summaryrefslogtreecommitdiffstats
path: root/sms-service
diff options
context:
space:
mode:
Diffstat (limited to 'sms-service')
-rwxr-xr-xsms-service/bin/build_quorum_image.sh2
-rwxr-xr-xsms-service/bin/build_sms_image.sh12
-rw-r--r--sms-service/bin/deploy/quorumconfig.json5
-rwxr-xr-xsms-service/bin/deploy/sms.sh13
-rw-r--r--sms-service/bin/deploy/smsconfig.json7
-rw-r--r--sms-service/bin/quorumdockerfile2
-rw-r--r--sms-service/bin/smsdockerfile6
-rw-r--r--sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr32
-rw-r--r--sms-service/src/sms/auth/auth.go57
-rw-r--r--sms-service/src/sms/certs/aaf-sms.pr30
-rw-r--r--sms-service/src/sms/certs/aaf-sms.pub (renamed from sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem)47
-rw-r--r--sms-service/src/sms/certs/aaf_root_ca.cer (renamed from sms-service/src/sms/auth/aaf_root_ca.cer)0
-rw-r--r--sms-service/src/sms/config/config.go1
-rw-r--r--sms-service/src/sms/sms.go10
-rw-r--r--sms-service/src/sms/smsconfig.json.template7
-rw-r--r--sms-service/src/sms/test/loop_test.sh26
16 files changed, 157 insertions, 100 deletions
diff --git a/sms-service/bin/build_quorum_image.sh b/sms-service/bin/build_quorum_image.sh
index b26accf..72932e5 100755
--- a/sms-service/bin/build_quorum_image.sh
+++ b/sms-service/bin/build_quorum_image.sh
@@ -28,7 +28,7 @@ function generate_binary {
}
function copy_certificates {
- cp ../src/sms/auth/aaf_root_ca.cer .
+ cp ../src/sms/certs/aaf_root_ca.cer .
}
function cleanup {
diff --git a/sms-service/bin/build_sms_image.sh b/sms-service/bin/build_sms_image.sh
index 46685b6..2a98709 100755
--- a/sms-service/bin/build_sms_image.sh
+++ b/sms-service/bin/build_sms_image.sh
@@ -28,16 +28,16 @@ function generate_binary {
}
function copy_certificates {
- cp ../src/sms/auth/aaf_root_ca.cer .
- cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem .
- cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr .
+ cp ../src/sms/certs/aaf_root_ca.cer .
+ cp ../src/sms/certs/aaf-sms.pub .
+ cp ../src/sms/certs/aaf-sms.pr .
}
function cleanup {
rm sms
- rm aaf-sms.api.simpledemo.onap.org.pem
- rm aaf-sms.api.simpledemo.onap.org.pr
- rm aaf_root_ca.cer
+ rm aaf-sms.pub
+ rm aaf-sms.pr
+ rm aaf_root_ca.cer
}
function build_image {
diff --git a/sms-service/bin/deploy/quorumconfig.json b/sms-service/bin/deploy/quorumconfig.json
index d2f647f..696fec6 100644
--- a/sms-service/bin/deploy/quorumconfig.json
+++ b/sms-service/bin/deploy/quorumconfig.json
@@ -1,7 +1,6 @@
{
- "url":"https://sms-service:10443",
- "servername":"aaf-sms.api.simpledemo.onap.org",
- "cafile":"cert/aaf_root_ca.cer",
+ "url":"https://aaf-sms.onap:10443",
+ "cafile":"certs/aaf_root_ca.cer",
"clientcert":"client.cert",
"clientkey":"client.key",
"timeout":"10s"
diff --git a/sms-service/bin/deploy/sms.sh b/sms-service/bin/deploy/sms.sh
index 3a6153c..a7eca69 100755
--- a/sms-service/bin/deploy/sms.sh
+++ b/sms-service/bin/deploy/sms.sh
@@ -69,13 +69,14 @@ docker cp vault.json sms-vault:/vault/config/config.json;
docker start sms-vault;
# Start SMS
-docker create --rm --name sms-service --network sms-net \
---hostname sms-service -p "10443:10443" \
+# Matching hostname with cert name
+docker create --rm --name aaf-sms.onap --network sms-net \
+--hostname aaf-sms.onap -p "10443:10443" \
-v sms-service:/sms/auth \
${SMS_IMG};
