aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authork.kedron <k.kedron@partner.samsung.com>2019-08-23 16:46:49 +0200
committerOfir Sonsino <ofir.sonsino@intl.att.com>2019-08-26 12:48:57 +0000
commite9e5777db6edcbf34d3315a034ca9be2262fd61d (patch)
treefc54cf643e388b5e363f750c5c2451899c1a87b5
parent003f42a1295b85ae209a8e4f58fc87e05b8c2074 (diff)
Fully HTTPS support in the catalog-fe
Fully HTTPS support: -Updated jvm configuration to support call to the SDC components using HTTPS. -Checkstyle in the recipes -Added buildRestClient method to create the CloseableHttpClient supporting the SSL connection -Sonar fixes in the PluginStatusBL class Issue-ID: SDC-2516 Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com> Change-Id: I35b9e22026898d2cc67a4b2d86d9d508a33fcb59
-rw-r--r--catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb2
-rw-r--r--catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb1
-rw-r--r--catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb4
-rw-r--r--catalog-fe/sdc-frontend/startup.sh11
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java2
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java61
6 files changed, 64 insertions, 17 deletions
diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
index eb30eba01c..a7c9ce1d90 100644
--- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
+++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
@@ -6,6 +6,8 @@ default['FE'][:https_port] = 9443
default['disableHttp'] = true
default['jetty'][:keystore_pwd] = "rTIS;B4kM]2GHcNK2c3B4&Ng"
default['jetty'][:keymanager_pwd] = "rTIS;B4kM]2GHcNK2c3B4&Ng"
+# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
+# MUST BE ALSO CHANGE IN THE startup.sh FILE
default['jetty'][:truststore_pwd] = "Y,f975ZNJfVZhV*{+Y[}pA?0"
#Onboard
diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
index 67c511408c..f26418372b 100644
--- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
+++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
@@ -4,4 +4,3 @@ cookbook_file "#{ENV['JETTY_BASE']}/config/catalog-fe/logback.xml" do
owner "jetty"
group "jetty"
end
-
diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
index b1c32b9506..bf756fb1c6 100644
--- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
+++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
@@ -23,7 +23,7 @@ template "http-ini" do
owner "jetty"
group "jetty"
mode "0755"
- variables ({
+ variables({
:http_option => http_option ,
:http_port => "#{node['FE'][:http_port]}"
})
@@ -46,7 +46,7 @@ template "ssl-ini" do
owner "jetty"
group "jetty"
mode "0755"
- variables ({
+ variables({
:https_port => "#{node['FE'][:https_port]}" ,
:jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
:jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,
diff --git a/catalog-fe/sdc-frontend/startup.sh b/catalog-fe/sdc-frontend/startup.sh
index d8f522d3e1..99cdaf0f48 100644
--- a/catalog-fe/sdc-frontend/startup.sh
+++ b/catalog-fe/sdc-frontend/startup.sh
@@ -1,6 +1,14 @@
#!/bin/sh
-JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config -Dlog.home=${JETTY_BASE}/logs -Dlogback.configurationFile=${JETTY_BASE}/config/catalog-fe/logback.xml -Dconfiguration.yaml=${JETTY_BASE}/config/catalog-fe/configuration.yaml -Donboarding_configuration.yaml=${JETTY_BASE}/config/onboarding-fe/onboarding_configuration.yaml"
+JAVA_OPTIONS=" ${JAVA_OPTIONS} \
+ -Dconfig.home=${JETTY_BASE}/config \
+ -Dlog.home=${JETTY_BASE}/logs \
+ -Dlogback.configurationFile=${JETTY_BASE}/config/catalog-fe/logback.xml \
+ -Dconfiguration.yaml=${JETTY_BASE}/config/catalog-fe/configuration.yaml \
+ -Donboarding_configuration.yaml=${JETTY_BASE}/config/onboarding-fe/onboarding_configuration.yaml \
+ -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
+ -Djavax.net.ssl.trustStorePassword=Y,f975ZNJfVZhV*{+Y[}pA?0 \
+ -Djetty.console-capture.dir=${JETTY_BASE}/logs "
cd /root/chef-solo
chef-solo -c solo.rb -E ${ENVNAME}
