From f5e3ff50881c3c332dacc98b7994e6172a114d97 Mon Sep 17 00:00:00 2001 From: dglFromAtt Date: Wed, 22 Aug 2018 18:02:11 -0400 Subject: [PATCH] New Casablanca SSL certs Change-Id: Ida5e782acda64fba89cc3ea647ce72657565d770 Signed-off-by: dglFromAtt Issue-ID: DMAAP-532 --- Dockerfile | 2 ++ misc/dbc-api.jks | Bin 3740 -> 3740 bytes misc/dmaapbc.properties.tmpl | 52 ++++++++++++++------------------------- misc/org.onap.dmaap-bc.trust.jks | Bin 0 -> 1413 bytes pom.xml | 18 ++++++++++++-- version.properties | 2 +- 6 files changed, 38 insertions(+), 36 deletions(-) create mode 100644 misc/org.onap.dmaap-bc.trust.jks diff --git a/Dockerfile b/Dockerfile index 491a8d5..b246871 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,6 +37,8 @@ COPY misc/LocalKey ${insdir}/etc/ COPY misc/logback.xml ${insdir}/etc/ COPY misc/dbc-api.jks ${insdir}/etc/keystore RUN chmod 600 ${insdir}/etc/keystore +COPY misc/org.onap.dmaap-bc.trust.jks ${insdir}/etc +RUN chmod 600 ${insdir}/etc/org.onap.dmaap-bc.trust.jks COPY ./version.properties ${insdir}/etc COPY misc/opensource.env ${insdir}/misc/ COPY misc/*.tmpl ${insdir}/misc/ diff --git a/misc/dbc-api.jks b/misc/dbc-api.jks index 902a747c218ac291ff753e7dcd9abdbe461e996c..66142d306485d85d4cd8e945523f59d5858a2ed6 100644 GIT binary patch delta 3240 zcmZuyXIPU<8cnB1qbMb`h)9Po^eRLUq*>@vHqsU8MKK^T!HYDdgyQ8AFcc{Yp@uFX zpeRUJ;G#4E>7an2%HrO(`#d|p&Y3wgKjwYUc{2nv1QXCiS8pdLKUrrNIbRSl@%eOhHEar zjLRb&+d3@Cu*i?b$WKq>cJ(ye7r&Fe`Vsc>=Y>vq`&W(YNigUFnngQbdV}Rp8id{x z!xuZ|6NPbK*Ui5`wUD%%!ZFY59~6Etle8h2H{{Bdq`u(ra&dp!p2Ksx_VJ0(V4+XT zuHb1%WcsASi`m)L*VHCk_tpb~vle%jM6$8aNivFumk%SFyG5+u}i* zK1)*vhJ)u)){{Jb<^4o4Eh4GdKx-E?<8|em6^V@24yOz^Qv*F?Gen!a?_G=>L3Pv$ z(7)w?eXkr`Fr_j1@M4CeOI6KXjYkF*O*ahG=jGETh?)|ULo%AdM zEQrHwEBfp$j?r25W`ba46N__kNGIenYDN^)-nzhd<$AWg%-Tcy=fT0*TuSZkV%Kww zB#1|0@m8rkFHc>Kxao;Eq*~oC9bu(cYISxh!g0xUXKS@;sB##TQD*gR-Hov^{A< z(_&22wXzD~W9)JF^G4jr^)o!tLr(*7-_E6R*2796+vUg#cUUU;A38MI?Ws`({Q(2Um+w#g{Bi|$X0w#=vBx;|Q4 z9f<3444JiTF47-#vC$sIhy?M4KVeR^YGz^G8(-5A@3my2*tGc2JyCv`2GrEu*uK5X z$Asvg`qAstqP4onjIY~_`F_iCC=q(!NfbSuE;THNT)9oV#@$x4ZeV1^G!7e_3pUxD