generic jetty https server support

jetty https support in constructor, or by using ".https" when creating an http server service. Change-Id: I94e8e3e4b93eb6b194657028c740b6781316c7da Issue-ID: POLICY-940 Signed-off-by: Jorge Hernandez <jh1730@att.com>
author: Jorge Hernandez <jh1730@att.com> 2018-08-01 16:18:25 -0500
committer: Jorge Hernandez <jh1730@att.com> 2018-08-03 14:14:05 -0500
commit: 030aee91fd3aec55a8940770181825f9f04a43aa (patch)
tree: 122cb45734ef2a4b219ebc83a111d9101087facd /policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http
parent: 6d662cb19aa858b743ab7e01d02a2a173abebcad (diff)
3 files changed, 101 insertions, 19 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java
index f09893b2..c7d2b1bf 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java
@@ -37,9 +37,10 @@ import org.slf4j.LoggerFactory;
 public interface HttpServletServerFactory {
 
     /**
-     * builds an http server with support for servlets
+     * builds an http or https server with support for servlets
      * 
      * @param name name
+     * @param https use secured http over tls connection
      * @param host binding host
      * @param port port
      * @param contextPath server base path
@@ -48,17 +49,32 @@ public interface HttpServletServerFactory {
      * @return http server
      * @throws IllegalArgumentException when invalid parameters are provided
      */
-    public HttpServletServer build(String name, String host, int port, String contextPath, boolean swagger,
+    HttpServletServer build(String name, boolean https, String host, int port, String contextPath, boolean swagger,
             boolean managed);
 
     /**
+     * builds an http server with support for servlets
+     *
+     * @param name name
+     * @param host binding host
+     * @param port port
+     * @param contextPath server base path
+     * @param swagger enable swagger documentation
+     * @param managed is it managed by infrastructure
+     * @return http server
+     * @throws IllegalArgumentException when invalid parameters are provided
+     */
+    HttpServletServer build(String name, String host, int port, String contextPath, boolean swagger,
+        boolean managed);
+
+    /**
      * list of http servers per properties
      * 
      * @param properties properties based configuration
      * @return list of http servers
      * @throws IllegalArgumentException when invalid parameters are provided
      */
-    public List<HttpServletServer> build(Properties properties);
+    List<HttpServletServer> build(Properties properties);
 
     /**
      * gets a server based on the port
@@ -66,26 +82,26 @@ public interface HttpServletServerFactory {
      * @param port port
      * @return http server
      */
-    public HttpServletServer get(int port);
+    HttpServletServer get(int port);
 
     /**
      * provides an inventory of servers
      * 
      * @return inventory of servers
      */
-    public List<HttpServletServer> inventory();
+    List<HttpServletServer> inventory();
 
     /**
      * destroys server bound to a port
      * 
      * @param port
      */
-    public void destroy(int port);
+    void destroy(int port);
 
     /**
      * destroys the factory and therefore all servers
      */
-    public void destroy();
+    void destroy();
 }
 
 
@@ -107,14 +123,14 @@ class IndexedHttpServletServerFactory implements HttpServletServerFactory {
     protected HashMap<Integer, HttpServletServer> servers = new HashMap<>();
 
     @Override
-    public synchronized HttpServletServer build(String name, String host, int port, String contextPath, boolean swagger,
+    public synchronized HttpServletServer build(String name, boolean https, String host, int port, String contextPath, boolean swagger,
             boolean managed) {
 
         if (servers.containsKey(port)) {
             return servers.get(port);
         }
 
-        JettyJerseyServer server = new JettyJerseyServer(name, host, port, contextPath, swagger);
+        JettyJerseyServer server = new JettyJerseyServer(name, https, host, port, contextPath, swagger);
         if (managed) {
             servers.put(port, server);
         }
@@ -123,6 +139,13 @@ class IndexedHttpServletServerFactory implements HttpServletServerFactory {
     }
 
