From 677dbc87455c77e9d3184519ddbd550c74cc41e8 Mon Sep 17 00:00:00 2001 From: "Bansal, Nitin (nb121v)" Date: Thu, 5 Apr 2018 09:39:39 -0400 Subject: [PATCH] Enabling 2 way ssl with spring boot Change-Id: I2e8cefc59dcfc330c3e511bcd5a8f66336c39674 Issue-ID: AAI-802 Signed-off-by: Bansal, Nitin (nb121v) --- src/main/bin/start.sh | 20 ++++++++++++++++++++ src/main/docker/Dockerfile | 6 ------ src/main/resources/application.properties | 8 +------- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh index fecadcc..a54059b 100644 --- a/src/main/bin/start.sh +++ b/src/main/bin/start.sh @@ -9,6 +9,26 @@ if [ -z "$CONFIG_HOME" ]; then exit 1 fi +if [ -z "$KEY_STORE_PASSWORD" ]; then + echo "KEY_STORE_PASSWORD must be set in order to start up process" + exit 1 +else + ## Extract java jar to DEOBFUSCATE the password. + CURR_D=`pwd` + cd $BASEDIR + jar xf data-router.jar + sudo java -cp ./BOOT-INF/lib/jetty-util-9.4.8.v20171121.jar org.eclipse.jetty.util.security.Password $KEY_STORE_PASSWORD > pass.txt 2>> pass.txt + PASS=`sed "2q;d" pass.txt` + sudo rm pass.txt + cd $CURR_D +fi + +## tomcat_keystore to p12 +keytool -importkeystore -noprompt -deststorepass $PASS -destkeypass $PASS -srckeystore $BASEDIR/config/auth/tomcat_keystore -destkeystore $BASEDIR/config/auth/onap.p12 -deststoretype PKCS12 -srcstorepass $PASS + +## import into cacerts +sudo keytool -importkeystore -noprompt -deststorepass changeit -destkeypass changeit -destkeystore /$JAVA_HOME/jre/lib/security/cacerts -srckeystore $BASEDIR/config/auth/onap.p12 -srcstoretype PKCS12 -srcstorepass $PASS -alias tomcat + PROPS="-DAJSC_HOME=$AJSC_HOME" PROPS="$PROPS -DAJSC_CONF_HOME=$AJSC_CONF_HOME" diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 8963fa8..b4e638a 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -28,12 +28,6 @@ COPY data-router.jar $MICRO_HOME/ COPY bundleconfig-local $MICRO_HOME/bundleconfig COPY bundleconfig-local/etc/logback.xml $MICRO_HOME/bundleconfig/etc -# Create the aai user -RUN mkdir /opt/aaihome && \ - groupadd -g 492381 aaiadmin && \ - useradd -r -u 341790 -g 492381 -ms /bin/bash -d /opt/aaihome/aaiadmin aaiadmin && \ - chown -R aaiadmin:aaiadmin $MICRO_HOME -USER aaiadmin EXPOSE 9502 9502 diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index a046f4e..13ba49c 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -3,11 +3,5 @@ server.ssl.key-store=file:${CONFIG_HOME}/auth/tomcat_keystore server.ssl.enabled=true server.port=9502 -server.ssl.client-auth=want - +server.ssl.client-auth=need server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 - -#server.ssl.trust-store=C:\\ONAP\\spring\\data-router\\dynamic\\auth\\tomcat_keystore -#server.ssl.trust-store-password=onapSecret -#server.ssl.client-auth=want -server.ssl.key-store-type=JKS \ No newline at end of file -- 2.16.6