From 820f4ec65a28ed822d4205b05ac6fbbd910a46cc Mon Sep 17 00:00:00 2001 From: ilanap Date: Mon, 18 Nov 2019 13:38:23 +0200 Subject: [PATCH] Changes for backend to support SSL Changes to support starting in https mode and changes to support making a secured call to the SDC backend Issue-ID: SDC-2405 Signed-off-by: ilanap Change-Id: I0588484fdcb0903934814906672f4fc9a76eca2c Signed-off-by: ilanap --- workflow-designer-be/docker/Dockerfile | 17 ++++ workflow-designer-be/docker/org.onap.sdc.p12 | Bin 0 -> 4459 bytes workflow-designer-be/docker/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes workflow-designer-be/docker/startup.sh | 28 ++++++ workflow-designer-be/pom.xml | 50 ++++++++-- .../workflow/api/ArtifactAssociationService.java | 108 +++++++++++++++++---- .../src/main/resources/application.properties | 7 ++ 7 files changed, 182 insertions(+), 28 deletions(-) create mode 100644 workflow-designer-be/docker/Dockerfile create mode 100644 workflow-designer-be/docker/org.onap.sdc.p12 create mode 100644 workflow-designer-be/docker/org.onap.sdc.trust.jks create mode 100644 workflow-designer-be/docker/startup.sh diff --git a/workflow-designer-be/docker/Dockerfile b/workflow-designer-be/docker/Dockerfile new file mode 100644 index 00000000..ea20fa5c --- /dev/null +++ b/workflow-designer-be/docker/Dockerfile @@ -0,0 +1,17 @@ +FROM openjdk:8-jdk-alpine + +EXPOSE 8080 + +USER root + +ARG ARTIFACT + +ADD ${ARTIFACT} /app.jar + +COPY org.onap.sdc.p12 /keystore +COPY org.onap.sdc.trust.jks /truststore + +COPY startup.sh . +RUN chmod 744 startup.sh + +ENTRYPOINT [ "./startup.sh" ] \ No newline at end of file diff --git a/workflow-designer-be/docker/org.onap.sdc.p12 b/workflow-designer-be/docker/org.onap.sdc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d03ca1c91df02cdea125b3c0d5bb3852f95bcbe2 GIT binary patch literal 4459 zcmY+EWmFW7w#5e+28IR+r5Qq+8KhfExF?~eK>2M_1kBkj~g0DXoZS`1`Q;n1%X*Zr&MFx%*15J zsjBf(QDfojfJsM9z(0rEw1;H9WWPJ~XmF8)$^6{cmhGodWEkE=FxoQMVcJ*U;Aq}p zC){;VEDATuc$c!RL+<~)b&bgJ^!RqK0U=fDYVgZ?5qgxjs9ww5JH}R%qw;kjAl@*9 z^F4)pi(eZ}0i3;eeY~r5rYlFhz`nEpK=6(-B#WCn8P9o8u`OGLiD3#P?Z*{ezoZ&W z=hFWy9KJkGE3b#VMt_VT8zu^;ik>5QQ&$1^35E_Ex`-x}e_7bw){2lpSDSWqRZ`~5 z6;pYnz*7LLXL;G8QX4ddk(x5)YxUvUr>M`T`em=(UK|P$<5x^jdnL{p*lBYH9yBuX>_9ElBrVayGJd zgyS|qIc_5POHA^(5{6;^8-rCN{@U`%#A}^AeR<1*1#i~?mB8Y&+ba?=!B$r3g1PF` zJw^M3*NMs&lTPf4N z(8|XBikiGl)N-wFgAa##Eht{G7i@zjTgZ{~qbL_{JE7i3%NH-hh=1OteesF5Z7;pY zi~e`?;v$LuXgNzFm|iET5{C zJQKt_x__0JMQ5QAOwPZ3AqPjAUZ$U~&5Y%UuvErvJA8S?^USu7th>Y18%_?f#a`EP zP=7dVtrCe4Xm8$BPA`Xx7-!_a+<<|D%38kG1RJ6CdmT8n9CC!dqnG~;n6`nrT>Tj1NTx%P7rEvrd8E%j^DWpBO3derW*-XPYTxJ= zxp{89o4#ofH^i{Fi?!