-docker cp smsconfig.json sms-service:/sms/smsconfig.json
-docker start sms-service
+docker cp smsconfig.json aaf-sms.onap:/sms/smsconfig.json
+docker start aaf-sms.onap
# Start 3 Quorum Clients
for i in {0..2}
@@ -96,7 +97,7 @@ fi
# Shutdown and clean up.
if [ "$1" = "stop" ]; then
-docker stop sms-vault sms-consul sms-service;
+docker stop sms-vault sms-consul aaf-sms.onap;
for i in {0..2}; do
docker stop sms-quorum-$i
done
@@ -110,4 +111,4 @@ fi
if [ $SS = 0 ]; then
echo "Please type ${0} start or ${0} stop"
-fi \ No newline at end of file
+fi
diff --git a/sms-service/bin/deploy/smsconfig.json b/sms-service/bin/deploy/smsconfig.json
index 4c3cf3c..df446eb 100644
--- a/sms-service/bin/deploy/smsconfig.json
+++ b/sms-service/bin/deploy/smsconfig.json
@@ -1,7 +1,8 @@
{
- "cafile": "cert/aaf_root_ca.cer",
- "servercert": "cert/aaf-sms.api.simpledemo.onap.org.pem",
- "serverkey": "cert/aaf-sms.api.simpledemo.onap.org.pr",
+ "cafile": "certs/aaf_root_ca.cer",
+ "servercert": "certs/aaf-sms.pub",
+ "serverkey": "certs/aaf-sms.pr",
+ "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==",
"smsdbaddress": "http://sms-vault:8200"
}
diff --git a/sms-service/bin/quorumdockerfile b/sms-service/bin/quorumdockerfile
index 3b787d7..2874b7a 100644
--- a/sms-service/bin/quorumdockerfile
+++ b/sms-service/bin/quorumdockerfile
@@ -5,7 +5,7 @@ LABEL version=2.0.0
LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
RUN mkdir -p /quorumclient/auth
-ADD aaf_root_ca.cer /quorumclient/cert/aaf_root_ca.cer
+ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
ADD quorumclient /quorumclient/bin/quorumclient
RUN chmod +x /quorumclient/bin/quorumclient
diff --git a/sms-service/bin/smsdockerfile b/sms-service/bin/smsdockerfile
index 14327dc..19ce84f 100644
--- a/sms-service/bin/smsdockerfile
+++ b/sms-service/bin/smsdockerfile
@@ -7,9 +7,9 @@ LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
EXPOSE 10443
RUN mkdir -p /sms/auth
-ADD aaf_root_ca.cer /sms/cert/aaf_root_ca.cer
-ADD aaf-sms.api.simpledemo.onap.org.pem /sms/cert/aaf-sms.api.simpledemo.onap.org.pem
-ADD aaf-sms.api.simpledemo.onap.org.pr /sms/cert/aaf-sms.api.simpledemo.onap.org.pr
+ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
+ADD aaf-sms.pub /sms/certs/aaf-sms.pub
+ADD aaf-sms.pr /sms/certs/aaf-sms.pr
ADD sms /sms/bin/sms
RUN chmod +x /sms/bin/sms
diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr b/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr
deleted file mode 100644
index e2204ae..0000000
--- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr
+++ /dev/null
@@ -1,32 +0,0 @@
-Bag Attributes
- localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08
- friendlyName: aaf-sms@aaf-sms.onap.org
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwOaxW5b6v24bY
-j+5/UlsxvoZr6FQ98y8jKZ9i61oRr1AQWTVNUS+7TwFPvh0Kbn+5JZqwQCAFWZ4i
