Code Review / dmaap / datarouter.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Fix LogServlet Vulnerabilities"
[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / RouteServlet.java
1 /*******************************************************************************\r
2  * ============LICENSE_START==================================================\r
3  * * org.onap.dmaap\r
4  * * ===========================================================================\r
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
6  * * ===========================================================================\r
7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
8  * * you may not use this file except in compliance with the License.\r
9  * * You may obtain a copy of the License at\r
10  * *\r
11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
12  * *\r
13  *  * Unless required by applicable law or agreed to in writing, software\r
14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
16  * * See the License for the specific language governing permissions and\r
17  * * limitations under the License.\r
18  * * ============LICENSE_END====================================================\r
19  * *\r
20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
21  * *\r
22  ******************************************************************************/\r
23 \r
24 \r
25 package org.onap.dmaap.datarouter.provisioning;\r
26 \r
27 import java.io.IOException;\r
28 import java.util.Set;\r
29 \r
30 import javax.servlet.http.HttpServletRequest;\r
31 import javax.servlet.http.HttpServletResponse;\r
32 \r
33 import org.json.JSONException;\r
34 import org.json.JSONObject;\r
35 import org.onap.dmaap.datarouter.provisioning.beans.Deleteable;\r
36 import org.onap.dmaap.datarouter.provisioning.beans.EgressRoute;\r
37 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;\r
38 import org.onap.dmaap.datarouter.provisioning.beans.IngressRoute;\r
39 import org.onap.dmaap.datarouter.provisioning.beans.Insertable;\r
40 import org.onap.dmaap.datarouter.provisioning.beans.NetworkRoute;\r
41 import org.onap.dmaap.datarouter.provisioning.beans.NodeClass;\r
42 \r
43 import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;\r
44 \r
45 /**\r
46  * <p>\r
47  * This servlet handles requests to URLs under /internal/route/ on the provisioning server.\r
48  * This part of the URL tree is used to manipulate the Data Router routing tables.\r
49  * These include:\r
50  * </p>\r
51  * <div class="contentContainer">\r
52  * <table class="packageSummary" border="0" cellpadding="3" cellspacing="0">\r
53  * <caption><span>URL Path Summary</span><span class="tabEnd">&nbsp;</span></caption>\r
54  * <tr>\r
55  *   <th class="colFirst" width="35%">URL Path</th>\r
56  *   <th class="colOne">Method</th>\r
57  *   <th class="colLast">Purpose</th>\r
58  * </tr>\r
59  * <tr class="altColor">\r
60  *   <td class="colFirst">/internal/route/</td>\r
61  *   <td class="colOne">GET</td>\r
62  *   <td class="colLast">used to GET a full JSON copy of all three routing tables.</td>\r
63  * </tr>\r
64  * <tr class="rowColor">\r
65  *   <td class="colFirst" rowspan="2">/internal/route/ingress/</td>\r
66  *   <td class="colOne">GET</td>\r
67  *   <td class="colLast">used to GET a full JSON copy of the ingress routing table (IRT).</td>\r
68  * </tr>\r
69  * <tr class="rowColor">\r
70  *   <td class="colOne">POST</td>\r
71  *   <td class="colLast">used to create a new entry in the ingress routing table (IRT).</td></tr>\r
72  * <tr class="altColor">\r
73  *   <td class="colFirst" rowspan="2">/internal/route/egress/</td>\r
74  *   <td class="colOne">GET</td>\r
75  *   <td class="colLast">used to GET a full JSON copy of the egress routing table (ERT).</td>\r
76  * </tr>\r
77  * <tr class="altColor">\r
78  *   <td class="colOne">POST</td>\r
79  *   <td class="colLast">used to create a new entry in the egress routing table (ERT).</td></tr>\r
80  * <tr class="rowColor">\r
81  *   <td class="colFirst" rowspan="2">/internal/route/network/</td>\r
82  *   <td class="colOne">GET</td>\r
83  *   <td class="colLast">used to GET a full JSON copy of the network routing table (NRT).</td>\r
84  * </tr>\r
85  * <tr class="rowColor">\r
86  *   <td class="colOne">POST</td>\r
87  *   <td class="colLast">used to create a new entry in the network routing table (NRT).</td>\r
88  * </tr>\r
89  * <tr class="altColor">\r
90  *   <td class="colFirst">/internal/route/ingress/&lt;feed&gt;/&lt;user&gt;/&lt;subnet&gt;</td>\r
91  *   <td class="colOne">DELETE</td>\r
92  *   <td class="colLast">used to DELETE the ingress route corresponding to <i>feed</i>, <i>user</i> and <i>subnet</i>.\r
93  *   The / in the subnet specified should be replaced with a !, since / cannot be used in a URL.</td>\r
94  * </tr>\r
95  * <tr class="rowColor">\r
96  *   <td class="colFirst">/internal/route/ingress/&lt;seq&gt;</td>\r
97  *   <td class="colOne">DELETE</td>\r
98  *   <td class="colLast">used to DELETE all ingress routes with the matching <i>seq</i> sequence number.</td>\r
99  * </tr>\r
100  * <tr class="altColor">\r
101  *   <td class="colFirst">/internal/route/egress/&lt;sub&gt;</td>\r
102  *   <td class="colOne">DELETE</td>\r
103  *   <td class="colLast">used to DELETE the egress route the matching <i>sub</i> subscriber number.</td>\r
104  * </tr>\r
105  * <tr class="rowColor">\r
106  *   <td class="colFirst">/internal/route/network/&lt;fromnode&gt;/&lt;tonode&gt;</td>\r
107  *   <td class="colOne">DELETE</td>\r
108  *   <td class="colLast">used to DELETE the network route corresponding to <i>fromnode</i>\r
109  *   and <i>tonode</i>.</td>\r
110  * </tr>\r
111  * </table>\r
112  * <p>\r
113  * Authorization to use these URLs is a little different than for other URLs on the provisioning server.\r
114  * For the most part, the IP address that the request comes from should be either:\r
115  * </p>\r
116  * <ol>\r
117  * <li>an IP address of a provisioning server, or</li>\r
118  * <li>the IP address of a node, or</li>\r
119  * <li>an IP address from the "<i>special subnet</i>" which is configured with\r
120  * the PROV_SPECIAL_SUBNET parameter.\r
121  * </ol>\r
122  * <p>\r
123  * All DELETE/GET/POST requests made to this servlet on the standby server are proxied to the\r
124  * active server (using the {@link ProxyServlet}) if it is up and reachable.\r
125  * </p>\r
126  *\r
127  * @author Robert Eby\r
128  * @version $Id$\r
129  */\r
130 @SuppressWarnings("serial")\r
131 public class RouteServlet extends ProxyServlet {\r
132     /**\r
133      * DELETE route table entries by deleting part of the route table tree.\r
134      */\r
135     @Override\r
136     public void doDelete(HttpServletRequest req, HttpServletResponse resp) {\r
137         EventLogRecord elr = new EventLogRecord(req);\r
138         if (!isAuthorizedForInternal(req)) {\r
139             elr.setMessage("Unauthorized.");\r
140             elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
141             eventlogger.info(elr);\r
142             sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);\r
143             return;\r
144         }\r
145         if (isProxyOK(req) && isProxyServer()) {\r
146             super.doDelete(req, resp);\r
147             return;\r
148         }\r
149 \r
150         String path = req.getPathInfo();\r
151         String[] parts = path.substring(1).split("/");\r
152         Deleteable[] d = null;\r
153         if (parts[0].equals("ingress")) {\r
154             if (parts.length == 4) {\r
155                 // /internal/route/ingress/<feed>/<user>/<subnet>\r
156                 try {\r
157                     int feedid = Integer.parseInt(parts[1]);\r
158                     IngressRoute er = IngressRoute.getIngressRoute(feedid, parts[2], parts[3].replaceAll("!", "/"));\r
159                     if (er == null) {\r
160                         sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "The specified ingress route does not exist.", eventlogger);\r
161                         return;\r
162                     }\r
163                     d = new Deleteable[] { er };\r
164                 } catch (NumberFormatException e) {\r
165                     sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Invalid feed ID in 'delete ingress' command.", eventlogger);\r
166                     return;\r
167                 }\r
168             } else if (parts.length == 2) {\r
169                 // /internal/route/ingress/<seq>\r
170                 try {\r
171                     int seq = Integer.parseInt(parts[1]);\r
172                     Set<IngressRoute> set = IngressRoute.getIngressRoutesForSeq(seq);\r
173                     d = set.toArray(new Deleteable[0]);\r
174                 } catch (NumberFormatException e) {\r
