From 7890e823b1ffc4e494fb581610aad9a82bac6b66 Mon Sep 17 00:00:00 2001
From: "k.kedron" <k.kedron@partner.samsung.com>
Date: Wed, 21 Aug 2019 13:31:02 +0200
Subject: [PATCH] Fully HTTPS support in the webseal-simulator

Updated the HTTPS configuration:
-Added truststore certificate.
-Updated configuration to use JETTY_BASE env value
instead hardcoded variable
-Updated jvm configuration to support call to
the SDC components using HTTPS.
-Added support for the disableHttp flag.

Issue-ID: SDC-2517
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: Ib7f4c7a6762c56c8031ba6734f02d388aaefd722
---
 .../files/default/org.onap.sdc.trust.jks           | Bin 0 -> 1413 bytes
 .../recipes/SDC_Simulator_1_cleanup_jettydir.rb    |   8 ++-
 .../recipes/SDC_Simulator_2_setup_configuration.rb |   4 +-
 .../recipes/SDC_Simulator_3_logback.rb             |   4 +-
 .../recipes/SDC_Simulator_4_locate_keystore.rb     |  13 +++--
 .../SDC_Simulator_5_create_jetty_modules.rb        |  58 +++++++++++++++------
 .../templates/default/SDC-Simulator-http-ini.erb   |  29 +++++++++++
 .../templates/default/SDC-Simulator-ssl-ini.erb    |   6 +--
 utils/webseal-simulator/sdc-simulator/startup.sh   |   2 +
 9 files changed, 89 insertions(+), 35 deletions(-)
 create mode 100644 utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks
 create mode 100644 utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks
new file mode 100644
index 0000000000000000000000000000000000000000..342c4f2ad7fc89d21386d15e4bd84730449e072f
GIT binary patch
literal 1413
zcmb7DSyYk<7-h9_0Wu27B{j_<M(anSuyjyLb3{`!#MDwOmC`h8%>AfL;GSD<C9aL8
zQc8;ZN|rleo^0}n=rK>0xwn`Vj?S5f9_D2pzH`sL-#y>?9`2RT%jZEL5M*<}|De(Z
zriXvv1*X3TuqpY?c*L23;4TM9fC&f$rvhyFuK*irPy~g5ArM7S!Nd8^a<PyHAQTkw
zTx;%U1Q@Ig2LXlzB%q=IrNfj};Py@y7FGlVpuEMERABa}EF1{RfZ`TaKtt$Gz#cUO
zfeai1NQ6TKk}=s;4M8LWL?Yo|`aiF+A$xy(2Mh;6*$@;6U_+E3YzP?CX;NmbT3gG+
z2JCs9!D`mby=;wj(sk81C;Yk=Sy9Jpu%=Vx;cMpP7l|$Itb%zA)V$g*7i>A9w18g7
zSyb+e$6Z=8<SlgB^4go4SV5}e&bC9b`mU4Fq@T5)QlBcYOM`nRzs>B|tT%!wZcm4Z
zJcfNPQqSWC8*<v>p3Hiu%J9^D?<_+XN%EgZ56|)ST2Z#{O}tpO^i=z5K5p(Xznwd-
zh&slK4=(Xs&wQ5(YxUJh9xKhtk02fQSn3&2(X7OsZ|}nNbT}s7irR3-NvG2TR~jE#
z-aHlWT;3)OPmb%#*g$y;Cto>?3X*inADg!h+N|%3yt>HF471Q<-ZIM;?WnY;AJ#Ck
zT^9^?-rl!F{bN;y>(a$-2-BYQtS7~MFHv<ATi!q7UprPl%6M%L^|2ixk!RaiUN4og
z^FFIPi2M~KQb^9u#PN^AeZze@Btg_9n(-N#FCkV%Dc?mh^qGk6Dtu*4;Hx^DA+kHH
z4bz`Y3C1v0DiOa6vdpoUqRqw@4Hzy#1=6CFwt6d9H9(wMvU)^-@1xmnTR-P34hd(`
zWx|6`r?RZ+g#%G$UbQzLl<JLMGz3KM!e{*n$G=S_7TCq!UOtXANNNRSX@8kXwv+Md
zDIcmaNBLQ(aWiZOVf(|84rZA1mng+ILvFtJ&Zt75U=X<U0>A{cHY2EogkfMio#@0B
z+ML8u&=q>83rC1pd^i6apuM%$gJA(o%zqnDTLv^3ya9s)&`ki4TLNlJfNd6p`(q3@
zTd^5KFo>ev%c>47w5y@0`!Y@2jZXLWY`ZMCsv%9p2j~$GidS<-pt&ImSJqXPD98+r
zqS$C!kB2BjossC5E6C(f54dG_EUe27bX#-+SZxcGe21&gMvPakeW>m(o*&@RL_Rqm
z9|CE4VS~HK$K15OMPE7FWzfm{p8fnjtSIRE#O~{%$#?S~STak$+Vl_Bbh=ws6c@Om
zGY9rn#k@5absNiSgRXMwS{lhZPm*M*`kdDeDXNsvqQbHj@r%%iS-;*?Y}HGCA}>Vv
zcu#nO0o|s$sf~7WFi;n~+*@xol7p0mBzz(@tHbJS?-j;fhT|h6jtv<{;?9ktkRPO<
zCS!KZaEx3hU~oZ50Q1*Qr}Q)vZgvMBRfd<xL~|^h4Src3TnkR)@5BWpa?W2_^kS>a
zlC?MPmsenjPn2=1IB9?+qin-J+C*KDPE6704{0>T>AWw=JBbz&4^I2YJSnCp%I;O@
zGSI{AzSJ335x8Qle|n5k-?{&bm{#=4CHr(SZ|;;7r1hY9>4s;+ESAOA93DN&Smc=p
z<$XF6C7HVRsNBw7Uy`u5<<1)FZV!J-s+m1!{8M@z)&GRtfzo)V1Ebr0bHdNj`>Zd=
zTs%#Q{_d5`Fx~MH8!4yp#R87r>9kUkNV9o7;s)w1W_RQp-s1C@mo(Laxn9fcDYd$!
RgaLfBl=h~X{9eV=|8H5)V`u;X

