From ce73ff52ce9aafb07d1aa4c28405328d83c816b9 Mon Sep 17 00:00:00 2001 From: Ronan Keogh Date: Thu, 23 Aug 2018 11:04:45 +0100 Subject: preliminary AAF changes for DR Change-Id: I526648c42f8205c0f09b3c077aa1203e336f4f5f Issue-ID: DMAAP-558 Signed-off-by: Ronan Keogh --- .../dmaap/datarouter/provisioning/BaseServlet.java | 10 +- .../onap/dmaap/datarouter/provisioning/Main.java | 2 - .../datarouter/provisioning/ProxyServlet.java | 141 ++++++++++++--------- .../datarouter/provisioning/beans/NodeClass.java | 36 +++--- .../src/main/resources/misc/sql_init_01.sql | 12 +- .../src/main/resources/provserver.properties | 10 +- 6 files changed, 113 insertions(+), 98 deletions(-) mode change 100644 => 100755 datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java mode change 100644 => 100755 datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java mode change 100644 => 100755 datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java mode change 100644 => 100755 datarouter-prov/src/main/resources/misc/sql_init_01.sql mode change 100644 => 100755 datarouter-prov/src/main/resources/provserver.properties (limited to 'datarouter-prov/src/main') diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java old mode 100644 new mode 100755 index 412e1322..047043b1 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -319,7 +319,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { * @return an error string, or null if all is OK */ String isAuthorizedForProvisioning(HttpServletRequest request) { - if (Boolean.parseBoolean(isAddressAuthEnabled)) { + if (!Boolean.parseBoolean(isAddressAuthEnabled)) { return null; } // Is the request https? @@ -369,7 +369,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { boolean isAuthorizedForInternal(HttpServletRequest request) { try { - if (Boolean.parseBoolean(isAddressAuthEnabled)) { + if (!Boolean.parseBoolean(isAddressAuthEnabled)) { return true; } InetAddress ip = InetAddress.getByName(request.getRemoteAddr()); @@ -492,9 +492,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { // Normalize the nodes, and fill in nodeAddresses InetAddress[] na = new InetAddress[nodes.length]; for (int i = 0; i < nodes.length; i++) { - if (nodes[i].indexOf('.') < 0) { - nodes[i] += "." + provDomain; - } try { na[i] = InetAddress.getByName(nodes[i]); intlogger.debug("PROV0003 DNS lookup: " + nodes[i] + " => " + na[i].toString()); @@ -520,9 +517,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { String[] pods = getPods(); na = new InetAddress[pods.length]; for (int i = 0; i < pods.length; i++) { - if (pods[i].indexOf('.') < 0) { - pods[i] += "." + provDomain; - } try { na[i] = InetAddress.getByName(pods[i]); intlogger.debug("PROV0003 DNS lookup: " + pods[i] + " => " + na[i].toString()); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java index 87979be6..800bd9af 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java @@ -185,8 +185,6 @@ public class Main { sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE); sslContextFactory.setTrustStorePassword("changeit"); } - sslContextFactory.setTrustStorePath("/opt/app/datartr/self_signed/cacerts.jks"); - sslContextFactory.setTrustStorePassword("changeit"); sslContextFactory.setWantClientAuth(true); // Servlet and Filter configuration diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java old mode 100644 new mode 100755 index c560299a..8d6bfcf0 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java @@ -35,12 +35,10 @@ import java.security.KeyStoreException; import java.util.Collections; import java.util.List; import java.util.Properties; - import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.apache.commons.io.IOUtils; import org.apache.http.Header; import org.apache.http.HttpEntity; @@ -57,16 +55,16 @@ import org.onap.dmaap.datarouter.provisioning.utils.DB; import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities; /** - * This class is the base class for those servlets that need to proxy their requests from the - * standby to active server. Its methods perform the proxy function to the active server. If the - * active server is not reachable, a 503 (SC_SERVICE_UNAVAILABLE) is returned. Only - * DELETE/GET/PUT/POST are supported. + * This class is the base class for those servlets that need to proxy their requests from the standby to active server. + * Its methods perform the proxy function to the active server. If the active server is not reachable, a 503 + * (SC_SERVICE_UNAVAILABLE) is returned. Only DELETE/GET/PUT/POST are supported. * * @author Robert Eby * @version $Id: ProxyServlet.java,v 1.3 2014/03/24 18:47:10 eby Exp $ */ @SuppressWarnings("serial") public class ProxyServlet extends BaseServlet { + private boolean inited = false; private Scheme sch; @@ -80,13 +78,13 @@ public class ProxyServlet extends BaseServlet { try { // Set up keystore Properties props = (new DB()).getProperties(); - String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks"); + String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks"); String store = props.getProperty(Main.KEYSTORE_PATH_PROPERTY); - String pass = props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY); + String pass = props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY); KeyStore keyStore = readStore(store, pass, type); store = props.getProperty(Main.TRUSTSTORE_PATH_PROPERTY); - pass = props.getProperty(Main.TRUSTSTORE_PASSWORD_PROPERTY); + pass = props.getProperty(Main.TRUSTSTORE_PASSWORD_PROPERTY); if (store == null || store.length() == 0) { store = Main.DEFAULT_TRUSTSTORE; pass = "changeit"; @@ -95,30 +93,34 @@ public class ProxyServlet extends BaseServlet { // We are connecting with the node name, but the certificate will have the CNAME // So we need to accept a non-matching certificate name - SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "changeit", trustStore); + SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, + props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY), trustStore); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sch = new Scheme("https", 443, socketFactory); inited = true; } catch (Exception e) { e.printStackTrace(); } - intlogger.info("ProxyServlet: inited = "+inited); + intlogger.info("ProxyServlet: inited = " + inited); } - private KeyStore readStore(String store, String pass, String type) throws KeyStoreException, FileNotFoundException { + + private KeyStore readStore(String store, String pass, String type) throws KeyStoreException { KeyStore ks = KeyStore.getInstance(type); - FileInputStream instream = new FileInputStream(new File(store)); - try { + try (FileInputStream instream = new FileInputStream(new File(store))) { ks.load(instream, pass.toCharArray()); + } catch (FileNotFoundException fileNotFoundException) { + System.err.println("ProxyServlet: " + fileNotFoundException); + fileNotFoundException.printStackTrace(); } catch (Exception x) { - System.err.println("READING TRUSTSTORE: "+x); - } finally { - try { instream.close(); } catch (Exception ignore) {} + System.err.println("READING TRUSTSTORE: " + x); } return ks; } + /** - * Return true if the requester has NOT set the noproxy CGI variable. - * If they have, this indicates they want to forcibly turn the proxy off. + * Return true if the requester has NOT set the noproxy CGI variable. If they have, this indicates + * they want to forcibly turn the proxy off. + * * @param req the HTTP request * @return true or false */ @@ -127,22 +129,25 @@ public class ProxyServlet extends BaseServlet { if (t != null) { t = t.replaceAll("&", "&"); for (String s : t.split("&")) { - if (s.equals("noproxy") || s.startsWith("noproxy=")) + if (s.equals("noproxy") || s.startsWith("noproxy=")) { return false; + } } } return true; } + /** - * Is this the standby server? If it is, the proxy functions can be used. - * If not, the proxy functions should not be called, and will send a response of 500 - * (Internal Server Error). + * Is this the standby server? If it is, the proxy functions can be used. If not, the proxy functions should not be + * called, and will send a response of 500 (Internal Server Error). + * * @return true if this server is the standby (and hence a proxy server). */ public boolean isProxyServer() { SynchronizerTask st = SynchronizerTask.getSynchronizer(); return st.getState() == SynchronizerTask.STANDBY; } + /** * Issue a proxy DELETE to the active provisioning server. */ @@ -150,6 +155,7 @@ public class ProxyServlet extends BaseServlet { public void doDelete(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "DELETE"); } + /** * Issue a proxy GET to the active provisioning server. */ @@ -157,6 +163,7 @@ public class ProxyServlet extends BaseServlet { public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "GET"); } + /** * Issue a proxy PUT to the active provisioning server. */ @@ -164,6 +171,7 @@ public class ProxyServlet extends BaseServlet { public void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "PUT"); } + /** * Issue a proxy POST to the active provisioning server. */ @@ -171,58 +179,61 @@ public class ProxyServlet extends BaseServlet { public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { doProxy(req, resp, "POST"); } + /** - * Issue a proxy GET to the active provisioning server. Unlike doGet() above, - * this method will allow the caller to fall back to other code if the remote server is unreachable. + * Issue a proxy GET to the active provisioning