Merge "Fix Feed Vulnerabilities"

[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / SubscriptionServlet.java

/*******************************************************************************\r
 * ============LICENSE_START==================================================\r
 * * org.onap.dmaap\r
 * * ===========================================================================\r
 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
 * * ===========================================================================\r
 * * Licensed under the Apache License, Version 2.0 (the "License");\r
 * * you may not use this file except in compliance with the License.\r
 * * You may obtain a copy of the License at\r
 * *\r
 *  *      http://www.apache.org/licenses/LICENSE-2.0\r
 * *\r
 *  * Unless required by applicable law or agreed to in writing, software\r
 * * distributed under the License is distributed on an "AS IS" BASIS,\r
 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * * See the License for the specific language governing permissions and\r
 * * limitations under the License.\r
 * * ============LICENSE_END====================================================\r
 * *\r
 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * *\r
 ******************************************************************************/\r
\r
\r
package org.onap.dmaap.datarouter.provisioning;\r
\r
import java.io.IOException;\r
import java.io.InvalidObjectException;\r
import java.net.HttpURLConnection;\r
import java.net.URL;\r
import java.util.List;\r
import java.util.Vector;\r
\r
import javax.servlet.http.HttpServletRequest;\r
import javax.servlet.http.HttpServletResponse;\r
\r
import org.json.JSONException;\r
import org.json.JSONObject;\r
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;\r
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;\r
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;\r
import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;\r
\r
import com.att.eelf.configuration.EELFLogger;\r
import com.att.eelf.configuration.EELFManager;\r
\r
import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;\r
\r
/**\r
 * This servlet handles provisioning for the <subscriptionURL> which is generated by the provisioning server to\r
 * handle the inspection, modification, and deletion of a particular subscription to a feed. It supports DELETE to\r
 * delete a subscription, GET to retrieve information about the subscription, and PUT to modify the subscription.  In DR\r
 * 3.0, POST is also supported in order to reset the subscription timers for individual subscriptions.\r
 *\r
 * @author Robert Eby\r
 * @version $Id$\r
 */\r
@SuppressWarnings("serial")\r
public class SubscriptionServlet extends ProxyServlet {\r
\r
    public static final String SUBCNTRL_CONTENT_TYPE = "application/vnd.att-dr.subscription-control";\r
    //Adding EELF Logger Rally:US664892\r
    private static EELFLogger eelflogger = EELFManager.getInstance()\r
        .getLogger("org.onap.dmaap.datarouter.provisioning.SubscriptionServlet");\r
\r
    /**\r
     * DELETE on the &lt;subscriptionUrl&gt; -- delete a subscription. See the <i>Deleting a Subscription</i> section in\r
     * the <b>Provisioning API</b> document for details on how this method should be invoked.\r
     */\r
    @Override\r
    public void doDelete(HttpServletRequest req, HttpServletResponse resp) {\r
        setIpAndFqdnForEelf("doDelete");\r
        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");\r
        EventLogRecord elr = new EventLogRecord(req);\r
        String message = isAuthorizedForProvisioning(req);\r
        if (message != null) {\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
        if (isProxyServer()) {\r
            super.doDelete(req, resp);\r
            return;\r
        }\r
        String bhdr = req.getHeader(BEHALF_HEADER);\r
        if (bhdr == null) {\r
            message = "Missing " + BEHALF_HEADER + " header.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        int subid = getIdFromPath(req);\r
        if (subid < 0) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        Subscription sub = Subscription.getSubscriptionById(subid);\r
        if (sub == null) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_NOT_FOUND);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
            return;\r
        }\r
        // Check with the Authorizer\r
        AuthorizationResponse aresp = authz.decide(req);\r
        if (!aresp.isAuthorized()) {\r
            message = "Policy Engine disallows access.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
\r
        // Delete Subscription\r
        if (doDelete(sub)) {\r
            activeSubs--;\r
            // send response\r
            elr.setResult(HttpServletResponse.SC_NO_CONTENT);\r
            eventlogger.info(elr);\r
            resp.setStatus(HttpServletResponse.SC_NO_CONTENT);\r
            provisioningDataChanged();\r
        } else {\r
            // Something went wrong with the DELETE\r
            elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, intlogger);\r
        }\r
    }\r
\r
    /**\r
     * GET on the &lt;subscriptionUrl&gt; -- get information about a subscription. See the <i>Retreiving Information\r
     * about a Subscription</i> section in the <b>Provisioning API</b> document for details on how this method should be\r
     * invoked.\r
     */\r
    @Override\r
    public void doGet(HttpServletRequest req, HttpServletResponse resp) {\r
        setIpAndFqdnForEelf("doGet");\r
        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");\r
