From: MichaelMorris Date: Wed, 20 Sep 2023 08:23:28 +0000 (+0100) Subject: sdc-be certificate handling X-Git-Tag: 1.13.6~19 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=sdc.git;a=commitdiff_plain;h=980530fa79f437332ec9b83f728c47b42d162ac2 sdc-be certificate handling Signed-off-by: MichaelMorris Issue-ID: SDC-4639 Change-Id: I257bd74e7a969b8c7d686952dd46425e969ddb24 --- diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_setup_key_and_trust_store.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_setup_key_and_trust_store.rb new file mode 100644 index 0000000000..66562d8ba9 --- /dev/null +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_setup_key_and_trust_store.rb @@ -0,0 +1,21 @@ +#Set the http module option +if node['BE'][:tls_cert] + execute "generate-keystore" do + command "openssl pkcs12 -inkey #{node['BE'][:tls_key]} -in #{node['BE'][:tls_cert]} -export -out /tmp/keystore.pkcs12 -passin pass:#{node['BE'][:tls_password]} -passout pass:#{node['BE'][:tls_password]}" + end + + execute "import-keystore" do + command "keytool -importkeystore -srcstoretype PKCS12 -srckeystore /tmp/keystore.pkcs12 -srcstorepass #{node['BE'][:tls_password]} -destkeystore #{ENV['JETTY_BASE']}/#{node['BE'][:keystore_path]} -deststorepass #{node['BE'][:keystore_password]} -noprompt" + end +end + +if node['BE'][:ca_cert] + execute "delete-existing-ca-alias" do + command "keytool -delete -alias sdc-be -storepass #{node['BE'][:truststore_password]} -keystore #{ENV['JETTY_BASE']}/#{node['BE'][:truststore_path]}" + returns [0, 1] + end + + execute "generate-truststore" do + command "keytool -import -alias sdc-be -file #{node['BE'][:ca_cert]} -storetype JKS -keystore #{ENV['JETTY_BASE']}/#{node['BE'][:truststore_path]} -storepass #{node['BE'][:truststore_password]} -noprompt" + end +end diff --git a/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json b/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json index 80728ee013..7dbd72a1ad 100644 --- a/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json +++ b/catalog-be/src/main/docker/backend/chef-solo/roles/catalog-be.json @@ -12,6 +12,7 @@ "run_list": [ "recipe[sdc-catalog-be::BE_1_cleanup_jettydir]", "recipe[sdc-catalog-be::BE_2_setup_configuration]", + "recipe[sdc-catalog-be::BE_3_setup_key_and_trust_store]", "recipe[sdc-catalog-be::BE_4_jetty_Modules]", "recipe[sdc-catalog-be::BE_6_setup_portal_and_key_properties]", "recipe[sdc-catalog-be::BE_7_logback]",