#
# AAF Props file path
AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
+# https security required for publish request
+TlsEnabled = true
org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
-org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
\ No newline at end of file
+org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
+org.onap.dmaap.datarouter.provserver.tlsenabled = true
+org.onap.dmaap.datarouter.nodeserver.https.port = 8443
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080
\ No newline at end of file
private String aafType;
private String aafInstance;
private String aafAction;
+ private boolean tlsEnabled;
private boolean cadiEnabled;
private NodeAafPropsUtils nodeAafPropsUtils;
svcport = Integer.parseInt(drNodeProperties.getProperty("IntHttpsPort", "8443"));
port = Integer.parseInt(drNodeProperties.getProperty("ExtHttpsPort", "443"));
spooldir = drNodeProperties.getProperty("SpoolDir", "spool");
+ tlsEnabled = Boolean.parseBoolean(drNodeProperties.getProperty("TlsEnabled", "true"));
+
File fdir = new File(spooldir + "/f");
fdir.mkdirs();
for (File junk : Objects.requireNonNull(fdir.listFiles())) {
return aafAction;
}
+ protected boolean isTlsEnabled() {
+ return tlsEnabled;
+ }
+
boolean getCadiEnabled() {
return cadiEnabled;
}
eelfLogger.info(EelfMsgs.EXIT);
return null;
}
- if (!req.isSecure()) {
+ if (!req.isSecure() && config.isTlsEnabled()) {
eelfLogger.error(
"NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req
.getRemoteAddr());
#
# AAF Props file path
AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
+# https security required for publish request
+TlsEnabled = true
Assert.assertEquals("publish", nodeConfigManager.getAafAction());
Assert.assertFalse(nodeConfigManager.getCadiEnabled());
Assert.assertFalse(nodeConfigManager.isShutdown());
+ Assert.assertTrue(nodeConfigManager.isTlsEnabled());
Assert.assertTrue(nodeConfigManager.isConfigured());
Assert.assertEquals("legacy", nodeConfigManager.getAafInstance("1"));
Assert.assertNotNull(nodeConfigManager.getPublishId());
package org.onap.dmaap.datarouter.node;
import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyObject;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.anyString;
}
@Test
- public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_Then_Forbidden_Response_Is_Generated() throws Exception {
+ public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_And_TLS_Enabled_Then_Forbidden_Response_Is_Generated() throws Exception {
when(request.isSecure()).thenReturn(false);
+ when(config.isTlsEnabled()).thenReturn(true);
nodeServlet.doPut(request, response);
verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
verifyEnteringExitCalled(listAppender);
verifyEnteringExitCalled(listAppender);
}
+ @Test
+ public void Given_Request_Is_HTTP_DELETE_File_And_Request_Is_Not_Secure_But_TLS_Disabled_Then_Request_Succeeds() throws Exception {
+ when(request.isSecure()).thenReturn(false);
+ when(config.isTlsEnabled()).thenReturn(false);
+ when(request.getPathInfo()).thenReturn("/delete/1/dmaap-dr-node.1234567");
+ createFilesAndDirectories();
+ nodeServlet.doDelete(request, response);
+ verify(response).setStatus(eq(HttpServletResponse.SC_OK));
+ verifyEnteringExitCalled(listAppender);
+ }
+
@Test
public void Given_Request_Is_HTTP_DELETE_File_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws IOException {
when(request.getPathInfo()).thenReturn("/delete/1/nonExistingFile");
# AAF Props file path
AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props
+# https security required for publish request
+TlsEnabled = true
+
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;\r
import org.onap.dmaap.datarouter.provisioning.beans.IngressRoute;\r
import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;\r
+import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities;\r
\r
/**\r
* This servlet handles redirects for the <publishURL> on the provisioning server, which is generated by the\r
} else {\r
// Generate new URL\r
String nextnode = getRedirectNode(feedid, req);\r
- nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty(\r
- "org.onap.dmaap.datarouter.provserver.https.port", "8443");\r
- String newurl = "https://" + nextnode + "/publish" + req.getPathInfo();\r
+ if (Boolean.parseBoolean(ProvRunner.getProvProperties()\r
+ .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) {\r
+ nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty(\r
+ "org.onap.dmaap.datarouter.nodeserver.https.port", "8443");\r
+ } else {\r
+ nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty(\r
+ "org.onap.dmaap.datarouter.nodeserver.http.port", "8080");\r
+ }\r
+ String newurl = URLUtilities.getUrlSecurityOption() + nextnode + "/publish" + req.getPathInfo();\r
String qs = req.getQueryString();\r
if (qs != null) {\r
newurl += "?" + qs;\r
import com.att.eelf.configuration.EELFManager;\r
import java.net.InetAddress;\r
import java.net.UnknownHostException;\r
-\r
import org.onap.dmaap.datarouter.provisioning.BaseServlet;\r
+import org.onap.dmaap.datarouter.provisioning.ProvRunner;\r
\r
/**\r
* Utility functions used to generate the different URLs used by the Data Router.\r
*/\r
public class URLUtilities {\r
\r
-\r
private static final EELFLogger utilsLogger = EELFManager.getInstance().getLogger("UtilsLog");\r
- private static final String HTTPS = "https://";\r
private static String otherPod;\r
\r
private URLUtilities() {\r
* @return the URL\r
*/\r
public static String generateFeedURL(int feedid) {\r
- return HTTPS + BaseServlet.getProvName() + "/feed/" + feedid;\r
+ return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/feed/" + feedid;\r
}\r
\r
/**\r
* @return the URL\r
*/\r
public static String generatePublishURL(int feedid) {\r
- return HTTPS + BaseServlet.getProvName() + "/publish/" + feedid;\r
+ return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/publish/" + feedid;\r
}\r
\r
/**\r
* @return the URL\r
*/\r
public static String generateSubscribeURL(int feedid) {\r
- return HTTPS + BaseServlet.getProvName() + "/subscribe/" + feedid;\r