175                     sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Invalid sequence number in 'delete ingress' command.", eventlogger);\r
176                     return;\r
177                 }\r
178             } else {\r
179                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Invalid number of arguments in 'delete ingress' command.", eventlogger);\r
180                 return;\r
181             }\r
182         } else if (parts[0].equals("egress")) {\r
183             if (parts.length == 2) {\r
184                 // /internal/route/egress/<sub>\r
185                 try {\r
186                     int subid = Integer.parseInt(parts[1]);\r
187                     EgressRoute er = EgressRoute.getEgressRoute(subid);\r
188                     if (er == null) {\r
189                         sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "The specified egress route does not exist.", eventlogger);\r
190                         return;\r
191                     }\r
192                     d = new Deleteable[] { er };\r
193                 } catch (NumberFormatException e) {\r
194                     sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Invalid sub ID in 'delete egress' command.", eventlogger);\r
195                     return;\r
196                 }\r
197             } else {\r
198                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Invalid number of arguments in 'delete egress' command.", eventlogger);\r
199                 return;\r
200             }\r
201         } else if (parts[0].equals("network")) {\r
202             if (parts.length == 3) {\r
203                 // /internal/route/network/<from>/<to>\r
204                 try {//\r
205                     NetworkRoute nr = new NetworkRoute(\r
206                         NodeClass.normalizeNodename(parts[1]),\r
207                         NodeClass.normalizeNodename(parts[2])\r
208                     );\r
209                     d = new Deleteable[] { nr };\r
210                 } catch (IllegalArgumentException e) {\r
211                     sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "The specified network route does not exist.", eventlogger);\r
212                     return;\r
213                 }\r
214             } else {\r
215                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Invalid number of arguments in 'delete network' command.", eventlogger);\r
216                 return;\r
217             }\r
218         }\r
219         if (d == null) {\r
220             sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);\r
221             return;\r
222         }\r
223         boolean rv = true;\r
224         for (Deleteable dd : d) {\r
225             rv &= doDelete(dd);\r
226         }\r
227         if (rv) {\r
228             elr.setResult(HttpServletResponse.SC_OK);\r
229             eventlogger.info(elr);\r
230             resp.setStatus(HttpServletResponse.SC_OK);\r
231             provisioningDataChanged();\r
232             provisioningParametersChanged();\r
233         } else {\r
234             // Something went wrong with the DELETE\r
235             elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
236             eventlogger.info(elr);\r
237             sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);\r
238         }\r
239     }\r
240     /**\r
241      * GET route table entries from the route table tree specified by the URL path.\r
242      */\r
243     @Override\r
244     public void doGet(HttpServletRequest req, HttpServletResponse resp) {\r
245         EventLogRecord elr = new EventLogRecord(req);\r
246         if (!isAuthorizedForInternal(req)) {\r
247             elr.setMessage("Unauthorized.");\r
248             elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
249             eventlogger.info(elr);\r
250             sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);\r
251             return;\r
252         }\r
253         if (isProxyOK(req) && isProxyServer()) {\r
254             super.doGet(req, resp);\r
255             return;\r
256         }\r
257 \r
258         String path = req.getPathInfo();\r
259         if (!path.endsWith("/"))\r
260             path += "/";\r
261         if (!path.equals("/") && !path.equals("/ingress/") && !path.equals("/egress/") && !path.equals("/network/")) {\r
262             sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);\r
263             return;\r
264         }\r
