Remove legacy certificate handling

Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-4621 Change-Id: I834f2a0a4f73693dbb656dfa9186506bf88c62c1
author: MichaelMorris <michael.morris@est.tech> 2023-09-13 12:12:46 +0100
committer: Vasyl Razinkov <vasyl.razinkov@est.tech> 2023-09-27 20:50:45 +0000
commit: 5f3e9912406897ee18c424b940881ce08d59bb44 (patch)
tree: 044f7d60aa41ddbd8f0fdeb54f2e16ff21bd58bf /catalog-be/src/main/docker
parent: d4fd2ca0fba827042fc5313efeaf9cdf850be647 (diff)
12 files changed, 1 insertions, 228 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index a3e519826c..3f7a041a4c 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -12,14 +12,6 @@ default['disableHttp'] = true
 #|                                  |
 #+----------------------------------+
 
-default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd"
-default['jetty']['keystore_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
-default['jetty']['keymanager_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
-default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore"
-# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
-# MUST BE ALSO CHANGE IN THE startup.sh FILE
-default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0"
-
 #BasicAuth
 default['basic_auth']['enabled'] = false
 default['basic_auth'][:user_name] = "testName"
@@ -33,7 +25,6 @@ default['cassandra']['cluster_name'] = "SDC-CS-"
 default['cassandra']['socket_read_timeout'] = 20000
 default['cassandra']['socket_connect_timeout'] = 20000
 default['cassandra']['janusgraph_connection_timeout'] = 10000
-default['cassandra'][:truststore_password] = "Aa123456"
 default['cassandra']['janusgraph_config_file'] = "#{ENV['JETTY_BASE']}/config/catalog-be/janusgraph.properties"
 default['cassandra'][:db_cache] = true
 default['cassandra'][:read_consistency_level] = "ONE"
@@ -82,36 +73,3 @@ default['DMAAP']['consumer']['topic'] = "com.onap.ccd.CCD-CatalogManagement-v1"
 default['DMAAP']['consumer']['username'] = "user"
 default['DMAAP']['partitioncount'] = "3"
 default['DMAAP']['replicationcount'] = "3"
-
-
-#+----------------------------------+
-#|                                  |
-#|  Access Restriction  / CADI      |
-#|                                  |
-#+----------------------------------+
-
-# Cadi
-default['access_restriction']['cadi_root_dir'] = "#{ENV['JETTY_BASE']}/etc"
-default['access_restriction']['cadi_keyfile'] = "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12"
-default['access_restriction']['cadi_loglevel'] = "DEBUG"
-default['access_restriction']['cadi_truststore'] = "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks"
-default['access_restriction']['cadi_truststore_password'] = "changeit"
-default['access_restriction']['cadiX509Issuers'] = "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US"
-default['access_restriction']['encrypted_password'] = "enc:AccessRestrictionEncryptedPassword"
-default['access_restriction_key'] = nil
-
-# Access Restriction Key
-default['aafNamespace']  = "com.onap.sdc"
-default['access_restriction']['aaf_env'] = "TEST"
-default['access_restriction']['aaf_id'] = "user"
-default['access_restriction']['aaf_locate_url'] = ""
-default['access_restriction']['aaf_password'] = "enc:AafEncriptedPassword"
-default['access_restriction']['aaf_url'] = ""
-default['access_restriction']['aafAuthNeeded'] = false
-default['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] = true
-default['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] = true
-default['access_restriction']['AFT_ENVIRONMENT'] = "AFTUAT"
-default['access_restriction']['csp_domain'] = "PROD"
-default['access_restriction']['excluded_urls'] = "'/.*'"
-default['access_restriction']['excluded_urls_onboarding'] = "'/.*'"
-
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties
deleted file mode 100644
index 1011ba344d..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-#############################################################
-# This file should be replaced with jetty cadi.properties:  #
-#  /var/lib/jetty/base/be/etc/cadi.properties               #
-#############################################################
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks
deleted file mode 100644
index 0835ef4542..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks
+++ /dev/null
@@ -1,4 +0,0 @@
-##################################################################
-## This file should be replaced with jetty cadi_truststore.jks:  #
-##  /var/lib/jetty/base/be/etc/cadi_truststore.jks               #
-##################################################################
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile
deleted file mode 100644
index 43d20d4c05..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile
+++ /dev/null
@@ -1,4 +0,0 @@
-#############################################################
-# This file should be replaced with jetty keyfile:          #
-#  /var/lib/jetty/base/be/etc/keyfile                       #
-#############################################################
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
deleted file mode 100644
index 446856071b..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+++ /dev/null
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
deleted file mode 100644
index e6686cc08c..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+++ /dev/null
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb
deleted file mode 100644
index e7d11c9f2d..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-jetty_base = "#{ENV['JETTY_BASE']}"
-
-
-directory "Jetty_etc_dir_creation" do
-	path "#{jetty_base}/etc"
-	owner "#{ENV['JETTY_USER']}"
-	owner "#{ENV['JETTY_GROUP']}"
-	mode '0755'
-	action :create
-  not_if { ::File.directory?("#{jetty_base}/etc") }
-end
-
-
-cookbook_file "#{jetty_base}/etc/keyfile" do
-   source "keyfile"
-   owner "#{ENV['JETTY_USER']}"
-   owner "#{ENV['JETTY_GROUP']}"
-   mode 0755
-end
-
-
-cookbook_file "#{jetty_base}/etc/cadi_truststore.jks" do
-   source "cadi_truststore.jks"
-   owner "#{ENV['JETTY_USER']}"
-   owner "#{ENV['JETTY_GROUP']}"
-   mode 0755
-end
-
-
-template "#{jetty_base}/etc/cadi.properties" do
-  path "#{jetty_base}/etc/cadi.properties"
-  source "cadi.properties.erb"
-  owner "#{ENV['JETTY_USER']}"
-  owner "#{ENV['JETTY_GROUP']}"
-  mode "0755"
-end
-
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb
deleted file mode 100644
index 176edcf71c..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb
+++ /dev/null
@@ -1,23 +0,0 @@
-
-directory "Jetty_etcdir_creation" do
-	path "#{ENV['JETTY_BASE']}/etc"
-	owner "#{ENV['JETTY_USER']}"
-	owner "#{ENV['JETTY_GROUP']}"
-	mode '0755'
-	action :create
-end
-	
-cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do
-   source "org.onap.sdc.p12"
-   owner "#{ENV['JETTY_USER']}"
-   owner "#{ENV['JETTY_GROUP']}"
-   mode 0755
-end
-
-cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do
-   source "org.onap.sdc.trust.jks"
-   owner "#{ENV['JETTY_USER']}"
-   owner "#{ENV['JETTY_GROUP']}"
-   mode 0755
-end
-
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
index 5655d0fd6f..f029fb07fe 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
@@ -41,18 +41,3 @@ template "https-ini" do
   mode "0755"
   variables :https_port => "#{node['BE'][:https_port]}"
 end
-
-
-template "ssl-ini" do
-  path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
-  source "ssl-ini.erb"
-  owner "#{ENV['JETTY_USER']}"
-  group "#{ENV['JETTY_GROUP']}"
-  mode "0755"
-  variables ({
-    :https_port => "#{node['BE'][:https_port]}" ,
-    :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
-    :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,
-    :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}"
-  })
-end
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index 9a2437c2c1..d6d034fcb6 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -81,20 +81,6 @@ users:
     tom: passwd
     bob: passwd
 
