X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfigure%2FPlaceArtifactInKeystore.java;h=67b3df099c6ba3d18608bc2d0a04d3bee9c415ab;hb=355b886d817295d2bca5af28f01576bf4a3ded18;hp=4525b8da117e9d505f4a1b854c082ce214f4adb9;hpb=49525303bc07064d60b3dde3056b2e9e8a379435;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index 4525b8da..67b3df09 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -50,7 +50,8 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
 
     @Override
     public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
-        File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
+    	final String ext = (kst==Agent.PKCS12?"p12":kst);
+        File fks = new File(dir,arti.getNs()+'.'+ext);
         try {
             KeyStore jks = KeyStore.getInstance(kst);
             if (fks.exists()) {
@@ -65,17 +66,26 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
             X509Certificate x509;
             List<X509Certificate> chainList = new ArrayList<>();
             Set<X509Certificate> caSet = new HashSet<>();
+            X509Certificate curr = null;
             for (Certificate c : certColl) {
                 x509 = (X509Certificate)c;
                 // Is a Root (self-signed, anyway)
                 if (x509.getSubjectDN().equals(x509.getIssuerDN())) {
                     caSet.add(x509);
                 } else {
-                    chainList.add(x509);
+                	// Expect Certs in Trust Chain Order. 
+                	if(curr==null) {
+                        chainList.add(x509);
+                        curr=x509;
+                	} else {
+                    	// Only Add Cert next on the list
+                		if(curr.getIssuerDN().equals(x509.getSubjectDN())) {
+                			chainList.add(x509);
+                			curr=x509;
+                		}
+                	}
                 }
             }
-//            chainList.addAll(caSet);
-            //Collections.reverse(chainList);
 
             // Properties, etc
             // Add CADI Keyfile Entry to Properties
@@ -86,7 +96,11 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
             // Set Keystore Password
             props.add(Config.CADI_KEYSTORE,fks.getAbsolutePath());
             String keystorePass = Symm.randomGen(Agent.PASS_SIZE);
-            props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+            String encP = props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+            // Since there are now more than one Keystore type, the keystore password property might
+            // be overwritten, making the store useless without key. So we write it specifically
+            // as well.
+            props.add(Config.CADI_KEYSTORE_PASSWORD+'_'+ext,encP);
             char[] keystorePassArray = keystorePass.toCharArray();
             jks.load(null,keystorePassArray); // load in