From d3f590c87f20a26272cbaf9d6fde1dcc2e7466b8 Mon Sep 17 00:00:00 2001
From: Taka Cho <takamune.cho@att.com>
Date: Tue, 11 Jun 2019 17:04:50 -0400
Subject: [PATCH] move http to https

use jetty to move to
https

Issue-ID: APPC-1573
Change-Id: I814e8159d39f7e09cfbfcf5a314a1909774486cc
Signed-off-by: Taka Cho <takamune.cho@att.com>
---
 docker-compose/docker-compose.yml                  |   1 +
 installation/appc/pom.xml                          |   4 +
 .../appc/src/main/resources/custom.properties      |  88 ++++++++++++++
 installation/appc/src/main/resources/jetty.xml     | 131 +++++++++++++++++++++
 installation/appc/src/main/resources/keystore      | Bin 0 -> 2219 bytes
 .../appc/src/main/scripts/dockerInstall.sh         |   5 +
 6 files changed, 229 insertions(+)
 create mode 100644 installation/appc/src/main/resources/custom.properties
 create mode 100644 installation/appc/src/main/resources/jetty.xml
 create mode 100644 installation/appc/src/main/resources/keystore

diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml
index 706465b..b5f0506 100644
--- a/docker-compose/docker-compose.yml
+++ b/docker-compose/docker-compose.yml
@@ -72,6 +72,7 @@ services:
     container_name: appc_controller_container
     entrypoint: ["/opt/onap/appc/bin/startODL.sh"]
     ports:
+      - "8443:8443"
       - "8282:8181"
       - "1830:1830"
       - "9090:9191"
diff --git a/installation/appc/pom.xml b/installation/appc/pom.xml
index 82c3d14..6c5378d 100644
--- a/installation/appc/pom.xml
+++ b/installation/appc/pom.xml
@@ -112,11 +112,13 @@ limitations under the License.
 								<resource>
 									<directory>src/main/resources</directory>
 									<includes>
+										<include>keystore</include>
 										<include>*.dump</include>
 										<include>*.sh</include>
 										<include>*.cfg</include>
 										<include>*.xml</include>
 										<include>*.json</include>
+										<include>*.properties</include>
 									</includes>
 									<filtering>false</filtering>
 								</resource>
@@ -359,11 +361,13 @@ limitations under the License.
 										<resource>
 											<directory>src/main/resources</directory>
 											<includes>
+												<include>keystore</include>
 												<include>*.dump</include>
 												<include>*.sh</include>
 												<include>*.cfg</include>
 												<include>*.xml</include>
 												<include>*.json</include>
+												<include>*.properties</include>
 											</includes>
 											<filtering>false</filtering>
 										</resource>
diff --git a/installation/appc/src/main/resources/custom.properties b/installation/appc/src/main/resources/custom.properties
new file mode 100644
index 0000000..ebfaf8e
--- /dev/null
+++ b/installation/appc/src/main/resources/custom.properties
@@ -0,0 +1,88 @@
+# Extra packages to import from the boot class loader
+org.osgi.framework.system.packages.extra=org.apache.karaf.branding,sun.reflect,sun.reflect.misc,sun.misc,sun.nio.ch,com.sun.media.sound,sun.net,sun.security.x509,com.sun.management
+
+# https://bugs.eclipse.org/bugs/show_bug.cgi?id=325578
+# Extend the framework to avoid the resources to be presented with
+# a URL of type bundleresource: but to be presented as file:
+osgi.hook.configurators.include=org.eclipse.virgo.kernel.equinox.extensions.hooks.ExtensionsHookConfigurator
+
+# Embedded Tomcat configuration File
+org.eclipse.gemini.web.tomcat.config.path=configuration/tomcat-server.xml
+org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
+
+# Use Equinox as default OSGi Framework Implementation
+karaf.framework=equinox
+
+# Show a progress bar on startup and start the console when all bundles are up and running.
