X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fprovisioning%2FMain.java;h=3269c8436470bac65529c18983770f089e6f3a8c;hb=1ccd9c36ba12849148f9eb73e8ff2ffe4ade5870;hp=3e3f45fe14c00c4f891b09634aaa69684124d155;hpb=49fbf9a09d244bbdc19783d9ff10cd03cd89640a;p=dmaap%2Fdatarouter.git diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java index 3e3f45fe..3269c843 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/Main.java @@ -24,10 +24,17 @@ package org.onap.dmaap.datarouter.provisioning; -import java.security.*; -import java.util.*; - -import org.apache.log4j.Logger; +import static java.lang.System.exit; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import java.io.File; +import java.io.IOException; +import java.security.Security; +import java.util.EnumSet; +import java.util.Properties; +import java.util.Timer; +import javax.servlet.DispatcherType; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; @@ -36,33 +43,33 @@ import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.NCSARequestLog; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.server.handler.ContextHandlerCollection; import org.eclipse.jetty.server.handler.DefaultHandler; import org.eclipse.jetty.server.handler.HandlerCollection; import org.eclipse.jetty.server.handler.RequestLogHandler; -import org.eclipse.jetty.server.SslConnectionFactory; -import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.QueuedThreadPool; +import org.onap.dmaap.datarouter.provisioning.utils.AafPropsUtils; import org.onap.dmaap.datarouter.provisioning.utils.DB; +import org.onap.dmaap.datarouter.provisioning.utils.DRProvCadiFilter; import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; import org.onap.dmaap.datarouter.provisioning.utils.PurgeLogDirTask; import org.onap.dmaap.datarouter.provisioning.utils.ThrottleFilter; -import javax.servlet.DispatcherType; - /** *

- * A main class which may be used to start the provisioning server with an "embedded" Jetty server. - * Configuration is done via the properties file provserver.properties, which should be in the CLASSPATH. - * The provisioning server may also be packaged with a web.xml and started as a traditional webapp. + * A main class which may be used to start the provisioning server with an "embedded" Jetty server. Configuration is + * done via the properties file provserver.properties, which should be in the CLASSPATH. The provisioning server + * may also be packaged with a web.xml and started as a traditional webapp. *

*

- * Most of the work of the provisioning server is carried out within the eight servlets (configured below) - * that are used to handle each of the eight types of requests the server may receive. - * In addition, there are background threads started to perform other tasks: + * Most of the work of the provisioning server is carried out within the eight servlets (configured below) that are used + * to handle each of the eight types of requests the server may receive. In addition, there are background threads + * started to perform other tasks: *

* *

- * The provisioning server is stopped by issuing a GET to the URL http://127.0.0.1/internal/halt - * using curl or some other such tool. + * The provisioning server is stopped by issuing a GET to the URL http://127.0.0.1/internal/halt using curl or + * some other such tool. *

* * @author Robert Eby * @version $Id: Main.java,v 1.12 2014/03/12 19:45:41 eby Exp $ */ public class Main { - /** - * The truststore to use if none is specified - */ - public static final String DEFAULT_TRUSTSTORE = "/opt/java/jdk/jdk180/jre/lib/security/cacerts"; - public static final String KEYSTORE_TYPE_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.type"; - public static final String KEYSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.path"; - public static final String KEYSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.keystore.password"; - public static final String TRUSTSTORE_PATH_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.path"; - public static final String TRUSTSTORE_PASSWORD_PROPERTY = "org.onap.dmaap.datarouter.provserver.truststore.password"; + + public static final EELFLogger intlogger = EELFManager.getInstance() + .getLogger("org.onap.dmaap.datarouter.provisioning.internal"); /** - * The one and only {@link Server} instance in this JVM + * The one and only {@link Server} instance in this JVM. */ private static Server server; + static