265 \r
266         StringBuilder sb = new StringBuilder("{\n");\r
267         String px2 = "";\r
268         if (path.equals("/") || path.equals("/ingress/")) {\r
269             String pfx = "\n";\r
270             sb.append("\"ingress\": [");\r
271             for (IngressRoute in : IngressRoute.getAllIngressRoutes()) {\r
272                 sb.append(pfx);\r
273                 sb.append(in.asJSONObject().toString());\r
274                 pfx = ",\n";\r
275             }\r
276             sb.append("\n]");\r
277             px2 = ",\n";\r
278         }\r
279 \r
280         if (path.equals("/") || path.equals("/egress/")) {\r
281             String pfx = "\n";\r
282             sb.append(px2);\r
283             sb.append("\"egress\": {");\r
284             for (EgressRoute eg : EgressRoute.getAllEgressRoutes()) {\r
285                 JSONObject jx = eg.asJSONObject();\r
286                 for (String key : jx.keySet()) {\r
287                     sb.append(pfx);\r
288                     sb.append("  \"").append(key).append("\": ");\r
289                     try {\r
290                         sb.append("\"").append(jx.getString(key)).append("\"");\r
291                     } catch (JSONException je) {\r
292                         eventlogger.error("JSONException" + je.getMessage());\r
293                     }\r
294                     pfx = ",\n";\r
295                 }\r
296             }\r
297             sb.append("\n}");\r
298             px2 = ",\n";\r
299         }\r
300 \r
301         if (path.equals("/") || path.equals("/network/")) {\r
302             String pfx = "\n";\r
303             sb.append(px2);\r
304             sb.append("\"routing\": [");\r
305             for (NetworkRoute ne : NetworkRoute.getAllNetworkRoutes()) {\r
306                 sb.append(pfx);\r
307                 sb.append(ne.asJSONObject().toString());\r
308                 pfx = ",\n";\r
309             }\r
310             sb.append("\n]");\r
311         }\r
312         sb.append("}\n");\r
313         resp.setStatus(HttpServletResponse.SC_OK);\r
314         resp.setContentType("application/json");\r
315         try {\r
316             resp.getOutputStream().print(sb.toString());\r
317         } catch (IOException ioe) {\r
318             eventlogger.error("IOException" + ioe.getMessage());\r
319         }\r
320     }\r
321     /**\r
322      * PUT on &lt;/internal/route/*&gt; -- not supported.\r
323      */\r
324     @Override\r
325     public void doPut(HttpServletRequest req, HttpServletResponse resp) {\r
326         EventLogRecord elr = new EventLogRecord(req);\r
327         if (!isAuthorizedForInternal(req)) {\r
328             elr.setMessage("Unauthorized.");\r
329             elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
330             eventlogger.info(elr);\r
331             sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);\r
332             return;\r
333         }\r
334         sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", eventlogger);\r
335     }\r
336     /**\r
337      * POST - modify existing route table entries in the route table tree specified by the URL path.\r
338      */\r
339     @Override\r
340     public void doPost(HttpServletRequest req, HttpServletResponse resp) {\r
341         EventLogRecord elr = new EventLogRecord(req);\r
342         if (!isAuthorizedForInternal(req)) {\r
343             elr.setMessage("Unauthorized.");\r
344             elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
345             eventlogger.info(elr);\r
346             sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, "Unauthorized.", eventlogger);\r
347             return;\r
348         }\r
349         if (isProxyOK(req) && isProxyServer()) {\r
350             super.doPost(req, resp);\r
351             return;\r
352         }\r
353         String path = req.getPathInfo();\r
354         Insertable[] ins = null;\r
355         if (path.startsWith("/ingress/")) {\r
356             // /internal/route/ingress/?feed=%s&amp;user=%s&amp;subnet=%s&amp;nodepatt=%s\r
357             try {\r
358                 // Although it probably doesn't make sense, you can install two identical routes in the IRT\r
359                 int feedid = Integer.parseInt(req.getParameter("feed"));\r
360                 String user = req.getParameter("user");\r
361                 if (user == null)\r
362                     user = "-";\r
