1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
25 package org.onap.dmaap.datarouter.node;
27 import static org.onap.dmaap.datarouter.node.NodeUtils.sendResponseError;
29 import com.att.eelf.configuration.EELFLogger;
30 import com.att.eelf.configuration.EELFManager;
32 import java.io.FileOutputStream;
33 import java.io.FileWriter;
34 import java.io.IOException;
35 import java.io.InputStream;
36 import java.io.OutputStream;
37 import java.io.Writer;
38 import java.nio.file.Files;
39 import java.nio.file.Path;
40 import java.nio.file.Paths;
41 import java.util.Enumeration;
42 import java.util.regex.Pattern;
43 import javax.servlet.http.HttpServlet;
44 import javax.servlet.http.HttpServletRequest;
45 import javax.servlet.http.HttpServletResponse;
46 import org.jetbrains.annotations.Nullable;
47 import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
51 * Servlet for handling all http and https requests to the data router node.
53 * <p>Handled requests are:
55 * GET http://<i>node</i>/internal/fetchProv - fetch the provisioning data
57 * PUT/DELETE https://<i>node</i>/internal/publish/<i>fileid</i> - n2n transfer
59 * PUT/DELETE https://<i>node</i>/publish/<i>feedid</i>/<i>fileid</i> - publsh request
61 public class NodeServlet extends HttpServlet {
63 private static final String FROM = " from ";
64 private static final String INVALID_REQUEST_URI = "Invalid request URI. Expecting <feed-publishing-url>/<fileid>.";
65 private static final String IO_EXCEPTION = "IOException";
66 private static final String ON_BEHALF_OF = "X-DMAAP-DR-ON-BEHALF-OF";
67 private static NodeConfigManager config;
68 private static Pattern metaDataPattern;
69 private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServlet.class);
72 final String ws = "\\s*";
73 // assume that \\ and \" have been replaced by X
74 final String string = "\"[^\"]*\"";
75 final String number = "[+-]?(?:\\.\\d+|(?:0|[1-9]\\d*)(?:\\.\\d*)?)(?:[eE][+-]?\\d+)?";
76 final String value = "(?:" + string + "|" + number + "|null|true|false)";
77 final String item = string + ws + ":" + ws + value + ws;
78 final String object = ws + "\\{" + ws + "(?:" + item + "(?:" + "," + ws + item + ")*)?\\}" + ws;
79 metaDataPattern = Pattern.compile(object, Pattern.DOTALL);
82 private final Delivery delivery;
84 NodeServlet(Delivery delivery) {
85 this.delivery = delivery;
89 * Get the NodeConfigurationManager.
93 config = NodeConfigManager.getInstance();
94 eelfLogger.debug("NODE0101 Node Servlet Configured");
97 private boolean down(HttpServletResponse resp) {
98 if (config.isShutdown() || !config.isConfigured()) {
99 sendResponseError(resp, HttpServletResponse.SC_SERVICE_UNAVAILABLE, eelfLogger);
100 eelfLogger.error("NODE0102 Rejecting request: Service is being quiesced");
107 * Handle a GET for /internal/fetchProv.
110 protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
111 NodeUtils.setIpAndFqdnForEelf("doGet");
112 NodeUtils.setRequestIdAndInvocationId(req);
113 eelfLogger.info(EelfMsgs.ENTRY);
115 eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
116 getIdFromPath(req) + "");
120 String path = req.getPathInfo();
121 String qs = req.getQueryString();
122 String ip = req.getRemoteAddr();
124 path = path + "?" + qs;
126 if ("/internal/fetchProv".equals(path)) {
128 resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
130 } else if (path.startsWith("/internal/resetSubscription/")) {
131 String subid = path.substring(28);
132 if (subid.length() != 0 && subid.indexOf('/') == -1) {
133 NodeServer.resetQueue(subid, ip);
134 resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
139 eelfLogger.debug("NODE0103 Rejecting invalid GET of " + path + FROM + ip);
140 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, eelfLogger);
142 eelfLogger.info(EelfMsgs.EXIT);
147 * Handle all PUT requests.