-ghih3LTsF78vhpm3zgmYUiwkd9b5ofJUuiZntE4oCm+rC7atcmoRzWlnVl7/EX4i
-dlmrrAr/B1LhkjlqY/1pbZ6OG73LWfpGaMkq6/EI0VEYsgycXt/ibWlItBnwolXP
-tchVmVPWnrRFQYKLsGiznuMP4C9Vz4p75hrHhGE2wOxulNEPW92a3aZhFr0B0S+J
-ObOupr7vGplt9WlElOCJRd3yg6+sa/wEtI96rCZRAIInf1bnllOmclcOnNwUaMLX
-B+Aio9P/AgMBAAECggEAVHvhxmswRujMtegS49FczPVVRkhEksqST541vluse4v7
-q0rJRf7lDjxrGYrAK28cJmwDw/mKIGZ9bHfITVkdF46u5p719Ot/KBpE9VrKojTk
-k4AGx3LmgUW3kV31PyP5+/zpSlRbCJefS/BHPwkk4GznbCMJCZtUMwYNnH1qOSFn
-MbHH5TRzfsFsF1OALYnXcq+zaUYXVM25hCiQ0pPtsnPcnVO+mV0mWRBQNbPMmV8A
-Yy2XqB4fTxIjJ+k28ppmf2Eq9AuISJvwG/T2p+FHkXjNAYrJqUQw5S780499RqXI
-6BhIjrjx9Pyb8zUle+3ZN+FbBcs4RHgrgL05ueWe4QKBgQDXLypqRuIRKAXrtAwo
-fSCc/pKY9+rHvKQbqqY0eVSb8tZMMLDA0ElQuF3LoWIRJGYnb9PcQN/C+qtyY82Z
-bG+iWmdHtrm361H8ry2Mjdo7T65qypHS++RhaUhEHgPQaqXNLcmyruI+EWG6cC7n
-hNO3VY1G2xhaSaDF5sja4cjtMQKBgQDRpsDhJuXQb6L7yjDf3lYq3ZqjyY0P66Wo
-DaBwnH0I3GFE+jyOfSFNAalLErbXZwD/XSS1dKE3iVrzy9tYCLp4n7TSLVI4n1bz
-O8gH9qqbYEG8VhEYfuQF1wKxeqQ4q9fuzDe3dlAQyw80tFCiFvtPls67B5cRR6Di
-5f15iBLILwKBgGKWX251r1mA5sWIphFe0rRbBjtDSrPcP6vVUXS1KgiRB5G8tR6B
-zzVGYuLKu61y6cKjv4Mnzdz9D9PG2gmy3qqZlLwMgaY8EEIe2FWPIC8QYK7YxFrP
-wWDH5a4fukugsPoCQmi1Kz6YpBfREgxMlNtoPOP7uXqURS6mf9uYmn/hAoGBAKuA
-6lBFbcKxUHcB1DGOxJaUaiiKfKcFcqKjYxg8K9zPy5KN0nQN0OwZ68/KI2DalmpQ
-W/NE0Y2JA6pkna7KlSCQJW+6O4SudIbN5Lj/BFnOyHe1QI71XruYRE/DsAvcJ+zl
-ir6+Pok+U9Ydm8i9XCCjkcJWVzJ/khGLa2u78QFpAoGAKwlTP1rQGLMz0uUW8bx9
-EAHUf0IkXgs+qVCvg6gWE96q7l+UncLf4842Rl77uZfJr76yBhwo3ezCA+DQDqmg
-JhktLPnaeHJcuTiYI/bXXlNCf56SsY88TxP1UGkbSmYryLAO/fM9nAHH7qj7DWqW
-Ng8ecGGlcYcjmKxtWYolR+U=
------END PRIVATE KEY----- \ No newline at end of file
diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index 038e31d..9f6abde 100644
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -22,21 +22,23 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
+ "encoding/pem"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/packet"
"io/ioutil"
+ smsconfig "sms/config"
smslogger "sms/log"
)
// GetTLSConfig initializes a tlsConfig using the CA's certificate
// This config is then used to enable the server for mutual TLS
-func GetTLSConfig(caCertFile string) (*tls.Config, error) {
+func GetTLSConfig(caCertFile string, certFile string, keyFile string) (*tls.Config, error) {
// Initialize tlsConfig once
caCert, err := ioutil.ReadFile(caCertFile)
- if err != nil {
+ if smslogger.CheckError(err, "Read CA Cert file") != nil {
return nil, err
}
@@ -49,10 +51,61 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
ClientCAs: caCertPool,
MinVersion: tls.VersionTLS12,
}
+
+ certPEMBlk, err := readPEMBlock(certFile)
+ if smslogger.CheckError(err, "Read Cert File") != nil {
+ return nil, err
+ }
+
+ keyPEMBlk, err := readPEMBlock(keyFile)
+ if smslogger.CheckError(err, "Read Key File") != nil {
+ return nil, err
+ }
+
