datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java

   1 /*
   2  * ============LICENSE_START=======================================================
   3  *  Copyright (C) 2019 Nordix Foundation.
   4  * ================================================================================
   5  * Licensed under the Apache License, Version 2.0 (the "License");
   6  * you may not use this file except in compliance with the License.
   7  * You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  *
  17  * SPDX-License-Identifier: Apache-2.0
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.onap.dmaap.datarouter.node;
  22
  23 import com.att.eelf.configuration.EELFLogger;
  24 import com.att.eelf.configuration.EELFManager;
  25 import java.util.EnumSet;
  26 import javax.servlet.DispatcherType;
  27 import javax.servlet.ServletException;
  28 import org.eclipse.jetty.http.HttpVersion;
  29 import org.eclipse.jetty.server.Connector;
  30 import org.eclipse.jetty.server.HttpConfiguration;
  31 import org.eclipse.jetty.server.HttpConnectionFactory;
  32 import org.eclipse.jetty.server.SecureRequestCustomizer;
  33 import org.eclipse.jetty.server.Server;
  34 import org.eclipse.jetty.server.ServerConnector;
  35 import org.eclipse.jetty.server.SslConnectionFactory;
  36 import org.eclipse.jetty.servlet.FilterHolder;
  37 import org.eclipse.jetty.servlet.ServletContextHandler;
  38 import org.eclipse.jetty.servlet.ServletHolder;
  39 import org.eclipse.jetty.util.ssl.SslContextFactory;
  40 import org.jetbrains.annotations.NotNull;
  41
  42
  43 public class NodeServer {
  44
  45     private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
  46
  47     private static Server server;
  48     private static Delivery delivery;
  49
  50     private NodeServer(){
  51     }
  52
  53     static Server getServerInstance() {
  54         if (server == null) {
  55             server = createNodeServer(NodeConfigManager.getInstance());
  56         }
  57         return server;
  58     }
  59
  60     private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
  61         server = new Server();
  62         delivery = new Delivery(nodeConfigManager);
  63
  64         HttpConfiguration httpConfiguration = new HttpConfiguration();
  65         httpConfiguration.setRequestHeaderSize(2048);
  66
  67         // HTTP connector
  68         try (ServerConnector httpServerConnector = new ServerConnector(server,
  69             new HttpConnectionFactory(httpConfiguration))) {
  70             httpServerConnector.setPort(nodeConfigManager.getHttpPort());
  71             httpServerConnector.setIdleTimeout(2000);
  72
  73             SslContextFactory sslContextFactory = getSslContextFactory(nodeConfigManager);
  74
  75             HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
  76             httpsConfiguration.setRequestHeaderSize(8192);
  77
  78             SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
  79             secureRequestCustomizer.setStsMaxAge(2000);
  80             secureRequestCustomizer.setStsIncludeSubDomains(true);
  81             httpsConfiguration.addCustomizer(secureRequestCustomizer);
  82
  83             // HTTPS connector
  84             try (ServerConnector httpsServerConnector = new ServerConnector(server,
  85                 new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
  86                 new HttpConnectionFactory(httpsConfiguration))) {
  87
  88                 httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
  89                 httpsServerConnector.setIdleTimeout(3600000);
  90                 httpsServerConnector.setAcceptQueueSize(2);
  91
  92                 //Context Handler
  93                 ServletContextHandler servletContextHandler = new ServletContextHandler(0);
  94                 servletContextHandler.setContextPath("/");
  95                 servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery)), "/*");
  96
  97                 //CADI Filter activation check
  98                 if (nodeConfigManager.getCadiEnabled()) {
  99                     try {
 100                         servletContextHandler.addFilter(new FilterHolder(new DRNodeCadiFilter(true,
 101                                 nodeConfigManager.getNodeAafPropsUtils().getPropAccess())), "/*",
 102                             EnumSet.of(DispatcherType.REQUEST));
 103                     } catch (ServletException e) {
 104                         eelfLogger.error("Failed to add CADI Filter: " + e.getMessage(), e);
 105                     }
 106                 }
 107                 server.setHandler(servletContextHandler);
 108                 server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
 109             }
 110         }
 111         return server;
 112     }
 113
 114     /**
 115      * Reset the retry timer for a subscription.
 116      */
 117     static void resetQueue(String subid, String ip) {
 118         delivery.resetQueue(NodeConfigManager.getInstance().getSpoolDir(subid, ip));
 119     }
 120
 121
 122     @NotNull
 123     private static SslContextFactory getSslContextFactory(NodeConfigManager nodeConfigManager) {
 124         SslContextFactory sslContextFactory = new SslContextFactory();
 125         sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType());
 126         sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile());
 127         sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass());
 128         sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass());
 129
 130         sslContextFactory.setExcludeCipherSuites(
 131             "SSL_RSA_WITH_DES_CBC_SHA",
 132             "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 133             "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 134             "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 135             "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 136             "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 137             "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
 138         );
 139
 140         sslContextFactory.addExcludeProtocols("SSLv3");
 141         eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
 142         eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
 143         eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
 144         eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
 145         return sslContextFactory;
 146     }
 147 }