        EventLogRecord elr = new EventLogRecord(req);\r
        String message = isAuthorizedForProvisioning(req);\r
        if (message != null) {\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
        if (isProxyServer()) {\r
            super.doGet(req, resp);\r
            return;\r
        }\r
        String bhdr = req.getHeader(BEHALF_HEADER);\r
        if (bhdr == null) {\r
            message = "Missing " + BEHALF_HEADER + " header.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        int subid = getIdFromPath(req);\r
        if (subid < 0) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        Subscription sub = Subscription.getSubscriptionById(subid);\r
        if (sub == null) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_NOT_FOUND);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
            return;\r
        }\r
        // Check with the Authorizer\r
        AuthorizationResponse aresp = authz.decide(req);\r
        if (!aresp.isAuthorized()) {\r
            message = "Policy Engine disallows access.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
\r
        // send response\r
        elr.setResult(HttpServletResponse.SC_OK);\r
        eventlogger.info(elr);\r
        resp.setStatus(HttpServletResponse.SC_OK);\r
        resp.setContentType(SUBFULL_CONTENT_TYPE);\r
        try {\r
            resp.getOutputStream().print(sub.asJSONObject(true).toString());\r
        } catch (IOException ioe) {\r
            eventlogger.error("IOException: " + ioe.getMessage());\r
        }\r
    }\r
\r
    /**\r
     * PUT on the &lt;subscriptionUrl&gt; -- modify a subscription. See the <i>Modifying a Subscription</i> section in\r
     * the <b>Provisioning API</b> document for details on how this method should be invoked.\r
     */\r
    @Override\r
    public void doPut(HttpServletRequest req, HttpServletResponse resp) {\r
        setIpAndFqdnForEelf("doPut");\r
        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_SUBID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");\r
        EventLogRecord elr = new EventLogRecord(req);\r
        String message = isAuthorizedForProvisioning(req);\r
        if (message != null) {\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
        if (isProxyServer()) {\r
            super.doPut(req, resp);\r
            return;\r
        }\r
        String bhdr = req.getHeader(BEHALF_HEADER);\r
        if (bhdr == null) {\r
            message = "Missing " + BEHALF_HEADER + " header.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        int subid = getIdFromPath(req);\r
        if (subid < 0) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        Subscription oldsub = Subscription.getSubscriptionById(subid);\r
        if (oldsub == null) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_NOT_FOUND);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
            return;\r
        }\r
        // Check with the Authorizer\r
        AuthorizationResponse aresp = authz.decide(req);\r
        if (!aresp.isAuthorized()) {\r
            message = "Policy Engine disallows access.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
        // check content type is SUB_CONTENT_TYPE, version 1.0\r
        ContentHeader ch = getContentHeader(req);\r
        String ver = ch.getAttribute("version");\r
        if (!ch.getType().equals(SUB_BASECONTENT_TYPE) || !(ver.equals("1.0") || ver.equals("2.0"))) {\r
            message = "Incorrect content-type";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);\r
            return;\r
        }\r
        JSONObject jo = getJSONfromInput(req);\r
        if (jo == null) {\r
            message = "Badly formed JSON";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        if (intlogger.isDebugEnabled()) {\r
            intlogger.debug(jo.toString());\r
        }\r
        Subscription sub = null;\r
        try {\r
            sub = new Subscription(jo);\r
        } catch (InvalidObjectException e) {\r
            message = e.getMessage();\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        sub.setSubid(oldsub.getSubid());\r
        sub.setFeedid(oldsub.getFeedid());\r
        sub.setSubscriber(bhdr);    // set from X-ATT-DR-ON-BEHALF-OF header\r
\r
        String subjectgroup = (req.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")); //Adding for group feature:Rally US708115\r
        if (!oldsub.getSubscriber().equals(sub.getSubscriber()) && subjectgroup == null) {\r
            message = "This subscriber must be modified by the same subscriber that created it.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
\r
        // Update SUBSCRIPTIONS table entries\r
        if (doUpdate(sub)) {\r
            // send response\r
            elr.setResult(HttpServletResponse.SC_OK);\r
            eventlogger.info(elr);\r
            resp.setStatus(HttpServletResponse.SC_OK);\r
            resp.setContentType(SUBFULL_CONTENT_TYPE);\r
            try {\r
                resp.getOutputStream().print(sub.asLimitedJSONObject().toString());\r
            } catch (IOException ioe) {\r
                eventlogger.error("IOException: " + ioe.getMessage());\r
            }\r
\r
            /**Change Owner ship of Subscriber     Adding for group feature:Rally US708115*/\r
            if (jo.has("changeowner") && subjectgroup != null) {\r
                try {\r
                    Boolean changeowner = (Boolean) jo.get("changeowner");\r
                    if (changeowner != null && changeowner.equals(true)) {\r