+ tlsConfig.Certificates = make([]tls.Certificate, 1)
+ tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlk, keyPEMBlk)
+ if smslogger.CheckError(err, "Load x509 cert and key") != nil {
+ return nil, err
+ }
+
tlsConfig.BuildNameToCertificate()
return tlsConfig, nil
}
+func readPEMBlock(filename string) ([]byte, error) {
+
+ pemData, err := ioutil.ReadFile(filename)
+
+ if smslogger.CheckError(err, "Read PEM File") != nil {
+ return nil, err
+ }
+
+ pemBlock, rest := pem.Decode(pemData)
+ if len(rest) > 0 {
+ smslogger.WriteWarn("Pemfile has extra data")
+ }
+
+ if x509.IsEncryptedPEMBlock(pemBlock) {
+ pByte, err := base64.StdEncoding.DecodeString(smsconfig.SMSConfig.Password)
+ if smslogger.CheckError(err, "Decode PEM Password") != nil {
+ return nil, err
+ }
+
+ pemData, err = x509.DecryptPEMBlock(pemBlock, pByte)
+ if smslogger.CheckError(err, "Decrypt PEM Data") != nil {
+ return nil, err
+ }
+ var newPEMBlock pem.Block
+ newPEMBlock.Type = pemBlock.Type
+ newPEMBlock.Bytes = pemData
+ // Converting back to PEM from DER data you get from
+ // DecryptPEMBlock
+ pemData = pem.EncodeToMemory(&newPEMBlock)
+ }
+
+ return pemData, nil
+}
+
// GeneratePGPKeyPair produces a PGP key pair and returns
// two things:
// A base64 encoded form of the public part of the entity
diff --git a/sms-service/src/sms/certs/aaf-sms.pr b/sms-service/src/sms/certs/aaf-sms.pr
new file mode 100644
index 0000000..21e1eed
--- /dev/null
+++ b/sms-service/src/sms/certs/aaf-sms.pr
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,092DAD75B21417FF
+
+1g81WUZ9gS39NIMr++2E7nLJ5WBZkKjIl0F7rINsaiiLzBHRo5yhlSECwLugFOTi
+/X5jHweymAJny7gxxCZykfwwIWixtqyWCXsSfJpOX2VSUcsWWxIfFZQG6Os1HgU4
+XtPn6TgegX1BXgiQDN92tOBcspvVTyMRN+EOaYGj7J4NsJShAsWD7KSotpH63WDD
+pBp67ieBaVm4544u66pty76DT5AmZ/Lq7fXsAwTbwZXEVSFCjhoiIKq2d31USmEs
+I73+GU1IODFIftKLfTWnU94BWYtvGjmyv0p89LahvhhpuieJAL7883lIE1mXHw9m
+1y3VURxSW/OqjUv6cyJWVxLKzplhAfp9VI8lbkQe3n1N++ZC0+brz7ynpBGdElts
+DvajPs/doXdPsJMO2DHKLNHLjLnnp0wlJf0MXhwbr2wggveG9izUcmw3cBjumEJz
+q0wNODxGS7pPesjbOmAVHjpVORaaTyZS4nkD0iFHA+bZ2Us2M90lfYLBkafx19vA
+REBmxjwOWJAAAxn5f2mb6ji48L5nZGpETDnwH91uwS1EVBIvsoDSc2YXVDDYJhkA
+lSGT/U6Zi/WZ8oRyFN9vnGMB8yLo3lU2STelNMvE7ou0P5Vo/TnXHZPEh0SBZf/o
+tSa7cbKX0TlAd5oGcdq0yMcaXvU/CxVBKsZ4T+RJMChzQ5e1Jl46mi6ZrX7B3S5e
+xml9RKHZ0G84c1paEp1GjnUO4z2wFBX/BdSeQ7QNd9J2owRzqE5X0ATeI/p/iSSc
+y1AmX8pfakRKxY/Z2PcpSbq/K0TxVzpJMSkUCEQnFrlQJu6Clj2MQH4dq/PfS0r0
+8q28f3DymrvfBqtJp3FDRO2AE02PTILRXMJMQetsosRjfaQ9RUYEZo4EnoPQvjPl
+u/UZ//afIr2AX4C5xXEUKSxtaaxcwMqTwf1+r1Ljnv8iq9hq3yZkMWUG3/ttCdcy
+SU4fpOrBfwujq3NAKE+JVXr4MmRunjDqLuHrEk2MXebZfs1XgBF0wIka3xrO1iMl
+DDKK3KYFmAVlsiC0YaVLldSKpqBKbauPMQAvGnSMmFsQnxGg484z5bf6/OcB0hSB
+bxgGzFG/hTAfKsKIYDl/kezUEZZnTnY4DQH1gk5W2QFgi6df9RhO9ZagD2ZQym1M
+xkKF+JmpqwSDO7NawXKsVPtXXaPZsT4ZUGeMeeQSGm7EoNQiV/Kih0Qn6zhCwlk4