AafPropsUtils aafPropsUtils; /** * Starts the Data Router Provisioning server. @@ -106,28 +108,20 @@ public class Main { */ public static void main(String[] args) throws Exception { Security.setProperty("networkaddress.cache.ttl", "4"); - Logger logger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal"); - // Check DB is accessible and contains the expected tables - if (!checkDatabase(logger)) - System.exit(1); - - logger.info("PROV0000 **** AT&T Data Router Provisioning Server starting...."); + if (!checkDatabase()) { + intlogger.error("Data Router Provisioning database init failure. Exiting."); + exit(1); + } - // Get properties - Properties p = (new DB()).getProperties(); - int httpPort = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080")); - int httpsPort = Integer.parseInt(p.getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443")); + intlogger.info("PROV0000 **** Data Router Provisioning Server starting...."); - // HTTP configuration - HttpConfiguration httpConfiguration = new HttpConfiguration(); - httpConfiguration.setSecureScheme("https"); - httpConfiguration.setSecurePort(httpsPort); - httpConfiguration.setOutputBufferSize(32768); - httpConfiguration.setRequestHeaderSize(2048); - httpConfiguration.setIdleTimeout(300000); - httpConfiguration.setSendServerVersion(true); - httpConfiguration.setSendDateHeader(false); + Security.setProperty("networkaddress.cache.ttl", "4"); + Properties provProperties = (new DB()).getProperties(); + int httpPort = Integer.parseInt(provProperties + .getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080")); + final int httpsPort = Integer.parseInt(provProperties + .getProperty("org.onap.dmaap.datarouter.provserver.https.port", "8443")); // Server's thread pool QueuedThreadPool queuedThreadPool = new QueuedThreadPool(); @@ -137,88 +131,147 @@ public class Main { // The server itself server = new Server(queuedThreadPool); + server.setStopAtShutdown(true); + server.setStopTimeout(5000); + server.setDumpAfterStart(false); + server.setDumpBeforeStop(false); + + // Request log configuration + NCSARequestLog ncsaRequestLog = new NCSARequestLog(); + ncsaRequestLog.setFilename(provProperties + .getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir") + + "/request.log.yyyy_mm_dd"); + ncsaRequestLog.setFilenameDateFormat("yyyyMMdd"); + ncsaRequestLog.setRetainDays(90); + ncsaRequestLog.setAppend(true); + ncsaRequestLog.setExtended(false); + ncsaRequestLog.setLogCookies(false); + ncsaRequestLog.setLogTimeZone("GMT"); + + RequestLogHandler requestLogHandler = new RequestLogHandler(); + requestLogHandler.setRequestLog(ncsaRequestLog); + server.setRequestLog(ncsaRequestLog); + + // HTTP configuration + HttpConfiguration httpConfiguration = new HttpConfiguration(); + httpConfiguration.setSecureScheme("https"); + httpConfiguration.setSecurePort(httpsPort); + httpConfiguration.setOutputBufferSize(32768); + httpConfiguration.setRequestHeaderSize(8192); + httpConfiguration.setResponseHeaderSize(8192); + httpConfiguration.setSendServerVersion(true); + httpConfiguration.setSendDateHeader(false); - // HTTP connector - ServerConnector httpServerConnector = new ServerConnector(server, new HttpConnectionFactory(httpConfiguration)); - httpServerConnector.setPort(httpPort); - httpServerConnector.setAcceptQueueSize(2); - - // HTTPS configuration - HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); - httpsConfiguration.setRequestHeaderSize(8192); - - // HTTPS connector - SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); - sslContextFactory.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); - sslContextFactory.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); - // SSL stuff - /* Skip SSLv3 Fixes */ - sslContextFactory.addExcludeProtocols("SSLv3"); - logger.info("Excluded protocols prov-" + sslContextFactory.getExcludeProtocols()); - /* End of SSLv3 Fixes */ - - ServerConnector httpsServerConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpsConfiguration)); - httpsServerConnector.setPort(httpsPort); - httpsServerConnector.setIdleTimeout(30000); - httpsServerConnector.setAcceptQueueSize(2); - - sslContextFactory.setKeyStoreType(p.getProperty(KEYSTORE_TYPE_PROPERTY, "jks")); - sslContextFactory.setKeyStorePath(p.getProperty(KEYSTORE_PATH_PROPERTY)); - sslContextFactory.setKeyStorePassword(p.getProperty(KEYSTORE_PASSWORD_PROPERTY)); - sslContextFactory.setKeyManagerPassword(p.getProperty("org.onap.dmaap.datarouter.provserver.keymanager.password")); - - String