Code Review / dmaap / dbcapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Use dynamic certificates
[dmaap/dbcapi.git] / src / main / java / org / onap / dmaap / dbcapi / server / JettyServer.java
diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
index 6a75d65..74a0fa6 100644 (file)
--- a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
@@ -76,20 +76,26 @@ public class JettyServer extends BaseLoggingClass {
             SslContextFactory sslContextFactory = new SslContextFactory.Server();
             sslContextFactory.setWantClientAuth(true);
 
             SslContextFactory sslContextFactory = new SslContextFactory.Server();
             sslContextFactory.setWantClientAuth(true);
 
-            setUpKeystore(params, sslContextFactory);
-            setUpTrustStore(params, sslContextFactory);
-
-            if (sslPort != 0) {
-                try (ServerConnector sslConnector = new ServerConnector(server,
-                    new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
-                    new HttpConnectionFactory(https_config))) {
-                    sslConnector.setPort(sslPort);
-                    server.addConnector(sslConnector);
-                    serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
-                }
+            CertificateManager certificateManager = new CertficateManagerFactory(params).initCertificateManager();
+            if ( ! certificateManager.isReady()) {
+               serverLogger.error("CertificateManager is not ready.  NOT starting https!");
             } else {
             } else {
-                serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
-            }
+               setUpKeystore(certificateManager, sslContextFactory);
+               setUpTrustStore(certificateManager, sslContextFactory);
+          
+
+                   if (sslPort != 0) {
+                       try (ServerConnector sslConnector = new ServerConnector(server,
+                           new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
+                           new HttpConnectionFactory(https_config))) {
+                           sslConnector.setPort(sslPort);
+                           server.addConnector(sslConnector);
+                           serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
+                       }
+                   } else {
+                       serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
+                   }
+            } 
             if (allowHttp) {
                 serverLogger.info("Starting httpConnector on port " + httpPort);
                 server.addConnector(httpConnector);
             if (allowHttp) {
                 serverLogger.info("Starting httpConnector on port " + httpPort);
                 server.addConnector(httpConnector);
@@ -141,19 +147,20 @@ public class JettyServer extends BaseLoggingClass {
             Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
     }
 
             Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
     }
 
-    private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
-        String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+    private void setUpKeystore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
+        String keystore = certificateManager.getKeyStoreFile();
         logger.info("https Server using keystore at " + keystore);
         sslContextFactory.setKeyStorePath(keystore);
         logger.info("https Server using keystore at " + keystore);
         sslContextFactory.setKeyStorePath(keystore);
-        sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
-        sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+        sslContextFactory.setKeyStoreType(certificateManager.getKeyStoreType());
+        sslContextFactory.setKeyStorePassword(certificateManager.getKeyStorePassword());
+        sslContextFactory.setKeyManagerPassword(certificateManager.getKeyStorePassword());
     }
 
     }
 
-    private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
-        String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+    private void setUpTrustStore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
+        String truststore = certificateManager.getTrustStoreFile();
         logger.info("https Server using truststore at " + truststore);
         sslContextFactory.setTrustStorePath(truststore);
         logger.info("https Server using truststore at " + truststore);
         sslContextFactory.setTrustStorePath(truststore);
-        sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
-        sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
+        sslContextFactory.setTrustStoreType(certificateManager.getTrustStoreType());
+        sslContextFactory.setTrustStorePassword(certificateManager.getTrustStorePassword());
     }
 }
     }
 }
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.