summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-05-14 14:40:03 -0700
committerGirish Havaldar <hg0071052@techmahindra.com>2018-05-15 04:25:49 +0000
commit30cd384dd2ea48ad3be9c6595cc1b43fe2318e4a (patch)
tree23d2f7f99a39b90d1e7d7274ef1007ff6c89ad3c
parent9f98749e160474ce06214530a4c05dbf3468f5cc (diff)
Adding updated certs and encryption
Adding new SAN certificates from AAF Adding encrypted storage for certificates Moving certificates to different folder during deployment. certs vs auth Issue-ID: AAF-284 Change-Id: Ic0c3972556b36f773c7a653059eccd077624e4b6 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rwxr-xr-xsms-service/bin/build_quorum_image.sh2
-rwxr-xr-xsms-service/bin/build_sms_image.sh12
-rw-r--r--sms-service/bin/deploy/quorumconfig.json5
-rwxr-xr-xsms-service/bin/deploy/sms.sh13
-rw-r--r--sms-service/bin/deploy/smsconfig.json7
-rw-r--r--sms-service/bin/quorumdockerfile2
-rw-r--r--sms-service/bin/smsdockerfile6
-rw-r--r--sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr32
-rw-r--r--sms-service/src/sms/auth/auth.go57
-rw-r--r--sms-service/src/sms/certs/aaf-sms.pr30
-rw-r--r--sms-service/src/sms/certs/aaf-sms.pub (renamed from sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem)47
-rw-r--r--sms-service/src/sms/certs/aaf_root_ca.cer (renamed from sms-service/src/sms/auth/aaf_root_ca.cer)0
-rw-r--r--sms-service/src/sms/config/config.go1
-rw-r--r--sms-service/src/sms/sms.go10
-rw-r--r--sms-service/src/sms/smsconfig.json.template7
-rw-r--r--sms-service/src/sms/test/loop_test.sh26
16 files changed, 157 insertions, 100 deletions
diff --git a/sms-service/bin/build_quorum_image.sh b/sms-service/bin/build_quorum_image.sh
index b26accf..72932e5 100755
--- a/sms-service/bin/build_quorum_image.sh
+++ b/sms-service/bin/build_quorum_image.sh
@@ -28,7 +28,7 @@ function generate_binary {
}
function copy_certificates {
- cp ../src/sms/auth/aaf_root_ca.cer .
+ cp ../src/sms/certs/aaf_root_ca.cer .
}
function cleanup {
diff --git a/sms-service/bin/build_sms_image.sh b/sms-service/bin/build_sms_image.sh
index 46685b6..2a98709 100755
--- a/sms-service/bin/build_sms_image.sh
+++ b/sms-service/bin/build_sms_image.sh
@@ -28,16 +28,16 @@ function generate_binary {
}
function copy_certificates {
- cp ../src/sms/auth/aaf_root_ca.cer .
- cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem .
- cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr .
+ cp ../src/sms/certs/aaf_root_ca.cer .
+ cp ../src/sms/certs/aaf-sms.pub .
+ cp ../src/sms/certs/aaf-sms.pr .