-cgx|gt@lO*5574pOtHp=M7o;rdGNYiRh`1fgr!ba=SBV-& zcz9K1bWITo=5qm6`1%TF>#@{3gO*!pUX4Ouq%Y>{T zse-Ob;)3Y%HjvpSR&NiW;261jl)()q`z(v{rxedIwD-es#q{dHr8KXcPYFxrdqIHg zP^nsuxh$Btmv-dvB&_6T0Q)I#8(T)>nZU2<9(9y3o+m-pxWq zCWb+%X#og;1;892@o(h>I0761rT{0vzcv?u6_oD30TLK7kVwng9!?A6Ahz2-$Qcy{@Q>L1*FpJztqb~B>*l%Bn{0C#Q%~xT{fHPvq=1BS zDgU>1{R6R~VNu7zi?UE!lKuy-tvOf3P_$CNYqi-le4oCSFUK_S0B4?~{f3s{@7_SI zuS3s9$(4zCZV=rEz#{{GnpWPi9lSTZ%C`ofFk_e2!?zwe+Khg4ApiMT;1-8LFenA5s9mg)WReFp-um2TM}5u+hit zci)jD9FSyo2hF@Wu!0@&x?`l~gwy$ig6OKwqH7kiCnox>&ze1&*xa~!yp-12>#2-q z^Urnau?DB^er7UEDWVZNDOP?A zCp8ls-BJ*^TPtwFuZ&Ug;K!W~>`+(!QBx4Rn^C5vjot@-$=H0ML6EaWy-Or~#uDj* zfDsZK;o6u4pPcx{a>#1|KvHyUkMh2k6X7#rVOjp(Bj~YwP+ckNuIbydSNE?PH(M1P z=)S+WOw06n_ib##@bxofnF?GlSpV;uMl;WH4D@!!6-$U0ZLyi-_Z7`xq2<@lgEq{rqxcu{H-g2RiEf3SGi`MnbR}r_;*FIkD2ueD38lRtb=!liZ zDPNxQQBePJtB-VTstIF}Z_yf`1^lkX?V*VoQo+~vHD%9S9eej&+>zlq^9+lD`yDt_ zIyvA16D|B|cJ0NKwQxX^J}NSlOCnvd?(sy<>bSJB1W4i4w;_%Z`sdy))lw0g|0CIf z(~+>1uoI6r3{Awdhp$#%#nsm6(-zC?uPTtC3FkQR5lf#}d2V;txk@@E^8TH=Su_vj z9z<6{NC_fX20<`a`y*qL{Qw-sV-~mhz0<@Jtu-OSZf0#}65tQD@S3N6u4xoxX!}0betQ-Zo-1qfBJJPC79RzCMaTEivMl9Dg9V z{aa#b($1ezNW9W$E`IZa!JX^l@{b=sh2fPXNHHYQ49+rohh8|540x?^j_o>_39KF$)Vw}8r zCG`PtQuHi(ctI8<^}P(ru2DsvzIds&5fWq5eEsSuCGTfMkp3zi9l!i2-91vrDl4gM zCRK8Lv>u^x<4|+q!;o<~p&o?~!awOIJ`K2?oTX&`XyI4ywM>Mr5WkfVbMxJVno69` zphwb_3!e)-7Fqo6VZ7`n8|R^H@7%xfp;{)q)Vfu4gv1{vL;9Qs zod!9W9Z<;#iLwNJc1bc4qUwhS`1Y|qP@Al0pE>TtcXKopYf!4pQoPM+O0L;Ek!_4k z9~of1@|aRwh&X(3$0+TyCc#?t)aQg7ymAS}Ge3UX#{tx#25!~czZ{h?vi_nrNesI; z{rQ`330O2^^qGw$6l!w!>FOz+`*n4~Gu%mA3S4L6e}REnKXoOJy8iCu7bJhrre3ke zWzzR&t)Y+jC9IK8&{8ur)zEI)+6?<)*;Bp@Iz<(@mXBn`wVlO_jui}vq7QTb(e4?D zf(@H*IE`tHU9b+H+6phdwX0Lrl9}mJ)%qe?6W5I1yjy=JQ@8P8 zP}y%7=Wc4|87DBK=y+9c9<^~!ft+CP$>pM0hczOT5ErcDHoJ67YG3L;R);C}3*J)< z8|*n@VRWIDEJAb+<@p!rw~$7LSsP6qSEmaifJ%b0t1)3sPc9M8_Xcfgk{W%Bo#uK@ zThQUOx`Kjr{X|C7Jho|GvnRo6-EfRwL&1aHJKthXU0qURiea`w$vJ8W+^@Ztw$mjwoKimqT9Sg^h9 zO9Au|Zy#gG-$mx?*zih7GQE#*oFs*G4~rD(e)|o_fwh;UQiCb`WvKq37{hyHWB8X} zk72LfDalh?{AKp&KQC+4DBe2n1^Tc`uBzjn_}IrML}}I63dn_Z*WJ1(IP1r5 z+uRkfBPh$PET6VOqaWb<+YJXfkhF9}(MG?K!ue&{EawbRp$T?L0EbuxT|{gjr|h<4 zO1rq;oPE0X-s^e!CbHOv0H>wH4Jcv-pzU)oiKZV39%>q|RvJVnN18M-D&GkGRNG4U zAnm<)^m56sDz~WF<9^rN3`|dAMwU@gA;q|85!M+yF1f)OaxZmexzkl$EK}h>U+rW! z^F~u)JTz0cs@b{677W?ezRs|oDnuF_?rbJ^H`S=g>u}%Q9#qn$)1?Z*Hap5BD1VHZ z(0o*vub@XI><$)#ib3h1U=TVR9vUh+IsiyamlR_KLVG=kxDz$N&d4sSh0dt}iJK4! bz7F$MHOl5|w4P~Y2A>1P$x+czLbCq{!E$K2 literal 0 HcmV?d00001 diff --git a/workflow-designer-be/docker/org.onap.sdc.trust.jks b/workflow-designer-be/docker/org.onap.sdc.trust.jks new file mode 100644 index 0000000000000000000000000000000000000000..d07ce1a66b1320df396c75a8dc20ccc75d666822 GIT binary patch literal 1413 zcmb7DYdF&j9NvEy9k-3tEG9(Ga;X2T)f9~tIW8g1gklv|ZmA>pXY90vCb!