datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServer.java

   1 /*
   2  * ============LICENSE_START=======================================================
   3  *  Copyright (C) 2019 Nordix Foundation.
   4  * ================================================================================
   5  * Licensed under the Apache License, Version 2.0 (the "License");
   6  * you may not use this file except in compliance with the License.
   7  * You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  *
  17  * SPDX-License-Identifier: Apache-2.0
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.onap.dmaap.datarouter.node;
  22
  23 import com.att.eelf.configuration.EELFLogger;
  24 import com.att.eelf.configuration.EELFManager;
  25 import org.eclipse.jetty.http.HttpVersion;
  26 import org.eclipse.jetty.server.Connector;
  27 import org.eclipse.jetty.server.HttpConfiguration;
  28 import org.eclipse.jetty.server.HttpConnectionFactory;
  29 import org.eclipse.jetty.server.SecureRequestCustomizer;
  30 import org.eclipse.jetty.server.Server;
  31 import org.eclipse.jetty.server.ServerConnector;
  32 import org.eclipse.jetty.server.SslConnectionFactory;
  33 import org.eclipse.jetty.servlet.ServletContextHandler;
  34 import org.eclipse.jetty.servlet.ServletHolder;
  35 import org.eclipse.jetty.util.ssl.SslContextFactory;
  36 import org.jetbrains.annotations.NotNull;
  37 import org.onap.dmaap.datarouter.node.delivery.Delivery;
  38
  39
  40 public class NodeServer {
  41
  42     private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(NodeServer.class);
  43
  44     private static Server server;
  45     private static Delivery delivery;
  46
  47     private NodeServer(){}
  48
  49     static Server getServerInstance(NodeConfigManager nodeConfigManager) {
  50         if (server == null) {
  51             server = createNodeServer(nodeConfigManager);
  52         }
  53         return server;
  54     }
  55
  56     private static Server createNodeServer(NodeConfigManager nodeConfigManager) {
  57         eelfLogger.info("NODE0005 Creating new NodeServer");
  58         server = new Server();
  59         delivery = new Delivery(nodeConfigManager);
  60
  61         HttpConfiguration httpConfiguration = new HttpConfiguration();
  62         httpConfiguration.setRequestHeaderSize(2048);
  63
  64         // HTTP connector
  65         try (ServerConnector httpServerConnector = new ServerConnector(server,
  66             new HttpConnectionFactory(httpConfiguration))) {
  67             httpServerConnector.setPort(nodeConfigManager.getHttpPort());
  68             httpServerConnector.setIdleTimeout(2000);
  69
  70             //Context Handler
  71             ServletContextHandler servletContextHandler = new ServletContextHandler(0);
  72             servletContextHandler.setContextPath("/");
  73             servletContextHandler.addServlet(new ServletHolder(new NodeServlet(delivery, nodeConfigManager)), "/*");
  74
  75             if (nodeConfigManager.isTlsEnabled()) {
  76                 initialiseHttpsConnector(nodeConfigManager, httpConfiguration, httpServerConnector);
  77             } else {
  78                 eelfLogger.info("NODE0005 Adding HTTP Connector");
  79                 server.setConnectors(new Connector[]{httpServerConnector});
  80             }
  81             server.setHandler(servletContextHandler);
  82         }
  83         return server;
  84     }
  85
  86     private static void initialiseHttpsConnector(NodeConfigManager nodeConfigManager, HttpConfiguration httpConfiguration,
  87         ServerConnector httpServerConnector) {
  88         HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
  89         httpsConfiguration.setRequestHeaderSize(8192);
  90
  91         SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
  92         secureRequestCustomizer.setStsMaxAge(2000);
  93         secureRequestCustomizer.setStsIncludeSubDomains(true);
  94         httpsConfiguration.addCustomizer(secureRequestCustomizer);
  95
  96         // HTTPS connector
  97         try (ServerConnector httpsServerConnector = new ServerConnector(server,
  98             new SslConnectionFactory(getSslContextFactory(), HttpVersion.HTTP_1_1.asString()),
  99             new HttpConnectionFactory(httpsConfiguration))) {
 100             httpsServerConnector.setPort(nodeConfigManager.getHttpsPort());
 101             httpsServerConnector.setIdleTimeout(3600000);
 102             httpsServerConnector.setAcceptQueueSize(2);
 103             eelfLogger.info("NODE0005 TLS Enabled: Adding HTTP/S Connectors");
 104             server.setConnectors(new Connector[]{httpServerConnector, httpsServerConnector});
 105         }
 106     }
 107
 108     /**
 109      * Reset the retry timer for a subscription.
 110      */
 111     static void resetQueue(String subid, String ip) {
 112         delivery.resetQueue(NodeConfigManager.getInstance().getSpoolDir(subid, ip));
 113     }
 114
 115
 116     @NotNull
 117     private static SslContextFactory.Server getSslContextFactory() {
 118         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
 119         sslContextFactory.setKeyStoreType(NodeConfigManager.getNodeTlsManager().getKeyStoreType());
 120         sslContextFactory.setKeyStorePath(NodeConfigManager.getNodeTlsManager().getKeyStorefile());
 121         sslContextFactory.setKeyStorePassword(NodeConfigManager.getNodeTlsManager().getKeyStorePassword());
 122         sslContextFactory.setKeyManagerPassword(NodeConfigManager.getNodeTlsManager().getKeyManagerPassword());
 123
 124 //        sslContextFactory.setTrustStoreType(NodeConfigManager.getNodeTlsManager().getTrustStoreType());
 125 //        sslContextFactory.setTrustStorePath(ProvRunner.getAafPropsUtils().getTruststorePathProperty());
 126 //        sslContextFactory.setTrustStorePassword(ProvRunner.getAafPropsUtils().getTruststorePassProperty());
 127
 128         sslContextFactory.setExcludeCipherSuites(
 129             "SSL_RSA_WITH_DES_CBC_SHA",
 130             "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 131             "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 132             "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 133             "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 134             "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 135             "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
 136         );
 137         sslContextFactory.addExcludeProtocols("SSLv3");
 138         sslContextFactory.setIncludeProtocols(NodeConfigManager.getNodeTlsManager().getEnabledProtocols());
 139         eelfLogger.info("Unsupported protocols: " + String.join(",", sslContextFactory.getExcludeProtocols()));
 140         eelfLogger.info("Supported protocols: " + String.join(",", sslContextFactory.getIncludeProtocols()));
 141         eelfLogger.info("Unsupported ciphers: " + String.join(",", sslContextFactory.getExcludeCipherSuites()));
 142         eelfLogger.info("Supported ciphers: " + String.join(",", sslContextFactory.getIncludeCipherSuites()));
 143         return sslContextFactory;
 144     }
 145 }