2 * ============LICENSE_START=======================================================
3 * ONAP : CCSDK.apps.sdnr.wt.apigateway
4 * ================================================================================
5 * Copyright (C) 2019 highstreet technologies GmbH Intellectual Property.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.ccsdk.features.sdnr.wt.apigateway;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.io.OutputStream;
26 import java.net.HttpURLConnection;
28 import java.net.URLConnection;
29 import java.nio.charset.StandardCharsets;
30 import java.security.KeyManagementException;
31 import java.security.NoSuchAlgorithmException;
32 import java.util.Enumeration;
33 import java.util.List;
36 import javax.net.ssl.HostnameVerifier;
37 import javax.net.ssl.HttpsURLConnection;
38 import javax.net.ssl.SSLContext;
39 import javax.net.ssl.TrustManager;
40 import javax.servlet.ServletException;
41 import javax.servlet.http.HttpServlet;
42 import javax.servlet.http.HttpServletRequest;
43 import javax.servlet.http.HttpServletResponse;
45 import org.slf4j.Logger;
46 import org.slf4j.LoggerFactory;
48 public abstract class BaseServlet extends HttpServlet {
53 private static final long serialVersionUID = 7403047480257892794L;
54 private static Logger LOG = LoggerFactory.getLogger(BaseServlet.class);
55 private static SSLContext sc;
56 private static TrustManager[] trustCerts = null;
57 private static final int BUFSIZE = 2048;
59 protected abstract String getOfflineResponse();
61 protected abstract boolean isOff();
63 protected abstract boolean doTrustAll();
65 protected abstract void trustAll(boolean trust);
67 protected abstract String getRemoteUrl(String uri);
71 * @throws NoSuchAlgorithmException
72 * @throws KeyManagementException
74 private static void setupSslTrustAll(boolean trustall) throws NoSuchAlgorithmException, KeyManagementException {
76 sc = SSLContext.getInstance("TLSv1.2");
78 if (trustCerts == null) {
79 trustCerts = new TrustManager[] {new javax.net.ssl.X509TrustManager() {
81 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
82 return new java.security.cert.X509Certificate[] {};
86 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
87 // do not check anything when trust all
91 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
92 // do not check anything when trust all
97 if (trustCerts != null) {
101 // Init the SSLContext with a TrustManager[] and SecureRandom()
102 sc.init(null, trustCerts, new java.security.SecureRandom());
105 public BaseServlet() {
107 MyProperties.Instantiate();
108 } catch (Exception e) {
109 LOG.error(e.getMessage());
111 this.trysslSetup(true);
114 private void trysslSetup() {
115 this.trysslSetup(false);
119 * init or deinit ssl insecure mode regarding to property
121 * @param force init independent from property
123 private void trysslSetup(boolean force) {
124 // if trustall config has changed
125 boolean trustAll = MyProperties.getInstance().trustInsecure();
126 if (force || this.doTrustAll() != trustAll) {
127 this.trustAll(trustAll);
128 // resetup ssl config
130 setupSslTrustAll(trustAll);
131 } catch (Exception e) {
132 LOG.error("problem setting up SSL: {}", e.getMessage());
137 protected void sendOffResponse(HttpServletResponse response) {
138 response.setStatus(200);// HTML/OK
139 response.setHeader("Content-Type", "text/html; charset=utf-8");
141 response.getOutputStream().write(this.getOfflineResponse().getBytes(StandardCharsets.UTF_8));
142 } catch (IOException e) {
143 LOG.debug("problem writing offline response");
149 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
151 this.sendOffResponse(resp);
154 HttpURLConnection http = null;
156 http = (HttpURLConnection) this.getConnection(req, "GET");
157 } catch (IOException e) {
158 LOG.warn(e.getMessage());
162 this.handleRequest(http, req, resp, "GET");
163 } catch (IOException e) {
164 LOG.warn(e.getMessage());
168 this.set404Response(resp);
174 protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
176 this.sendOffResponse(resp);
179 HttpURLConnection http = null;
181 http = (HttpURLConnection) this.getConnection(req, "PUT");
182 } catch (IOException e) {
183 LOG.warn(e.getMessage());