(mTswpn zi@D^!l-sPylTIFtqn?!G5?!Rsq33+)!})SP{GRuD-{1TEp5KS}mCwp&ArJ_3eSq(% zbe8TD6nd5($}a3vME^D%1|yfUb`K@~KhR5x(D zrYfEU?gfeXy?CM-$x~C6KmrK_{J->nUSmOb{P+%lfWTN#6a-{Jm7pvr0O>F4&<2Be(De~xLE7J4iW^YEpEE;B2?UW1Hj4RD) z%;n50_a@@bFPre@Ivsg!O-+n2^-*`nfdoU(2`2Gp-6xbM3arxb?ul=&cVX*I;fiYM zP?67||2fKOoVX#U_1fcUzf_qqCEqX0#6!yc)Gw9LdWR@)L7Z~?CIBr@w6(EU- zW>96qJx?aH?5KtPah7Lluih&)7(QnLioAtS`;rcSn@lcnO1Sy{Fw*FH3n)wb(^9HN zGS*7@P>nvo&q9q_V%qU)_lMf)QSM*j6yFSZ1>8BI4ut^_p!6(A2X)pXsDp%~;al9O zghhuLsjHwf@>VAfA2a`M_E%7MV{HJ(fav)DHlQ{P8UU~cM}V+(0FfI4YD0jp7liX; z4A)z+9zy^^*6m?bM;1EOkhKEn7Hy`-d%8DWklWS}#}h*g2zw+;xkIqr2!-GkbtN(~ zL%S$}>Co*X%Fv=E2j&Vg*_7R0+3j;HawGj_y%0w0968_R;?p6s#Y-QmyNYM~c@84~ zoR9axw7e+sR?$KOEqM_a!FAqM-~;9ElQq8#!LtHq++UG@RNBF z!bjVqlZ>eL)lIDqN5!G~!26zh+o2q!EF$R>@u3#H&hbv+wF?O2*qDO@X0f56TVJzHJ;&h)K|~1sP={N3nmH%CosTLrmd7*M*6v2XycaKrr}4MoLXz31gXhn% zv}9b}wY%jNXu@M<+!AgqM4C~y7Q{5y5~LGSwEH3&EpU2&m*gGQ5EAxG`OAFC7DvkN zROr(*2HOHCuNg%^#d6=&2)Vvv*B6OH(Myl)f`Q3>J29_yBF5 zXBC$B=|r4#^3sEHCvQV((vId^%c$Gk{K+wF_Kew2>2;K#BXSpV9{1Fo?ci>9|Y=h%zr9=_-;b_bi)LZnn*f+fSXD`lUHN!b0+y07W T18T+c&BKA?ly-jDYJS2$H3(y= literal 0 HcmV?d00001 diff --git a/workflow-designer-be/docker/startup.sh b/workflow-designer-be/docker/startup.sh new file mode 100644 index 00000000..bc1d6463 --- /dev/null +++ b/workflow-designer-be/docker/startup.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +HTTPS_ENABLED=${SERVER_SSL_ENABLED:-"false"} +if [ "$HTTPS_ENABLED" = "true" ] +then + KEYSTORE=${SERVER_SSL_KEYSTORE_PATH} + if [ -f "$KEYSTORE" ]; then + echo "$KEYSTORE exist" + else + echo "Copying default keystore" + KEYSTORE_DIR=${KEYSTORE%/*} + mkdir -p $KEYSTORE_DIR + cp /keystore $KEYSTORE_DIR + chmod 755 $KEYSTORE + fi + + TRUSTSTORE=${SERVER_SSL_TRUSTSTORE_PATH} + if [ -f "$TRUSTSTORE" ]; then + echo "$TRUSTSTORE exist" + else + echo "Copying default truststore" + TRUSTSTORE_DIR=${TRUSTSTORE%/*} + mkdir -p $TRUSTSTORE_DIR + cp /truststore $TRUSTSTORE_DIR + chmod 755 $TRUSTSTORE + fi +fi +java ${JAVA_OPTIONS} -jar /app.jar ${SPRING_BOOT_OPTIONS} \ No newline at end of file diff --git a/workflow-designer-be/pom.xml b/workflow-designer-be/pom.xml index 9bf4e75d..601f10ee 100644 --- a/workflow-designer-be/pom.xml +++ b/workflow-designer-be/pom.xml @@ -120,6 +120,10 @@ + + org.apache.httpcomponents + httpclient + org.mapstruct mapstruct-jdk8 @@ -174,6 +178,28 @@ + + maven-resources-plugin + 2.6 + + + copy-resources-docker + install + + copy-resources + + + ${basedir}/docker + + + ${project.build.directory} + ${project.build.finalName}.jar + + + + + + io.fabric8 docker-maven-plugin @@ -185,20 +211,26 @@ ${project.version} - openjdk:8-jdk-alpine - root - - / - ${project.basedir}/src/main/resources/assembly.xml - - - java ${JAVA_OPTIONS} -jar /${project.build.finalName}.jar - + ${project.basedir}/docker + + ${project.build.finalName}.jar + + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.8 + true + + onap-staging + ${nexus.proxy} + ${staging.profile.id} + + diff --git a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java index 621d1803..2b24577a 100644 --- a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java +++ b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java @@ -19,30 +19,47 @@ package org.onap.sdc.workflow.api; import static org.apache.commons.codec.digest.DigestUtils.md5Hex; import com.fasterxml.jackson.databind.ObjectMapper; + +import java.io.File; +import java.io.FileInputStream; import java.io.IOException; import java.nio.charset.Charset; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.Base64; import java.util.HashMap; import java.util.Map; import java.util.Optional; + +import org.apache.http.conn.ssl.TrustStrategy; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; + +import java.util.Base64; + import org.apache.commons.io.IOUtils; +import org.apache.http.HttpHost; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContexts; import org.onap.sdc.workflow.api.types.dto.ArtifactDeliveriesRequestDto; import org.onap.sdc.workflow.persistence.types.ArtifactEntity; -import org.openecomp.sdc.logging.api.Logger; -import org.openecomp.sdc.logging.api.LoggerFactory; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.client.RestTemplateBuilder; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; +import org.springframework.http.*; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; +import javax.net.ssl.SSLContext; + @Component("ArtifactAssociationHandler") public class ArtifactAssociationService { @@ -54,6 +71,8 @@ public class ArtifactAssociationService { private static final String X_ECOMP_INSTANCE_ID_HEADER = "X-ECOMP-InstanceID"; private static final String INIT_ERROR_MSG = "Failed while attaching workflow artifact to Operation in SDC. Parameters were not initialized: %s"; + private static final String INIT_CLIENT_MSG = + "Failed while creating the HTTP client to SDC. Following exception: %s"; private static final Logger LOGGER = LoggerFactory.getLogger(ArtifactAssociationService.class); @Value("${sdc.be.endpoint}") private String sdcBeEndpoint; @@ -66,12 +85,63 @@ public class ArtifactAssociationService { private RestTemplate