diff --git a/autoscale/src/main/java/com/sequenceiq/periscope/config/DatabaseConfig.java b/autoscale/src/main/java/com/sequenceiq/periscope/config/DatabaseConfig.java index 9f719042106..a5b2bf4f344 100644 --- a/autoscale/src/main/java/com/sequenceiq/periscope/config/DatabaseConfig.java +++ b/autoscale/src/main/java/com/sequenceiq/periscope/config/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.SQLException; import javax.inject.Inject; @@ -92,9 +90,9 @@ public class DatabaseConfig { public DataSource dataSource() throws SQLException { DatabaseUtil.createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (periscopeNodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", periscopeNodeConfig.getId()); diff --git a/cloud-consumption/src/main/java/com/sequenceiq/consumption/configuration/DatabaseConfig.java b/cloud-consumption/src/main/java/com/sequenceiq/consumption/configuration/DatabaseConfig.java index 8a36c0443ab..d10e6643391 100644 --- a/cloud-consumption/src/main/java/com/sequenceiq/consumption/configuration/DatabaseConfig.java +++ b/cloud-consumption/src/main/java/com/sequenceiq/consumption/configuration/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.Connection; import java.sql.SQLException; import java.sql.Statement; @@ -97,9 +95,9 @@ public class DatabaseConfig { public DataSource dataSource() throws SQLException { createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (nodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", nodeConfig.getId()); diff --git a/cloud-gcp/src/main/java/com/sequenceiq/cloudbreak/cloud/gcp/client/GcpHttpClientConfig.java b/cloud-gcp/src/main/java/com/sequenceiq/cloudbreak/cloud/gcp/client/GcpHttpClientConfig.java index 679b4f979bc..a8e1f3ee6b5 100644 --- a/cloud-gcp/src/main/java/com/sequenceiq/cloudbreak/cloud/gcp/client/GcpHttpClientConfig.java +++ b/cloud-gcp/src/main/java/com/sequenceiq/cloudbreak/cloud/gcp/client/GcpHttpClientConfig.java @@ -1,19 +1,33 @@ package com.sequenceiq.cloudbreak.cloud.gcp.client; import java.io.IOException; +import java.io.InputStream; import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.util.Objects; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; +import com.google.api.client.googleapis.GoogleUtils; import com.google.api.client.http.HttpTransport; +import com.google.api.client.http.javanet.NetHttpTransport; +import com.google.api.client.util.SecurityUtils; @Configuration public class GcpHttpClientConfig { @Bean public HttpTransport httpTransport() throws GeneralSecurityException, IOException { - return GoogleNetHttpTransport.newTrustedTransport(); + return new NetHttpTransport.Builder() + .trustCertificates(getCertificateTrustStore()) + .build(); + } + + private KeyStore getCertificateTrustStore() throws IOException, GeneralSecurityException { + KeyStore certTrustStore = SecurityUtils.getDefaultKeyStore(); + InputStream keyStoreStream = GoogleUtils.class.getResourceAsStream("google.p12"); + SecurityUtils.loadKeyStore(certTrustStore, Objects.requireNonNull(keyStoreStream), "notasecret"); + return certTrustStore; } } diff --git a/common/src/main/java/com/sequenceiq/cloudbreak/client/CertificateTrustManager.java b/common/src/main/java/com/sequenceiq/cloudbreak/client/CertificateTrustManager.java index e47433a011b..5b1797e022c 100644 --- a/common/src/main/java/com/sequenceiq/cloudbreak/client/CertificateTrustManager.java +++ b/common/src/main/java/com/sequenceiq/cloudbreak/client/CertificateTrustManager.java @@ -1,16 +1,12 @@ package com.sequenceiq.cloudbreak.client; -import java.security.KeyManagementException; -import java.security.SecureRandom; +import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; -import org.glassfish.jersey.SslConfigurator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -32,55 +28,17 @@ public static HostnameVerifier hostnameVerifier() { } public static SSLContext sslContext() { - // Create a trust manager that does not validate certificate chains - TrustManager[] trustAllCerts = {trustEverythingTrustManager()}; try { - // Install the all-trusting trust manager - SSLContext sc = SslConfigurator.newInstance().createSSLContext(); - sc.init(null, trustAllCerts, new SecureRandom()); - LOGGER.debug("Trust all SSL certificates has been installed"); - return sc; - } catch (KeyManagementException e) { - LOGGER.error(e.getMessage(), e); - throw new RuntimeException("F", e); + SSLContext defaultSslContext = SSLContext.getDefault(); + LOGGER.debug("Default SSL context has been initialised"); + return defaultSslContext; + } catch (NoSuchAlgorithmException e) { + String errorMessage = String.format("Failed to initialise SSL context due to: '%s'", e.getMessage()); + LOGGER.error(errorMessage, e); + throw new RuntimeException(errorMessage, e); } } - public static SSLContext sslSavingTrustStoreContext() { - TrustManager[] trustManagers = {new CertificateTrustManager.SavingX509TrustManager()}; - SSLContext sslContext = SslConfigurator.newInstance().createSSLContext(); - HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); - try { - sslContext.init(null, trustManagers, new SecureRandom()); - } catch (KeyManagementException e) { - LOGGER.error(e.getMessage(), e); - throw new RuntimeException("FF", e); - } - return sslContext; - } - - private static X509TrustManager trustEverythingTrustManager() { - return new X509TrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - LOGGER.debug("accept all issuer"); - return null; - } - - @Override - public void checkClientTrusted(X509Certificate[] x509Certificates, String s) { - LOGGER.debug("checkClientTrusted"); - // Trust everything - } - - @Override - public void checkServerTrusted(X509Certificate[] x509Certificates, String s) { - LOGGER.debug("checkServerTrusted"); - // Trust everything - } - }; - } - public static class SavingX509TrustManager implements X509TrustManager { private X509Certificate[] chain; @@ -103,5 +61,4 @@ public X509Certificate[] getChain() { return chain; } } - } \ No newline at end of file diff --git a/core/src/main/java/com/sequenceiq/cloudbreak/conf/DatabaseConfig.java b/core/src/main/java/com/sequenceiq/cloudbreak/conf/DatabaseConfig.java index 6db7cfd7ede..3f5b4e245ed 100644 --- a/core/src/main/java/com/sequenceiq/cloudbreak/conf/DatabaseConfig.java +++ b/core/src/main/java/com/sequenceiq/cloudbreak/conf/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.SQLException; import javax.inject.Inject; @@ -108,9 +106,9 @@ public DataSource dataSource() { private HikariDataSource getDataSource() throws SQLException { DatabaseUtil.createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (nodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", nodeConfig.getId()); diff --git a/datalake/src/main/java/com/sequenceiq/datalake/configuration/DatabaseConfig.java b/datalake/src/main/java/com/sequenceiq/datalake/configuration/DatabaseConfig.java index 4f5993eb38e..240d19e5fb3 100644 --- a/datalake/src/main/java/com/sequenceiq/datalake/configuration/DatabaseConfig.java +++ b/datalake/src/main/java/com/sequenceiq/datalake/configuration/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.SQLException; import javax.inject.Inject; @@ -90,9 +88,9 @@ public class DatabaseConfig { public DataSource dataSource() throws SQLException { DatabaseUtil.createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (nodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", nodeConfig.getId()); diff --git a/docker-autoscale/Dockerfile b/docker-autoscale/Dockerfile index 5a5686d06e9..5860fa54f57 100644 --- a/docker-autoscale/Dockerfile +++ b/docker-autoscale/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the periscope app ADD ${REPO_URL}/com/sequenceiq/periscope/$VERSION/periscope-$VERSION.jar /periscope.jar diff --git a/docker-autoscale/bootstrap/start_autoscale_app.sh b/docker-autoscale/bootstrap/start_autoscale_app.sh index 7696f5707ec..45b24eed0b6 100755 --- a/docker-autoscale/bootstrap/start_autoscale_app.sh +++ b/docker-autoscale/bootstrap/start_autoscale_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/docker-cloudbreak/Dockerfile b/docker-cloudbreak/Dockerfile index e43fe0eb6e6..3db21209c4d 100644 --- a/docker-cloudbreak/Dockerfile +++ b/docker-cloudbreak/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the cloudbreak app ADD ${REPO_URL}/com/sequenceiq/cloudbreak/$VERSION/cloudbreak-$VERSION.jar /cloudbreak.jar diff --git a/docker-cloudbreak/bootstrap/start_cloudbreak_app.sh b/docker-cloudbreak/bootstrap/start_cloudbreak_app.sh index 25fd7304b0b..fd65fc7ac57 100755 --- a/docker-cloudbreak/bootstrap/start_cloudbreak_app.sh +++ b/docker-cloudbreak/bootstrap/start_cloudbreak_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/docker-consumption/Dockerfile b/docker-consumption/Dockerfile index 20559e46f50..e27159169e4 100644 --- a/docker-consumption/Dockerfile +++ b/docker-consumption/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the consumption app ADD ${REPO_URL}/com/sequenceiq/cloud-consumption/$VERSION/cloud-consumption-$VERSION.jar /consumption.jar diff --git a/docker-consumption/bootstrap/start_consumption_app.sh b/docker-consumption/bootstrap/start_consumption_app.sh index 26a4a08c63f..d7f1cd01db3 100755 --- a/docker-consumption/bootstrap/start_consumption_app.sh +++ b/docker-consumption/bootstrap/start_consumption_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/docker-datalake/Dockerfile b/docker-datalake/Dockerfile index 102755e362a..239322604db 100644 --- a/docker-datalake/Dockerfile +++ b/docker-datalake/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the datalake app ADD ${REPO_URL}/com/sequenceiq/datalake/$VERSION/datalake-$VERSION.jar /datalake.jar diff --git a/docker-datalake/bootstrap/start_datalake_app.sh b/docker-datalake/bootstrap/start_datalake_app.sh index 0772c32e875..20c52fd378f 100755 --- a/docker-datalake/bootstrap/start_datalake_app.sh +++ b/docker-datalake/bootstrap/start_datalake_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/docker-environment/Dockerfile b/docker-environment/Dockerfile index 758c4fa34fc..1b86a4ecbf4 100644 --- a/docker-environment/Dockerfile +++ b/docker-environment/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the environment app ADD ${REPO_URL}/com/sequenceiq/environment/$VERSION/environment-$VERSION.jar /environment.jar diff --git a/docker-environment/bootstrap/start_environment_app.sh b/docker-environment/bootstrap/start_environment_app.sh index 5de9adc2b31..8da30799dac 100755 --- a/docker-environment/bootstrap/start_environment_app.sh +++ b/docker-environment/bootstrap/start_environment_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/docker-freeipa/Dockerfile b/docker-freeipa/Dockerfile index f4165f668f7..69d987b46af 100644 --- a/docker-freeipa/Dockerfile +++ b/docker-freeipa/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the freeipa app ADD ${REPO_URL}/com/sequenceiq/freeipa/$VERSION/freeipa-$VERSION.jar /freeipa.jar diff --git a/docker-freeipa/bootstrap/start_freeipa_app.sh b/docker-freeipa/bootstrap/start_freeipa_app.sh index 66aa4236134..4ebccf2eb51 100755 --- a/docker-freeipa/bootstrap/start_freeipa_app.sh +++ b/docker-freeipa/bootstrap/start_freeipa_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/docker-redbeams/Dockerfile b/docker-redbeams/Dockerfile index 93ff3bb6caa..46c335f7ff5 100644 --- a/docker-redbeams/Dockerfile +++ b/docker-redbeams/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 # We can not use alpine based image because of https://github.com/grpc/grpc-java/issues/8751 MAINTAINER info@cloudera.com @@ -10,7 +10,7 @@ ENV VERSION ${VERSION} WORKDIR / -RUN apt-get install unzip +RUN microdnf install unzip # install the Redbeams app ADD ${REPO_URL}/com/sequenceiq/redbeams/$VERSION/redbeams-$VERSION.jar /redbeams.jar diff --git a/docker-redbeams/bootstrap/start_redbeams_app.sh b/docker-redbeams/bootstrap/start_redbeams_app.sh index 611bb5c04e9..4babb35da3b 100755 --- a/docker-redbeams/bootstrap/start_redbeams_app.sh +++ b/docker-redbeams/bootstrap/start_redbeams_app.sh @@ -14,7 +14,7 @@ echo "Importing certificates to the default Java certificate trust store." if [ -d "$TRUSTED_CERT_DIR" ]; then for cert in $(ls -A "$TRUSTED_CERT_DIR"); do if [ -f "$TRUSTED_CERT_DIR/$cert" ]; then - if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit; then + if keytool -import -alias "$cert" -noprompt -file "$TRUSTED_CERT_DIR/$cert" -keystore /etc/pki/java/cacerts -storepass changeit; then echo -e "Certificate added to default Java trust store with alias $cert." else echo -e "WARNING: Failed to add $cert to trust store.