policy/engine changes to support PE https

Enabled https connector in server.xml and modified the docker-install.sh
to fix the default variable name for policy truststore

Change-Id: I6db6a6d2353130c91c1f344ea7927d187150adca
Issue-ID: POLICY-781
Signed-off-by: Michael Mokry <mm117s@att.com>

diff --git a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
index 02c548c..7bd6ca3 100644 (file)
--- a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
+++ b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
@@ -105,16 +105,18 @@
 
     <!-- Use http instead of https
     Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
-    passed in to the tomcat JVM:
+    passed in to the tomcat JVM: -->
 
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
                keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
                truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-    -->
+               
+   
+    <!--     Use http instead of https 
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" />
+               maxThreads="150" />-->
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
     <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />

diff --git a/packages/base/src/files/install/servers/configs/conf/server.xml b/packages/base/src/files/install/servers/configs/conf/server.xml
index 3bccc6f..9c45721 100644 (file)
--- a/packages/base/src/files/install/servers/configs/conf/server.xml
+++ b/packages/base/src/files/install/servers/configs/conf/server.xml
@@ -87,10 +87,11 @@
          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
     -->
     
-    <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
+    <!--     Use http instead of https -->
+<!--     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
-
+ -->
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
@@ -104,24 +105,25 @@
          OpenSSL style configuration is required as described in the APR/native
          documentation -->
 
-       <!--
+       <!--Use https instead of http
        Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
-       passed in to the tomcat JVM:
+       passed in to the tomcat JVM: -->
 
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               clientAuth="false" sslProtocol="TLS"
+               clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
                keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
                truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-       -->
-
 
+       <!--     Use http instead of https 
+    <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" /> -->
+               
     <!-- Define an AJP 1.3 Connector on port 8009 -->
        <!--      
     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
     -->
 
-
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them

diff --git a/packages/base/src/files/install/servers/console/conf/server.xml b/packages/base/src/files/install/servers/console/conf/server.xml
index 5e62267..dbeb639 100644 (file)
--- a/packages/base/src/files/install/servers/console/conf/server.xml
+++ b/packages/base/src/files/install/servers/console/conf/server.xml
@@ -107,25 +107,21 @@
        -->
 
     <!-- ONAP portal currently using http instead of https
-
     Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
-    passed in to the tomcat JVM:
-
+    passed in to the tomcat JVM: -->
+    
     <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
                keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
-               truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
-    -->
-    <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" />
-
-
+               truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}" />
+               
+<!--<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" /> -->
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
     <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
 
-
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them

diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh
index 7176abf..3700e57 100644 (file)
--- a/packages/docker/src/main/docker/docker-install.sh
+++ b/packages/docker/src/main/docker/docker-install.sh
@@ -405,11 +405,10 @@ function configure_keystore() {
                set -x
        fi
 
-    local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
     local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
 
        if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
-           keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+           keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
            keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
        fi