363                 String subnet = req.getParameter("subnet");\r
364                 if (subnet == null)\r
365                     subnet = "-";\r
366                 String nodepatt = req.getParameter("nodepatt");\r
367                 String t = req.getParameter("seq");\r
368                 int seq = (t != null) ? Integer.parseInt(t) : (IngressRoute.getMaxSequence() + 100);\r
369                 ins = new Insertable[] { new IngressRoute(seq, feedid, user, subnet, NodeClass.lookupNodeNames(nodepatt)) };\r
370             } catch (Exception e) {\r
371                 intlogger.info(e);\r
372                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, "Invalid arguments in 'add ingress' command.", intlogger);\r
373                 return;\r
374             }\r
375         } else if (path.startsWith("/egress/")) {\r
376             // /internal/route/egress/?sub=%s&amp;node=%s\r
377             try {\r
378                 int subid = Integer.parseInt(req.getParameter("sub"));\r
379                 EgressRoute er = EgressRoute.getEgressRoute(subid);\r
380                 if (er != null) {\r
381                     sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, "An egress route already exists for that subscriber.", intlogger);\r
382                     return;\r
383                 }\r
384                 String node = NodeClass.normalizeNodename(req.getParameter("node"));\r
385                 ins = new Insertable[] { new EgressRoute(subid, node) };\r
386             } catch (Exception e) {\r
387                 intlogger.info(e);\r
388                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, "Invalid arguments in 'add egress' command.", intlogger);\r
389                 return;\r
390             }\r
391         } else if (path.startsWith("/network/")) {\r
392             // /internal/route/network/?from=%s&amp;to=%s&amp;via=%s\r
393             try {\r
394                 String nfrom = req.getParameter("from");\r
395                 String nto   = req.getParameter("to");\r
396                 String nvia  = req.getParameter("via");\r
397                 if (nfrom == null || nto == null || nvia == null) {\r
398                     sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, "Missing arguments in 'add network' command.", intlogger);\r
399                     return;\r
400                 }\r
401                 nfrom = NodeClass.normalizeNodename(nfrom);\r
402                 nto   = NodeClass.normalizeNodename(nto);\r
403                 nvia  = NodeClass.normalizeNodename(nvia);\r
404                 NetworkRoute nr = new NetworkRoute(nfrom, nto, nvia);\r
405                 for (NetworkRoute route : NetworkRoute.getAllNetworkRoutes()) {\r
406                     if (route.getFromnode() == nr.getFromnode() && route.getTonode() == nr.getTonode()) {\r
407                         sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, "Network route table already contains a route for " + nfrom + " and " + nto, intlogger);\r
408                         return;\r
409                     }\r
410                 }\r
411                 ins = new Insertable[] { nr };\r
412             } catch (IllegalArgumentException e) {\r
413                 intlogger.info(e);\r
414                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, "Invalid arguments in 'add network' command.", intlogger);\r
415                 return;\r
416             }\r
417         }\r
418         if (ins == null) {\r
419             sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, "Bad URL.", intlogger);\r
420             return;\r
421         }\r
422         boolean rv = true;\r
423         for (Insertable dd : ins) {\r
424             rv &= doInsert(dd);\r
425         }\r
426         if (rv) {\r
427             elr.setResult(HttpServletResponse.SC_OK);\r
428             eventlogger.info(elr);\r
429             resp.setStatus(HttpServletResponse.SC_OK);\r
430             provisioningDataChanged();\r
431             provisioningParametersChanged();\r
432         } else {\r
433             // Something went wrong with the INSERT\r
434             elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
435             eventlogger.info(elr);\r
436             sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, intlogger);\r
437         }\r
438     }\r
439 }\r
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API