import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
-import java.util.EnumSet;
-import javax.servlet.DispatcherType;
-import javax.servlet.ServletException;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
-import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jetbrains.annotations.NotNull;
+import org.onap.dmaap.datarouter.node.delivery.Delivery;
public class NodeServer {
- private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
+ private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
private static Server server;
private static Delivery delivery;
- private NodeServer(){
- }
+ private NodeServer(){}
- static Server getServerInstance() {
+ static Server getServerInstance(NodeConfigManager nodeConfigManager) {
if (server == null) {
- server = createNodeServer(NodeConfigManager.getInstance());
+ server = createNodeServer(nodeConfigManager);
}
return server;
}
private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
+ eelfLogger.info("NODE0005 Creating new NodeServer");
server = new Server();
delivery = new Delivery(nodeConfigManager);
httpServerConnector.setPort(nodeConfigManager.getHttpPort());
httpServerConnector.setIdleTimeout(2000);
- SslContextFactory sslContextFactory = getSslContextFactory(nodeConfigManager);
-
- HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
- httpsConfiguration.setRequestHeaderSize(8192);
-
- SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
- secureRequestCustomizer.setStsMaxAge(2000);
- secureRequestCustomizer.setStsIncludeSubDomains(true);
- httpsConfiguration.addCustomizer(secureRequestCustomizer);
-
- // HTTPS connector
- try (ServerConnector httpsServerConnector = new ServerConnector(server,
- new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
- new HttpConnectionFactory(httpsConfiguration))) {
-
- httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
- httpsServerConnector.setIdleTimeout(3600000);
- httpsServerConnector.setAcceptQueueSize(2);
-
- //Context Handler
- ServletContextHandler servletContextHandler = new ServletContextHandler(0);
- servletContextHandler.setContextPath("/");
- servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery)), "/*");
-
- //CADI Filter activation check
- if (nodeConfigManager.getCadiEnabled()) {
- try {
- servletContextHandler.addFilter(new FilterHolder(new DRNodeCadiFilter(true,
- nodeConfigManager.getNodeAafPropsUtils().getPropAccess())), "/*",
- EnumSet.of(DispatcherType.REQUEST));
- } catch (ServletException e) {
- eelfLogger.error("Failed to add CADI Filter: " + e.getMessage(), e);
- }
- }
- server.setHandler(servletContextHandler);
- server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
+ //Context Handler
+ ServletContextHandler servletContextHandler = new ServletContextHandler(0);
+ servletContextHandler.setContextPath("/");
+ servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*");
+
+ if (nodeConfigManager.isTlsEnabled()) {
+ initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector);
+ } else {
+ eelfLogger.info("NODE0005 Adding HTTP Connector");
+ server.setConnectors(new Connector[]{httpServerConnector});
}
+ server.setHandler(servletContextHandler);
}
return server;
}
+ private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration,
+ ServerConnector httpServerConnector) {
+ HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
+ httpsConfiguration.setRequestHeaderSize(8192);
+
+ SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
+ secureRequestCustomizer.setStsMaxAge(2000);
+ secureRequestCustomizer.setStsIncludeSubDomains(true);
+ httpsConfiguration.addCustomizer(secureRequestCustomizer);
+
+ // HTTPS connector
+ try (ServerConnector httpsServerConnector = new ServerConnector(server,
+ new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()),
+ new HttpConnectionFactory(httpsConfiguration))) {
+ httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
+ httpsServerConnector.setIdleTimeout(3600000);
+ httpsServerConnector.setAcceptQueueSize(2);
+ eelfLogger.info("NODE0005 TLS Enabled: Adding HTTP/S Connectors");
+ server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
+ }
+ }
+
/**
* Reset the retry timer for a subscription.
*/
@NotNull
- private static SslContextFactory getSslContextFactory(NodeConfigManager nodeConfigManager) {
- SslContextFactory sslContextFactory = new SslContextFactory.Server();
- sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType());
- sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile());
- sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass());
- sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass());
+ private static SslContextFactory.Server getSslContextFactory() {
+ SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+ sslContextFactory.setKeyStoreType(NodeConfigManager.getNodeTlsManager().getKeyStoreType());
+ sslContextFactory.setKeyStorePath(NodeConfigManager.getNodeTlsManager().getKeyStorefile());
+ sslContextFactory.setKeyStorePassword(NodeConfigManager.getNodeTlsManager().getKeyStorePassword());
+ sslContextFactory.setKeyManagerPassword(NodeConfigManager.getNodeTlsManager().getKeyManagerPassword());
+
+// sslContextFactory.setTrustStoreType(NodeConfigManager.getNodeTlsManager().getTrustStoreType());
+// sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty());
+// sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty());
sslContextFactory.setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
);
-
sslContextFactory.addExcludeProtocols("SSLv3");
+ sslContextFactory.setIncludeProtocols(NodeConfigManager.getNodeTlsManager().getEnabledProtocols());
eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));