From 74357ca60a055f546a5f41b1a93691cb858e7871 Mon Sep 17 00:00:00 2001 From: MatthieuGeerebaert Date: Tue, 24 Apr 2018 16:30:59 +0200 Subject: [PATCH] NBI needs to support HTTPS requests to AAI - add amsterdam aai and beijing Root CA certificates - will be used and injected to docker instance Change-Id: I1028fb304f213425b7a4d21aaf81668c15b9d236 Issue-ID: EXTAPI-57 Signed-off-by: MatthieuGeerebaert Signed-off-by: Quoc Nghia Nguyen --- Dockerfile | 12 +++++++++ src/main/resources/certificate/AAF_RootCA.cer | 31 ++++++++++++++++++++++ .../certificate/aai.api.simpledemo.openecomp.org | 23 ++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 src/main/resources/certificate/AAF_RootCA.cer create mode 100644 src/main/resources/certificate/aai.api.simpledemo.openecomp.org diff --git a/Dockerfile b/Dockerfile index 09b2019..af70549 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,18 @@ ARG SERVER_PORT ARG PKG_FILENAME=nbi-rest-services-1.0.0-SNAPSHOT.jar ADD target/$PKG_FILENAME app.jar +COPY src/main/resources/certificate /certs +ARG CERT_PASS=changeit +RUN for cert in $(ls -d /certs/*); do \ + echo "adding $cert to java keystore..."; \ + keytool -import \ + -file "$cert" \ + -storepass "${CERT_PASS}" \ + -keystore $JAVA_HOME/lib/security/cacerts \ + -alias "$(basename $cert)" \ + --noprompt; \ + done + ENV SERVER_PORT=${SERVER_PORT:-8080} ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -jar" diff --git a/src/main/resources/certificate/AAF_RootCA.cer b/src/main/resources/certificate/AAF_RootCA.cer new file mode 100644 index 0000000..e9a50d7 --- /dev/null +++ b/src/main/resources/certificate/AAF_RootCA.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/src/main/resources/certificate/aai.api.simpledemo.openecomp.org b/src/main/resources/certificate/aai.api.simpledemo.openecomp.org new file mode 100644 index 0000000..85ae8a7 --- /dev/null +++ b/src/main/resources/certificate/aai.api.simpledemo.openecomp.org @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDyzCCArMCCQDrA8zzZKXznDANBgkqhkiG9w0BAQsFADCBrTELMAkGA1UEBhMC +VVMxCzAJBgNVBAgMAk5KMRMwEQYDVQQHDApCZWRtaW5zdGVyMRIwEAYDVQQKDAlP +cGVuRUNPTVAxEzARBgNVBAsMCnNpbXBsZWRlbW8xKjAoBgNVBAMMIU9wZW5FQ09N +UCBzaW1wbGVkZW1vIFNlcnZlciBDQSBYMTEnMCUGCSqGSIb3DQEJARYYc2ltcGxl +ZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE3MTEwMzIzNDUzNVoXDTE4MTIwNjIzNDUz +NVowgaAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjEUMBIGA1UEBwwLQmVkbWlu +aXN0ZXIxDTALBgNVBAoMBE9OQVAxKTAnBgNVBAMMIGFhaS5hcGkuc2ltcGxlZGVt +by5vcGVuZWNvbXAub3JnMTQwMgYJKoZIhvcNAQkBFiVhYWktaG9zdEBhcGkuc2lt +cGxlZGVtby5vcGVuZWNvbXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA6gFktbGZVt4o78kU6oeCdqx04yPNTd1qRmJ06CD87fgrIDCTXVC+PE7R +hHd1V71aNnoElBzn+mwetn4qG4T9IqAJvFIXxrzLpS7WlKBxStFhe4GNXl+RDqWc +UM+47+s32TwZ3czQrhMVR9VNENUHo2d6XylGaUDcVgrMYWbFYWfmIJ4tO1latW9n +h+perB0nNBxNDK9nYtjLHQk6ukTmONSnldvCgu/TFX5C34qB49cI0LmCf5Lwk9tv +8dmTZ6Um8A0EbQen+uPaaHeEXm/EtFy0FSVzoKmxuQS0g4JNhfnfNCHVDO7zGE+N +pCb9VfUI2fXIZvjNBAemKN/b2i5d6QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBh +93eaeAw0aA4ukAPpuWIODxxAnZlFfDH4uzwnv6smDJzO1biRwQ5BBZfL8qSVozrp +aDKeIPWP7fZvjl3mGfCp8mLkI6WkfXVcZy5IlJGDTnW+G8Cpohq910W/Ibp1J9zx +Ki4IdgKx7FbSYLpgwH2g2EPshHXQX2qFdxYvnEH0PzJjYBKeyyHV3N2kNr6+kM3Q +HpXXIiLNbNcqLT+9zOmuJszN8ILLV56vu8Clzwxld+ru0tiO2OJk2eT+mtw2PI1/ +jcYqEEdOIZycrQiytxXgvte7A9VFQP/1Tl22BBYrAW2BhyW67kopATeiSunK1FmO +DLcT7mR+59F964RV9BJR +-----END CERTIFICATE----- -- 2.16.6