From adc0568fc9c2f5caee5d67c833e10e71fcfc98af Mon Sep 17 00:00:00 2001
From: "Timoney, Dan (dt5972)" <dtimoney@att.com>
Date: Tue, 30 Oct 2018 08:36:12 -0400
Subject: [PATCH] Add https support for SDNC container

Enable https support in ODL container

Change-Id: I05b482ed89736912bd69bed17d8d9ba8997c8e20
Issue-ID: SDNC-492
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>

Former-commit-id: 6c13e2f6b330dbd17614fff0efc049b1d882eda3
---
 installation/sdnc/pom.xml                               |   3 +++
 installation/sdnc/src/main/docker/Dockerfile            |  13 +++++++++++++
 installation/sdnc/src/main/docker/standalone.Dockerfile |  11 +++++++++++
 installation/src/main/stores/keystore.sdnc.p12          | Bin 0 -> 2605 bytes
 4 files changed, 27 insertions(+)
 create mode 100644 installation/src/main/stores/keystore.sdnc.p12

diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml
index 422360be..b051d560 100644
--- a/installation/sdnc/pom.xml
+++ b/installation/sdnc/pom.xml
@@ -23,6 +23,9 @@
         <sdnc.build.timestamp>${maven.build.timestamp}</sdnc.build.timestamp>
         <sdnc.northbound.version>1.5.1-SNAPSHOT</sdnc.northbound.version>
         <ccsdk.docker.version>0.4.2-STAGING-latest</ccsdk.docker.version>
+        <sdnc.keystore>org.onap.sdnc.p12</sdnc.keystore>
+        <sdnc.keypass><![CDATA[?w5&!M;8v1XF;:Xd;g*%S\$IY]]></sdnc.keypass>
+        <sdnc.secureport>8443</sdnc.secureport>
         <docker.buildArg.https_proxy>${https_proxy}</docker.buildArg.https_proxy>
         <docker.push.phase>deploy</docker.push.phase>
         <docker.verbose>true</docker.verbose>
diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile
index 315d023a..d4892260 100755
--- a/installation/sdnc/src/main/docker/Dockerfile
+++ b/installation/sdnc/src/main/docker/Dockerfile
@@ -11,6 +11,9 @@ ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
 ENV SSL_CERTS_DIR /etc/ssl/certs
 ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
 ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
+ENV SDNC_KEYSTORE ${sdnc.keystore}
+ENV SDNC_KEYPASS ${sdnc.keypass}
+ENV SDNC_SECUREPORT ${sdnc.secureport}
 
 USER root
 
@@ -39,6 +42,16 @@ COPY truststoreONAPall.jks $SDNC_STORE_DIR
 
 RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts  -deststorepass changeit
 
+# Secure with TLS
+RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
+RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+
+
+
+
 RUN chown -R odl /opt
 USER odl
 
diff --git a/installation/sdnc/src/main/docker/standalone.Dockerfile b/installation/sdnc/src/main/docker/standalone.Dockerfile
index f271ca01..b062361a 100755
--- a/installation/sdnc/src/main/docker/standalone.Dockerfile
+++ b/installation/sdnc/src/main/docker/standalone.Dockerfile
@@ -11,6 +11,9 @@ ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
 ENV SSL_CERTS_DIR /etc/ssl/certs
 ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
 ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
+ENV SDNC_KEYSTORE ${sdnc.keystore}
+ENV SDNC_KEYPASS ${sdnc.keypass}
+ENV SDNC_SECUREPORT ${sdnc.secureport}
 
 USER root
 
@@ -35,6 +38,14 @@ COPY truststoreONAPall.jks $SDNC_STORE_DIR
 
 RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts  -deststorepass changeit
 
+# Secure with TLS
+RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
+RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+
+
 RUN chown -R odl /opt
 USER odl
 
diff --git a/installation/src/main/stores/keystore.sdnc.p12 b/installation/src/main/stores/keystore.sdnc.p12
new file mode 100644
index 0000000000000000000000000000000000000000..8fb4e2cdaba8c84ada003e50c57611f5f2dc9428
GIT binary patch
literal 2605
zcmY+EcQhN07RQr_O|2-cy~T`Cf|5#WrW&JyDk(K<wk7t8ohq$bwW&5#C^4#~M(zES
z`dPKd4^c&}hI-yR@BMz~cka38p7Z(Md;k2v@Jvt;kOqclT%==^i8G8lWChX#3-OGj
zU_9gSIqrwyX<h#j(OQG?w71W(>3QFzWB%V23lk7jhzC<)c<><%O2_nneEysd41u*7
zN`D>vcFgIY0$}W!Dd4!w-~plmw3~wQ;GXx_reH2_m#X(M`y?J#D=pR2Br0hH+M~I!
za)H2xvW<;4^sG^HuJhs}%9~*kzZ~5)ln80j6SDG+gA*PUWxU43X#zG6+*kQ&BrD+a
zs%tQtG$%Ttmwk-}UY^?~C&``JQv1khtZ{hXD1?y4%#LZc-!MQG=hSX$ucX>bAVPc(
znE<Eq9=Esmd8ou9)w@a7?Y1X<XtWuY1TSr#0<}E7km~ry^BP4XKJJPJwiqI~1;aA+
zd`Oc%r|*P11x<SD_<c8q`FPj%8Pcn=3IMkZb23o<S2S-iEFoYhtIn6hqp_4!tui41
z7@6QWqt{kx^|l!mGC)5_Dejr{<?0K!N!}Y^-1t@ZV(&gB%;s&ag5Pv(d6EXa;u?;a
zljr7{++JNr@#Y&66Yd^j(>YxfaM9-<+u_aV(<ywta$iAY5zo(s8k_h$F}7gIfxiX9
z!vllV8*IC_<kUD^XSp)Dv)AdxbHws4O7t0U7iRYkmXJjW(;hmZ&okMgT6NNQ0#vPj
z$8;H;q(xNb=rZhCNpDtM$0P3M4?ur}ZJIoMB62I)cdKQafMNcOntvFA=wyf=Rk?FC
ztcaU23-f`-V<3^3b*k1v!`Yo|-I|j3CgIu{>|loyS@?mQZ>}qcsBtKGOcmkhZ73dP
zTsG8(e{SBgCi^?HIU>7&BZPRcAxuJ8_ih|Wh--*z<JR;l^NG=qg`jxQ`?%bG=DgI9
z6(>S=c*JDuiZAsc_49boJxra*9DTisLvCgBNo4yGw1ki(aDSvH{|!xTGa<ZnW<@nH
zNre-RGd`{^b-OpdLdv|=z<O9E9qQs76ui9To2JdRG?@6OZ=@kxg-_)Tzqwd5eV_nf
zS1V19!ExPve5s=8*)QkGib?-oaLD+gbxL?3s_R;$ENPK}eHLwTLoF}D>)o*3vGB@>
zpJb}*v%M^Cw)~%8-^Uf0KvqAsKeFQ0n<@8a=Wl2T4<9Dn7p<Nx8MOAvIm#apq5B5k
z*}x1_s$8403`zaJ$<-lEI7)Slv#jkPTUqWLf!VH;f~8xZSRf=WKbksKn=o%N;`{W{
z64Z;o(>IUs{%Z6y5|!Q&-_w>fUa;!VOhyKch|F5Oq7hK&xBl2OU;<C)5GtNjW770-
z8%;A#C3?RXIHm7tCH-VS^ry_W{&~m0GcX%@m8zQ+&eV+^bDDbf`;?a2C)RMNBwh3k
zGtPb3CG-e1dU@M4=9pd-@>=Qe2K6I<T!9gHf3@7SH*d5K?}FWX+}aPMy}Z~}YnhG!
