From b79ea1cbbd09864da9582bdd43b42c13356321d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Sun, 24 Nov 2024 16:42:55 +0100 Subject: [PATCH] refactor/Enable mTLS for Redis, use p12 instead of jks --- obp-api/src/main/resources/props/sample.props.template | 10 ++++++---- obp-api/src/main/scala/code/api/cache/Redis.scala | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template index 378d84353..4124ed2c1 100644 --- a/obp-api/src/main/resources/props/sample.props.template +++ b/obp-api/src/main/resources/props/sample.props.template @@ -168,11 +168,13 @@ jwt.use.ssl=false ## Enable mTLS for Redis, if set to true must set paths for the keystore and truststore locations # redis.use.ssl=false -# Client -# keystore.path.redis = client-keystore.p12 +## Client +## PKCS#12 Format: combine private keys and certificates into .p12 files for easier transport +# keystore.path.redis = path/to/client-keystore.p12 # keystore.password.redis = keystore-password -# Server -# truststore.path.redis = path/to/ca.jks +## Trust stores is a list of trusted CA certificates +## Public certificate for the CA (used by clients and servers to validate signatures) +# truststore.path.redis = path/to/ca.p12 # truststore.password.redis = truststore-password diff --git a/obp-api/src/main/scala/code/api/cache/Redis.scala b/obp-api/src/main/scala/code/api/cache/Redis.scala index 3ff88914d..ede6ba533 100644 --- a/obp-api/src/main/scala/code/api/cache/Redis.scala +++ b/obp-api/src/main/scala/code/api/cache/Redis.scala @@ -56,7 +56,7 @@ object Redis extends MdcLoggable { private def configureSslContext(): SSLContext = { // Load the CA certificate - val trustStore = KeyStore.getInstance("JKS") + val trustStore = KeyStore.getInstance("PKCS12") val trustStorePassword = APIUtil.getPropsValue("keystore.password.redis") .getOrElse(APIUtil.initPasswd).toCharArray val truststorePath = APIUtil.getPropsValue("truststore.path.redis").getOrElse("")