summaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-08-17 16:40:58 -0500
committerJim Hahn <jrh3@att.com>2018-08-20 11:50:01 -0400
commit3bbdb237654a09496c2916ce2c7545f2aabbe339 (patch)
tree0c2fe9969405b77622d3a8709ebaf3314ac640b0 /packages
parent763a2328d939c1d400fd1c9595bec5717645914b (diff)
https certs with aaf+pdpd containers compatibility
Updated license date (jrh3). Change-Id: I1bc244da64f4a1e683f8c6a1be53157474f46ee9 Issue-ID: POLICY-1026 Signed-off-by: Jorge Hernandez <jh1730@att.com>
Diffstat (limited to 'packages')
-rw-r--r--packages/base/src/files/etc/ssl/ca-aaf.crt31
-rw-r--r--packages/base/src/files/etc/ssl/policy-keystorebin114865 -> 4535 bytes
-rw-r--r--packages/base/src/files/etc/ssl/policy-truststorebin0 -> 124180 bytes
-rw-r--r--packages/docker/src/main/docker/do-start.sh9
-rw-r--r--packages/docker/src/main/docker/docker-install.sh13
-rw-r--r--packages/install/src/files/base.conf2
6 files changed, 50 insertions, 5 deletions
diff --git a/packages/base/src/files/etc/ssl/ca-aaf.crt b/packages/base/src/files/etc/ssl/ca-aaf.crt
new file mode 100644
index 00000000..e9a50d7e
--- /dev/null
+++ b/packages/base/src/files/etc/ssl/ca-aaf.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
diff --git a/packages/base/src/files/etc/ssl/policy-keystore b/packages/base/src/files/etc/ssl/policy-keystore
index c3890965..b92217cf 100644
--- a/packages/base/src/files/etc/ssl/policy-keystore
+++ b/packages/base/src/files/etc/ssl/policy-keystore
Binary files differ
diff --git a/packages/base/src/files/etc/ssl/policy-truststore b/packages/base/src/files/etc/ssl/policy-truststore
new file mode 100644
index 00000000..8834ac25
--- /dev/null
+++ b/packages/base/src/files/etc/ssl/policy-truststore
Binary files differ
diff --git a/packages/docker/src/main/docker/do-start.sh b/packages/docker/src/main/docker/do-start.sh
index fa4cd6ab..0a550694 100644
--- a/packages/docker/src/main/docker/do-start.sh
+++ b/packages/docker/src/main/docker/do-start.sh
@@ -56,9 +56,14 @@ else
. /opt/app/policy/etc/profile.d/env.sh
+ # override the policy keystore and truststore if present
+
if [[ -f config/policy-keystore ]]; then
- # install policy keystore if present
- cp config/policy-keystore ${POLICY_HOME}/etc/ssl
+ cp -f config/policy-keystore ${POLICY_HOME}/etc/ssl
+ fi
+
+ if [[ -f config/policy-truststore ]]; then
+ cp -f config/policy-trustore ${POLICY_HOME}/etc/ssl
fi
if [[ -f config/drools-tweaks.sh ]] ; then
diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh
index c17cba2a..98560202 100644
--- a/packages/docker/src/main/docker/docker-install.sh
+++ b/packages/docker/src/main/docker/docker-install.sh
@@ -154,6 +154,7 @@ function configure_component() {
SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' "
SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' "
SED_LINE+=" -e 's!\${{KEYSTORE_PASSWD}}!${KEYSTORE_PASSWD}!g' "
+ SED_LINE+=" -e 's!\${{TRUSTSTORE_PASSWD}}!${TRUSTSTORE_PASSWD}!g' "
SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' "
while read line || [ -n "${line}" ]; do
@@ -245,11 +246,17 @@ function configure_keystore() {
set -x
fi
- local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
+ local DEFAULT_TRUSTSTORE_PASSWORD='Pol1cy_0nap'
+ local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
+
+ if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
+ keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+ keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
+ fi
if [[ -n ${KEYSTORE_PASSWD} ]]; then
- keytool -storepasswd -storepass ${DEFAULT_KEYSTORE_PASSWORD} -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -new ${KEYSTORE_PASSWD}
- keytool -list -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -storepass ${KEYSTORE_PASSWD}
+ keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -new "${KEYSTORE_PASSWD}"
+ keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -storepass "${KEYSTORE_PASSWD}"
fi
}
diff --git a/packages/install/src/files/base.conf b/packages/install/src/files/base.conf
index f1a37d0f..0c440937 100644
--- a/packages/install/src/files/base.conf
+++ b/packages/install/src/files/base.conf
@@ -24,6 +24,8 @@ POLICY_HOME=/opt/app/policy
POLICY_LOGS=/opt/app/policy/logs
JAVA_HOME=/opt/jdk1.8.0_77
M2_HOME=/opt/app/policy/3rdparty/apache-maven-3.3.1
+KEYSTORE_PASSWD=Pol1cy_0nap
+TRUSTSTORE_PASSWD=Pol1cy_0nap
# Telemetry credentials