package org.onap.dmaap.dbcapi.server;
import com.google.common.collect.Sets;
+import java.util.Properties;
import javax.servlet.DispatcherType;
-import org.eclipse.jetty.server.*;
+import org.eclipse.jetty.http.HttpVersion;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
-
-import java.util.Properties;
+import org.onap.dmaap.dbcapi.util.DmaapConfig;
/**
* A Jetty server which supports:
*/
public class JettyServer extends BaseLoggingClass {
- private Server server;
+ private static final CertificateManager certificateManager =
+ new CertficateManagerFactory(DmaapConfig.getConfig()).initCertificateManager();
+ private final Server server;
public Server getServer() {
return server;
}
- public JettyServer(Properties params) throws Exception {
+ public static CertificateManager getCertificateManager() {
+ return certificateManager;
+ }
+
+ public JettyServer(Properties params) {
server = new Server();
- int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80"));
- int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443"));
- boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
+ int httpPort = Integer.parseInt(params.getProperty("IntHttpPort", "80"));
+ int sslPort = Integer.parseInt(params.getProperty("IntHttpsPort", "443"));
+ boolean allowHttp = Boolean.parseBoolean(params.getProperty("HttpAllowed", "false"));
serverLogger.info("port params: http=" + httpPort + " https=" + sslPort);
serverLogger.info("allowHttp=" + allowHttp);
// HTTP Server
- HttpConfiguration http_config = new HttpConfiguration();
- http_config.setSecureScheme("https");
- http_config.setSecurePort(sslPort);
- http_config.setOutputBufferSize(32768);
+ HttpConfiguration httpConfig = new HttpConfiguration();
+ httpConfig.setSecureScheme("https");
+ httpConfig.setSecurePort(sslPort);
+ httpConfig.setOutputBufferSize(32768);
- try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config))) {
+ try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(httpConfig))) {
httpConnector.setPort(httpPort);
httpConnector.setIdleTimeout(30000);
// HTTPS Server
-
- HttpConfiguration https_config = new HttpConfiguration(http_config);
- https_config.addCustomizer(new SecureRequestCustomizer());
- SslContextFactory sslContextFactory = new SslContextFactory();
+ HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
+ httpsConfig.addCustomizer(new SecureRequestCustomizer());
+ SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setWantClientAuth(true);
- setUpKeystore(params, sslContextFactory);
- setUpTrustStore(params, sslContextFactory);
-
- if (sslPort != 0) {
- try (ServerConnector sslConnector = new ServerConnector(server,
- new SslConnectionFactory(sslContextFactory, "http/1.1"),
- new HttpConnectionFactory(https_config))) {
- sslConnector.setPort(sslPort);
- if (allowHttp) {
- logger.info("Starting httpConnector on port " + httpPort);
- logger.info("Starting sslConnector on port " + sslPort + " for https");
- server.setConnectors(new Connector[]{httpConnector, sslConnector});
- } else {
- logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
- logger.info("Starting sslConnector on port " + sslPort + " for https");
- server.setConnectors(new Connector[]{sslConnector});
- }
- }
+ if ( ! certificateManager.isReady()) {
+ serverLogger.error("CertificateManager is not ready. NOT starting https!");
+ } else {
+ setUpKeystore(sslContextFactory);
+ setUpTrustStore(sslContextFactory);
+
+
+ if (sslPort != 0) {
+ try (ServerConnector sslConnector = new ServerConnector(server,
+ new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
+ new HttpConnectionFactory(httpsConfig))) {
+ sslConnector.setPort(sslPort);
+ server.addConnector(sslConnector);
+ serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
+ }
+ } else {
+ serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
+ }
+ }
+ if (allowHttp) {
+ serverLogger.info("Starting httpConnector on port " + httpPort);
+ server.addConnector(httpConnector);
} else {
- serverLogger.info("NOT starting sslConnector on port " + sslPort + " for https");
- if (allowHttp) {
- serverLogger.info("Starting httpConnector on port " + httpPort);
- server.setConnectors(new Connector[]{httpConnector});
- }
+ serverLogger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
}
}
try {
serverLogger.info("Starting jetty server");
- String unit_test = params.getProperty("UnitTest", "No");
- serverLogger.info("UnitTest=" + unit_test);
- if (unit_test.equals("No")) {
+ String unitTest = params.getProperty("UnitTest", "No");
+ serverLogger.info("UnitTest=" + unitTest);
+ if (unitTest.equals("No")) {
server.start();
server.dumpStdErr();
server.join();
Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
}
- private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
- String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+ private void setUpKeystore(SslContextFactory sslContextFactory) {
+ String keystore = JettyServer.certificateManager.getKeyStoreFile();
logger.info("https Server using keystore at " + keystore);
sslContextFactory.setKeyStorePath(keystore);
- sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
- sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+ sslContextFactory.setKeyStoreType(JettyServer.certificateManager.getKeyStoreType());
+ sslContextFactory.setKeyStorePassword(JettyServer.certificateManager.getKeyStorePassword());
+ sslContextFactory.setKeyManagerPassword(JettyServer.certificateManager.getKeyStorePassword());
}
- private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
- String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+ private void setUpTrustStore(SslContextFactory sslContextFactory) {
+ String truststore = JettyServer.certificateManager.getTrustStoreFile();
logger.info("https Server using truststore at " + truststore);
sslContextFactory.setTrustStorePath(truststore);
- sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
- sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
+ sslContextFactory.setTrustStoreType(JettyServer.certificateManager.getTrustStoreType());
+ sslContextFactory.setTrustStorePassword(JettyServer.certificateManager.getTrustStorePassword());
}
}