150 protected void doPut(HttpServletRequest req, HttpServletResponse resp) {
151 NodeUtils.setIpAndFqdnForEelf("doPut");
152 NodeUtils.setRequestIdAndInvocationId(req);
153 eelfLogger.info(EelfMsgs.ENTRY);
154 eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
155 getIdFromPath(req) + "");
157 common(req, resp, true);
158 } catch (IOException ioe) {
159 eelfLogger.error(IO_EXCEPTION, ioe);
160 eelfLogger.info(EelfMsgs.EXIT);
165 * Handle all DELETE requests.
168 protected void doDelete(HttpServletRequest req, HttpServletResponse resp) {
169 NodeUtils.setIpAndFqdnForEelf("doDelete");
170 NodeUtils.setRequestIdAndInvocationId(req);
171 eelfLogger.info(EelfMsgs.ENTRY);
172 eelfLogger.debug(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(ON_BEHALF_OF),
173 getIdFromPath(req) + "");
175 common(req, resp, false);
176 } catch (IOException ioe) {
177 eelfLogger.error(IO_EXCEPTION, ioe);
178 eelfLogger.info(EelfMsgs.EXIT);
182 private void common(HttpServletRequest req, HttpServletResponse resp, boolean isput) throws IOException {
183 final String PUBLISH = "/publish/";
184 final String INTERNAL_PUBLISH = "/internal/publish/";
185 final String HTTPS = "https://";
186 final String USER = " user ";
187 String fileid = getFileId(req, resp);
188 if (fileid == null) {
191 String feedid = null;
193 String ip = req.getRemoteAddr();
194 String lip = req.getLocalAddr();
196 String rcvd = NodeUtils.logts(System.currentTimeMillis()) + ";from=" + ip + ";by=" + lip;
197 Target[] targets = null;
198 boolean isAAFFeed = false;
199 if (fileid.startsWith("/delete/")) {
200 deleteFile(req, resp, fileid, pubid);
203 String credentials = req.getHeader("Authorization");
204 if (credentials == null) {
205 eelfLogger.error("NODE0306 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo() + FROM + req
207 resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Authorization header required");
208 eelfLogger.info(EelfMsgs.EXIT);
211 if (fileid.startsWith(PUBLISH)) {
212 fileid = fileid.substring(9);
213 int index = fileid.indexOf('/');
214 if (index == -1 || index == fileid.length() - 1) {
215 eelfLogger.error("NODE0205 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
217 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
218 "Invalid request URI. Expecting <feed-publishing-url>/<fileid>. Possible missing fileid.");
219 eelfLogger.info(EelfMsgs.EXIT);
222 feedid = fileid.substring(0, index);
224 if (config.getCadiEnabled()) {
225 String path = req.getPathInfo();
226 if (!path.startsWith("/internal") && feedid != null) {
227 String aafInstance = config.getAafInstance(feedid);
228 if (!("legacy".equalsIgnoreCase(aafInstance))) {
230 String permission = config.getPermission(aafInstance);
231 eelfLogger.debug("NodeServlet.common() permission string - " + permission);
232 //Check in CADI Framework API if user has AAF permission or not
233 if (!req.isUserInRole(permission)) {
234 String message = "AAF disallows access to permission string - " + permission;
235 eelfLogger.error("NODE0307 Rejecting unauthenticated PUT or DELETE of " + req.getPathInfo()
236 + FROM + req.getRemoteAddr());
237 resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
238 eelfLogger.info(EelfMsgs.EXIT);
245 fileid = fileid.substring(index + 1);
246 pubid = config.getPublishId();
247 targets = config.getTargets(feedid);
248 } else if (fileid.startsWith(INTERNAL_PUBLISH)) {
249 if (!config.isAnotherNode(credentials, ip)) {
250 eelfLogger.error("NODE0107 Rejecting unauthorized node-to-node transfer attempt from " + ip);
251 resp.sendError(HttpServletResponse.SC_FORBIDDEN);
252 eelfLogger.info(EelfMsgs.EXIT);
255 fileid = fileid.substring(18);
256 if (req.getHeader("X-DMAAP-DR-PUBLISH-ID") != null && !req.getHeader("X-DMAAP-DR-PUBLISH-ID").matches("^[a-zA-Z0-9_]+$")) {
