update link to upper-constraints.txt

[dmaap/buscontroller.git] / dmaap-bc / src / main / java / org / onap / dmaap / dbcapi / server / JettyServer.java

/*-
 * ============LICENSE_START=======================================================
 * org.onap.dmaap
 * ================================================================================
 * Copyright (C) 2017 AT&T Intellectual Property.
 *
 * Modifications Copyright (C) 2019 IBM.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 */

package org.onap.dmaap.dbcapi.server;

import jakarta.servlet.DispatcherType;
import java.util.EnumSet;
import java.util.Properties;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
import org.onap.dmaap.dbcapi.util.DmaapConfig;

/**
 * A  Jetty server which supports:
 *      - http and https (simultaneously for dev env)
 *  - REST API context
 *  - static html pages (for documentation).
 */
public class JettyServer extends BaseLoggingClass {

    private static final CertificateManager certificateManager =
        new CertficateManagerFactory(DmaapConfig.getConfig()).initCertificateManager();
    private final Server server;

    public Server getServer() {
        return server;
    }

    public static CertificateManager getCertificateManager() {
        return certificateManager;
    }

    public JettyServer(Properties params) {
        server = new Server();
        int httpPort = Integer.parseInt(params.getProperty("IntHttpPort", "80"));
        int sslPort = Integer.parseInt(params.getProperty("IntHttpsPort", "443"));
        boolean allowHttp = Boolean.parseBoolean(params.getProperty("HttpAllowed", "false"));
        serverLogger.info("port params: http=" + httpPort + " https=" + sslPort);
        serverLogger.info("allowHttp=" + allowHttp);
        // HTTP Server
        HttpConfiguration httpConfig = new HttpConfiguration();
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(sslPort);
        httpConfig.setOutputBufferSize(32768);
        try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(httpConfig))) {
            httpConnector.setPort(httpPort);
            httpConnector.setIdleTimeout(30000);
            // HTTPS Server
            HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
            SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
            sslContextFactory.setWantClientAuth(true);
            if (!certificateManager.isReady()) {
                serverLogger.error("CertificateManager is not ready.  NOT starting https!");
            } else {
                setUpKeystore(sslContextFactory);
                setUpTrustStore(sslContextFactory);
                    if (sslPort != 0) {
                        try (ServerConnector sslConnector = new ServerConnector(server,
                            new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
                            new HttpConnectionFactory(httpsConfig))) {
                            sslConnector.setPort(sslPort);
                            server.addConnector(sslConnector);
                            serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
                        }
                    } else {
                        serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
                    }
            } 
            if (allowHttp) {
                serverLogger.info("Starting httpConnector on port " + httpPort);
                server.addConnector(httpConnector);
            } else {
                serverLogger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
            }
        }
        // Set context for servlet.  This is shared for http and https
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
        context.setContextPath("/");
        server.setHandler(context);

        ServletHolder jerseyServlet = context
            .addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*");
        jerseyServlet.setInitOrder(1);
        jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources");
        jerseyServlet.setInitParameter("jakarta.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig");

        // also serve up some static pages...
        ServletHolder staticServlet = context.addServlet(DefaultServlet.class, "/*");
        staticServlet.setInitParameter("resourceBase", "www");
        staticServlet.setInitParameter("pathInfoOnly", "true");

        if (Boolean.parseBoolean(params.getProperty("enableCADI", "false"))) {
            registerAuthFilters(context);
        }

        try {
            serverLogger.info("Starting jetty server");
            String unitTest = params.getProperty("UnitTest", "No");
            serverLogger.info("UnitTest=" + unitTest);
            if (unitTest.equals("No")) {
                server.start();
                server.dumpStdErr();
                server.join();
            }
        } catch (Exception e) {
            errorLogger.error("Exception " + e);
        } finally {
            server.destroy();
        }
    }

    private void registerAuthFilters(ServletContextHandler context) {
        context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthenticationFilter", "/webapi/*", EnumSet.of(
            DispatcherType.FORWARD, DispatcherType.REQUEST));
        context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthorizationFilter", "/webapi/*", EnumSet.of(
            DispatcherType.FORWARD, DispatcherType.REQUEST));
    }

    private void setUpKeystore(SslContextFactory sslContextFactory) {
        String keystore = JettyServer.certificateManager.getKeyStoreFile();
        logger.info("https Server using keystore at " + keystore);
        sslContextFactory.setKeyStorePath(keystore);
        sslContextFactory.setKeyStoreType(JettyServer.certificateManager.getKeyStoreType());
        sslContextFactory.setKeyStorePassword(JettyServer.certificateManager.getKeyStorePassword());
        sslContextFactory.setKeyManagerPassword(JettyServer.certificateManager.getKeyStorePassword());
    }

    private void setUpTrustStore(SslContextFactory sslContextFactory) {
        String truststore = JettyServer.certificateManager.getTrustStoreFile();
        logger.info("https Server using truststore at " + truststore);
        sslContextFactory.setTrustStorePath(truststore);
        sslContextFactory.setTrustStoreType(JettyServer.certificateManager.getTrustStoreType());
        sslContextFactory.setTrustStorePassword(JettyServer.certificateManager.getTrustStorePassword());
    }
}