zqO_V`Z5e`U>9TF-99MDY!lbH)#D^zh$qAbHmF7|oEOhf zoqoa)q+V%GHe{OXeB-`YXKMF$_suh2H6C_Z>KO&V5zO~L9-{E6p zaE^AqOYOniThv3xAi~Gx^*FsANT(0{Fx&is$YEeU88s**c5`M08T`nPxQZs#A1^cy zvlV)O524TQr=ue)A+)d~b1F>DBy(jyn9yz@Lp3T+^^&Aji*gZ*<>DLnrF%*h-NbTg zvbeZtOFur^Pf|!A^I$WypZE>-m?uue(tGhLj-ZpM>cV5aFH7D|{Y$++OD`L}M^BPP zpH>EeKoAhzR!$jE2Z3OXhrw72kfF3EPzV?TVKt3B2ElX2F(@{08!uHrh=&WS2B-n5 z3WrNs(e99{0}6jrAQ+1Rjv$~`FeoSMU-^qY0&pSNq#`dwGP%HP;FBP%D1iB?;o#)| zOQZW2_&cmASJ-7Kng|hMeSb7!`5oS4y;DJp1tqy+)GG8Lk|4KO)@KZkf_ody#*C=b z7p;4gPE5B($Cz)27xypr4YG+>Yg&6)enEcFQB^UyFBLzl(spt0_<*l_h)u83s<^ZP z5A3YXT6nL!a%n}$gM`n{(mTGIq5Z}0TtIx0Cyw8aHgB-dwkvr>WHGcxhNhUrt-h^F ze)8ByI5jQA)q{JQ>DRu`Ki28ZUEVAsaW4yX3@LIs3U?;gOaF2zt=?pa74yT6A^V;- z^2jduynTIvZ@b(xvgwg4+aK(^7Umudz;Ugo?*K1!iQC^qt-~I*T;b8!nF#b&u*wNL z-NH4bz)$CG++PMfm~GEEd=#VHlwOI>kV~rS=u{IuF;Gsoj0@N0IB)s zISNLq0Z3Kkze`Uh75qjlOrEOD`#EMsDOkD$4@_)OE9ta!&AtoE6HH{Gk)cEinA z5zkfCcaPf1<11&8Vr&AE^YH2$xn#DTzNW<1^6gKBnDFxTK;p7at~kEsS?p7nl^!)o zmI=?9lT<(BkK!!N};ao7BqRXz2Rs|HWSOpbD;LxfHioib5U89PSVMXxBY9iQaxz0xWYNb z5keDUhyUy`wcDhy*#uvKQ(~J;+kCoEkVlq#d3*L zLR!OK)&|@PL(HyjPI)sr2H&-9?)TN?1m->He)OYf`2*3jeoR%Dge~AT4IpZ5n4n8xvlwz9h@`ctbxzG5Mjcg!9I& zgoi4!U(Qp1-*y`&>0aZ>sFbmutb3d|UdG$It28o#w5eDn1v14hj9B-S7ZrAS=eW;* zjY#DPvct=$zWc*xq)31i@n8M^|7=2$=Tt(0|JQ%uNQy422=Sk&19QMZP%;DzDl_Sf z3F!2d)!V`+OC9XSNfi|vU{fhxL3~v~I-Fz9tWP`UF4kI(%9P6Y9m&7v#5%SpYJk=z zM%XPUW})p%&ru^6^&2bOM#LxPi^DhjcB^^p_^IuMMc3nYs2+7Lv9{ZQt~6ii8*R3+mP5{50g9_gjxRZI514R z^;v^M;p(Xe1bFoTE?a6o>$q9H?^eNmP*)kewZ*J*;{Xo zeX}yvZBs;-F8F}xG3kOh8Ij6X$!{Y^uR2-m4?_jz3b>d2#UtFUOEFa928UG2(oGK3 zfidUr6UT@1Bcf$$`dr6D3E3sb?t-4-leEq1OrK)j`fpSRCpIp6rVT6xyqU!jbI)Zg z*T%qZUO89B$=$Oll;l_0@0l;0vXxCr1m2)Jb_nZpslO_^UCF~+xLB$poKH3Hvo#bO zW;B+3dgee;L7Xd}0mEK+Zt;4I@*;TEnO1q{TlOzoUK`r32Xhs1gBMD=)5TObtq;Z- zc$9NPx@OhjJR{AzraewWfY>js6;mXlX+GNi(NC#MK{SOX_~0_aRQaPvMXI*c*^IsA QF~yN)|IfKhzd`c90mA{dRR910 delta 3255 zcmZuyc{tR4*Pq{P4aTmqGYqA%^s|hmB>Pg<#x8p!vab~}85(h;G-S^jlBIB4lcnt0 zo=}9cm8G(V5D#^~*Ym#D`~360&gY!