diff options
16 files changed, 143 insertions, 98 deletions
diff --git a/certService/pom.xml b/certService/pom.xml index 686e0d8d..5cc45cd5 100644 --- a/certService/pom.xml +++ b/certService/pom.xml @@ -161,7 +161,7 @@ <images> <image> <alias>${project.artifactId}</alias> - <name>${docker-image.namespace}/${docker-image.name} + <name>${docker-image.namespace}/${docker-image.name}:${docker-image.tag.latest} </name> <registry>${docker-image.registry}</registry> <build> diff --git a/certServiceClient/pom.xml b/certServiceClient/pom.xml index 2698e50c..50ae677e 100644 --- a/certServiceClient/pom.xml +++ b/certServiceClient/pom.xml @@ -104,7 +104,7 @@ <images> <image> <alias>${project.artifactId}</alias> - <name>${docker-image.namespace}/${docker-image.name} + <name>${docker-image.namespace}/${docker-image.name}:${docker-image.tag.latest} </name> <registry>${docker-image.registry}</registry> <build> diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java index 0ecee793..4826732c 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java @@ -61,8 +61,8 @@ public class ConvertedArtifactsCreator implements ArtifactsCreator { private void createKeystore(List<String> data, PrivateKey privateKey) throws PemConversionException, CertFileWriterException { Password password = passwordGenerator.generate(PASSWORD_LENGTH); - String keystoreArtifactName = String.format("%s.%s", KEYSTORE, fileExtension); - String keystorePass = String.format("%s.%s", KEYSTORE, PASS_EXT); + String keystoreArtifactName = getFilenameWithExtension(KEYSTORE, fileExtension); + String keystorePass = getFilenameWithExtension(KEYSTORE, PASS_EXT); LOGGER.debug("Attempt to create keystore files and saving data. File names: {}, {}", keystoreArtifactName, keystorePass); @@ -73,8 +73,8 @@ public class ConvertedArtifactsCreator implements ArtifactsCreator { private void createTruststore(List<String> data) throws PemConversionException, CertFileWriterException { Password password = passwordGenerator.generate(PASSWORD_LENGTH); - String truststoreArtifactName = String.format("%s.%s", TRUSTSTORE, fileExtension); - String truststorePass = String.format("%s.%s", TRUSTSTORE, PASS_EXT); + String truststoreArtifactName = getFilenameWithExtension(TRUSTSTORE, fileExtension); + String truststorePass = getFilenameWithExtension(TRUSTSTORE, PASS_EXT); LOGGER.debug("Attempt to create truststore files and saving data. File names: {}, {}", truststoreArtifactName, truststorePass); @@ -85,4 +85,8 @@ public class ConvertedArtifactsCreator implements ArtifactsCreator { private byte[] getPasswordAsBytes(Password password) { return password.getCurrentPassword().getBytes(); } + + private String getFilenameWithExtension(String filename, String extension) { + return String.format("%s.%s", filename, extension); + } } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/CertServiceClientTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/CertServiceClientTest.java index 36808941..9e256f98 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/CertServiceClientTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/CertServiceClientTest.java @@ -35,7 +35,7 @@ class CertServiceClientTest { AppExitHandler appExitHandler = new AppExitHandler(); @Test - public void shouldExitWithDefinedExitCode_onRunCallWhenNoEnvsPresent() { + void shouldExitWithDefinedExitCode_onRunCallWhenNoEnvsPresent() { // given doNothing().when(appExitHandler).exit(CLIENT_CONFIGURATION_EXCEPTION); doNothing().when(appExitHandler).exit(SUCCESS); diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java index e88976bf..ae18e6fb 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java @@ -31,8 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; - -public class CsrFactoryTest { +class CsrFactoryTest { CsrConfiguration config = mock(CsrConfiguration.class); diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java index def9c1d5..41f15bb7 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java @@ -44,7 +44,7 @@ class PrivateKeyToPemEncoderTest { private static final String PRIVATE_KEY_PEM_PATH = RESOURCES_DIR + "rsaPrivateKeyPem"; @Test - public void shouldReturnProperlyEncodedPrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException, PkEncodingException, IOException { + void shouldReturnProperlyEncodedPrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException, PkEncodingException, IOException { //given String expectedPem = Files.readString(Paths.get(PRIVATE_KEY_PEM_PATH)); PrivateKeyToPemEncoder testedPkEncoder = new PrivateKeyToPemEncoder(); @@ -63,4 +63,4 @@ class PrivateKeyToPemEncoderTest { KeyFactory kf = KeyFactory.getInstance(ENCRYPTION_ALGORITHM); return kf.generatePrivate(spec); } -}
