Use dynamic certificates

[dmaap/dbcapi.git] / src / main / java / org / onap / dmaap / dbcapi / server / JettyServer.java

diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
index 7457ce9..74a0fa6 100644 (file)
--- a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
@@ -24,6 +24,8 @@ package org.onap.dmaap.dbcapi.server;
 
 import com.google.common.collect.Sets;
 import javax.servlet.DispatcherType;
+
+import org.eclipse.jetty.http.HttpVersion;
 import org.eclipse.jetty.server.*;
 import org.eclipse.jetty.servlet.DefaultServlet;
 import org.eclipse.jetty.servlet.ServletContextHandler;
@@ -71,33 +73,34 @@ public class JettyServer extends BaseLoggingClass {
 
             HttpConfiguration https_config = new HttpConfiguration(http_config);
             https_config.addCustomizer(new SecureRequestCustomizer());
-            SslContextFactory sslContextFactory = new SslContextFactory();
+            SslContextFactory sslContextFactory = new SslContextFactory.Server();
             sslContextFactory.setWantClientAuth(true);
 
-            setUpKeystore(params, sslContextFactory);
-            setUpTrustStore(params, sslContextFactory);
-
-            if (sslPort != 0) {
-                try (ServerConnector sslConnector = new ServerConnector(server,
-                    new SslConnectionFactory(sslContextFactory, "http/1.1"),
-                    new HttpConnectionFactory(https_config))) {
-                    sslConnector.setPort(sslPort);
-                    if (allowHttp) {
-                        logger.info("Starting httpConnector on port " + httpPort);
-                        logger.info("Starting sslConnector on port " + sslPort + " for https");
-                        server.setConnectors(new Connector[]{httpConnector, sslConnector});
-                    } else {
-                        logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
-                        logger.info("Starting sslConnector on port " + sslPort + " for https");
-                        server.setConnectors(new Connector[]{sslConnector});
-                    }
-                }
+            CertificateManager certificateManager = new CertficateManagerFactory(params).initCertificateManager();
+            if ( ! certificateManager.isReady()) {
+               serverLogger.error("CertificateManager is not ready.  NOT starting https!");
+            } else {
+               setUpKeystore(certificateManager, sslContextFactory);
+               setUpTrustStore(certificateManager, sslContextFactory);
+          
+
+                   if (sslPort != 0) {
+                       try (ServerConnector sslConnector = new ServerConnector(server,
+                           new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
+                           new HttpConnectionFactory(https_config))) {
+                           sslConnector.setPort(sslPort);
+                           server.addConnector(sslConnector);
+                           serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
+                       }
+                   } else {
+                       serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
+                   }
+            } 
+            if (allowHttp) {
+                serverLogger.info("Starting httpConnector on port " + httpPort);
+                server.addConnector(httpConnector);
             } else {
-                serverLogger.info("NOT starting sslConnector on port " + sslPort + " for https");
-                if (allowHttp) {
-                    serverLogger.info("Starting httpConnector on port " + httpPort);
-                    server.setConnectors(new Connector[]{httpConnector});
-                }
+                serverLogger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
             }
         }
 
@@ -144,19 +147,20 @@ public class JettyServer extends BaseLoggingClass {
             Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
     }
 
-    private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
-        String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+    private void setUpKeystore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
+        String keystore = certificateManager.getKeyStoreFile();
         logger.info("https Server using keystore at " + keystore);
         sslContextFactory.setKeyStorePath(keystore);
-        sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
-        sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+        sslContextFactory.setKeyStoreType(certificateManager.getKeyStoreType());
+        sslContextFactory.setKeyStorePassword(certificateManager.getKeyStorePassword());
+        sslContextFactory.setKeyManagerPassword(certificateManager.getKeyStorePassword());
     }
 
-    private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
-        String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+    private void setUpTrustStore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
+        String truststore = certificateManager.getTrustStoreFile();
         logger.info("https Server using truststore at " + truststore);
         sslContextFactory.setTrustStorePath(truststore);
-        sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
-        sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
+        sslContextFactory.setTrustStoreType(certificateManager.getTrustStoreType());
+        sslContextFactory.setTrustStorePassword(certificateManager.getTrustStorePassword());
     }
 }