     @Override
+    public synchronized HttpServletServer build(String name, String host, int port, String contextPath,
+                                                boolean swagger, boolean managed) {
+        return build(name, false, host, port, contextPath, swagger, managed);
+    }
+
+
+    @Override
     public synchronized List<HttpServletServer> build(Properties properties) {
 
         ArrayList<HttpServletServer> serviceList = new ArrayList<>();
@@ -192,7 +215,14 @@ class IndexedHttpServletServerFactory implements HttpServletServerFactory {
                 swagger = Boolean.parseBoolean(swaggerString);
             }
 
-            HttpServletServer service = build(serviceName, hostName, servicePort, contextUriPath, swagger, managed);
+            String httpsString = properties.getProperty(PolicyEndPointProperties.PROPERTY_HTTP_SERVER_SERVICES + "."
+                + serviceName + PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX);
+            boolean https = false;
+            if (httpsString != null && !httpsString.isEmpty()) {
+                https = Boolean.parseBoolean(httpsString);
+            }
+
+            HttpServletServer service = build(serviceName, https, hostName, servicePort, contextUriPath, swagger, managed);
             if (userName != null && !userName.isEmpty() && password != null && !password.isEmpty()) {
                 service.setBasicAuthentication(userName, password, authUriPath);
             }
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyJerseyServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyJerseyServer.java
index cd286927..9932d094 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyJerseyServer.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyJerseyServer.java
@@ -104,6 +104,7 @@ public class JettyJerseyServer extends JettyServletServer {
      * Constructor
      * 
      * @param name name
+     * @param https enable https?
      * @param host host server host
      * @param port port server port
      * @param swagger support swagger?
@@ -111,19 +112,19 @@ public class JettyJerseyServer extends JettyServletServer {
      * 
      * @throws IllegalArgumentException in invalid arguments are provided
      */
-    public JettyJerseyServer(String name, String host, int port, String contextPath, boolean swagger) {
+    public JettyJerseyServer(String name, boolean https, String host, int port, String contextPath, boolean swagger) {
 
-        super(name, host, port, contextPath);
+        super(name, https, host, port, contextPath);
         if (swagger) {
             this.swaggerId = "swagger-" + this.port;
-            attachSwaggerServlet();
+            attachSwaggerServlet(https);
         }
     }
 
     /**
      * attaches a swagger initialization servlet
      */
-    protected void attachSwaggerServlet() {
+    protected void attachSwaggerServlet(boolean https) {
 
         ServletHolder swaggerServlet = context.addServlet(JerseyJaxrsConfig.class, "/");
 
@@ -133,7 +134,7 @@ public class JettyJerseyServer extends JettyServletServer {
         }
 
         swaggerServlet.setInitParameter(SWAGGER_API_BASEPATH,
-                "http://" + hostname + ":" + this.connector.getPort() + "/");
+                ((https) ? "https://" : "http://") + hostname + ":" + this.connector.getPort() + "/");
         swaggerServlet.setInitParameter(SWAGGER_CONTEXT_ID, swaggerId);
         swaggerServlet.setInitParameter(SWAGGER_SCANNER_ID, swaggerId);
         swaggerServlet.setInitParameter(SWAGGER_PRETTY_PRINT, "true");
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java
index 97166ec7..a4cc9b5f 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,12 +26,16 @@ import org.eclipse.jetty.security.ConstraintMapping;
 import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.security.HashLoginService;
 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.Slf4jRequestLog;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.util.security.Credential;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.onap.policy.common.endpoints.http.server.HttpServletServer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -42,6 +46,14 @@ import org.slf4j.LoggerFactory;
 public abstract class JettyServletServer implements HttpServletServer, Runnable {
 