-# access restriction
-authCookie:
-  securityKey: "sdcaccessrestrictionsecureykey"
-  maxSessionTimeOut: 86400000
-  sessionIdleTimeOut: 3600000
-  cookieName: "AuthenticationCookie"
-  path: /
-  domain: ""
-  isHttpOnly: true
-  # redirect variable name from portal.properties file
-  redirectURL: ""
-  excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>]
-  onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>]
-
 basicAuth:
   enabled: <%= @basic_auth_flag %>
   userName: <%= @user_name %>
@@ -112,8 +98,6 @@ cassandraConfig:
     username: <%= @cassandra_usr %>
     password: <%= @cassandra_pwd %>
     ssl: <%= @cassandra_ssl_enabled %>
-    truststorePath : <%= node['jetty']['truststore_path'] %>
-    truststorePassword : <%= @cassandra_truststore_password %>
     keySpaces:
         - { name: dox,           replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
         - { name: sdcaudit,      replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
@@ -1004,8 +988,6 @@ toscaValidators:
 
 disableAudit: false
 
-consumerBusinessLogic: true
-
 vfModuleProperties:
     min_vf_module_instances:
         forBaseModule: 1
@@ -1145,8 +1127,6 @@ dmaapConsumerConfiguration:
         username: user
         password:
     aftDme2SslEnable: true
-    aftDme2ClientKeystore: <%= node['jetty']['truststore_path'] %>
-    aftDme2ClientKeystorePassword: ""
     aftDme2ClientSslCertAlias: certman
 
 dmaapProducerConfiguration:
@@ -1178,8 +1158,6 @@ dmaapProducerConfiguration:
         username: <%= node['DMAAP']['producer']['username'] %>
         password: <%= node['DMAAP']['producer']['password'] %>
     aftDme2SslEnable: true
-    aftDme2ClientKeystore: <%= node['jetty']['truststore_path'] %>
-    aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %>
     aftDme2ClientSslCertAlias: certman
 
