# DMAAP_DATAROUTER\r
- \r
+\r
## OVERVIEW\r
- \r
-The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. \r
+\r
+The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require.\r
The delivery of data from these kinds of production systems is the domain of the Data Routing System. Its primary goal is to make it easier to move data from existing applications that may not have been designed from the ground up to share data.\r
The Data Routing System is different from many existing platforms for distributing messages from producers to consumers which focus on real-time delivery of small messages (on the order of a few kilobytes or so) for more\r
\r
Provisioning is implemented as a Java servlet running under Jetty in one JVM\r
- \r
+\r
Provisioning data is stored in a MariaDB database\r
- \r
+\r
The backup provisioning server and each node is informed any time provisioning data changes\r
- \r
+\r
The backup provisioning server and each node may request the complete set of provisioning data at any time\r
- \r
+\r
A Node is implemented as a Java servlet running under Jetty in one JVM\r
\r
Assumptions\r
For 95% of all feeds (there will be some exceptions):\r
- \r
+\r
Number of Publishing Endpoints per Feed: 1 – 10\r
- \r
+\r
Number of Subscribers per Feed: 2 – 10\r
- \r
+\r
File Size: 105 – 1010 bytes\r
- \r
+\r
with a distribution towards the high end\r
- \r
+\r
Frequency of Publishing: 1/day – 10/minute\r
- \r
+\r
Lifetime of a Feed: months to years\r
- \r
+\r
Lifetime of a Subscription: months to years\r
- \r
- \r
+\r
+\r
Data Router and Sensitive Data Handling\r
- \r
+\r
A publisher of a Data Router feed of sensitive (e.g., PCI, SPI, etc.) data needs to encrypt that data prior to delivering it to the Data Router\r
- \r
+\r
The Data Router will distribute that data to all of the subscribers of that feed.\r
- \r
+\r
Data Router does not examine the Feed content or enforce any restrictions or Validations on the Feed Content in any way\r
- \r
+\r
It is the responsibility of the subscribers to work with the publisher to determine how to decrypt that data\r
- \r
\r
\r
- \r
+\r
+\r
\r
What the Data Router is NOT:\r
\r
Does not support streaming data\r
- \r
+\r
Does not tightly couple to any specific publish endpoint or subscriber\r
- \r
+\r
Agnostic as to source and sink of data residing in an RDBMS, NoSQL DB, Other DBMS, Flat Files, etc.\r
- \r
+\r
Does not transform any published data\r
- \r
+\r
Does not “examine” any published data\r
- \r
+\r
Does not verify the integrity of a published file\r
- \r
+\r
Does not perform any data “cleansing”\r
- \r
+\r
Does not store feeds (not a repository or archive)\r
- \r
+\r
There is no long-term storage – assumes subscribers are responsive most of the time\r
- \r
+\r
Does not encrypt data when queued on a node\r
- \r
+\r
Does not provide guaranteed order of delivery\r
- \r
+\r
Per-file metadata can be used for ordering\r
- \r
- External customers supported is via DITREX (MOTS 18274)\r
- \r
- \r
- \r
\r
-## BUILD \r
- \r
-Datarouter can be cloned and repository and builb using Maven \r
-In the repository \r
+\r
+\r
+\r
+## BUILD\r
+\r
+Datarouter can be cloned and repository and builb using Maven\r
+In the repository\r
\r
Go to datarouter-prov in the root\r
\r
mvn clean install\r
- \r
+\r
Go to datarouter-node in the root\r
\r
mvn clean install\r
- \r
+\r
Project Build will be Successful\r
\r
\r
\r
\r
-## RUN \r
+## RUN\r
\r
-Datarouter is a Unix based service \r
+Datarouter is a Unix based service\r
\r
Pre-requisites to run the service\r
\r
\r
Sample sql_init_01.sql is provided in the datarouter-prov/src/main/resources/misc\r
\r
-Go to datarouter-prov module and run the service using main.java \r
- \r
-Go to datarouter-node module and run the service using nodemain.java \r
+Go to datarouter-prov module and run the service using main.java\r
+\r
+Go to datarouter-node module and run the service using nodemain.java\r
\r
Curl Commands to test:\r
\r
create a feed:\r
\r
-curl -v -X POST -H "Content-Type : application/vnd.att-dr.feed" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://prov.datarouternew.com:8443\r
+curl -v -X POST -H "Content-Type : application/vnd.att-dr.feed" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://dmaap-dr-prov:8443\r
\r
Subscribe to feed:\r
\r
-curl -v -X POST -H "Content-Type: application/vnd.att-dr.subscription" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addSubscriber.txt --post301 --location-trusted -k https://prov.datarouternew.com:8443/subscribe/1\r
+curl -v -X POST -H "Content-Type: application/vnd.att-dr.subscription" -H "X-ATT-DR-ON-BEHALF-OF: rs873m" --data-ascii @/opt/app/datartr/addSubscriber.txt --post301 --location-trusted -k https://dmaap-dr-prov:8443/subscribe/1\r
\r
Publish to feed:\r
\r
-curl -v -X PUT --user rs873m:rs873m -H "Content-Type: application/octet-stream" --data-binary @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://prov.datarouternew.com:8443/publish/1/test1\r
+curl -v -X PUT --user rs873m:rs873m -H "Content-Type: application/octet-stream" --data-binary @/opt/app/datartr/addFeed3.txt --post301 --location-trusted -k https://dmaap-dr-prov:8443/publish/1/test1\r
+\r
\r
\r
- \r
\r
- ## CONFIGURATION \r
+ ## CONFIGURATION\r
\r
-Recommended \r
+Recommended\r
\r
Environment - Unix based\r
\r
Java - 1.8\r
\r
-Maven - 3.2.5 \r
+Maven - 3.2.5\r
\r
MariaDB - 10.2.14\r
\r
Self Signed SSL certificates\r
- \r
- \r
+\r
+\r
<goal>copy-resources</goal>
</goals>
<configuration>
- <outputDirectory>${basedir}/target/opt/app/datartr/self_signed</outputDirectory>
+ <outputDirectory>${basedir}/target/opt/app/datartr/aaf_certs</outputDirectory>
<resources>
<resource>
- <directory>${basedir}/self_signed</directory>
+ <directory>${basedir}/aaf_certs</directory>
<includes>
<include>misc/**</include>
<include>**/**</include>
import static com.att.eelf.configuration.Configuration.MDC_SERVER_IP_ADDRESS;
import static com.att.eelf.configuration.Configuration.MDC_SERVICE_NAME;
-import java.security.*;
-import java.io.*;
-import java.util.*;
-import java.security.cert.*;
-import java.net.*;
-import java.text.*;
-
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.security.KeyStore;
+import java.security.MessageDigest;
