summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonathan Gathman <jonathan.gathman@att.com>2018-10-29 12:25:23 +0000
committerGerrit Code Review <gerrit@onap.org>2018-10-29 12:25:23 +0000
commit16b2d4d78ac172b01e5e68d088390136b572d09e (patch)
tree34697e68b621340ebc9d5c42a9cb50171340d6b2
parent38c02e8cd810f596ff47e641ac7c08b9a760a91e (diff)
parent05f3b5ca30691246e774dc87cfaaa155769b0248 (diff)
Merge "Make 2-way TLS optional and fix cert errors"
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java15
-rw-r--r--sidecar/fproxy/src/main/resources/application.properties5
2 files changed, 14 insertions, 6 deletions
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
index a1aef28..8acfd86 100644
--- a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
@@ -26,6 +26,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
+import org.eclipse.jetty.util.security.Password;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
@@ -41,9 +42,15 @@ public class RestTemplateConfig {
@Value("${server.ssl.client-cert}")
private String clientCertPath;
- @Value("${server.ssl.key-store-password}")
+ @Value("${server.ssl.client-cert-password}")
private String clientCertPassword;
+ @Value("${server.ssl.key-store}")
+ private String keystorePath;
+
+ @Value("${server.ssl.key-store-password}")
+ private String keystorePassword;
+
@Profile("secure")
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
@@ -61,9 +68,9 @@ public class RestTemplateConfig {
private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
SSLContext sslContext = SSLContextBuilder.create()
- .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(),
- clientCertPassword.toCharArray())
- .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build();
+ .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), Password.deobfuscate(clientCertPassword).toCharArray(),
+ keystorePassword.toCharArray())
+ .loadTrustMaterial(ResourceUtils.getFile(keystorePath), keystorePassword.toCharArray()).build();
return HttpClients.custom().setSSLContext(sslContext);
}
diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties
index 5ed7510..2fb9396 100644
--- a/sidecar/fproxy/src/main/resources/application.properties
+++ b/sidecar/fproxy/src/main/resources/application.properties
@@ -3,9 +3,10 @@ CONFIG_HOME=config
server.port=10680
server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12
-server.ssl.client-auth=need
+server.ssl.client-cert-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+server.ssl.client-auth=want
-server.contextPath=/
+server.servlet.context-path=/
logging.config=${CONFIG_HOME}/logback-spring.xml