 
@@ -1245,26 +1223,6 @@ supportAllottedResourcesAndProxy: true
 deleteLockTimeoutInSeconds: 60
 maxDeleteComponents: 10
 
-# Cadi filter (access restriction) Parameters
-aafNamespace:  <%= node['aafNamespace'] %>
-aafAuthNeeded:  <%= node['access_restriction']['aafAuthNeeded'] %>
-
-cadiFilterParams:
-    AFT_LATITUDE:  "32.780140"
-    AFT_LONGITUDE: "-96.800451"
-    hostname: <%= node['BE_VIP'] %>
-    aaf_id: <%= node['access_restriction']['aaf_id'] %>
-    aaf_env: <%= node['access_restriction']['aaf_env'] %>
-    aaf_url: <%= node['access_restriction']['aaf_url'] %>
-    csp_domain: <%= node['access_restriction']['csp_domain'] %>
-    cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %>
-    aaf_password: <%= node['access_restriction']['aaf_password'] %>
-    cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %>
-    AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %>
-    cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %>
-    cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %>
-    cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %>
-
 # This configuration entry lists all node type names prefix that shall be allowed on SDC.
 definedResourceNamespace:
   - org.openecomp.resource.
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb
deleted file mode 100644
index 66654310e0..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb
+++ /dev/null
@@ -1,54 +0,0 @@
-# Configure AAF
-aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %>
-
-aaf_url=<%= node['access_restriction']['aaf_url'] %>
-
-#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id=<%= node['access_restriction']['aaf_id'] %>
-#Encrypt the password using AAF Jar
-aaf_password=<%= node['access_restriction']['aaf_password'] %>
-# Sample CADI Properties, from CADI 1.4.2
-hostname=<%= node['BE_VIP'] %>
-csp_domain=<%= node['access_restriction']['csp_domain'] %>
-
-# Add Absolute path to Keyfile
-cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %>
-
-
-# This is required to accept Certificate Authentication from Certman certificates.
-# can be TEST, IST or PROD
-aaf_env=<%= node['access_restriction']['aaf_env'] %>
-
-# DEBUG prints off all the properties.  Use to get started.
-cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %>
-
-
-# Become CSO Poodle Compliant by only allowing sanctioned TLS versions
-# The following is the default
-# cadi_protocols=TLSv1.1,TLSv1.2
-
-# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2
-# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore
-# Add Absolute path to truststore2020.jks
-cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %>
-# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %>
-
-# how to turn on SSL Logging
-#javax.net.debug=ssl
-
-##
-# Hint
-# Use "maps.bing.com" to get Lat and Long for an Address
-AFT_LATITUDE=32.780140
-AFT_LONGITUDE=-96.800451
-AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %>
-AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %>
-DME2.DEBUG=true
-AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %>
-
-cadi_latitude=32.780140
-cadi_longitude=-96.800451
-
-aaf_root_ns=<%= node['aafNamespace'] %>
-aaf_api_version=2.0
diff --git a/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json b/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json
index 01ce87f239..80728ee013 100644
--- a/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json
+++ b/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json
@@ -12,13 +12,11 @@
   "run_list": [
     "recipe[sdc-catalog-be::BE_1_cleanup_jettydir]",
     "recipe[sdc-catalog-be::BE_2_setup_configuration]",
-    "recipe[sdc-catalog-be::BE_3_locate_keystore]",
     "recipe[sdc-catalog-be::BE_4_jetty_Modules]",
     "recipe[sdc-catalog-be::BE_6_setup_portal_and_key_properties]",
     "recipe[sdc-catalog-be::BE_7_logback]",
     "recipe[sdc-catalog-be::BE_8_errors_config]",
-    "recipe[sdc-catalog-be::BE_9_prepareProbeFile]",
-    "recipe[sdc-catalog-be::BE_10_setup_cadi]"
+    "recipe[sdc-catalog-be::BE_9_prepareProbeFile]"
   ],
   "env_run_lists": {
   }
author	MichaelMorris <michael.morris@est.tech>	2023-09-13 12:12:46 +0100
committer	Vasyl Razinkov <vasyl.razinkov@est.tech>	2023-09-27 20:50:45 +0000
commit	5f3e9912406897ee18c424b940881ce08d59bb44 (patch)
tree	044f7d60aa41ddbd8f0fdeb54f2e16ff21bd58bf /catalog-be/src/main/docker
parent	d4fd2ca0fba827042fc5313efeaf9cdf850be647 (diff)