257 String reason = "Error validating header";
258 eelfLogger.error(reason);
259 resp.sendError(HttpServletResponse.SC_BAD_REQUEST, reason);
260 eelfLogger.info(EelfMsgs.EXIT);
263 pubid = req.getHeader("X-DMAAP-DR-PUBLISH-ID");
264 user = "datartr"; // SP6 : Added usr as datartr to avoid null entries for internal routing
265 targets = config.parseRouting(req.getHeader("X-DMAAP-DR-ROUTING"));
267 eelfLogger.error("NODE0204 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
269 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
270 INVALID_REQUEST_URI);
271 eelfLogger.info(EelfMsgs.EXIT);
274 if (fileid.indexOf('/') != -1) {
275 eelfLogger.error("NODE0202 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
277 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
278 INVALID_REQUEST_URI);
279 eelfLogger.info(EelfMsgs.EXIT);
282 String qs = req.getQueryString();
284 fileid = fileid + "?" + qs;
286 String hp = config.getMyName();
287 int xp = config.getExtHttpsPort();
291 String logurl = HTTPS + hp + INTERNAL_PUBLISH + fileid;
292 if (feedid != null) {
293 logurl = HTTPS + hp + PUBLISH + feedid + "/" + fileid;
296 String reason = config.isPublishPermitted(feedid, credentials, ip);
297 if (reason != null) {
298 eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil
299 .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil
300 .cleanString(ip) + " reason " + PathUtil.cleanString(reason));
301 resp.sendError(HttpServletResponse.SC_FORBIDDEN, reason);
302 eelfLogger.info(EelfMsgs.EXIT);
305 user = config.getAuthUser(feedid, credentials);
307 String reason = config.isPublishPermitted(feedid, ip);
308 if (reason != null) {
309 eelfLogger.error("NODE0111 Rejecting unauthorized publish attempt to feed " + PathUtil
310 .cleanString(feedid) + " fileid " + PathUtil.cleanString(fileid) + FROM + PathUtil
311 .cleanString(ip) + " reason Invalid AAF user- " + PathUtil.cleanString(reason));
312 String message = "Invalid AAF user- " + PathUtil.cleanString(reason);
313 eelfLogger.debug("NODE0308 Rejecting unauthenticated PUT or DELETE of " + PathUtil
314 .cleanString(req.getPathInfo()) + FROM + PathUtil.cleanString(req.getRemoteAddr()));
315 resp.sendError(HttpServletResponse.SC_FORBIDDEN, message);
318 if ((req.getUserPrincipal() != null) && (req.getUserPrincipal().getName() != null)) {
319 String userName = req.getUserPrincipal().getName();
320 String[] attid = userName.split("@");
327 String newnode = config.getIngressNode(feedid, user, ip);
328 if (newnode != null) {
330 int iport = config.getExtHttpsPort();
334 String redirto = HTTPS + newnode + port + PUBLISH + feedid + "/" + fileid;
336 .debug("NODE0108 Redirecting publish attempt for feed " + PathUtil.cleanString(feedid) + USER
337 + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " to " + PathUtil
338 .cleanString(redirto)); //Fortify scan fixes - log forging
339 resp.sendRedirect(PathUtil.cleanString(redirto)); //Fortify scan fixes-open redirect - 2 issues
340 eelfLogger.info(EelfMsgs.EXIT);
343 resp.setHeader("X-DMAAP-DR-PUBLISH-ID", pubid);
345 if (req.getPathInfo().startsWith(INTERNAL_PUBLISH)) {
346 feedid = req.getHeader("X-DMAAP-DR-FEED-ID");
348 String fbase = PathUtil.cleanString(config.getSpoolDir() + "/" + pubid); //Fortify scan fixes-Path manipulation
349 File data = new File(fbase);
350 File meta = new File(fbase + ".M");
353 StringBuilder mx = new StringBuilder();
354 mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
355 Enumeration hnames = req.getHeaderNames();
357 boolean hasRequestIdHeader = false;
358 boolean hasInvocationIdHeader = false;
359 while (hnames.hasMoreElements()) {
360 String hn = (String) hnames.nextElement();
361 String hnlc = hn.toLowerCase();
