From e2d292d5baa28a7c5b41f13ced705d1f8d2712c9 Mon Sep 17 00:00:00 2001 From: Piotr Darosz Date: Wed, 29 Aug 2018 10:33:54 +0200 Subject: [PATCH] VID Internal HTTPS Use HTTPS for internal VID interfaces Change-Id: I72260cd10c4d83e84f639798f4e4ebb738f6f4aa Issue-ID: VID-273 Signed-off-by: Piotr Darosz --- .../main/docker/assembly/assembly-for-plugin.xml | 14 ++ deliveries/src/main/docker/docker-files/Dockerfile | 14 +- epsdk-app-onap/src/main/resources/server.xml | 186 +++++++++++++++++++++ .../src/main/webapp/WEB-INF/cert/org.onap.vid.jks | Bin 0 -> 3573 bytes 4 files changed, 212 insertions(+), 2 deletions(-) create mode 100644 epsdk-app-onap/src/main/resources/server.xml create mode 100644 epsdk-app-onap/src/main/webapp/WEB-INF/cert/org.onap.vid.jks diff --git a/deliveries/src/main/docker/assembly/assembly-for-plugin.xml b/deliveries/src/main/docker/assembly/assembly-for-plugin.xml index 35c20335..27bcdb2c 100755 --- a/deliveries/src/main/docker/assembly/assembly-for-plugin.xml +++ b/deliveries/src/main/docker/assembly/assembly-for-plugin.xml @@ -26,6 +26,20 @@ src/main/scripts scripts + + + server.xml + + ../epsdk-app-onap/src/main/resources + config + + + + org.onap.vid.jks + + ../epsdk-app-onap/src/main/webapp/WEB-INF/cert + config + diff --git a/deliveries/src/main/docker/docker-files/Dockerfile b/deliveries/src/main/docker/docker-files/Dockerfile index a347659a..01031823 100755 --- a/deliveries/src/main/docker/docker-files/Dockerfile +++ b/deliveries/src/main/docker/docker-files/Dockerfile @@ -1,10 +1,12 @@ FROM tomcat:8.0-jre8 # add vim and uncomment alias to speedup troubleshooting purpose RUN apt-get update && apt-get install -y \ - openjdk-8-jdk vim + openjdk-8-jdk vim net-tools RUN sed -i 's/# alias/alias/g' /root/.bashrc +RUN mkdir -p ${ROOT_DIR}/etc + ENV JAVA_OPTS="-Xmx1536m -Xms1536m" ENV ROOT_DIR /opt/app/vid @@ -52,7 +54,7 @@ ENV VID_ECOMP_SHARED_CONTEXT_REST_URL http://portal.api.simpledemo.onap.org:8989 ENV VID_CONTACT_US_LINK https://todo_contact_us_link.com ENV VID_DECRYPTION_KEY AGLDdG4D04BKm2IxIWEr8o= -ENV VID_UEB_URL_LIST ueb.api.simpledemo.onap.org +ENV VID_UEB_URL_LIST ueb.api.simpledemo.onap.org ENV VID_UEB_CONSUMER_GROUP VID ENV VID_ECOMP_PORTAL_INBOX_NAME ECOMP-PORTAL-INBOX ENV VID_UEB_APP_KEY 2Re7Pvdkgw5aeAUD @@ -70,6 +72,14 @@ ENV VID_MYSQL_USER vidadmin ENV VID_MYSQL_MAXCONNECTIONS 5 ENV VID_MYSQL_PASS Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +ENV VID_KEYSTORE_FILENAME ${ROOT_DIR}/etc/org.onap.vid.jks +ENV VID_KEYSTORE_PASSWORD Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +ENV VID_TOMCAT_PATH /usr/local/tomcat/conf/ +ENV CATALINA_OPTS "-Dvid.keystore.password=${VID_KEYSTORE_PASSWORD} -Dvid.keyalias=vid@vid.onap.org -Dvid.keystore.filename=${VID_KEYSTORE_FILENAME}" + +ADD maven/config/org.onap.vid.jks ${VID_KEYSTORE_FILENAME} +ADD maven/config/server.xml ${VID_TOMCAT_PATH} + ADD maven/scripts/*.sh /tmp/vid/ ADD maven/artifacts/vid.war /tmp/vid/stage/ diff --git a/epsdk-app-onap/src/main/resources/server.xml b/epsdk-app-onap/src/main/resources/server.xml