diff options
-rw-r--r-- | etc/dmaapbc.properties | 603 | ||||
-rw-r--r-- | pom.xml | 65 | ||||
-rw-r--r-- | releases/2.0.2.yaml | 4 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java | 17 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/database/ConnectionFactory.java | 13 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/server/CadiCertificateManager.java | 61 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/server/CertficateManagerFactory.java | 51 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/server/CertificateManager.java | 104 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java | 49 | ||||
-rw-r--r-- | src/main/java/org/onap/dmaap/dbcapi/server/LegacyCertificateManager.java | 39 | ||||
-rw-r--r-- | version.properties | 2 |
11 files changed, 793 insertions, 215 deletions
diff --git a/etc/dmaapbc.properties b/etc/dmaapbc.properties index fa7f2cd..e98fa84 100644 --- a/etc/dmaapbc.properties +++ b/etc/dmaapbc.properties @@ -1,213 +1,488 @@ +#!# +#!# +#!# ============LICENSE_START========================================== +#!# org.onap.dmaap +#!# =================================================================== +#!# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +#!# =================================================================== +#!# Licensed under the Apache License, Version 2.0 (the "License"); +#!# you may not use this file except in compliance with the License. +#!# You may obtain a copy of the License at +#!# +#!# http://www.apache.org/licenses/LICENSE-2.0 +#!# +#!# Unless required by applicable law or agreed to in writing, software +#!# distributed under the License is distributed on an "AS IS" BASIS, +#!# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +#!# See the License for the specific language governing permissions and +#!# limitations under the License. +#!# ============LICENSE_END============================================ +#!# ECOMP is a trademark and service mark of AT&T Intellectual Property. +#!# +#!# +#!# Configuration parameters fixed at startup for the DMaaP Bus Controller +#!# +#!# +#!# URI to retrieve dynamic DR configuration +#!# +#!UnitTest: Yes +#!ProvisioningURI: /internal/prov +#!# +#!# Allow http access to API +#!# +#!HttpAllowed: true +#!# +#!# The port number for http as seen within the server +#!# +#!IntHttpPort: 8080 +#!# +#!# The port number for https as seen within the server +#!# Set to 0 if no certificate is available yet... +#!# +#!IntHttpsPort: 0 +#!# +#!# The external port number for https taking port mapping into account +#!# +#!ExtHttpsPort: 0 +#!# +#!# The type of keystore for https +#!# +#!KeyStoreType: jks +#!# +#!# The path to the keystore for https +#!# +#!KeyStoreFile: etc/keystore +#!# +#!# The password for the https keystore +#!# +#!KeyStorePassword: changeit +#!# +#!# The password for the private key in the https keystore +#!# +#!KeyPassword: changeit +#!# +#!# The type of truststore for https +#!# +#!TrustStoreType: jks +#!# +#!# The path to the truststore for https +#!# +#!TrustStoreFile: ${DMAAPBC_TSTOREFILE} +#!# +#!# The password for the https truststore +#!# +#!TrustStorePassword: changeit +#!# +#!# The path to the file used to trigger an orderly shutdown +#!# +#!QuiesceFile: etc/SHUTDOWN +#!# +#!# Enable postgress +#!# +#!UsePGSQL: false +#!# +#!# The host for postgres access +#!# +#!DB.host: none +#!# +#!# For postgres access +#!# +#!DB.cred: none +#!# +#!# Name of this environment +#!# +#!DmaapName: onap-cit +#!# +#!# Name of DR prov server +#!# +#!DR.provhost: localhost +#!# +#!# handling of feed delete +#!# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) +#!# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments +#!Feed.deleteHandling: DeleteOnDR +#! +#!################################################################################ +#!# MR Related Properties: +#!# +#!# Value of the CNAME DNS entry which resolves to the primary central MR cluster (when there are more than one central clusters). +#!# if there is only one MR cluster in an environment, set this to the DNS name for that cluster +#!# +#!MR.CentralCname: notSet.onap.org +#!# +#!# MR Client Delete Level thoroughness: +#!# 0 = don't delete +#!# 1 = delete from persistent store +#!# 2 = delete from persistent store (DB) and authorization store (AAF) +#!MR.ClientDeleteLevel: 1 +#!# +#!# MR Topic Factory Namespace +#!# +#!MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory +#!# +#!# MR TopicMgr Role +#!MR.TopicMgrRole: org.onap.dmaap-bc.TopicMgr +#! +#!