From d70c2ca145d2b3eac7ed6a4f16d41e322962cf59 Mon Sep 17 00:00:00 2001 From: "david.mcweeney" Date: Wed, 16 Mar 2022 16:08:44 +0000 Subject: [PATCH] DMAAP-1714 - DR Making TLS Configurable Change-Id: I0c3bc05182691c12c9d0f0b76d09f7dfea3e09eb Signed-off-by: david.mcweeney Issue-ID: DMAAP-1714 --- .../docker-compose/node.properties | 3 ++ .../docker-compose/provserver.properties | 5 ++- .../dmaap/datarouter/node/NodeConfigManager.java | 7 ++++ .../onap/dmaap/datarouter/node/NodeServlet.java | 2 +- datarouter-node/src/main/resources/node.properties | 3 ++ .../datarouter/node/NodeConfigManagerTest.java | 1 + .../dmaap/datarouter/node/NodeServletTest.java | 15 ++++++- .../src/test/resources/node_test.properties | 3 ++ .../datarouter/provisioning/PublishServlet.java | 13 ++++-- .../provisioning/utils/URLUtilities.java | 37 ++++++++++++----- .../src/main/resources/provserver.properties | 6 ++- .../provisioning/SubscriptionServletTest.java | 47 +++++++++------------- .../src/test/resources/h2Database.properties | 3 ++ .../resources/h2DatabaseTlsDisabled.properties | 36 +++++++++++++++++ 14 files changed, 134 insertions(+), 47 deletions(-) create mode 100644 datarouter-prov/src/test/resources/h2DatabaseTlsDisabled.properties diff --git a/csit/scripts/dmaap-datarouter/docker-compose/node.properties b/csit/scripts/dmaap-datarouter/docker-compose/node.properties index 58639cfd..9f3ca40d 100644 --- a/csit/scripts/dmaap-datarouter/docker-compose/node.properties +++ b/csit/scripts/dmaap-datarouter/docker-compose/node.properties @@ -80,3 +80,6 @@ CadiEnabled = false # # AAF Props file path AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props + +# https security required for publish request +TlsEnabled = true diff --git a/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties b/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties index b54868e2..b38c3f56 100755 --- a/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties +++ b/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties @@ -52,4 +52,7 @@ org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.fe org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub org.onap.dmaap.datarouter.provserver.aaf.instance = legacy org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish -org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe \ No newline at end of file +org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe +org.onap.dmaap.datarouter.provserver.tlsenabled = true +org.onap.dmaap.datarouter.nodeserver.https.port = 8443 +org.onap.dmaap.datarouter.nodeserver.http.port = 8080 \ No newline at end of file diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java index 5b5245da..3b950232 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeConfigManager.java @@ -102,6 +102,7 @@ public class NodeConfigManager implements DeliveryQueueHelper { private String aafType; private String aafInstance; private String aafAction; + private boolean tlsEnabled; private boolean cadiEnabled; private NodeAafPropsUtils nodeAafPropsUtils; @@ -159,6 +160,8 @@ public class NodeConfigManager implements DeliveryQueueHelper { svcport = Integer.parseInt(drNodeProperties.getProperty("IntHttpsPort", "8443")); port = Integer.parseInt(drNodeProperties.getProperty("ExtHttpsPort", "443")); spooldir = drNodeProperties.getProperty("SpoolDir", "spool"); + tlsEnabled = Boolean.parseBoolean(drNodeProperties.getProperty("TlsEnabled", "true")); + File fdir = new File(spooldir + "/f"); fdir.mkdirs(); for (File junk : Objects.requireNonNull(fdir.listFiles())) { @@ -811,6 +814,10 @@ public class NodeConfigManager implements DeliveryQueueHelper { return aafAction; } + protected boolean isTlsEnabled() { + return tlsEnabled; + } + boolean getCadiEnabled() { return cadiEnabled; } diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java index 139c7492..ee1f5b7d 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java @@ -549,7 +549,7 @@ public class NodeServlet extends HttpServlet { eelfLogger.info(EelfMsgs.EXIT); return null; } - if (!req.isSecure()) { + if (!req.isSecure() && config.isTlsEnabled()) { eelfLogger.error( "NODE0104 Rejecting insecure PUT or DELETE of " + req.getPathInfo() + FROM + req .getRemoteAddr()); diff --git a/datarouter-node/src/main/resources/node.properties b/datarouter-node/src/main/resources/node.properties index 1d7a5d42..f7c24fab 100644 --- a/datarouter-node/src/main/resources/node.properties +++ b/datarouter-node/src/main/resources/node.properties @@ -85,3 +85,6 @@ CadiEnabled = false # # AAF Props file path AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props + +# https security required for publish request +TlsEnabled = true diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java index e64579ed..82038fba 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeConfigManagerTest.java @@ -112,6 +112,7 @@ public class NodeConfigManagerTest { Assert.assertEquals("publish", nodeConfigManager.getAafAction()); Assert.assertFalse(nodeConfigManager.getCadiEnabled()); Assert.assertFalse(nodeConfigManager.isShutdown()); + Assert.assertTrue(nodeConfigManager.isTlsEnabled()); Assert.assertTrue(nodeConfigManager.isConfigured()); Assert.assertEquals("legacy", nodeConfigManager.getAafInstance("1")); Assert.assertNotNull(nodeConfigManager.getPublishId()); diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java index 4340b018..f7e3d7c8 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeServletTest.java @@ -23,7 +23,6 @@ package org.onap.dmaap.datarouter.node; import static org.junit.Assert.assertEquals; -import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyObject; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.anyString; @@ -144,8 +143,9 @@ public class NodeServletTest { } @Test - public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_Then_Forbidden_Response_Is_Generated() throws Exception { + public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Secure_And_TLS_Enabled_Then_Forbidden_Response_Is_Generated() throws Exception { when(request.isSecure()).thenReturn(false); + when(config.isTlsEnabled()).thenReturn(true); nodeServlet.doPut(request, response); verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString()); verifyEnteringExitCalled(listAppender); @@ -284,6 +284,17 @@ public class NodeServletTest { verifyEnteringExitCalled(listAppender); } + @Test + public void Given_Request_Is_HTTP_DELETE_File_And_Request_Is_Not_Secure_But_TLS_Disabled_Then_Request_Succeeds() throws Exception { + when(request.isSecure()).thenReturn(false); + when(config.isTlsEnabled()).thenReturn(false); + when(request.getPathInfo()).thenReturn("/delete/1/dmaap-dr-node.1234567"); + createFilesAndDirectories(); + nodeServlet.doDelete(request, response); + verify(response).setStatus(eq(HttpServletResponse.SC_OK)); + verifyEnteringExitCalled(listAppender); + } + @Test public void Given_Request_Is_HTTP_DELETE_File_And_File_Does_Not_Exist_Then_Not_Found_Response_Is_Generated() throws IOException { when(request.getPathInfo()).thenReturn("/delete/1/nonExistingFile"); diff --git a/datarouter-node/src/test/resources/node_test.properties b/datarouter-node/src/test/resources/node_test.properties index 9359e8dc..3c96ed25 100644 --- a/datarouter-node/src/test/resources/node_test.properties +++ b/datarouter-node/src/test/resources/node_test.properties @@ -86,3 +86,6 @@ CadiEnabled = false # AAF Props file path AAFPropsFilePath = src/test/resources/aaf/org.onap.dmaap-dr.props +# https security required for publish request +TlsEnabled = true + diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java index 35205aa9..949019d1 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/PublishServlet.java @@ -45,6 +45,7 @@ import org.onap.dmaap.datarouter.provisioning.utils.Poker; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.IngressRoute; import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; +import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities; /** * This servlet handles redirects for the <publishURL> on the provisioning server, which is generated by the @@ -158,9 +159,15 @@ public class PublishServlet extends BaseServlet { } else { // Generate new URL String nextnode = getRedirectNode(feedid, req); - nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty( - "org.onap.dmaap.datarouter.provserver.https.port", "8443"); - String newurl = "https://" + nextnode + "/publish" + req.getPathInfo(); + if (Boolean.parseBoolean(ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) { + nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty( + "org.onap.dmaap.datarouter.nodeserver.https.port", "8443"); + } else { + nextnode = nextnode + ":" + ProvRunner.getProvProperties().getProperty( + "org.onap.dmaap.datarouter.nodeserver.http.port", "8080"); + } + String newurl = URLUtilities.getUrlSecurityOption() + nextnode + "/publish" + req.getPathInfo(); String qs = req.getQueryString(); if (qs != null) { newurl += "?" + qs; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java index 2e000027..988b576f 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java @@ -28,8 +28,8 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.net.InetAddress; import