diff options
author | 2023-10-03 09:58:40 +0100 | |
---|---|---|
committer | 2023-10-26 15:43:18 +0000 | |
commit | 95c95b08ae8fa2592852168ec11b9aff3a6a31d5 (patch) | |
tree | c1236ae2fa93b900ce39e685122ceab677127582 /catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb | |
parent | 0ce40cecbce00104be54871ce87ca99cef2aa480 (diff) |
TLS support in sdc-fe
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-4642
Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6
Diffstat (limited to 'catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb')
-rw-r--r-- | catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb new file mode 100644 index 0000000000..2585d1b449 --- /dev/null +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb @@ -0,0 +1,21 @@ +#Set the http module option +if node['FE'][:tls_cert] + execute "generate-keystore" do + command "openssl pkcs12 -inkey #{node['FE'][:tls_key]} -in #{node['FE'][:tls_cert]} -export -out /tmp/keystore.pkcs12 -passin pass:#{node['FE'][:tls_password]} -passout pass:#{node['FE'][:tls_password]}" + end + + execute "import-keystore" do + command "keytool -importkeystore -srcstoretype PKCS12 -srckeystore /tmp/keystore.pkcs12 -srcstorepass #{node['FE'][:tls_password]} -destkeystore #{ENV['JETTY_BASE']}/#{node['FE'][:keystore_path]} -deststorepass #{node['FE'][:keystore_password]} -noprompt" + end +end + +if node['FE'][:ca_cert] + execute "delete-existing-ca-alias" do + command "keytool -delete -alias sdc-be -storepass #{node['FE'][:truststore_password]} -keystore #{ENV['JETTY_BASE']}/#{node['FE'][:truststore_path]}" + returns [0, 1] + end + + execute "generate-truststore" do + command "keytool -import -alias sdc-be -file #{node['FE'][:ca_cert]} -storetype JKS -keystore #{ENV['JETTY_BASE']}/#{node['FE'][:truststore_path]} -storepass #{node['FE'][:truststore_password]} -noprompt" + end +end |