+hyKD0Ctlelaz+eORATPH/sqaPNkV6bxJ25h+xFTIPSKc/+upsIygkaPFb6v6ypwd
+ePFTiZ0ZL8zM+fcmwCTriAXmCiF/SA9WPR5i5yy96sKvjQ69fe4ADVShPEDwWtGH
+4j/tVx3nVTeGVYMTZksmu2KfXgQ0lg5K971eVjXzAwf5D27PdQzrV2Lw/ss+ACuR
+sJP0Ef5JImboiIN3noYIYInqffsNpXgFTPeukljRkh+GQgghEruXH4CCXKtQg5Ql
+DXRSS4mEIDfT+9y5J3ysKqVQSwE3cz1ZCkTRCdXKEzeU5eJZW1r2Bs7V6v0eSJNN
+p9qFqEGmW/MebytvEJso9ZzeI7OSyNWUNjUUdQvlZo3Z+eIcSVNUNag02lyYCaXL
+-----END RSA PRIVATE KEY-----
diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem b/sms-service/src/sms/certs/aaf-sms.pub
index a8ae076..ac8ec6f 100644
--- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem
+++ b/sms-service/src/sms/certs/aaf-sms.pub
@@ -1,32 +1,33 @@
Bag Attributes
- localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08
+ localKeyID: 70 BC 84 27 26 2F A9 A1 42 24 D6 1A 3B BA B8 84 A2 6A 69 56
friendlyName: aaf-sms@aaf-sms.onap.org
-subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms.api.simpledemo.onap.org
+subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms
issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1
-----BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBHDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
+MIIEZzCCA0+gAwIBAgIBJTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk
-aWF0ZUNBXzEwHhcNMTgwNDI1MTEwOTI1WhcNMTkwNDIwMTEwOTI1WjB5MQswCQYD
+aWF0ZUNBXzEwHhcNMTgwNTA4MTIyNTMxWhcNMTkwNTAzMTIyNTMxWjBhMQswCQYD
VQQGEwJVUzENMAsGA1UECgwET05BUDEhMB8GA1UECwwYYWFmLXNtc0BhYWYtc21z
-Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEoMCYGA1UEAwwfYWFmLXNtcy5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALA5rFblvq/bhtiP7n9SWzG+hmvoVD3zLyMpn2LrWhGvUBBZNU1RL7tPAU++
-HQpuf7klmrBAIAVZniKCGKHctOwXvy+GmbfOCZhSLCR31vmh8lS6Jme0TigKb6sL
-tq1yahHNaWdWXv8RfiJ2WausCv8HUuGSOWpj/Wltno4bvctZ+kZoySrr8QjRURiy
-DJxe3+JtaUi0GfCiVc+1yFWZU9aetEVBgouwaLOe4w/gL1XPinvmGseEYTbA7G6U
-0Q9b3ZrdpmEWvQHRL4k5s66mvu8amW31aUSU4IlF3fKDr6xr/AS0j3qsJlEAgid/
-VueWU6ZyVw6c3BRowtcH4CKj0/8CAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCG
-SAGG+EIBAQQEAwIGwDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQg
-U2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTaf9ELsETQX2tK/ilkzkFwlNx+
-OzBUBgNVHSMETTBLgBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UE
-CwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB
-/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcN
-AQELBQADggEBACJFD0XRb6YmL5n0+coxb6y/reG/aCgspiilIgS+DcDNSmUzU7gb
-Yn43ZWQtgIepUk3vbv+lO15u7wbaHGWhJ7SAlFXzHgthjvi1wcLZilKdKTRktZa+
-q+v/3VrU8gZkf9sydbOseCA0vGdnO5UHQqMfIo3kpJsNxb2lT6FmdU5GKGellHvi
-fkczO1UZnSYGgkpyBV+gU6peDLNDludiq1iD1gLHdSpn3U1pcaFaBg3lFQamEOVH
-0vyxl6naD8C8K7wFFbFOJ9LV2dvTB04DmofUNaO9kuqRrLndHcR2b4htCLRHK4O2
-wap2ThiXgiy86zvTZKWt2YTghZUNjaPOpMQ=
+Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEQMA4GA1UEAwwHYWFmLXNtczCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfY6LRP7EuYINoFoROTuuLZMbpD
+rX6GxKIsa7Zu+gHC6SC07FrtwxSC7/PRhN+/RFbpmVxZTAyn0NL+lljF3zsSIuNK
+Xz26YvKYp9A7hJUBZ0BoKFBEa7NC8Gb9OKLRJiCQucJ7OR/PXY1BDCXxXHJAt56u
+JI6YLaGenk0nqqIpW8rIQjh0t89vBBJbkfSGGT4FFj9u1TGJ0hXI8QY5a9aTkXyt
+BLxROArUPatw9mal3ZJX4l06OacpDGFSLRKtssG5fjk0dnTs4eox/3OilFs6x1Wn
+f6oduIsuaROed7uhX+Do6UROnYr7LA4xXI1Gs9ONNBSE1/ySmiUXJXxB14kCAwEA
+AaOCAUIwggE+MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgbAMDMGCWCGSAGG
++EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFHXg1N9VCaxvC/44iUnRuKWrUrdAMFQGA1UdIwRNMEuAFB3mWV0bngo4
+pGKmwYXz88/W8ZfqoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05B
+UDELMAkGA1UEBhMCVVOCAQEwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjBFBgNVHREEPjA8ghthYWYtc21zLnNpbXBsZWRlbW8u
+b25hcC5vcmeCD2FhZi1zbXMtZGIub25hcIIMYWFmLXNtcy5vbmFwMA0GCSqGSIb3
+DQEBCwUAA4IBAQA+KKgn7Q0svrdalZ574nhgibWGYnSzkL23RAUv4lkH3HEKAN9d
+E961Dp112XFihKg0OFK/toENikj0iPHq09XgU9L/Ni3eaOWw1DP7r86JsQzSvtGa
+J3r3T65D5rL+1ejpT6flMY6DG78/wh7OGQaPcSEpypWTi2lXhIrydfH3BQ5cCqvm
+adNZS/BgbudIC4T0nOs7PbmzGuJmo7s06vkAhUt/HpGbjTC0xjoqPZWQVfaNzGqR
+9YSKyRFvV6EAb7s9i6h15KRRIEItQCWZtKgCJDqYcUma1WJDNuZ2WQwfrUEupioV
+BUs+joZT1unGYGhv6l+NPOw9tuPDi47Z8HzP
-----END CERTIFICATE-----
Bag Attributes: <No Attributes>
subject=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1
diff --git a/sms-service/src/sms/auth/aaf_root_ca.cer b/sms-service/src/sms/certs/aaf_root_ca.cer
index e9a50d7..e9a50d7 100644
--- a/sms-service/src/sms/auth/aaf_root_ca.cer
+++ b/sms-service/src/sms/certs/aaf_root_ca.cer
diff --git a/sms-service/src/sms/config/config.go b/sms-service/src/sms/config/config.go
index 3901817..30caf82 100644
--- a/sms-service/src/sms/config/config.go
+++ b/sms-service/src/sms/config/config.go
@@ -29,6 +29,7 @@ type SMSConfiguration struct {
CAFile string `json:"cafile"`
ServerCert string `json:"servercert"`
ServerKey string `json:"serverkey"`
+ Password string `json:"password"`
BackendAddress string `json:"smsdbaddress"`
VaultToken string `json:"vaulttoken"`
diff --git a/sms-service/src/sms/sms.go b/sms-service/src/sms/sms.go
index fea6b10..9fc60bb 100644
--- a/sms-service/src/sms/sms.go
+++ b/sms-service/src/sms/sms.go
@@ -67,14 +67,16 @@ func main() {
smslogger.WriteWarn("TLS is Disabled")
err = httpServer.ListenAndServe()
} else {
- // TODO: Use CA certificate from AAF
- tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile)
- if err != nil {
+ // Populate TLSConfig with the certificates and privatekey
+ // information
+ tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile, smsConf.ServerCert, smsConf.ServerKey)
+ if smslogger.CheckError(err, "Get TLS Configuration") != nil {
log.Fatal(err)
}
httpServer.TLSConfig = tlsConfig
- err = httpServer.ListenAndServeTLS(smsConf.ServerCert, smsConf.ServerKey)
