https certs with aaf+pe containers compatibility

Change-Id: I21ed7a0fea5ea7d62857a077fa2568da4af99d26 Issue-ID: POLICY-1057 Signed-off-by: Jorge Hernandez <jh1730@att.com>
author: Jorge Hernandez <jh1730@att.com> 2018-08-17 16:23:07 -0500
committer: Jorge Hernandez <jh1730@att.com> 2018-08-17 16:31:12 -0500
commit: a7ad88d23b2a59a16c098b156c430a2fe3558023 (patch)
tree: 8056ad9763c6c34b30fe0a8dc0412d597e2c3d6f /packages/docker
parent: 84df4a428ded309f750f52ac1c104ac84e426fc0 (diff)
2 files changed, 15 insertions, 3 deletions
diff --git a/packages/docker/src/main/docker/do-start.sh b/packages/docker/src/main/docker/do-start.sh
index 0179fad70..c655ce90a 100644
--- a/packages/docker/src/main/docker/do-start.sh
+++ b/packages/docker/src/main/docker/do-start.sh
@@ -64,11 +64,16 @@ else
 
 	. /opt/app/policy/etc/profile.d/env.sh
 
+	# override the policy keystore and truststore if present
+
 	if [[ -f config/policy-keystore ]]; then
-	    # install policy keystore
 	    cp config/policy-keystore $POLICY_HOME/etc/ssl
 	fi
 
+	if [[ -f config/policy-truststore ]]; then
+	    cp -f config/policy-trustore ${POLICY_HOME}/etc/ssl
+	fi
+
 	if [[ -f config/$container-tweaks.sh ]] ; then
 		# file may not be executable; running it as an
 		# argument to bash avoids needing execute perms.
diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh
index 09cba6e96..7176abf20 100644
--- a/packages/docker/src/main/docker/docker-install.sh
+++ b/packages/docker/src/main/docker/docker-install.sh
@@ -169,6 +169,7 @@ function configure_component() {
 	SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' "
 	SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' "
 	SED_LINE+=" -e 's!\${{KEYSTORE_PASSWD}}!${KEYSTORE_PASSWD}!g' "
+	SED_LINE+=" -e 's!\${{TRUSTSTORE_PASSWD}}!${TRUSTSTORE_PASSWD}!g' "
 	SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' "
 	SED_LINE+=" -e 's!\${{COMPONENT_TYPE}}!${COMPONENT_TYPE}!g' "
 	SED_LINE+=" -e 's!\${{POLICY_LOGS}}!${POLICY_LOGS}!g' "
@@ -405,10 +406,16 @@ function configure_keystore() {
 	fi
 
     local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
+    local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
+
+	if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
+	    keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+	    keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
+	fi
 
 	if [[ -n ${KEYSTORE_PASSWD} ]]; then
-	    keytool -storepasswd -storepass ${DEFAULT_KEYSTORE_PASSWORD} -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -new ${KEYSTORE_PASSWD}
-	    keytool -list -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -storepass ${KEYSTORE_PASSWD}
+	    keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -new "${KEYSTORE_PASSWD}"
+	    keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -storepass "${KEYSTORE_PASSWD}"
 	fi
 }
author	Jorge Hernandez <jh1730@att.com>	2018-08-17 16:23:07 -0500
committer	Jorge Hernandez <jh1730@att.com>	2018-08-17 16:31:12 -0500
commit	a7ad88d23b2a59a16c098b156c430a2fe3558023 (patch)
tree	8056ad9763c6c34b30fe0a8dc0412d597e2c3d6f /packages/docker
parent	84df4a428ded309f750f52ac1c104ac84e426fc0 (diff)