Skip to content

Commit

Permalink
5.2-RELEASE-16
Browse files Browse the repository at this point in the history
  • Loading branch information
takdeveloper committed Aug 9, 2024
1 parent a4e4453 commit 56b5b99
Show file tree
Hide file tree
Showing 482 changed files with 22,531 additions and 2,919 deletions.
40 changes: 38 additions & 2 deletions src/docs/README_fedhub.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,23 +82,54 @@ sudo dnf install checkpolicy
cd /opt/tak/federation-hub && sudo ./apply-selinux.sh && sudo semodule -l | grep takserver
```

## Install and Run Debian
Update apt

```
sudo apt update -y
```

To install from the .deb, run: (if you see the error: couldn't be accessed by user 'apt'. - pkgAcquire::Run (13: Permission denied), that is OK)

```
sudo apt install <absolute path>/takserver-fed-hub_*.deb -y
```



## Install Mongo
Make sure /opt/tak/federation-hub/configs/federation-hub-broker.yml has your database credentials defined. Defaults will be generated otherwise
```
dbUsername: martiuser
dbPassword: pass4marti
```

Mongo Setup
Mongo Setup RHEL
```
sudo cp /opt/tak/federation-hub/scripts/db/mongodb-org.repo /etc/yum.repos.d/mongodb-org.repo
sudo yum install -y mongodb-org
sudo systemctl daemon-reload
sudo systemctl enable mongod
sudo systemctl restart mongod
sudo /opt/tak/federation-hub/scripts/db/configure.sh
```

## Update from RPM
Mongo Setup Debian
```
sudo apt install curl software-properties-common gnupg apt-transport-https ca-certificates -y
curl -fsSL https://pgp.mongodb.com/server-7.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
sudo apt update && sudo apt install mongodb-org -y
sudo systemctl enable mongod
sudo systemctl restart mongod
sudo /opt/tak/federation-hub/scripts/db/configure.sh
```

## Update Fedhub
Before updating the Federation Hub, you should back up the policy file and list of authorized users:

```
Expand All @@ -116,6 +147,11 @@ RHEL8
sudo yum upgrade takserver-fed-hub-*.noarch.rpm
```

Debian
```
sudo apt install <absolute path>/takserver-fed-hub_*.deb -y
```

The policy and authorized can then be replaced:
```
mv /tmp/ui_generated_policy.json /opt/tak/federation-hub/
Expand Down
Binary file modified src/docs/TAK_Server_Configuration_Guide.odt
Binary file not shown.
Binary file modified src/docs/TAK_Server_Configuration_Guide.pdf
Binary file not shown.
2 changes: 2 additions & 0 deletions src/federation-common/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ dependencies {
implementation group: 'org.apache.ignite', name: 'ignite-slf4j', version: ignite_version
implementation 'org.apache.commons:commons-lang3:' + commons_lang_version
implementation group: 'commons-codec', name: 'commons-codec', version: commons_codec_version
implementation group: 'io.jsonwebtoken', name: 'jjwt', version: jsonwebtoken_version

}

compileJava {
Expand Down

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package tak.server.federation;

public class FederateTokenGroup extends FederateGroup {

private String token;

public FederateTokenGroup(FederateIdentity federateIdentity) {
super(federateIdentity);
}

public String getToken() {
return token;
}

public void setToken(String token) {
this.token = token;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,12 @@

import static java.util.Objects.requireNonNull;

import java.math.BigInteger;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentSkipListSet;

import javax.net.ssl.SSLSession;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand All @@ -19,9 +17,9 @@
import com.atakmap.Tak.FederateHops;
import com.atakmap.Tak.FederateProvenance;
import com.atakmap.Tak.FederatedEvent;
import com.atakmap.Tak.Identity.ConnectionType;
import com.atakmap.Tak.ROL;
import com.atakmap.Tak.Subscription;
import com.atakmap.Tak.Identity.ConnectionType;
import com.google.common.base.Strings;

import io.grpc.ClientCall;
Expand All @@ -46,6 +44,8 @@ public class GuardedStreamHolder<T> {
private FederateIdentity federateIdentity;
private Subscription subscription;
private int maxFederateHops = -1;
private String clientFingerprint;
private List<String> clientGroups;

private boolean isRunningInHub = false;

Expand Down Expand Up @@ -75,7 +75,7 @@ public GuardedStreamHolder(ClientCall<T, Subscription> clientCall, String fedId,
}

// for incoming connections
public GuardedStreamHolder(StreamObserver<T> clientStream, String clientName, String certHash, SSLSession session, Subscription subscription, Comparator<T> comp, boolean isRunningInHub) {
public GuardedStreamHolder(StreamObserver<T> clientStream, String clientName, String certHash, String sessionId, Subscription subscription, Comparator<T> comp, boolean isRunningInHub) {

requireNonNull(clientStream, "FederatedEvent client stream");

Expand All @@ -97,7 +97,7 @@ public GuardedStreamHolder(StreamObserver<T> clientStream, String clientName, St
// new takservers will send their CoreConfig serverId. if present, use it, otherwise generate a random unique identifier
String serverId = subscription.getIdentity().getServerId();
if (Strings.isNullOrEmpty(serverId)) {
serverId = new BigInteger(session.getId()).toString();
serverId = sessionId;
}
String fedId = clientName + "-" + certHash + "-" + serverId;

