2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2019 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.datarouter.node;
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
25 import java.util.EnumSet;
26 import javax.servlet.DispatcherType;
27 import javax.servlet.ServletException;
28 import org.eclipse.jetty.http.HttpVersion;
29 import org.eclipse.jetty.server.Connector;
30 import org.eclipse.jetty.server.HttpConfiguration;
31 import org.eclipse.jetty.server.HttpConnectionFactory;
32 import org.eclipse.jetty.server.SecureRequestCustomizer;
33 import org.eclipse.jetty.server.Server;
34 import org.eclipse.jetty.server.ServerConnector;
35 import org.eclipse.jetty.server.SslConnectionFactory;
36 import org.eclipse.jetty.servlet.FilterHolder;
37 import org.eclipse.jetty.servlet.ServletContextHandler;
38 import org.eclipse.jetty.servlet.ServletHolder;
39 import org.eclipse.jetty.util.ssl.SslContextFactory;
40 import org.jetbrains.annotations.NotNull;
43 public class NodeServer {
45 private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
47 private static Server server;
48 private static Delivery delivery;
53 static Server getServerInstance(NodeConfigManager nodeConfigManager) {
55 server = createNodeServer(nodeConfigManager);
60 private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
61 eelfLogger.info("NODE0005 Creating new NodeServer");
62 server = new Server();
63 delivery = new Delivery(nodeConfigManager);
65 HttpConfiguration httpConfiguration = new HttpConfiguration();
66 httpConfiguration.setRequestHeaderSize(2048);
69 try (ServerConnector httpServerConnector = new ServerConnector(server,
70 new HttpConnectionFactory(httpConfiguration))) {
71 httpServerConnector.setPort(nodeConfigManager.getHttpPort());
72 httpServerConnector.setIdleTimeout(2000);
75 ServletContextHandler servletContextHandler = new ServletContextHandler(0);
76 servletContextHandler.setContextPath("/");
77 servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*");
79 if (nodeConfigManager.isTlsEnabled()) {
80 initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector, servletContextHandler);
82 eelfLogger.info("NODE0005 Adding HTTP Connector");
83 server.setConnectors(new Connector[]{httpServerConnector});
85 server.setHandler(servletContextHandler);
90 private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration,
91 ServerConnector httpServerConnector, ServletContextHandler servletContextHandler) {
92 HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
93 httpsConfiguration.setRequestHeaderSize(8192);
95 SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
96 secureRequestCustomizer.setStsMaxAge(2000);
97 secureRequestCustomizer.setStsIncludeSubDomains(true);
98 httpsConfiguration.addCustomizer(secureRequestCustomizer);
101 try (ServerConnector httpsServerConnector = new ServerConnector(server,
102 new SslConnectionFactory(getSslContextFactory(nodeConfigManager), HttpVersion.HTTP_1_1.asString()),
103 new HttpConnectionFactory(httpsConfiguration))) {
105 httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
106 httpsServerConnector.setIdleTimeout(3600000);
107 httpsServerConnector.setAcceptQueueSize(2);
108 eelfLogger.info("NODE0005 TLS Enabled: Adding HTTP/S Connectors");
109 server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
114 * Reset the retry timer for a subscription.
116 static void resetQueue(String subid, String ip) {
117 delivery.resetQueue(NodeConfigManager.getInstance().getSpoolDir(subid, ip));
122 private static SslContextFactory.Server getSslContextFactory(NodeConfigManager nodeConfigManager) {
123 SslContextFactory sslContextFactory = new SslContextFactory.Server();
124 sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType());
125 sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile());
126 sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass());
127 sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass());
129 sslContextFactory.setExcludeCipherSuites(
130 "SSL_RSA_WITH_DES_CBC_SHA",
131 "SSL_DHE_RSA_WITH_DES_CBC_SHA",
132 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
133 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
134 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
135 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
136 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
139 sslContextFactory.addExcludeProtocols("SSLv3");
140 eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
141 eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
142 eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
143 eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
144 return (SslContextFactory.Server) sslContextFactory;