ts = p.getProperty(TRUSTSTORE_PATH_PROPERTY); - if (ts != null && ts.length() > 0) { - System.out.println("@@ TS -> " + ts); - sslContextFactory.setTrustStorePath(ts); - sslContextFactory.setTrustStorePassword(p.getProperty(TRUSTSTORE_PASSWORD_PROPERTY)); - } else { - sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE); - sslContextFactory.setTrustStorePassword("changeit"); + try { + AafPropsUtils.init(new File(provProperties.getProperty( + "org.onap.dmaap.datarouter.provserver.aafprops.path", + "/opt/app/osaaf/local/org.onap.dmaap-dr.props"))); + } catch (IOException e) { + intlogger.error("NODE0314 Failed to load AAF props. Exiting", e); + exit(1); } - sslContextFactory.setTrustStorePath("/opt/app/datartr/self_signed/cacerts.jks"); - sslContextFactory.setTrustStorePassword("changeit"); - sslContextFactory.setWantClientAuth(true); - - // Servlet and Filter configuration - ServletContextHandler ctxt = new ServletContextHandler(0); - ctxt.setContextPath("/"); - ctxt.addServlet(new ServletHolder(new FeedServlet()), "/feed/*"); - ctxt.addServlet(new ServletHolder(new FeedLogServlet()), "/feedlog/*"); - ctxt.addServlet(new ServletHolder(new PublishServlet()), "/publish/*"); - ctxt.addServlet(new ServletHolder(new SubscribeServlet()), "/subscribe/*"); - ctxt.addServlet(new ServletHolder(new StatisticsServlet()), "/statistics/*"); - ctxt.addServlet(new ServletHolder(new SubLogServlet()), "/sublog/*"); - ctxt.addServlet(new ServletHolder(new GroupServlet()), "/group/*"); //Provision groups - Rally US708115 -1610 - ctxt.addServlet(new ServletHolder(new SubscriptionServlet()), "/subs/*"); - ctxt.addServlet(new ServletHolder(new InternalServlet()), "/internal/*"); - ctxt.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*"); - ctxt.addServlet(new ServletHolder(new DRFeedsServlet()), "/"); - ctxt.addFilter(new FilterHolder(new ThrottleFilter()), "/publish/*", EnumSet.of(DispatcherType.REQUEST)); - - ContextHandlerCollection contexts = new ContextHandlerCollection(); - contexts.addHandler(ctxt); + aafPropsUtils = AafPropsUtils.getInstance(); + + //HTTP Connector + HandlerCollection handlerCollection; + try (ServerConnector httpServerConnector = + new ServerConnector(server, new HttpConnectionFactory(httpConfiguration))) { + httpServerConnector.setPort(httpPort); + httpServerConnector.setAcceptQueueSize(2); + httpServerConnector.setIdleTimeout(300000); + + // SSL Context + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStoreType(AafPropsUtils.KEYSTORE_TYPE_PROPERTY); + sslContextFactory.setKeyStorePath(aafPropsUtils.getKeystorePathProperty()); + sslContextFactory.setKeyStorePassword(aafPropsUtils.getKeystorePassProperty()); + sslContextFactory.setKeyManagerPassword(aafPropsUtils.getKeystorePassProperty()); + + String truststorePathProperty = aafPropsUtils.getTruststorePathProperty(); + if (truststorePathProperty != null && truststorePathProperty.length() > 0) { + intlogger.info("@@ TS -> " + truststorePathProperty); + sslContextFactory.setTrustStoreType(AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY); + sslContextFactory.setTrustStorePath(truststorePathProperty); + sslContextFactory.setTrustStorePassword(aafPropsUtils.getTruststorePassProperty()); + } else { + sslContextFactory.setTrustStorePath(AafPropsUtils.DEFAULT_TRUSTSTORE); + sslContextFactory.setTrustStorePassword("changeit"); + } - // Request log configuration - NCSARequestLog nrl = new NCSARequestLog(); - nrl.setFilename(p.getProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir") + "/request.log.yyyy_mm_dd"); - nrl.setFilenameDateFormat("yyyyMMdd"); - nrl.setRetainDays(90); - nrl.setAppend(true); - nrl.setExtended(false); - nrl.setLogCookies(false); - nrl.setLogTimeZone("GMT"); - - RequestLogHandler reqlog = new RequestLogHandler(); - reqlog.setRequestLog(nrl); - - // Server's Handler collection - HandlerCollection hc = new HandlerCollection(); - hc.setHandlers(new Handler[]{contexts, new DefaultHandler()}); - hc.addHandler(reqlog); + sslContextFactory.setWantClientAuth(true); + sslContextFactory.setExcludeCipherSuites( + "SSL_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" + ); + sslContextFactory.addExcludeProtocols("SSLv3"); + sslContextFactory.setIncludeProtocols(provProperties.getProperty( + "org.onap.dmaap.datarouter.provserver.https.include.protocols", + "TLSv1.1|TLSv1.2").trim().split("\\|")); + + intlogger.info("Not