X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-node%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fnode%2FNodeServer.java;h=1a29f682fe9661686dc03b14cee96af7df919653;hb=HEAD;hp=58fe72b4febbac2913a9fa9e1028bd418355a7dd;hpb=4c5b91b5ce0901bf3044709fb2a172c2ae7763fc;p=dmaap%2Fdatarouter.git diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java index 58fe72b4..1a29f682 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java @@ -22,9 +22,6 @@ package org.onap.dmaap.datarouter.node; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import java.util.EnumSet; -import javax.servlet.DispatcherType; -import javax.servlet.ServletException; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.HttpConfiguration; @@ -33,31 +30,31 @@ import org.eclipse.jetty.server.SecureRequestCustomizer; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; -import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.jetbrains.annotations.NotNull; +import org.onap.dmaap.datarouter.node.delivery.Delivery; public class NodeServer { - private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class); + private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class); private static Server server; private static Delivery delivery; - private NodeServer(){ - } + private NodeServer(){} - static Server getServerInstance() { + static Server getServerInstance(NodeConfigManager nodeConfigManager) { if (server == null) { - server = createNodeServer(NodeConfigManager.getInstance()); + server = createNodeServer(nodeConfigManager); } return server; } private static Server createNodeServer(NodeConfigManager nodeConfigManager) { + eelfLogger.info("NODE0005 Creating new NodeServer"); server = new Server(); delivery = new Delivery(nodeConfigManager); @@ -70,47 +67,44 @@ public class NodeServer { httpServerConnector.setPort(nodeConfigManager.getHttpPort()); httpServerConnector.setIdleTimeout(2000); - SslContextFactory sslContextFactory = getSslContextFactory(nodeConfigManager); - - HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); - httpsConfiguration.setRequestHeaderSize(8192); - - SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer(); - secureRequestCustomizer.setStsMaxAge(2000); - secureRequestCustomizer.setStsIncludeSubDomains(true); - httpsConfiguration.addCustomizer(secureRequestCustomizer); - - // HTTPS connector - try (ServerConnector httpsServerConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpsConfiguration))) { - - httpsServerConnector.setPort(nodeConfigManager.getHttpsPort()); - httpsServerConnector.setIdleTimeout(3600000); - httpsServerConnector.setAcceptQueueSize(2); - - //Context Handler - ServletContextHandler servletContextHandler = new ServletContextHandler(0); - servletContextHandler.setContextPath("/"); - servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery)), "/*"); - - //CADI Filter activation check - if (nodeConfigManager.getCadiEnabled()) { - try { - servletContextHandler.addFilter(new FilterHolder(new DRNodeCadiFilter(true, - nodeConfigManager.getNodeAafPropsUtils().getPropAccess())), "/*", - EnumSet.of(DispatcherType.REQUEST)); - } catch (ServletException e) { - eelfLogger.error("Failed to add CADI Filter: " + e.getMessage(), e); - } - } - server.setHandler(servletContextHandler); - server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); + //Context Handler + ServletContextHandler servletContextHandler = new ServletContextHandler(0); + servletContextHandler.setContextPath("/"); + servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*"); + + if (nodeConfigManager.isTlsEnabled()) { + initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector); + } else { + eelfLogger.info("NODE0005 Adding HTTP Connector"); + server.setConnectors(new Connector[]{httpServerConnector}); } + server.setHandler(servletContextHandler); } return server; } + private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration, + ServerConnector httpServerConnector) { + HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); + httpsConfiguration.setRequestHeaderSize(8192); + + SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer(); + secureRequestCustomizer.setStsMaxAge(2000); + secureRequestCustomizer.setStsIncludeSubDomains(true); + httpsConfiguration.addCustomizer(secureRequestCustomizer); + + // HTTPS connector + try (ServerConnector httpsServerConnector = new ServerConnector(server, + new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(httpsConfiguration))) { + httpsServerConnector.setPort(nodeConfigManager.getHttpsPort()); + httpsServerConnector.setIdleTimeout(3600000); + httpsServerConnector.setAcceptQueueSize(2); + eelfLogger.info("NODE0005 TLS Enabled: Adding HTTP/S Connectors"); + server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); + } + } + /** * Reset the retry timer for a subscription. */ @@ -120,12 +114,16 @@ public class NodeServer { @NotNull - private static SslContextFactory getSslContextFactory(NodeConfigManager nodeConfigManager) { - SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType()); - sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile()); - sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass()); - sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass()); + private static SslContextFactory.Server getSslContextFactory() { + SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); + sslContextFactory.setKeyStoreType(NodeConfigManager.getNodeTlsManager().getKeyStoreType()); + sslContextFactory.setKeyStorePath(NodeConfigManager.getNodeTlsManager().getKeyStorefile()); + sslContextFactory.setKeyStorePassword(NodeConfigManager.getNodeTlsManager().getKeyStorePassword()); + sslContextFactory.setKeyManagerPassword(NodeConfigManager.getNodeTlsManager().getKeyManagerPassword()); + +// sslContextFactory.setTrustStoreType(NodeConfigManager.getNodeTlsManager().getTrustStoreType()); +// sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty()); +// sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty()); sslContextFactory.setExcludeCipherSuites( "SSL_RSA_WITH_DES_CBC_SHA", @@ -136,8 +134,8 @@ public class NodeServer { "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" ); - sslContextFactory.addExcludeProtocols("SSLv3"); + sslContextFactory.setIncludeProtocols(NodeConfigManager.getNodeTlsManager().getEnabledProtocols()); eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols())); eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols())); eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));