-J=b?RpU=tQ&)~n$OLlUWy5i~R=p*Irb+q_h zg+Ku3;aqcB2m}EEDeygz2}v)G1mFN3$_fAo2%G|+cN;QZbq_o*Tr5@5%(%o4Pq zHECaJE=qh@KBwgR(`$EeVovBUncO=*MhTH+IJ=2O4fURix7{+;UGpDw5{G5JVb&tF z(uA|g+Sf#NA0GJCGyOpQ5N{v1IQ#aKuis+V`tpu*uaV}Ou|A;uwQGtQLcpX7&2#uq znlzK*bp!W?6Jqb4$;e@Beh`uOM(r(!N@Xpb9(h{8O9RK=pNyf$5!r5D4DVdOm$oH# zJoK1i(;QQjzbrB!j( zcbW6(-+$RRtQAua5sbHT9xTc1=ht4 zJU=CK)F_Ndhwz1qJ4(1s5kY2GQ)>CgfL~Q2-s2bViBx^oLUiZ83`%eEl|_XqIA z!2;dvbjb&H_%6Q+z0mDivnTme>`Rw7N>3+H8Cp?IV~&rP!$4#N9941B-8*amHqe8f zPl@)$C~?hpOBz`3r)hYPcZ(0^vO+HR{}p`or`eLD>?B(KgF(AI1dkFzWq;T{LC&Vn zrM@&7)wWp;tH8#NE%HGn8W^Q>(Z>}O!*J+g?mGAjUH1dE7_lt{yxZ$KimdZK{7qF) zBIllqvKh50y+h||&@s-qohtijciJSG^gzAKcc-nXe9GT5aHzNE%a2_K8FIU7C)diJ zaJxEFsM_V#o9&84fw66}xL#iv8Q{l<*P6HxBTb^ap0}yqz|L=v{VjjNdutO>l3viZ6t`;FO(DgRQ_)hxSj zI3r_!bM=4imMuq|M;B_|R&$NQ986f{m_BJN-L4b5$7&hPk}XwMmbrEMaifC_B-^-c zWw-shpQ)2q7{C;&B=JDICtv*J^@5CNi-i1-vzr>JVka=Aw)be21F!2(P~UCGNj2S` z-LX@KKp;>E!cvL=DnTId$wOfr11Yf9Y#0=PLIFI@4q<_l1_d}7r4_-$98d;Skde1O zgi41{?jH!c(Yz7-`Z!Ps2{VH;pm}~PucVW+>i<(=X(kZ;CkbIhR8!NI#(*407=~v2 zpH06Nn`VF%BEJ=z-fnfb=`7^np6s~;@S%TM%oM~3o=z5vZvq>%%8^IYSlUwc2ZmPNbbRHovVIDW+^p@p) zN>7mAA&I@?>5B{>Be{+YdU)vi!9+@WH+K4J>!BXJ4T4`eJ-3u)x%$4GvR{u4iAw4t z-cWnL$Eo9C0^PXH(<6>zEUc6aaJTGe<`Xi_sZ65WJK}l2d29 zS;J&1+42Ai10X;i1tbOlQ!`2~^uuo@)405=ym=R+UJe^inQj)8ML4JOX;v({1z zhfX<2D*1`{WuF?_1Wk|PIJg0L@iqtlXDeIYNA!yMP6aJ@*4O(-R+ATVzYDX9j?Sqcb5s{V6X>%Ra_^JiPoU#tIKF1jF+w*gwBb>qYTEDZI2dC|*?x z>dIle9F6Nk>u7WzHV}pWkLBa%9Yi_y+dg!%|8aV_`3D@`?a!XyMW7TEZ63u(_F`Yt zxRMlFB}}O*$`Zkip1;=o5fwTu0AooRbkL6Nx^_lSyu8J~xQz;x@qY1LTeO3CQ#DOj zPNnaqWLJkHLtfjt(28-dcC_|g%LohG-Nx>4@R7|~X%{`@mq3f;Zvxd) zr=^6u@aalr!o@zC!EHZInTTlq70KTp%|k*@ z=n&%K-L@uNAXZr_EU{ZE-0(ibHzVZ+U!$boH_X53+%^rB;XU8sWaT8lC%=&B5f{Ox z^QPIbZEpHb2lb`o+(0M78k^1F(~WwIV>K_TD-4&v;GQs3Js^)uINm$> zZu=pi%yQXOBK}7tlaq{Bj`8bHDt3RzXR_fh@UEqD?kqy_F{yv}=K@~&UqtzDG@!Ad z<;al#+x`F*WJJ>8sk+oHMgU+yKwuOo07*NR8#AEs*CxEkGKju7z%(5Hs?({?{%i?k zz_PWLx^Hf0+byct1`RB6FrzQ?DjAX0d6(nIrEjW^#!{#o<{x7PL?u2J4bkwEHM^0Y zi)Z?myLKd#d7l!<*@ZAIdiF$J$b>~&%Y!5SBZA-YRZyhVdI;%J`g5ei1vL2U%?9#JRex1z{dR>Km@T1!vJB}4v>DJ;Eg z3c@QRYkRSyG9zPGx#iolily~^uq!uh?`Sm%7}PyH*AE6Aa17^r44)`jxowpA?V?