Fully HTTPS support in the webseal-simulator

Updated the HTTPS configuration:
-Added truststore certificate.
-Updated configuration to use JETTY_BASE env value
instead hardcoded variable
-Updated jvm configuration to support call to
the SDC components using HTTPS.
-Added support for the disableHttp flag.

Issue-ID: SDC-2517
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: Ib7f4c7a6762c56c8031ba6734f02d388aaefd722

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks
new file mode 100644 (file)
index 0000000..342c4f2
Binary files /dev/null and b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/files/default/org.onap.sdc.trust.jks differ

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
index bb67b8c..c02aa7e 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_1_cleanup_jettydir.rb
@@ -1,7 +1,5 @@
-jetty_base="/var/lib/jetty"
-
 directory "SDC_Simulator_tempdir_creation" do
-  path "#{jetty_base}/temp"
+  path "#{ENV['JETTY_BASE']}/temp"
   owner 'jetty'
   group 'jetty'
   mode '0755'
@@ -10,7 +8,7 @@ end
 
 
 directory "SDC_Simulator_create_config_dir" do
-  path "#{jetty_base}/config"
+  path "#{ENV['JETTY_BASE']}/config"
   owner 'jetty'
   group 'jetty'
   mode '0755'
@@ -19,7 +17,7 @@ end
 
 
 directory "SDC_Simulator_create_sdc-simulator" do
-  path "#{jetty_base}/config/sdc-simulator"
+  path "#{ENV['JETTY_BASE']}/config/sdc-simulator"
   owner 'jetty'
   group 'jetty'
   mode '0755'

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
index 62f95a7..bf859f1 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb
@@ -1,5 +1,3 @@
-jetty_base="/var/lib/jetty"
-
 if ENV['FE_URL'] && !ENV['FE_URL'].empty?
     fe_url="#{ENV['FE_URL']}"
 elsif  node['disableHttp']
@@ -10,7 +8,7 @@ end
 
 
 template "webseal.conf" do
-   path "#{jetty_base}/config/sdc-simulator/webseal.conf"
+   path "#{ENV['JETTY_BASE']}/config/sdc-simulator/webseal.conf"
    source "SDC-Simulator-webseal.conf.erb"
    owner "jetty"
    group "jetty"

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
index 7a2069d..06151fe 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_3_logback.rb
@@ -1,7 +1,5 @@
-jetty_base="/var/lib/jetty"
-
 cookbook_file "log4j.properties" do
-   path "#{jetty_base}/config/sdc-simulator/log4j.properties"
+   path "#{ENV['JETTY_BASE']}/config/sdc-simulator/log4j.properties"
    source "log4j.properties"
    owner "jetty"
    group "jetty"

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
index 8358e28..e0b106d 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_4_locate_keystore.rb
@@ -1,16 +1,21 @@
-jetty_base="/var/lib/jetty"
-
 directory "Jetty_etcdir_creation" do
-       path "/#{jetty_base}/etc"
+       path "#{ENV['JETTY_BASE']}/etc"
        owner 'jetty'
        group 'jetty'
        mode '0755'
        action :create
 end
 
-cookbook_file "/#{jetty_base}/etc/org.onap.sdc.trust.jks" do
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do
    source "org.onap.sdc.trust.jks"
    owner "jetty"
    group "jetty"
    mode 0755
 end
+
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do
+       source "org.onap.sdc.p12"
+       owner "jetty"
+       group "jetty"
+       mode 0755
+end

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
index 4f7e710..71366a5 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_5_create_jetty_modules.rb
@@ -1,39 +1,63 @@
-jetty_base="/var/lib/jetty"
-jetty_home="/usr/local/jetty"
+#
+# Set the http module option
+if node['disableHttp']
+   http_option = "#--module=http"
+else
+   http_option = "--module=http"
+end
+
 
 bash "create-jetty-modules" do
-cwd "#{jetty_base}"
-code <<-EOH
-   cd "#{jetty_base}"
-   java -jar "/#{jetty_home}"/start.jar --add-to-start=deploy
-   java -jar "/#{jetty_home}"/start.jar --create-startd --add-to-start=http,https,console-capture,setuid
-EOH
+   cwd "#{ENV['JETTY_BASE']}"
+   code <<-EOH
+   cd "#{ENV['JETTY_BASE']}"
+   java -jar "#{ENV['JETTY_HOME']}"/start.jar --add-to-start=deploy
+   java -jar "#{ENV['JETTY_HOME']}"/start.jar --create-startd --add-to-start=http,https,console-capture,setuid
+   EOH
 end
 