java.net.UnknownHostException; - import org.onap.dmaap.datarouter.provisioning.BaseServlet; +import org.onap.dmaap.datarouter.provisioning.ProvRunner; /** * Utility functions used to generate the different URLs used by the Data Router. @@ -39,9 +39,7 @@ import org.onap.dmaap.datarouter.provisioning.BaseServlet; */ public class URLUtilities { - private static final EELFLogger utilsLogger = EELFManager.getInstance().getLogger("UtilsLog"); - private static final String HTTPS = "https://"; private static String otherPod; private URLUtilities() { @@ -54,7 +52,7 @@ public class URLUtilities { * @return the URL */ public static String generateFeedURL(int feedid) { - return HTTPS + BaseServlet.getProvName() + "/feed/" + feedid; + return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/feed/" + feedid; } /** @@ -64,7 +62,7 @@ public class URLUtilities { * @return the URL */ public static String generatePublishURL(int feedid) { - return HTTPS + BaseServlet.getProvName() + "/publish/" + feedid; + return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/publish/" + feedid; } /** @@ -74,7 +72,7 @@ public class URLUtilities { * @return the URL */ public static String generateSubscribeURL(int feedid) { - return HTTPS + BaseServlet.getProvName() + "/subscribe/" + feedid; + return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/subscribe/" + feedid; } /** @@ -84,7 +82,7 @@ public class URLUtilities { * @return the URL */ public static String generateFeedLogURL(int feedid) { - return HTTPS + BaseServlet.getProvName() + "/feedlog/" + feedid; + return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/feedlog/" + feedid; } /** @@ -94,7 +92,7 @@ public class URLUtilities { * @return the URL */ public static String generateSubscriptionURL(int subid) { - return HTTPS + BaseServlet.getProvName() + "/subs/" + subid; + return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/subs/" + subid; } /** @@ -104,7 +102,7 @@ public class URLUtilities { * @return the URL */ public static String generateSubLogURL(int subid) { - return HTTPS + BaseServlet.getProvName() + "/sublog/" + subid; + return getUrlSecurityOption() + BaseServlet.getProvName() + getAppropriateUrlPort() + "/sublog/" + subid; } /** @@ -113,7 +111,7 @@ public class URLUtilities { * @return the URL */ public static String generatePeerProvURL() { - return HTTPS + getPeerPodName() + "/internal/prov"; + return getUrlSecurityOption() + getPeerPodName() + getAppropriateUrlPort() + "/internal/prov"; } /** @@ -128,7 +126,7 @@ public class URLUtilities { return ""; } - return HTTPS + peerPodUrl + "/internal/drlogs/"; + return getUrlSecurityOption() + peerPodUrl + getAppropriateUrlPort() + "/internal/drlogs/"; } /** @@ -154,4 +152,21 @@ public class URLUtilities { return otherPod; } + public static String getUrlSecurityOption() { + if (Boolean.parseBoolean(ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) { + return "https://"; + } + return "http://"; + } + + private static String getAppropriateUrlPort() { + if (Boolean.parseBoolean(ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.tlsenabled", "true"))) + return ""; + + return ":" + ProvRunner.getProvProperties() + .getProperty("org.onap.dmaap.datarouter.provserver.http.port", "8080"); + + } } diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties index ad9a19e3..642088ff 100755 --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -56,4 +56,8 @@ org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.fe org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub org.onap.dmaap.datarouter.provserver.aaf.instance = legacy org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish -org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe \ No newline at end of file +org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe + +org.onap.dmaap.datarouter.provserver.tlsenabled = true +org.onap.dmaap.datarouter.nodeserver.https.port = 8443 +org.onap.dmaap.datarouter.nodeserver.http.port = 8080 \ No newline at end of file diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java index d644df9a..1f4fd535 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java @@ -22,9 +22,27 @@ ******************************************************************************/ package org.onap.dmaap.datarouter.provisioning; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.contains; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER; + import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.read.ListAppender; import java.sql.Connection; +import java.sql.SQLException; +import java.util.HashSet; +import