\ No newline at end of file +} diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvProviderTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvProviderTest.java index af6b2d9f..74c8c2a1 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvProviderTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvProviderTest.java @@ -36,12 +36,12 @@ class EnvProviderTest { private EnvProvider envProvider; @BeforeEach - public void setUp() { + void setUp() { envProvider = Mockito.spy(EnvProvider.class); } @Test - public void shouldReturnSystemEnvVariableWhenItWasDefined() { + void shouldReturnSystemEnvVariableWhenItWasDefined() { // given when(envProvider.getSystemEnv(TEST_ENV)).thenReturn(TEST_ENV_VALUE); @@ -49,16 +49,17 @@ class EnvProviderTest { final Optional<String> testEnv = envProvider.readEnvVariable(TEST_ENV); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV_VALUE); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV_VALUE); } @Test - public void shouldReportThatSystemEnvVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envProvider.readEnvVariable(TEST_ENV); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForCsrTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForCsrTest.java index 656bbe59..d6af20c6 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForCsrTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForCsrTest.java @@ -47,17 +47,18 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getCommonName(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvCommonNameVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvCommonNameVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForCsr.getCommonName(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -69,17 +70,18 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getOrganization(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvOrganizationVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvOrganizationVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForCsr.getOrganization(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -91,8 +93,9 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getOrganizationUnit(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test @@ -101,7 +104,7 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getOrganizationUnit(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -113,17 +116,18 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getLocation(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvLocationVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvLocationVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForCsr.getLocation(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -135,17 +139,18 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getState(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvStateVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvStateVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForCsr.getState(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -157,17 +162,18 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getCountry(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvCountryVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvCountryVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForCsr.getCountry(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -179,8 +185,9 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getSubjectAlternativesName(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test @@ -189,6 +196,6 @@ class EnvsForCsrTest { final Optional<String> testEnv = envsForCsr.getSubjectAlternativesName(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForTlsTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForTlsTest.java index a33d6541..7f599aa5 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForTlsTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/EnvsForTlsTest.java @@ -48,17 +48,18 @@ class EnvsForTlsTest { final Optional<String> testEnv = envsForTls.getKeystorePath(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvKeyStorePathVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvKeyStorePathVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForTls.getKeystorePath(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -70,17 +71,18 @@ class EnvsForTlsTest { final Optional<String> testEnv = envsForTls.getKeystorePassword(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvKeyStorePasswordVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvKeyStorePasswordVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForTls.getKeystorePassword(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -92,17 +94,18 @@ class EnvsForTlsTest { final Optional<String> testEnv = envsForTls.getTruststorePath(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvTrustStorePathVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvTrustStorePathVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForTls.getTruststorePath(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } @Test @@ -114,16 +117,17 @@ class EnvsForTlsTest { final Optional<String> testEnv = envsForTls.getTruststorePassword(); // then - assertThat(testEnv.isPresent()).isTrue(); - assertThat(testEnv.get()).isEqualTo(TEST_ENV); + assertThat(testEnv) + .isPresent() + .contains(TEST_ENV); } @Test - public void shouldReportThatSystemEnvTrustStorePasswordVariableIsNotPresentWhenItWasNotDefined() { + void shouldReportThatSystemEnvTrustStorePasswordVariableIsNotPresentWhenItWasNotDefined() { // when final Optional<String> testEnv = envsForTls.getTruststorePassword(); // then - assertThat(testEnv.isPresent()).isFalse(); + assertThat(testEnv).isNotPresent(); } } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/exception/TlsConfigurationExceptionTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/exception/TlsConfigurationExceptionTest.java index e1144a6b..e9e5c3bf 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/exception/TlsConfigurationExceptionTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/exception/TlsConfigurationExceptionTest.java @@ -26,10 +26,10 @@ import org.onap.aaf.certservice.client.api.ExitStatus; import static org.assertj.core.api.Assertions.assertThat; -public class TlsConfigurationExceptionTest { +class TlsConfigurationExceptionTest { @Test - public void containsProperExitStatus() { + void containsProperExitStatus() { // Given ExitStatus exitStatus = null; @@ -41,7 +41,8 @@ public class TlsConfigurationExceptionTest { } // Then - assertThat(exitStatus).isNotNull(); - assertThat(exitStatus).isEqualTo(ExitStatus.TLS_CONFIGURATION_EXCEPTION); + assertThat(exitStatus) + .isNotNull() + .isEqualTo(ExitStatus.TLS_CONFIGURATION_EXCEPTION); } } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java index 9c0b9d8f..e4d71b31 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java @@ -27,67 +27,67 @@ import org.mockito.Mockito; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; -public class AbstractConfigurationFactoryTest { +class AbstractConfigurationFactoryTest { private final AbstractConfigurationFactory cut = mock(AbstractConfigurationFactory.class, Mockito.CALLS_REAL_METHODS); @ParameterizedTest @ValueSource(strings = {"/var/log", "/", "/var/log/", "/second_var", "/second-var"}) - public void shouldAcceptValidPath(String path) { + void shouldAcceptValidPath(String path) { assertThat(cut.isPathValid(path)).isTrue(); } @ParameterizedTest @ValueSource(strings = {"/var/log?", "", "var_", "var", "//", "/var//log"}) - public void shouldRejectInvalidPath(String path) { + void shouldRejectInvalidPath(String path) { assertThat(cut.isPathValid(path)).isFalse(); } @ParameterizedTest @ValueSource(strings = {"PL", "DE", "PN", "US", "IO", "CA", "KH", "CO", "DK", "EC", "CZ", "CN", "BR", "BD", "BE"}) - public void shouldAcceptValidCountryCode(String countryCode) { + void shouldAcceptValidCountryCode(String countryCode) { assertThat(cut.isCountryValid(countryCode)).isTrue(); } @ParameterizedTest @ValueSource(strings = {"", "QQ", "AFG", "D", "&*", "!", "ONAP", "p", "pl", "us", "afg"}) - public void shouldRejectInvalidCountryCode(String countryCode) { + void shouldRejectInvalidCountryCode(String countryCode) { assertThat(cut.isCountryValid(countryCode)).isFalse(); } @ParameterizedTest @ValueSource(strings = {"caname", "caname1", "123caName", "ca1name"}) - public void shouldAcceptValidAlphanumeric(String caName) { + void shouldAcceptValidAlphanumeric(String caName) { assertThat(cut.isAlphaNumeric(caName)).isTrue(); } @ParameterizedTest @ValueSource(strings = {"44caname$", "#caname1", "1c_aname", "ca1-name"}) - public void shouldRejectInvalidAlphanumeric(String caName) { + void shouldRejectInvalidAlphanumeric(String caName) { assertThat(cut.isAlphaNumeric(caName)).isFalse(); } @ParameterizedTest @ValueSource(strings = {"example.com", "www.example.com"}) - public void shouldAcceptValidCommonName(String commonName) { + void shouldAcceptValidCommonName(String commonName) { assertThat(cut.isCommonNameValid(commonName)).isTrue(); } @ParameterizedTest @ValueSource(strings = {"https://example.com", "http://example.com", "example.com:8080", "0.0.0.0", "@#$%.com"}) - public void shouldRejectInvalidCommonName(String commonName) { + void shouldRejectInvalidCommonName(String commonName) { assertThat(cut.isCommonNameValid(commonName)).isFalse(); } @ParameterizedTest @ValueSource(strings = {"JKS", "P12", "PEM"}) - public void shouldAcceptValidOutputType(String outputType) { + void shouldAcceptValidOutputType(String outputType) { assertThat(cut.isOutputTypeValid(outputType)).isTrue(); } @ParameterizedTest @ValueSource(strings = {"jks", "p12", "pem", "", "pass", "!