From 222555c7995645416a47bc52ed8837e3afde8e21 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Fri, 2 Jun 2023 11:38:36 +0000 Subject: Revert "Support SIP TLS" This reverts commit a2feaf9b65cbba66181fb560b5815a62427d65cc. Reason for revert: deployment issue Change-Id: Ic21e213493f51d0c11778187ab054881bba7c21e Issue-ID: SDC-4483 Signed-off-by: MichaelMorris --- utils/webseal-simulator/sdc-simulator/Dockerfile | 2 +- .../SDC_Simulator_5_create_jetty_modules.rb | 6 +- .../templates/default/SDC-Simulator-ssl-ini.erb | 8 +- .../openecomp/sdc/webseal/simulator/SdcProxy.java | 102 +++++++++------------ 4 files changed, 48 insertions(+), 70 deletions(-) (limited to 'utils/webseal-simulator') diff --git a/utils/webseal-simulator/sdc-simulator/Dockerfile b/utils/webseal-simulator/sdc-simulator/Dockerfile index 16d1ab0afb..bd3c1695f6 100644 --- a/utils/webseal-simulator/sdc-simulator/Dockerfile +++ b/utils/webseal-simulator/sdc-simulator/Dockerfile @@ -1,4 +1,4 @@ -FROM onap/integration-java11:10.0.0 +FROM onap/integration-java11:9.0.0 USER root ARG JETTY_FOLDER=/app/jetty diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb index 34c874e8c4..ab6c5aabdb 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb @@ -53,11 +53,9 @@ template "ssl-ini" do mode "0755" variables({ :https_port => "8443", - :jetty_keystore_path => "etc/org.onap.sdc.p12" , - :jetty_keystore_pwd => "?(kP!Yur![*!Y5!E^f(ZKc31", - :jetty_truststore_path => "etc/org.onap.sdc.trust.jks", :jetty_truststore_pwd => "z+KEj;t+,KN^iimSiS89e#p0", - :jetty_keymanager_pwd => "?(kP!Yur![*!Y5!E^f(ZKc31" + :jetty_keystore_pwd => "?(kP!Yur![*!Y5!E^f(ZKc31", + :jetty_keymanager_pwd => "?(kP!Yur![*!Y5!E^f(ZKc31", }) end diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb index c489825c7b..278fdea2ae 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb @@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %> +jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 ## Truststore file path (relative to $jetty.base) -jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %> +jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> ## Keystore type and provider -jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreType=JKS # jetty.sslContext.keyStoreProvider= ## KeyManager password @@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> ## Truststore type and provider -jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreType=JKS # jetty.sslContext.trustStoreProvider= ## whether client certificate authentication is required diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java index c2cb5b58ae..6112d983ea 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java @@ -20,6 +20,34 @@ package org.openecomp.sdc.webseal.simulator; +import static java.nio.charset.StandardCharsets.UTF_8; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLEncoder; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Enumeration; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.zip.GZIPInputStream; +import javax.net.ssl.SSLContext; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import lombok.AllArgsConstructor; import lombok.Getter; import org.apache.commons.lang3.StringUtils; @@ -46,47 +74,17 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContextBuilder; -import org.onap.config.api.JettySSLUtils; import org.openecomp.sdc.webseal.simulator.conf.Conf; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.net.ssl.SSLContext; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletInputStream; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.URLEncoder; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Enumeration; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; -import java.util.stream.Collectors; -import java.util.zip.GZIPInputStream; - -import static java.nio.charset.StandardCharsets.UTF_8; - public class SdcProxy extends HttpServlet { private static final Logger LOGGER = LoggerFactory.getLogger(SdcProxy.class); private static final long serialVersionUID = 1L; private static final Set RESERVED_HEADERS = - Arrays.stream(ReservedHeaders.values()).map(ReservedHeaders::getValue).collect(Collectors.toSet()); + Arrays.stream(ReservedHeaders.values()).map(ReservedHeaders::getValue).collect(Collectors.toSet()); private static final String USER_ID = "USER_ID"; private static final String HTTP_IV_USER = "HTTP_IV_USER"; private static final String SDC1 = "/sdc1"; @@ -176,13 +174,6 @@ public class SdcProxy extends HttpServlet { HttpRequestBase httpMethod = createHttpMethod(request, methodEnum, uri); addHeadersToMethod(httpMethod, user, request); - try { - httpClient = buildRestClient(); - } catch (Exception e) { - LOGGER.error("Failed to buildRestClient", e); - throw new RuntimeException(e); - } - try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)) { response.setStatus(closeableHttpResponse.getStatusLine().getStatusCode()); if (request.getRequestURI().indexOf(".svg") > -1) { @@ -387,37 +378,26 @@ public class SdcProxy extends HttpServlet { private CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException { final var builder = new SSLContextBuilder(); - SSLContext sslContext; - try { - sslContext = JettySSLUtils.getSslContext(); - } catch (Exception e) { - LOGGER.error("Failed to getSslContext", e); - throw new RuntimeException(e); - } builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); - SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); + SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContext.getDefault(), + NoopHostnameVerifier.INSTANCE); Registry registry = RegistryBuilder.create() - .register("http", new PlainConnectionSocketFactory()) - .register("https", sslsf) - .build(); + .register("http", new PlainConnectionSocketFactory()) + .register("https", sslsf) + .build(); + PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry); return HttpClients.custom() - .setSSLSocketFactory(sslsf) - .setConnectionManager(new PoolingHttpClientConnectionManager(registry)) - .build(); + .setSSLSocketFactory(sslsf) + .setConnectionManager(cm) + .build(); } @AllArgsConstructor @Getter enum ReservedHeaders { - HTTP_IV_USER(SdcProxy.HTTP_IV_USER), - USER_ID(SdcProxy.USER_ID), - HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), - HTTP_CSP_EMAIL("HTTP_CSP_EMAIL"), - HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), - HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), - HTTP_CSP_WSTYPE("HTTP_CSP_WSTYPE"), - HOST("Host"), - CONTENTLENGTH("Content-Length"); + HTTP_IV_USER(SdcProxy.HTTP_IV_USER), USER_ID(SdcProxy.USER_ID), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL( + "HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE( + "HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length"); private final String value; -- cgit 1.2.3-korg