java.util.Set; +import javax.persistence.EntityManager; +import javax.persistence.EntityManagerFactory; +import javax.persistence.Persistence; +import javax.servlet.ServletInputStream; +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.reflect.FieldUtils; import org.jetbrains.annotations.NotNull; import org.json.JSONObject; @@ -45,25 +63,6 @@ import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.modules.junit4.PowerMockRunner; -import javax.persistence.EntityManager; -import javax.persistence.EntityManagerFactory; -import javax.persistence.Persistence; -import javax.servlet.ServletInputStream; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.sql.SQLException; -import java.util.HashSet; -import java.util.Set; - -import static org.mockito.ArgumentMatchers.anyString; -import static org.mockito.ArgumentMatchers.contains; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER; - @RunWith(PowerMockRunner.class) @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.*"}) @@ -89,7 +88,7 @@ public class SubscriptionServletTest extends DrServletTestBase { em = emf.createEntityManager(); System.setProperty( "org.onap.dmaap.datarouter.provserver.properties", - "src/test/resources/h2Database.properties"); + "src/test/resources/h2DatabaseTlsDisabled.properties"); } @AfterClass @@ -156,14 +155,6 @@ public class SubscriptionServletTest extends DrServletTestBase { verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), anyString()); } - @Test - public void Given_Request_Is_HTTP_DELETE_And_AAF_CADI_Is_Enabled_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception { - when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0"); - when(request.getPathInfo()).thenReturn("/2"); - subscriptionServlet.doDelete(request, response); - verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access")); - } - @Test public void Given_Request_Is_HTTP_DELETE_And_AAF_CADI_Is_Enabled_With_Permissions_Then_A_NO_CONTENT_Response_Is_Generated() throws Exception { when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0"); diff --git a/datarouter-prov/src/test/resources/h2Database.properties b/datarouter-prov/src/test/resources/h2Database.properties index 6957ae17..95968716 100755 --- a/datarouter-prov/src/test/resources/h2Database.properties +++ b/datarouter-prov/src/test/resources/h2Database.properties @@ -31,3 +31,6 @@ org.onap.dmaap.datarouter.provserver.accesslog.dir = unit-test-logs org.onap.dmaap.datarouter.provserver.spooldir = src/test/resources org.onap.dmaap.datarouter.provserver.dbscripts = src/test/resources org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1 +org.onap.dmaap.datarouter.provserver.tlsenabled = true +org.onap.dmaap.datarouter.nodeserver.https.port = 8443 +org.onap.dmaap.datarouter.nodeserver.http.port = 8080 diff --git a/datarouter-prov/src/test/resources/h2DatabaseTlsDisabled.properties b/datarouter-prov/src/test/resources/h2DatabaseTlsDisabled.properties new file mode 100644 index 00000000..05ab3a47 --- /dev/null +++ b/datarouter-prov/src/test/resources/h2DatabaseTlsDisabled.properties @@ -0,0 +1,36 @@ +#------------------------------------------------------------------------------- +# ============LICENSE_START================================================== +# * org.onap.dmaap +# * =========================================================================== +# * Copyright ? 2017 AT&T Intellectual Property. All rights reserved. +# * =========================================================================== +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * ============LICENSE_END==================================================== +# * +# * ECOMP is a trademark and service mark of AT&T Intellectual Property. +# * +#------------------------------------------------------------------------------- + +# Database access +org.onap.dmaap.datarouter.db.driver = org.h2.Driver +org.onap.dmaap.datarouter.db.url = jdbc:h2:mem:test;DB_CLOSE_DELAY=-1 +org.onap.dmaap.datarouter.provserver.isaddressauthenabled = true +org.onap.dmaap.datarouter.provserver.cadi.enabled = true +org.onap.dmaap.datarouter.provserver.https.relaxation = false +org.onap.dmaap.datarouter.provserver.accesslog.dir = unit-test-logs +org.onap.dmaap.datarouter.provserver.spooldir = src/test/resources +org.onap.dmaap.datarouter.provserver.dbscripts = src/test/resources +org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1 +org.onap.dmaap.datarouter.provserver.tlsenabled = false +org.onap.dmaap.datarouter.nodeserver.https.port = 8443 +org.onap.dmaap.datarouter.nodeserver.http.port = 8080 -- 2.16.6