362 if ((isput && ("content-type".equals(hnlc)
363 || "content-language".equals(hnlc)
364 || "content-md5".equals(hnlc)
365 || "content-range".equals(hnlc)))
366 || "x-dmaap-dr-meta".equals(hnlc)
367 || (feedid == null && "x-dmaap-dr-received".equals(hnlc))
368 || (hnlc.startsWith("x-") && !hnlc.startsWith("x-dmaap-dr-"))) {
369 Enumeration hvals = req.getHeaders(hn);
370 while (hvals.hasMoreElements()) {
371 String hv = (String) hvals.nextElement();
372 if ("content-type".equals(hnlc)) {
375 if ("x-onap-requestid".equals(hnlc)) {
376 hasRequestIdHeader = true;
378 if ("x-invocationid".equals(hnlc)) {
379 hasInvocationIdHeader = true;
381 if ("x-dmaap-dr-meta".equals(hnlc)) {
382 if (hv.length() > 4096) {
383 eelfLogger.error("NODE0109 Rejecting publish attempt with metadata too long for feed "
384 + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
385 + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
386 resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Metadata too long");
387 eelfLogger.info(EelfMsgs.EXIT);
390 if (!metaDataPattern.matcher(hv.replaceAll("\\\\.", "X")).matches()) {
391 eelfLogger.error("NODE0109 Rejecting publish attempt with malformed metadata for feed "
392 + PathUtil.cleanString(feedid) + USER + PathUtil.cleanString(user) + " ip "
393 + PathUtil.cleanString(ip)); //Fortify scan fixes - log forging
394 resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed metadata");
395 eelfLogger.info(EelfMsgs.EXIT);
399 mx.append(hn).append('\t').append(hv).append('\n');
403 if (!hasRequestIdHeader) {
404 mx.append("X-ONAP-RequestID\t").append(MDC.get("RequestId")).append('\n');
406 if (!hasInvocationIdHeader) {
407 mx.append("X-InvocationID\t").append(MDC.get("InvocationId")).append('\n');
409 mx.append("X-DMAAP-DR-RECEIVED\t").append(rcvd).append('\n');
410 String metadata = mx.toString();
411 long exlen = getExlen(req);
412 String message = writeInputStreamToFile(req, data);
413 if (message != null) {
414 StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
416 throw new IOException(message);
418 Path dpath = Paths.get(fbase);
419 for (Target t : targets) {
420 DestInfo di = t.getDestInfo();
422 //Handle this? : unknown destination
425 String dbase = PathUtil
426 .cleanString(di.getSpool() + "/" + pubid); //Fortify scan fixes-Path Manipulation
427 Files.createLink(Paths.get(dbase), dpath);
428 mw = new FileWriter(meta);
430 if (di.getSubId() == null) {
431 mw.write("X-DMAAP-DR-ROUTING\t" + t.getRouting() + "\n");
434 if (!meta.renameTo(new File(dbase + ".M"))) {
435 eelfLogger.error("Rename of file " + dbase + " failed.");
438 resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
440 resp.getOutputStream().close();
441 } catch (IOException ioe) {
442 StatusLog.logPubFail(pubid, feedid, logurl, req.getMethod(), ctype, exlen, data.length(), ip, user,
444 //Fortify scan fixes - log forging
445 eelfLogger.error("NODE0110 IO Exception while closing IO stream " + PathUtil.cleanString(feedid)
446 + USER + PathUtil.cleanString(user) + " ip " + PathUtil.cleanString(ip) + " " + ioe
451 StatusLog.logPub(pubid, feedid, logurl, req.getMethod(), ctype, data.length(), ip, user,
452 HttpServletResponse.SC_NO_CONTENT);
453 } catch (IOException ioe) {
454 eelfLogger.error("NODE0110 IO Exception receiving publish attempt for feed " + feedid + USER + user
455 + " ip " + ip + " " + ioe.toString(), ioe);
456 eelfLogger.info(EelfMsgs.EXIT);
462 } catch (Exception e) {
463 eelfLogger.error("NODE0532 Exception common: " + e);
467 Files.delete(data.toPath());
468 Files.delete(meta.toPath());
469 } catch (Exception e) {
470 eelfLogger.error("NODE0533 Exception common: " + e);
475 private String writeInputStreamToFile(HttpServletRequest req, File data) {