}
function cleanup {
rm sms
- rm aaf-sms.api.simpledemo.onap.org.pem
- rm aaf-sms.api.simpledemo.onap.org.pr
- rm aaf_root_ca.cer
+ rm aaf-sms.pub
+ rm aaf-sms.pr
+ rm aaf_root_ca.cer
}
function build_image {
diff --git a/sms-service/bin/deploy/quorumconfig.json b/sms-service/bin/deploy/quorumconfig.json
index d2f647f..696fec6 100644
--- a/sms-service/bin/deploy/quorumconfig.json
+++ b/sms-service/bin/deploy/quorumconfig.json
@@ -1,7 +1,6 @@
{
- "url":"https://sms-service:10443",
- "servername":"aaf-sms.api.simpledemo.onap.org",
- "cafile":"cert/aaf_root_ca.cer",
+ "url":"https://aaf-sms.onap:10443",
+ "cafile":"certs/aaf_root_ca.cer",
"clientcert":"client.cert",
"clientkey":"client.key",
"timeout":"10s"
diff --git a/sms-service/bin/deploy/sms.sh b/sms-service/bin/deploy/sms.sh
index 3a6153c..a7eca69 100755
--- a/sms-service/bin/deploy/sms.sh
+++ b/sms-service/bin/deploy/sms.sh
@@ -69,13 +69,14 @@ docker cp vault.json sms-vault:/vault/config/config.json;
docker start sms-vault;
# Start SMS
-docker create --rm --name sms-service --network sms-net \
---hostname sms-service -p "10443:10443" \
+# Matching hostname with cert name
+docker create --rm --name aaf-sms.onap --network sms-net \
+--hostname aaf-sms.onap -p "10443:10443" \
-v sms-service:/sms/auth \
${SMS_IMG};
-docker cp smsconfig.json sms-service:/sms/smsconfig.json
-docker start sms-service
+docker cp smsconfig.json aaf-sms.onap:/sms/smsconfig.json
+docker start aaf-sms.onap
# Start 3 Quorum Clients
for i in {0..2}
@@ -96,7 +97,7 @@ fi
# Shutdown and clean up.
if [ "$1" = "stop" ]; then
-docker stop sms-vault sms-consul sms-service;
+docker stop sms-vault sms-consul aaf-sms.onap;
for i in {0..2}; do
docker stop sms-quorum-$i
done
@@ -110,4 +111,4 @@ fi
if [ $SS = 0 ]; then
echo "Please type ${0} start or ${0} stop"
-fi \ No newline at end of file
+fi
diff --git a/sms-service/bin/deploy/smsconfig.json b/sms-service/bin/deploy/smsconfig.json
index 4c3cf3c..df446eb 100644
--- a/sms-service/bin/deploy/smsconfig.json
+++ b/sms-service/bin/deploy/smsconfig.json
@@ -1,7 +1,8 @@
{
- "cafile": "cert/aaf_root_ca.cer",
- "servercert": "cert/aaf-sms.api.simpledemo.onap.org.pem",
- "serverkey": "cert/aaf-sms.api.simpledemo.onap.org.pr",
+ "cafile": "certs/aaf_root_ca.cer",
+ "servercert": "certs/aaf-sms.pub",
+ "serverkey": "certs/aaf-sms.pr",
+ "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==",
"smsdbaddress": "http://sms-vault:8200"
}
diff --git a/sms-service/bin/quorumdockerfile b/sms-service/bin/quorumdockerfile
index 3b787d7..2874b7a 100644
--- a/sms-service/bin/quorumdockerfile
+++ b/sms-service/bin/quorumdockerfile
@@ -5,7 +5,7 @@ LABEL version=2.0.0
LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
RUN mkdir -p /quorumclient/auth
-ADD aaf_root_ca.cer /quorumclient/cert/aaf_root_ca.cer
+ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
ADD quorumclient /quorumclient/bin/quorumclient
RUN chmod +x /quorumclient/bin/quorumclient
diff --git a/sms-service/bin/smsdockerfile b/sms-service/bin/smsdockerfile
