From a2feaf9b65cbba66181fb560b5815a62427d65cc Mon Sep 17 00:00:00 2001 From: vasraz Date: Fri, 5 May 2023 11:57:56 +0100 Subject: Support SIP TLS Signed-off-by: Vasyl Razinkov Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3 Issue-ID: SDC-4483 --- catalog-fe/sdc-frontend/Dockerfile | 2 +- .../chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb | 4 +++- .../cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb | 2 ++ .../cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb | 8 ++++---- 4 files changed, 10 insertions(+), 6 deletions(-) (limited to 'catalog-fe/sdc-frontend') diff --git a/catalog-fe/sdc-frontend/Dockerfile b/catalog-fe/sdc-frontend/Dockerfile index 7de4b1f3fd..341dda2410 100644 --- a/catalog-fe/sdc-frontend/Dockerfile +++ b/catalog-fe/sdc-frontend/Dockerfile @@ -1,4 +1,4 @@ -FROM onap/integration-java11:9.0.0 +FROM onap/integration-java11:10.0.0 USER root ARG JETTY_FOLDER=/app/jetty diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb index 9fbb363bf9..85f8fcf6a3 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/attributes/default.rb @@ -4,8 +4,10 @@ default['BE'][:https_port] = 8443 default['FE'][:http_port] = 8181 default['FE'][:https_port] = 9443 default['disableHttp'] = true +default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12" default['jetty'][:keystore_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31" default['jetty'][:keymanager_pwd] = "?(kP!Yur![*!Y5!E^f(ZKc31" +default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks" # TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION # MUST BE ALSO CHANGE IN THE startup.sh FILE default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0" @@ -17,4 +19,4 @@ default['ONBOARDING_BE'][:https_port] = 8445 #BasicAuth default['basic_auth']['enabled'] = true default['basic_auth'][:user_name] = "testName" -default['basic_auth'][:user_pass] = "testPass" \ No newline at end of file +default['basic_auth'][:user_pass] = "testPass" diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb index 734c05ae02..e465d9f087 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb @@ -49,8 +49,10 @@ template "ssl-ini" do mode "0755" variables({ :https_port => "#{node['FE'][:https_port]}" , + :jetty_keystore_path => "#{node['jetty'][:keystore_path]}" , :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , + :jetty_truststore_path => "#{node['jetty'][:truststore_path]}", :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}" }) end diff --git a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb index 278fdea2ae..c489825c7b 100644 --- a/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb +++ b/catalog-fe/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb @@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %> ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html ## Keystore file path (relative to $jetty.base) -jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12 +jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %> ## Truststore file path (relative to $jetty.base) -jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks +jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %> ## Keystore password # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %> ## Keystore type and provider -# jetty.sslContext.keyStoreType=JKS +jetty.sslContext.keyStoreType=JKS # jetty.sslContext.keyStoreProvider= ## KeyManager password @@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %> jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %> ## Truststore type and provider -# jetty.sslContext.trustStoreType=JKS +jetty.sslContext.trustStoreType=JKS # jetty.sslContext.trustStoreProvider= ## whether client certificate authentication is required -- cgit 1.2.3-korg