476 byte[] buf = new byte[1024 * 1024];
478 try (OutputStream dos = new FileOutputStream(data);
479 InputStream is = req.getInputStream()) {
480 while ((bytesRead = is.read(buf)) > 0) {
481 dos.write(buf, 0, bytesRead);
483 } catch (IOException ioe) {
484 eelfLogger.error("NODE0530 Exception common: " + ioe, ioe);
485 eelfLogger.info(EelfMsgs.EXIT);
486 return ioe.getMessage();
491 private long getExlen(HttpServletRequest req) {
494 exlen = Long.parseLong(req.getHeader("Content-Length"));
495 } catch (Exception e) {
496 eelfLogger.error("NODE0529 Exception common: " + e);
501 private void deleteFile(HttpServletRequest req, HttpServletResponse resp, String fileid, String pubid) {
502 final String FROM_DR_MESSAGE = ".M) from DR Node: ";
504 fileid = fileid.substring(8);
505 int index = fileid.indexOf('/');
506 if (index == -1 || index == fileid.length() - 1) {
507 eelfLogger.error("NODE0112 Rejecting bad URI for DELETE of " + req.getPathInfo() + FROM + req
509 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
510 "Invalid request URI. Expecting <subId>/<pubId>.");
511 eelfLogger.info(EelfMsgs.EXIT);
514 String subscriptionId = fileid.substring(0, index);
515 int subId = Integer.parseInt(subscriptionId);
516 pubid = fileid.substring(index + 1);
517 String errorMessage = "Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
518 + config.getMyName() + ".";
519 int subIdDir = subId - (subId % 100);
520 if (!isAuthorizedToDelete(resp, subscriptionId, errorMessage)) {
523 boolean result = delivery.markTaskSuccess(config.getSpoolBase() + "/s/" + subIdDir + "/" + subId, pubid);
525 eelfLogger.debug("NODE0115 Successfully deleted files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
526 + config.getMyName());
527 resp.setStatus(HttpServletResponse.SC_OK);
528 eelfLogger.info(EelfMsgs.EXIT);
530 eelfLogger.error("NODE0116 " + errorMessage);
531 resp.sendError(HttpServletResponse.SC_NOT_FOUND, "File not found on server.");
532 eelfLogger.info(EelfMsgs.EXIT);
534 } catch (IOException ioe) {
535 eelfLogger.error("NODE0117 Unable to delete files (" + pubid + ", " + pubid + FROM_DR_MESSAGE
536 + config.getMyName(), ioe);
537 eelfLogger.info(EelfMsgs.EXIT);
542 private String getFileId(HttpServletRequest req, HttpServletResponse resp) throws IOException {
544 eelfLogger.info(EelfMsgs.EXIT);
547 if (!req.isSecure()) {
549 "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req
551 resp.sendError(HttpServletResponse.SC_FORBIDDEN, "https required on publish requests");
552 eelfLogger.info(EelfMsgs.EXIT);
555 String fileid = req.getPathInfo();
556 if (fileid == null) {
557 eelfLogger.error("NODE0201 Rejecting bad URI for PUT or DELETE of " + req.getPathInfo() + FROM + req
559 resp.sendError(HttpServletResponse.SC_NOT_FOUND,
560 INVALID_REQUEST_URI);
561 eelfLogger.info(EelfMsgs.EXIT);
567 private boolean isAuthorizedToDelete(HttpServletResponse resp, String subscriptionId, String errorMessage)
570 boolean deletePermitted = config.isDeletePermitted(subscriptionId);
571 if (!deletePermitted) {
572 eelfLogger.error("NODE0113 " + errorMessage + " Error: Subscription "
573 + subscriptionId + " is not a privileged subscription");
574 resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
575 eelfLogger.info(EelfMsgs.EXIT);
578 } catch (NullPointerException npe) {
579 eelfLogger.error("NODE0114 " + errorMessage + " Error: Subscription " + subscriptionId
580 + " does not exist", npe);
581 resp.sendError(HttpServletResponse.SC_NOT_FOUND);
582 eelfLogger.info(EelfMsgs.EXIT);
588 private int getIdFromPath(HttpServletRequest req) {
589 String path = req.getPathInfo();
590 if (path == null || path.length() < 2) {
594 return Integer.parseInt(path.substring(1));
595 } catch (NumberFormatException e) {