index 14327dc..19ce84f 100644
--- a/sms-service/bin/smsdockerfile
+++ b/sms-service/bin/smsdockerfile
@@ -7,9 +7,9 @@ LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
EXPOSE 10443
RUN mkdir -p /sms/auth
-ADD aaf_root_ca.cer /sms/cert/aaf_root_ca.cer
-ADD aaf-sms.api.simpledemo.onap.org.pem /sms/cert/aaf-sms.api.simpledemo.onap.org.pem
-ADD aaf-sms.api.simpledemo.onap.org.pr /sms/cert/aaf-sms.api.simpledemo.onap.org.pr
+ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
+ADD aaf-sms.pub /sms/certs/aaf-sms.pub
+ADD aaf-sms.pr /sms/certs/aaf-sms.pr
ADD sms /sms/bin/sms
RUN chmod +x /sms/bin/sms
diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr b/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr
deleted file mode 100644
index e2204ae..0000000
--- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr
+++ /dev/null
@@ -1,32 +0,0 @@
-Bag Attributes
- localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08
- friendlyName: aaf-sms@aaf-sms.onap.org
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwOaxW5b6v24bY
-j+5/UlsxvoZr6FQ98y8jKZ9i61oRr1AQWTVNUS+7TwFPvh0Kbn+5JZqwQCAFWZ4i
-ghih3LTsF78vhpm3zgmYUiwkd9b5ofJUuiZntE4oCm+rC7atcmoRzWlnVl7/EX4i
-dlmrrAr/B1LhkjlqY/1pbZ6OG73LWfpGaMkq6/EI0VEYsgycXt/ibWlItBnwolXP
-tchVmVPWnrRFQYKLsGiznuMP4C9Vz4p75hrHhGE2wOxulNEPW92a3aZhFr0B0S+J
-ObOupr7vGplt9WlElOCJRd3yg6+sa/wEtI96rCZRAIInf1bnllOmclcOnNwUaMLX
-B+Aio9P/AgMBAAECggEAVHvhxmswRujMtegS49FczPVVRkhEksqST541vluse4v7
-q0rJRf7lDjxrGYrAK28cJmwDw/mKIGZ9bHfITVkdF46u5p719Ot/KBpE9VrKojTk
-k4AGx3LmgUW3kV31PyP5+/zpSlRbCJefS/BHPwkk4GznbCMJCZtUMwYNnH1qOSFn
-MbHH5TRzfsFsF1OALYnXcq+zaUYXVM25hCiQ0pPtsnPcnVO+mV0mWRBQNbPMmV8A
-Yy2XqB4fTxIjJ+k28ppmf2Eq9AuISJvwG/T2p+FHkXjNAYrJqUQw5S780499RqXI
-6BhIjrjx9Pyb8zUle+3ZN+FbBcs4RHgrgL05ueWe4QKBgQDXLypqRuIRKAXrtAwo
-fSCc/pKY9+rHvKQbqqY0eVSb8tZMMLDA0ElQuF3LoWIRJGYnb9PcQN/C+qtyY82Z
-bG+iWmdHtrm361H8ry2Mjdo7T65qypHS++RhaUhEHgPQaqXNLcmyruI+EWG6cC7n
-hNO3VY1G2xhaSaDF5sja4cjtMQKBgQDRpsDhJuXQb6L7yjDf3lYq3ZqjyY0P66Wo
-DaBwnH0I3GFE+jyOfSFNAalLErbXZwD/XSS1dKE3iVrzy9tYCLp4n7TSLVI4n1bz
-O8gH9qqbYEG8VhEYfuQF1wKxeqQ4q9fuzDe3dlAQyw80tFCiFvtPls67B5cRR6Di
-5f15iBLILwKBgGKWX251r1mA5sWIphFe0rRbBjtDSrPcP6vVUXS1KgiRB5G8tR6B
-zzVGYuLKu61y6cKjv4Mnzdz9D9PG2gmy3qqZlLwMgaY8EEIe2FWPIC8QYK7YxFrP
-wWDH5a4fukugsPoCQmi1Kz6YpBfREgxMlNtoPOP7uXqURS6mf9uYmn/hAoGBAKuA
-6lBFbcKxUHcB1DGOxJaUaiiKfKcFcqKjYxg8K9zPy5KN0nQN0OwZ68/KI2DalmpQ
-W/NE0Y2JA6pkna7KlSCQJW+6O4SudIbN5Lj/BFnOyHe1QI71XruYRE/DsAvcJ+zl
-ir6+Pok+U9Ydm8i9XCCjkcJWVzJ/khGLa2u78QFpAoGAKwlTP1rQGLMz0uUW8bx9
-EAHUf0IkXgs+qVCvg6gWE96q7l+UncLf4842Rl77uZfJr76yBhwo3ezCA+DQDqmg
-JhktLPnaeHJcuTiYI/bXXlNCf56SsY88TxP1UGkbSmYryLAO/fM9nAHH7qj7DWqW
-Ng8ecGGlcYcjmKxtWYolR+U=
------END PRIVATE KEY----- \ No newline at end of file
diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index 038e31d..9f6abde 100644
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -22,21 +22,23 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
