New property indicates to use cadi properties file.
Use Cadi library to access the properties, esp the pwd
Issue-ID: DMAAP-1401
Signed-off-by: dglFromAtt <dgl@research.att.com>
Change-Id: I1dcb236341a9795aa6bc0b5da71f046f5e0afa30
Signed-off-by: dglFromAtt <dgl@research.att.com>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<jettyVersion>9.4.24.v20191120</jettyVersion>
<eelf.version>1.0.0</eelf.version>
- <artifact.version>2.0.1-SNAPSHOT</artifact.version>
+ <artifact.version>2.0.2-SNAPSHOT</artifact.version>
<junit.version>4.12</junit.version>
<!-- SONAR -->
<jacoco.version>0.7.7.201606060606</jacoco.version>
public boolean makeTopicConnection( MR_Cluster cluster ) {
- logger.info( "connect to cluster: " + cluster.getDcaeLocationName());
-
+ boolean rc = false;
+ logger.info( "connect to cluster: " + cluster.getDcaeLocationName());
+
provURL = cluster.getTopicProtocol() + "://" + cluster.getFqdn() + ":" + cluster.getTopicPort() + "/topics/create";
if ( cluster.getTopicProtocol().equals( "https" ) ) {
- return makeSecureConnection( provURL );
+ rc = makeSecureConnection( provURL );
+ } else {
+ rc = makeConnection( provURL );
}
- return makeConnection( provURL );
+ if ( rc && unit_test.equals( "Yes" ) ) {
+ // set timeouts low so we don't hold up unit tests in build process
+ uc.setReadTimeout(5);
+ uc.setConnectTimeout(5);
+ }
+ return rc;
+
}
private boolean makeSecureConnection( String pURL ) {
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dmaap.dbcapi.server;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.Properties;
+
+import org.onap.aaf.cadi.PropAccess;
+
+public class CadiCertificateManager extends CertificateManager {
+ private PropAccess propAccess;
+
+ CadiCertificateManager( Properties properties ) {
+ String cadiPropsFile = properties.getProperty("cadi.properties", "etc/org.onap.dmaa-bc.props");
+ logger.info( "using cadi properties in ", cadiPropsFile);
+
+ propAccess = new PropAccess();
+ ready = true;
+ try {
+ propAccess.load( new FileInputStream( cadiPropsFile ));
+ } catch ( IOException e ) {
+ logger.error( "Failed to load props file: " + cadiPropsFile + "\n" + e.getMessage());
+ ready = false;
+ }
+ setKeyStoreType( "jks");
+ setKeyStoreFile( propAccess.getProperty("cadi_keystore") );
+ setKeyStorePassword( decryptPass( propAccess.getProperty("cadi_keystore_password_jks" ) ));
+
+ setTrustStoreType( "jks");
+ setTrustStoreFile( propAccess.getProperty("cadi_truststore" ) );
+ setTrustStorePassword( decryptPass( propAccess.getProperty("cadi_truststore_password" ) ));
+ }
+
+ private String decryptPass( String password ) {
+ String clear = null;
+ try {
+ clear = propAccess.decrypt(password, false );
+ } catch (IOException e) {
+ logger.error( "Failed to decrypt " + password + ": " + e.getMessage() );
+ }
+ return clear;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.server;
+
+
+import java.util.Properties;
+
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+import org.onap.dmaap.dbcapi.util.DmaapConfig;
+
+public class CertficateManagerFactory extends BaseLoggingClass {
+ private final Properties dmaapConfig;
+
+ public CertficateManagerFactory() {
+ this((DmaapConfig) DmaapConfig.getConfig());
+ }
+
+ CertficateManagerFactory(Properties params) {
+ this.dmaapConfig = params;
+ }
+
+ public CertificateManager initCertificateManager() {
+ boolean useCadi = "cadi".equalsIgnoreCase(dmaapConfig.getProperty("CertificateManagement", "legacy"));
+ logger.info("CertificateManagerFactory: useCadi=", useCadi);
+
+ if ( useCadi ) {
+ return new CadiCertificateManager( dmaapConfig );
+ }
+ return new LegacyCertificateManager( dmaapConfig );
+ }
+
+
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.server;
+
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+
+public abstract class CertificateManager extends BaseLoggingClass{
+
+ class cmAttribute {
+ private String type;
+ private String file;
+ private String password;
+
+ private String getType() {
+ return type;
+ }
+ private void setType(String certificateType) {
+ this.type = certificateType;
+ }
+ private String getFile() {
+ return file;
+ }
+ private void setFile(String keyStoreFile) {
+ this.file = keyStoreFile;
+ }
+ private void setPassword( String pwd ) {
+ this.password = pwd;
+ }
+ private String getPassword() {
+ return password;
+ }
+ }
+
+ private cmAttribute keyStore;
+ private cmAttribute trustStore;
+ protected boolean ready;
+
+ public boolean isReady() {
+ return ready;
+ }
+
+ public String getKeyStoreType() {
+ return keyStore.getType();
+ }
+ public void setKeyStoreType(String certificateType) {
+ this.keyStore.setType( certificateType) ;
+ }
+ public String getKeyStoreFile() {
+ return keyStore.getFile();
+ }
+ public void setKeyStoreFile(String keyStoreFile) {
+ this.keyStore.setFile(keyStoreFile);
+ }
+
+ public String getKeyStorePassword() {
+ return keyStore.getPassword();
+ }
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStore.setPassword(keyStorePassword);
+ }
+ public String getTrustStoreType() {
+ return trustStore.getType();
+ }
+ public void setTrustStoreType( String type ) {
+ this.trustStore.setType(type);
+ }
+ public String getTrustStoreFile() {
+ return trustStore.getFile();
+ }
+ public void setTrustStoreFile(String trustStoreFile) {
+ this.trustStore.setFile(trustStoreFile);
+ }
+ public String getTrustStorePassword() {
+ return trustStore.getPassword();
+ }
+ public void setTrustStorePassword(String trustStorePassword) {
+ this.trustStore.setPassword(trustStorePassword);
+ }
+
+}
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setWantClientAuth(true);
- setUpKeystore(params, sslContextFactory);
- setUpTrustStore(params, sslContextFactory);
-
- if (sslPort != 0) {
- try (ServerConnector sslConnector = new ServerConnector(server,
- new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
- new HttpConnectionFactory(https_config))) {
- sslConnector.setPort(sslPort);
- server.addConnector(sslConnector);
- serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
- }
+ CertificateManager certificateManager = new CertficateManagerFactory(params).initCertificateManager();
+ if ( ! certificateManager.isReady()) {
+ serverLogger.error("CertificateManager is not ready. NOT starting https!");
} else {
- serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
- }
+ setUpKeystore(certificateManager, sslContextFactory);
+ setUpTrustStore(certificateManager, sslContextFactory);
+
+
+ if (sslPort != 0) {
+ try (ServerConnector sslConnector = new ServerConnector(server,
+ new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
+ new HttpConnectionFactory(https_config))) {
+ sslConnector.setPort(sslPort);
+ server.addConnector(sslConnector);
+ serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
+ }
+ } else {
+ serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
+ }
+ }
if (allowHttp) {
serverLogger.info("Starting httpConnector on port " + httpPort);
server.addConnector(httpConnector);
Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
}
- private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
- String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+ private void setUpKeystore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
+ String keystore = certificateManager.getKeyStoreFile();
logger.info("https Server using keystore at " + keystore);
sslContextFactory.setKeyStorePath(keystore);
- sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
- sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+ sslContextFactory.setKeyStoreType(certificateManager.getKeyStoreType());
+ sslContextFactory.setKeyStorePassword(certificateManager.getKeyStorePassword());
+ sslContextFactory.setKeyManagerPassword(certificateManager.getKeyStorePassword());
}
- private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
- String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+ private void setUpTrustStore(CertificateManager certificateManager, SslContextFactory sslContextFactory) {
+ String truststore = certificateManager.getTrustStoreFile();
logger.info("https Server using truststore at " + truststore);
sslContextFactory.setTrustStorePath(truststore);
- sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
- sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
+ sslContextFactory.setTrustStoreType(certificateManager.getTrustStoreType());
+ sslContextFactory.setTrustStorePassword(certificateManager.getTrustStorePassword());
}
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dmaap.dbcapi.server;
+
+import java.util.Properties;
+
+import org.onap.dmaap.dbcapi.util.DmaapConfig;
+
+public class LegacyCertificateManager extends CertificateManager {
+
+ public LegacyCertificateManager(Properties properties ) {
+ setKeyStoreType( properties.getProperty("KeyStoreType", "jks") );
+ setKeyStoreFile( properties.getProperty("KeyStoreFile", "etc/keystore") );
+ setKeyStorePassword( properties.getProperty("KeyStorePassword", "changeit") );
+
+ setTrustStoreFile( properties.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks") );
+ setTrustStoreType( properties.getProperty("TrustStoreType", "jks") );
+ setTrustStorePassword( properties.getProperty("TrustStorePassword", "changeit") );
+ ready = true;
+ }
+
+}
major=2
minor=0
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}
# Release must be completed with git revision # in Jenkins
Code Review / dmaap / dbcapi.git / commitdiff