     /**
+     * Keystore/Truststore system property names
+     */
+    public static final String SYSTEM_KEYSTORE_PROPERTY_NAME = "javax.net.ssl.keyStore";
+    public static final String SYSTEM_KEYSTORE_PASSWORD_PROPERTY_NAME = "javax.net.ssl.keyStorePassword";
+    public static final String SYSTEM_TRUSTSTORE_PROPERTY_NAME = "javax.net.ssl.trustStore";
+    public static final String SYSTEM_TRUSTSTORE_PASSWORD_PROPERTY_NAME = "javax.net.ssl.trustStorePassword";
+
+    /**
      * Logger
      */
     private static Logger logger = LoggerFactory.getLogger(JettyServletServer.class);
@@ -111,7 +123,7 @@ public abstract class JettyServletServer implements HttpServletServer, Runnable
      * 
      * @throws IllegalArgumentException if invalid parameters are passed in
      */
-    public JettyServletServer(String name, String host, int port, String contextPath) {
+    public JettyServletServer(String name, boolean https, String host, int port, String contextPath) {
         String srvName = name;
         String srvHost = host;
         String ctxtPath = contextPath;
@@ -120,7 +132,7 @@ public abstract class JettyServletServer implements HttpServletServer, Runnable
             srvName = "http-" + port;
         }
 
-        if (port <= 0 && port >= 65535) {
+        if (port <= 0 || port >= 65535) {
             throw new IllegalArgumentException("Invalid Port provided: " + port);
         }
 
@@ -145,7 +157,11 @@ public abstract class JettyServletServer implements HttpServletServer, Runnable
         this.jettyServer = new Server();
         this.jettyServer.setRequestLog(new Slf4jRequestLog());
 
-        this.connector = new ServerConnector(this.jettyServer);
+        if (https)
+            this.connector = httpsConnector();
+        else
+            this.connector = httpConnector();
+
         this.connector.setName(srvName);
         this.connector.setReuseAddress(true);
         this.connector.setPort(port);
@@ -155,6 +171,41 @@ public abstract class JettyServletServer implements HttpServletServer, Runnable
         this.jettyServer.setHandler(context);
     }
 
+    public JettyServletServer(String name, String host, int port, String contextPath) {
+        this(name, false, host, port, contextPath);
+    }
+
+    public ServerConnector httpsConnector() {
+        SslContextFactory sslContextFactory = new SslContextFactory();
+
+        String keyStore = System.getProperty(SYSTEM_KEYSTORE_PROPERTY_NAME);
+        if (keyStore != null) {
+            sslContextFactory.setKeyStorePath(keyStore);
+
+            String ksPassword = System.getProperty(SYSTEM_KEYSTORE_PASSWORD_PROPERTY_NAME);
+            if (ksPassword != null)
+                sslContextFactory.setKeyStorePassword(ksPassword);
+        }
+
+        String trustStore = System.getProperty(SYSTEM_TRUSTSTORE_PROPERTY_NAME);
+        if (trustStore != null) {
+            sslContextFactory.setTrustStorePath(trustStore);
+
+            String tsPassword = System.getProperty(SYSTEM_TRUSTSTORE_PASSWORD_PROPERTY_NAME);
+            if (tsPassword != null)
+                sslContextFactory.setTrustStorePassword(tsPassword);
+        }
+
+        HttpConfiguration https = new HttpConfiguration();
+        https.addCustomizer(new SecureRequestCustomizer());
+
+        return new ServerConnector(jettyServer, sslContextFactory, new HttpConnectionFactory(https));
+    }
+
+    public ServerConnector httpConnector() {
+        return new ServerConnector(this.jettyServer);
+    }
+
     @Override
     public void setBasicAuthentication(String user, String password, String servletPath) {
         String srvltPath = servletPath;
author	Jorge Hernandez <jh1730@att.com>	2018-08-01 16:18:25 -0500
committer	Jorge Hernandez <jh1730@att.com>	2018-08-03 14:14:05 -0500
commit	030aee91fd3aec55a8940770181825f9f04a43aa (patch)
tree	122cb45734ef2a4b219ebc83a111d9101087facd /policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http
parent	6d662cb19aa858b743ab7e01d02a2a173abebcad (diff)