restClient; + private KeyStore getKeyStore(String file, String password, String keyStoreType) throws IOException, GeneralSecurityException { + KeyStore keyStore = KeyStore.getInstance(keyStoreType); + File keyFile = new File(file); + try (FileInputStream inStr = new FileInputStream(keyFile)) { + keyStore.load(inStr, password.toCharArray()); + } + return keyStore; + + } + + @Autowired - public ArtifactAssociationService(RestTemplateBuilder builder) { - this.restClient = builder.build(); + public ArtifactAssociationService(RestTemplateBuilder builder, + @Value("${server.ssl.trust-store}") + String truststorePath, + @Value("${server.ssl.trust-store-password}") + String truststorePassword, + @Value("${server.ssl.trust-store-type}") + String truststoreType, + @Value("${server.ssl.key-store}") + String keystorePath, + @Value("${server.ssl.key-password}") + String keystorePassword, + @Value("${server.ssl.key-store-type}") + String keystoreType, + @Value("${sdc.be.protocol}") + String protocol) { + if (protocol != null && + !protocol.equalsIgnoreCase(HttpHost.DEFAULT_SCHEME_NAME)) { + try { + KeyStore trustStore = getKeyStore(truststorePath, truststorePassword, truststoreType); + KeyStore keyStore = getKeyStore(keystorePath, keystorePassword, keystoreType); + + SSLContext sslcontext = SSLContexts.custom() + .loadKeyMaterial(keyStore, keystorePassword.toCharArray()) + .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()) + .build(); + SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( + sslcontext, + new NoopHostnameVerifier() + ); + CloseableHttpClient httpClient = + HttpClients.custom() + .setSSLSocketFactory(sslsf) + .setSSLHostnameVerifier(new NoopHostnameVerifier()) + .build(); + HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); + this.restClient = new RestTemplate(factory); + } catch (Exception e) { + LOGGER.error(String.format(INIT_CLIENT_MSG, e.getMessage()), e); + } + } else { + this.restClient = builder.build(); + } } - void setRestClient(RestTemplate restClient) { + void setRestClient(RestTemplate restClient) { this.restClient = restClient; } @@ -80,12 +150,12 @@ public class ArtifactAssociationService { } ResponseEntity execute(String userId, ArtifactDeliveriesRequestDto deliveriesRequestDto, - ArtifactEntity artifactEntity) { + ArtifactEntity artifactEntity) { Optional initializationState = parametersInitializationState(); - if(initializationState.isPresent()) { - LOGGER.error(String.format(INIT_ERROR_MSG,initializationState.get())); - return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).body(String.format(INIT_ERROR_MSG,initializationState.get())); + if (initializationState.isPresent()) { + LOGGER.error(String.format(INIT_ERROR_MSG, initializationState.get())); + return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).body(String.format(INIT_ERROR_MSG, initializationState.get())); } String formattedArtifact; @@ -96,7 +166,7 @@ public class ArtifactAssociationService { return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).body(e.getMessage()); } - HttpEntity request = new HttpEntity<>(formattedArtifact, createHeaders(userId,formattedArtifact)); + HttpEntity request = new HttpEntity<>(formattedArtifact, createHeaders(userId, formattedArtifact)); return restClient.exchange(sdcBeProtocol + "://" + sdcBeEndpoint + "/" + deliveriesRequestDto.getEndpoint(), HttpMethod.valueOf(deliveriesRequestDto.getMethod()), request, String.class); @@ -117,7 +187,7 @@ public class ArtifactAssociationService { result.add("SDC_PASSWORD"); } - if (result.isEmpty()) { + if (result.isEmpty() || this.restClient == null) { return Optional.empty(); } else { return Optional.of(result.toString()); @@ -143,7 +213,7 @@ public class ArtifactAssociationService { private HttpHeaders createHeaders(String userId, String formattedArtifact) { HttpHeaders headers = new HttpHeaders(); headers.add(USER_ID_HEADER, userId); - headers.add(HttpHeaders.AUTHORIZATION, createAuthorizationsHeaderValue(sdcUser,sdcPassword)); + headers.add(HttpHeaders.AUTHORIZATION, createAuthorizationsHeaderValue(sdcUser, sdcPassword)); headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); headers.add(MD5_HEADER, calculateMD5Base64EncodedByString(formattedArtifact)); headers.add(X_ECOMP_INSTANCE_ID_HEADER, "InstanceId"); diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties index 44b048ac..5a4b7af7 100644 --- a/workflow-designer-be/src/main/resources/application.properties +++ b/workflow-designer-be/src/main/resources/application.properties @@ -19,8 +19,15 @@ http.port=${HTTP_PORT:8080} server.port=${SERVER_PORT:8443} server.ssl.enabled=${SERVER_SSL_ENABLED:true} server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:} +server.ssl.key-store-password=${SERVER_SSL_KEY_PASSWORD:} server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:} server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:} +server.ssl.trust-store-password=${SERVER_SSL_TRUST_PASSWORD:} +server.ssl.trust-store=${SERVER_SSL_TRUSTSTORE_PATH:} +server.ssl.trust-store-type=${SERVER_SSL_TRUSTSTORE_TYPE:} +#server.ssl.protocol=${SERVER_SSL_PROTOCOL:TLS} +#server.ssl.enabled-protocols=${SERVER_SSL_ENABLED_PROTOCOL:TLSv1.2} + sdc.be.protocol=${SDC_PROTOCOL:} sdc.be.endpoint=${SDC_ENDPOINT:} -- 2.16.6