Add a configurable truststore for A1 adapter

The default truststore truststore.a1.adapter.jks contains a1simulator's cert from ORAN-SC:
https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=blob;f=near-rt-ric-simulator/certificate/cert.crt;h=51e37a79a508242a2179f0607df61fb795e94a6a;hb=refs/heads/master
This truststore can be overridden by mounting a new volume in docker-compose/helm,
and the correpoding password for the truststore is set using an environment variable.

Change-Id: Iec489a5a8f0435191475db0a1737e822f0a44b99
Issue-ID: SDNC-1339
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
Former-commit-id: 6ee5a32752bd838225b9cbacd22ed451fd24c9a6

diff --git a/installation/sdnc/src/main/scripts/addA1TrustStore.sh b/installation/sdnc/src/main/scripts/addA1TrustStore.sh
new file mode 100755 (executable)
index 0000000..4e3fcab
--- /dev/null
+++ b/installation/sdnc/src/main/scripts/addA1TrustStore.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+###
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+SDNC_STORE_DIR=${SDNC_STORE_DIR:-/opt/onap/sdnc/data/stores}
+A1_TRUSTSTORE=${SDNC_STORE_DIR}/truststore.a1.adapter.jks
+ONAP_TRUSTSTORE=${SDNC_STORE_DIR}/truststoreONAPall.jks
+
+if [ -f ${A1_TRUST_STORE} ]
+then
+  keytool -importkeystore -srckeystore ${A1_TRUSTSTORE} -srcstorepass ${A1_TRUSTSTORE_PASSWORD} -destkeystore ${ONAP_TRUSTSTORE} -deststorepass changeit
+fi

diff --git a/installation/sdnc/src/main/scripts/startODL.oom.sh b/installation/sdnc/src/main/scripts/startODL.oom.sh
index f158c7d..80fe908 100755 (executable)
--- a/installation/sdnc/src/main/scripts/startODL.oom.sh
+++ b/installation/sdnc/src/main/scripts/startODL.oom.sh
@@ -296,6 +296,8 @@ if [ ! -f ${SDNC_HOME}/.installed ]
 then
     echo "Installing SDN-C keyStore"
     /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh
+    echo "Installing A1-adapter trustStore"
+    /bin/bash ${SDNC_HOME}/bin/addA1TrustStore.sh
 
     if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
 

diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh
index 6f9bdad..8da2c54 100755 (executable)
--- a/installation/sdnc/src/main/scripts/startODL.sh
+++ b/installation/sdnc/src/main/scripts/startODL.sh
@@ -152,6 +152,8 @@ then
        ${SDNC_HOME}/bin/installSdncDb.sh
        echo "Installing SDN-C keyStore"
        ${SDNC_HOME}/bin/addSdncKeyStore.sh
+       echo "Installing A1-adapter trustStore"
+       ${SDNC_HOME}/bin/addA1TrustStore.sh
 
        #${CCSDK_HOME}/bin/installOdlHostKey.sh
 

diff --git a/installation/src/main/stores/truststore.a1.adapter.jks b/installation/src/main/stores/truststore.a1.adapter.jks
new file mode 100644 (file)
index 0000000..35eaceb
Binary files /dev/null and b/installation/src/main/stores/truststore.a1.adapter.jks differ

diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml
index 773d061..96f9bb3 100644 (file)
--- a/installation/src/main/yaml/docker-compose.yml
+++ b/installation/src/main/yaml/docker-compose.yml
@@ -63,6 +63,12 @@ services:
       - ODL_CERT_DIR=/tmp
       - ODL_ADMIN_USERNAME=admin
       - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+      - A1_TRUSTSTORE_PASSWORD=a1adapter
+    # The default truststore for A1 adapter can be overridden by mounting a new
+    # truststore (uncomment the lines below), whereas the corresponding password
+    # should be updated in A1_TRUSTSTORE_PASSWORD environment variable (in the line above)
+    #volumes:
+    #  - ./a1_truststore.jks:/opt/onap/sdnc/data/stores/truststore.a1.adapter.jks:ro
     dns:
       - ${DNS_IP_ADDR-10.0.100.1}
     logging: