Code Review / aaf / cadi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Make 2-way TLS optional and fix cert errors"
[aaf/cadi.git] / sidecar / fproxy / src / main / java / org / onap / aaf / fproxy / RestTemplateConfig.java
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
index a1aef28..8acfd86 100644 (file)
--- a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
@@ -26,6 +26,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.ssl.SSLContextBuilder;
+import org.eclipse.jetty.util.security.Password;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
@@ -41,9 +42,15 @@ public class RestTemplateConfig {
     @Value("${server.ssl.client-cert}")
     private String clientCertPath;
 
-    @Value("${server.ssl.key-store-password}")
+    @Value("${server.ssl.client-cert-password}")
     private String clientCertPassword;
 
+    @Value("${server.ssl.key-store}")
+    private String keystorePath;
+
+    @Value("${server.ssl.key-store-password}")
+    private String keystorePassword;
+
     @Profile("secure")
     @Bean
     public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
@@ -61,9 +68,9 @@ public class RestTemplateConfig {
     private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
 
         SSLContext sslContext = SSLContextBuilder.create()
-                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(),
-                        clientCertPassword.toCharArray())
-                .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build();
+                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), Password.deobfuscate(clientCertPassword).toCharArray(),
+                        keystorePassword.toCharArray())
+                .loadTrustMaterial(ResourceUtils.getFile(keystorePath), keystorePassword.toCharArray()).build();
 
         return HttpClients.custom().setSSLContext(sslContext);
     }
ARCHIVED- 2022-02-15 at the request of the project