+ return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/subscribe/" + feedid;\r
}\r
\r
/**\r
* @return the URL\r
*/\r
public static String generateFeedLogURL(int feedid) {\r
- return HTTPS + BaseServlet.getProvName() + "/feedlog/" + feedid;\r
+ return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/feedlog/" + feedid;\r
}\r
\r
/**\r
* @return the URL\r
*/\r
public static String generateSubscriptionURL(int subid) {\r
- return HTTPS + BaseServlet.getProvName() + "/subs/" + subid;\r
+ return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/subs/" + subid;\r
}\r
\r
/**\r
* @return the URL\r
*/\r
public static String generateSubLogURL(int subid) {\r
- return HTTPS + BaseServlet.getProvName() + "/sublog/" + subid;\r
+ return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/sublog/" + subid;\r
}\r
\r
/**\r
* @return the URL\r
*/\r
public static String generatePeerProvURL() {\r
- return HTTPS + getPeerPodName() + "/internal/prov";\r
+ return getUrlSecurityOption() + getPeerPodName() + getAppropriateUrlPort() + "/internal/prov";\r
}\r
\r
/**\r
return "";\r
}\r
\r
- return HTTPS + peerPodUrl + "/internal/drlogs/";\r
+ return getUrlSecurityOption() + peerPodUrl + getAppropriateUrlPort() + "/internal/drlogs/";\r
}\r
\r
/**\r
return otherPod;\r
}\r
\r
+ public static String getUrlSecurityOption() {\r
+ if (Boolean.parseBoolean(ProvRunner.getProvProperties()\r
+ .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) {\r
+ return "https://";\r
+ }\r
+ return "http://";\r
+ }\r
+\r
+ private static String getAppropriateUrlPort() {\r
+ if (Boolean.parseBoolean(ProvRunner.getProvProperties()\r
+ .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true")))\r
+ return "";\r
+\r
+ return ":" + ProvRunner.getProvProperties()\r
+ .getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080");\r
+\r
+ }\r
}\r
org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
-org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
\ No newline at end of file
+org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
+
+org.onap.dmaap.datarouter.provserver.tlsenabled = true
+org.onap.dmaap.datarouter.nodeserver.https.port = 8443
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080
\ No newline at end of file
******************************************************************************/
package org.onap.dmaap.datarouter.provisioning;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.contains;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
+
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.core.read.ListAppender;
import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.HashSet;
+import java.util.Set;
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import javax.persistence.Persistence;
+import javax.servlet.ServletInputStream;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.jetbrains.annotations.NotNull;
import org.json.JSONObject;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.modules.junit4.PowerMockRunner;
-import javax.persistence.EntityManager;
-import javax.persistence.EntityManagerFactory;
-import javax.persistence.Persistence;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.sql.SQLException;
-import java.util.HashSet;
-import java.util.Set;
-
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.contains;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
-
@RunWith(PowerMockRunner.class)
@PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.*"})
em = emf.createEntityManager();
System.setProperty(
"org.onap.dmaap.datarouter.provserver.properties",
- "src/test/resources/h2Database.properties");
+ "src/test/resources/h2DatabaseTlsDisabled.properties");
}
@AfterClass
verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), anyString());
}
- @Test
- public void Given_Request_Is_HTTP_DELETE_And_AAF_CADI_Is_Enabled_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
- when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
- when(request.getPathInfo()).thenReturn("/2");
- subscriptionServlet.doDelete(request, response);
- verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access"));
- }
-
@Test
public void Given_Request_Is_HTTP_DELETE_And_AAF_CADI_Is_Enabled_With_Permissions_Then_A_NO_CONTENT_Response_Is_Generated() throws Exception {
when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
org.onap.dmaap.datarouter.provserver.spooldir = src/test/resources
org.onap.dmaap.datarouter.provserver.dbscripts = src/test/resources
org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1
+org.onap.dmaap.datarouter.provserver.tlsenabled = true
+org.onap.dmaap.datarouter.nodeserver.https.port = 8443
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080
--- /dev/null
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==================================================
+# * org.onap.dmaap
+# * ===========================================================================
+# * Copyright ? 2017 AT&T Intellectual Property. All rights reserved.
+# * ===========================================================================
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# * ============LICENSE_END====================================================
+# *
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# *
+#-------------------------------------------------------------------------------
+
+# Database access
+org.onap.dmaap.datarouter.db.driver = org.h2.Driver
+org.onap.dmaap.datarouter.db.url = jdbc:h2:mem:test;DB_CLOSE_DELAY=-1
+org.onap.dmaap.datarouter.provserver.isaddressauthenabled = true
+org.onap.dmaap.datarouter.provserver.cadi.enabled = true
+org.onap.dmaap.datarouter.provserver.https.relaxation = false
+org.onap.dmaap.datarouter.provserver.accesslog.dir = unit-test-logs
+org.onap.dmaap.datarouter.provserver.spooldir = src/test/resources
+org.onap.dmaap.datarouter.provserver.dbscripts = src/test/resources
+org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1
+org.onap.dmaap.datarouter.provserver.tlsenabled = false
+org.onap.dmaap.datarouter.nodeserver.https.port = 8443
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080