\n" diff --git a/environment/src/main/java/com/sequenceiq/environment/configuration/DatabaseConfig.java b/environment/src/main/java/com/sequenceiq/environment/configuration/DatabaseConfig.java index 86449df010f..9d1e71879bf 100644 --- a/environment/src/main/java/com/sequenceiq/environment/configuration/DatabaseConfig.java +++ b/environment/src/main/java/com/sequenceiq/environment/configuration/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.Connection; import java.sql.SQLException; import java.sql.Statement; @@ -97,9 +95,9 @@ public class DatabaseConfig { public DataSource dataSource() throws SQLException { createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (nodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", nodeConfig.getId()); diff --git a/freeipa/src/main/java/com/sequenceiq/freeipa/configuration/DatabaseConfig.java b/freeipa/src/main/java/com/sequenceiq/freeipa/configuration/DatabaseConfig.java index b599ebd71ad..94b50f79fd3 100644 --- a/freeipa/src/main/java/com/sequenceiq/freeipa/configuration/DatabaseConfig.java +++ b/freeipa/src/main/java/com/sequenceiq/freeipa/configuration/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.SQLException; import javax.inject.Inject; @@ -92,9 +90,9 @@ public class DatabaseConfig { public DataSource dataSource() throws SQLException { DatabaseUtil.createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (nodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", nodeConfig.getId()); diff --git a/integration-test/docker-compose_template.yml b/integration-test/docker-compose_template.yml index 518cae9e638..14c3fed66dd 100644 --- a/integration-test/docker-compose_template.yml +++ b/integration-test/docker-compose_template.yml @@ -14,7 +14,7 @@ services: - ../mock-thunderhead/build/libs/mock-thunderhead.jar:/mock-thunderhead.jar - ./integcb/etc:/etc/auth command: java -jar /mock-thunderhead.jar - image: docker-private.infra.cloudera.com/cloudera_thirdparty/openjdk/openjdk:11-jdk + image: docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 deploy: resources: limits: @@ -94,7 +94,7 @@ services: - INTEGRATIONTEST_UMS_JSONSECRET_DESTINATIONPATH - INTEGRATIONTEST_UMS_JSONSECRET_NAME - INTEGRATIONTEST_RUNTIMEVERSION - image: openjdk:11-jdk + image: docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 deploy: resources: limits: diff --git a/integration-test/test-image/Dockerfile b/integration-test/test-image/Dockerfile index 490b44fedc4..31e5ff329ff 100644 --- a/integration-test/test-image/Dockerfile +++ b/integration-test/test-image/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 MAINTAINER info@cloudera.com WORKDIR / diff --git a/mock-infrastructure/Dockerfile b/mock-infrastructure/Dockerfile index 257e34fbd57..44b4d9b3922 100644 --- a/mock-infrastructure/Dockerfile +++ b/mock-infrastructure/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 MAINTAINER info@cloudera.com # REPO URL to download jar diff --git a/mock-thunderhead/Dockerfile b/mock-thunderhead/Dockerfile index 1fd489d1dd5..5a4ed847277 100644 --- a/mock-thunderhead/Dockerfile +++ b/mock-thunderhead/Dockerfile @@ -1,4 +1,4 @@ -FROM docker-private.infra.cloudera.com/cloudera_base/cldr-java:11.0.13-cldr-jre-slim-buster-15122021 +FROM docker-private.infra.cloudera.com/cloudera_base/ubi8/cldr-openjdk-11-runtime:1.14-3-03082022 MAINTAINER info@cloudera.com # REPO URL to download jar diff --git a/redbeams/src/main/java/com/sequenceiq/redbeams/configuration/DatabaseConfig.java b/redbeams/src/main/java/com/sequenceiq/redbeams/configuration/DatabaseConfig.java index c54cd52f283..fc9fe6a3ed2 100644 --- a/redbeams/src/main/java/com/sequenceiq/redbeams/configuration/DatabaseConfig.java +++ b/redbeams/src/main/java/com/sequenceiq/redbeams/configuration/DatabaseConfig.java @@ -3,8 +3,6 @@ import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; -import java.nio.file.Files; -import java.nio.file.Paths; import java.sql.SQLException; import javax.inject.Inject; @@ -90,9 +88,9 @@ public class DatabaseConfig { public DataSource dataSource() throws SQLException { DatabaseUtil.createSchemaIfNeeded("postgresql", databaseAddress, dbName, dbUser, dbPassword, dbSchemaName); HikariConfig config = new HikariConfig(); - if (ssl && Files.exists(Paths.get(certFile))) { + if (ssl) { config.addDataSourceProperty("ssl", "true"); - config.addDataSourceProperty("sslrootcert", certFile); + config.addDataSourceProperty("sslfactory", "org.postgresql.ssl.DefaultJavaSSLFactory"); } if (nodeConfig.isNodeIdSpecified()) { config.addDataSourceProperty("ApplicationName", nodeConfig.getId());