@$#pp"}) - public void shouldRejectInvalidOutputType(String outputType) { + void shouldRejectInvalidOutputType(String outputType) { assertThat(cut.isOutputTypeValid(outputType)).isFalse(); } } diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst index 65d08108..dba8f3e6 100644 --- a/docs/sections/logging.rst +++ b/docs/sections/logging.rst @@ -114,9 +114,11 @@ Client application exits with following exit codes: +-------+------------------------------------------------+ | 6 | Internal HTTP Client connection problem | +-------+------------------------------------------------+ -| 7 | Fail in PKCS12 conversion | +| 7 | Fail in PEM conversion | +-------+------------------------------------------------+ | 8 | Fail in Private Key to PEM Encoding | +-------+------------------------------------------------+ | 9 | Wrong TLS configuration | +-------+------------------------------------------------+ +| 10 | File could not be created | ++-------+------------------------------------------------+ diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index c040ce51..7d32480d 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -9,15 +9,15 @@ Release Notes Version: 1.1.0 -------------- -:Release Date: 2020-xx-xx +:Release Date: 2020-06-29 **New Features** - N/A + - Added property to CertService Client to allow selection of output certificates type (One of: PEM, JKS, P12). **Bug Fixes** - N/A + - Resolved issue where created PKCS12 certificates had jks extension. **Known Issues** @@ -63,7 +63,7 @@ The Frankfurt Release is the first release of the Certification Service. **Known Issues** - N/A + - PKCS12 certificates have jks extension **Security Notes** @@ -106,6 +106,8 @@ The Frankfurt Release is the first release of the Certification Service. - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails + - PKCS12 certificates have jks extension + **Security Notes** N/A diff --git a/docs/sections/usage.rst b/docs/sections/usage.rst index 0aacbe3d..759284bd 100644 --- a/docs/sections/usage.rst +++ b/docs/sections/usage.rst @@ -10,12 +10,17 @@ Basic information ----------------- CertService client needs the following configuration parameters to work properly: -1. Parameters for connection to CertService API to obtain certificate and trust anchors +1. Parameters for generating certification artifacts and connecting to CertService API to obtain certificate and trust anchors - REQUEST_URL *(default: https://aaf-cert-service:8443/v1/certificate/)* - URL to CertService API - REQUEST_TIMEOUT *(default: 30000[ms])* - Timeout in milliseconds for REST API calls - OUTPUT_PATH *(required)* - Path where client will output generated certificate and trust anchor - CA_NAME *(required)* - Name of CA which will enroll certificate. Must be same as configured on server side. Used in REST API calls + - OUTPUT_TYPE *(default: P12)* - Type of certificate which will be generated. Supported types: + + - JKS - Java KeyStore (JKS) + - P12 - Public Key Cryptography Standard #12 (PKCS#12) + - PEM - Privacy-Enhanced Mail (PEM) 2. Parameters to generate Certificate Signing Request (CSR): @@ -48,7 +53,7 @@ You need certificate and trust anchors to connect to CertService API via HTTPS. To run CertService client as standalone docker container execute following steps: -1. Create file '*$PWD/client.env*' with environments as in example below: +1. Create file '*$PWD/client.env*' with environment variables as in example below: .. code-block:: bash @@ -57,6 +62,7 @@ To run CertService client as standalone docker container execute following steps REQUEST_TIMEOUT=10000 OUTPUT_PATH=/var/certs CA_NAME=RA + OUTPUT_TYPE=P12 #CSR config envs COMMON_NAME=onap.org @@ -93,20 +99,26 @@ After successful creation of certifications, container exits with exit code 0, e .. code-block:: bash - INFO 1 [ main] o.o.a.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://aaf-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA - INFO 1 [ main] o.o.a.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org - INFO 1 [ main] o.o.a.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048 - INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org - INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been completed successfully - INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Conversion of CSR to PEM has been started - INFO 1 [ main] o.o.a.