From a2feaf9b65cbba66181fb560b5815a62427d65cc Mon Sep 17 00:00:00 2001 From: vasraz Date: Fri, 5 May 2023 11:57:56 +0100 Subject: Support SIP TLS Signed-off-by: Vasyl Razinkov Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3 Issue-ID: SDC-4483 --- .../org/openecomp/sdc/fe/impl/PluginStatusBL.java | 29 ++++++++++--------- .../sdc/fe/listen/FEAppContextListener.java | 2 ++ .../openecomp/sdc/fe/servlets/FeProxyServlet.java | 33 +++++++++++----------- .../openecomp/sdc/fe/servlets/SSLProxyServlet.java | 26 ++++++++++++----- 4 files changed, 53 insertions(+), 37 deletions(-) (limited to 'catalog-fe/src/main') diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java index e1b4572a05..b095a1cde7 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java @@ -21,8 +21,6 @@ package org.openecomp.sdc.fe.impl; import com.google.gson.Gson; import com.google.gson.GsonBuilder; -import java.io.IOException; -import java.security.GeneralSecurityException; import org.apache.http.HttpStatus; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.CloseableHttpResponse; @@ -43,6 +41,8 @@ import org.openecomp.sdc.fe.config.ConfigurationManager; import org.openecomp.sdc.fe.config.PluginsConfiguration; import org.openecomp.sdc.fe.config.PluginsConfiguration.Plugin; +import java.io.IOException; + public class PluginStatusBL { private static final Logger log = Logger.getLogger(PluginStatusBL.class.getName()); @@ -74,23 +74,24 @@ public class PluginStatusBL { private boolean hasSecuredPlugins() { if (this.getPluginsList() != null) { return pluginsConfiguration.getPluginsList().stream() - .anyMatch(plugin -> plugin.getPluginDiscoveryUrl().toLowerCase().startsWith("https")); + .anyMatch(plugin -> plugin.getPluginDiscoveryUrl().toLowerCase().startsWith("https")); } return false; } - private CloseableHttpClient getPooledClient(boolean isSecured) throws GeneralSecurityException, IOException { + private CloseableHttpClient getPooledClient(final boolean isSecured) throws Exception { final PoolingHttpClientConnectionManager poolingConnManager; - if (!isSecured) { - poolingConnManager = new PoolingHttpClientConnectionManager(); - } else { - SSLConnectionSocketFactory s = new SSLConnectionSocketFactory(JettySSLUtils.getSslContext(), new NoopHostnameVerifier()); - Registry registry = RegistryBuilder.create() - .register("http", new PlainConnectionSocketFactory()).register("https", s).build(); + if (isSecured) { + final SSLConnectionSocketFactory s = new SSLConnectionSocketFactory(JettySSLUtils.getSslContext(), new NoopHostnameVerifier()); + final Registry registry = RegistryBuilder.create() + .register("http", new PlainConnectionSocketFactory()) + .register("https", s).build(); poolingConnManager = new PoolingHttpClientConnectionManager(registry); + } else { + poolingConnManager = new PoolingHttpClientConnectionManager(); } - int maxTotal = System.getProperties().containsKey(MAX_CONNECTION_POOL) ? Integer.parseInt(System.getProperty(MAX_CONNECTION_POOL)) : 5; - int routeMax = System.getProperties().containsKey(MAX_ROUTE_POOL) ? Integer.parseInt(System.getProperty(MAX_ROUTE_POOL)) : 20; + final int maxTotal = System.getProperties().containsKey(MAX_CONNECTION_POOL) ? Integer.parseInt(System.getProperty(MAX_CONNECTION_POOL)) : 5; + final int routeMax = System.getProperties().containsKey(MAX_ROUTE_POOL) ? Integer.parseInt(System.getProperty(MAX_ROUTE_POOL)) : 20; poolingConnManager.setMaxTotal(maxTotal); poolingConnManager.setDefaultMaxPerRoute(routeMax); return HttpClients.custom().setConnectionManager(poolingConnManager).setSSLHostnameVerifier(new NoopHostnameVerifier()).build(); @@ -115,9 +116,9 @@ public class PluginStatusBL { log.debug("The value returned from getConfig is {}", pluginsConfiguration); Integer connectionTimeout = pluginsConfiguration.getConnectionTimeout(); this.requestConfig = RequestConfig.custom().setSocketTimeout(connectionTimeout).setConnectTimeout(connectionTimeout) - .setConnectionRequestTimeout(connectionTimeout).build(); + .setConnectionRequestTimeout(connectionTimeout).build(); Plugin wantedPlugin = pluginsConfiguration.getPluginsList().stream().filter(plugin -> plugin.getPluginId().equals(pluginId)).findAny() - .orElse(null); + .orElse(null); if (wantedPlugin != null) { result = gson.toJson(checkPluginAvailability(wantedPlugin)); } diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java index 877d637a3e..79ef07a5da 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java @@ -38,6 +38,7 @@ public class FEAppContextListener extends AppContextListener implements ServletC private static final int PROBE_INTERVALE = 15; private static Logger log = Logger.getLogger(FEAppContextListener.class.getName()); + @Override public void contextInitialized(ServletContextEvent context) { super.contextInitialized(context); ConfigurationManager configurationManager = new ConfigurationManager(ExternalConfiguration.getConfigurationSource()); @@ -61,6 +62,7 @@ public class FEAppContextListener extends AppContextListener implements ServletC log.debug("After executing {}", this.getClass()); } + @Override public void contextDestroyed(ServletContextEvent context) { ExecutorService executorPool = (ExecutorService) context.getServletContext().getAttribute(Constants.THREAD_EXECUTOR_ATTR); if (executorPool != null) { diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/FeProxyServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/FeProxyServlet.java index 0ef435311f..1bec4e48c4 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/FeProxyServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/FeProxyServlet.java @@ -19,13 +19,7 @@ */ package org.openecomp.sdc.fe.servlets; -import static org.apache.commons.lang3.StringUtils.isEmpty; - import com.google.common.annotations.VisibleForTesting; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Base64; -import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.NotImplementedException; import org.apache.commons.lang3.StringUtils; import org.eclipse.jetty.client.api.Request; @@ -44,6 +38,13 @@ import org.openecomp.sdc.fe.config.PluginsConfiguration.Plugin; import org.openecomp.sdc.fe.impl.LogHandler; import org.openecomp.sdc.fe.utils.BeProtocol; +import javax.servlet.http.HttpServletRequest; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Base64; + +import static org.apache.commons.lang3.StringUtils.isEmpty; + public class FeProxyServlet extends SSLProxyServlet { public static final String UUID = "uuid"; @@ -101,7 +102,7 @@ public class FeProxyServlet extends SSLProxyServlet { BasicAuthConfig basicAuth = config.getBasicAuth(); if (basicAuth.isEnabled()) { proxyRequest.header(HttpHeader.AUTHORIZATION, - "Basic " + Base64.getEncoder().encodeToString((basicAuth.getUserName() + ":" + basicAuth.getUserPass()).getBytes())); + "Basic " + Base64.getEncoder().encodeToString((basicAuth.getUserName() + ":" + basicAuth.getUserPass()).getBytes())); } super.addProxyHeaders(clientRequest, proxyRequest); } @@ -127,7 +128,7 @@ public class FeProxyServlet extends SSLProxyServlet { } private String getModifiedUrl(Configuration config, PluginsConfiguration pluginConf, String uri, String queryString) - throws MalformedURLException { + throws MalformedURLException { if (config == null) { log.error(EcompLoggerErrorCode.UNKNOWN_ERROR, "FeProxyServlet getModifiedUrl", "sdc-FE", "failed to retrieve configuration."); throw new RuntimeException("failed to read FE configuration"); @@ -153,8 +154,8 @@ public class FeProxyServlet extends SSLProxyServlet { } else if (uri.contains(WORKFLOW_CONTEXT)) { uri = uri.replace(SDC1_FE_PROXY + WORKFLOW_CONTEXT, WORKFLOW_CONTEXT); String workflowPluginURL = pluginConf.getPluginsList().stream() - .filter(plugin -> plugin.getPluginId().equalsIgnoreCase(PLUGIN_ID_WORKFLOW)).map(Plugin::getPluginDiscoveryUrl).findFirst() - .orElse(null); + .filter(plugin -> plugin.getPluginId().equalsIgnoreCase(PLUGIN_ID_WORKFLOW)).map(Plugin::getPluginDiscoveryUrl).findFirst() + .orElse(null); java.net.URL workflowURL = new URL(workflowPluginURL); protocol = workflowURL.getProtocol(); host = workflowURL.getHost(); @@ -192,7 +193,7 @@ public class FeProxyServlet extends SSLProxyServlet { private PluginsConfiguration getPluginConfiguration(HttpServletRequest request) { return ((ConfigurationManager) request.getSession().getServletContext().getAttribute(Constants.CONFIGURATION_MANAGER_ATTR)) - .getPluginsConfiguration(); + .getPluginsConfiguration(); } private boolean isMsToggleOn(Configuration config) { @@ -224,7 +225,7 @@ public class FeProxyServlet extends SSLProxyServlet { String facadeSuffix = String.format("%s%s", FACADE_PATH_IDENTIFIER, CATALOG_REQUEST_IDENTIFIER); String nonFacadeUrl = currentURI.replace(facadeSuffix, "rest/v1/screen"); redirectValue = getModifiedUrl(config, getPluginConfiguration(request), nonFacadeUrl, - "excludeTypes=VFCMT&excludeTypes=Configuration"); + "excludeTypes=VFCMT&excludeTypes=Configuration"); } // Home