From 81a0a2ed19dda1916df0a4695069e612697ba7c7 Mon Sep 17 00:00:00 2001
From: Jack Lucas <jflucas@research.att.com>
Date: Fri, 22 Nov 2019 17:32:55 -0500
Subject: Provide truststore in JKS format

Issue-ID: DCAEGEN2-1938
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: Ibd10d4e833bede448ebbc9b5e0e5be5a84155835
---
 tls-init-container/dcae-cert-setup.sh | 23 ++++++++++++++++++++++-
 tls-init-container/pom.xml            |  2 +-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/tls-init-container/dcae-cert-setup.sh b/tls-init-container/dcae-cert-setup.sh
index da52569..e3b5dbe 100755
--- a/tls-init-container/dcae-cert-setup.sh
+++ b/tls-init-container/dcae-cert-setup.sh
@@ -29,7 +29,7 @@ export DEPLOY_PASSWORD=${DEPLOY_PASSWORD:-"demo123456!"}
 export cadi_longitude=${cadi_longitude:-"-72.0"}
 export cadi_latitude=${cadi_latitude:-"38.0"}
 
-# For now, we can deault aaf_locator_fqdn
+# For now, we can default aaf_locator_fqdn
 # This points to the single DCAE cert with many SANs,
 # as used in previous releases
 # When we have individual certs per component, we will override this
@@ -37,6 +37,10 @@ export cadi_latitude=${cadi_latitude:-"38.0"}
 # or via the k8s plugin
 export aaf_locator_fqdn=${aaf_locator_fqdn:-"dcae"}
 
+# Our own environment variable to signal that the tls-init-container
+# is being run for a component that is a TLS server
+export TLS_SERVER=${TLS_SERVER:-"true"}
+
 # Directory where AAF agent puts artifacts
 ARTIFACTS=/opt/app/osaaf/local
 # Directory where DCAE apps expect artifacts
@@ -45,10 +49,20 @@ TARGET=/opt/app/osaaf
 # AAF namespace for the certs--used in naming artifacts
 AAFNS=org.onap.dcae
 
+# Dummy certificate FQDN for client-only components
+# Must be set up in AAF, but won't actually be used
+DUMMY_FQDN=dcae
+
 # Clean out any existing artifacts
 rm -rf ${ARTIFACTS}
 rm -f ${TARGET}/*
 
+# Set the dummy FQDN for a client-only component
+if [ "${TLS_SERVER}" == "false" ]
+then
+    export aaf_locator_fqdn=${DUMMY_FQDN}
+fi
+
 # Get the certificate artifacts from AAF
 /opt/app/aaf_config/bin/agent.sh
 
@@ -70,3 +84,10 @@ chmod 644 ${TARGET}/cert.pem ${TARGET}/key.pem
 
 # Get the ONAP AAF CA certificate -- pass in an empty password, since the trust store doesn't have one
 echo "" | keytool -exportcert -rfc -file ${TARGET}/cacert.pem -keystore ${ARTIFACTS}/${AAFNS}.trust.jks -alias ca_local_0
+
+# Remove server-related files for client-only components
+if [ "${TLS_SERVER}" == "false" ]
+then
+    rm ${TARGET}/cert.p12 ${TARGET}/cert.jks ${TARGET}/cert.pem ${TARGET}/key.pem ${TARGET}/p12.pass ${TARGET}/jks.pass
+    rm ${ARTIFACTS}/${AAFNS}.p12 ${ARTIFACTS}/${AAFNS}.jks
+fi
\ No newline at end of file
diff --git a/tls-init-container/pom.xml b/tls-init-container/pom.xml
index a25a0bf..a439050 100644
--- a/tls-init-container/pom.xml
+++ b/tls-init-container/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
   <groupId>org.onap.dcaegen2.deployments</groupId>
   <artifactId>tls-init-container</artifactId>
   <name>dcaegen2-deployments-tls-init-container</name>
-  <version>2.0.1</version>
+  <version>2.1.0</version>
   <url>http://maven.apache.org</url>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-- 
cgit 1.2.3-korg