@@ -9,4 +17,3 @@ cd /var/lib/jetty
/docker-entrypoint.sh &
while true; do sleep 2; done
-
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
index cdb9e0f9bf..6461ccfad6 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
@@ -60,7 +60,7 @@ public class PluginStatusBL {
}
public String getPluginsList() {
- String result = null;
+ String result;
if (pluginsConfiguration == null || pluginsConfiguration.getPluginsList() == null) {
LOGGER.warn("Configuration of type {} was not found", PluginsConfiguration.class);
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java
index f087f55349..a672b1b201 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java
@@ -3,6 +3,7 @@
* SDC
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (c) 2019 Samsung
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +21,27 @@
package org.openecomp.sdc.fe.listen;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
import org.openecomp.sdc.common.api.Constants;
import org.openecomp.sdc.common.impl.ExternalConfiguration;
import org.openecomp.sdc.common.listener.AppContextListener;
@@ -30,15 +52,10 @@ import org.openecomp.sdc.fe.servlets.HealthCheckService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-
public class FEAppContextListener extends AppContextListener implements ServletContextListener {
- private static final int HEALTH_CHECHK_INTERVALE = 5;
- private static final int PROBE_INTERVALE = 15;
+ private static final int HEALTH_CHECK_INTERVAL = 5;
+ private static final int PROBE_INTERVAL = 15;
private static Logger log = LoggerFactory.getLogger(FEAppContextListener.class.getName());
public void contextInitialized(ServletContextEvent context) {
@@ -51,17 +68,22 @@ public class FEAppContextListener extends AppContextListener implements ServletC
ExternalConfiguration.getAppName());
context.getServletContext().setAttribute(Constants.CONFIGURATION_MANAGER_ATTR, configurationManager);
- PluginStatusBL pbl = new PluginStatusBL();
- context.getServletContext().setAttribute(Constants.PLUGIN_BL_COMPONENT, pbl);
+ try {
+ PluginStatusBL pbl = new PluginStatusBL(buildRestClient());
+ context.getServletContext().setAttribute(Constants.PLUGIN_BL_COMPONENT, pbl);
+ } catch (SSLException e) {
+ log.debug("ERROR: Build rest client failed because ", e);
+ return;
+ }
// Health Check service
HealthCheckService hcs = new HealthCheckService(context.getServletContext());
- hcs.start(configurationManager.getConfiguration().getHealthCheckIntervalInSeconds(HEALTH_CHECHK_INTERVALE));
+ hcs.start(configurationManager.getConfiguration().getHealthCheckIntervalInSeconds(HEALTH_CHECK_INTERVAL));
context.getServletContext().setAttribute(Constants.HEALTH_CHECK_SERVICE_ATTR, hcs);
// Monitoring service
FeMonitoringService fms = new FeMonitoringService(context.getServletContext());
- fms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(PROBE_INTERVALE));
+ fms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(PROBE_INTERVAL));
if (configurationManager.getConfiguration() == null) {
log.debug("ERROR: configuration was not properly loaded");
@@ -87,4 +109,21 @@ public class FEAppContextListener extends AppContextListener implements ServletC
}
+ private CloseableHttpClient buildRestClient() throws SSLException {
+ SSLContextBuilder builder = new SSLContextBuilder();
+ try {
+ builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
+ SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
+ SSLContext.getDefault(), NoopHostnameVerifier.INSTANCE);
+ Registry<ConnectionSocketFactory> registry =
+ RegistryBuilder.<ConnectionSocketFactory>create()
+ .register("http", new PlainConnectionSocketFactory()).register("https", sslsf)
+ .build();
+ PoolingHttpClientConnectionManager cm =
+ new PoolingHttpClientConnectionManager(registry);
+ return HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();
+ } catch (NoSuchAlgorithmException | KeyStoreException e) {
+ throw new SSLException(e);
+ }
+ }
}