else if (currentURI.endsWith(HOME_REQUEST_IDENTIFIER)) { @@ -249,10 +250,10 @@ public class FeProxyServlet extends SSLProxyServlet { String facadeSuffix = String.format("%s%s", FACADE_PATH_IDENTIFIER, CATALOG_REQUEST_IDENTIFIER); String nonFacadeUrl = currentURI.replace(facadeSuffix, "rest/v1/screen"); redirectValue = getModifiedUrl(config, getPluginConfiguration(request), nonFacadeUrl, - "excludeTypes=VFCMT&excludeTypes=Configuration"); + "excludeTypes=VFCMT&excludeTypes=Configuration"); } else { String message = String - .format("facade is toggled off, Could not rediret url %s with query params %s", currentURI, getQueryString(request)); + .format("facade is toggled off, Could not rediret url %s with query params %s", currentURI, getQueryString(request)); log.error(message); throw new NotImplementedException(message); } @@ -265,7 +266,7 @@ public class FeProxyServlet extends SSLProxyServlet { if (StringUtils.isEmpty(msUrl)) { // do that only once msUrl = String.format(MS_URL, config.getCatalogFacadeMs().getProtocol(), config.getCatalogFacadeMs().getHost(), - config.getCatalogFacadeMs().getPort()); + config.getCatalogFacadeMs().getPort()); } StringBuilder url; String queryString; @@ -293,7 +294,7 @@ public class FeProxyServlet extends SSLProxyServlet { private Configuration getConfiguration(HttpServletRequest request) { return ((ConfigurationManager) request.getSession().getServletContext().getAttribute(Constants.CONFIGURATION_MANAGER_ATTR)) - .getConfiguration(); + .getConfiguration(); } private String getAuthority(String host, String port) { diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java index 891bc4ae34..812be7f8ea 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java @@ -19,10 +19,12 @@ */ package org.openecomp.sdc.fe.servlets; -import javax.servlet.ServletException; import org.eclipse.jetty.client.HttpClient; +import org.eclipse.jetty.client.dynamic.HttpClientTransportDynamic; +import org.eclipse.jetty.io.ClientConnector; import org.eclipse.jetty.proxy.ProxyServlet; import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.onap.config.api.JettySSLUtils; import org.openecomp.sdc.common.api.Constants; import org.openecomp.sdc.fe.config.Configuration; import org.openecomp.sdc.fe.config.ConfigurationManager; @@ -30,15 +32,17 @@ import org.openecomp.sdc.fe.utils.BeProtocol; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.servlet.ServletException; + public abstract class SSLProxyServlet extends ProxyServlet { private static final long serialVersionUID = 1L; - private static final Logger log = LoggerFactory.getLogger(SSLProxyServlet.class); + private static final Logger LOGGER = LoggerFactory.getLogger(SSLProxyServlet.class); @Override protected HttpClient createHttpClient() throws ServletException { Configuration config = ((ConfigurationManager) getServletConfig().getServletContext().getAttribute(Constants.CONFIGURATION_MANAGER_ATTR)) - .getConfiguration(); + .getConfiguration(); boolean isSecureClient = !config.getBeProtocol().equals(BeProtocol.HTTP.getProtocolName()); HttpClient client = (isSecureClient) ? getSecureHttpClient() : super.createHttpClient(); int requestTimeout = config.getRequestTimeout() * 1000; @@ -47,22 +51,30 @@ public abstract class SSLProxyServlet extends ProxyServlet { } setTimeout(requestTimeout); client.setIdleTimeout(requestTimeout); - client.setStopTimeout(requestTimeout); return client; } private HttpClient getSecureHttpClient() throws ServletException { - // Instantiate HttpClient with the SslContextFactory - final var httpClient = new HttpClient(new SslContextFactory.Client(true)); + final SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(true); + try { + sslContextFactory.setSslContext(JettySSLUtils.getSslContext()); + } catch (Exception e) { + LOGGER.error("Exception thrown while getting SslContext", e); + throw new ServletException(e); + } + final ClientConnector clientConnector = new ClientConnector(); + clientConnector.setSslContextFactory(sslContextFactory); + final HttpClient httpClient = new HttpClient(new HttpClientTransportDynamic(clientConnector)); // Configure HttpClient, for example: httpClient.setFollowRedirects(false); // Start HttpClient try { httpClient.start(); } catch (Exception x) { - log.error("Exception thrown while starting httpClient", x); + LOGGER.error("Exception thrown while starting httpClient", x); throw new ServletException(x); } return httpClient; } + } -- cgit 1.2.3-korg