Expand Down Expand Up @@ -144,8 +144,8 @@ public synchronized void send(T event) {
// since hub outgoing connections can forward traffic to other hubs, we need to keep a list of visited nodes
// so that we can stop cycles
FederateProvenance prov = FederateProvenance.newBuilder()
.setFederationServerId(FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfig().getFullId())
.setFederationServerName(FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfig().getServerName())
.setFederationServerId(FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfigManager().getConfig().getFullId())
.setFederationServerName(FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfigManager().getConfig().getServerName())
.build();

Set<FederateProvenance> federateProvenances = new HashSet<>();
Expand Down Expand Up @@ -345,7 +345,23 @@ public void setMaxFederateHops(int maxFederateHops) {
this.maxFederateHops = maxFederateHops;
}

@Override
public String getClientFingerprint() {
return clientFingerprint;
}

public void setClientFingerprint(String clientFingerprint) {
this.clientFingerprint = clientFingerprint;
}

public List<String> getClientGroups() {
return clientGroups;
}

public void setClientGroups(List<String> clientGroups) {
this.clientGroups = clientGroups;
}

@Override
public String toString() {
return "GuardedStreamHolder [clientStream=" + clientStream + ", clientCall=" + clientCall + ", lastHealthTime="
+ lastHealthTime + ", lastHealthStatus=" + lastHealthStatus + ", federateIdentity=" + federateIdentity
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package tak.server.federation;

import static io.grpc.Metadata.ASCII_STRING_MARSHALLER;

import java.util.concurrent.Executor;

import io.grpc.CallCredentials;
import io.grpc.Metadata;
import io.grpc.Status;

public class TokenAuthCredential extends CallCredentials {
public static final String BEARER_TYPE = "Bearer";

public static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY = Metadata.Key.of("Authorization",
ASCII_STRING_MARSHALLER);

private final String token;

public TokenAuthCredential(String token) {
this.token = token;
}

@Override
public void applyRequestMetadata(final RequestInfo requestInfo, final Executor executor,
final MetadataApplier metadataApplier) {

executor.execute(new Runnable() {
@Override
public void run() {
try {
Metadata headers = new Metadata();
headers.put(AUTHORIZATION_METADATA_KEY, String.format("%s %s", BEARER_TYPE, token));
metadataApplier.apply(headers);
} catch (Throwable e) {
metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e));
}
}
});
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
public class FederationHubDependencyInjectionProxy implements ApplicationContextAware {
private static ApplicationContext springContext;

private static FederationHubDependencyInjectionProxy instance = null;
private volatile static FederationHubDependencyInjectionProxy instance = null;

public static FederationHubDependencyInjectionProxy getInstance() {
if (instance == null) {
Expand All @@ -35,7 +35,7 @@ public void setApplicationContext(ApplicationContext context) throws BeansExcept
this.springContext = context;
}

private FederationHubPolicyManager fedHubPolicyManager = null;
private volatile FederationHubPolicyManager fedHubPolicyManager = null;

public FederationHubPolicyManager fedHubPolicyManager() {
if (fedHubPolicyManager == null) {
Expand All @@ -49,7 +49,7 @@ public FederationHubPolicyManager fedHubPolicyManager() {
return fedHubPolicyManager;
}

private SSLConfig sslConfig = null;
private volatile SSLConfig sslConfig = null;

public SSLConfig sslConfig() {
if (sslConfig == null) {
Expand All @@ -63,21 +63,21 @@ public SSLConfig sslConfig() {
return sslConfig;
}

private FederationHubServerConfig fedHubServerConfig = null;
private volatile FederationHubServerConfigManager fedHubServerConfigManager = null;

public FederationHubServerConfig fedHubServerConfig() {
if (fedHubServerConfig == null) {
public FederationHubServerConfigManager fedHubServerConfigManager() {
if (fedHubServerConfigManager == null) {
synchronized (this) {
if (fedHubServerConfig == null) {
fedHubServerConfig = springContext.getBean(FederationHubServerConfig.class);
if (fedHubServerConfigManager == null) {
fedHubServerConfigManager = springContext.getBean(FederationHubServerConfigManager.class);
}
}
}

return fedHubServerConfig;
return fedHubServerConfigManager;
}

private FederationHubBroker federationHubBroker = null;
private volatile FederationHubBroker federationHubBroker = null;

public FederationHubBroker federationHubBroker() {
if (federationHubBroker == null) {
Expand All @@ -91,7 +91,7 @@ public FederationHubBroker federationHubBroker() {
return federationHubBroker;
}

private FederationHubBrokerMetrics federationHubBrokerMetrics = null;
private volatile FederationHubBrokerMetrics federationHubBrokerMetrics = null;

public FederationHubBrokerMetrics federationHubBrokerMetrics() {
if (federationHubBrokerMetrics == null) {
Expand All @@ -104,7 +104,7 @@ public FederationHubBrokerMetrics federationHubBrokerMetrics() {
return federationHubBrokerMetrics;
}

private HubConnectionStore hubConnectionStore = null;
private volatile HubConnectionStore hubConnectionStore = null;

public HubConnectionStore hubConnectionStore() {
if (hubConnectionStore == null) {
Expand Down
Loading

0 comments on commit 56b5b99

Please sign in to comment.