* ============LICENSE_START=======================================================
* org.onap.dmaap
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017 AT&T Intellectual Property.
+ *
+ * Modifications Copyright (C) 2019 IBM.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package org.onap.dmaap.dbcapi.server;
-import java.util.Properties;
-
-import javax.net.ssl.SSLContext;
-
-import org.apache.log4j.Logger;
-import org.eclipse.jetty.security.SecurityHandler;
-import org.eclipse.jetty.server.Connector;
-import org.eclipse.jetty.server.HttpConfiguration;
-import org.eclipse.jetty.server.HttpConnectionFactory;
-import org.eclipse.jetty.server.SecureRequestCustomizer;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.server.*;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-
-
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
-import org.onap.dmaap.dbcapi.database.LoadSchema;
import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+
+import java.util.Properties;
/**
* A Jetty server which supports:
* - http and https (simultaneously for dev env)
boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
serverLogger.info( "port params: http=" + httpPort + " https=" + sslPort );
serverLogger.info( "allowHttp=" + allowHttp );
- String keystore=null;
- String keystorePwd = null;
- String keyPwd = null;
-
- // HTTP Server
+ // HTTP Server
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(sslPort);
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
- keystore = params.getProperty("KeyStoreFile", "etc/keystore");
- logger.info("https Server using keystore at " + keystore);
- keystorePwd = params.getProperty("KeyStorePassword", "changeit");
- keyPwd = params.getProperty("KeyPassword", "changeit");
-
-
- sslContextFactory.setKeyStorePath(keystore);
- sslContextFactory.setKeyStorePassword(keystorePwd);
- sslContextFactory.setKeyManagerPassword(keyPwd);
+ setUpKeystore(params, sslContextFactory);
+ setUpTrustStore(params, sslContextFactory);
if (sslPort != 0) {
try(ServerConnector sslConnector = new ServerConnector(server,
}
}
}
-
+
// Set context for servlet. This is shared for http and https
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
}
} catch ( Exception e ) {
errorLogger.error( "Exception " + e );
- errorLogger.error( "possibly unable to use keystore " + keystore + " with passwords " + keystorePwd + " and " + keyPwd );
- //System.exit(1);
} finally {
server.destroy();
}
}
+
+ private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
+ String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+ logger.info("https Server using keystore at " + keystore);
+ sslContextFactory.setKeyStorePath(keystore);
+ sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
+ sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+ }
+
+ private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
+ String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+ logger.info("https Server using truststore at " + truststore);
+ sslContextFactory.setTrustStorePath(truststore);
+ sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
+ sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
+ }
}