Use cert-initializer truststore instead of hard-coded ONAP Root CA

Issue-ID: CCSDK-3356
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
Change-Id: I68582d2abae2a1e320ce243406fb5d932c34fb75

diff --git a/ms/blueprintsprocessor/application/src/main/docker/startService.sh b/ms/blueprintsprocessor/application/src/main/docker/startService.sh
index bbe550b..ff6471b 100755 (executable)
--- a/ms/blueprintsprocessor/application/src/main/docker/startService.sh
+++ b/ms/blueprintsprocessor/application/src/main/docker/startService.sh
@@ -1,11 +1,16 @@
 #!/bin/sh
 
+TRUSTSTORE_PASSWD=${TRUSTSTORE_PASSWD:-changeit}
+
 nodeName=BlueprintsProcessor_1.0.0_$(cat /proc/self/cgroup | grep docker | sed s/\\//\\n/g | tail -1)
 
-echo "${CLUSTER_ID}:${CLUSTER_NODE_ID} APP Config HOME : ${APP_CONFIG_HOME}"
 export APP_HOME=/opt/app/onap
 
-keytool -import -noprompt -trustcacerts -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias ONAP -file $APP_CONFIG_HOME/ONAP_RootCA.cer
+#echo "${CLUSTER_ID}:${CLUSTER_NODE_ID} APP Config HOME : ${APP_CONFIG_HOME}"
+#[[ - $APP_CONFIG_HOME/${PRIVATE_CA} ]] && keytool -import -noprompt -trustcacerts -keystore $JAVA_HOME/lib/security/cacerts -storepass ${TRUSTSTORE_PASSWD} -alias ${PRIVATE_CA} -file $APP_CONFIG_HOME/${PRIVATE_CA}
+
+#Instead of above, using cert-initializer truststore to replace the default java cacerts
+[[ -f $AAF_CREDSPATH/truststoreONAPall.jks ]] && cp $AAF_CREDSPATH/truststoreONAPall.jks $JAVA_HOME/lib/security/cacerts 
 
 exec java -classpath "/etc:${APP_HOME}/lib/*:/lib/*:/src:/schema:/generated-sources:${APP_CONFIG_HOME}:${APP_HOME}" \
 -DappName=${APP_NAME} -DappVersion=${BUNDLEVERSION} \