From 222555c7995645416a47bc52ed8837e3afde8e21 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Fri, 2 Jun 2023 11:38:36 +0000 Subject: Revert "Support SIP TLS" This reverts commit a2feaf9b65cbba66181fb560b5815a62427d65cc. Reason for revert: deployment issue Change-Id: Ic21e213493f51d0c11778187ab054881bba7c21e Issue-ID: SDC-4483 Signed-off-by: MichaelMorris --- .../item-rest/item-rest-services/pom.xml | 5 - .../rest/services/VnfPackageRepositoryImpl.java | 50 +++--- .../backend/openecomp-sdc-security-util/pom.xml | 6 + .../artifacts/Dockerfile | 2 +- .../sdc-onboard-backend/attributes/default.rb | 12 +- .../recipes/ON_4_setup_jetty_modules.rb | 16 +- .../templates/default/ssl-ini.erb | 8 +- .../artifacts/startup.sh | 4 +- .../openecomp-sdc-logging-core/pom.xml | 5 + .../openecomp-sdc-validation-impl/pom.xml | 196 ++++++++++----------- 10 files changed, 153 insertions(+), 151 deletions(-) (limited to 'openecomp-be') diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml index adc0095b50..40edb974c9 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/item-rest/item-rest-services/pom.xml @@ -110,11 +110,6 @@ - - org.apache.httpcomponents - httpcore - ${httpcore.version} - diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/VnfPackageRepositoryImpl.java b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/VnfPackageRepositoryImpl.java index 754199ac29..5bfd29affa 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/VnfPackageRepositoryImpl.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vnf-repository-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/services/VnfPackageRepositoryImpl.java @@ -16,6 +16,24 @@ */ package org.openecomp.sdcrests.vsp.rest.services; +import static javax.ws.rs.core.HttpHeaders.CONTENT_DISPOSITION; +import static org.openecomp.core.utilities.file.FileUtils.getFileExtension; +import static org.openecomp.core.utilities.file.FileUtils.getNetworkPackageName; + +import java.io.IOException; +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.inject.Named; +import javax.net.ssl.SSLContext; +import javax.ws.rs.client.Client; +import javax.ws.rs.client.ClientBuilder; +import javax.ws.rs.core.Response; import org.onap.config.api.ConfigurationManager; import org.onap.config.api.JettySSLUtils; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; @@ -39,20 +57,6 @@ import org.openecomp.sdcrests.vsp.rest.mapping.MapUploadFileResponseToUploadFile import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; -import javax.inject.Named; -import javax.ws.rs.client.Client; -import javax.ws.rs.client.ClientBuilder; -import javax.ws.rs.core.Response; -import java.nio.ByteBuffer; -import java.nio.charset.StandardCharsets; -import java.util.List; -import java.util.Objects; -import java.util.Optional; - -import static javax.ws.rs.core.HttpHeaders.CONTENT_DISPOSITION; -import static org.openecomp.core.utilities.file.FileUtils.getFileExtension; -import static org.openecomp.core.utilities.file.FileUtils.getNetworkPackageName; - /** * Enables integration API interface with VNF Repository (VNFSDK). *
    @@ -73,15 +77,17 @@ public class VnfPackageRepositoryImpl implements VnfPackageRepository { private static Client trustSSLClient() { try { - return ClientBuilder.newBuilder() - .sslContext(JettySSLUtils.getSslContext()) - .hostnameVerifier((requestedHost, remoteServerSession) -> requestedHost.equalsIgnoreCase(remoteServerSession.getPeerHost())).build(); - } catch (final Exception e) { + SSLContext sslcontext = JettySSLUtils.getSslContext(); + return ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifier((requestedHost, remoteServerSession) + -> requestedHost.equalsIgnoreCase(remoteServerSession.getPeerHost())).build(); + + } catch (IOException | GeneralSecurityException e) { LOGGER.error("Failed to initialize SSL context", e); } return ClientBuilder.newClient(); } + private final Configuration config; public VnfPackageRepositoryImpl(Configuration config) { @@ -120,15 +126,15 @@ public class VnfPackageRepositoryImpl implements VnfPackageRepository { private Response uploadVnfPackage(final String vspId, final String versionId, final String csarId, final byte[] payload) { try { final OrchestrationTemplateCandidateManager candidateManager = OrchestrationTemplateCandidateManagerFactory.getInstance() - .createInterface(); + .createInterface(); final String filename = formatFilename(csarId); final String fileExtension = getFileExtension(filename); final OnboardPackageInfo onboardPackageInfo = new OnboardPackageInfo(getNetworkPackageName(filename), fileExtension, - ByteBuffer.wrap(payload), OnboardingTypesEnum.getOnboardingTypesEnum(fileExtension)); + ByteBuffer.wrap(payload), OnboardingTypesEnum.getOnboardingTypesEnum(fileExtension)); final VspDetails vspDetails = new VspDetails(vspId, getVersion(vspId, versionId)); final