...
In essence the above runs a docker container (ubuntu) with the docker cert volume mounted and the local /opt/app/osaaf/local folder mounted as a different volume so we can copy the artifacts from the docker volume to our local host.
Retrieving the artifact passwords
The agent.sh can be used to decrypt the passwords in the org.onap.oof.cred.props file.
There are several things to address.
- Copy the truststoreONAPall.jks to the agent.sh folder
- Make sure the CADI jar agent.sh is in the local folder. You will get this error: For local use, you need to have 'aaf-cadi-aaf-2.1.12-SNAPSHOT-full.jar'
- The AAF account you are using needs to have showpass privieges in AAF, so we added those privileges to the admin role in the namespace
For 1:
| cp /opt/app/osaaf/local/truststoreONAPall.jks ./ |
|---|
For 2:
I had a local version that was different than the version in agent.sh so I copied the jar I had to the agent.sh folder and updated VERSION in aaf.props
For 3:
So finally you can run
| bash agent.sh local showpass oof@oof.onap.org oof.onap |
|---|
This will prompt for oof@oof.onap.org password which is the default demo123456!
Note that if you fat finger the password you get a goofy error
org.onap.aaf.cadi.CadiException: org.onap.aaf.cadi.LocatorException: No Entries found for 'https://aaf-onap-test.osaaf.org:8095/locate/AAF_NS.cm:2.1'
which can send you on a wild goose chase.
Not sure why I bothered to obscure the passwords 
Using certificates with Spring Boot Application
- Copy these 2 artifacts to a folder accessible to your application
- truststoreONAPall.jks (for outgoing HTTPS requests)
- org.onap.<app>.jks (i.e. org.onap.oof.jks) (for incoming HTTPS requests)
- Add the following to the JVM args
- -Dserver.ssl.key-store=<folder>/org.onap.oof.jks
- -Dserver.ssl.key-store-password=<cadi_keystore_password_jks>
- -Djavax.net.ssl.trustStore=<folder>/truststoreONAPall.jks