+# (If you are in a hurry you can still type enter to start the shell faster.)
+karaf.delay.console=true
+
+# Set security provider to BouncyCastle
+org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider
+
+# We set this to false to disable the Aries BlueprintExtender from doing its orderly container
+# shutdown so we can do it after the CSS has shut down all its modules. Otherwise Aries will
+# shutdown blueprint containers when the karaf framework starts shutdown (ie when bundle 0 is
+# stopped) which can cause failures on CSS module shutdown due to the core blueprint containers
+# and services already being shut down. This setting can be removed when/if CSS is removed
+# completely from ODL.
+org.apache.aries.blueprint.preemptiveShutdown=false
+
+netconf.config.persister.active=1
+
+netconf.config.persister.1.storageAdapterClass=org.opendaylight.controller.config.persist.storage.file.xml.XmlFileStorageAdapter
+netconf.config.persister.1.properties.fileStorage=etc/opendaylight/current/controller.currentconfig.xml
+netconf.config.persister.1.properties.numberOfBackups=1
+
+# Container configuration
+container.profile = Container
+
+# Connection manager configuration
+connection.scheme = ANY_CONTROLLER_ONE_MASTER
+
+# TLS configuration
+# To enable TLS, set secureChannelEnabled=true and specify the location of controller Java KeyStore and TrustStore files.
+# The Java KeyStore contains controller's private key and certificate. The Java TrustStore contains the trusted certificate
+# entries, including switches' Certification Authority (CA) certificates. For example,
+# secureChannelEnabled=true
+# controllerKeyStore=./configuration/ctlKeyStore
+# controllerKeyStorePassword=xxxxxxxx (this password should match the password used for KeyStore generation and at least 6 characters)
+# controllerTrustStore=./configuration/ctlTrustStore
+# controllerTrustStorePassword=xxxxxxxx (this password should match the password used for TrustStore generation and at least 6 characters)
+
+secureChannelEnabled=false
+controllerKeyStore=
+controllerKeyStorePassword=
+controllerTrustStore=
+controllerTrustStorePassword=
+
+org.osgi.service.http.secure.enabled=true
+org.osgi.service.http.port.secure=8443
+org.ops4j.pax.web.ssl.keystore=./etc/keystore
+org.ops4j.pax.web.ssl.password=123456
+org.ops4j.pax.web.ssl.keypassword=123456
+
+# User Manager configurations
+enableStrongPasswordCheck = false
+
+#Jolokia configurations
+#org.jolokia.listenForHttpService=false
+
+# Logging configuration for Tomcat-JUL logging
+java.util.logging.config.file=configuration/tomcat-logging.properties
+
+#Hosttracker hostsdb key scheme setting
+hosttracker.keyscheme=IP
+
+# LISP Flow Mapping configuration
+# Enable merging RLOC sets received from different xTR-IDs for the same EID (default: false)
+lisp.mappingMerge = false
+# Enable the Solicit-Map-Request (SMR) mechanism (default: true)
+lisp.smr = true
+# Choose policy for Explicit Locator Path (ELP) handling
+# There are three options:
+#   default: don't add or remove locator records, return mapping as-is
+#   both: keep the ELP, but add the next hop as a standalone non-LCAF locator with a lower priority
+#   replace: remove the ELP, add the next hop as a standalone non-LCAF locator
+lisp.elpPolicy = default
+
diff --git a/installation/appc/src/main/resources/jetty.xml b/installation/appc/src/main/resources/jetty.xml
new file mode 100644
index 0000000..cc80dff
--- /dev/null
+++ b/installation/appc/src/main/resources/jetty.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//
+DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
+
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+
+    <!-- =========================================================== -->
+    <!-- Set connectors -->
+    <!-- =========================================================== -->
+    <!-- One of each type! -->
+    <!-- =========================================================== -->
+
+    <!-- Use this connector for many frequently idle connections and for
+        threadless continuations. -->
+    <New id="http-default" class="org.eclipse.jetty.server.HttpConfiguration">
+        <Set name="secureScheme">https</Set>
+        <Set name="securePort">
+            <Property name="jetty.secure.port" default="8443" />
+        </Set>
+        <Set name="outputBufferSize">32768</Set>
+        <Set name="requestHeaderSize">8192</Set>
+        <Set name="responseHeaderSize">8192</Set>
+
+        <!-- Default security setting: do not leak our version -->
+        <Set name="sendServerVersion">false</Set>
+
+        <Set name="sendDateHeader">false</Set>
+        <Set name="headerCacheSize">512</Set>
+    </New>
+
+    <New id="http-legacy" class="org.eclipse.jetty.server.HttpConfiguration">
+        <Set name="secureScheme">https</Set>
+        <Set name="securePort">
+            <Property name="jetty.secure.port" default="8443" />
+        </Set>
+        <Set name="outputBufferSize">32768</Set>
+        <Set name="requestHeaderSize">8192</Set>
+        <Set name="responseHeaderSize">8192</Set>
+
+        <!-- Default security setting: do not leak our version -->
+        <Set name="sendServerVersion">false</Set>
+
+        <Set name="sendDateHeader">false</Set>
+        <Set name="headerCacheSize">512</Set>
+    </New>
+
+    <Call name="addConnector">
+        <Arg>
+            <New class="org.eclipse.jetty.server.ServerConnector">
+                <Arg name="server">
+                    <Ref refid="Server" />
+                </Arg>
+                <Arg name="factories">
+                    <Array type="org.eclipse.jetty.server.ConnectionFactory">
+                        <Item>
+                            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+                                <Arg name="config">
+                                    <Ref refid="http-default"/>
+                                </Arg>
+                            </New>
+                        </Item>
+                    </Array>
+                </Arg>
+                <Set name="host">
+                    <Property name="jetty.host"/>
+                </Set>
+                <Set name="port">
+                    <Property name="jetty.port" default="8181"/>
+                </Set>
+                <Set name="idleTimeout">
+                    <Property name="http.timeout" default="300000"/>
+                </Set>
+                <Set name="name">jetty-default</Set>
+            </New>
+        </Arg>
+    </Call>
+
+    <!-- =========================================================== -->
+    <!-- Configure Authentication Realms -->
+    <!-- Realms may be configured for the entire server here, or -->
+    <!-- they can be configured for a specific web app in a context -->
+    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
+    <!-- example). -->
+    <!-- =========================================================== -->
+    <Call name="addBean">
+        <Arg>
+            <New class="org.eclipse.jetty.jaas.JAASLoginService">
+                <Set name="name">karaf</Set>
+                <Set name="loginModuleName">karaf</Set>
+                <Set name="roleClassNames">
+                    <Array type="java.lang.String">
+                        <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
+                        </Item>
+                    </Array>
+                </Set>
+            </New>
+        </Arg>
+    </Call>
+    <Call name="addBean">
+        <Arg>
+            <New class="org.eclipse.jetty.jaas.JAASLoginService">
+                <Set name="name">default</Set>
+                <Set name="loginModuleName">karaf</Set>
+                <Set name="roleClassNames">
+                    <Array type="java.lang.String">
+                        <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
+                        </Item>
+                    </Array>
+                </Set>
+            </New>
+        </Arg>
+    </Call>
+</Configure>
diff --git a/installation/appc/src/main/resources/keystore b/installation/appc/src/main/resources/keystore
new file mode 100644
index 0000000000000000000000000000000000000000..cd37a73626161ea4db56faa1641e8239d4867f37
GIT binary patch
literal 2219
zcmchYdpy$%AIE>&7){$SR4y$FS**?Nm=Q9UIutrCLoRb^8FL*G2g_wNnk0%L<eE6b
zp;B_0NJ>&NNysJQc%qBTc04`jc|GTOJ^w#{eE)cVUa#-#^}W45U%@BACjbDz+X4C!
zq5*yp5z*U3v-)f~2mqpB98*MqLqK7Npdb+t1}p^vi2@=_k&i{UniJVGkPxleNZx$o
z6Y<(|qg9)*94B%5*mF`0H$Wv)Wq3S)dZKl2kc?k%30m=4EhfrQ{W#c>-031CSRn32
zoaAr4bicefA`V}Yj0V0gk^)W;ilrH9K&r>@ha+k;^=lkl9Zo4{Z+Rz%|D&;DacHWX
zbk3L!$I$%d`N0wgCVbB3PN>~=-Gh*7<L&ye`v?!r<9jye++{{-V2AWxKPWv4$>A(;
z5tWSbjJ928)o;~*R-9Wk?$%fh+&Qd=IY(1%tDkukb0oL_RvhkdqWZ)=Vyx=v#$6@h
z12FmFjAa*FZsWN@|99<Q(X`i^_GXI8=cpgBsj|cQ{sOANY~v|H^jFM;LCuI@mXB`H
zKjwTQ;Yp~3WR+}?VJvt@_?Jv;qtpi%LOkJZAIac>4`Vm%|48f<PAxr`PFoj_jr=Nh
zzNCqEx0QA+dyStf?d`eVjh#Q!RFb#);zR|dZnG)$nb0f_5@xVu*<cgiQ$E^Brbcv2
z*Np4hW^|>`4^9cA?~Q7{`V<w}9gI9cG78*X6>Hr5H4`g-Da`9-+KZfd=tXlD8OC66
zCS8X-Z@X^rXIY0lY8=_;^AbqM>gEObj{0ScgzHW0WLTT^rfo8?i!PvX?Ubu9^{7GX
zxIxlA`#T=(*X6%6XzPz&y$uG_vK8px`ieIe!dA)ezf-)5!YuK2hz0$idz(^?0Z3#I
zoH~4@e({r>E5-bb5-FZi-&uA!Pj_-BF@LJIc9;O2F7jj)@yR|t5|uTjc|r@>k(t?4
zv!ntI1!KDTT=fIRjZWC}Bgn=9zDCTcb&Ifw>0B1DbS$ax+e!%DIUs-~L^86q?1DlU
zr?m?83%WjgItjeZ51a;7?BkP8c4~{aG&ii(85{m~kWy@I0dy$;)VTIc7`=ZAh~Ttl
zR;jd*l9>TFVb+dtvSw@sRPTE8xV#ooE4{$y%3;emHdpA|VPru}%_$+2(oL#FM=#20
zRvCD={am_UY(lNzN(kqBZB{stjU4n8MUNHc$GPO`o1*WXUOu{fuF|)rO@h{^*eeM`
zgnHGv=Z>uRH%0eJg&M;m(To(u=usOfdmSS;FZxQ$+N0yW)~^|MX$2gdmSI2Ws%h*?