# MR topic name style +#!MR.topicStyle: FQTN_LEGACY_FORMAT +#! +#!# MR topic ProjectID +#!MR.projectID: 23456 +#! +#!MR.multisite: true +#!# +#!# end of MR Related Properties +#!################################################################################ +#! +#!# +#!# The Role and credentials of the MirrorMaker Provisioner. This is used by DMaaP Bus Controller to pub to the provisioning topic +#!# Not part of 1701 +#!# +#!MM.ProvRole: org.onap.dmaapBC.MMprov.prov +#!MM.ProvUserMechId: idNotSet@namespaceNotSet +#!MM.ProvUserPwd: pwdNotSet +#!# +#!# The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic +#!# +#!MM.AgentRole: org.onap.dmaapBC.MMagent.agent +#!################# +#!# AAF Properties: +#!# +#!# regarding password encryption: +#!# In the dependencies that Maven retrieves (e.g., under dcae_dmaapbc/target/deps/ is a jar file cadi-core-version.jar. Generate the key file with: +#!# +#!# java \u2013jar wherever/cadi-core-*.jar keygen keyfilename +#!# chmod 400 keyfilename +#!# +#!# To encrypt a key: +#!# +#!# java \u2013jar wherever/cadi-core-*.jar digest password-to-encrypt keyfilename +#!# +#!# This will generate a string. Put \u201Cenc:\u201D on the front of the string, and put the result in this properties file. +#!# +#!# Location of the Codec Keyfile which is used to decrypt passwords in this properties file before they are passed to AAF +#!# +#!# REF: https://wiki.domain.notset.com/display/cadi/CADI+Deployment +#!# +#!CredentialCodecKeyfile: etc/LocalKey +#!# +#!# This overrides the Class used for Decryption. +#!# This allows for a plugin encryption/decryption method if needed. +#!# Call this Class for decryption at runtime. +#!#AafDecryption.Class: com.company.proprietaryDecryptor +#! +#!# +#!# This overrides the Class used for API Permission check. +#!# This allows for a plugin policy check, if needed +#!ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll +#! +#!# +#!# URL of AAF environment to use. +#!# +#!aaf.URL: https://localhost:8100/proxy +#!# +#!# TopicMgr mechid@namespace +#!# +#!aaf.TopicMgrUser: idNotSet@namespaceNotSet +#!# +#!# TopicMgr password +#!# +#!aaf.TopicMgrPassword: pwdNotSet +#!# +#!# Bus Controller Namespace Admin mechid@namespace +#!# +#!aaf.AdminUser: idNotSet@namespaceNotSet +#!# +#!# Bus Controller Namespace Admin password +#!# +#!aaf.AdminPassword: pwdNotSet +#!# +#!# endof AAF Properties +#!################# +#!################# +#!# PolicyEngine Properties +#!# +#!# Name of PolicyEngineApi properties file +#!PolicyEngineProperties: config/PolicyEngineApi.properties +#!# +#!# Namespace for URI values for API used to create AAF permissions +#!# e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics +#!ApiNamespace: org.onap.dmaapBC.api +#!# +#!# endof PolicyEngineProperties +#!################# +######NEW FILE ##### +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # -# -# ============LICENSE_START========================================== -# org.onap.dmaap -# =================================================================== -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# =================================================================== # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# ============LICENSE_END============================================ -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -# -# Configuration parameters fixed at startup for the DMaaP Bus Controller -# + + +##################################################### # -# URI to retrieve dynamic DR configuration +# Hooks for specific environment configurations # +##################################################### +# Indicator for whether to use AAF for authentication +#UseAAF: false + +# Stub out southbound calls for Unit Test cases to run. e.g. not timeout +# Comment out in other environments to get default (No) UnitTest: Yes -ProvisioningURI: /internal/prov -# -# Allow http access to API -# -HttpAllowed: true -# -# The port number for http as seen within the server -# -IntHttpPort: 8080 -# -# The port number for https as seen within the server -# Set to 0 if no certificate is available yet... -# -IntHttpsPort: 0 -# -# The external port number for https taking port mapping into account -# -ExtHttpsPort: 0 -# -# The type of keystore for https -# -KeyStoreType: jks -# -# The path to the keystore for https -# -KeyStoreFile: etc/keystore -# -# The password for the https keystore -# -KeyStorePassword: changeit -# -# The password for the private key in the https keystore -# -KeyPassword: changeit -# -# The type of truststore for https -# -TrustStoreType: jks -# -# The path to the truststore for https -# -TrustStoreFile: ${DMAAPBC_TSTOREFILE} -# -# The password for the https truststore -# -TrustStorePassword: changeit -# -# The path to the file used to trigger an orderly shutdown -# -QuiesceFile: etc/SHUTDOWN -# -# Enable postgress -# -UsePGSQL: false -# -# The host for postgres access -# -DB.host: none -# -# For postgres access -# -DB.cred: none -# -# Name of this environment -# -DmaapName: onap-cit -# -# Name of DR prov server + + +##################################################### # -DR.provhost: localhost +# Settings for Southbound API: Datarouter # -# handling of feed delete -# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) -# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments +##################################################### + +# URI to retrieve dynamic DR configuration +ProvisioningURI: /internal/prov + +# indicator for handling feed delete: +# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) +# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. Feed.deleteHandling: DeleteOnDR -################################################################################ -# MR Related Properties: -# -# Value of the CNAME DNS entry which resolves to the primary central MR cluster (when there are more than one central clusters). -# if there is only one MR cluster in an environment, set this to the DNS name for that cluster +########################################################### +# The following properties default to match ONAP DR instance. +# However, there are some non-ONAP DR instances that require other values. +# Sets the X-DR-ON-BEHALF-OF HTTP Header value +#DR.onBehalfHeader: +# Value for the Content-Type Header in DR Feed API +#DR.feedContentType: +# Value for the Content-Type Header in DR Subscription API +#DR.subContentType: +# +# END OF properties helpful for non-ONAP DR instance. +############################################################ + +##################################################### # -MR.CentralCname: notSet.onap.org +# Settings for Soutbound API: Postgresql # -# MR Client Delete Level thoroughness: -# 0 = don't delete -# 1 = delete from persistent store -# 2 = delete from persistent store (DB) and authorization store (AAF) -MR.ClientDeleteLevel: 1 +##################################################### +# flag indicates if we are using postgresql +UsePGSQL: false + +# postgres host name +# Need to connect to PG primary service, designated by service.name2 +DB.host: none + +# postgres schema name +#DB.schema: {{ .Values.postgres.config.pgDatabase }} + +# postgres user name +#DB.user: {{ .Values.postgres.config.pgUserName }} + +# postgres user password +DB.cred: none + + +##################################################### # -# MR Topic Factory Namespace +# Settings for Soutbound API: Message Router # +##################################################### +# indicator for multi-site (locations) deployment. Give clue to buscontroller whether +# there is a need for message replication between edge and central. +# ONAP Casablanca is a single site deployment +MR.multisite: true + +# FQDN of primary message router. +# In ONAP Casablanca, there is only 1 message router service, so use that. +# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR +MR.CentralCname: notSet.onap.org + +# Indicator for whether we want hostname verification on SSL connection to MR +MR.hostnameVerify: false + +# MR Client Delete Level thoroughness: +# 0 = don't delete +# 1 = delete from persistent store +# 2 = delete from persistent store (DB) and authorization store (AAF) +MR.ClientDeleteLevel: 1 + +# namespace of MR Topic Factory MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory -# -# MR TopicMgr Role -MR.TopicMgrRole: org.onap.dmaap-bc.TopicMgr -# MR topic name style -MR.topicStyle: FQTN_LEGACY_FORMAT +# AAF Role assigned to Topic Manager Identity +MR.TopicMgrRole: org.onap.dmaap-bc.TopicMgr -# MR topic ProjectID +# MR topic ProjectID (used in certain topic name generation formats) MR.projectID: 23456 -MR.multisite: true +# Use Basic Authentication when provisioning topics +#MR.authentication: basicAuth + +# MR topic name style (default is FQTN_LEGACY_FORMAT) +MR.topicStyle: FQTN_LEGACY_FORMAT # # end of MR Related Properties ################################################################################ + +##################################################### # -# The