aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBansal, Nitin (nb121v) <nitin.bansal@amdocs.com>2018-04-05 09:39:39 -0400
committerBansal, Nitin (nb121v) <nitin.bansal@amdocs.com>2018-04-05 09:41:10 -0400
commit677dbc87455c77e9d3184519ddbd550c74cc41e8 (patch)
tree4bbc7588bab53a60efa52c76d91723bed9d08776
parentb9fbe7fa64e864f9101938917f76ca2c853c0840 (diff)
Enabling 2 way ssl with spring boot
Change-Id: I2e8cefc59dcfc330c3e511bcd5a8f66336c39674 Issue-ID: AAI-802 Signed-off-by: Bansal, Nitin (nb121v) <nitin.bansal@amdocs.com>
-rw-r--r--src/main/bin/start.sh20
-rw-r--r--src/main/docker/Dockerfile6
-rw-r--r--src/main/resources/application.properties8
3 files changed, 21 insertions, 13 deletions
diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh
index fecadcc..a54059b 100644
--- a/src/main/bin/start.sh
+++ b/src/main/bin/start.sh
@@ -9,6 +9,26 @@ if [ -z "$CONFIG_HOME" ]; then
exit 1
fi
+if [ -z "$KEY_STORE_PASSWORD" ]; then
+ echo "KEY_STORE_PASSWORD must be set in order to start up process"
+ exit 1
+else
+ ## Extract java jar to DEOBFUSCATE the password.
+ CURR_D=`pwd`
+ cd $BASEDIR
+ jar xf data-router.jar
+ sudo java -cp ./BOOT-INF/lib/jetty-util-9.4.8.v20171121.jar org.eclipse.jetty.util.security.Password $KEY_STORE_PASSWORD > pass.txt 2>> pass.txt
+ PASS=`sed "2q;d" pass.txt`
+ sudo rm pass.txt
+ cd $CURR_D
+fi
+
+## tomcat_keystore to p12
+keytool -importkeystore -noprompt -deststorepass $PASS -destkeypass $PASS -srckeystore $BASEDIR/config/auth/tomcat_keystore -destkeystore $BASEDIR/config/auth/onap.p12 -deststoretype PKCS12 -srcstorepass $PASS
+
+## import into cacerts
+sudo keytool -importkeystore -noprompt -deststorepass changeit -destkeypass changeit -destkeystore /$JAVA_HOME/jre/lib/security/cacerts -srckeystore $BASEDIR/config/auth/onap.p12 -srcstoretype PKCS12 -srcstorepass $PASS -alias tomcat
+
PROPS="-DAJSC_HOME=$AJSC_HOME"
PROPS="$PROPS -DAJSC_CONF_HOME=$AJSC_CONF_HOME"
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 8963fa8..b4e638a 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -28,12 +28,6 @@ COPY data-router.jar $MICRO_HOME/
COPY bundleconfig-local $MICRO_HOME/bundleconfig
COPY bundleconfig-local/etc/logback.xml $MICRO_HOME/bundleconfig/etc
-# Create the aai user
-RUN mkdir /opt/aaihome && \
- groupadd -g 492381 aaiadmin && \
- useradd -r -u 341790 -g 492381 -ms /bin/bash -d /opt/aaihome/aaiadmin aaiadmin && \
- chown -R aaiadmin:aaiadmin $MICRO_HOME
-USER aaiadmin
EXPOSE 9502 9502
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index a046f4e..13ba49c 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -3,11 +3,5 @@ server.ssl.key-store=file:${CONFIG_HOME}/auth/tomcat_keystore
server.ssl.enabled=true
server.port=9502
-server.ssl.client-auth=want
-
+server.ssl.client-auth=need
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-
-#server.ssl.trust-store=C:\\ONAP\\spring\\data-router\\dynamic\\auth\\tomcat_keystore
-#server.ssl.trust-store-password=onapSecret
-#server.ssl.client-auth=want
-server.ssl.key-store-type=JKS \ No newline at end of file