zVc|l{)ze$#u7v{h9uxTQ<AsP#?tm*~uFS1c+Dvu9L;2`gak%&TjW-N|T-Qa%<WXC8
zX!h<rU&KH&$ExQJI&Smv8pdSvz4ACc;glO&Df+0oJFDXS_r8lk=NVs_I}7$e1@a)3
z9BIwXiRaCGvX^bHLEBC#7CCej`0cJ1PVcLEsbi+KS?PZeFWR4sP_;C8Xr7;G+8UBp
z*cNl-t*NF9LF}rGv#?s%B=ZeL-==JN9Jz&%Z7NOX7s(2I3hcbx%MqrJSU<(_3(xp@
zOfB^(CW}HUZ~?C%R{MZTBhA>u!=s22KB5kQm&I#fZfB^p)UPJBz-AVc8<4ys&esB0
z#8%y{I(%a<c6-X_yjv^=Pudjlb!h4KAy-(#pHXLj6Dv8uGyGsL8ob9c7HjoZuk9u$
zcS%u-F+;zAa``0pjvRV_vRSLznPbz<<|cfr4dOIhCys-%yE&HC*6n7LgALeQ^~tr~
z!L}6PAM;)F-)0eytJ5MO@pFAN^8L9ec~`Q!TPP{^>7^&J;U+IAxcGk=qYG9KM*skb
z4~_}(#4*8E#SkzE3>Lv6YhUBw&>ff*>y)o>5J*B4z<J>%w=EOmC;~-^InrtL;3)dP
z74iR3#Qvk~#KHcV1w%oCeFO1-k;H!y<OkvQ?t<e9IDI@GPr&2!bX<QR0Y~@?{|^-~
zK`MW5d;2Rum>?v8V}f8{CI|#{b+U}S{k0+AZpSQ0gry0O=P~TbLPso%>+iG|nxNC6
z%YEC66sKuAsa4wrW!pX;Cz{*7<oOxW<4qL~!rM){WUL(mQT_LACl3-Y>{RwJE%*3%
z)AFb`FRNaK7&!f~QuDjgrZ+F?y7m2sX|OM?LvdqP@^R~v6TR73uM9nAjr+2@uh@Hw
zjj|Dia1AeK`NOD)S8JTy{E4JyB8+H6Q!%Fks##_2GD@2m|33A+8n5>>-hGmefUAn?
zitXsV%99hT<fVn9o=ECen6C`kj21g_)x;(klIDjJsEf;*4?@TWZ}vBKBKp%Ju=fJ<
z9j9(sP_v2;7>GkrNH7EhfJ&8dXq?jaPL&WMaw0MYtuGYX2nnj~h(7HzRA;tY_3@Oy
z4{`f;wucA;tXpPpBtmf%bOTkdhkg5<{o^lvZV4cCzr-R+{T04NgQc{kwbCUwS6J26
zfJx=KMjQUT$R>ykz_<F28vy~@gDazh5=o`SO_AM&?pf-78O*02AJ)j8I5eF5xGb-C
ztYea*AW0fW9%9Q?I-S_+UYb`L1?^U|AER6lLHx3+{q)jmt5Ka!frENS7$^M>>zT_h
z)0dmG#(iel>S}o<NdwgcFX^zp9g6#AiwXPFTa8XW8d`ysI7D}OI1hYq(N2*|jMh!)
z)*Azv7@(;}n&@M0XDBWx?yuB`J<k`2R|`~QZ1<~TTd%<&sZHH8dbTN7vZ9-;j4h|s
dOI9a6MrRYF8gOxd_;mcxgQ0ittEBRt{0Vs6$L9b5

literal 0
HcmV?d00001

diff --git a/installation/appc/src/main/scripts/dockerInstall.sh b/installation/appc/src/main/scripts/dockerInstall.sh
index 264e8d9..a35896d 100644
--- a/installation/appc/src/main/scripts/dockerInstall.sh
+++ b/installation/appc/src/main/scripts/dockerInstall.sh
@@ -70,6 +70,11 @@ echo "" >> $APPC_HOME/data/properties/appc.properties
 echo "Copying the aaa shiro configuration into opendaylight"
 cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
 
+echo "Copying jetty, keystore for https into opendalight"
+cp ${APPC_HOME}/data/jetty.xml ${ODL_HOME}/etc/jetty.xml
+cp ${APPC_HOME}/data/keystore ${ODL_HOME}/etc/keystore
+cp ${APPC_HOME}/data/custom.properties ${ODL_HOME}/etc/custom.properties
+
 echo "Stopping OpenDaylight and waiting for it to stop"
 ${ODL_HOME}/bin/stop
 #The karaf command will exit when odl shuts down. This is the most reliable way to wait for opendaylight to stop
-- 
2.16.6