2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2019 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.datarouter.node;
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
25 import java.util.EnumSet;
26 import javax.servlet.DispatcherType;
27 import javax.servlet.ServletException;
28 import org.eclipse.jetty.http.HttpVersion;
29 import org.eclipse.jetty.server.Connector;
30 import org.eclipse.jetty.server.HttpConfiguration;
31 import org.eclipse.jetty.server.HttpConnectionFactory;
32 import org.eclipse.jetty.server.SecureRequestCustomizer;
33 import org.eclipse.jetty.server.Server;
34 import org.eclipse.jetty.server.ServerConnector;
35 import org.eclipse.jetty.server.SslConnectionFactory;
36 import org.eclipse.jetty.servlet.FilterHolder;
37 import org.eclipse.jetty.servlet.ServletContextHandler;
38 import org.eclipse.jetty.servlet.ServletHolder;
39 import org.eclipse.jetty.util.ssl.SslContextFactory;
40 import org.jetbrains.annotations.NotNull;
43 public class NodeServer {
45 private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
47 private static Server server;
48 private static Delivery delivery;
53 static Server getServerInstance() {
55 server = createNodeServer(NodeConfigManager.getInstance());
60 private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
61 server = new Server();
62 delivery = new Delivery(nodeConfigManager);
64 HttpConfiguration httpConfiguration = new HttpConfiguration();
65 httpConfiguration.setRequestHeaderSize(2048);
68 try (ServerConnector httpServerConnector = new ServerConnector(server,
69 new HttpConnectionFactory(httpConfiguration))) {
70 httpServerConnector.setPort(nodeConfigManager.getHttpPort());
71 httpServerConnector.setIdleTimeout(2000);
73 SslContextFactory sslContextFactory = getSslContextFactory(nodeConfigManager);
75 HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
76 httpsConfiguration.setRequestHeaderSize(8192);
78 SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
79 secureRequestCustomizer.setStsMaxAge(2000);
80 secureRequestCustomizer.setStsIncludeSubDomains(true);
81 httpsConfiguration.addCustomizer(secureRequestCustomizer);
84 try (ServerConnector httpsServerConnector = new ServerConnector(server,
85 new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
86 new HttpConnectionFactory(httpsConfiguration))) {
88 httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
89 httpsServerConnector.setIdleTimeout(3600000);
90 httpsServerConnector.setAcceptQueueSize(2);
93 ServletContextHandler servletContextHandler = new ServletContextHandler(0);
94 servletContextHandler.setContextPath("/");
95 servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery)), "/*");
97 //CADI Filter activation check
98 if (nodeConfigManager.getCadiEnabled()) {
100 servletContextHandler.addFilter(new FilterHolder(new DRNodeCadiFilter(true,
101 nodeConfigManager.getNodeAafPropsUtils().getPropAccess())), "/*",
102 EnumSet.of(DispatcherType.REQUEST));
103 } catch (ServletException e) {
104 eelfLogger.error("Failed to add CADI Filter: " + e.getMessage(), e);
107 server.setHandler(servletContextHandler);
108 server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
115 * Reset the retry timer for a subscription.
117 static void resetQueue(String subid, String ip) {
118 delivery.resetQueue(NodeConfigManager.getInstance().getSpoolDir(subid, ip));
123 private static SslContextFactory getSslContextFactory(NodeConfigManager nodeConfigManager) {
124 SslContextFactory sslContextFactory = new SslContextFactory();
125 sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType());
126 sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile());
127 sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass());
128 sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass());
130 sslContextFactory.setExcludeCipherSuites(
131 "SSL_RSA_WITH_DES_CBC_SHA",
132 "SSL_DHE_RSA_WITH_DES_CBC_SHA",
133 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
134 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
135 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
136 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
137 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
140 sslContextFactory.addExcludeProtocols("SSLv3");
141 eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
142 eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
143 eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
144 eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
145 return sslContextFactory;