`C w{nU%Mm>>N3&c-kvVPlzYy)Ea0cv0DMEr-ENqyJGOW8=K~rPjog22TY44L|3yUH||9 diff --git a/misc/dmaapbc.properties.tmpl b/misc/dmaapbc.properties.tmpl index 414771b..7214497 100644 --- a/misc/dmaapbc.properties.tmpl +++ b/misc/dmaapbc.properties.tmpl @@ -58,11 +58,11 @@ KeyStoreFile: ${DMAAPBC_KSTOREFILE:-etc/keystore} # # The password for the https keystore # -KeyStorePassword: ${DMAAPBC_KSTOREPASS:-Demolition Artist Floating} +KeyStorePassword: ${DMAAPBC_KSTOREPASS:-*j&Z*Ma;.4My4M]W0eB*fal$} # # The password for the private key in the https keystore # -KeyPassword: ${DMAAPBC_PVTKEYPASS:-Demolition Artist Floating} +KeyPassword: ${DMAAPBC_PVTKEYPASS:-*j&Z*Ma;.4My4M]W0eB*fal$} # # The type of truststore for https # @@ -70,11 +70,11 @@ TrustStoreType: jks # # The path to the truststore for https # -TrustStoreFile: ${DMAAPBC_TSTOREFILE} +TrustStoreFile: ${DMAAPBC_TSTOREFILE:-etc/org.onap.dmaap-bc.trust.jks} # # The password for the https truststore # -TrustStorePassword: ${DMAAPBC_TSTOREPASS:-changeit} +TrustStorePassword: ${DMAAPBC_TSTOREPASS:-pi8HuuSbN03MtQQ7(5TcyQ6;} # # The path to the file used to trigger an orderly shutdown # @@ -108,7 +108,7 @@ Feed.deleteHandling: ${DMAAPBC_FEED_DELETE:-DeleteOnDR} ################################################################################ # MR Related Properties: # -# ONAP Beijing is a single site deployment. +# ONAP Beijing and Casablanca are a single site deployment. MR.multisite: false # # Value of the CNAME DNS entry which resolves to the primary central MR cluster (when there are more than one central clusters). @@ -149,6 +149,12 @@ MM.ProvUserPwd: ${DMAAPBC_MMPROV_PWD:-pwdNotSet} # The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic # MM.AgentRole: ${DMAAPBC_MMAGENT_ROLE:-org.onap.dmaapBC.MMagent.agent} +################# +# +# path to cadi.properties +# +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + ################# # AAF Properties: # @@ -183,49 +189,29 @@ CredentialCodecKeyfile: ${DMAAPBC_CODEC_KEYFILE:-etc/LocalKey} # # URL of AAF environment to use. # -aaf.URL: ${DMAAPBC_AAF_URL:-https://authentication.simpledemo.onap.org:8095/proxy/} +aaf.URL: ${DMAAPBC_AAF_URL:-https://aaf-onap-test.osaaf.org:8095} # # TopicMgr