diff options
author | Instrumental <jcgmisc@stl.gathman.org> | 2018-04-05 20:52:32 -0500 |
---|---|---|
committer | Instrumental <jcgmisc@stl.gathman.org> | 2018-04-05 20:52:41 -0500 |
commit | df9e827fa3ec1c7e32b5f5eb7a63a4c11f9da4a7 (patch) | |
tree | cdd1bcb33e7c3f0d24b582d895531af31280e8a6 | |
parent | 6cd833478d794245708ccd448a6835a0d6d3b7ce (diff) |
rm CADI Cass
Issue-ID: AAF-212
Change-Id: I72b1a5ff68ae0f9527b3d82c9a84a0660fe380ae
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
-rw-r--r-- | auth/auth-cass/docker/dbash | 3 | ||||
-rw-r--r-- | auth/auth-cmd/temp | 0 | ||||
-rw-r--r-- | auth/docker/d.props | 13 | ||||
-rw-r--r-- | auth/docker/dclean.sh | 14 | ||||
-rw-r--r-- | auth/docker/dstop.sh | 12 | ||||
-rw-r--r-- | conf/CA/newIntermediate.sh | 60 | ||||
-rw-r--r-- | conf/CA/truststore.sh | 2 |
7 files changed, 104 insertions, 0 deletions
diff --git a/auth/auth-cass/docker/dbash b/auth/auth-cass/docker/dbash new file mode 100644 index 00000000..e10afcc0 --- /dev/null +++ b/auth/auth-cass/docker/dbash @@ -0,0 +1,3 @@ +#!/bin/bash dbash +docker exec -it aaf_cass bash + diff --git a/auth/auth-cmd/temp b/auth/auth-cmd/temp new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/auth/auth-cmd/temp diff --git a/auth/docker/d.props b/auth/docker/d.props new file mode 100644 index 00000000..90bc5511 --- /dev/null +++ b/auth/docker/d.props @@ -0,0 +1,13 @@ +# Variables for building Docker entities +ORG=onap +PROJECT=aaf +DOCKER_REPOSITORY=nexus3.onap.org:10003 +VERSION=2.1.0-SNAPSHOT +CONF_ROOT_DIR=/opt/app/osaaf + +# Local Env info +HOSTNAME=meriadoc.mithril.sbc.com +HOST_IP=172.17.0.3 +CASS_HOST="cass.aaf.osaaf.org:172.17.0.2" + + diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh new file mode 100644 index 00000000..b14f0bcc --- /dev/null +++ b/auth/docker/dclean.sh @@ -0,0 +1,14 @@ +#!/bin/bash dclean.sh +. d.props + +if [ "$1" == "" ]; then + AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'` +else + AAF_COMPONENTS=$1 +fi + +echo "Y" | docker container prune +for AAF_COMPONENT in ${AAF_COMPONENTS}; do + docker image rm $DOCKER_REPOSITORY/$ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION} +done +echo "Y" | docker image prune diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh new file mode 100644 index 00000000..78088423 --- /dev/null +++ b/auth/docker/dstop.sh @@ -0,0 +1,12 @@ +#!/bin/bash dstop.sh +. d.props + +if [ "$1" == "" ]; then + AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'` +else + AAF_COMPONENTS=$1 +fi + +for AAF_COMPONENT in ${AAF_COMPONENTS}; do + docker stop aaf_$AAF_COMPONENT +done diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh new file mode 100644 index 00000000..88b524b9 --- /dev/null +++ b/conf/CA/newIntermediate.sh @@ -0,0 +1,60 @@ +# +# Initialize an Intermediate CA Cert. +# + if [ -e intermediate.serial ]; then + ((SERIAL=`cat intermediate.serial` + 1)) + else + SERIAL=1 + fi + echo $SERIAL > intermediate.serial +DIR=intermediate_$SERIAL + +mkdir -p $DIR/private $DIR/certs $DIR/newcerts +chmod 700 $DIR/private +chmod 755 $DIR/certs $DIR/newcerts +touch $DIR/index.txt +if [ ! -e $DIR/serial ]; then + echo '01' > $DIR/serial +fi +cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR + +if [ "$1" == "" ]; then + CN=intermediateCA_$SERIAL +else + CN=$1 +fi + +SUBJECT="/CN=$CN`cat subject.aaf`" +echo $SUBJECT + echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" + echo "Enter the PassPhrase for the Key for $CN: " + `stty -echo` + read PASSPHRASE + `stty echo` + + # Create a regaular rsa encrypted key + openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \ + -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \ + -passout stdin << EOF +$PASSPHRASE +EOF + + chmod 400 $DIR/private/$CN.key + openssl req -verify -text -noout -in $DIR/$CN.csr + + # Sign it + openssl ca -config openssl.conf -extensions v3_intermediate_ca \ + -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \ + -infiles $DIR/$CN.csr + + openssl x509 -text -noout -in $DIR/certs/ca.crt + + + openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt + + +# Create a Signer p12 script +echo openssl pkcs12 -export -name aaf_$DIR \ + -in certs/ca.crt -inkey private/ca.key \ + -out aaf_$DIR.p12 >> $DIR/signerP12.sh + diff --git a/conf/CA/truststore.sh b/conf/CA/truststore.sh new file mode 100644 index 00000000..397f7e70 --- /dev/null +++ b/conf/CA/truststore.sh @@ -0,0 +1,2 @@ +echo "FYI, by convention, truststore passwords are 'changeit', but you may add something more sophisticated" +openssl pkcs12 -export -name AAF_Root_CA -in certs/ca.crt -inkey private/ca.key -out truststore.p12 |