summaryrefslogtreecommitdiffstats
path: root/catalog-be/src/main/docker/backend
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2023-09-19 09:48:04 +0100
committerMichael Morris <michael.morris@est.tech>2023-10-26 15:42:54 +0000
commit0ce40cecbce00104be54871ce87ca99cef2aa480 (patch)
tree2cd2f72a94769c2865e53205bef6972bfd5ec693 /catalog-be/src/main/docker/backend
parent5d7ca5c1e86d7633a1954ae89334df18d264f82b (diff)
sdc-BE TLS support
Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-4639 Change-Id: Id97c5331b52650f5da25caff4e9ad0166f39202a
Diffstat (limited to 'catalog-be/src/main/docker/backend')
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb16
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb27
2 files changed, 34 insertions, 9 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
index f029fb07fe..172888c773 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
@@ -41,3 +41,19 @@ template "https-ini" do
mode "0755"
variables :https_port => "#{node['BE'][:https_port]}"
end
+
+template "ssl-ini" do
+ path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
+ source "ssl-ini.erb"
+ owner "#{ENV['JETTY_USER']}"
+ group "#{ENV['JETTY_GROUP']}"
+ mode "0755"
+ variables ({
+ :https_port => "#{node['BE'][:https_port]}" ,
+ :keystore_path => "#{node['BE'][:keystore_path]}" ,
+ :keystore_password => "#{node['BE'][:keystore_password]}" ,
+ :truststore_path => "#{node['BE'][:truststore_path]}" ,
+ :truststore_password => "#{node['BE'][:truststore_password]}"
+ })
+end
+
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
index 278fdea2ae..d3c8bc187c 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
@@ -42,33 +42,42 @@ jetty.ssl.port=<%= @https_port %>
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## Keystore file path (relative to $jetty.base)
-jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
+<% unless @keystore_path.nil? || @keystore_path.strip.empty? -%>
+jetty.sslContext.keyStorePath=<%= @keystore_path %>
+<% end -%>
## Truststore file path (relative to $jetty.base)
-jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
+<% unless @truststore_path.nil? || @truststore_path.strip.empty? -%>
+jetty.sslContext.trustStorePath=<%= @truststore_path %>
+<% end -%>
## Keystore password
-# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %>
+<% unless @keystore_password.nil? || @keystore_password.strip.empty? -%>
+jetty.sslContext.keyStorePassword=<%= @keystore_password %>
+<% end -%>
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
-# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
-jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
+<% unless @keystore_password.nil? || @keystore_password.strip.empty? -%>
+jetty.sslContext.keyManagerPassword=<%= @keystore_password %>
+<% end -%>
## Truststore password
-# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
+# tp<%= @truststore_password %>end
+# kp<%= @keystore_password %>end
+<% unless @truststore_password.nil? || @truststore_password.strip.empty? -%>
+jetty.sslContext.trustStorePassword=<%= @truststore_password %>
+<% end -%>
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required
-# jetty.sslContext.needClientAuth=false
+jetty.sslContext.needClientAuth=<%= !@truststore_password.nil? && !@truststore_password.strip.empty? %>
## Whether client certificate authentication is desired
# jetty.sslContext.wantClientAuth=false