- if (!Files.exists(keyStorePath))
- PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
-// props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
-// props.put(JettyHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-// props.put(JettyHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
-
-// props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
-// props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
-// props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+ // Truststore
+ Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
+ char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
+
+ // IPA CA
+ Path ipaCaCertPath = Paths.get(KernelConstants.IPA_PEM_CA_CERT_PATH);
+ if (Files.exists(ipaCaCertPath)) {
+ KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
+ getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
+ try (BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(ipaCaCertPath));) {
+ PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert);
+ Files.createDirectories(keyStorePath.getParent());
+ PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
+ if (log.isDebugEnabled())
+ log.debug("IPA CA certificate stored in " + trustStorePath);
+ } catch (IOException e) {
+ log.error("Cannot trust CA certificate", e);
+ }
+ }