+import java.security.cert.X509Certificate;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.TimeZone;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.onap.dmaap.datarouter.node.eelf.EelfMsgs;
import org.slf4j.MDC;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
/**
* Utility functions for the data router node
*/
public class NodeUtils {
- private static EELFLogger eelfLogger = EELFManager.getInstance().getLogger("org.onap.dmaap.datarouter.node.NodeUtils");
+
+ private static EELFLogger eelfLogger = EELFManager.getInstance()
+ .getLogger("org.onap.dmaap.datarouter.node.NodeUtils");
private static Logger nodeUtilsLogger = Logger.getLogger("org.onap.dmaap.datarouter.node.NodeUtils");
private static SimpleDateFormat logDate;
/**
* Given a user and password, generate the credentials
*
- * @param user User name
+ * @param user User name
* @param password User password
* @return Authorization header value
*/
md.update(key.getBytes());
return (getAuthHdr(node, base64Encode(md.digest())));
} catch (Exception exception) {
- nodeUtilsLogger.error("Exception in generating Credentials for given node name:= " + exception.toString(), exception);
+ nodeUtilsLogger
+ .error("Exception in generating Credentials for given node name:= " + exception.toString(), exception);
return (null);
}
}
/**
- * Given a keystore file and its password, return the value of the CN of the first private key entry with a certificate.
+ * Given a keystore file and its password, return the value of the CN of the first private key entry with a
+ * certificate.
*
* @param kstype The type of keystore
* @param ksfile The file name of the keystore
* @return CN of the certificate subject or null
*/
public static String getCanonicalName(String kstype, String ksfile, String kspass) {
- KeyStore ks=null;
+ KeyStore ks;
try {
ks = KeyStore.getInstance(kstype);
- try(FileInputStream fileInputStream=new FileInputStream(ksfile)) {
+ try (FileInputStream fileInputStream = new FileInputStream(ksfile)) {
ks.load(fileInputStream, kspass.toCharArray());
+ } catch (IOException ioException) {
+ nodeUtilsLogger.error("IOException occurred while opening FileInputStream: " + ioException.getMessage(),
+ ioException);
+ return (null);
}
- } catch(IOException ioException) {
- nodeUtilsLogger.error("Exception occurred while opening FileInputStream",ioException);
- return (null);
} catch (Exception e) {
setIpAndFqdnForEelf("getCanonicalName");
eelfLogger.error(EelfMsgs.MESSAGE_KEYSTORE_LOAD_ERROR, ksfile, e.toString());
if (parts.length < 1) {
return (null);
}
- subject = parts[0].trim();
+ subject = parts[5].trim();
if (!subject.startsWith("CN=")) {
return (null);
try {
return (InetAddress.getByName(ip).getAddress());
} catch (Exception exception) {
- nodeUtilsLogger.error("Exception in generating byte array for given IP address := " + exception.toString(), exception);
+ nodeUtilsLogger
+ .error("Exception in generating byte array for given IP address := " + exception.toString(), exception);
}
return (null);
}
}
/**
- * Escape fields that might contain vertical bar, backslash, or newline by replacing them with backslash p, backslash e and backslash n.
+ * Escape fields that might contain vertical bar, backslash, or newline by replacing them with backslash p,
+ * backslash e and backslash n.
*/
public static String loge(String s) {
if (s == null) {
MDC.put(MDC_SERVER_FQDN, InetAddress.getLocalHost().getHostName());
MDC.put(MDC_SERVER_IP_ADDRESS, InetAddress.getLocalHost().getHostAddress());
} catch (Exception exception) {
- nodeUtilsLogger.error("Exception in generating byte array for given IP address := " + exception.toString(), exception);
+ nodeUtilsLogger
+ .error("Exception in generating byte array for given IP address := " + exception.toString(), exception);
}
}
+++ /dev/null
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START==================================================\r
-# * org.onap.dmaap\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# *\r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# *\r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-#\r
-# Configuration parameters fixed at startup for the DataRouter node\r
-#\r
-# URL to retrieve dynamic configuration\r
-#\r
-#ProvisioningURL: ${DRTR_PROV_INTURL}\r
-ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov\r
-\r
-#\r
-# URL to upload PUB/DEL/EXP logs\r
-#\r
-#LogUploadURL: ${DRTR_LOG_URL}\r
-LogUploadURL=https://prov.datarouternew.com:8443/internal/logs\r
-\r
-#\r
-# The port number for http as seen within the server\r
-#\r
-#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}\r
-IntHttpPort=8080\r
-#\r
-# The port number for https as seen within the server\r
-#\r
-IntHttpsPort=8443\r
-#\r
-# The external port number for https taking port mapping into account\r
-#\r
-ExtHttpsPort=443\r
-#\r
-# The minimum interval between fetches of the dynamic configuration\r
-# from the provisioning server\r
-#\r
-MinProvFetchInterval=10000\r
-#\r
-# The minimum interval between saves of the redirection data file\r
-#\r
-MinRedirSaveInterval=10000\r
-#\r
-# The path to the directory where log files are stored\r
-#\r
-LogDir=/opt/app/datartr/logs\r
-#\r
-# The retention interval (in days) for log files\r
-#\r
-LogRetention=30\r
-#\r
-# The path to the directories where data and meta data files are stored\r
-#\r
-SpoolDir=/opt/app/datartr/spool\r
-#\r
-# The path to the redirection data file\r
-#\r
-#RedirectionFile: etc/redirections.dat\r
-#\r
-# The type of keystore for https\r
-KeyStoreType: jks\r
-#\r
-# The path to the keystore for https\r
-#\r
-KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks\r
-#\r
-# The password for the https keystore\r
-#\r
-KeyStorePassword=changeit\r
-#\r
-# The password for the private key in the https keystore\r
-#\r
-KeyPassword=changeit\r
-#\r
-# The type of truststore for https\r
-#\r
-TrustStoreType=jks\r
-#\r
-# The path to the truststore for https\r
-#\r
-#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts\r
-TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks\r
-#\r
-# The password for the https truststore\r
-#\r
-TrustStorePassword=changeit\r
-#\r
-# The path to the file used to trigger an orderly shutdown\r
-#\r
-QuiesceFile=etc/SHUTDOWN\r
-#\r
-# The key used to generate passwords for node to node transfers\r