new file mode 100644 index 00000000..2a1bab5a --- /dev/null +++ b/epsdk-app-onap/src/main/resources/server.xml @@ -0,0 +1,186 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/cert/org.onap.vid.jks b/epsdk-app-onap/src/main/webapp/WEB-INF/cert/org.onap.vid.jks new file mode 100644 index 0000000000000000000000000000000000000000..aab34aebe4088deb7a4523f4970a70ac09e4ce10 GIT binary patch literal 3573 zcmb`Kc|25o`^V?Zj0rQyR+cRB6EVga#u9Zige;L5L^7Bm`z|3FG|AFU)+S`hnn;u- z*|LT#xkbvJ2)C>wOY?Bw&vXBJp6B;_{a(-O_50&`o%1>0~MfHNn_tIo*s5y7*8Lk{Q>f=IE6(Bgb4t{;d>xEf>j0qzyWC}Cjc-(;NkFj ztKxpsy2r1Bv)iW-GC{KvqtD?kNGU8>f z#usE_b`<5XGn3ac34(h(g~BM+;eqq-S^6OhmgAmI3!#|NVD@Ak){;wPl45%-mG2bY zEGw%^Nz_Hzv;0y@U(;BsT`}6z#kOUxzs?NA6q+9)-sm}D<8n0~9^f7}(bCiQiSNFs z+ZLMaFZcF=v!3vAr@ZoxU+8O}Ebg}t2#iE?PNoi?gf$EYrPL+4D@I;Ss>fbWub}GX zGnc3Lm8<26V$W++tK%`Ze#vymT4{z^NUy#U5A!CPtA5UYiN60y>7_a#?wXKmF^oxJ zaJpUTKNH)hyj~Dg*J1t0a#slu(BTr;Y?-`_UcQ5=5iiU@r#8(D4(yKD)8`y+tCdVR zN1kI3tEMJDDsB|J;)QD2dq87m-en%mE30rm`7o;8kemkz?wnF|_?{>mlgl&R*0YR> zeRh|4Dn~?mZ4HldadMa7r+nnRH-g7^pjMh7fTnDJ8%lrOQBmA`+oD4OUlnDFYsK|>oy7#OYko$t$+~797A&E>mUxZDZ_>7MWAvPzq zUyCz+BjOsph!L5w_jjxliX<<5AP;6tyA_0;p&N6qX5=j_qJr8!LRfwE2vRbT;_m1- zAFs(@i9|h9Uo~|4T}dt)^?|>mH@YT@COBStT+-5_AeBhjon`72*!b={>S=#0i8&x9 z#QmP$&=@Q0*wA3RNjL3y;|^n%Tr|6h@6?R;IqR2L^wt$)AV{#_x$@(8={o^(+_9WZ z`Z7WZ9Q;;?v={yNe%y)E^b^Ltv@RHWriN8R#n+h5t%a-{LO3l=Zh0V#>QlJ9_aqzZ z5~O#e?k4&OK#GW!57jyLw%_tU>pl9wt^MjXhH3M!*IMgCcOg$cu`A&OWm@7trMlnu z7?K9qH7gP|dYaWPeGIr3HEP6`jPgH~uXUP0q*DFapKp6tXJN&mXJ|D}m-EHPz9sv6 zsHAbJuFy5lDfE`H0)6F;@8g&`^Cn*@+8aA`FzmB?MAWU*$9RX$s)H2ueepCG|ER^P zU$gT%QjFT6#`iF|LmJy9j)LCSFItTx$2u5nwN-O2i#i=8-qCV)5}TK&)=_!EyELj#kz1p$F-S48%10N?pUT)dr;S{9 zLsxBZHekH7%*1836^7`E^A{dVi<*G%lRfq#g)fu|nlIBjPb@1>nvZw9dV$JTYD+&y zD)x0ORml&nEr8=p7V9bmI1?=?@dYJxrasf$UR&jJIK_&uw|)6$%$GmlhM^8S zd-#!k+{q+oJ3q1(-c}hDKFWqw0afHxuvmF{5VYEtr$G6?B?o0~vyB9anCix?_Pj zg2~1_fE}{Oy(s3}$iyE;#^%p#oCkqQ^o`It9<>Hk!xL~N>xLA6asz>o|Am`t)!5^- z|0rlsp{IK@hmWAAOWf(_5vG(h>Hmrd%}T zw6x22s*TpbikVB(U7c!;IgOL!1_>M%>}=`&xm>1xnLTV}s?*RCmA>C92g4@RWoZsj zl2Z)zYQ((fg%YyKpz2l5X}2sm5J#P4EXB~3Ys0v5Qm=!4Z?Uh4)c6@ z=R|LLjPy{5A}dCFC2A#RgO4yE`ag+XIKTu79qh^uKLY1zPDxIT6RDy5^9HDd=(vN?N@g$f_mO0`^1AFO2jx(OKkN0+IFn# zrLaj)58>O^lws0^4t^!>@$=C&HTo=kQ@?j3Prhz-1pNo|>#}M5Qzd?5a}5jZzdoh2 z4pW-BBCm#?L>69H%B4npkn_T**K)3Ha(wivKO77>4U2w{-R^Br)6WW zzdF}9@AlifKYEvjTwabTYf$VO`{Ik_b>F;k{tmUWsuxs^v19g=p+3o6j3Tqol)cNC z?s_L9q4(A>)*yRKWVy;%mL+ZdY=lBmoQ9PBdO&=flI$1lj1S+*!xRnT(ez5R`DATc z!gx7f-wtkMgx#WInc_>AI5%S6`>eRA+dbEDekCFW>1SoD-1GNBr-GD-pQ`GAs#H+q z&r;?CkA(4<5)@Vq7Wz!en*wP~QrO_-uSIxj|R7PnV~x)|PFOG-D@Ly7-9>HYL%`kN>%!I%>?GIlp7hsK#s*{Zy`> zqae(Vd2B&kNAS$e2&<)phl18mH8ZFSXJ1vej7Uz*KMCFF->EukC6LitRD3mdJHx5g zA$;Jtkfrb=`^)dzA6D?BEKHVto-M%#IxU6J$a{u2lBL{WUpU*+3R2mxFJ;Ac*VZkzc>&JDMi1ShVm#N^4 z3qjfkM+#3m%VEtB5j3+bH||-fMasH=wrPXETC`B0!*T@+g6svpr5n%mw&mEko|bM| zEM-yuVL*rGY`xLc#0eNhD@67pH!~ElKyw|Jz6J9O2 zq`q75>72zs(oA2fiH5tHXqKaRdN+jcc~uU$6o@2mQ4!0TPM_?$-h5c@wAggou0y$fc<_upRvY{fjl z*V4B%3FQrQ#`p_cPWw8V+VjEr7pdmet+A@dZVsG|E*4e0INJKr3)d|#o}4Xo`vSsH b@uU9JqlwPVygXVnw