-template "ssl-ini" do
-   path "/#{jetty_base}/start.d/ssl.ini"
-   source "SDC-Simulator-ssl-ini.erb"
+
+template "http-ini" do
+   path "#{ENV['JETTY_BASE']}/start.d/http.ini"
+   source "SDC-Simulator-http-ini.erb"
    owner "jetty"
    group "jetty"
    mode "0755"
    variables({
-        :https_port           => "8443",
-        :jetty_keystore_pwd   => "rTIS;B4kM]2GHcNK2c3B4&Ng",
-        :jetty_keymanager_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng"
+      :http_option => http_option,
+      :http_port => "8080"
    })
 end
 
+
 template "https-ini" do
-   path "/#{jetty_base}/start.d/https.ini"
+   path "#{ENV['JETTY_BASE']}/start.d/https.ini"
    source "SDC-Simulator-https-ini.erb"
    owner "jetty"
    group "jetty"
    mode "0755"
-   variables ({
-        :https_port => "8443"
+   variables({
+      :https_port => "8443"
    })
 end
 
+# TO CHANGE THE KEYSTORE/TRUSTSTORE CERT THE JVM CONFIGURATION
+# MUST BE ALSO CHANGE IN THE startup.sh FILE
+template "ssl-ini" do
+   path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
+   source "SDC-Simulator-ssl-ini.erb"
+   owner "jetty"
+   group "jetty"
+   mode "0755"
+   variables({
+     :https_port           => "8443",
+     :jetty_truststore_pwd => "Y,f975ZNJfVZhV*{+Y[}pA?0",
+     :jetty_keystore_pwd   => "rTIS;B4kM]2GHcNK2c3B4&Ng",
+     :jetty_keymanager_pwd => "rTIS;B4kM]2GHcNK2c3B4&Ng",
+   })
+end
+
+
 bash "echo status" do
    code <<-EOH
       echo "DOCKER STARTED"

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb
new file mode 100644 (file)
index 0000000..8f26690
--- /dev/null
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-http-ini.erb
@@ -0,0 +1,29 @@
+# ---------------------------------------
+# Module: http
+<%= @http_option %>
+
+### HTTP Connector Configuration
+
+## Connector host/address to bind to
+# jetty.http.host=0.0.0.0
+
+## Connector port to listen on
+jetty.http.port=<%= @http_port %>
+
+## Connector idle timeout in milliseconds
+jetty.http.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.http.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.http.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.http.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.http.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.http.acceptorPriorityDelta=0

diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
index 86848bf..278fdea 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-ssl-ini.erb
@@ -42,10 +42,10 @@ jetty.ssl.port=<%= @https_port %>
 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
 
 ## Keystore file path (relative to $jetty.base)
-# jetty.sslContext.keyStorePath=etc/keystore
+jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
 
 ## Truststore file path (relative to $jetty.base)
-# jetty.sslContext.trustStorePath=etc/keystore
+jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
 
 ## Keystore password
 # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
@@ -61,7 +61,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
 
 ## Truststore password
 # jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-#jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
+jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
 
 ## Truststore type and provider
 # jetty.sslContext.trustStoreType=JKS

diff --git a/utils/webseal-simulator/sdc-simulator/startup.sh b/utils/webseal-simulator/sdc-simulator/startup.sh
index 075c2ce..cc7d9f9 100644 (file)
--- a/utils/webseal-simulator/sdc-simulator/startup.sh
+++ b/utils/webseal-simulator/sdc-simulator/startup.sh
@@ -15,6 +15,8 @@ JAVA_OPTIONS=" ${JAVA_OPTIONS} \
                 -Dconfig.home=${JETTY_BASE}/config/sdc-simulator \
                 -Dlog.home=${JETTY_BASE}/logs \
                 -Dlogback.configurationFile=${JETTY_BASE}/config/sdc-simulator/logback.xml \
+                -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
+                -Djavax.net.ssl.trustStorePassword=Y,f975ZNJfVZhV*{+Y[}pA?0 \
                 -Djetty.console-capture.dir=${JETTY_BASE}/logs"