From 031b8e1c7eb7d7b2e8c0bbd575dfbde36aaf8736 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Wed, 27 Sep 2023 09:10:10 +0100 Subject: [PATCH] watch tls files Signed-off-by: MichaelMorris Issue-ID: SDC-4639 Change-Id: Ic9cff09c633770df5171867ca69ed318c2a75f59 --- .../templates/default/BE-configuration.yaml.erb | 4 ++ .../sdc/be/listen/BEAppContextListener.java | 52 ++++++++++++++++++++++ .../sdc/be/listen/TlsFileChangeHandler.java | 51 +++++++++++++++++++++ .../org/openecomp/sdc/be/config/Configuration.java | 3 ++ 4 files changed, 110 insertions(+) create mode 100644 catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb index d6d034fcb6..ada01a96e5 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -21,6 +21,10 @@ beProtocol: https beProtocol: http <% end -%> +tlsCert: <%= node['BE']['tls_cert'] %> +tlsKey: <%= node['BE']['tls_key'] %> +caCert: <%= node['BE']['ca_cert'] %> + # catalog backend ssl port beSslPort: <%= @ssl_port %> version: 1.1.0 diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java index 76be33cedf..00d4e4356e 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java @@ -19,13 +19,22 @@ */ package org.openecomp.sdc.be.listen; +import java.io.File; import java.io.IOException; import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; import java.util.jar.Attributes; import java.util.jar.Manifest; import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; + +import org.apache.commons.io.filefilter.FileFilterUtils; +import org.apache.commons.io.filefilter.IOFileFilter; +import org.apache.commons.io.monitor.FileAlterationListenerAdaptor; +import org.apache.commons.io.monitor.FileAlterationMonitor; +import org.apache.commons.io.monitor.FileAlterationObserver; import org.openecomp.sdc.be.config.ConfigurationManager; import org.openecomp.sdc.be.impl.WebAppContextWrapper; import org.openecomp.sdc.be.monitoring.BeMonitoringService; @@ -50,6 +59,7 @@ public class BEAppContextListener extends AppContextListener implements ServletC // Monitoring service BeMonitoringService bms = new BeMonitoringService(context.getServletContext()); bms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(15)); + initTlsFileMonitoring(); log.debug("After executing {}", this.getClass()); } @@ -71,4 +81,46 @@ public class BEAppContextListener extends AppContextListener implements ServletC } return version; } + + private void initTlsFileMonitoring() { + final Map tlsFileFilters = createTlsFileFilters(); + if (!tlsFileFilters.isEmpty()) { + final TlsFileChangeHandler tlsFileChangeHandler = new TlsFileChangeHandler(); + tlsFileFilters.entrySet().stream().forEach(entry -> listenForChanges(entry.getKey(), tlsFileChangeHandler, entry.getValue())); + } + } + + private Map createTlsFileFilters() { + final Map filters = new HashMap<>(); + addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getTlsCert()); + addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getTlsKey()); + addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getCaCert()); + return filters; + } + + private void addFilter(final Map filters, final String path) { + if (path != null) { + final File file = new File(path); + final IOFileFilter caCertFileFilter = + FileFilterUtils.and(FileFilterUtils.fileFileFilter(), FileFilterUtils.nameFileFilter(file.getName())); + + if (filters.containsKey(file.getParent())) { + filters.put(file.getParent(), FileFilterUtils.or(filters.get(file.getParent()), caCertFileFilter)); + } else { + filters.put(file.getParent(), caCertFileFilter); + } + } + } + + private void listenForChanges(String path, FileAlterationListenerAdaptor changeListener, IOFileFilter ioFileFilter) { + FileAlterationMonitor monitor = new FileAlterationMonitor(); + final FileAlterationObserver observer = new FileAlterationObserver(path, ioFileFilter); + observer.addListener(changeListener); + monitor.addObserver(observer); + try { + monitor.start(); + } catch (final Exception exception) { + log.error("Error starting monitoring of TLS files", exception); + } + } } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java new file mode 100644 index 0000000000..7e5671cd19 --- /dev/null +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java @@ -0,0 +1,51 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2023 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.openecomp.sdc.be.listen; + +import java.io.File; + +import org.apache.commons.io.monitor.FileAlterationListenerAdaptor; +import org.openecomp.sdc.be.config.Configuration; +import org.openecomp.sdc.be.config.ConfigurationManager; +import org.openecomp.sdc.common.log.wrappers.Logger; + +public class TlsFileChangeHandler extends FileAlterationListenerAdaptor { + + private static final Logger LOGGER = Logger.getLogger(TlsFileChangeHandler.class.getName()); + + @Override + public void onFileChange(File pFile) { + final Configuration config = ConfigurationManager.getConfigurationManager().getConfiguration(); + if (pFile.getAbsolutePath().equals(config.getTlsCert()) || pFile.getAbsolutePath().equals(config.getTlsKey())) { + handleTlsCertChanged(); + } + if (pFile.getAbsolutePath().equals(config.getCaCert())) { + handleCaCertChanged(); + } + } + + private void handleTlsCertChanged() { + LOGGER.info("TLS cert/key change detected"); + } + + private void handleCaCertChanged() { + LOGGER.info("CA cert change detected"); + } + +} diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java index f945402106..3222c267df 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java @@ -66,6 +66,9 @@ public class Configuration extends BasicConfiguration { * backend protocol. http | https */ private String beProtocol = "http"; + private String tlsCert; + private String tlsKey; + private String caCert; private Date released; private String version = "1111"; private String toscaConformanceLevel = "3.0"; -- 2.16.6