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM - INFO 1 [ main] o.o.a.c.c.h.HttpClient : Attempt to send request to API, on url: https://aaf-cert-service:8443/v1/certificate/RA - INFO 1 [ main] o.o.a.c.c.h.HttpClient : Received response from API - INFO 1 [ main] o.o.a.c.c.c.c.PemToPKCS12Converter : Conversion of PEM certificates to PKCS12 keystore - DEBUG 1 [ main] o.o.a.c.c.c.c.PKCS12FilesCreator : Attempt to create PKCS12 keystore files and saving data. Keystore path: /var/certs/keystore.jks - INFO 1 [ main] o.o.a.c.c.c.c.PemToPKCS12Converter : Conversion of PEM certificates to PKCS12 truststore - DEBUG 1 [ main] o.o.a.c.c.c.c.PKCS12FilesCreator : Attempt to create PKCS12 truststore files and saving data. Truststore path: /var/certs/truststore.jks - INFO 1 [ main] o.o.a.c.c.AppExitHandler : Application exits with following exit code: 0 and message: Success + INFO 1 [ main] o.o.a.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://aaf-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12 + INFO 1 [ main] o.o.a.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org + INFO 1 [ main] o.o.a.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048 + INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org + INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been completed successfully + INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Conversion of CSR to PEM has been started + INFO 1 [ main] o.o.a.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM + INFO 1 [ main] o.o.a.c.c.h.HttpClient : Attempt to send request to API, on url: https://aaf-cert-service:8443/v1/certificate/RA + INFO 1 [ main] o.o.a.c.c.h.HttpClient : Received response from API + DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create keystore files and saving data. File names: keystore.p12, keystore.pass + INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 keystore + DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file keystore.p12 in path /var/certs + DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file keystore.pass in path /var/certs + DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create truststore files and saving data. File names: truststore.p12, truststore.pass + INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 truststore + DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file truststore.p12 in path /var/certs + DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file truststore.pass in path /var/certs + INFO 1 [ main] o.o.a.c.c.AppExitHandler : Application exits with following exit code: 0 and message: Success + + If container exits with non 0 exit code, you can find more information in logs, see :ref:`cert_logs` page. @@ -152,13 +164,15 @@ You can use the following deployment example as a reference: imagePullPolicy: Always env: - name: REQUEST_URL - value: http://aaf-cert-service:8080/v1/certificate/ + value: https://aaf-cert-service:8443/v1/certificate/ - name: REQUEST_TIMEOUT value: "1000" - name: OUTPUT_PATH value: /var/certs - name: CA_NAME value: RA + - name: OUTPUT_TYPE + value: P12 - name: COMMON_NAME value: onap.org - name: ORGANIZATION @@ -195,4 +209,3 @@ You can use the following deployment example as a reference: secretName: aaf-cert-service-client-tls-secret # Value of global.aaf.certService.client.secret.name ... -
\ No newline at end of file @@ -55,7 +55,6 @@ <httpcomponents.version>4.5.6</httpcomponents.version> <commons-lang3.version>3.9</commons-lang3.version> <commons-io.version>2.6</commons-io.version> - <docker-maven-plugin.version>0.33.0</docker-maven-plugin.version> <junit.version>5.5.2</junit.version> <mockito-junit-jupiter.version>2.17.0</mockito-junit-jupiter.version> @@ -67,6 +66,7 @@ <docker-image.namespace>onap</docker-image.namespace> <docker-image.name>${project.groupId}.${project.artifactId}</docker-image.name> <docker-image.latest>${project.version}</docker-image.latest> + <docker-image.tag.latest>latest</docker-image.tag.latest> <version>${project.version}</version> <docker.http_proxy/> diff --git a/releases/1.1.0-container.yaml b/releases/1.1.0-container.yaml new file mode 100644 index 00000000..9ca1e66d --- /dev/null +++ b/releases/1.1.0-container.yaml @@ -0,0 +1,12 @@ +distribution_type: 'container' +container_release_tag: '1.1.0' +container_pull_registry: nexus3.onap.org:10003 +container_push_registry: nexus3.onap.org:10002 +project: 'aaf-certservice' +log_dir: 'aaf-certservice-maven-docker-stage-master/146/' +ref: 34d11834cbe76992246f3a4c5df5807af2e7d0d2 +containers: + - name: 'org.onap.aaf.certservice.aaf-certservice-api' + version: '1.1.0-20200625T112018Z' + - name: 'org.onap.aaf.certservice.aaf-certservice-client' + version: '1.1.0-20200625T112018Z' |