TLS sdc-be-init: truststore & keystore handling

[sdc.git] / catalog-be / sdc-backend-init / chef-repo / cookbooks / sdc-catalog-be-setup / recipes / 3_import_Normatives.rb

diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
index be32e98..cb36ffd 100644 (file)
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
@@ -5,6 +5,16 @@ if node['disableHttp']
   protocol = "https"
   be_port = node['BE']['https_port']
   param="-i #{be_ip} -p #{be_port} --https"
+  if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+    tls_key = "--tls_key " + node['BE-init']['tls_key']
+    tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+    if node['BE-init']['tls_password']
+      tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+    end
+  end
+  if node['BE-init']['ca_cert']
+    ca_cert =  "--ca_cert " + node['BE-init']['ca_cert']
+  end
 else
   protocol = "http"
   be_port = node['BE']['http_port']
@@ -27,7 +37,7 @@ cookbook_file "/var/tmp/normatives.tar.gz" do
 end
 
 execute "create-jetty-modules" do
-  command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} > #{ENV['ONAP_LOG']}/init.log"
+  command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert} > #{ENV['ONAP_LOG']}/init.log"
   cwd "/var/tmp/"
   action :run
 end