Adding updated certs and encryption

Adding new SAN certificates from AAF Adding encrypted storage for certificates Moving certificates to different folder during deployment. certs vs auth Issue-ID: AAF-284 Change-Id: Ic0c3972556b36f773c7a653059eccd077624e4b6 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
author: Kiran Kamineni <kiran.k.kamineni@intel.com> 2018-05-14 14:40:03 -0700
committer: Girish Havaldar <hg0071052@techmahindra.com> 2018-05-15 04:25:49 +0000
commit: 30cd384dd2ea48ad3be9c6595cc1b43fe2318e4a (patch)
tree: 23d2f7f99a39b90d1e7d7274ef1007ff6c89ad3c /sms-service
parent: 9f98749e160474ce06214530a4c05dbf3468f5cc (diff)
16 files changed, 157 insertions, 100 deletions
diff --git a/sms-service/bin/build_quorum_image.sh b/sms-service/bin/build_quorum_image.sh
index b26accf..72932e5 100755
--- a/sms-service/bin/build_quorum_image.sh
+++ b/sms-service/bin/build_quorum_image.sh
@@ -28,7 +28,7 @@ function generate_binary {
 }
 
 function copy_certificates {
-    cp ../src/sms/auth/aaf_root_ca.cer .
+    cp ../src/sms/certs/aaf_root_ca.cer .
 }
 
 function cleanup {
diff --git a/sms-service/bin/build_sms_image.sh b/sms-service/bin/build_sms_image.sh
index 46685b6..2a98709 100755
--- a/sms-service/bin/build_sms_image.sh
+++ b/sms-service/bin/build_sms_image.sh
@@ -28,16 +28,16 @@ function generate_binary {
 }
 
 function copy_certificates {
-    cp ../src/sms/auth/aaf_root_ca.cer .
-    cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem .
-    cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr .
+    cp ../src/sms/certs/aaf_root_ca.cer .
+    cp ../src/sms/certs/aaf-sms.pub .
+    cp ../src/sms/certs/aaf-sms.pr .
 }
 
 function cleanup {
     rm sms
-    rm aaf-sms.api.simpledemo.onap.org.pem
-    rm aaf-sms.api.simpledemo.onap.org.pr
-    rm aaf_root_ca.cer 
+    rm aaf-sms.pub
+    rm aaf-sms.pr
+    rm aaf_root_ca.cer
 }
 
 function build_image {
diff --git a/sms-service/bin/deploy/quorumconfig.json b/sms-service/bin/deploy/quorumconfig.json
index d2f647f..696fec6 100644
--- a/sms-service/bin/deploy/quorumconfig.json
+++ b/sms-service/bin/deploy/quorumconfig.json
@@ -1,7 +1,6 @@
 {
-    "url":"https://sms-service:10443",
-    "servername":"aaf-sms.api.simpledemo.onap.org",
-    "cafile":"cert/aaf_root_ca.cer",
+    "url":"https://aaf-sms.onap:10443",
+    "cafile":"certs/aaf_root_ca.cer",
     "clientcert":"client.cert",
     "clientkey":"client.key",
     "timeout":"10s"
diff --git a/sms-service/bin/deploy/sms.sh b/sms-service/bin/deploy/sms.sh
index 3a6153c..a7eca69 100755
--- a/sms-service/bin/deploy/sms.sh
+++ b/sms-service/bin/deploy/sms.sh
@@ -69,13 +69,14 @@ docker cp vault.json sms-vault:/vault/config/config.json;
 docker start sms-vault;
 
 # Start SMS
-docker create --rm --name sms-service --network sms-net \
---hostname sms-service -p "10443:10443" \
+# Matching hostname with cert name
+docker create --rm --name aaf-sms.onap --network sms-net \
+--hostname aaf-sms.onap -p "10443:10443" \
 -v sms-service:/sms/auth \
 ${SMS_IMG};
 
-docker cp smsconfig.json sms-service:/sms/smsconfig.json
-docker start sms-service
+docker cp smsconfig.json aaf-sms.onap:/sms/smsconfig.json
+docker start aaf-sms.onap
 
 # Start 3 Quorum Clients
 for i in {0..2}
@@ -96,7 +97,7 @@ fi
 
 # Shutdown and clean up.
 if [ "$1" = "stop" ]; then
-docker stop sms-vault sms-consul sms-service;
+docker stop sms-vault sms-consul aaf-sms.onap;
 for i in {0..2}; do
 docker stop sms-quorum-$i
 done
@@ -110,4 +111,4 @@ fi
 
 if [ $SS = 0 ]; then
 	echo "Please type ${0} start or ${0} stop"
-fi
-\ No newline at end of file
+fi
diff --git a/sms-service/bin/deploy/smsconfig.json b/sms-service/bin/deploy/smsconfig.json
index 4c3cf3c..df446eb 100644
--- a/sms-service/bin/deploy/smsconfig.json
+++ b/sms-service/bin/deploy/smsconfig.json
@@ -1,7 +1,8 @@
 {
-    "cafile":     "cert/aaf_root_ca.cer",
-    "servercert": "cert/aaf-sms.api.simpledemo.onap.org.pem",
-    "serverkey":  "cert/aaf-sms.api.simpledemo.onap.org.pr",
+    "cafile":     "certs/aaf_root_ca.cer",
+    "servercert": "certs/aaf-sms.pub",
+    "serverkey":  "certs/aaf-sms.pr",
+    "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==",
 
     "smsdbaddress": "http://sms-vault:8200"
 }
diff --git a/sms-service/bin/quorumdockerfile b/sms-service/bin/quorumdockerfile
index 3b787d7..2874b7a 100644
--- a/sms-service/bin/quorumdockerfile
+++ b/sms-service/bin/quorumdockerfile
@@ -5,7 +5,7 @@ LABEL version=2.0.0
 LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
 
 RUN mkdir -p /quorumclient/auth
-ADD aaf_root_ca.cer /quorumclient/cert/aaf_root_ca.cer
+ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
 ADD quorumclient /quorumclient/bin/quorumclient
 RUN chmod +x /quorumclient/bin/quorumclient
 
diff --git a/sms-service/bin/smsdockerfile b/sms-service/bin/smsdockerfile
index 14327dc..19ce84f 100644
--- a/sms-service/bin/smsdockerfile
+++ b/sms-service/bin/smsdockerfile
@@ -7,9 +7,9 @@ LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
 EXPOSE 10443
 
 RUN mkdir -p /sms/auth
-ADD aaf_root_ca.cer /sms/cert/aaf_root_ca.cer
-ADD aaf-sms.api.simpledemo.onap.org.pem /sms/cert/aaf-sms.api.simpledemo.onap.org.pem
-ADD aaf-sms.api.simpledemo.onap.org.pr /sms/cert/aaf-sms.api.simpledemo.onap.org.pr
+ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
+ADD aaf-sms.pub /sms/certs/aaf-sms.pub
+ADD aaf-sms.pr /sms/certs/aaf-sms.pr
 ADD sms /sms/bin/sms
 RUN chmod +x /sms/bin/sms
 
diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr b/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr
deleted file mode 100644
index e2204ae..0000000
--- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr
+++ /dev/null
@@ -1,32 +0,0 @@
-Bag Attributes
-    localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08
-    friendlyName: aaf-sms@aaf-sms.onap.org
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwOaxW5b6v24bY
-j+5/UlsxvoZr6FQ98y8jKZ9i61oRr1AQWTVNUS+7TwFPvh0Kbn+5JZqwQCAFWZ4i
-ghih3LTsF78vhpm3zgmYUiwkd9b5ofJUuiZntE4oCm+rC7atcmoRzWlnVl7/EX4i
-dlmrrAr/B1LhkjlqY/1pbZ6OG73LWfpGaMkq6/EI0VEYsgycXt/ibWlItBnwolXP
-tchVmVPWnrRFQYKLsGiznuMP4C9Vz4p75hrHhGE2wOxulNEPW92a3aZhFr0B0S+J
-ObOupr7vGplt9WlElOCJRd3yg6+sa/wEtI96rCZRAIInf1bnllOmclcOnNwUaMLX
-B+Aio9P/AgMBAAECggEAVHvhxmswRujMtegS49FczPVVRkhEksqST541vluse4v7
-q0rJRf7lDjxrGYrAK28cJmwDw/mKIGZ9bHfITVkdF46u5p719Ot/KBpE9VrKojTk
-k4AGx3LmgUW3kV31PyP5+/zpSlRbCJefS/BHPwkk4GznbCMJCZtUMwYNnH1qOSFn
-MbHH5TRzfsFsF1OALYnXcq+zaUYXVM25hCiQ0pPtsnPcnVO+mV0mWRBQNbPMmV8A
-Yy2XqB4fTxIjJ+k28ppmf2Eq9AuISJvwG/T2p+FHkXjNAYrJqUQw5S780499RqXI
-6BhIjrjx9Pyb8zUle+3ZN+FbBcs4RHgrgL05ueWe4QKBgQDXLypqRuIRKAXrtAwo
-fSCc/pKY9+rHvKQbqqY0eVSb8tZMMLDA0ElQuF3LoWIRJGYnb9PcQN/C+qtyY82Z
-bG+iWmdHtrm361H8ry2Mjdo7T65qypHS++RhaUhEHgPQaqXNLcmyruI+EWG6cC7n
-hNO3VY1G2xhaSaDF5sja4cjtMQKBgQDRpsDhJuXQb6L7yjDf3lYq3ZqjyY0P66Wo
-DaBwnH0I3GFE+jyOfSFNAalLErbXZwD/XSS1dKE3iVrzy9tYCLp4n7TSLVI4n1bz
-O8gH9qqbYEG8VhEYfuQF1wKxeqQ4q9fuzDe3dlAQyw80tFCiFvtPls67B5cRR6Di
-5f15iBLILwKBgGKWX251r1mA5sWIphFe0rRbBjtDSrPcP6vVUXS1KgiRB5G8tR6B
-zzVGYuLKu61y6cKjv4Mnzdz9D9PG2gmy3qqZlLwMgaY8EEIe2FWPIC8QYK7YxFrP
-wWDH5a4fukugsPoCQmi1Kz6YpBfREgxMlNtoPOP7uXqURS6mf9uYmn/hAoGBAKuA
-6lBFbcKxUHcB1DGOxJaUaiiKfKcFcqKjYxg8K9zPy5KN0nQN0OwZ68/KI2DalmpQ
-W/NE0Y2JA6pkna7KlSCQJW+6O4SudIbN5Lj/BFnOyHe1QI71XruYRE/DsAvcJ+zl
-ir6+Pok+U9Ydm8i9XCCjkcJWVzJ/khGLa2u78QFpAoGAKwlTP1rQGLMz0uUW8bx9
-EAHUf0IkXgs+qVCvg6gWE96q7l+UncLf4842Rl77uZfJr76yBhwo3ezCA+DQDqmg
-JhktLPnaeHJcuTiYI/bXXlNCf56SsY88TxP1UGkbSmYryLAO/fM9nAHH7qj7DWqW
-Ng8ecGGlcYcjmKxtWYolR+U=
------END PRIVATE KEY-----
-\ No newline at end of file
diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index 038e31d..9f6abde 100644
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -22,21 +22,23 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/pem"
 	"golang.org/x/crypto/openpgp"
 	"golang.org/x/crypto/openpgp/packet"
 	"io/ioutil"
 
+	smsconfig "sms/config"
 	smslogger "sms/log"
 )
 
 // GetTLSConfig initializes a tlsConfig using the CA's certificate
 // This config is then used to enable the server for mutual TLS
-func GetTLSConfig(caCertFile string) (*tls.Config, error) {
+func GetTLSConfig(caCertFile string, certFile string, keyFile string) (*tls.Config, error) {
 
 	// Initialize tlsConfig once
 	caCert, err := ioutil.ReadFile(caCertFile)
 
-	if err != nil {
+	if smslogger.CheckError(err, "Read CA Cert file") != nil {
 		return nil, err
 	}
 
@@ -49,10 +51,61 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
 		ClientCAs:  caCertPool,
 		MinVersion: tls.VersionTLS12,
 	}
+
+	certPEMBlk, err := readPEMBlock(certFile)
+	if smslogger.CheckError(err, "Read Cert File") != nil {
+		return nil, err
+	}
+
+	keyPEMBlk, err := readPEMBlock(keyFile)
+	if smslogger.CheckError(err, "Read Key File") != nil {
+		return nil, err
+	}
+
+	tlsConfig.Certificates = make([]tls.Certificate, 1)
+	tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlk, keyPEMBlk)
+	if smslogger.CheckError(err, "Load x509 cert and key") != nil {
+		return nil, err
+	}
+
 	tlsConfig.BuildNameToCertificate()
 	return tlsConfig, nil
 }
 
+func readPEMBlock(filename string) ([]byte, error) {
+
+	pemData, err := ioutil.ReadFile(filename)
+
+	if smslogger.CheckError(err, "Read PEM File") != nil {
+		return nil, err
+	}
+
+	pemBlock, rest := pem.Decode(pemData)
+	if len(rest) > 0 {
+		smslogger.WriteWarn("Pemfile has extra data")
+	}
+
+	if x509.IsEncryptedPEMBlock(pemBlock) {
+		pByte, err := base64.StdEncoding.DecodeString(smsconfig.SMSConfig.Password)
+		if smslogger.CheckError(err, "Decode PEM Password") != nil {
+			return nil, err
+		}
+
+		pemData, err = x509.DecryptPEMBlock(pemBlock, pByte)
+		if smslogger.CheckError(err, "Decrypt PEM Data") != nil {
+			return nil, err
+		}
+		var newPEMBlock pem.Block
+		newPEMBlock.Type = pemBlock.Type
+		newPEMBlock.Bytes = pemData
+		// Converting back to PEM from DER data you get from
+		// DecryptPEMBlock
+		pemData = pem.EncodeToMemory(&newPEMBlock)
+	}
+
+	return pemData, nil
+}
+
 // GeneratePGPKeyPair produces a PGP key pair and returns
 // two things:
 // A base64 encoded form of the public part of the entity
diff --git a/sms-service/src/sms/certs/aaf-sms.pr b/sms-service/src/sms/certs/aaf-sms.pr
new file mode 100644
index 0000000..21e1eed
--- /dev/null
+++ b/sms-service/src/sms/certs/aaf-sms.pr
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,092DAD75B21417FF
+
+1g81WUZ9gS39NIMr++2E7nLJ5WBZkKjIl0F7rINsaiiLzBHRo5yhlSECwLugFOTi
+/X5jHweymAJny7gxxCZykfwwIWixtqyWCXsSfJpOX2VSUcsWWxIfFZQG6Os1HgU4
+XtPn6TgegX1BXgiQDN92tOBcspvVTyMRN+EOaYGj7J4NsJShAsWD7KSotpH63WDD
+pBp67ieBaVm4544u66pty76DT5AmZ/Lq7fXsAwTbwZXEVSFCjhoiIKq2d31USmEs
+I73+GU1IODFIftKLfTWnU94BWYtvGjmyv0p89LahvhhpuieJAL7883lIE1mXHw9m
+1y3VURxSW/OqjUv6cyJWVxLKzplhAfp9VI8lbkQe3n1N++ZC0+brz7ynpBGdElts
+DvajPs/doXdPsJMO2DHKLNHLjLnnp0wlJf0MXhwbr2wggveG9izUcmw3cBjumEJz
+q0wNODxGS7pPesjbOmAVHjpVORaaTyZS4nkD0iFHA+bZ2Us2M90lfYLBkafx19vA
+REBmxjwOWJAAAxn5f2mb6ji48L5nZGpETDnwH91uwS1EVBIvsoDSc2YXVDDYJhkA
+lSGT/U6Zi/WZ8oRyFN9vnGMB8yLo3lU2STelNMvE7ou0P5Vo/TnXHZPEh0SBZf/o
+tSa7cbKX0TlAd5oGcdq0yMcaXvU/CxVBKsZ4T+RJMChzQ5e1Jl46mi6ZrX7B3S5e
+xml9RKHZ0G84c1paEp1GjnUO4z2wFBX/BdSeQ7QNd9J2owRzqE5X0ATeI/p/iSSc
+y1AmX8pfakRKxY/Z2PcpSbq/K0TxVzpJMSkUCEQnFrlQJu6Clj2MQH4dq/PfS0r0
+8q28f3DymrvfBqtJp3FDRO2AE02PTILRXMJMQetsosRjfaQ9RUYEZo4EnoPQvjPl
+u/UZ//afIr2AX4C5xXEUKSxtaaxcwMqTwf1+r1Ljnv8iq9hq3yZkMWUG3/ttCdcy
+SU4fpOrBfwujq3NAKE+JVXr4MmRunjDqLuHrEk2MXebZfs1XgBF0wIka3xrO1iMl
+DDKK3KYFmAVlsiC0YaVLldSKpqBKbauPMQAvGnSMmFsQnxGg484z5bf6/OcB0hSB
+bxgGzFG/hTAfKsKIYDl/kezUEZZnTnY4DQH1gk5W2QFgi6df9RhO9ZagD2ZQym1M
+xkKF+JmpqwSDO7NawXKsVPtXXaPZsT4ZUGeMeeQSGm7EoNQiV/Kih0Qn6zhCwlk4
+hyKD0Ctlelaz+eORATPH/sqaPNkV6bxJ25h+xFTIPSKc/+upsIygkaPFb6v6ypwd
+ePFTiZ0ZL8zM+fcmwCTriAXmCiF/SA9WPR5i5yy96sKvjQ69fe4ADVShPEDwWtGH
+4j/tVx3nVTeGVYMTZksmu2KfXgQ0lg5K971eVjXzAwf5D27PdQzrV2Lw/ss+ACuR
+sJP0Ef5JImboiIN3noYIYInqffsNpXgFTPeukljRkh+GQgghEruXH4CCXKtQg5Ql
+DXRSS4mEIDfT+9y5J3ysKqVQSwE3cz1ZCkTRCdXKEzeU5eJZW1r2Bs7V6v0eSJNN
+p9qFqEGmW/MebytvEJso9ZzeI7OSyNWUNjUUdQvlZo3Z+eIcSVNUNag02lyYCaXL
+-----END RSA PRIVATE KEY-----
diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem b/sms-service/src/sms/certs/aaf-sms.pub
index a8ae076..ac8ec6f 100644
--- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem
+++ b/sms-service/src/sms/certs/aaf-sms.pub
@@ -1,32 +1,33 @@
 Bag Attributes
-    localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08
+    localKeyID: 70 BC 84 27 26 2F A9 A1 42 24 D6 1A 3B BA B8 84 A2 6A 69 56
     friendlyName: aaf-sms@aaf-sms.onap.org
-subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms.api.simpledemo.onap.org
+subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms
 issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1
 -----BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBHDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
+MIIEZzCCA0+gAwIBAgIBJTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
 MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk
-aWF0ZUNBXzEwHhcNMTgwNDI1MTEwOTI1WhcNMTkwNDIwMTEwOTI1WjB5MQswCQYD
+aWF0ZUNBXzEwHhcNMTgwNTA4MTIyNTMxWhcNMTkwNTAzMTIyNTMxWjBhMQswCQYD
 VQQGEwJVUzENMAsGA1UECgwET05BUDEhMB8GA1UECwwYYWFmLXNtc0BhYWYtc21z
-Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEoMCYGA1UEAwwfYWFmLXNtcy5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALA5rFblvq/bhtiP7n9SWzG+hmvoVD3zLyMpn2LrWhGvUBBZNU1RL7tPAU++
-HQpuf7klmrBAIAVZniKCGKHctOwXvy+GmbfOCZhSLCR31vmh8lS6Jme0TigKb6sL
-tq1yahHNaWdWXv8RfiJ2WausCv8HUuGSOWpj/Wltno4bvctZ+kZoySrr8QjRURiy
-DJxe3+JtaUi0GfCiVc+1yFWZU9aetEVBgouwaLOe4w/gL1XPinvmGseEYTbA7G6U
-0Q9b3ZrdpmEWvQHRL4k5s66mvu8amW31aUSU4IlF3fKDr6xr/AS0j3qsJlEAgid/
-VueWU6ZyVw6c3BRowtcH4CKj0/8CAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCG
-SAGG+EIBAQQEAwIGwDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQg
-U2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTaf9ELsETQX2tK/ilkzkFwlNx+
-OzBUBgNVHSMETTBLgBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UE
-CwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB
-/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcN
-AQELBQADggEBACJFD0XRb6YmL5n0+coxb6y/reG/aCgspiilIgS+DcDNSmUzU7gb
-Yn43ZWQtgIepUk3vbv+lO15u7wbaHGWhJ7SAlFXzHgthjvi1wcLZilKdKTRktZa+
-q+v/3VrU8gZkf9sydbOseCA0vGdnO5UHQqMfIo3kpJsNxb2lT6FmdU5GKGellHvi
-fkczO1UZnSYGgkpyBV+gU6peDLNDludiq1iD1gLHdSpn3U1pcaFaBg3lFQamEOVH
-0vyxl6naD8C8K7wFFbFOJ9LV2dvTB04DmofUNaO9kuqRrLndHcR2b4htCLRHK4O2
-wap2ThiXgiy86zvTZKWt2YTghZUNjaPOpMQ=
+Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEQMA4GA1UEAwwHYWFmLXNtczCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfY6LRP7EuYINoFoROTuuLZMbpD
+rX6GxKIsa7Zu+gHC6SC07FrtwxSC7/PRhN+/RFbpmVxZTAyn0NL+lljF3zsSIuNK
+Xz26YvKYp9A7hJUBZ0BoKFBEa7NC8Gb9OKLRJiCQucJ7OR/PXY1BDCXxXHJAt56u
+JI6YLaGenk0nqqIpW8rIQjh0t89vBBJbkfSGGT4FFj9u1TGJ0hXI8QY5a9aTkXyt
+BLxROArUPatw9mal3ZJX4l06OacpDGFSLRKtssG5fjk0dnTs4eox/3OilFs6x1Wn
+f6oduIsuaROed7uhX+Do6UROnYr7LA4xXI1Gs9ONNBSE1/ySmiUXJXxB14kCAwEA
+AaOCAUIwggE+MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgbAMDMGCWCGSAGG
++EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFHXg1N9VCaxvC/44iUnRuKWrUrdAMFQGA1UdIwRNMEuAFB3mWV0bngo4
+pGKmwYXz88/W8ZfqoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05B
+UDELMAkGA1UEBhMCVVOCAQEwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjBFBgNVHREEPjA8ghthYWYtc21zLnNpbXBsZWRlbW8u
+b25hcC5vcmeCD2FhZi1zbXMtZGIub25hcIIMYWFmLXNtcy5vbmFwMA0GCSqGSIb3
+DQEBCwUAA4IBAQA+KKgn7Q0svrdalZ574nhgibWGYnSzkL23RAUv4lkH3HEKAN9d
+E961Dp112XFihKg0OFK/toENikj0iPHq09XgU9L/Ni3eaOWw1DP7r86JsQzSvtGa
+J3r3T65D5rL+1ejpT6flMY6DG78/wh7OGQaPcSEpypWTi2lXhIrydfH3BQ5cCqvm
+adNZS/BgbudIC4T0nOs7PbmzGuJmo7s06vkAhUt/HpGbjTC0xjoqPZWQVfaNzGqR
+9YSKyRFvV6EAb7s9i6h15KRRIEItQCWZtKgCJDqYcUma1WJDNuZ2WQwfrUEupioV
+BUs+joZT1unGYGhv6l+NPOw9tuPDi47Z8HzP
 -----END CERTIFICATE-----
 Bag Attributes: <No Attributes>
 subject=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1
diff --git a/sms-service/src/sms/auth/aaf_root_ca.cer b/sms-service/src/sms/certs/aaf_root_ca.cer
index e9a50d7..e9a50d7 100644
--- a/sms-service/src/sms/auth/aaf_root_ca.cer
+++ b/sms-service/src/sms/certs/aaf_root_ca.cer
diff --git a/sms-service/src/sms/config/config.go b/sms-service/src/sms/config/config.go
index 3901817..30caf82 100644
--- a/sms-service/src/sms/config/config.go
+++ b/sms-service/src/sms/config/config.go
@@ -29,6 +29,7 @@ type SMSConfiguration struct {
 	CAFile     string `json:"cafile"`
 	ServerCert string `json:"servercert"`
 	ServerKey  string `json:"serverkey"`
+	Password   string `json:"password"`
 
 	BackendAddress            string `json:"smsdbaddress"`
 	VaultToken                string `json:"vaulttoken"`
diff --git a/sms-service/src/sms/sms.go b/sms-service/src/sms/sms.go
index fea6b10..9fc60bb 100644
--- a/sms-service/src/sms/sms.go
+++ b/sms-service/src/sms/sms.go
@@ -67,14 +67,16 @@ func main() {
 		smslogger.WriteWarn("TLS is Disabled")
 		err = httpServer.ListenAndServe()
 	} else {
-		// TODO: Use CA certificate from AAF
-		tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile)
-		if err != nil {
+		// Populate TLSConfig with the certificates and privatekey
+		// information
+		tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile, smsConf.ServerCert, smsConf.ServerKey)
+		if smslogger.CheckError(err, "Get TLS Configuration") != nil {
 			log.Fatal(err)
 		}
 
 		httpServer.TLSConfig = tlsConfig
-		err = httpServer.ListenAndServeTLS(smsConf.ServerCert, smsConf.ServerKey)
+		// empty strings because tlsconfig already has this information
+		err = httpServer.ListenAndServeTLS("", "")
 	}
 
 	if err != nil && err != http.ErrServerClosed {
diff --git a/sms-service/src/sms/smsconfig.json.template b/sms-service/src/sms/smsconfig.json.template
index b74bdff..1779342 100644
--- a/sms-service/src/sms/smsconfig.json.template
+++ b/sms-service/src/sms/smsconfig.json.template
@@ -1,7 +1,8 @@
 {
-    "cafile":     "auth/aaf_root_ca.cer",
-    "servercert": "auth/aaf-sms.api.simpledemo.onap.org.pem",
-    "serverkey":  "auth/aaf-sms.api.simpledemo.onap.org.pr",
+    "cafile":     "certs/aaf_root_ca.cer",
+    "servercert": "certs/aaf-sms.pub",
+    "serverkey":  "certs/aaf-sms.pr",
+    "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZAo=",
 
     "smsdbaddress":     "http://localhost:8200",
     "vaulttoken":       "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
diff --git a/sms-service/src/sms/test/loop_test.sh b/sms-service/src/sms/test/loop_test.sh
index a48c9b1..5fed4d2 100644
--- a/sms-service/src/sms/test/loop_test.sh
+++ b/sms-service/src/sms/test/loop_test.sh
@@ -6,54 +6,54 @@ PORT=$2
 for i in `seq 1 2`;
 do
   echo -e "${RED}----------------BEGIN GET STATUS----------------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
     https://${URL}:${PORT}/v1/sms/quorum/status
 
   echo -e "${RED}----------------BEGIN CREATE SECRET DOMAIN------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
     -d @test/test_create_domain.json https://${URL}:${PORT}/v1/sms/domain
 
   echo -e "${RED}----------------BEGIN CREATE SECRET 1-----------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
     -d @test/test_create_secret1.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
 
   echo -e "${RED}----------------BEGIN CREATE SECRET 2-----------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
     -d @test/test_create_secret2.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
 
   echo -e "${RED}----------------BEGIN CREATE SECRET 3-----------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
     -d @test/test_create_secret3.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
 
   echo -e "${RED}----------------BEGIN LIST SECRET---------------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
 
   echo -e "${RED}----------------BEGIN GET SECRET 1--------------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1
 
   echo -e "${RED}----------------BEGIN GET SECRET 2--------------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2
 
   echo -e "${RED}----------------BEGIN GET SECRET 3--------------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3
 
   echo -e "${RED}----------------BEGIN DELETE SECRET 1-----------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1
 
   echo -e "${RED}----------------BEGIN DELETE SECRET 2-----------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2
 
   echo -e "${RED}----------------BEGIN DELETE SECRET 3-----------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3
 
   echo -e "${RED}----------------BEGIN DELETE SECRET DOMAIN------${NC}"
-  curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+  curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
     https://${URL}:${PORT}/v1/sms/domain/curltestdomain
 done
author	Kiran Kamineni <kiran.k.kamineni@intel.com>	2018-05-14 14:40:03 -0700
committer	Girish Havaldar <hg0071052@techmahindra.com>	2018-05-15 04:25:49 +0000
commit	30cd384dd2ea48ad3be9c6595cc1b43fe2318e4a (patch)
tree	23d2f7f99a39b90d1e7d7274ef1007ff6c89ad3c /sms-service
parent	9f98749e160474ce06214530a4c05dbf3468f5cc (diff)