server. Unlike doGet() above, this method will allow the caller to + * fall back to other code if the remote server is unreachable. + * * @return true if the proxy succeeded */ public boolean doGetWithFallback(HttpServletRequest req, HttpServletResponse resp) throws IOException { boolean rv = false; if (inited) { String url = buildUrl(req); - intlogger.info("ProxyServlet: proxying with fallback GET "+url); - try(AbstractHttpClient httpclient = new DefaultHttpClient()){ - HttpRequestBase proxy = new HttpGet(url); - try { - httpclient.getConnectionManager().getSchemeRegistry().register(sch); - - // Copy request headers and request body - copyRequestHeaders(req, proxy); - - // Execute the request - HttpResponse pxy_response = httpclient.execute(proxy); - - // Get response headers and body - int code = pxy_response.getStatusLine().getStatusCode(); - resp.setStatus(code); - copyResponseHeaders(pxy_response, resp); - - HttpEntity entity = pxy_response.getEntity(); - if (entity != null) { - InputStream in = entity.getContent(); - IOUtils.copy(in, resp.getOutputStream()); - in.close(); + intlogger.info("ProxyServlet: proxying with fallback GET " + url); + try (AbstractHttpClient httpclient = new DefaultHttpClient()) { + HttpRequestBase proxy = new HttpGet(url); + try { + httpclient.getConnectionManager().getSchemeRegistry().register(sch); + + // Copy request headers and request body + copyRequestHeaders(req, proxy); + + // Execute the request + HttpResponse pxy_response = httpclient.execute(proxy); + + // Get response headers and body + int code = pxy_response.getStatusLine().getStatusCode(); + resp.setStatus(code); + copyResponseHeaders(pxy_response, resp); + + HttpEntity entity = pxy_response.getEntity(); + if (entity != null) { + InputStream in = entity.getContent(); + IOUtils.copy(in, resp.getOutputStream()); + in.close(); + } + rv = true; + + } catch (IOException e) { + System.err.println("ProxyServlet: " + e); + e.printStackTrace(); + } finally { + proxy.releaseConnection(); + httpclient.getConnectionManager().shutdown(); } - rv = true; - - } catch (IOException e) { - System.err.println("ProxyServlet: "+e); - e.printStackTrace(); - } finally { - proxy.releaseConnection(); - httpclient.getConnectionManager().shutdown(); - } } } else { intlogger.warn("ProxyServlet: proxy disabled"); } return rv; } + private void doProxy(HttpServletRequest req, HttpServletResponse resp, final String method) throws IOException { if (inited && isProxyServer()) { String url = buildUrl(req); - intlogger.info("ProxyServlet: proxying "+method + " "+url); - try(AbstractHttpClient httpclient = new DefaultHttpClient()) { + intlogger.info("ProxyServlet: proxying " + method + " " + url); + try (AbstractHttpClient httpclient = new DefaultHttpClient()) { ProxyHttpRequest proxy = new ProxyHttpRequest(method, url); try { httpclient.getConnectionManager().getSchemeRegistry().register(sch); @@ -264,33 +275,40 @@ public class ProxyServlet extends BaseServlet { resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } + private String buildUrl(HttpServletRequest req) { StringBuilder sb = new StringBuilder("https://"); sb.append(URLUtilities.getPeerPodName()); sb.append(req.getRequestURI()); String q = req.getQueryString(); - if (q != null) + if (q != null) { sb.append("?").append(q); + } return sb.toString(); } + private void copyRequestHeaders(HttpServletRequest from, HttpRequestBase to) { @SuppressWarnings("unchecked") List list = Collections.list(from.getHeaderNames()); for (String name : list) { // Proxy code will add this one - if (!name.equalsIgnoreCase("Content-Length")) + if (!name.equalsIgnoreCase("Content-Length")) { to.addHeader(name, from.getHeader(name)); + } } } + private void copyResponseHeaders(HttpResponse from, HttpServletResponse to) { for (Header hdr : from.getAllHeaders()) { // Don't copy Date: our Jetty will add another Date header - if (!hdr.getName().equals("Date")) + if (!hdr.getName().equals("Date")) { to.addHeader(hdr.getName(), hdr.getValue()); + } } } public class ProxyHttpRequest extends HttpEntityEnclosingRequestBase { + private final String method; public ProxyHttpRequest(final String method, final String uri) { @@ -298,6 +316,7 @@ public class ProxyServlet extends BaseServlet { this.method = method; setURI(URI.create(uri)); } + @Override public String getMethod() { return method; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java old mode 100644 new mode 100755 index 4c140490..f3eb1eb6 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/NodeClass.java @@ -32,7 +32,6 @@ import java.util.HashMap; import java.util.Map; import java.util.Set; import java.util.TreeSet; - import org.apache.log4j.Logger; import org.onap.dmaap.datarouter.provisioning.utils.DB; @@ -43,6 +42,7 @@ import org.onap.dmaap.datarouter.provisioning.utils.DB; * @version $Id: NodeClass.java,v 1.2 2014/01/15 16:08:43 eby Exp $ */ public abstract class NodeClass extends Syncable { + private static Map map; private static Logger intLogger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal"); public NodeClass() { @@ -53,19 +53,20 @@ public abstract class NodeClass extends Syncable { } /** - * Add nodes to the NODES table, when the NODES parameter value is changed. - * Nodes are only added to the table, they are never deleted. The node name is normalized - * to contain the domain (if missing). + * Add nodes to the NODES table, when the NODES parameter value is changed. Nodes are only added to the table, they + * are never deleted. The node name is normalized to contain the domain (if missing). * * @param nodes a pipe separated list of the current nodes */ public static void setNodes(String[] nodes) { - if (map == null) + if (map == null) { reload(); + } int nextid = 0; for (Integer n : map.values()) { - if (n >= nextid) + if (n >= nextid) { nextid = n + 1; + } } // take | separated list, add domain if needed. @@ -136,8 +137,9 @@ public abstract class NodeClass extends Syncable { public static Integer lookupNodeName(final String name) { Integer n = map.get(name); - if (n == null) + if (n == null) { throw new IllegalArgumentException("Invalid node name: " + name); + } return n; } @@ -148,8 +150,9 @@ public abstract class NodeClass extends Syncable { if (s.endsWith("*")) { s = s.substring(0, s.length() - 1); for (String s2 : keyset) { - if (s2.startsWith(s)) + if (s2.startsWith(s)) { coll.add(s2); + } } } else if (keyset.contains(s)) { coll.add(s); @@ -162,14 +165,6 @@ public abstract class NodeClass extends Syncable { return coll; } - protected String lookupNodeID(int n) { - for (String s : map.keySet()) { - if (map.get(s) == n) - return s; - } - return null; - } - public static String normalizeNodename(String s) { if (s != null && s.indexOf('.') <= 0) { Parameters p = Parameters.getParameter(Parameters.PROV_DOMAIN); @@ -184,4 +179,13 @@ public abstract class NodeClass extends Syncable { } } + + protected String lookupNodeID(int n) { + for (String s : map.keySet()) { + if (map.get(s) == n) { + return s; + } + } + return null; + } } diff --git a/datarouter-prov/src/main/resources/misc/sql_init_01.sql b/datarouter-prov/src/main/resources/misc/sql_init_01.sql old mode 100644 new mode 100755 index e01ce3b0..356a67a9 --- a/datarouter-prov/src/main/resources/misc/sql_init_01.sql +++ b/datarouter-prov/src/main/resources/misc/sql_init_01.sql @@ -124,18 +124,18 @@ CREATE TABLE GROUPS ( ); INSERT INTO PARAMETERS VALUES - ('ACTIVE_POD', 'prov.datarouternew.com'), - ('PROV_ACTIVE_NAME', 'prov.datarouternew.com'), + ('ACTIVE_POD', 'dmaap-dr-prov'), + ('PROV_ACTIVE_NAME', 'dmaap-dr-prov'), ('STANDBY_POD', ''), - ('PROV_NAME', 'prov.datarouternew.com'), - ('NODES', '172.100.0.1|node.datarouternew.com'), - ('PROV_DOMAIN', 'datarouternew.com'), + ('PROV_NAME', 'dmaap-dr-prov'), + ('NODES', 'dmaap-dr-node'), + ('PROV_DOMAIN', ''), ('DELIVERY_INIT_RETRY_INTERVAL', '10'), ('DELIVERY_MAX_AGE', '86400'), ('DELIVERY_MAX_RETRY_INTERVAL', '3600'), ('DELIVERY_RETRY_RATIO', '2'), ('LOGROLL_INTERVAL', '300'), - ('PROV_AUTH_ADDRESSES', '172.100.0.1|prov.datarouternew.com|node.datarouternew.com'), + ('PROV_AUTH_ADDRESSES', 'dmaap-dr-prov|dmaap-dr-node'), ('PROV_AUTH_SUBJECTS', ''), ('PROV_MAXFEED_COUNT', '10000'), ('PROV_MAXSUB_COUNT', '100000'), diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties old mode 100644 new mode 100755 index 7758a64d..744bc9ce --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -27,11 +27,11 @@ org.onap.dmaap.datarouter.provserver.https.port = 8443 org.onap.dmaap.datarouter.provserver.https.relaxation = true org.onap.dmaap.datarouter.provserver.keystore.type = jks -org.onap.dmaap.datarouter.provserver.keymanager.password = changeit -org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/self_signed/keystore.jks -org.onap.dmaap.datarouter.provserver.keystore.password = changeit -org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/self_signed/cacerts.jks -org.onap.dmaap.datarouter.provserver.truststore.password = changeit +org.onap.dmaap.datarouter.provserver.keymanager.password = Qgw77oaQcdP*F8Pwa[&.,.Ab +org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks +org.onap.dmaap.datarouter.provserver.keystore.password = Qgw77oaQcdP*F8Pwa[&.,.Ab +org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks +org.onap.dmaap.datarouter.provserver.truststore.password = 9M?)?:KAj1z6gpLhNrVUG@0T org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool -- cgit 1.2.3-korg