+ "encoding/pem"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/packet"
"io/ioutil"
+ smsconfig "sms/config"
smslogger "sms/log"
)
// GetTLSConfig initializes a tlsConfig using the CA's certificate
// This config is then used to enable the server for mutual TLS
-func GetTLSConfig(caCertFile string) (*tls.Config, error) {
+func GetTLSConfig(caCertFile string, certFile string, keyFile string) (*tls.Config, error) {
// Initialize tlsConfig once
caCert, err := ioutil.ReadFile(caCertFile)
- if err != nil {
+ if smslogger.CheckError(err, "Read CA Cert file") != nil {
return nil, err
}
@@ -49,10 +51,61 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
ClientCAs: caCertPool,
MinVersion: tls.VersionTLS12,
}
+
+ certPEMBlk, err := readPEMBlock(certFile)
+ if smslogger.CheckError(err, "Read Cert File") != nil {
+ return nil, err
+ }
+
+ keyPEMBlk, err := readPEMBlock(keyFile)
+ if smslogger.CheckError(err, "Read Key File") != nil {
+ return nil, err
+ }
+
+ tlsConfig.Certificates = make([]tls.Certificate, 1)
+ tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlk, keyPEMBlk)
+ if smslogger.CheckError(err, "Load x509 cert and key") != nil {
+ return nil, err
+ }
+
tlsConfig.BuildNameToCertificate()
return tlsConfig, nil
}
+func readPEMBlock(filename string) ([]byte, error) {
+
+ pemData, err := ioutil.ReadFile(filename)
+
+ if smslogger.CheckError(err, "Read PEM File") != nil {
+ return nil, err
+ }
+
+ pemBlock, rest := pem.Decode(pemData)
+ if len(rest) > 0 {
+ smslogger.WriteWarn("Pemfile has extra data")
+ }
+
+ if x509.IsEncryptedPEMBlock(pemBlock) {
+ pByte, err := base64.StdEncoding.DecodeString(smsconfig.SMSConfig.Password)
+ if smslogger.CheckError(err, "Decode PEM Password") != nil {
+ return nil, err
+ }
+
+ pemData, err = x509.DecryptPEMBlock(pemBlock, pByte)
+ if smslogger.CheckError(err, "Decrypt PEM Data") != nil {
+ return nil, err
+ }
+ var newPEMBlock pem.Block
+ newPEMBlock.Type = pemBlock.Type
+ newPEMBlock.Bytes = pemData
+ // Converting back to PEM from DER data you get from
+ // DecryptPEMBlock
+ pemData = pem.EncodeToMemory(&newPEMBlock)
+ }
+
+ return pemData, nil
+}
+
// GeneratePGPKeyPair produces a PGP key pair and returns
// two things:
// A base64 encoded form of the public part of the entity
diff --git a/sms-service/src/sms/certs/aaf-sms.pr b/sms-service/src/sms/certs/aaf-sms.pr
new file mode 100644
index 0000000..21e1eed
--- /dev/null
+++ b/sms-service/src/sms/certs/aaf-sms.pr
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,092DAD75B21417FF
+
+1g81WUZ9gS39NIMr++2E7nLJ5WBZkKjIl0F7rINsaiiLzBHRo5yhlSECwLugFOTi
+/X5jHweymAJny7gxxCZykfwwIWixtqyWCXsSfJpOX2VSUcsWWxIfFZQG6Os1HgU4
+XtPn6TgegX1BXgiQDN92tOBcspvVTyMRN+EOaYGj7J4NsJShAsWD7KSotpH63WDD
+pBp67ieBaVm4544u66pty76DT5AmZ/Lq7fXsAwTbwZXEVSFCjhoiIKq2d31USmEs
+I73+GU1IODFIftKLfTWnU94BWYtvGjmyv0p89LahvhhpuieJAL7883lIE1mXHw9m
+1y3VURxSW/OqjUv6cyJWVxLKzplhAfp9VI8lbkQe3n1N++ZC0+brz7ynpBGdElts
+DvajPs/doXdPsJMO2DHKLNHLjLnnp0wlJf0MXhwbr2wggveG9izUcmw3cBjumEJz
+q0wNODxGS7pPesjbOmAVHjpVORaaTyZS4nkD0iFHA+bZ2Us2M90lfYLBkafx19vA
+REBmxjwOWJAAAxn5f2mb6ji48L5nZGpETDnwH91uwS1EVBIvsoDSc2YXVDDYJhkA
+lSGT/U6Zi/WZ8oRyFN9vnGMB8yLo3lU2STelNMvE7ou0P5Vo/TnXHZPEh0SBZf/o
+tSa7cbKX0TlAd5oGcdq0yMcaXvU/CxVBKsZ4T+RJMChzQ5e1Jl46mi6ZrX7B3S5e
+xml9RKHZ0G84c1paEp1GjnUO4z2wFBX/BdSeQ7QNd9J2owRzqE5X0ATeI/p/iSSc
+y1AmX8pfakRKxY/Z2PcpSbq/K0TxVzpJMSkUCEQnFrlQJu6Clj2MQH4dq/PfS0r0
+8q28f3DymrvfBqtJp3FDRO2AE02PTILRXMJMQetsosRjfaQ9RUYEZo4EnoPQvjPl
+u/UZ//afIr2AX4C5xXEUKSxtaaxcwMqTwf1+r1Ljnv8iq9hq3yZkMWUG3/ttCdcy
+SU4fpOrBfwujq3NAKE+JVXr4MmRunjDqLuHrEk2MXebZfs1XgBF0wIka3xrO1iMl
+DDKK3KYFmAVlsiC0YaVLldSKpqBKbauPMQAvGnSMmFsQnxGg484z5bf6/OcB0hSB
+bxgGzFG/hTAfKsKIYDl/kezUEZZnTnY4DQH1gk5W2QFgi6df9RhO9ZagD2ZQym1M
+xkKF+JmpqwSDO7NawXKsVPtXXaPZsT4ZUGeMeeQSGm7EoNQiV/Kih0Qn6zhCwlk4
+hyKD0Ctlelaz+eORATPH/sqaPNkV6bxJ25h+xFTIPSKc/+upsIygkaPFb6v6ypwd
+ePFTiZ0ZL8zM+fcmwCTriAXmCiF/SA9WPR5i5yy96sKvjQ69fe4ADVShPEDwWtGH
+4j/tVx3nVTeGVYMTZksmu2KfXgQ0lg5K971eVjXzAwf5D27PdQzrV2Lw/ss+ACuR
+sJP0Ef5JImboiIN3noYIYInqffsNpXgFTPeukljRkh+GQgghEruXH4CCXKtQg5Ql
+DXRSS4mEIDfT+9y5J3ysKqVQSwE3cz1ZCkTRCdXKEzeU5eJZW1r2Bs7V6v0eSJNN
+p9qFqEGmW/MebytvEJso9ZzeI7OSyNWUNjUUdQvlZo3Z+eIcSVNUNag02lyYCaXL
+-----END RSA PRIVATE KEY-----
diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem b/sms-service/src/sms/certs/aaf-sms.pub
index a8ae076..ac8ec6f 100644
--- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem
+++ b/sms-service/src/sms/certs/aaf-sms.pub
@@ -1,32 +1,33 @@
Bag Attributes
- localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08
+ localKeyID: 70 BC 84 27 26 2F A9 A1 42 24 D6 1A 3B BA B8 84 A2 6A 69 56
friendlyName: aaf-sms@aaf-sms.onap.org
-subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms.api.simpledemo.onap.org
+subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms
issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1
-----BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBHDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
+MIIEZzCCA0+gAwIBAgIBJTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk
-aWF0ZUNBXzEwHhcNMTgwNDI1MTEwOTI1WhcNMTkwNDIwMTEwOTI1WjB5MQswCQYD
+aWF0ZUNBXzEwHhcNMTgwNTA4MTIyNTMxWhcNMTkwNTAzMTIyNTMxWjBhMQswCQYD
VQQGEwJVUzENMAsGA1UECgwET05BUDEhMB8GA1UECwwYYWFmLXNtc0BhYWYtc21z
-Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEoMCYGA1UEAwwfYWFmLXNtcy5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALA5rFblvq/bhtiP7n9SWzG+hmvoVD3zLyMpn2LrWhGvUBBZNU1RL7tPAU++
-HQpuf7klmrBAIAVZniKCGKHctOwXvy+GmbfOCZhSLCR31vmh8lS6Jme0TigKb6sL
-tq1yahHNaWdWXv8RfiJ2WausCv8HUuGSOWpj/Wltno4bvctZ+kZoySrr8QjRURiy
-DJxe3+JtaUi0GfCiVc+1yFWZU9aetEVBgouwaLOe4w/gL1XPinvmGseEYTbA7G6U
-0Q9b3ZrdpmEWvQHRL4k5s66mvu8amW31aUSU4IlF3fKDr6xr/AS0j3qsJlEAgid/
-VueWU6ZyVw6c3BRowtcH4CKj0/8CAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCG
-SAGG+EIBAQQEAwIGwDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQg
-U2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTaf9ELsETQX2tK/ilkzkFwlNx+
-OzBUBgNVHSMETTBLgBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UE
-CwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB
-/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcN
-AQELBQADggEBACJFD0XRb6YmL5n0+coxb6y/reG/aCgspiilIgS+DcDNSmUzU7gb
-Yn43ZWQtgIepUk3vbv+lO15u7wbaHGWhJ7SAlFXzHgthjvi1wcLZilKdKTRktZa+
-q+v/3VrU8gZkf9sydbOseCA0vGdnO5UHQqMfIo3kpJsNxb2lT6FmdU5GKGellHvi
-fkczO1UZnSYGgkpyBV+gU6peDLNDludiq1iD1gLHdSpn3U1pcaFaBg3lFQamEOVH
-0vyxl6naD8C8K7wFFbFOJ9LV2dvTB04DmofUNaO9kuqRrLndHcR2b4htCLRHK4O2
-wap2ThiXgiy86zvTZKWt2YTghZUNjaPOpMQ=
+Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEQMA4GA1UEAwwHYWFmLXNtczCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfY6LRP7EuYINoFoROTuuLZMbpD
+rX6GxKIsa7Zu+gHC6SC07FrtwxSC7/PRhN+/RFbpmVxZTAyn0NL+lljF3zsSIuNK
+Xz26YvKYp9A7hJUBZ0BoKFBEa7NC8Gb9OKLRJiCQucJ7OR/PXY1BDCXxXHJAt56u
+JI6YLaGenk0nqqIpW8rIQjh0t89vBBJbkfSGGT4FFj9u1TGJ0hXI8QY5a9aTkXyt
+BLxROArUPatw9mal3ZJX4l06OacpDGFSLRKtssG5fjk0dnTs4eox/3OilFs6x1Wn
+f6oduIsuaROed7uhX+Do6UROnYr7LA4xXI1Gs9ONNBSE1/ySmiUXJXxB14kCAwEA
+AaOCAUIwggE+MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgbAMDMGCWCGSAGG
++EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFHXg1N9VCaxvC/44iUnRuKWrUrdAMFQGA1UdIwRNMEuAFB3mWV0bngo4
+pGKmwYXz88/W8ZfqoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05B
+UDELMAkGA1UEBhMCVVOCAQEwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjBFBgNVHREEPjA8ghthYWYtc21zLnNpbXBsZWRlbW8u
+b25hcC5vcmeCD2FhZi1zbXMtZGIub25hcIIMYWFmLXNtcy5vbmFwMA0GCSqGSIb3
+DQEBCwUAA4IBAQA+KKgn7Q0svrdalZ574nhgibWGYnSzkL23RAUv4lkH3HEKAN9d
+E961Dp112XFihKg0OFK/toENikj0iPHq09XgU9L/Ni3eaOWw1DP7r86JsQzSvtGa
+J3r3T65D5rL+1ejpT6flMY6DG78/wh7OGQaPcSEpypWTi2lXhIrydfH3BQ5cCqvm
+adNZS/BgbudIC4T0nOs7PbmzGuJmo7s06vkAhUt/HpGbjTC0xjoqPZWQVfaNzGqR
+9YSKyRFvV6EAb7s9i6h15KRRIEItQCWZtKgCJDqYcUma1WJDNuZ2WQwfrUEupioV
+BUs+joZT1unGYGhv6l+NPOw9tuPDi47Z8HzP
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1
diff --git a/sms-service/src/sms/auth/aaf_root_ca.cer b/sms-service/src/sms/certs/aaf_root_ca.cer
index e9a50d7..e9a50d7 100644
--- a/sms-service/src/sms/auth/aaf_root_ca.cer
+++ b/sms-service/src/sms/certs/aaf_root_ca.cer
diff --git a/sms-service/src/sms/config/config.go b/sms-service/src/sms/config/config.go
index 3901817..30caf82 100644
--- a/sms-service/src/sms/config/config.go
+++ b/sms-service/src/sms/config/config.go
@@ -29,6 +29,7 @@ type SMSConfiguration struct {
CAFile string `json:"cafile"`
ServerCert string `json:"servercert"`
ServerKey string `json:"serverkey"`
+ Password string `json:"password"`
BackendAddress string `json:"smsdbaddress"`
VaultToken string `json:"vaulttoken"`
diff --git a/sms-service/src/sms/sms.go b/sms-service/src/sms/sms.go
index fea6b10..9fc60bb 100644
--- a/sms-service/src/sms/sms.go
+++ b/sms-service/src/sms/sms.go
@@ -67,14 +67,16 @@ func main() {
smslogger.WriteWarn("TLS is Disabled")
err = httpServer.ListenAndServe()
} else {
- // TODO: Use CA certificate from AAF
- tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile)
- if err != nil {
+ // Populate TLSConfig with the certificates and privatekey
+ // information
+ tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile, smsConf.ServerCert, smsConf.ServerKey)
+ if smslogger.CheckError(err, "Get TLS Configuration") != nil {
log.Fatal(err)
}
httpServer.TLSConfig = tlsConfig
- err = httpServer.ListenAndServeTLS(smsConf.ServerCert, smsConf.ServerKey)
+ // empty strings because tlsconfig already has this information
+ err = httpServer.ListenAndServeTLS("", "")
}
if err != nil && err != http.ErrServerClosed {
diff --git a/sms-service/src/sms/smsconfig.json.template b/sms-service/src/sms/smsconfig.json.template
index b74bdff..1779342 100644
--- a/sms-service/src/sms/smsconfig.json.template
+++ b/sms-service/src/sms/smsconfig.json.template
@@ -1,7 +1,8 @@
{
- "cafile": "auth/aaf_root_ca.cer",
- "servercert": "auth/aaf-sms.api.simpledemo.onap.org.pem",
- "serverkey": "auth/aaf-sms.api.simpledemo.onap.org.pr",
+ "cafile": "certs/aaf_root_ca.cer",
+ "servercert": "certs/aaf-sms.pub",
+ "serverkey": "certs/aaf-sms.pr",
+ "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZAo=",
"smsdbaddress": "http://localhost:8200",
"vaulttoken": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
diff --git a/sms-service/src/sms/test/loop_test.sh b/sms-service/src/sms/test/loop_test.sh
index a48c9b1..5fed4d2 100644
--- a/sms-service/src/sms/test/loop_test.sh
+++ b/sms-service/src/sms/test/loop_test.sh
@@ -6,54 +6,54 @@ PORT=$2
for i in `seq 1 2`;
do
echo -e "${RED}----------------BEGIN GET STATUS----------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/quorum/status
echo -e "${RED}----------------BEGIN CREATE SECRET DOMAIN------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_domain.json https://${URL}:${PORT}/v1/sms/domain
echo -e "${RED}----------------BEGIN CREATE SECRET 1-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_secret1.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN CREATE SECRET 2-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_secret2.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN CREATE SECRET 3-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_secret3.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN LIST SECRET---------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN GET SECRET 1--------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1
echo -e "${RED}----------------BEGIN GET SECRET 2--------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2
echo -e "${RED}----------------BEGIN GET SECRET 3--------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3
echo -e "${RED}----------------BEGIN DELETE SECRET 1-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1
echo -e "${RED}----------------BEGIN DELETE SECRET 2-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2
echo -e "${RED}----------------BEGIN DELETE SECRET 3-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3
echo -e "${RED}----------------BEGIN DELETE SECRET DOMAIN------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain
done