"""""""""""
DFC will interact with the DMaaP Message Router, using json, and with the Data Router, using metadata in the header and
file in the body, via secured protocol.
-So far, the implemented protocols to communicate with xNFs are http (with basic authentication), sftp and ftpes.
+So far, the implemented protocols to communicate with xNFs are http (with basic authentication), https, sftp and ftpes.
+When https protocol is used, the following ways of connection are possible: client certificate authentication, basic
+authentication, and no authentication.
Retry mechanism
"""""""""""""""
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-HTTP notes
-==========
+HTTP/HTTPS notes
+================
HTTP Basic Authentication in FileReady messages
"""""""""""""""""""""""""""""""""""""""""""""""
Note, more than one file from the same location can be added to the "arrayOfNamedHashMap". If so, they are downloaded
from the endpoint through single http connection.
+
+HTTPS connection with DFC
+"""""""""""""""""""""""""
+The file ready message for https server is the same as used in other protocols and http. The only difference is that the scheme is set to
+"https":
+
+.. code-block:: bash
+
+ ...
+ "arrayOfNamedHashMap": [
+ {
+ "name": "C_28532_measData_file.xml",
+ "hashMap": {
+ "location": "https://login:password@server.com:443/file.xml.gz",
+ ...
+
+The processed uri depends on the https connection type that has to be established (client certificate authentication, basic
+authentication, and no authentication).
+
+For client certificate authentication:
+
+.. code-block:: bash
+
+ scheme://host:port/path
+ i.e.
+ https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Authentication is based on the certificate used by the DFC.
+
+For basic authentication:
+
+.. code-block:: bash
+
+ scheme://userinfo@host:port/path
+ i.e.
+ https://demo:demo123456!@example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Authentication is based on the "userinfo" applied within the link.
+
+If no authentication is required:
+
+.. code-block:: bash
+
+ scheme://host:port/path
+ i.e.
+ https://example.com:443/C20200502.1830+0200-20200502.1845+0200_195500.xml.gz
+
+Note, effective way of authentication depends of uri provided and http server configuration.
+
+If port number was not supplied , port 443 is used by default.
+Every file is sent through separate https connection.
|WARN |StrictHostKeyChecking is enabled but environment variable KNOWN_HOSTS_FILE_PATH is not set or points to not existing file [/home/datafile/.ssh/known_hosts] --> falling back to StrictHostKeyChecking='no'.
To resolve this warning, provide a known_hosts file or disable StrictHostKeyChecking, see DFC config page - :ref:`strict_host_checking_config`.
+
+Inability to download file from xNF due to certificate problem
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+When collecting files using HTTPS and DFC contains certs from CMPv2 server, an exception like "unable to find valid certification path to requested target" may occur.
+Except obvious certificates problems make sure, that xNF which are connecting to the DFC are supplied with certificates coming from the same ONAP unit where DFC was installed.
\ No newline at end of file