187 this.handleRequest(http, req, resp, "PUT");
188 } catch (IOException e) {
189 LOG.warn(e.getMessage());
193 this.set404Response(resp);
199 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
201 this.sendOffResponse(resp);
204 HttpURLConnection http = null;
206 http = (HttpURLConnection) this.getConnection(req, "POST");
207 } catch (IOException e) {
208 LOG.warn(e.getMessage());
212 this.handleRequest(http, req, resp, "POST");
213 } catch (IOException e) {
214 LOG.warn(e.getMessage());
218 this.set404Response(resp);
224 protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
226 this.sendOffResponse(resp);
229 HttpURLConnection http = null;
231 http = (HttpURLConnection) this.getConnection(req, "DELETE");
232 } catch (IOException e) {
233 LOG.warn(e.getMessage());
237 this.handleRequest(http, req, resp, "DELETE");
238 } catch (IOException e) {
239 LOG.warn(e.getMessage());
243 this.set404Response(resp);
248 private void set404Response(HttpServletResponse resp) {
252 private URLConnection getConnection(HttpServletRequest req, final String method) throws IOException {
254 LOG.debug("{} Request to {}", method, req.getRequestURL());
255 String surl = this.getRemoteUrl(req.getRequestURI());
256 if ("GET".equals(method)) {
257 Enumeration<?> params = req.getParameterNames();
258 if (params != null) {
260 if (params.hasMoreElements()) {
261 param = (String) params.nextElement();
262 surl += "?" + param + "=" + req.getParameter(param);
264 while (params.hasMoreElements()) {
265 param = (String) params.nextElement();
266 surl += "&" + param + "=" + req.getParameter(param);
270 LOG.debug("RemoteURL: {}", surl);
274 URL url = new URL(surl);
275 URLConnection http = url.openConnection();
276 ((HttpURLConnection) http).setRequestMethod(method);
277 if (url.toString().startsWith("https")) {
278 ((HttpsURLConnection) http).setSSLSocketFactory(sc.getSocketFactory());
279 if (this.doTrustAll()) {
280 HostnameVerifier allHostsValid = (hostname, session) -> true;
281 ((HttpsURLConnection) http).setHostnameVerifier(allHostsValid);
284 http.setDoOutput(true);
285 // copy request headers
287 Enumeration<?> headers = req.getHeaderNames();
288 while (headers.hasMoreElements()) {
289 String h = (String) headers.nextElement();
290 String v = req.getHeader(h);
291 if (h != null && h.equals("Host")) {
292 v = url.getAuthority();
294 s += String.format("%s:%s;", h, v);
295 http.setRequestProperty(h, v);
297 LOG.debug("Request Headers: {}", s);
301 private void handleRequest(HttpURLConnection http, HttpServletRequest req, HttpServletResponse resp, String method)
303 byte[] buffer = new byte[BUFSIZE];
304 int len = 0, lensum = 0;
306 // Send the message to destination
307 OutputStream output = null;
308 if (!method.equals("GET")) {
310 output = http.getOutputStream();
311 } catch (Exception e) {
312 LOG.debug("problem reading output stream: {}", e.getMessage());
315 if (output != null) {
317 len = req.getInputStream().read(buffer, 0, BUFSIZE);
322 output.write(buffer, 0, len);
325 LOG.debug("written {} data out", lensum);
326 int responseCode = http.getResponseCode();
328 InputStream response;
329 if (responseCode >= 200 && responseCode < 300) {
330 response = http.getInputStream();
332 response = http.getErrorStream();
333 if (response == null) {
334 http.getInputStream();
338 LOG.debug("ResponseCode: {}", responseCode);
339 resp.setStatus(responseCode);
340 Map<String, List<String>> set = http.getHeaderFields();
343 for (Map.Entry<String, List<String>> entry : set.entrySet()) {
344 if (entry.getKey() == null) {
347 for (String v : entry.getValue()) {
348 resp.setHeader(entry.getKey(), v);
349 s += String.format("%s:%s;", entry.getKey(), v);
351 if (MyProperties.getInstance().corsEnabled()) {
352 resp.setHeader("Access-Control-Allow-Origin", "*");
353 // resp.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
354 resp.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
359 LOG.debug("Received Headers: {}", s);
361 if (response != null) {
363 len = response.read(buffer, 0, BUFSIZE);
368 resp.getOutputStream().write(buffer, 0, len);
371 LOG.debug("response is null");
373 LOG.debug("Received {} bytes", lensum);
Code Review / ccsdk / features.git / blob