policy/engine changes to support PE https

Enabled https connector in server.xml and modified the docker-install.sh to fix the default variable name for policy truststore Change-Id: I6db6a6d2353130c91c1f344ea7927d187150adca Issue-ID: POLICY-781 Signed-off-by: Michael Mokry <mm117s@att.com>
author: Michael Mokry <mm117s@att.com> 2018-08-22 11:07:09 -0500
committer: Michael Mokry <mm117s@att.com> 2018-08-22 11:07:09 -0500
commit: e1f88b91981a22cc63019d1d6b73089566425383 (patch)
tree: cccbd84ca14392fe6eba31ebaa450a0dc2937af1 /packages
parent: c25e4d412eb573de020ba4e5da48f48451217f52 (diff)
4 files changed, 22 insertions, 23 deletions
diff --git a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
index 02c548c80..7bd6ca3d2 100644
--- a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
+++ b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
@@ -105,16 +105,18 @@
 
     <!-- Use http instead of https
     Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
-    passed in to the tomcat JVM:
+    passed in to the tomcat JVM: -->
 
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
                keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
                truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-    -->
+               
+   
+    <!--     Use http instead of https 
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" />
+               maxThreads="150" />-->
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
     <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
diff --git a/packages/base/src/files/install/servers/configs/conf/server.xml b/packages/base/src/files/install/servers/configs/conf/server.xml
index 3bccc6ffb..9c45721b9 100644
--- a/packages/base/src/files/install/servers/configs/conf/server.xml
+++ b/packages/base/src/files/install/servers/configs/conf/server.xml
@@ -87,10 +87,11 @@
          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
     -->
     
-    <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
+    <!--     Use http instead of https -->
+<!--     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
-
+ -->
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
@@ -104,24 +105,25 @@
          OpenSSL style configuration is required as described in the APR/native
          documentation -->
 
-	<!--
+	<!--Use https instead of http
 	Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
-	passed in to the tomcat JVM:
+	passed in to the tomcat JVM: -->
 
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS"
+               clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
                keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
                truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-	-->
-
 
+	<!--     Use http instead of https 
+    <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" /> -->
+               
     <!-- Define an AJP 1.3 Connector on port 8009 -->
 	<!--      
     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
     -->
 
-
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them
diff --git a/packages/base/src/files/install/servers/console/conf/server.xml b/packages/base/src/files/install/servers/console/conf/server.xml
index 5e6226742..dbeb6396d 100644
--- a/packages/base/src/files/install/servers/console/conf/server.xml
+++ b/packages/base/src/files/install/servers/console/conf/server.xml
@@ -107,25 +107,21 @@
 	-->
 
     <!-- ONAP portal currently using http instead of https
-
     Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
-    passed in to the tomcat JVM:
-
+    passed in to the tomcat JVM: -->
+    
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
                keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
-               truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-    -->
-    <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" />
-
-
+               truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}" />
+               
+<!--<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" /> -->
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
     <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
 
-
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them
diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh
index 7176abf20..3700e5731 100644
--- a/packages/docker/src/main/docker/docker-install.sh
+++ b/packages/docker/src/main/docker/docker-install.sh
@@ -405,11 +405,10 @@ function configure_keystore() {
 		set -x
 	fi
 
-    local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
     local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
 
 	if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
-	    keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+	    keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
 	    keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
 	fi
author	Michael Mokry <mm117s@att.com>	2018-08-22 11:07:09 -0500
committer	Michael Mokry <mm117s@att.com>	2018-08-22 11:07:09 -0500
commit	e1f88b91981a22cc63019d1d6b73089566425383 (patch)
tree	cccbd84ca14392fe6eba31ebaa450a0dc2937af1 /packages
parent	c25e4d412eb573de020ba4e5da48f48451217f52 (diff)