datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java

   1 /*
   2  * ============LICENSE_START=======================================================
   3  *  Copyright (C) 2019 Nordix Foundation.
   4  * ================================================================================
   5  * Licensed under the Apache License, Version 2.0 (the "License");
   6  * you may not use this file except in compliance with the License.
   7  * You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  *
  17  * SPDX-License-Identifier: Apache-2.0
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.onap.dmaap.datarouter.node;
  22
  23 import com.att.eelf.configuration.EELFLogger;
  24 import com.att.eelf.configuration.EELFManager;
  25 import java.util.EnumSet;
  26 import javax.servlet.DispatcherType;
  27 import javax.servlet.ServletException;
  28 import org.eclipse.jetty.http.HttpVersion;
  29 import org.eclipse.jetty.server.Connector;
  30 import org.eclipse.jetty.server.HttpConfiguration;
  31 import org.eclipse.jetty.server.HttpConnectionFactory;
  32 import org.eclipse.jetty.server.SecureRequestCustomizer;
  33 import org.eclipse.jetty.server.Server;
  34 import org.eclipse.jetty.server.ServerConnector;
  35 import org.eclipse.jetty.server.SslConnectionFactory;
  36 import org.eclipse.jetty.servlet.FilterHolder;
  37 import org.eclipse.jetty.servlet.ServletContextHandler;
  38 import org.eclipse.jetty.servlet.ServletHolder;
  39 import org.eclipse.jetty.util.ssl.SslContextFactory;
  40 import org.jetbrains.annotations.NotNull;
  41
  42
  43 public class NodeServer {
  44
  45     private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
  46
  47     private static Server server;
  48     private static Delivery delivery;
  49
  50     private NodeServer(){
  51     }
  52
  53     static Server getServerInstance(NodeConfigManager nodeConfigManager) {
  54         if (server == null) {
  55             server = createNodeServer(nodeConfigManager);
  56         }
  57         return server;
  58     }
  59
  60     private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
  61         eelfLogger.info("NODE0005 Creating new NodeServer");
  62         server = new Server();
  63         delivery = new Delivery(nodeConfigManager);
  64
  65         HttpConfiguration httpConfiguration = new HttpConfiguration();
  66         httpConfiguration.setRequestHeaderSize(2048);
  67
  68         // HTTP connector
  69         try (ServerConnector httpServerConnector = new ServerConnector(server,
  70             new HttpConnectionFactory(httpConfiguration))) {
  71             httpServerConnector.setPort(nodeConfigManager.getHttpPort());
  72             httpServerConnector.setIdleTimeout(2000);
  73
  74             //Context Handler
  75             ServletContextHandler servletContextHandler = new ServletContextHandler(0);
  76             servletContextHandler.setContextPath("/");
  77             servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*");
  78
  79             if (nodeConfigManager.isTlsEnabled()) {
  80                 initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector, servletContextHandler);
  81             } else {
  82                 eelfLogger.info("NODE0005 Adding HTTP Connector");
  83                 server.setConnectors(new Connector[]{httpServerConnector});
  84             }
  85             server.setHandler(servletContextHandler);
  86         }
  87         return server;
  88     }
  89
  90     private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration,
  91         ServerConnector httpServerConnector, ServletContextHandler servletContextHandler) {
  92         HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
  93         httpsConfiguration.setRequestHeaderSize(8192);
  94
  95         SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
  96         secureRequestCustomizer.setStsMaxAge(2000);
  97         secureRequestCustomizer.setStsIncludeSubDomains(true);
  98         httpsConfiguration.addCustomizer(secureRequestCustomizer);
  99
 100         // HTTPS connector
 101         try (ServerConnector httpsServerConnector = new ServerConnector(server,
 102             new SslConnectionFactory(getSslContextFactory(nodeConfigManager), HttpVersion.HTTP_1_1.asString()),
 103             new HttpConnectionFactory(httpsConfiguration))) {
 104
 105             httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
 106             httpsServerConnector.setIdleTimeout(3600000);
 107             httpsServerConnector.setAcceptQueueSize(2);
 108             eelfLogger.info("NODE0005 TLS Enabled: Adding HTTP/S Connectors");
 109             server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
 110         }
 111     }
 112
 113     /**
 114      * Reset the retry timer for a subscription.
 115      */
 116     static void resetQueue(String subid, String ip) {
 117         delivery.resetQueue(NodeConfigManager.getInstance().getSpoolDir(subid, ip));
 118     }
 119
 120
 121     @NotNull
 122     private static SslContextFactory.Server getSslContextFactory(NodeConfigManager nodeConfigManager) {
 123         SslContextFactory sslContextFactory = new SslContextFactory.Server();
 124         sslContextFactory.setKeyStoreType(nodeConfigManager.getKSType());
 125         sslContextFactory.setKeyStorePath(nodeConfigManager.getKSFile());
 126         sslContextFactory.setKeyStorePassword(nodeConfigManager.getKSPass());
 127         sslContextFactory.setKeyManagerPassword(nodeConfigManager.getKPass());
 128
 129         sslContextFactory.setExcludeCipherSuites(
 130             "SSL_RSA_WITH_DES_CBC_SHA",
 131             "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 132             "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 133             "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 134             "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 135             "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 136             "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
 137         );
 138
 139         sslContextFactory.addExcludeProtocols("SSLv3");
 140         eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
 141         eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
 142         eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
 143         eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
 144         return (SslContextFactory.Server) sslContextFactory;
 145     }
 146 }