UploadFileResponse response = candidateManager.upload(vspDetails, onboardPackageInfo); final UploadFileResponseDto uploadFileResponse = new MapUploadFileResponseToUploadFileResponseDto() - .applyMapping(response, UploadFileResponseDto.class); + .applyMapping(response, UploadFileResponseDto.class); return Response.ok(uploadFileResponse).build(); } catch (final Exception e) { ErrorCode error = new GeneralErrorBuilder().build(); @@ -166,7 +172,7 @@ public class VnfPackageRepositoryImpl implements VnfPackageRepository { if (LOGGER.isErrorEnabled()) { String body = response.hasEntity() ? response.readEntity(String.class) : ""; LOGGER.error("Unexpected response status while {}: URI={}, status={}, body={}", action, uri, response.getStatus(), body, - new CoreException(error)); + new CoreException(error)); } return generateInternalServerError(error); } diff --git a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml index bd7dcb3c58..0ab38ac365 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml +++ b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml @@ -13,6 +13,12 @@ + + org.slf4j + slf4j-api + 1.7.25 + + org.apache.commons commons-crypto diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile index 6f2e68ec0a..6eb57a625e 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile @@ -1,4 +1,4 @@ -FROM onap/integration-java11:10.0.0 +FROM onap/integration-java11:9.0.0 USER root ARG JETTY_FOLDER=/app/jetty diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb index d2a40942e8..074584a6e8 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/attributes/default.rb @@ -5,19 +5,15 @@ default['FE'][:http_port] = 8181 default['FE'][:https_port] = 9443 default['disableHttp'] = true default['cassandra'][:truststore_password] = "Aa123456" - -default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12" default['jetty'][:keystore_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31" default['jetty'][:keymanager_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31" -default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks" -# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION -# MUST BE ALSO CHANGE IN THE startup.sh FILE default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0" +default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore" default['VnfRepo']['vnfRepoPort'] = 8702 default['VnfRepo']['vnfRepoHost'] = "refrepo" -# Cassandra +#Cassandra default['cassandra']['cassandra_port'] = 9042 default['cassandra']['datacenter_name'] = "DC-" default['cassandra']['cluster_name'] = "SDC-CS-" @@ -25,12 +21,12 @@ default['cassandra']['socket_read_timeout'] = 20000 default['cassandra']['socket_connect_timeout'] = 20000 default['cassandra']['janusgraph_connection_timeout'] = 10000 -# Basicauth +#Basicauth default['basic_auth']['enabled'] = true default['basic_auth'][:user_name] = "testName" default['basic_auth'][:user_pass] = "testPass" default['basic_auth']['excludedUrls'] = "/v1.0/healthcheck" -# ExternalTesting +#ExternalTesting default['EXTTEST']['ep1_config'] = "vtp,VTP,true,http://refrepo:8702/onapapi/vnfsdk-marketplace,onap.*" default['EXTTEST']['ep2_config'] = "repository,Repository,false,,.*" diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb index 2e51402016..6b2b79b49c 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/recipes/ON_4_setup_jetty_modules.rb @@ -1,4 +1,4 @@ -# Set the http module option +#Set the http module option if node['disableHttp'] http_option = "#--module=http" else @@ -18,12 +18,13 @@ template "http-ini" do group "#{ENV['JETTY_GROUP']}" mode "0755" variables ({ - :http_option => http_option, + :http_option => http_option , :http_port => "#{node['ONBOARDING_BE'][:http_port]}" }) - + end + template "https-ini" do path "#{ENV['JETTY_BASE']}/start.d/https.ini" source "https-ini.erb" @@ -33,6 +34,7 @@ template "https-ini" do variables :https_port => "#{node['ONBOARDING_BE'][:https_port]}" end + template "ssl-ini" do path "#{ENV['JETTY_BASE']}/start.d/ssl.ini" source "ssl-ini.erb" @@ -40,11 +42,9 @@ template "ssl-ini" do group "#{ENV['JETTY_GROUP']}" mode "0755" variables ({ - :https_port => "#{node['ONBOARDING_BE'][:https_port]}", - :jetty_keystore_path => "#{node['jetty'][:keystore_path]}", - :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}", - :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}", - :jetty_truststore_path => "#{node['jetty'][:truststore_path]}", + :https_port => "#{node['ONBOARDING_BE'][:https_port]}" , + :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , + :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}" }) end diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb index c489825c7b..278fdea2ae 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/chef-repo/cookbooks/sdc-onboard-backend/templates/default/ssl-ini.erb @@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %> +jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 ## Truststore file path (relative to $jetty.base) -jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %> +jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> ## Keystore type and provider -jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreType=JKS # jetty.sslContext.keyStoreProvider= ## KeyManager password @@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> ## Truststore type and provider -jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreType=JKS # jetty.sslContext.trustStoreProvider= ## whether client certificate authentication is required diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh index 6ee1b7b344..43aad8726a 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/startup.sh @@ -8,8 +8,6 @@ JAVA_OPTIONS="$JAVA_OPTIONS \ -Dconfiguration.yaml=$JETTY_BASE/config/onboarding-be/onboarding_configuration.yaml \ -Dfeatures.properties=$JETTY_BASE/config/onboarding-be/features.properties \ -XX:+HeapDumpOnOutOfMemoryError \ - -Djavax.net.ssl.trustStore=$JETTY_BASE/etc/org.onap.sdc.trust.jks \ - -Djavax.net.ssl.trustStorePassword=z+KEj;t+,KN^iimSiS89e#p0 \ -Dconfig.location=$JETTY_BASE/config/onboarding-be/." cd $JETTY_BASE @@ -18,6 +16,6 @@ cd $JETTY_BASE/chef-solo chef-solo -c solo.rb -E ${ENVNAME} cd $JETTY_HOME -echo "jetty.httpConfig.sendServerVersion=false" >>$JETTY_HOME/start.d/start.ini +echo "jetty.httpConfig.sendServerVersion=false" >> $JETTY_HOME/start.d/start.ini java $JAVA_OPTIONS -jar "${JETTY_HOME}/start.jar" diff --git a/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml b/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml index 80936836df..39f11a059b 100644 --- a/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml +++ b/openecomp-be/lib/openecomp-sdc-logging-lib/openecomp-sdc-logging-core/pom.xml @@ -18,6 +18,11 @@ openecomp-sdc-logging-api ${project.version} + + org.slf4j + slf4j-api + ${slf4j-api.version} + ch.qos.logback logback-classic diff --git a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml index 8c6821e0c8..f4efc48f98 100644 --- a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml +++ b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/pom.xml @@ -16,110 +16,106 @@ --> - 4.0.0 + xmlns="http://maven.apache.org/POM/4.0.0" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 - openecomp-sdc-validation-impl - openecomp-sdc-validation-impl + openecomp-sdc-validation-impl + openecomp-sdc-validation-impl - - org.openecomp.sdc - openecomp-sdc-validation-lib + + org.openecomp.sdc + openecomp-sdc-validation-lib 1.13.0-SNAPSHOT - + - - - ch.qos.logback - logback-classic - ${logback.version} - - - org.openecomp.sdc - openecomp-sdc-logging-core - ${project.version} - runtime - - - org.openecomp.sdc - openecomp-sdc-logging-api - ${project.version} - - - org.openecomp.sdc.core - openecomp-utilities-lib - ${project.version} - - - org.eclipse.jetty - jetty-server - - - org.eclipse.jetty - jetty-servlet - - - - - org.openecomp.sdc - openecomp-sdc-validation-api - ${project.version} - - - org.openecomp.sdc.core - openecomp-common-lib - ${project.version} - - - org.openecomp.sdc.core - openecomp-heat-lib - ${project.version} - - - commons-io - commons-io - ${commons.io.version} - test - - - org.openecomp.sdc - openecomp-sdc-validation-core - ${project.version} - - - org.onap.vnfsdk.validation - validation-pmdictionary - ${onap.vnfsdk.validation.pmdictionary.version} - - - org.apache.logging.log4j - log4j-slf4j-impl - - - - - io.vavr - vavr - ${io.vavr.version} - - - org.apache.httpcomponents - httpmime - ${httpclient.version} - - - org.apache.httpcomponents - httpcore - - - - - org.apache.httpcomponents - httpcore - ${httpcore.version} - - + + + ch.qos.logback + logback-classic + ${logback.version} + + + org.openecomp.sdc + openecomp-sdc-logging-core + ${project.version} + runtime + + + org.openecomp.sdc + openecomp-sdc-logging-api + ${project.version} + + + org.openecomp.sdc.core + openecomp-utilities-lib + ${project.version} + + + org.eclipse.jetty + jetty-server + + + org.eclipse.jetty + jetty-servlet + + + + + org.openecomp.sdc + openecomp-sdc-validation-api + ${project.version} + + + org.openecomp.sdc.core + openecomp-common-lib + ${project.version} + + + org.openecomp.sdc.core + openecomp-heat-lib + ${project.version} + + + commons-io + commons-io + ${commons.io.version} + test + + + org.openecomp.sdc + openecomp-sdc-validation-core + ${project.version} + + + org.onap.vnfsdk.validation + validation-pmdictionary + ${onap.vnfsdk.validation.pmdictionary.version} + + + org.apache.logging.log4j + log4j-slf4j-impl + + + + + io.vavr + vavr + ${io.vavr.version} + + + org.apache.httpcomponents + httpmime + ${httpclient.version} + compile + + + org.apache.httpcomponents + httpcore + + + + -- cgit