Fully HTTPS support in the catalog-fe

Fully HTTPS support:
-Updated jvm configuration to support call to
the SDC components using HTTPS.
-Checkstyle in the recipes
-Added buildRestClient method to create the CloseableHttpClient
supporting the SSL connection
-Sonar fixes in the PluginStatusBL class

Issue-ID: SDC-2516
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: I35b9e22026898d2cc67a4b2d86d9d508a33fcb59

diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
index eb30eba..a7c9ce1 100644 (file)
--- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
+++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb
@@ -6,6 +6,8 @@ default['FE'][:https_port] = 9443
 default['disableHttp'] = true
 default['jetty'][:keystore_pwd] = "rTIS;B4kM]2GHcNK2c3B4&Ng"
 default['jetty'][:keymanager_pwd] = "rTIS;B4kM]2GHcNK2c3B4&Ng"
+# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
+# MUST BE ALSO CHANGE IN THE startup.sh FILE
 default['jetty'][:truststore_pwd] = "Y,f975ZNJfVZhV*{+Y[}pA?0"
 
 #Onboard

diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
index 67c5114..f264183 100644 (file)
--- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
+++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_4_logback.rb
@@ -4,4 +4,3 @@ cookbook_file "#{ENV['JETTY_BASE']}/config/catalog-fe/logback.xml" do
   owner "jetty"
   group "jetty"
 end
- 

diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
index b1c32b9..bf756fb 100644 (file)
--- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
+++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
@@ -23,7 +23,7 @@ template "http-ini" do
    owner "jetty"
    group "jetty"
    mode "0755"
-   variables ({
+   variables({
      :http_option => http_option ,
      :http_port => "#{node['FE'][:http_port]}"
     })
@@ -46,7 +46,7 @@ template "ssl-ini" do
    owner "jetty"
    group "jetty"
    mode "0755"
-   variables ({
+   variables({
      :https_port => "#{node['FE'][:https_port]}" ,
      :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
      :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,

diff --git a/catalog-fe/sdc-frontend/startup.sh b/catalog-fe/sdc-frontend/startup.sh
index d8f522d..99cdaf0 100644 (file)
--- a/catalog-fe/sdc-frontend/startup.sh
+++ b/catalog-fe/sdc-frontend/startup.sh
@@ -1,6 +1,14 @@
 #!/bin/sh
 
-JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config -Dlog.home=${JETTY_BASE}/logs -Dlogback.configurationFile=${JETTY_BASE}/config/catalog-fe/logback.xml -Dconfiguration.yaml=${JETTY_BASE}/config/catalog-fe/configuration.yaml -Donboarding_configuration.yaml=${JETTY_BASE}/config/onboarding-fe/onboarding_configuration.yaml"
+JAVA_OPTIONS=" ${JAVA_OPTIONS} \
+               -Dconfig.home=${JETTY_BASE}/config \
+               -Dlog.home=${JETTY_BASE}/logs \
+               -Dlogback.configurationFile=${JETTY_BASE}/config/catalog-fe/logback.xml \
+               -Dconfiguration.yaml=${JETTY_BASE}/config/catalog-fe/configuration.yaml \
+               -Donboarding_configuration.yaml=${JETTY_BASE}/config/onboarding-fe/onboarding_configuration.yaml \
+               -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
+               -Djavax.net.ssl.trustStorePassword=Y,f975ZNJfVZhV*{+Y[}pA?0 \
+               -Djetty.console-capture.dir=${JETTY_BASE}/logs "
 
 cd /root/chef-solo
 chef-solo -c solo.rb -E ${ENVNAME}
@@ -9,4 +17,3 @@ cd /var/lib/jetty
 /docker-entrypoint.sh &
 
 while true; do sleep 2; done
-

diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
index cdb9e0f..6461ccf 100644 (file)
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
@@ -60,7 +60,7 @@ public class PluginStatusBL {
     }
 
     public String getPluginsList() {
-        String result = null;
+        String result;
 
         if (pluginsConfiguration == null || pluginsConfiguration.getPluginsList() == null) {
             LOGGER.warn("Configuration of type {} was not found", PluginsConfiguration.class);

diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java
index f087f55..a672b1b 100644 (file)
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/listen/FEAppContextListener.java
@@ -3,6 +3,7 @@
  * SDC
  * ================================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (c) 2019 Samsung
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +21,27 @@
 
 package org.openecomp.sdc.fe.listen;
 
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.openecomp.sdc.common.api.Constants;
 import org.openecomp.sdc.common.impl.ExternalConfiguration;
 import org.openecomp.sdc.common.listener.AppContextListener;
@@ -30,15 +52,10 @@ import org.openecomp.sdc.fe.servlets.HealthCheckService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-
 public class FEAppContextListener extends AppContextListener implements ServletContextListener {
 
-    private static final int HEALTH_CHECHK_INTERVALE = 5;
-    private static final int PROBE_INTERVALE = 15;
+    private static final int HEALTH_CHECK_INTERVAL = 5;
+    private static final int PROBE_INTERVAL = 15;
     private static Logger log = LoggerFactory.getLogger(FEAppContextListener.class.getName());
 
     public void contextInitialized(ServletContextEvent context) {
@@ -51,17 +68,22 @@ public class FEAppContextListener extends AppContextListener implements ServletC
                 ExternalConfiguration.getAppName());
         context.getServletContext().setAttribute(Constants.CONFIGURATION_MANAGER_ATTR, configurationManager);
 
-        PluginStatusBL pbl = new PluginStatusBL();
-        context.getServletContext().setAttribute(Constants.PLUGIN_BL_COMPONENT, pbl);
+        try {
+            PluginStatusBL pbl = new PluginStatusBL(buildRestClient());
+            context.getServletContext().setAttribute(Constants.PLUGIN_BL_COMPONENT, pbl);
+        } catch (SSLException e) {
+            log.debug("ERROR: Build rest client failed because ", e);
+            return;
+        }
 
         // Health Check service
         HealthCheckService hcs = new HealthCheckService(context.getServletContext());
-        hcs.start(configurationManager.getConfiguration().getHealthCheckIntervalInSeconds(HEALTH_CHECHK_INTERVALE));
+        hcs.start(configurationManager.getConfiguration().getHealthCheckIntervalInSeconds(HEALTH_CHECK_INTERVAL));
         context.getServletContext().setAttribute(Constants.HEALTH_CHECK_SERVICE_ATTR, hcs);
 
         // Monitoring service
         FeMonitoringService fms = new FeMonitoringService(context.getServletContext());
-        fms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(PROBE_INTERVALE));
+        fms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(PROBE_INTERVAL));
 
         if (configurationManager.getConfiguration() == null) {
             log.debug("ERROR: configuration was not properly loaded");
@@ -87,4 +109,21 @@ public class FEAppContextListener extends AppContextListener implements ServletC
 
     }
 
+    private CloseableHttpClient buildRestClient() throws SSLException {
+        SSLContextBuilder builder = new SSLContextBuilder();
+        try {
+            builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
+            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
+                SSLContext.getDefault(), NoopHostnameVerifier.INSTANCE);
+            Registry<ConnectionSocketFactory> registry =
+                RegistryBuilder.<ConnectionSocketFactory>create()
+                    .register("http", new PlainConnectionSocketFactory()).register("https", sslsf)
+                    .build();
+            PoolingHttpClientConnectionManager cm =
+                new PoolingHttpClientConnectionManager(registry);
+            return HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();
+        } catch (NoSuchAlgorithmException | KeyStoreException e) {
+            throw new SSLException(e);
+        }
+    }
 }