Role and credentials of the MirrorMaker Provisioner. This is used by DMaaP Bus Controller to pub to the provisioning topic -# Not part of 1701 -# -MM.ProvRole: org.onap.dmaapBC.MMprov.prov -MM.ProvUserMechId: idNotSet@namespaceNotSet -MM.ProvUserPwd: pwdNotSet -# -# The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic -# -MM.AgentRole: org.onap.dmaapBC.MMagent.agent -################# -# AAF Properties: -# -# regarding password encryption: -# In the dependencies that Maven retrieves (e.g., under dcae_dmaapbc/target/deps/ is a jar file cadi-core-version.jar. Generate the key file with: -# -# java \u2013jar wherever/cadi-core-*.jar keygen keyfilename -# chmod 400 keyfilename -# -# To encrypt a key: -# -# java \u2013jar wherever/cadi-core-*.jar digest password-to-encrypt keyfilename -# -# This will generate a string. Put \u201Cenc:\u201D on the front of the string, and put the result in this properties file. -# -# Location of the Codec Keyfile which is used to decrypt passwords in this properties file before they are passed to AAF +# Settings for Southbound API: CADI # -# REF: https://wiki.domain.notset.com/display/cadi/CADI+Deployment +##################################################### +# path to cadi.properties +#cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + +##################################################### # -CredentialCodecKeyfile: etc/LocalKey +# Settings for Southbound API: AAF proxy # -# This overrides the Class used for Decryption. +##################################################### +# URL of the AAF server +aaf.URL: https://localhost:8100/proxy + +# TopicMgr Identity +aaf.TopicMgrUser: idNotSet@namespaceNotSet + +# Password for TopicMgr identity +aaf.TopicMgrPassword: pwdNotSet + +# Buscontroller Admin Identity +aaf.AdminUser: idNotSet@namespaceNotSet + +# Admin Password +aaf.AdminPassword: pwdNotSet + +# Identity that is owner of any created namespaces for topics +#aaf.NsOwnerIdentity: ownerNotSet@namespaceNotSet.org + + +# this overrides the Class used for Decryption. # This allows for a plugin encryption/decryption method if needed. # Call this Class for decryption at runtime. -#AafDecryption.Class: com.company.proprietaryDecryptor +#AafDecryption.Class: com.company.proprietaryDecryptor -# -# This overrides the Class used for API Permission check. -# This allows for a plugin policy check, if needed -ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll +# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF +# Not used in ONAP, but possibly used with Decryption override class. +CredentialCodecKeyfile: etc/LocalKey # -# URL of AAF environment to use. -# -aaf.URL: https://localhost:8100/proxy -# -# TopicMgr mechid@namespace -# -aaf.TopicMgrUser: idNotSet@namespaceNotSet +# endof AAF Properties +#################################################### + + +##################################################### # -# TopicMgr password -# -aaf.TopicMgrPassword: pwdNotSet +# Settings for authorization of DBCAPI # -# Bus Controller Namespace Admin mechid@namespace +##################################################### +# Namespace for URI values for the API used to create AAF permissions +# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients +ApiNamespace: org.onap.dmaapBC.api + +# If API authorization is required, then implement a class to enforce it. +# This overrides the Class used for API permission check. +ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll + +##################################################### # -aaf.AdminUser: idNotSet@namespaceNotSet +# Settings for Southbound API: MirrorMaker provisioning # -# Bus Controller Namespace Admin password +##################################################### +# AAF Role of client publishing MM prov cmds +MM.ProvRole: org.onap.dmaapBC.MMprov.prov + +# AAF identity when publishing MM prov cmds +MM.ProvUserMechId: idNotSet@namespaceNotSet + +# pwd for Identity used to publish MM prov cmds +MM.ProvUserPwd: pwdNotSet + +# AAF Role of MirrorMaker agent subscribed to prov cmds. +MM.AgentRole: org.onap.dmaapBC.MMagent.agent + +##################################################### # -aaf.AdminPassword: pwdNotSet +# Certificate Management # -# endof AAF Properties -################# -################# -# PolicyEngine Properties +##################################################### + +# Indicates how we are expecting certificates to be provided: +# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file +# legacy (default) - artifacts will be installed manually or some other way and details will be in this file +CertificateManagement: legacy + +# When CertificateManagement is cadi, then this is where all the cadi properties will be. +# Note that the cadi properties include where the cert is, and the encrypted passwords to read. +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + +########################################################################################### +# When CertificateManagement is legacy, we need to provide more details about cert handling: +#CertificateManagement: legacy +# the type of keystore for https (for legacy CertificateManagment only) +KeyStoreType: jks + +# path to the keystore file (for legacy CertificateManagment only) +KeyStoreFile: etc/keystore + +# password for the https keystore (for legacy CertificateManagment only) +KeyStorePassword: changeit +# password for the private key in the https keystore (for legacy CertificateManagment only) +KeyPassword: changeit + +# type of truststore for https (for legacy CertificateManagment only) +TrustStoreType: jks + +# path to the truststore for https (for legacy CertificateManagment only) +TrustStoreFile: ${DMAAPBC_TSTOREFILE} + +# password for the https truststore (for legacy CertificateManagment only) +TrustStorePassword: changeit # -# Name of PolicyEngineApi properties file -PolicyEngineProperties: config/PolicyEngineApi.properties +# END OF legacy CertificateManagement properties +########################################################################################### + + +##################################################### # -# Namespace for URI values for API used to create AAF permissions -# e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics -ApiNamespace: org.onap.dmaapBC.api +# HTTP Server Configuration # -# endof PolicyEngineProperties -################# +##################################################### + +# Allow http access to dbcapi +HttpAllowed: true + +# listen to http port within this container (server) +IntHttpPort: 8080 + +# listen to https port within this container (server) +# set to 0 if no certificates are available. +IntHttpsPort: 0 + + +inHttpsPort: 0 + +##################################################### +# +# Deprecated properties +# +##################################################### +# csit: stubs out some southbound APIs for csit (deprecated) +#csit: No +# name of this DMaaP instance (deprecated) +#DmaapName: onap-cit +# external port number for https taking port mapping into account (deprecated) +#ExtHttpsPort: 443 +# path to the file used to trigger an orderly shutdown (deprecated) +#QuiesceFile: etc/SHUTDOWN +# FQDN of DR Prov Server (deprecated) +#DR.provhost: localhost +# root of topic namespace (decrecated) +#topicNsRoot: org.onap.dcae.dmaap @@ -28,7 +28,7 @@ <parent> <groupId>org.onap.oparent</groupId> <artifactId>oparent</artifactId> - <version>2.0.0</version> + <version>2.1.0</version> <relativePath/> </parent> <build> @@ -177,18 +177,40 @@ </execution> </executions> </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-surefire-plugin</artifactId> - <version>3.0.0-M4</version> - <configuration> - <useSystemClassLoader>false</useSystemClassLoader> - <forkCount>0</forkCount> - <argLine> - --illegal-access=permit - </argLine> - </configuration> - </plugin> + + <plugin> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <executions> + <execution> + <id>prepare-agent</id> + <goals> + <goal>prepare-agent</goal> + </goals> + </execution> + <execution> + <id>report</id> + <goals> + <goal>report</goal> + </goals> + <configuration> + <dataFile>${project.build.directory}/code-coverage/jacoco.exec</dataFile> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.12.4</version> + <configuration> + <excludes> + <!-- exclude until junits updated <exclude>**/DME2*.java</exclude> --> + </excludes> + <!-- <skipTests>true</skipTests> --> + </configuration> + </plugin> </plugins> <pluginManagement> @@ -420,21 +442,18 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <jettyVersion>9.4.24.v20191120</jettyVersion> <eelf.version>1.0.0</eelf.version> - <artifact.version>2.0.1-SNAPSHOT</artifact.version> + <artifact.version>2.0.3-SNAPSHOT</artifact.version> <junit.version>4.12</junit.version> <!-- SONAR --> - <jacoco.version>0.7.7.201606060606</jacoco.version> - <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> - <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> - <!