From a2f7b3212b5105eeb5942d75ca25c0a5dbebae52 Mon Sep 17 00:00:00 2001
From: dglFromAtt <dgl@research.att.com>
Date: Fri, 22 Mar 2019 19:42:37 +0000
Subject: [PATCH] Install curl and client certificate

Change-Id: I7a85151f43cf65483a9d79171212cc00378168ff
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-1120
---
 dbc-client/pom.xml                       |  1 +
 dbc-client/src/main/resources/Dockerfile | 11 +++++++-
 dmaap-bc/pom.xml                         |  1 +
 dmaap-bc/src/main/resources/Dockerfile   |  9 ++++++
 misc/aaf-ca.crt                          | 31 +++++++++++++++++++++
 misc/cert-client-init.sh                 | 48 --------------------------------
 6 files changed, 52 insertions(+), 49 deletions(-)
 create mode 100644 misc/aaf-ca.crt
diff --git a/dbc-client/pom.xml b/dbc-client/pom.xml
index d0945ac..17c877c 100644
--- a/dbc-client/pom.xml
+++ b/dbc-client/pom.xml
@@ -131,6 +131,7 @@
                     <directory>${multiproject.basedir}/misc</directory>
                         <includes>
                             <include>cert-client-init.sh</include>
+                            <include>aaf-ca.crt</include>
                         </includes>
                 </resource>
               </resources>
diff --git a/dbc-client/src/main/resources/Dockerfile b/dbc-client/src/main/resources/Dockerfile
index 1e49e42..2025a5e 100644
--- a/dbc-client/src/main/resources/Dockerfile
+++ b/dbc-client/src/main/resources/Dockerfile
@@ -26,7 +26,16 @@ COPY /opt /opt
 
 WORKDIR /opt/app/dbc-client
 
-#RUN apk add --no-cache curl
+# Install AAF CA certificate
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+RUN mkdir -p /usr/local/share/ca-certificates && \
+    mv misc/aaf-ca.crt /usr/local/share/ca-certificates/aaf-ca.crt
+RUN update-ca-certificates
+
+# Install curl
+RUN apk add --no-cache curl
+
+RUN apk add --no-cache curl
 
 RUN chmod +x /opt/app/dbc-client/misc/cert-client-init.sh && \
     chmod +x /opt/app/dbc-client/bin/* && \
diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml
index 0a77b8d..24f9e42 100644
--- a/dmaap-bc/pom.xml
+++ b/dmaap-bc/pom.xml
@@ -222,6 +222,7 @@
                     <directory>${multiproject.basedir}/misc</directory>
                         <includes>
                             <include>cert-client-init.sh</include>
+                            <include>aaf-ca.crt</include>
                         </includes>
                 </resource>
                  <resource>
diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile
index 344e277..f900fed 100644
--- a/dmaap-bc/src/main/resources/Dockerfile
+++ b/dmaap-bc/src/main/resources/Dockerfile
@@ -26,6 +26,15 @@ COPY /opt /opt
 
 WORKDIR /opt/app/dmaapbc
 
+# Install AAF CA certificate
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+RUN mkdir -p /usr/local/share/ca-certificates && \
+    mv misc/aaf-ca.crt /usr/local/share/ca-certificates/aaf-ca.crt
+RUN update-ca-certificates
+
+# Install curl
+RUN apk add --no-cache curl
+
 RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \
     chmod 600 etc/keystore && \
     chmod 600 etc/org.onap.dmaap-bc.trust.jks && \
diff --git a/misc/aaf-ca.crt b/misc/aaf-ca.crt
new file mode 100644
index 0000000..e9a50d7
--- /dev/null
+++ b/misc/aaf-ca.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh
index a909895..e9a50d7 100644
--- a/misc/cert-client-init.sh
+++ b/misc/cert-client-init.sh
@@ -1,41 +1,3 @@
-#!/bin/bash
-#
-# ============LICENSE_START==========================================
-# org.onap.dmaap
-# ===================================================================
-# Copyright Â© 2018 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
-#
-
-#
-#	This script adds a known local certificate authority (CA)
-#	to be a recognized certificate authority.
-#   i.e. it updates the truststore
-#
-#	This script must be run as root.
-#
-#	Works on both CentOS and Ubuntu.
-#
-set -x
-
-# IMPORTANT: use a .crt suffix for update-ca-certificates to work
-#
-AAFCERT=AAF_RootCA.crt
-cat >/tmp/$AAFCERT <<'!EOF'
 -----BEGIN CERTIFICATE-----
 MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
 BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
@@ -67,13 +29,3 @@ cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
 ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
 dYY=
 -----END CERTIFICATE-----
-!EOF
-chmod 444 /tmp/$AAFCERT
-if [ -f /etc/redhat-release ]
-then
-	mv /tmp/$AAFCERT /etc/pki/ca-trust/source/anchors/aafcacert.pem
-	update-ca-trust
-else
-	mv /tmp/$AAFCERT /usr/local/share/ca-certificates/$AAFCERT
-	update-ca-certificates
-fi
-- 
2.16.6