-#\r
-NodeAuthKey=Node123!\r
-\r
-#-------------------------------------------------------------------------------\r
-# ============LICENSE_START==================================================\r
-# * org.onap.dmaap\r
-# * ===========================================================================\r
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
-# * ===========================================================================\r
-# * Licensed under the Apache License, Version 2.0 (the "License");\r
-# * you may not use this file except in compliance with the License.\r
-# * You may obtain a copy of the License at\r
-# *\r
-# * http://www.apache.org/licenses/LICENSE-2.0\r
-# *\r
-# * Unless required by applicable law or agreed to in writing, software\r
-# * distributed under the License is distributed on an "AS IS" BASIS,\r
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# * See the License for the specific language governing permissions and\r
-# * limitations under the License.\r
-# * ============LICENSE_END====================================================\r
-# *\r
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
-# *\r
-#-------------------------------------------------------------------------------\r
-#\r
-# Configuration parameters fixed at startup for the DataRouter node\r
-#\r
-# URL to retrieve dynamic configuration\r
-#\r
-#ProvisioningURL: ${DRTR_PROV_INTURL}\r
-ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov\r
-\r
-#\r
-# URL to upload PUB/DEL/EXP logs\r
-#\r
-#LogUploadURL: ${DRTR_LOG_URL}\r
-LogUploadURL=https://prov.datarouternew.com:8443/internal/logs\r
-\r
-#\r
-# The port number for http as seen within the server\r
-#\r
-#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}\r
-IntHttpPort=8080\r
-#\r
-# The port number for https as seen within the server\r
-#\r
-IntHttpsPort=8443\r
-#\r
-# The external port number for https taking port mapping into account\r
-#\r
-ExtHttpsPort=443\r
-#\r
-# The minimum interval between fetches of the dynamic configuration\r
-# from the provisioning server\r
-#\r
-MinProvFetchInterval=10000\r
-#\r
-# The minimum interval between saves of the redirection data file\r
-#\r
-MinRedirSaveInterval=10000\r
-#\r
-# The path to the directory where log files are stored\r
-#\r
-LogDir=/opt/app/datartr/logs\r
-#\r
-# The retention interval (in days) for log files\r
-#\r
-LogRetention=30\r
-#\r
-# The path to the directories where data and meta data files are stored\r
-#\r
-SpoolDir=/opt/app/datartr/spool\r
-#\r
-# The path to the redirection data file\r
-#\r
-#RedirectionFile: etc/redirections.dat\r
-#\r
-# The type of keystore for https\r
-#\r
-KeyStoreType: jks\r
-#\r
-# The path to the keystore for https\r
-#\r
-KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks\r
-#\r
-# The password for the https keystore\r
-#\r
-KeyStorePassword=changeit\r
-#\r
-# The password for the private key in the https keystore\r
-#\r
-KeyPassword=changeit\r
-#\r
-# The type of truststore for https\r
-#\r
-TrustStoreType=jks\r
-#\r
-# The path to the truststore for https\r
-#\r
-#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts\r
-TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks\r
-#\r
-# The password for the https truststore\r
-#\r
-TrustStorePassword=changeit\r
-#\r
-# The path to the file used to trigger an orderly shutdown\r
-#\r
-QuiesceFile=etc/SHUTDOWN\r
-#\r
-# The key used to generate passwords for node to node transfers\r
-#\r
-NodeAuthKey=Node123!\r
-\r
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==================================================
+# * org.onap.dmaap
+# * ===========================================================================
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# * ===========================================================================
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# * ============LICENSE_END====================================================
+# *
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# *
+#-------------------------------------------------------------------------------
+#
+# Configuration parameters fixed at startup for the DataRouter node
+#
+# URL to retrieve dynamic configuration
+#
+#ProvisioningURL: ${DRTR_PROV_INTURL}
+ProvisioningURL=https://dmaap-dr-prov:8443/internal/prov
+
+#
+# URL to upload PUB/DEL/EXP logs
+#
+#LogUploadURL: ${DRTR_LOG_URL}
+LogUploadURL=https://dmaap-dr-prov:8443/internal/logs
+
+#
+# The port number for http as seen within the server
+#
+#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
+IntHttpPort=8080
+#
+# The port number for https as seen within the server
+#
+IntHttpsPort=8443
+#
+# The external port number for https taking port mapping into account
+#
+ExtHttpsPort=443
+#
+# The minimum interval between fetches of the dynamic configuration
+# from the provisioning server
+#
+MinProvFetchInterval=10000
+#
+# The minimum interval between saves of the redirection data file
+#
+MinRedirSaveInterval=10000
+#
+# The path to the directory where log files are stored
+#
+LogDir=/opt/app/datartr/logs
+#
+# The retention interval (in days) for log files
+#
+LogRetention=30
+#
+# The path to the directories where data and meta data files are stored
+#
+SpoolDir=/opt/app/datartr/spool
+#
+# The path to the redirection data file
+#
+#RedirectionFile: etc/redirections.dat
+#
+# The type of keystore for https
+KeyStoreType: jks
+#
+# The path to the keystore for https
+#
+KeyStoreFile:/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
+#
+# The password for the https keystore
+#
+KeyStorePassword=4*&GD+w58RUM]01No.CYY;z6
+#
+# The password for the private key in the https keystore
+#
+KeyPassword=4*&GD+w58RUM]01No.CYY;z6
+#
+# The type of truststore for https
+#
+TrustStoreType=jks
+#
+# The path to the truststore for https
+#
+#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
+TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
+#
+# The password for the https truststore
+#
+TrustStorePassword=UDXlT6Iu[F)k,Htk92+B,0Xj
+#
+# The path to the file used to trigger an orderly shutdown
+#
+QuiesceFile=etc/SHUTDOWN
+#
+# The key used to generate passwords for node to node transfers
+#
+NodeAuthKey=Node123!