mechid@namespace # -aaf.TopicMgrUser: ${DMAAPBC_TOPICMGR_USER:-idNotSet@namespaceNotSet} +aaf.TopicMgrUser: ${DMAAPBC_TOPICMGR_USER:-topic_mgr@dmaap-bc.onap.org} # # TopicMgr password # -aaf.TopicMgrPassword: ${DMAAPBC_TOPICMGR_PWD:-pwdNotSet} +aaf.TopicMgrPassword: ${DMAAPBC_TOPICMGR_PWD:-enc:l0ScEojNQiiKbbkuM6U1mtnrme69q960} # # Bus Controller Namespace Admin mechid@namespace # -aaf.AdminUser: ${DMAAPBC_ADMIN_USER:-idNotSet@namespaceNotSet} +aaf.AdminUser: ${DMAAPBC_ADMIN_USER:-aaf_admin@people.osaag.org} # # Bus Controller Namespace Admin password # -aaf.AdminPassword: ${DMAAPBC_ADMIN_PWD:-pwdNotSet} -# -# endof AAF Properties -################# -################# -# PolicyEngine Properties -# -# Flag to turn on/off Authentication -UsePE: ${DMAAPBC_PE_ENABLED:-false} -# -# Argument to decisionAttributes.put("AAF_ENVIRONMENT", X); -# where X is: TEST= UAT, PROD = PROD, DEVL = TEST -# -PeAafEnvironment: ${DMAAPBC_PE_AAF_ENV:-CSIT} -PeAafUrl.CSIT: ${DMAAPBC_AAF_URL:-http://localhost:8095/proxy/} -PeAafUrl.DEVL: https://aafdev.onap.org:8095/proxy/ -PeAafUrl.TEST: https://aafist..onap.org:8095/proxy/ -PeAafUrl.PROD: https://aafprod.onap.org:8095/proxy/ +aaf.AdminPassword: ${DMAAPBC_ADMIN_PWD:-demo123456!} + -# -# Name of PolicyEngineApi properties file -PolicyEngineProperties: config/PolicyEngineApi.properties -# # Namespace for URI values for API used to create AAF permissions # e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics -ApiNamespace: ${DMAAPBC_API_NAMESPACE:-org.onap.dmaapBC.api} +ApiNamespace: ${DMAAPBC_API_NAMESPACE:-org.onap.dmaap-bc.api} # -# endof PolicyEngineProperties +# endof AAF Properties ################# !EOF diff --git a/misc/org.onap.dmaap-bc.trust.jks b/misc/org.onap.dmaap-bc.trust.jks new file mode 100644 index 0000000000000000000000000000000000000000..00cc35e1f6043a99e21afd660a45e6923b3d898b GIT binary patch literal 1413 zcmb7DYdF&j9Ntxju_ZNY2+_`RsQ;|hh%;8?xP&wlid9(Uk~(rfW2Y?^x#d>o+99l1 z%q91w=DH?NI(aZ2dQuJ(U8I`BdCrGEoG<6Y?