aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2023-09-27 09:10:10 +0100
committerMichael Morris <michael.morris@est.tech>2023-10-26 15:43:33 +0000
commit031b8e1c7eb7d7b2e8c0bbd575dfbde36aaf8736 (patch)
tree365bba9f4f64f84ee5517634859dac58c6c1cdf2
parent95c95b08ae8fa2592852168ec11b9aff3a6a31d5 (diff)
watch tls files
Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-4639 Change-Id: Ic9cff09c633770df5171867ca69ed318c2a75f59
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb4
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java52
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java51
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java3
4 files changed, 110 insertions, 0 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index d6d034fcb6..ada01a96e5 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -21,6 +21,10 @@ beProtocol: https
beProtocol: http
<% end -%>
+tlsCert: <%= node['BE']['tls_cert'] %>
+tlsKey: <%= node['BE']['tls_key'] %>
+caCert: <%= node['BE']['ca_cert'] %>
+
# catalog backend ssl port
beSslPort: <%= @ssl_port %>
version: 1.1.0
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
index 76be33cedf..00d4e4356e 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
@@ -19,13 +19,22 @@
*/
package org.openecomp.sdc.be.listen;
+import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
+
+import org.apache.commons.io.filefilter.FileFilterUtils;
+import org.apache.commons.io.filefilter.IOFileFilter;
+import org.apache.commons.io.monitor.FileAlterationListenerAdaptor;
+import org.apache.commons.io.monitor.FileAlterationMonitor;
+import org.apache.commons.io.monitor.FileAlterationObserver;
import org.openecomp.sdc.be.config.ConfigurationManager;
import org.openecomp.sdc.be.impl.WebAppContextWrapper;
import org.openecomp.sdc.be.monitoring.BeMonitoringService;
@@ -50,6 +59,7 @@ public class BEAppContextListener extends AppContextListener implements ServletC
// Monitoring service
BeMonitoringService bms = new BeMonitoringService(context.getServletContext());
bms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(15));
+ initTlsFileMonitoring();
log.debug("After executing {}", this.getClass());
}
@@ -71,4 +81,46 @@ public class BEAppContextListener extends AppContextListener implements ServletC
}
return version;
}
+
+ private void initTlsFileMonitoring() {
+ final Map<String, IOFileFilter> tlsFileFilters = createTlsFileFilters();
+ if (!tlsFileFilters.isEmpty()) {
+ final TlsFileChangeHandler tlsFileChangeHandler = new TlsFileChangeHandler();
+ tlsFileFilters.entrySet().stream().forEach(entry -> listenForChanges(entry.getKey(), tlsFileChangeHandler, entry.getValue()));
+ }
+ }
+
+ private Map<String, IOFileFilter> createTlsFileFilters() {
+ final Map<String, IOFileFilter> filters = new HashMap<>();
+ addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getTlsCert());
+ addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getTlsKey());
+ addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getCaCert());
+ return filters;
+ }
+
+ private void addFilter(final Map<String, IOFileFilter> filters, final String path) {
+ if (path != null) {
+ final File file = new File(path);
+ final IOFileFilter caCertFileFilter =
+ FileFilterUtils.and(FileFilterUtils.fileFileFilter(), FileFilterUtils.nameFileFilter(file.getName()));
+
+ if (filters.containsKey(file.getParent())) {
+ filters.put(file.getParent(), FileFilterUtils.or(filters.get(file.getParent()), caCertFileFilter));
+ } else {
+ filters.put(file.getParent(), caCertFileFilter);
+ }
+ }
+ }
+
+ private void listenForChanges(String path, FileAlterationListenerAdaptor changeListener, IOFileFilter ioFileFilter) {
+ FileAlterationMonitor monitor = new FileAlterationMonitor();
+ final FileAlterationObserver observer = new FileAlterationObserver(path, ioFileFilter);
+ observer.addListener(changeListener);
+ monitor.addObserver(observer);
+ try {
+ monitor.start();
+ } catch (final Exception exception) {
+ log.error("Error starting monitoring of TLS files", exception);
+ }
+ }
}
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java
new file mode 100644
index 0000000000..7e5671cd19
--- /dev/null
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java
@@ -0,0 +1,51 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2023 Nordix Foundation
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.openecomp.sdc.be.listen;
+
+import java.io.File;
+
+import org.apache.commons.io.monitor.FileAlterationListenerAdaptor;
+import org.openecomp.sdc.be.config.Configuration;
+import org.openecomp.sdc.be.config.ConfigurationManager;
+import org.openecomp.sdc.common.log.wrappers.Logger;
+
+public class TlsFileChangeHandler extends FileAlterationListenerAdaptor {
+
+ private static final Logger LOGGER = Logger.getLogger(TlsFileChangeHandler.class.getName());
+
+ @Override
+ public void onFileChange(File pFile) {
+ final Configuration config = ConfigurationManager.getConfigurationManager().getConfiguration();
+ if (pFile.getAbsolutePath().equals(config.getTlsCert()) || pFile.getAbsolutePath().equals(config.getTlsKey())) {
+ handleTlsCertChanged();
+ }
+ if (pFile.getAbsolutePath().equals(config.getCaCert())) {
+ handleCaCertChanged();
+ }
+ }
+
+ private void handleTlsCertChanged() {
+ LOGGER.info("TLS cert/key change detected");
+ }
+
+ private void handleCaCertChanged() {
+ LOGGER.info("CA cert change detected");
+ }
+
+}
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
index f945402106..3222c267df 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
@@ -66,6 +66,9 @@ public class Configuration extends BasicConfiguration {
* backend protocol. http | https
*/
private String beProtocol = "http";
+ private String tlsCert;
+ private String tlsKey;
+ private String caCert;
private Date released;
private String version = "1111";
private String toscaConformanceLevel = "3.0";