+
<goal>copy-resources</goal>\r
</goals>\r
<configuration>\r
- <outputDirectory>${basedir}/target/opt/app/datartr/self_signed</outputDirectory>\r
+ <outputDirectory>${basedir}/target/opt/app/datartr/aaf_certs</outputDirectory>\r
<resources>\r
<resource>\r
- <directory>${basedir}/self_signed</directory>\r
+ <directory>${basedir}/aaf_certs</directory>\r
<includes>\r
<include>misc/**</include>\r
<include>**/**</include>\r
* @return an error string, or null if all is OK
*/
String isAuthorizedForProvisioning(HttpServletRequest request) {
- if (Boolean.parseBoolean(isAddressAuthEnabled)) {
+ if (!Boolean.parseBoolean(isAddressAuthEnabled)) {
return null;
}
// Is the request https?
boolean isAuthorizedForInternal(HttpServletRequest request) {
try {
- if (Boolean.parseBoolean(isAddressAuthEnabled)) {
+ if (!Boolean.parseBoolean(isAddressAuthEnabled)) {
return true;
}
InetAddress ip = InetAddress.getByName(request.getRemoteAddr());
// Normalize the nodes, and fill in nodeAddresses
InetAddress[] na = new InetAddress[nodes.length];
for (int i = 0; i < nodes.length; i++) {
- if (nodes[i].indexOf('.') < 0) {
- nodes[i] += "." + provDomain;
- }
try {
na[i] = InetAddress.getByName(nodes[i]);
intlogger.debug("PROV0003 DNS lookup: " + nodes[i] + " => " + na[i].toString());
String[] pods = getPods();
na = new InetAddress[pods.length];
for (int i = 0; i < pods.length; i++) {
- if (pods[i].indexOf('.') < 0) {
- pods[i] += "." + provDomain;
- }
try {
na[i] = InetAddress.getByName(pods[i]);
intlogger.debug("PROV0003 DNS lookup: " + pods[i] + " => " + na[i].toString());
sslContextFactory.setTrustStorePath(DEFAULT_TRUSTSTORE);
sslContextFactory.setTrustStorePassword("changeit");
}
- sslContextFactory.setTrustStorePath("/opt/app/datartr/self_signed/cacerts.jks");
- sslContextFactory.setTrustStorePassword("changeit");
sslContextFactory.setWantClientAuth(true);
// Servlet and Filter configuration
import java.util.Collections;
import java.util.List;
import java.util.Properties;
-
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities;
/**
- * This class is the base class for those servlets that need to proxy their requests from the
- * standby to active server. Its methods perform the proxy function to the active server. If the
- * active server is not reachable, a 503 (SC_SERVICE_UNAVAILABLE) is returned. Only
- * DELETE/GET/PUT/POST are supported.
+ * This class is the base class for those servlets that need to proxy their requests from the standby to active server.
+ * Its methods perform the proxy function to the active server. If the active server is not reachable, a 503
+ * (SC_SERVICE_UNAVAILABLE) is returned. Only DELETE/GET/PUT/POST are supported.
*
* @author Robert Eby
* @version $Id: ProxyServlet.java,v 1.3 2014/03/24 18:47:10 eby Exp $
*/
@SuppressWarnings("serial")
public class ProxyServlet extends BaseServlet {
+
private boolean inited = false;
private Scheme sch;
try {
// Set up keystore
Properties props = (new DB()).getProperties();
- String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks");
+ String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks");
String store = props.getProperty(Main.KEYSTORE_PATH_PROPERTY);
- String pass = props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY);
+ String pass = props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY);
KeyStore keyStore = readStore(store, pass, type);
store = props.getProperty(Main.TRUSTSTORE_PATH_PROPERTY);
- pass = props.getProperty(Main.TRUSTSTORE_PASSWORD_PROPERTY);
+ pass = props.getProperty(Main.TRUSTSTORE_PASSWORD_PROPERTY);
if (store == null || store.length() == 0) {
store = Main.DEFAULT_TRUSTSTORE;
pass = "changeit";
// We are connecting with the node name, but the certificate will have the CNAME
// So we need to accept a non-matching certificate name
- SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "changeit", trustStore);
+ SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
+ props.getProperty(Main.KEYSTORE_PASSWORD_PROPERTY), trustStore);
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sch = new Scheme("https", 443, socketFactory);
inited = true;
} catch (Exception e) {
e.printStackTrace();
}
- intlogger.info("ProxyServlet: inited = "+inited);
+ intlogger.info("ProxyServlet: inited = " + inited);
}
- private KeyStore readStore(String store, String pass, String type) throws KeyStoreException, FileNotFoundException {
+
+ private KeyStore readStore(String store, String pass, String type) throws KeyStoreException {
KeyStore ks = KeyStore.getInstance(type);
- FileInputStream instream = new FileInputStream(new File(store));
- try {
+ try (FileInputStream instream = new FileInputStream(new File(store))) {
ks.load(instream, pass.toCharArray());
+ } catch (FileNotFoundException fileNotFoundException) {
+ System.err.println("ProxyServlet: " + fileNotFoundException);
+ fileNotFoundException.printStackTrace();
} catch (Exception x) {
- System.err.println("READING TRUSTSTORE: "+x);
- } finally {
- try { instream.close(); } catch (Exception ignore) {}
+ System.err.println("READING TRUSTSTORE: " + x);
}
return ks;
}
+
/**
- * Return <i>true</i> if the requester has NOT set the <i>noproxy</i> CGI variable.
