Update FProxy to separate truststore and keystore

* Create default truststore, fproxy_truststore. * Require TRUST_STORE_PASSWORD system parameter on application start. * Harden parameter checks in FProxyApplication PostConstruct. * Rationalise properties in RestTemplateConfig. * Update unit tests to handle trust store. * Correct spring dependency in pom. Change-Id: I0254e5d27ff76bbd7a44b961169d7fe47761d3f9 Issue-ID: AAF-614 Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
author: Michael Arrastia <MArrasti@amdocs.com> 2018-11-08 16:57:56 +0000
committer: Michael Arrastia <MArrasti@amdocs.com> 2018-11-09 13:49:40 +0000
commit: d3e1728b11f11d3979f04be1773e338416090d77 (patch)
tree: 0c81e2b8d68e6a089a6fa9ef312536f5669e6a59 /sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java
parent: 60985cb838d78c1a7f3853ee355ee5b974cc72bd (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java
index 23f3471..33ecb7e 100644
--- a/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java
@@ -45,11 +45,11 @@ public class RestTemplateConfig {
     @Value("${server.ssl.client-cert-password}")
     private String clientCertPassword;
 
-    @Value("${server.ssl.key-store}")
-    private String keystorePath;
+    @Value("${server.ssl.trust-store}")
+    private String trustStorePath;
 
-    @Value("${server.ssl.key-store-password}")
-    private String keystorePassword;
+    @Value("${server.ssl.trust-store-password}")
+    private String trustStorePassword;
 
     @Profile("secure")
     @Bean
@@ -66,11 +66,11 @@ public class RestTemplateConfig {
     }
 
     private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
+        char[] clientPassword = Password.deobfuscate(clientCertPassword).toCharArray();
 
         SSLContext sslContext = SSLContextBuilder.create()
-                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), Password.deobfuscate(clientCertPassword).toCharArray(),
-                        keystorePassword.toCharArray())
-                .loadTrustMaterial(ResourceUtils.getFile(keystorePath), keystorePassword.toCharArray()).build();
+                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientPassword, clientPassword)
+                .loadTrustMaterial(ResourceUtils.getFile(trustStorePath), trustStorePassword.toCharArray()).build();
 
         return HttpClients.custom().setSSLContext(sslContext);
     }
author	Michael Arrastia <MArrasti@amdocs.com>	2018-11-08 16:57:56 +0000
committer	Michael Arrastia <MArrasti@amdocs.com>	2018-11-09 13:49:40 +0000
commit	d3e1728b11f11d3979f04be1773e338416090d77 (patch)
tree	0c81e2b8d68e6a089a6fa9ef312536f5669e6a59 /sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java
parent	60985cb838d78c1a7f3853ee355ee5b974cc72bd (diff)