                        sub.setSubscriber(req.getHeader(BEHALF_HEADER));\r
                        sub.changeOwnerShip();\r
                    }\r
                } catch (JSONException je) {\r
                    eventlogger.error("JSONException: " + je.getMessage());\r
                }\r
            }\r
            /***End of change ownership*/\r
\r
            provisioningDataChanged();\r
        } else {\r
            // Something went wrong with the UPDATE\r
            elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, intlogger);\r
        }\r
    }\r
\r
    /**\r
     * POST on the &lt;subscriptionUrl&gt; -- control a subscription. See the <i>Resetting a Subscription's Retry\r
     * Schedule</i> section in the <b>Provisioning API</b> document for details on how this method should be invoked.\r
     */\r
    @Override\r
    public void doPost(HttpServletRequest req, HttpServletResponse resp) {\r
// OLD pre-3.0 code\r
//        String message = "POST not allowed for the subscriptionURL.";\r
//        EventLogRecord elr = new EventLogRecord(req);\r
//        elr.setMessage(message);\r
//        elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);\r
//        eventlogger.info(elr);\r
//        resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, message);\r
\r
        setIpAndFqdnForEelf("doPost");\r
        eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));\r
        EventLogRecord elr = new EventLogRecord(req);\r
        String message = isAuthorizedForProvisioning(req);\r
        if (message != null) {\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
        if (isProxyServer()) {\r
            super.doPost(req, resp);\r
            return;\r
        }\r
        String bhdr = req.getHeader(BEHALF_HEADER);\r
        if (bhdr == null) {\r
            message = "Missing " + BEHALF_HEADER + " header.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        final int subid = getIdFromPath(req);\r
        if (subid < 0 || Subscription.getSubscriptionById(subid) == null) {\r
            message = "Missing or bad subscription number.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        // check content type is SUBCNTRL_CONTENT_TYPE, version 1.0\r
        ContentHeader ch = getContentHeader(req);\r
        String ver = ch.getAttribute("version");\r
        if (!ch.getType().equals(SUBCNTRL_CONTENT_TYPE) || !ver.equals("1.0")) {\r
            message = "Incorrect content-type";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);\r
            return;\r
        }\r
        // Check with the Authorizer\r
        AuthorizationResponse aresp = authz.decide(req);\r
        if (!aresp.isAuthorized()) {\r
            message = "Policy Engine disallows access.";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
            return;\r
        }\r
        JSONObject jo = getJSONfromInput(req);\r
        if (jo == null) {\r
            message = "Badly formed JSON";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
            return;\r
        }\r
        try {\r
            // Only the active POD sends notifications\r
            boolean active = SynchronizerTask.getSynchronizer().isActive();\r
            boolean b = jo.getBoolean("failed");\r
            if (active && !b) {\r
                // Notify all nodes to reset the subscription\r
                SubscriberNotifyThread t = new SubscriberNotifyThread();\r
                t.resetSubscription(subid);\r
                t.start();\r
            }\r
            // send response\r
            elr.setResult(HttpServletResponse.SC_ACCEPTED);\r
            eventlogger.info(elr);\r
            resp.setStatus(HttpServletResponse.SC_ACCEPTED);\r
        } catch (JSONException e) {\r
            message = "Badly formed JSON";\r
            elr.setMessage(message);\r
            elr.setResult(HttpServletResponse.SC_BAD_REQUEST);\r
            eventlogger.info(elr);\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
        }\r
    }\r
\r
    /**\r
     * A Thread class used to serially send reset notifications to all nodes in the DR network, when a POST is received\r
     * for a subscription.\r
     */\r
    public class SubscriberNotifyThread extends Thread {\r
\r
        public static final String URL_TEMPLATE = "http://%s/internal/resetSubscription/%d";\r
        private List<String> urls = new Vector<String>();\r
\r
        public SubscriberNotifyThread() {\r
            setName("SubscriberNotifyThread");\r
        }\r
\r
        public void resetSubscription(int subid) {\r
            for (String nodename : BaseServlet.getNodes()) {\r
                String u = String.format(URL_TEMPLATE, nodename, subid);\r
                urls.add(u);\r
            }\r
        }\r
\r
        public void run() {\r
            try {\r
                while (!urls.isEmpty()) {\r
                    String u = urls.remove(0);\r
                    try {\r
                        URL url = new URL(u);\r
                        HttpURLConnection conn = (HttpURLConnection) url.openConnection();\r
                        conn.connect();\r
                        conn.getContentLength();    // Force the GET through\r
                        conn.disconnect();\r
                    } catch (IOException e) {\r
                        intlogger.info("IOException Error accessing URL: " + u + ": " + e.getMessage());\r
                    }\r
                }\r
            } catch (Exception e) {\r
                intlogger.warn("Caught exception in SubscriberNotifyThread: " + e);\r
            }\r
        }\r
    }\r
}\r