literal 0
HcmV?d00001

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
index bb67b8cdbc..c02aa7e58d 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
@@ -1,7 +1,5 @@
-jetty_base="/var/lib/jetty"
-
 directory "SDC_Simulator_tempdir_creation" do
-  path "#{jetty_base}/temp"
+  path "#{ENV['JETTY_BASE']}/temp"
   owner 'jetty'
   group 'jetty'
   mode '0755'
@@ -10,7 +8,7 @@ end
 
 
 directory "SDC_Simulator_create_config_dir" do
-  path "#{jetty_base}/config"
+  path "#{ENV['JETTY_BASE']}/config"
   owner 'jetty'
   group 'jetty'
   mode '0755'
@@ -19,7 +17,7 @@ end
 
 
 directory "SDC_Simulator_create_sdc-simulator" do
-  path "#{jetty_base}/config/sdc-simulator"
+  path "#{ENV['JETTY_BASE']}/config/sdc-simulator"
   owner 'jetty'
   group 'jetty'
   mode '0755'
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
index 62f95a7e9e..bf859f13a3 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
@@ -1,5 +1,3 @@
-jetty_base="/var/lib/jetty"
-
 if ENV['FE_URL'] && !ENV['FE_URL'].empty?
     fe_url="#{ENV['FE_URL']}"
 elsif  node['disableHttp']
@@ -10,7 +8,7 @@ end
 
 
 template "webseal.conf" do
-   path "#{jetty_base}/config/sdc-simulator/webseal.conf"
+   path "#{ENV['JETTY_BASE']}/config/sdc-simulator/webseal.conf"
    source "SDC-Simulator-webseal.conf.erb"
    owner "jetty"
    group "jetty"
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
index 7a2069ddfb..06151fe1fc 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
@@ -1,7 +1,5 @@
-jetty_base="/var/lib/jetty"
-
 cookbook_file "log4j.properties" do
-   path "#{jetty_base}/config/sdc-simulator/log4j.properties"
+   path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j.properties"
    source "log4j.properties"
    owner "jetty"
    group "jetty"
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
index 8358e28339..e0b106de72 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
@@ -1,16 +1,21 @@
-jetty_base="/var/lib/jetty"
-
 directory "Jetty_etcdir_creation" do
-	path "/#{jetty_base}/etc"
+	path "#{ENV['JETTY_BASE']}/etc"
 	owner 'jetty'
 	group 'jetty'
 	mode '0755'
 	action :create
 end
 