- * If they have, this indicates they want to forcibly turn the proxy off.
+ * Return <i>true</i> if the requester has NOT set the <i>noproxy</i> CGI variable. If they have, this indicates
+ * they want to forcibly turn the proxy off.
+ *
* @param req the HTTP request
* @return true or false
*/
if (t != null) {
t = t.replaceAll("&", "&");
for (String s : t.split("&")) {
- if (s.equals("noproxy") || s.startsWith("noproxy="))
+ if (s.equals("noproxy") || s.startsWith("noproxy=")) {
return false;
+ }
}
}
return true;
}
+
/**
- * Is this the standby server? If it is, the proxy functions can be used.
- * If not, the proxy functions should not be called, and will send a response of 500
- * (Internal Server Error).
+ * Is this the standby server? If it is, the proxy functions can be used. If not, the proxy functions should not be
+ * called, and will send a response of 500 (Internal Server Error).
+ *
* @return true if this server is the standby (and hence a proxy server).
*/
public boolean isProxyServer() {
SynchronizerTask st = SynchronizerTask.getSynchronizer();
return st.getState() == SynchronizerTask.STANDBY;
}
+
/**
* Issue a proxy DELETE to the active provisioning server.
*/
public void doDelete(HttpServletRequest req, HttpServletResponse resp) throws IOException {
doProxy(req, resp, "DELETE");
}
+
/**
* Issue a proxy GET to the active provisioning server.
*/
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
doProxy(req, resp, "GET");
}
+
/**
* Issue a proxy PUT to the active provisioning server.
*/
public void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
doProxy(req, resp, "PUT");
}
+
/**
* Issue a proxy POST to the active provisioning server.
*/
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
doProxy(req, resp, "POST");
}
+
/**
- * Issue a proxy GET to the active provisioning server. Unlike doGet() above,
- * this method will allow the caller to fall back to other code if the remote server is unreachable.
+ * Issue a proxy GET to the active provisioning server. Unlike doGet() above, this method will allow the caller to
+ * fall back to other code if the remote server is unreachable.
+ *
* @return true if the proxy succeeded
*/
public boolean doGetWithFallback(HttpServletRequest req, HttpServletResponse resp) throws IOException {
boolean rv = false;
if (inited) {
String url = buildUrl(req);
- intlogger.info("ProxyServlet: proxying with fallback GET "+url);
- try(AbstractHttpClient httpclient = new DefaultHttpClient()){
- HttpRequestBase proxy = new HttpGet(url);
- try {
- httpclient.getConnectionManager().getSchemeRegistry().register(sch);
-
- // Copy request headers and request body
- copyRequestHeaders(req, proxy);
-
- // Execute the request
- HttpResponse pxy_response = httpclient.execute(proxy);
-
- // Get response headers and body
- int code = pxy_response.getStatusLine().getStatusCode();
- resp.setStatus(code);
- copyResponseHeaders(pxy_response, resp);
-
- HttpEntity entity = pxy_response.getEntity();
- if (entity != null) {
- InputStream in = entity.getContent();
- IOUtils.copy(in, resp.getOutputStream());
- in.close();
+ intlogger.info("ProxyServlet: proxying with fallback GET " + url);
+ try (AbstractHttpClient httpclient = new DefaultHttpClient()) {
+ HttpRequestBase proxy = new HttpGet(url);
+ try {
+ httpclient.getConnectionManager().getSchemeRegistry().register(sch);
+
+ // Copy request headers and request body
+ copyRequestHeaders(req, proxy);
+
+ // Execute the request
+ HttpResponse pxy_response = httpclient.execute(proxy);
+
+ // Get response headers and body
+ int code = pxy_response.getStatusLine().getStatusCode();
+ resp.setStatus(code);
+ copyResponseHeaders(pxy_response, resp);
+
+ HttpEntity entity = pxy_response.getEntity();
+ if (entity != null) {
+ InputStream in = entity.getContent();
+ IOUtils.copy(in, resp.getOutputStream());
+ in.close();
+ }
+ rv = true;
+
+ } catch (IOException e) {
+ System.err.println("ProxyServlet: " + e);
+ e.printStackTrace();
+ } finally {
+ proxy.releaseConnection();
+ httpclient.getConnectionManager().shutdown();
}
- rv = true;
-
- } catch (IOException e) {
- System.err.println("ProxyServlet: "+e);
- e.printStackTrace();
- } finally {
- proxy.releaseConnection();
- httpclient.getConnectionManager().shutdown();
- }
}
} else {
intlogger.warn("ProxyServlet: proxy disabled");
}
return rv;
}
+
private void doProxy(HttpServletRequest req, HttpServletResponse resp, final String method) throws IOException {
if (inited && isProxyServer()) {
String url = buildUrl(req);
- intlogger.info("ProxyServlet: proxying "+method + " "+url);
- try(AbstractHttpClient httpclient = new DefaultHttpClient()) {
+ intlogger.info("ProxyServlet: proxying " + method + " " + url);
+ try (AbstractHttpClient httpclient = new DefaultHttpClient()) {
ProxyHttpRequest proxy = new ProxyHttpRequest(method, url);
try {
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
+
private String buildUrl(HttpServletRequest req) {
StringBuilder sb = new StringBuilder("https://");
sb.append(URLUtilities.getPeerPodName());
sb.append(req.getRequestURI());
String q = req.getQueryString();
- if (q != null)
+ if (q != null) {
sb.append("?").append(q);
+ }
return sb.toString();
}
+
private void copyRequestHeaders(HttpServletRequest from, HttpRequestBase to) {
@SuppressWarnings("unchecked")
List<String> list = Collections.list(from.getHeaderNames());
for (String name : list) {
// Proxy code will add this one
- if (!name.equalsIgnoreCase("Content-Length"))
+ if (!name.equalsIgnoreCase("Content-Length")) {
to.addHeader(name, from.getHeader(name));
+ }
}
}
+
private void copyResponseHeaders(HttpResponse from, HttpServletResponse to) {
for (Header hdr : from.getAllHeaders()) {
// Don't copy Date: our Jetty will add another Date header
- if (!hdr.getName().equals("Date"))
+ if (!hdr.getName().equals("Date")) {
to.addHeader(hdr.getName(), hdr.getValue());
+ }
}
}
public class ProxyHttpRequest extends HttpEntityEnclosingRequestBase {
+
private final String method;
public ProxyHttpRequest(final String method, final String uri) {
this.method = method;
setURI(URI.create(uri));
}
+
@Override
public String getMethod() {
return method;
