diff options
| author |   Ravi Geda <gravik@amdocs.com> | 2018-10-25 21:01:13 +0100 |
|---|---|---|
| committer | Ravi Geda <gravik@amdocs.com> | 2018-10-26 14:32:13 +0100 |
| commit | 05f3b5ca30691246e774dc87cfaaa155769b0248 (patch) | |
| tree | edf8c98dc516b5716313298018204d2e41339855 /sidecar | |
| parent | bf541d5f93db8b4ef1ec5bbd699f5750210304c4 (diff) | |
Make 2-way TLS optional and fix cert errors
Change-Id: Ia7f94f8903039a7b55946c9cab4f026fe3558f1c
Issue-ID: AAF-586
Signed-off-by: Ravi Geda <gravik@amdocs.com>
Diffstat (limited to 'sidecar')
| -rw-r--r-- | sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java | 15 | ||||
| -rw-r--r-- | sidecar/fproxy/src/main/resources/application.properties | 5 |
2 files changed, 14 insertions, 6 deletions
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java index a1aef28..8acfd86 100644 --- a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java @@ -26,6 +26,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; +import org.eclipse.jetty.util.security.Password; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.client.RestTemplateBuilder; import org.springframework.context.annotation.Bean; @@ -41,9 +42,15 @@ public class RestTemplateConfig { @Value("${server.ssl.client-cert}") private String clientCertPath; - @Value("${server.ssl.key-store-password}") + @Value("${server.ssl.client-cert-password}") private String clientCertPassword; + @Value("${server.ssl.key-store}") + private String keystorePath; + + @Value("${server.ssl.key-store-password}") + private String keystorePassword; + @Profile("secure") @Bean public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException { @@ -61,9 +68,9 @@ public class RestTemplateConfig { private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException { SSLContext sslContext = SSLContextBuilder.create() - .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(), - clientCertPassword.toCharArray()) - .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build(); + .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), Password.deobfuscate(clientCertPassword).toCharArray(), + keystorePassword.toCharArray()) + .loadTrustMaterial(ResourceUtils.getFile(keystorePath), keystorePassword.toCharArray()).build(); return HttpClients.custom().setSSLContext(sslContext); } diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties index 5ed7510..2fb9396 100644 --- a/sidecar/fproxy/src/main/resources/application.properties +++ b/sidecar/fproxy/src/main/resources/application.properties @@ -3,9 +3,10 @@ CONFIG_HOME=config server.port=10680 server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12 -server.ssl.client-auth=need +server.ssl.client-cert-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +server.ssl.client-auth=want -server.contextPath=/ +server.servlet.context-path=/ logging.config=${CONFIG_HOME}/logback-spring.xml |