-- Default Sonar configuration --> - <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath> - <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath> - <!-- Note: This list should match jacoco-maven-plugin's exclusion list - below --> + <sonar.language>java</sonar.language> + <sonar.skip>false</sonar.skip> + <sonar.surefire.reportsPath>${project.build.directory}/surefire-reports</sonar.surefire.reportsPath> + <sonar.coverage.jacoco.xmlReportPaths>${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths> + <sonar.projectVersion>${project.version}</sonar.projectVersion> <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> <!-- for Distribution Management --> - <sitePath>/content/sites/site/org/onap/dmaap/buscontroller/${artifact.version}</sitePath> + <sitePath>/content/sites/site/org/onap/dmaap/dbcapi/${artifact.version}/${project.version}</sitePath> <nexusproxy>https://nexus.onap.org</nexusproxy> </properties> <description>Data Movement as a Platform (DMaaP) Bus Controller provides a REST API for other DCAE infrastructure components to provision DMaaP resources. A DMaaP resource is a Data Router Feed or a Message Router Topic, and their associated publishers and subscribers.</description> diff --git a/releases/2.0.2.yaml b/releases/2.0.2.yaml new file mode 100644 index 0000000..ce0c847 --- /dev/null +++ b/releases/2.0.2.yaml @@ -0,0 +1,4 @@ +distribution_type: 'maven' +version: '2.0.2' +project: 'dmaap-dbcapi' +log_dir: 'dmaap-dbcapi-maven-stage-master/262/' diff --git a/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java b/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java index 688bbce..9c3fa4e 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java +++ b/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java @@ -76,15 +76,24 @@ public class MrProvConnection extends BaseLoggingClass{ public boolean makeTopicConnection( MR_Cluster cluster ) { - logger.info( "connect to cluster: " + cluster.getDcaeLocationName()); - + boolean rc = false; + logger.info( "connect to cluster: " + cluster.getDcaeLocationName()); + provURL = cluster.getTopicProtocol() + "://" + cluster.getFqdn() + ":" + cluster.getTopicPort() + "/topics/create"; if ( cluster.getTopicProtocol().equals( "https" ) ) { - return makeSecureConnection( provURL ); + rc = makeSecureConnection( provURL ); + } else { + rc = makeConnection( provURL ); } - return makeConnection( provURL ); + if ( rc && unit_test.equals( "Yes" ) ) { + // set timeouts low so we don't hold up unit tests in build process + uc.setReadTimeout(5); + uc.setConnectTimeout(5); + } + return rc; + } private boolean makeSecureConnection( String pURL ) { diff --git a/src/main/java/org/onap/dmaap/dbcapi/database/ConnectionFactory.java b/src/main/java/org/onap/dmaap/dbcapi/database/ConnectionFactory.java index e32b8e0..dc79cfe 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/database/ConnectionFactory.java +++ b/src/main/java/org/onap/dmaap/dbcapi/database/ConnectionFactory.java @@ -58,10 +58,19 @@ public class ConnectionFactory { Properties p = DmaapConfig.getConfig(); host = p.getProperty("DB.host", "dcae-pstg-write-ftl.domain.notset.com"); dbname = p.getProperty("DB.name", "dmaap"); - dbuser = p.getProperty("DB.user", "dmaap_admin"); - dbcr = p.getProperty("DB.cred", "test234-ftl"); + dbuser = getValue(p, "DB.user", "dmaap_admin"); + dbcr = getValue(p, "DB.cred", "test234-ftl"); schema = p.getProperty("DB.schema", "public"); } + + private static String getValue(final Properties props, final String value, final String defaultValue) { + String prop = props.getProperty(value, defaultValue); + if (prop != null && prop.matches("[$][{].*[}]$")) { + return System.getenv(prop.substring(2, prop.length() - 1)); + } + return prop; + } + public static ConnectionFactory getDefaultInstance() { return(instance); } diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/CadiCertificateManager.java b/src/main/java/org/onap/dmaap/dbcapi/server/CadiCertificateManager.java new file mode 100644 index 0000000..1da2bc4 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/server/CadiCertificateManager.java @@ -0,0 +1,61 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dmaap.dbcapi.server; + +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Properties; + +import org.onap.aaf.cadi.PropAccess; + +public class CadiCertificateManager extends CertificateManager { + private PropAccess propAccess; + + CadiCertificateManager( Properties properties ) { + String cadiPropsFile = properties.getProperty("cadi.properties", "etc/org.onap.dmaa-bc.props"); + logger.info( "using cadi properties in ", cadiPropsFile); + + propAccess = new PropAccess(); + ready = true; + try { + propAccess.load( new FileInputStream( cadiPropsFile )); + } catch ( IOException e ) { + logger.error( "Failed to load props file: " + cadiPropsFile + "\n" + e.getMessage()); + ready = false; + } + setKeyStoreType( "jks"); + setKeyStoreFile( propAccess.getProperty("cadi_keystore") ); + setKeyStorePassword( decryptPass( propAccess.getProperty("cadi_keystore_password_jks" ) )); + + setTrustStoreType( "jks"); + setTrustStoreFile( propAccess.getProperty("cadi_truststore" ) ); + setTrustStorePassword( decryptPass( propAccess.getProperty("cadi_truststore_password" ) )); + } + + private String decryptPass( String password ) { + String clear = null; + try { + clear = propAccess.decrypt(password, false ); + } catch (IOException e) { + logger.error( "Failed to decrypt " + password + ": " + e.getMessage() ); + } + return clear; + } +} diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/CertficateManagerFactory.java b/src/main/java/org/onap/dmaap/dbcapi/server/CertficateManagerFactory.java new file mode 100644 index 0000000..0bffd84 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/server/CertficateManagerFactory.java @@ -0,0 +1,51 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.server; + + +import java.util.Properties; + +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.util.DmaapConfig; + +public class CertficateManagerFactory extends BaseLoggingClass { + private final Properties dmaapConfig; + + public CertficateManagerFactory() { + this((DmaapConfig) DmaapConfig.getConfig()); + } + + CertficateManagerFactory(Properties params) { + this.dmaapConfig = params; + } + + public CertificateManager initCertificateManager() { + boolean useCadi = "cadi".equalsIgnoreCase(dmaapConfig.getProperty("CertificateManagement", "legacy")); + logger.info("CertificateManagerFactory: useCadi=" + useCadi); + + if ( useCadi ) { + return new CadiCertificateManager( dmaapConfig ); + } + return new LegacyCertificateManager( dmaapConfig ); + } + + +} diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/CertificateManager.java b/src/main/java/org/onap/dmaap/dbcapi/server/CertificateManager.java new file mode 100644 index 0000000..2772b92 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/server/CertificateManager.java @@ -0,0 +1,104 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.server; + +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; + +public abstract class CertificateManager extends BaseLoggingClass{ + + class cmAttribute { + private String type; + private String file; + private String password; + + private String getType() { + return type; + } + private void setType(String certificateType) { + this.type = certificateType; + } + private String getFile() { + return file; + } + private void setFile(String keyStoreFile) { + this.file = keyStoreFile; + } + private void setPassword( String pwd ) { + this.password = pwd; + } + private String getPassword() { + return password; + } + } + + private cmAttribute keyStore; + private cmAttribute trustStore; + protected boolean ready; + + CertificateManager() { + keyStore = new cmAttribute(); + trustStore = new cmAttribute(); + ready = false; + } + + public boolean isReady() { + return ready; + } + + public String getKeyStoreType() { + return keyStore.getType(); + } + public void setKeyStoreType(String certificateType) { + this.keyStore.setType( certificateType) ; + } + public String getKeyStoreFile() { + return keyStore.getFile(); + } + public void setKeyStoreFile(String keyStoreFile) { + this.keyStore.setFile(keyStoreFile); + } + + public String getKeyStorePassword() { + return keyStore.getPassword(); + } + public void setKeyStorePassword(String keyStorePassword) { + this.keyStore.setPassword(keyStorePassword); + } + public String getTrustStoreType() { + return trustStore.getType(); + } + public void setTrustStoreType( String type ) { + this.trustStore.setType(type); + } + public String getTrustStoreFile() { + return trustStore.getFile(); + } + public void setTrustStoreFile(String trustStoreFile) { + this.trustStore.setFile(trustStoreFile); + } + public String getTrustStorePassword() { + return trustStore.getPassword(); + } + public void setTrustStorePassword(String trustStorePassword) { + this.trustStore.setPassword(trustStorePassword); + } + +} diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java index 6a75d65..74a0fa6 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java +++ b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java @@ -76,20 +76,26 @@ public class JettyServer extends BaseLoggingClass { SslContextFactory sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setWantClientAuth(true); - setUpKeystore(params, sslContextFactory); - setUpTrustStore(params, sslContextFactory); - - if (sslPort != 0) { - try (ServerConnector sslConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(https_config))) { - sslConnector.setPort(sslPort); - server.addConnector(sslConnector); - serverLogger.info("Starting sslConnector on port " + sslPort + " for https"); - } + CertificateManager certificateManager = new CertficateManagerFactory(params).initCertificateManager(); + if ( ! certificateManager.isReady()) { + serverLogger.error("CertificateManager is not ready. NOT starting https!"); } else { - serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort ); - } + setUpKeystore(certificateManager, sslContextFactory); + setUpTrustStore(certificateManager, sslContextFactory); + + + if (sslPort != 0) { + try (ServerConnector sslConnector = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(https_config))) { + sslConnector.setPort(sslPort); + server.addConnector(sslConnector); + serverLogger.info("Starting sslConnector on port " + sslPort + " for https"); + } + } else { + serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort ); + } + } if (allowHttp) { serverLogger.info("Starting httpConnector on port " + httpPort); server.addConnector(httpConnector); @@ -141,19 +147,20 @@ public class JettyServer extends BaseLoggingClass { Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class)); } - private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) { - String keystore = params.getProperty("KeyStoreFile", "etc/keystore"); + private void setUpKeystore(CertificateManager certificateManager, SslContextFactory sslContextFactory) { + String keystore = certificateManager.getKeyStoreFile(); logger.info("https Server using keystore at " + keystore); sslContextFactory.setKeyStorePath(keystore); - sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit")); - sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit")); + sslContextFactory.setKeyStoreType(certificateManager.getKeyStoreType()); + sslContextFactory.setKeyStorePassword(certificateManager.getKeyStorePassword()); + sslContextFactory.setKeyManagerPassword(certificateManager.getKeyStorePassword()); } - private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) { - String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks"); + private void setUpTrustStore(CertificateManager certificateManager, SslContextFactory sslContextFactory) { + String truststore = certificateManager.getTrustStoreFile(); logger.info("https Server using truststore at " + truststore); sslContextFactory.setTrustStorePath(truststore); - sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks")); - sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit")); + sslContextFactory.setTrustStoreType(certificateManager.getTrustStoreType()); + sslContextFactory.setTrustStorePassword(certificateManager.getTrustStorePassword()); } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/LegacyCertificateManager.java b/src/main/java/org/onap/dmaap/dbcapi/server/LegacyCertificateManager.java new file mode 100644 index 0000000..bd54003 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/server/LegacyCertificateManager.java @@ -0,0 +1,39 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dmaap.dbcapi.server; + +import java.util.Properties; + +import org.onap.dmaap.dbcapi.util.DmaapConfig; + +public class LegacyCertificateManager extends CertificateManager { + + public LegacyCertificateManager(Properties properties ) { + setKeyStoreType( properties.getProperty("KeyStoreType", "jks") ); + setKeyStoreFile( properties.getProperty("KeyStoreFile", "etc/keystore") ); + setKeyStorePassword( properties.getProperty("KeyStorePassword", "changeit") ); + + setTrustStoreFile( properties.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks") ); + setTrustStoreType( properties.getProperty("TrustStoreType", "jks") ); + setTrustStorePassword( properties.getProperty("TrustStorePassword", "changeit") ); + ready = true; + } + +} diff --git a/version.properties b/version.properties index 9afec0f..b535a9b 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=2 minor=0 -patch=1 +patch=3 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins |