From c138b700030d22ae0bdbd6992fb4a4d8a3431798 Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Wed, 10 Apr 2019 10:32:00 +0200 Subject: Read passwords from files Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk --- development/configuration/base.json | 4 ++-- development/configuration/local.json | 4 ++-- development/docker-compose.yml | 5 +++-- development/ssl/.gitignore | 2 +- development/ssl/gen-certs.sh | 22 +++++++++++++++++++++- 5 files changed, 29 insertions(+), 8 deletions(-) (limited to 'development') diff --git a/development/configuration/base.json b/development/configuration/base.json index 1b723b72..9bf9194b 100644 --- a/development/configuration/base.json +++ b/development/configuration/base.json @@ -5,7 +5,7 @@ "cbs.firstRequestDelaySec": 10, "cbs.requestIntervalSec": 5, "security.keys.keyStoreFile": "/etc/ves-hv/ssl/server.p12", - "security.keys.keyStorePassword": "onaponap", + "security.keys.keyStorePasswordFile": "/etc/ves-hv/ssl/server.pass", "security.keys.trustStoreFile": "/etc/ves-hv/ssl/trust.p12", - "security.keys.trustStorePassword": "onaponap" + "security.keys.trustStorePasswordFile": "/etc/ves-hv/ssl/trust.pass" } \ No newline at end of file diff --git a/development/configuration/local.json b/development/configuration/local.json index ebf2f82e..cfaaaa40 100644 --- a/development/configuration/local.json +++ b/development/configuration/local.json @@ -5,7 +5,7 @@ "cbs.firstRequestDelaySec": 10, "cbs.requestIntervalSec": 5, "security.keys.keyStoreFile": "development/ssl/server.p12", - "security.keys.keyStorePassword": "onaponap", + "security.keys.keyStorePasswordFile": "development/ssl/server.pass", "security.keys.trustStoreFile": "development/ssl/trust.p12", - "security.keys.trustStorePassword": "onaponap" + "security.keys.trustStorePasswordFile": "development/ssl/server.pass" } diff --git a/development/docker-compose.yml b/development/docker-compose.yml index d135e8b4..9272c618 100644 --- a/development/docker-compose.yml +++ b/development/docker-compose.yml @@ -110,8 +110,9 @@ services: "--ves-host", "ves-hv-collector", "--ves-port", "6061", "--key-store", "/etc/ves-hv/client.p12", - "--key-store-password", "onaponap", - "--trust-store-password", "onaponap"] + "--key-store-password-file", "/etc/ves-hv/client.pass", + "--trust-store", "/etc/ves-hv/trust.p12", + "--trust-store-password-file", "/etc/ves-hv/trust.pass"] healthcheck: test: curl -f http://localhost:6063/health/ready || exit 1 interval: 10s diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore index 23888eb0..955c17d1 100644 --- a/development/ssl/.gitignore +++ b/development/ssl/.gitignore @@ -4,4 +4,4 @@ *.csr *.pkcs12 *.p12 - +*.pass diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh index b4f78227..bf28ca02 100755 --- a/development/ssl/gen-certs.sh +++ b/development/ssl/gen-certs.sh @@ -1,4 +1,21 @@ #!/usr/bin/env bash +# ============LICENSE_START======================================================= +# csit-dcaegen2-collectors-hv-ves +# ================================================================================ +# Copyright (C) 2018-2019 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= set -eu -o pipefail -o xtrace @@ -24,6 +41,8 @@ function gen_key() { keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ keytool -alias ${key_name} -importcert ${keystore} + + printf ${STORE_PASS} > ${key_name}.pass } @@ -36,10 +55,11 @@ function gen_ca() { function gen_truststore() { local trusted_ca="$1" keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 + printf ${STORE_PASS} > ${TRUST}.pass } function clean() { - rm -f *.crt *.p12 + rm -f *.crt *.p12 *.pass } if [[ $# -eq 0 ]]; then -- cgit 1.2.3-korg