From 75d642902350562a790cf034ea92568ba5d52168 Mon Sep 17 00:00:00 2001 From: ilanap Date: Mon, 18 Nov 2019 13:38:23 +0200 Subject: Changes for backend to support SSL Changes to support starting in https mode and changes to support making a secured call to the SDC backend (cherry picked from commit 820f4ec65a28ed822d4205b05ac6fbbd910a46cc) Issue-ID: SDC-2405 Change-Id: I0588484fdcb0903934814906672f4fc9a76eca2c Signed-off-by: ilanap --- workflow-designer-ui/docker/Dockerfile | 6 +++-- workflow-designer-ui/docker/org.onap.sdc.p12 | Bin 0 -> 4459 bytes workflow-designer-ui/docker/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes workflow-designer-ui/docker/startup.sh | 30 +++++++++++---------- 4 files changed, 20 insertions(+), 16 deletions(-) create mode 100644 workflow-designer-ui/docker/org.onap.sdc.p12 create mode 100644 workflow-designer-ui/docker/org.onap.sdc.trust.jks (limited to 'workflow-designer-ui/docker') diff --git a/workflow-designer-ui/docker/Dockerfile b/workflow-designer-ui/docker/Dockerfile index 83e8d5ac..52562374 100644 --- a/workflow-designer-ui/docker/Dockerfile +++ b/workflow-designer-ui/docker/Dockerfile @@ -7,10 +7,12 @@ USER root ARG ARTIFACT +COPY org.onap.sdc.p12 org.onap.sdc.trust.jks ${JETTY_BASE}/etc/ + ADD ${ARTIFACT} ${JETTY_BASE}/webapps/ -RUN chown -R jetty:jetty ${JETTY_BASE}/webapps +RUN chown -R jetty:jetty ${JETTY_BASE}/webapps ${JETTY_BASE}/etc/ COPY startup.sh . RUN chmod 744 startup.sh -ENTRYPOINT [ "./startup.sh" ] \ No newline at end of file +ENTRYPOINT [ "./startup.sh" ] diff --git a/workflow-designer-ui/docker/org.onap.sdc.p12 b/workflow-designer-ui/docker/org.onap.sdc.p12 new file mode 100644 index 00000000..d03ca1c9 Binary files /dev/null and b/workflow-designer-ui/docker/org.onap.sdc.p12 differ diff --git a/workflow-designer-ui/docker/org.onap.sdc.trust.jks b/workflow-designer-ui/docker/org.onap.sdc.trust.jks new file mode 100644 index 00000000..d07ce1a6 Binary files /dev/null and b/workflow-designer-ui/docker/org.onap.sdc.trust.jks differ diff --git a/workflow-designer-ui/docker/startup.sh b/workflow-designer-ui/docker/startup.sh index 359e6aca..b2f2d516 100644 --- a/workflow-designer-ui/docker/startup.sh +++ b/workflow-designer-ui/docker/startup.sh @@ -2,24 +2,26 @@ # adding support for https HTTPS_ENABLED=${IS_HTTPS:-"false"} - +CLIENT_AUTH=${IS_CLIENT_AUTH:-"false"} if [ "$HTTPS_ENABLED" = "true" ] then echo "enable ssl" - if [ -z "$KEYSTORE_PATH" ]; then - java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl \ - jetty.sslContext.keyStorePath=$KEYSTORE_PATH \ - jetty.sslContext.keyStorePassword=$KEYSTORE_PASSWORD \ - jetty.sslContext.keyStoreType=$KEYSTORE_TYPE \ - jetty.sslContext.trustStorePath=$TRUSTSTORE_PATH \ - jetty.sslContext.trustStorePassword=$TRUSTSTORE_PASSWORD \ - jetty.sslContext.trustStoreType=$TRUSTSTORE_TYPE \ - else - echo "Using jetty default SSL" - java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl - fi + + java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl \ + jetty.sslContext.keyStorePath=$KEYSTORE_PATH \ + jetty.sslContext.keyStorePassword=$KEYSTORE_PASS \ + jetty.sslContext.keyManagerPassword=$KEYSTORE_PASS \ + jetty.sslContext.trustStorePath=$TRUSTSTORE_PATH \ + jetty.sslContext.trustStorePassword=$TRUSTSTORE_PASS + + echo "setting SSL environment variable" + + SSL_JAVA_OPTS=" -DkeystorePath=$JETTY_BASE/$KEYSTORE_PATH -DkeystorePassword=$KEYSTORE_PASS -DkeyManagerPassword=$KEYSTORE_PASS -DtruststorePath=$JETTY_BASE/$KEYSTORE_PATH -DtruststorePassword=$TRUSTSTORE_PASS -DsslTrustAll=$TRUST_ALL" + + echo $SSL_JAVA_OPTS + else echo "no ssl required" fi +java $JAVA_OPTIONS -DproxyTo=$BACKEND $SSL_JAVA_OPTS -jar $JETTY_HOME/start.jar -java -DproxyTo=$BACKEND $JAVA_OPTIONS -jar $JETTY_HOME/start.jar \ No newline at end of file -- cgit 1.2.3-korg