import java.util.Map;\r
import java.util.Set;\r
import java.util.TreeSet;\r
-\r
import org.apache.log4j.Logger;\r
import org.onap.dmaap.datarouter.provisioning.utils.DB;\r
\r
* @version $Id: NodeClass.java,v 1.2 2014/01/15 16:08:43 eby Exp $\r
*/\r
public abstract class NodeClass extends Syncable {\r
+\r
private static Map<String, Integer> map;\r
private static Logger intLogger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.internal");\r
public NodeClass() {\r
}\r
\r
/**\r
- * Add nodes to the NODES table, when the NODES parameter value is changed.\r
- * Nodes are only added to the table, they are never deleted. The node name is normalized\r
- * to contain the domain (if missing).\r
+ * Add nodes to the NODES table, when the NODES parameter value is changed. Nodes are only added to the table, they\r
+ * are never deleted. The node name is normalized to contain the domain (if missing).\r
*\r
* @param nodes a pipe separated list of the current nodes\r
*/\r
public static void setNodes(String[] nodes) {\r
- if (map == null)\r
+ if (map == null) {\r
reload();\r
+ }\r
int nextid = 0;\r
for (Integer n : map.values()) {\r
- if (n >= nextid)\r
+ if (n >= nextid) {\r
nextid = n + 1;\r
+ }\r
}\r
// take | separated list, add domain if needed.\r
\r
\r
public static Integer lookupNodeName(final String name) {\r
Integer n = map.get(name);\r
- if (n == null)\r
+ if (n == null) {\r
throw new IllegalArgumentException("Invalid node name: " + name);\r
+ }\r
return n;\r
}\r
\r
if (s.endsWith("*")) {\r
s = s.substring(0, s.length() - 1);\r
for (String s2 : keyset) {\r
- if (s2.startsWith(s))\r
+ if (s2.startsWith(s)) {\r
coll.add(s2);\r
+ }\r
}\r
} else if (keyset.contains(s)) {\r
coll.add(s);\r
return coll;\r
}\r
\r
- protected String lookupNodeID(int n) {\r
- for (String s : map.keySet()) {\r
- if (map.get(s) == n)\r
- return s;\r
- }\r
- return null;\r
- }\r
-\r
public static String normalizeNodename(String s) {\r
if (s != null && s.indexOf('.') <= 0) {\r
Parameters p = Parameters.getParameter(Parameters.PROV_DOMAIN);\r
}\r
\r
}\r
+\r
+ protected String lookupNodeID(int n) {\r
+ for (String s : map.keySet()) {\r
+ if (map.get(s) == n) {\r
+ return s;\r
+ }\r
+ }\r
+ return null;\r
+ }\r
}\r
);
INSERT INTO PARAMETERS VALUES
- ('ACTIVE_POD', 'prov.datarouternew.com'),
- ('PROV_ACTIVE_NAME', 'prov.datarouternew.com'),
+ ('ACTIVE_POD', 'dmaap-dr-prov'),
+ ('PROV_ACTIVE_NAME', 'dmaap-dr-prov'),
('STANDBY_POD', ''),
- ('PROV_NAME', 'prov.datarouternew.com'),
- ('NODES', '172.100.0.1|node.datarouternew.com'),
- ('PROV_DOMAIN', 'datarouternew.com'),
+ ('PROV_NAME', 'dmaap-dr-prov'),
+ ('NODES', 'dmaap-dr-node'),
+ ('PROV_DOMAIN', ''),
('DELIVERY_INIT_RETRY_INTERVAL', '10'),
('DELIVERY_MAX_AGE', '86400'),
('DELIVERY_MAX_RETRY_INTERVAL', '3600'),
('DELIVERY_RETRY_RATIO', '2'),
('LOGROLL_INTERVAL', '300'),
- ('PROV_AUTH_ADDRESSES', '172.100.0.1|prov.datarouternew.com|node.datarouternew.com'),
+ ('PROV_AUTH_ADDRESSES', 'dmaap-dr-prov|dmaap-dr-node'),
('PROV_AUTH_SUBJECTS', ''),
('PROV_MAXFEED_COUNT', '10000'),
('PROV_MAXSUB_COUNT', '100000'),
org.onap.dmaap.datarouter.provserver.https.relaxation = true
org.onap.dmaap.datarouter.provserver.keystore.type = jks
-org.onap.dmaap.datarouter.provserver.keymanager.password = changeit
-org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/self_signed/keystore.jks
-org.onap.dmaap.datarouter.provserver.keystore.password = changeit
-org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/self_signed/cacerts.jks
-org.onap.dmaap.datarouter.provserver.truststore.password = changeit
+org.onap.dmaap.datarouter.provserver.keymanager.password = Qgw77oaQcdP*F8Pwa[&.,.Ab
+org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
+org.onap.dmaap.datarouter.provserver.keystore.password = Qgw77oaQcdP*F8Pwa[&.,.Ab
+org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
+org.onap.dmaap.datarouter.provserver.truststore.password = 9M?)?:KAj1z6gpLhNrVUG@0T
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
}
}
- SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "changeit", trustStore);
+ SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, props.getProperty("test.kspassword"), trustStore);
Scheme sch = new Scheme("https", 443, socketFactory);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
- FileUtils.deleteDirectory(new File("./unit-test-logs"));
+ FileUtils.deleteDirectory(new File("." + File.pathSeparator+ "unit-test-logs"));
}
protected void ckResponse(HttpResponse response, int expect) {
import java.util.Set;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.nullValue;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Mockito.mock;
authAddressesAndNetworks.add(("127.0.0.1"));
FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", true, true);
- assertThat(baseServlet.isAuthorizedForProvisioning(request), is("Client certificate is missing."));
+ assertNull(baseServlet.isAuthorizedForProvisioning(request));
}
@Test
******************************************************************************/
package org.onap.dmaap.datarouter.provisioning;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.mockito.Mockito.anyInt;
+import static org.mockito.Mockito.anyString;
+import static org.mockito.Mockito.argThat;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
+
+import java.util.HashSet;
+import java.util.Set;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.jetbrains.annotations.NotNull;
import org.json.JSONArray;
import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor;
import org.powermock.modules.junit4.PowerMockRunner;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.HashSet;
-import java.util.Set;
-
-import static org.hamcrest.Matchers.notNullValue;
-import static org.mockito.Mockito.*;
-import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
-
@RunWith(PowerMockRunner.class)
@SuppressStaticInitializationFor("org.onap.dmaap.datarouter.provisioning.beans.Feed")
public class DRFeedsServletTest extends DrServletTestBase {
+
private static DRFeedsServlet drfeedsServlet;
@Mock
}
@Test
- public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
+ throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
drfeedsServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
- public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
+ throws Exception {
setBehalfHeader(null);
drfeedsServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
@Test
- public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
+ throws Exception {
when(request.getRequestURI()).thenReturn("/123");
drfeedsServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
@Test
- public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
+ throws Exception {
setAuthoriserToReturnRequestNotAuthorized();
drfeedsServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
@Test
- public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
+ throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
drfeedsServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
- public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
+ throws Exception {
setBehalfHeader(null);
drfeedsServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
@Test
- public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
+ throws Exception {
when(request.getRequestURI()).thenReturn("/123");
drfeedsServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
@Test
- public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
+ throws Exception {
when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed; version=1.1");
when(request.getContentType()).thenReturn("stub_contentType");
drfeedsServlet.doPost(request, response);
- verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
+ verify(response)
+ .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
}
@Test
- public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
+ throws Exception {
setAuthoriserToReturnRequestNotAuthorized();
drfeedsServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
- public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
+ throws Exception {
drfeedsServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
}
@Test
- public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated()
+ throws Exception {
FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 0, true);
DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
protected JSONObject getJSONfromInput(HttpServletRequest req) {
}
@Test
- public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated()
+ throws Exception {
when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
JSONObject JSObject = buildRequestJsonObject();
}
@Test
- public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated()
+ throws Exception {
setFeedToReturnInvalidFeedIdSupplied();
JSONObject JSObject = buildRequestJsonObject();
DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
}
};
drfeedsServlet.doPost(request, response);
- verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
+ verify(response)
+ .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
}
@Test
- public void Given_Request_Is_HTTP_POST_And_Change_On_Feeds_Succeeds_A_STATUS_OK_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_POST_And_Change_On_Feeds_Succeeds_A_STATUS_OK_Response_Is_Generated()
+ throws Exception {
ServletOutputStream outStream = mock(ServletOutputStream.class);
when(response.getOutputStream()).thenReturn(outStream);
JSONObject JSObject = buildRequestJsonObject();
when(request.isSecure()).thenReturn(true);
Set<String> authAddressesAndNetworks = new HashSet<String>();
authAddressesAndNetworks.add(("127.0.0.1"));
- FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
+ FieldUtils
+ .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
+ true);
FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 100, true);
}
public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
feedServlet.doDelete(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
feedServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
feedServlet.doPut(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
groupServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
groupServlet.doPut(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
groupServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
public void Given_Request_Is_HTTP_GET_And_Address_Not_Authorized_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
throws Exception {
when(request.getRemoteAddr()).thenReturn("127.100.0.3");
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
+
internalServlet.doGet(request, response);
verify(response)
.sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
public void Given_Request_Is_HTTP_PUT_And_Address_Not_Authorized_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
throws Exception {
when(request.getRemoteAddr()).thenReturn("127.100.0.3");
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
internalServlet.doPut(request, response);
verify(response)
.sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
public void Given_Request_Is_HTTP_DELETE_And_Address_Not_Authorized_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
throws Exception {
when(request.getRemoteAddr()).thenReturn("127.100.0.3");
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
internalServlet.doDelete(request, response);
verify(response)
.sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
throws Exception {
when(request.getRemoteAddr()).thenReturn("127.100.0.3");
internalServlet.doPost(request, response);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
verify(response)
.sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Authorized() throws Exception {
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
routeServlet.doDelete(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_GET_And_Is_Not_Authorized() throws Exception {
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
routeServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_POST_And_Is_Not_Authorized() throws Exception {
routeServlet.doPost(request, response);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
subscribeServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
subscribeServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_DELETE_SC_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
