From 95c95b08ae8fa2592852168ec11b9aff3a6a31d5 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Tue, 3 Oct 2023 09:58:40 +0100 Subject: TLS support in sdc-fe Signed-off-by: MichaelMorris Issue-ID: SDC-4642 Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6 --- .../sdc-catalog-fe/recipes/FE_6_locate_keystore.rb | 21 --------------------- .../recipes/FE_6_setup_key_and_trust_store.rb | 21 +++++++++++++++++++++ .../recipes/FE_7_create_jetty_modules.rb | 7 ++++--- 3 files changed, 25 insertions(+), 24 deletions(-) delete mode 100644 catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb create mode 100644 catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb (limited to 'catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes') diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb deleted file mode 100644 index 50cb2639e8..0000000000 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_locate_keystore.rb +++ /dev/null @@ -1,21 +0,0 @@ -directory "Jetty_etcdir_creation" do - path "#{ENV['JETTY_BASE']}/etc" - owner "#{ENV['JETTY_USER']}" - group "#{ENV['JETTY_GROUP']}" - mode '0755' - action :create -end - -cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do - source "org.onap.sdc.p12" - owner "#{ENV['JETTY_USER']}" - group "#{ENV['JETTY_GROUP']}" - mode 0755 -end - -cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do - source "org.onap.sdc.trust.jks" - owner "#{ENV['JETTY_USER']}" - group "#{ENV['JETTY_GROUP']}" - mode 0755 -end diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb new file mode 100644 index 0000000000..2585d1b449 --- /dev/null +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_6_setup_key_and_trust_store.rb @@ -0,0 +1,21 @@ +#Set the http module option +if node['FE'][:tls_cert] + execute "generate-keystore" do + command "openssl pkcs12 -inkey #{node['FE'][:tls_key]} -in #{node['FE'][:tls_cert]} -export -out /tmp/keystore.pkcs12 -passin pass:#{node['FE'][:tls_password]} -passout pass:#{node['FE'][:tls_password]}" + end + + execute "import-keystore" do + command "keytool -importkeystore -srcstoretype PKCS12 -srckeystore /tmp/keystore.pkcs12 -srcstorepass #{node['FE'][:tls_password]} -destkeystore #{ENV['JETTY_BASE']}/#{node['FE'][:keystore_path]} -deststorepass #{node['FE'][:keystore_password]} -noprompt" + end +end + +if node['FE'][:ca_cert] + execute "delete-existing-ca-alias" do + command "keytool -delete -alias sdc-be -storepass #{node['FE'][:truststore_password]} -keystore #{ENV['JETTY_BASE']}/#{node['FE'][:truststore_path]}" + returns [0, 1] + end + + execute "generate-truststore" do + command "keytool -import -alias sdc-be -file #{node['FE'][:ca_cert]} -storetype JKS -keystore #{ENV['JETTY_BASE']}/#{node['FE'][:truststore_path]} -storepass #{node['FE'][:truststore_password]} -noprompt" + end +end diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb index 734c05ae02..3a7433e9df 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb @@ -49,8 +49,9 @@ template "ssl-ini" do mode "0755" variables({ :https_port => "#{node['FE'][:https_port]}" , - :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , - :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , - :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}" + :keystore_path => "#{node['FE'][:keystore_path]}" , + :keystore_password => "#{node['FE'][:keystore_password]}" , + :truststore_path => "#{node['FE'][:truststore_path]}" , + :truststore_password => "#{node['FE'][:truststore_password]}" }) end -- cgit 1.2.3-korg