supported protocols prov server:-" + + String.join(",", sslContextFactory.getExcludeProtocols())); + intlogger.info("Supported protocols prov server:-" + + String.join(",", sslContextFactory.getIncludeProtocols())); + intlogger.info("Not supported ciphers prov server:-" + + String.join(",", sslContextFactory.getExcludeCipherSuites())); + intlogger.info("Supported ciphers prov server:-" + + String.join(",", sslContextFactory.getIncludeCipherSuites())); + + // HTTPS configuration + HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); + httpsConfiguration.setRequestHeaderSize(8192); + + // HTTPS connector + try (ServerConnector httpsServerConnector = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(httpsConfiguration))) { + + httpsServerConnector.setPort(httpsPort); + httpsServerConnector.setIdleTimeout(30000); + httpsServerConnector.setAcceptQueueSize(2); + + // Servlet and Filter configuration + ServletContextHandler servletContextHandler = new ServletContextHandler(0); + servletContextHandler.setContextPath("/"); + servletContextHandler.addServlet(new ServletHolder(new FeedServlet()), "/feed/*"); + servletContextHandler.addServlet(new ServletHolder(new FeedLogServlet()), "/feedlog/*"); + servletContextHandler.addServlet(new ServletHolder(new PublishServlet()), "/publish/*"); + servletContextHandler.addServlet(new ServletHolder(new SubscribeServlet()), "/subscribe/*"); + servletContextHandler.addServlet(new ServletHolder(new StatisticsServlet()), "/statistics/*"); + servletContextHandler.addServlet(new ServletHolder(new SubLogServlet()), "/sublog/*"); + servletContextHandler.addServlet(new ServletHolder(new GroupServlet()), "/group/*"); + servletContextHandler.addServlet(new ServletHolder(new SubscriptionServlet()), "/subs/*"); + servletContextHandler.addServlet(new ServletHolder(new InternalServlet()), "/internal/*"); + servletContextHandler.addServlet(new ServletHolder(new RouteServlet()), "/internal/route/*"); + servletContextHandler.addServlet(new ServletHolder(new DRFeedsServlet()), "/"); + servletContextHandler.addFilter(new FilterHolder(new ThrottleFilter()), + "/publish/*", EnumSet.of(DispatcherType.REQUEST)); + + //CADI Filter activation check + if (Boolean.parseBoolean(provProperties.getProperty( + "org.onap.dmaap.datarouter.provserver.cadi.enabled", "false"))) { + servletContextHandler.addFilter(new FilterHolder(new DRProvCadiFilter(true, aafPropsUtils.getPropAccess())), + "/*", EnumSet.of(DispatcherType.REQUEST)); + intlogger.info("PROV0001 AAF CADI Auth enabled for "); + } + + ContextHandlerCollection contextHandlerCollection = new ContextHandlerCollection(); + contextHandlerCollection.addHandler(servletContextHandler); + + // Server's Handler collection + handlerCollection = new HandlerCollection(); + handlerCollection.setHandlers(new Handler[]{contextHandlerCollection, new DefaultHandler()}); + handlerCollection.addHandler(requestLogHandler); + + server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); + } + } + server.setHandler(handlerCollection); // Daemon to clean up the log directory on a daily basis Timer rolex = new Timer(); @@ -227,26 +280,18 @@ public class Main { // Start LogfileLoader LogfileLoader.getLoader(); - ServerConnector serverConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpsConfiguration)); - serverConnector.setPort(httpsPort); - serverConnector.setIdleTimeout(500000); - - server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector}); - server.setHandler(hc); - server.setStopAtShutdown(true); - server.setStopTimeout(5000); - - server.setDumpAfterStart(false); - server.setDumpBeforeStop(false); - - server.start(); + try { + server.start(); + intlogger.info("Prov Server started-" + server.getState()); + } catch (Exception e) { + intlogger.error("Jetty failed to start. Exiting: " + e.getMessage(), e); + exit(1); + } server.join(); - logger.info("PROV0001 **** AT&T Data Router Provisioning Server halted."); + intlogger.info("PROV0001 **** AT&T Data Router Provisioning Server halted."); } - private static boolean checkDatabase(Logger logger) { + private static boolean checkDatabase() { DB db = new DB(); return db.runRetroFits(); } @@ -259,9 +304,9 @@ public class Main { try { server.stop(); Thread.sleep(5000L); - System.exit(0); + exit(0); } catch (Exception e) { - // ignore + intlogger.error("Exception in Main.shutdown(): " + e.getMessage(), e); } }); }