2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2019 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.datarouter.node;
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
25 import org.eclipse.jetty.http.HttpVersion;
26 import org.eclipse.jetty.server.Connector;
27 import org.eclipse.jetty.server.HttpConfiguration;
28 import org.eclipse.jetty.server.HttpConnectionFactory;
29 import org.eclipse.jetty.server.SecureRequestCustomizer;
30 import org.eclipse.jetty.server.Server;
31 import org.eclipse.jetty.server.ServerConnector;
32 import org.eclipse.jetty.server.SslConnectionFactory;
33 import org.eclipse.jetty.servlet.ServletContextHandler;
34 import org.eclipse.jetty.servlet.ServletHolder;
35 import org.eclipse.jetty.util.ssl.SslContextFactory;
36 import org.jetbrains.annotations.NotNull;
37 import org.onap.dmaap.datarouter.node.delivery.Delivery;
40 public class NodeServer {
42 private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
44 private static Server server;
45 private static Delivery delivery;
47 private NodeServer(){}
49 static Server getServerInstance(NodeConfigManager nodeConfigManager) {
51 server = createNodeServer(nodeConfigManager);
56 private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
57 eelfLogger.info("NODE0005 Creating new NodeServer");
58 server = new Server();
59 delivery = new Delivery(nodeConfigManager);
61 HttpConfiguration httpConfiguration = new HttpConfiguration();
62 httpConfiguration.setRequestHeaderSize(2048);
65 try (ServerConnector httpServerConnector = new ServerConnector(server,
66 new HttpConnectionFactory(httpConfiguration))) {
67 httpServerConnector.setPort(nodeConfigManager.getHttpPort());
68 httpServerConnector.setIdleTimeout(2000);
71 ServletContextHandler servletContextHandler = new ServletContextHandler(0);
72 servletContextHandler.setContextPath("/");
73 servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*");
75 if (nodeConfigManager.isTlsEnabled()) {
76 initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector);
78 eelfLogger.info("NODE0005 Adding HTTP Connector");
79 server.setConnectors(new Connector[]{httpServerConnector});
81 server.setHandler(servletContextHandler);
86 private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration,
87 ServerConnector httpServerConnector) {
88 HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
89 httpsConfiguration.setRequestHeaderSize(8192);
91 SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
92 secureRequestCustomizer.setStsMaxAge(2000);
93 secureRequestCustomizer.setStsIncludeSubDomains(true);
94 httpsConfiguration.addCustomizer(secureRequestCustomizer);
97 try (ServerConnector httpsServerConnector = new ServerConnector(server,
98 new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()),
99 new HttpConnectionFactory(httpsConfiguration))) {
100 httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
101 httpsServerConnector.setIdleTimeout(3600000);
102 httpsServerConnector.setAcceptQueueSize(2);
103 eelfLogger.info("NODE0005 TLS Enabled: Adding HTTP/S Connectors");
104 server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
109 * Reset the retry timer for a subscription.
111 static void resetQueue(String subid, String ip) {
112 delivery.resetQueue(NodeConfigManager.getInstance().getSpoolDir(subid, ip));
117 private static SslContextFactory.Server getSslContextFactory() {
118 SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
119 sslContextFactory.setKeyStoreType(NodeConfigManager.getNodeTlsManager().getKeyStoreType());
120 sslContextFactory.setKeyStorePath(NodeConfigManager.getNodeTlsManager().getKeyStorefile());
121 sslContextFactory.setKeyStorePassword(NodeConfigManager.getNodeTlsManager().getKeyStorePassword());
122 sslContextFactory.setKeyManagerPassword(NodeConfigManager.getNodeTlsManager().getKeyManagerPassword());
124 // sslContextFactory.setTrustStoreType(NodeConfigManager.getNodeTlsManager().getTrustStoreType());
125 // sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty());
126 // sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty());
128 sslContextFactory.setExcludeCipherSuites(
129 "SSL_RSA_WITH_DES_CBC_SHA",
130 "SSL_DHE_RSA_WITH_DES_CBC_SHA",
131 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
132 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
133 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
134 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
135 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
137 sslContextFactory.addExcludeProtocols("SSLv3");
138 sslContextFactory.setIncludeProtocols(NodeConfigManager.getNodeTlsManager().getEnabledProtocols());
139 eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
140 eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
141 eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
142 eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
143 return sslContextFactory;