+ // empty strings because tlsconfig already has this information
+ err = httpServer.ListenAndServeTLS("", "")
}
if err != nil && err != http.ErrServerClosed {
diff --git a/sms-service/src/sms/smsconfig.json.template b/sms-service/src/sms/smsconfig.json.template
index b74bdff..1779342 100644
--- a/sms-service/src/sms/smsconfig.json.template
+++ b/sms-service/src/sms/smsconfig.json.template
@@ -1,7 +1,8 @@
{
- "cafile": "auth/aaf_root_ca.cer",
- "servercert": "auth/aaf-sms.api.simpledemo.onap.org.pem",
- "serverkey": "auth/aaf-sms.api.simpledemo.onap.org.pr",
+ "cafile": "certs/aaf_root_ca.cer",
+ "servercert": "certs/aaf-sms.pub",
+ "serverkey": "certs/aaf-sms.pr",
+ "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZAo=",
"smsdbaddress": "http://localhost:8200",
"vaulttoken": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
diff --git a/sms-service/src/sms/test/loop_test.sh b/sms-service/src/sms/test/loop_test.sh
index a48c9b1..5fed4d2 100644
--- a/sms-service/src/sms/test/loop_test.sh
+++ b/sms-service/src/sms/test/loop_test.sh
@@ -6,54 +6,54 @@ PORT=$2
for i in `seq 1 2`;
do
echo -e "${RED}----------------BEGIN GET STATUS----------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/quorum/status
echo -e "${RED}----------------BEGIN CREATE SECRET DOMAIN------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_domain.json https://${URL}:${PORT}/v1/sms/domain
echo -e "${RED}----------------BEGIN CREATE SECRET 1-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_secret1.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN CREATE SECRET 2-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_secret2.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN CREATE SECRET 3-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \
-d @test/test_create_secret3.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN LIST SECRET---------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret
echo -e "${RED}----------------BEGIN GET SECRET 1--------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1
echo -e "${RED}----------------BEGIN GET SECRET 2--------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2
echo -e "${RED}----------------BEGIN GET SECRET 3--------------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3
echo -e "${RED}----------------BEGIN DELETE SECRET 1-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1
echo -e "${RED}----------------BEGIN DELETE SECRET 2-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2
echo -e "${RED}----------------BEGIN DELETE SECRET 3-----------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3
echo -e "${RED}----------------BEGIN DELETE SECRET DOMAIN------${NC}"
- curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \
+ curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \
https://${URL}:${PORT}/v1/sms/domain/curltestdomain
done