z+LOntF3PSFkJZnR%|E_N=IiD;T-_R>8WG?#p{XtM{xkVV=!slli5C4L4$ZIZ7iaDN
zWlLc8gi)-7Gx>E+Y++XmQoyE7x`u{1QE~ao0Ji%bZIq0hU{KVX<ob@U2t-k2UQo^^
z5IAXR>FZV&D+)^^zaUQ!H`Fd;I+r%%f$kNs0J6nFX_Dwt&G$X}Wi!P(iEaS9r`J`q
zkN;3-N^t#rkfZW^=&sHjVuL(ujc)2p9ex2N(-k77=&*YLubHeM{r<03OVztoWD~DV
zl?;kclZjP$Kw1_hTedUtkLQ!eOFMpiY9)eyNZ--?Qs$V#&l<Wpxtd43AQ=+1prix4
z^p`3bAxbQQOn?UfXMo>%1;IrAj<}T|V9wj_Ue3ZwS5#rj8X6kvYHBczb9LVRYl)uj
z+@>by$Or@koDbyR3Gg3&rTdRxy`I(gJ!DUYUTa@UKMOi^xp`@Z<-dN7#Df{6)_Zr=
z^gPpMYEG94MbWYnb*MH{^vR5d7K}~StyHjiKnsLp!3N|dYe<-amZn3CY(+PZFODjx
zmOGFxJ=OzRKB7{F*Ve_2NrVT%cN3k=+}(H<6z~1=xRJ=Y_Jqr@PO|^{nf^p)Fz8~2
zc&Y_gm=ufm#6p-G(|(_$*m04N{klSx&cUPn<Vc>N!iPay4BIJ7D6B8ggs1k04w}>`
z+N@{^t+s6|0o_}zuWhPQa|{P6pBBx7bn9DTJOWgq(E1ngjTx$mj{9N(tojB{)~gAL
zY=wvY%_=_-%#XfvG+w?x_`KtF{VT+(Ot%%`-e(kLUN0hVzzHo?d!#61A;s>l{C4~P
zhVtANb8N~|A~!?NOw^2>@Ee8A5n#fKsJ9|bfmXewy=Ec2Aikk`E0|2ZlJZ8sWra9>
zYu2Y&)x`B%_qhM*$w%FH=AC#isZIH*Uj@}exQU|6Dtxz3ZVY!kU)38-Oif0pM{`(y
z;_5i#6>~?I-F|!VlAf35aaiWM0E6-~7uGU&8FIw9c_^7=V19vl=L~(MI_qFTWphy5
zW7V%Cwm;A?by22uULGrm){@4R3SzJYhI2;VJ}L8w*Tv(++N-QzhW_?lk~k^JT|vgT
z*$sQwYa+KCDkVmzerfljJbC$>jA7e;{wAGl(V4j#pHSIZr)^Hy>nngPJ5=C>E8U;E
z(ld<LCGjypjr9;kb%lFG?5L{;Gz_n^y7=r3MEY$;Zbk)_r=%B5{0!gsvvcN?8*)m8
z+6jtAx*W};f-TCXnW20e1v?>&=wE3r3SW=ynmyk0Y&Nf9cb+trBh5!_pY9xJmIE%<
z_b#f;JfYx5kw(8iTsOV80GoGx*I*zlE9a+|@z_3){BVN<DTwfK&ThZ7!E#}ix+X^a
zXj!^zfEepVCq(sy2h@PLril-IB4-0H&;4xPNz1_68>#;E>iJoGdZ0E=iRGwB(?x_D
zSX^%}ezuRj;VScvK6zZixnD}^rr&su9v?*H62zwonI&X+FWQ1Jhdm6UD=&OCStt52
zyVv-uP7Bdg??d9Pvxp)b`4(z(k-g9lF7FKVM9%Bw3}FZnft8eeJBP*(X6XUylJM2A
z?js@%tjcTHe~!`UY3ja*)fe?5VL=RRb09pJB<?07S6){u<!<Z<G00OFu*k@Kl`Cxb
zhJG5eTb=-2?vyIVrrY4sB&G8`&QO@(sXb0H=?^xzSt%%E%*rg2+D&cG#3T;aVt=Ae
zhc%d?u`8K3sxsV0u&~uuAlH6yy*)pMF^VmT#%Y1UW||#3s&O-t)>yx_yL7oQDjiH0
z^VD+J?Pua$gAw$Ct+t@UBm>vm5Aep^q9T1LdE|<>X*mmlAEpBnficq2%3h!WU8V(q
zAxbZK6B56S6xLYtS3o*De3H#^*T4|=q<UjOqhbSrcLT7k%&lc6B&rOe0mc>n8|w|t
AX#fBK

literal 0
HcmV?d00001

-- 
2.16.6