subscriptionServlet.doDelete(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
subscriptionServlet.doGet(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
subscriptionServlet.doPut(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
@Test
public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
subscriptionServlet.doPost(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
}
-test.keystore=self_signed/keystore.jks
-test.kspassword=changeit
-test.truststore=self_signed/cacerts.jks
-test.tspassword=changeit
-test.host=https://prov.datarouternew.com:8443
\ No newline at end of file
+test.keystore=aaf_certs/org.onap.dmaap-dr.jks
+test.kspassword=Qgw77oaQcdP*F8Pwa[&.,.Ab
+test.truststore=aaf_certs/org.onap.dmaap-dr.trust.jks
+test.tspassword=9M?)?:KAj1z6gpLhNrVUG@0T
+test.host=https://dmaap-dr-prov:8443
\ No newline at end of file
);
INSERT INTO PARAMETERS VALUES
- ('ACTIVE_POD', 'prov.datarouternew.com'),
- ('PROV_ACTIVE_NAME', 'prov.datarouternew.com'),
+ ('ACTIVE_POD', 'dmaap-dr-prov'),
+ ('PROV_ACTIVE_NAME', 'dmaap-dr-prov'),
('STANDBY_POD', ''),
- ('PROV_NAME', 'prov.datarouternew.com'),
- ('NODES', '172.100.0.1|node.datarouternew.com'),
- ('PROV_DOMAIN', 'datarouternew.com'),
+ ('PROV_NAME', 'dmaap-dr-prov'),
+ ('NODES', 'dmaap-dr-node'),
+ ('PROV_DOMAIN', ''),
('DELIVERY_INIT_RETRY_INTERVAL', '10'),
('DELIVERY_MAX_AGE', '86400'),
('DELIVERY_MAX_RETRY_INTERVAL', '3600'),
('DELIVERY_RETRY_RATIO', '2'),
('LOGROLL_INTERVAL', '300'),
- ('PROV_AUTH_ADDRESSES', '172.100.0.1|prov.datarouternew.com|node.datarouternew.com'),
+ ('PROV_AUTH_ADDRESSES', 'dmaap-dr-prov|dmaap-dr-node'),
('PROV_AUTH_SUBJECTS', ''),
('PROV_MAXFEED_COUNT', '10000'),
('PROV_MAXSUB_COUNT', '100000'),
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
# * You may obtain a copy of the License at
-# *
+# *
# * http://www.apache.org/licenses/LICENSE-2.0
-# *
+# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS,
# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
datarouter-prov:
image: nexus3.onap.org:10003/onap/dmaap/datarouter-prov
container_name: datarouter-prov
- hostname: prov.datarouternew.com
+ hostname: dmaap-dr-prov
ports:
+ - "443:8443"
- "8443:8443"
- - "8080:8080"
+ - "8080:8080"
volumes:
- ./prov_data/provserver.properties:/opt/app/datartr/etc/provserver.properties
- ./prov_data/addSubscriber.txt:/opt/app/datartr/addSubscriber.txt
mariadb_container:
condition: service_healthy
healthcheck:
- test: ["CMD", "curl", "-f", "http://prov.datarouternew.com:8080/internal/prov"]
+ test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"]
interval: 10s
timeout: 10s
retries: 5
extra_hosts:
- - "node.datarouternew.com:172.100.0.4"
+ - "dmaap-dr-node:172.100.0.4"
networks:
testing_net:
ipv4_address: 172.100.0.3
datarouter-node:
image: nexus3.onap.org:10003/onap/dmaap/datarouter-node
container_name: datarouter-node
- hostname: node.datarouternew.com
+ hostname: dmaap-dr-node
ports:
- "9443:8443"
- "9090:8080"
datarouter-prov:
condition: service_healthy
extra_hosts:
- - "prov.datarouternew.com:172.100.0.3"
+ - "dmaap-dr-prov:172.100.0.3"
networks:
testing_net:
ipv4_address: 172.100.0.4
networks:
testing_net:
ipv4_address: 172.100.0.5
-
+
mariadb_container:
image: mariadb:10.2.14
container_name: mariadb
# ============LICENSE_START==================================================
# * org.onap.dmaap
# * ===========================================================================
-# * Copyright � 2017 AT&T Intellectual Property. All rights reserved.
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
# * ===========================================================================
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
#
# URL to retrieve dynamic configuration
#
-#ProvisioningURL: ${DRTR_PROV_INTURL:-https://feeds-drtr.web.att.com/internal/prov}
-ProvisioningURL=https://prov.datarouternew.com:8443/internal/prov
+#ProvisioningURL: ${DRTR_PROV_INTURL}
+ProvisioningURL=https://dmaap-dr-prov:8443/internal/prov
#
# URL to upload PUB/DEL/EXP logs
#
-#LogUploadURL: ${DRTR_LOG_URL:-https://feeds-drtr.web.att.com/internal/logs}
-LogUploadURL=https://prov.datarouternew.com:8443/internal/logs
+#LogUploadURL: ${DRTR_LOG_URL}
+LogUploadURL=https://dmaap-dr-prov:8443/internal/logs
#
# The port number for http as seen within the server
#RedirectionFile: etc/redirections.dat
#
# The type of keystore for https
-#
KeyStoreType: jks
#
# The path to the keystore for https
#
-KeyStoreFile:/opt/app/datartr/self_signed/keystore.jks
+KeyStoreFile:/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
#
# The password for the https keystore
#
-KeyStorePassword=changeit
+KeyStorePassword=4*&GD+w58RUM]01No.CYY;z6
#
# The password for the private key in the https keystore
#
-KeyPassword=changeit
+KeyPassword=4*&GD+w58RUM]01No.CYY;z6
#
# The type of truststore for https
#
# The path to the truststore for https
#
#TrustStoreFile=/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
-TrustStoreFile=/opt/app/datartr/self_signed/cacerts.jks
+TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
#
# The password for the https truststore
#
-TrustStorePassword=changeit
+TrustStorePassword=UDXlT6Iu[F)k,Htk92+B,0Xj
#
# The path to the file used to trigger an orderly shutdown
#
org.onap.dmaap.datarouter.provserver.https.relaxation = true
org.onap.dmaap.datarouter.provserver.keystore.type = jks
-org.onap.dmaap.datarouter.provserver.keymanager.password = changeit
-org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/self_signed/keystore.jks
-org.onap.dmaap.datarouter.provserver.keystore.password = changeit
-org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/self_signed/cacerts.jks
-org.onap.dmaap.datarouter.provserver.truststore.password = changeit
+org.onap.dmaap.datarouter.provserver.keymanager.password = Qgw77oaQcdP*F8Pwa[&.,.Ab
+org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
+org.onap.dmaap.datarouter.provserver.keystore.password = Qgw77oaQcdP*F8Pwa[&.,.Ab
+org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
+org.onap.dmaap.datarouter.provserver.truststore.password = 9M?)?:KAj1z6gpLhNrVUG@0T
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
Code Review / dmaap / datarouter.git / commitdiff