFLogger logger = EELFManager.getInstance().getLogger("InternalLog"); + private static final EELFLogger logger = EELFManager.getInstance().getLogger("InternalLog"); private static Map map = new HashMap<>(); - private Map> suspendedRequests = new HashMap<>(); + private final Map> suspendedRequests = new HashMap<>(); private static final Timer rolex = new Timer(); @Override @@ -213,7 +213,7 @@ public class ThrottleFilter extends TimerTask implements Filter { String str = String.format("Throttling connection: %s %d bad connections in %d minutes", getConnectionId(request), rate, samplingPeriod); logger.info(str); - Continuation continuation = ContinuationSupport.getContinuation(request); + Continuation continuation = ContinuationSupport.getContinuation((javax.servlet.ServletRequest) request); continuation.suspend(); register(id, continuation); continuation.undispatch(); @@ -232,11 +232,7 @@ public class ThrottleFilter extends TimerTask implements Filter { private void register(String id, Continuation continuation) { synchronized (suspendedRequests) { - List list = suspendedRequests.get(id); - if (list == null) { - list = new ArrayList<>(); - suspendedRequests.put(id, list); - } + List list = suspendedRequests.computeIfAbsent(id, k -> new ArrayList<>()); list.add(continuation); } } @@ -277,8 +273,8 @@ public class ThrottleFilter extends TimerTask implements Filter { } } - public class Counter { - private List times = new ArrayList<>(); // a record of request times + public static class Counter { + private final List times = new ArrayList<>(); // a record of request times /** * Method to prune request rate. diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java index 988b576f..89403488 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java @@ -153,20 +153,17 @@ public class URLUtilities { } public static String getUrlSecurityOption() { - if (Boolean.parseBoolean(ProvRunner.getProvProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) { + if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { return "https://"; } return "http://"; } private static String getAppropriateUrlPort() { - if (Boolean.parseBoolean(ProvRunner.getProvProperties() - .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) - return ""; - + if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) { + return ""; + } return ":" + ProvRunner.getProvProperties() .getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080"); - } } diff --git a/datarouter-prov/src/main/resources/docker/Dockerfile b/datarouter-prov/src/main/resources/docker/Dockerfile index 7bc92c83..38ea3b9e 100644 --- a/datarouter-prov/src/main/resources/docker/Dockerfile +++ b/datarouter-prov/src/main/resources/docker/Dockerfile @@ -19,7 +19,7 @@ # limitations under the License. # ============LICENSE_END==================================================== # -FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0 +FROM nexus3.onap.org:10001/onap/integration-java11:10.0.0 COPY /opt /opt diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties index 642088ff..66d4e6c4 100755 --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -26,17 +26,20 @@ org.onap.dmaap.datarouter.provserver.http.port = 8080 org.onap.dmaap.datarouter.provserver.https.port = 8443 org.onap.dmaap.datarouter.provserver.https.relaxation = true -org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props - org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc org.onap.dmaap.datarouter.provserver.logretention = 30 -#DMAAP-597 (Tech Dept) REST request source IP auth -# relaxation to accommodate OOM kubernetes deploy +org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false +org.onap.dmaap.datarouter.provserver.cadi.enabled = false + +org.onap.dmaap.datarouter.provserver.tlsenabled = false +org.onap.dmaap.datarouter.nodeserver.https.port = 8443 +org.onap.dmaap.datarouter.nodeserver.http.port = 8080 + #Localhost address config org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1 @@ -46,18 +49,3 @@ org.onap.dmaap.datarouter.db.url = jdbc:mariadb://datarouter-mariadb:3306/d org.onap.dmaap.datarouter.db.login = datarouter org.onap.dmaap.datarouter.db.password = datarouter -# PROV - DEFAULT ENABLED TLS PROTOCOLS -org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2 - -# AAF config -org.onap.dmaap.datarouter.provserver.cadi.enabled = false - -org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed -org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub -org.onap.dmaap.datarouter.provserver.aaf.instance = legacy -org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish -org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe - -org.onap.dmaap.datarouter.provserver.tlsenabled = true -org.onap.dmaap.datarouter.nodeserver.https.port = 8443 -org.onap.dmaap.datarouter.nodeserver.http.port = 8080 \ No newline at end of file -- cgit 1.2.3-korg