From f52b73037b2b78c3afa68a0fb345cb80518bc22c Mon Sep 17 00:00:00 2001
From: Bill Decoste <wdecoste@redhat.com>
Date: Wed, 26 Jul 2017 11:39:06 -0700
Subject: [PATCH] cloud-1955 fix rest ssl with new realm

---
 .../added/launch/authentication-config.sh       | 15 ++++++++++++++-
 .../added/launch/infinispan-config.sh           | 17 +++++++++++------
 tests/features/datagrid/datagrid_rest.feature   | 11 +++++++++--
 3 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/os-jdg7-launch/added/launch/authentication-config.sh b/os-jdg7-launch/added/launch/authentication-config.sh
index 46aee918..9bfcd4e6 100755
--- a/os-jdg7-launch/added/launch/authentication-config.sh
+++ b/os-jdg7-launch/added/launch/authentication-config.sh
@@ -72,7 +72,20 @@ function configure_authentication() {
 }
 
 function add_realm_domain_mapping() {
-  local realm="<security-realm name=\"$SECDOMAIN_NAME\"><authentication><jaas name=\"$SECDOMAIN_NAME\"/></authentication></security-realm>"  
+  local realm="<security-realm name=\"$SECDOMAIN_NAME\"><authentication><jaas name=\"$SECDOMAIN_NAME\"/></authentication>"
+
+  if [ -n "${HTTPS_PASSWORD}" -a -n "${HTTPS_KEYSTORE_DIR}" -a -n "${HTTPS_KEYSTORE}" ]; then
+
+    if [ -n "$HTTPS_KEYSTORE_TYPE" ]; then
+      keystore_provider="provider=\"${HTTPS_KEYSTORE_TYPE}\""
+    fi
+    ssl="<server-identities>\n\
+                    <ssl>\n\
+                        <keystore ${keystore_provider} path=\"${HTTPS_KEYSTORE_DIR}/${HTTPS_KEYSTORE}\" keystore-password=\"${HTTPS_PASSWORD}\"/>\n\
+                    </ssl>\n\
+                </server-identities>"
+  fi
+  realm="$realm $ssl</security-realm>"  
 
   sed -i "s|<!-- ##DATAGRID_REALM## -->|${realm}|" "${CONFIG_FILE}" 
 }
diff --git a/os-jdg7-launch/added/launch/infinispan-config.sh b/os-jdg7-launch/added/launch/infinispan-config.sh
index b41d91da..c3b43c1b 100644
--- a/os-jdg7-launch/added/launch/infinispan-config.sh
+++ b/os-jdg7-launch/added/launch/infinispan-config.sh
@@ -590,18 +590,23 @@ function configure_infinispan_endpoint() {
           fi
 
           if [ -n "${HTTPS_NAME}" -a -n "${HTTPS_PASSWORD}" -a -n "${HTTPS_KEYSTORE_DIR}" -a -n "${HTTPS_KEYSTORE}" ] ; then
-            encryption="<encryption $rest_security_realm />"
+            if [ -n "$REST_SECURITY_DOMAIN" ]; then
+              encryption="<encryption security-realm=\"$REST_SECURITY_DOMAIN\" />"      
+            else
+              encryption="<encryption security-realm=\"ApplicationRealm\" />"
+            fi
+
             rest="\
                 <rest-connector name=\"rest-ssl\" socket-binding=\"rest-ssl\" cache-container=\"clustered\"> \
                    $rest_authentication \
                    $encryption \
                 </rest-connector>"
-          else
-            rest="$rest \
-              <rest-connector name=\"rest\" socket-binding=\"rest\" cache-container=\"clustered\"> \
-                 $rest_authentication \
-              </rest-connector>"
           fi
+
+          rest="$rest \
+            <rest-connector name=\"rest\" socket-binding=\"rest\" cache-container=\"clustered\"> \
+               $rest_authentication \
+            </rest-connector>"
         ;;
       esac
     done
diff --git a/tests/features/datagrid/datagrid_rest.feature b/tests/features/datagrid/datagrid_rest.feature
index 5066a324..25c00f52 100644
--- a/tests/features/datagrid/datagrid_rest.feature
+++ b/tests/features/datagrid/datagrid_rest.feature
@@ -38,7 +38,8 @@ Feature: Openshift JDG REST tests
       | HTTPS_PASSWORD                               | mykeystorepass                         |
       | HTTPS_KEYSTORE_DIR                           | /etc/datagrid-secret-volume            |
       | HTTPS_KEYSTORE                               | keystore.jks                           |
-    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ApplicationRealm on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ApplicationRealm on XPath //*[local-name()='rest-connector'][@name='rest-ssl']/*[local-name()='encryption']/@security-realm
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value rest on XPath //*[local-name()='rest-connector'][@name='rest']/@socket-binding    
 
   @jboss-datagrid-7/datagrid71-openshift
   Scenario: Should create endpoint with encryption and specified security domain
@@ -50,7 +51,7 @@ Feature: Openshift JDG REST tests
       | HTTPS_KEYSTORE_DIR                           | /etc/datagrid-secret-volume            | 
       | HTTPS_KEYSTORE                               | keystore.jks                           |
       | REST_SECURITY_DOMAIN                         | ManagementRealm                        |
-Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ApplicationRealm on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm
+Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ManagementRealm on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm
 
   @jboss-datagrid-7/datagrid71-openshift
   Scenario: Should create security realm that maps to security domain
@@ -59,6 +60,12 @@ Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml sho
       | INFINISPAN_CONNECTORS                        | rest                                   |
       | USERNAME                                     | tombrady                               |
       | PASSWORD                                     | sixrings                               |
+      | HTTPS_NAME                                   | jboss                                  |
+      | HTTPS_PASSWORD                               | mykeystorepass                         |
+      | HTTPS_KEYSTORE_DIR                           | /etc/datagrid-secret-volume            |
+      | HTTPS_KEYSTORE                               | keystore.jks                           |
     Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jdg-openshift on XPath //*[local-name()='security-realms']/*[local-name()='security-realm']/@name
     Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jdg-openshift on XPath //*[local-name()='security-realms']/*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='authentication']/*[local-name()='jaas']/@name
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='security-realms']/*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@keystore-password
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jdg-openshift on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm