From a7ad88d23b2a59a16c098b156c430a2fe3558023 Mon Sep 17 00:00:00 2001
From: Jorge Hernandez <jh1730@att.com>
Date: Fri, 17 Aug 2018 16:23:07 -0500
Subject: https certs with aaf+pe containers compatibility

Change-Id: I21ed7a0fea5ea7d62857a077fa2568da4af99d26
Issue-ID: POLICY-1057
Signed-off-by: Jorge Hernandez <jh1730@att.com>
---
 packages/docker/src/main/docker/do-start.sh       |  7 ++++++-
 packages/docker/src/main/docker/docker-install.sh | 11 +++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

(limited to 'packages/docker/src')

diff --git a/packages/docker/src/main/docker/do-start.sh b/packages/docker/src/main/docker/do-start.sh
index 0179fad70..c655ce90a 100644
--- a/packages/docker/src/main/docker/do-start.sh
+++ b/packages/docker/src/main/docker/do-start.sh
@@ -64,11 +64,16 @@ else
 
 	. /opt/app/policy/etc/profile.d/env.sh
 
+	# override the policy keystore and truststore if present
+
 	if [[ -f config/policy-keystore ]]; then
-	    # install policy keystore
 	    cp config/policy-keystore $POLICY_HOME/etc/ssl
 	fi
 
+	if [[ -f config/policy-truststore ]]; then
+	    cp -f config/policy-trustore ${POLICY_HOME}/etc/ssl
+	fi
+
 	if [[ -f config/$container-tweaks.sh ]] ; then
 		# file may not be executable; running it as an
 		# argument to bash avoids needing execute perms.
diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh
index 09cba6e96..7176abf20 100644
--- a/packages/docker/src/main/docker/docker-install.sh
+++ b/packages/docker/src/main/docker/docker-install.sh
@@ -169,6 +169,7 @@ function configure_component() {
 	SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' "
 	SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' "
 	SED_LINE+=" -e 's!\${{KEYSTORE_PASSWD}}!${KEYSTORE_PASSWD}!g' "
+	SED_LINE+=" -e 's!\${{TRUSTSTORE_PASSWD}}!${TRUSTSTORE_PASSWD}!g' "
 	SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' "
 	SED_LINE+=" -e 's!\${{COMPONENT_TYPE}}!${COMPONENT_TYPE}!g' "
 	SED_LINE+=" -e 's!\${{POLICY_LOGS}}!${POLICY_LOGS}!g' "
@@ -405,10 +406,16 @@ function configure_keystore() {
 	fi
 
     local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
+    local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
+
+	if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
+	    keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+	    keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
+	fi
 
 	if [[ -n ${KEYSTORE_PASSWD} ]]; then
-	    keytool -storepasswd -storepass ${DEFAULT_KEYSTORE_PASSWORD} -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -new ${KEYSTORE_PASSWD}
-	    keytool -list -keystore ${POLICY_HOME}/etc/ssl/policy-keystore -storepass ${KEYSTORE_PASSWD}
+	    keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -new "${KEYSTORE_PASSWD}"
+	    keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -storepass "${KEYSTORE_PASSWD}"
 	fi
 }
 
-- 
cgit 1.2.3-korg