Make 2-way TLS optional and fix cert errors

author Ravi Geda <gravik@amdocs.com>

Thu, 25 Oct 2018 20:01:13 +0000 (21:01 +0100)

committer Ravi Geda <gravik@amdocs.com>

Fri, 26 Oct 2018 13:32:13 +0000 (14:32 +0100)
author Ravi Geda <gravik@amdocs.com>
Thu, 25 Oct 2018 20:01:13 +0000 (21:01 +0100)
committer Ravi Geda <gravik@amdocs.com>
Fri, 26 Oct 2018 13:32:13 +0000 (14:32 +0100)
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java

index a1aef28..8acfd86 100644 (file)
--- a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
@@ -26,6 +26,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier;
  import org.apache.http.impl.client.HttpClientBuilder;
  import org.apache.http.impl.client.HttpClients;
  import org.apache.http.ssl.SSLContextBuilder;
+import org.eclipse.jetty.util.security.Password;
  import org.springframework.beans.factory.annotation.Value;
  import org.springframework.boot.web.client.RestTemplateBuilder;
  import org.springframework.context.annotation.Bean;
@@ -41,9 +42,15 @@ public class RestTemplateConfig {
      @Value("${server.ssl.client-cert}")
      private String clientCertPath;
  
-    @Value("${server.ssl.key-store-password}")
+    @Value("${server.ssl.client-cert-password}")
      private String clientCertPassword;
  
+    @Value("${server.ssl.key-store}")
+    private String keystorePath;
+
+    @Value("${server.ssl.key-store-password}")
+    private String keystorePassword;
+
      @Profile("secure")
      @Bean
      public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
@@ -61,9 +68,9 @@ public class RestTemplateConfig {
      private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
  
          SSLContext sslContext = SSLContextBuilder.create()
-                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(),
-                        clientCertPassword.toCharArray())
-                .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build();
+                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), Password.deobfuscate(clientCertPassword).toCharArray(),
+                        keystorePassword.toCharArray())
+                .loadTrustMaterial(ResourceUtils.getFile(keystorePath), keystorePassword.toCharArray()).build();
  
          return HttpClients.custom().setSSLContext(sslContext);
      }
diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties

index 5ed7510..2fb9396 100644 (file)
--- a/sidecar/fproxy/src/main/resources/application.properties
+++ b/sidecar/fproxy/src/main/resources/application.properties
@@ -3,9 +3,10 @@ CONFIG_HOME=config
  server.port=10680
  server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
  server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12
-server.ssl.client-auth=need
+server.ssl.client-cert-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+server.ssl.client-auth=want
  
-server.contextPath=/
+server.servlet.context-path=/
  
  logging.config=${CONFIG_HOME}/logback-spring.xml
author	Ravi Geda <gravik@amdocs.com>
	Thu, 25 Oct 2018 20:01:13 +0000 (21:01 +0100)
committer	Ravi Geda <gravik@amdocs.com>
	Fri, 26 Oct 2018 13:32:13 +0000 (14:32 +0100)
sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java		patch \| blob \| history
sidecar/fproxy/src/main/resources/application.properties		patch \| blob \| history