-cookbook_file "/#{jetty_base}/etc/org.onap.sdc.trust.jks" do
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do
    source "org.onap.sdc.trust.jks"
    owner "jetty"
    group "jetty"
    mode 0755
 end
+
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do
+	source "org.onap.sdc.p12"
+	owner "jetty"
+	group "jetty"
+	mode 0755
+end
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
index 4f7e710d63..71366a5148 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
@@ -1,39 +1,63 @@
-jetty_base="/var/lib/jetty"
-jetty_home="/usr/local/jetty"
+#
+# Set the http module option
+if node['disableHttp']
+   http_option = "#--module=http"
+else
+   http_option = "--module=http"
+end
+
 
 bash "create-jetty-modules" do
-cwd "#{jetty_base}"
-code <<-EOH
-   cd "#{jetty_base}"
-   java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy
-   java -jar "/#{jetty_home}"/start.jar --create-startd --add-to-start=http,https,console-capture,setuid
-EOH
+   cwd "#{ENV['JETTY_BASE']}"
+   code <<-EOH
+   cd "#{ENV['JETTY_BASE']}"
+   java -jar "#{ENV['JETTY_HOME']}"/start.jar --add-to-start=deploy
+   java -jar "#{ENV['JETTY_HOME']}"/start.jar --create-startd --add-to-start=http,https,console-capture,setuid
+   EOH
 end
 
-template "ssl-ini" do
-   path "/#{jetty_base}/start.d/ssl.ini"
-   source "SDC-Simulator-ssl-ini.erb"
+
+template "http-ini" do
+   path "#{ENV['JETTY_BASE']}/start.d/http.ini"
+   source "SDC-Simulator-http-ini.erb"
    owner "jetty"
    group "jetty"
    mode "0755"
    variables({
-        :https_port           => "8443",
-        :jetty_keystore_pwd   => "rTIS;B4kM]2GHcNK2c3B4&Ng",
-        :jetty_keymanager_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng"
+      :http_option => http_option,
+      :http_port => "8080"
    })
 end
 
+
 template "https-ini" do
-   path "/#{jetty_base}/start.d/https.ini"
+   path "#{ENV['JETTY_BASE']}/start.d/https.ini"
    source "SDC-Simulator-https-ini.erb"
    owner "jetty"
    group "jetty"
    mode "0755"
-   variables ({
-        :https_port => "8443"
+   variables({
+      :https_port => "8443"
    })
 end
 
+# TO CHANGE THE KEYSTORE/TRUSTSTORE CERT THE JVM CONFIGURATION
+# MUST BE ALSO CHANGE IN THE startup.sh FILE
+template "ssl-ini" do
+   path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
+   source "SDC-Simulator-ssl-ini.erb"
+   owner "jetty"
+   group "jetty"
+   mode "0755"
+   variables({
+     :https_port           => "8443",
+     :jetty_truststore_pwd => "Y,f975ZNJfVZhV*{+Y[}pA?0",
+     :jetty_keystore_pwd   => "rTIS;B4kM]2GHcNK2c3B4&Ng",
+     :jetty_keymanager_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng",
+   })
+end
+
+
 bash "echo status" do
    code <<-EOH
       echo "DOCKER STARTED"
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb
new file mode 100644
index 0000000000..8f2669032b
--- /dev/null
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb
@@ -0,0 +1,29 @@
+# ---------------------------------------
+# Module: http
+<%= @http_option %>
+
+### HTTP Connector Configuration
+
+## Connector host/address to bind to
+# jetty.http.host=0.0.0.0
+
+## Connector port to listen on
+jetty.http.port=<%= @http_port %>
+
+## Connector idle timeout in milliseconds
+jetty.http.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.http.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.http.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.http.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.http.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.http.acceptorPriorityDelta=0
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
index 86848bf282..278fdea2ae 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
@@ -42,10 +42,10 @@ jetty.ssl.port=<%= @https_port %>
 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
 
 ## Keystore file path (relative to $jetty.base)
-# jetty.sslContext.keyStorePath=etc/keystore
+jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
 
 ## Truststore file path (relative to $jetty.base)
-# jetty.sslContext.trustStorePath=etc/keystore
+jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
 
 ## Keystore password
 # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
@@ -61,7 +61,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
 
 ## Truststore password
 # jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-#jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
+jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
 
 ## Truststore type and provider
 # jetty.sslContext.trustStoreType=JKS
diff --git a/utils/webseal-simulator/sdc-simulator/startup.sh b/utils/webseal-simulator/sdc-simulator/startup.sh
index 075c2cefab..cc7d9f9e09 100644
--- a/utils/webseal-simulator/sdc-simulator/startup.sh
+++ b/utils/webseal-simulator/sdc-simulator/startup.sh
@@ -15,6 +15,8 @@ JAVA_OPTIONS=" ${JAVA_OPTIONS} \
                 -Dconfig.home=${JETTY_BASE}/config/sdc-simulator \
                 -Dlog.home=${JETTY_BASE}/logs \
                 -Dlogback.configurationFile=${JETTY_BASE}/config/sdc-simulator/logback.xml \
+                -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
+                -Djavax.net.ssl.trustStorePassword=Y,f975ZNJfVZhV*{+Y[}pA?0 \
                 -Djetty.console-capture.dir=${JETTY_BASE}/logs"
 
 
-- 
2.16.6