|Gm1{k_lc`F(g_<-Bqp1Oh?U2mBAJ zoniO|hn-;r`vL1x06OY(4hZhGhXh!FKyWI+hW`w(p}1lw1PpgJtyz<3yX>zovQS&6Hx=QldgsLGfX8}f5ri!ZZq9u2jramfSQO{gts zE#xW?y-E0UE2jK~E@yswb2BqsbIj9uFwxk1l12Ja{|WVp3cD;qGWqq@ZruhmnCj*X zh}dr^@GSKdexNb8?b_qnfHb)YwICqd)JvA~hvoh`fl({U*|(XWsGX7KS|h;E?H9Cj z$5c@VnMo0){;OGU(_pPZ1}URu*#)trLw<{res$d{{HgXXw4}qGcO!ny6F)wk5w_Iy z!0zhNB+rUAQB2CUuFN%5fN1ii+lcVGLB%7R)&a-WU2zu`?5t>8BgPHu9PySaSK59Z zGv`&|K+{S4AN&f~?!naaQcd6ao1HpBp6(jT+S7@N~Fo`_dzBIE~ z&d&dYbrT1x$i^YLTX|z2hI)s3b4kMZNiF&(WPyxW9gnz;q#H9dx~om9YQtXEI}Vb4 zVQuKX6iNh|ppR_XEqp-Hck^QP64LDI+= zCQUBd`(!HHfmYNXZ+*J%>b)|fk+Y_N*jMzlFZs~dDPEyV;>~x5khtrufIR(AYuRS9 z2{!e84cbzWjT*DYbPzV*AMRj8dwz~reLd(CbmzDx1PTU$%gz7{KyN*QdPo==w$+11 zTymO|xeL3ZZgt@av5L3zzX19hYaZ3wXSf^ff& z;d(39V+aOO^m~{!QAIAb6l@T~s@?2Zk7Uz%rF|`FA}Q2}xL3NIHw?{-R0&ztRHGm> zb&3;NP7*(HCYH{-kSEOIQ1|%cbS$hYafU4hq0F`gN`c$Or^Dt;m)_TOm(2I`oy38; zAMOL``OyR0$OnD&zOq72bm2Pr-*TSag%yWip4fglD&=;;Jv&C(7stMV+D>1)%927K zt*riC)d_EG#NFody6}sf`j#fL!Q<=lG-J+;TdF1{s<^0pN%}l0cJ@L~8m9V%fX9y% zJ=zhIjH5Z$G`Be&83;23zw2qRAI?R}Ba=Up9%5nj&UcEgorjym#U30qkHeoFK_TCd zf1FI%_KIWXJpqFYBSRTKcY0)`TX1ta1gLToWde(1>xuj6-M~sjx?n3ll*c(0qBzaQ z%2V{$?p9QyiH{NZW&C)kEVFzqm}P+#W)M?#`XZaG@CJXC<{!}#5%*39%Ka%;hs*C& z8q&3f+JmUCn8o1AmA>gwN<-)F&r+x2mtHx?O89d}$3c4cN*1s9H_l?1Y~7&|OS*z@ z6Q2L^c)V=t(t`>YUt?MF&X!v%sM`|3)VOZWocRwK_0-_QN;gW=tq!zd_tl9D?g1x) zI5yI03hUeH6uQ-x512TmlRzru7#&M5BZ+k%j>TRNo Snapshots Allowed! org.onap.dmaap.dbcapi:dbcapi + org.onap.aaf.authz:aaf-cadi-client + org.onap.aaf.authz:aaf-misc-env + org.onap.aaf.authz:aaf-cadi-aaf + org.onap.aaf.authz:aaf-auth-client + org.onap.aaf.authz:aaf-cadi-core + org.onap.aaf.authz:aaf-misc-rosetta + @@ -250,6 +257,13 @@ jetty-server ${jettyVersion} + + org.onap.aaf.authz + aaf-cadi-aaf + 2.1.2-SNAPSHOT + full + + org.eclipse.jetty jetty-servlet @@ -287,7 +301,7 @@ org.onap.dmaap.dbcapi dbcapi - 1.0.8-SNAPSHOT + 1.0.12-SNAPSHOT @@ -322,7 +336,7 @@ UTF-8 9.3.7.v20160115 0.0.1 - 1.0.13 + 1.0.14 0.7.7.201606060606 3.2 diff --git a/version.properties b/version.properties index 7e97219..e104878 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=13 +patch=14 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins -- 2.16.6