From 30cd384dd2ea48ad3be9c6595cc1b43fe2318e4a Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Mon, 14 May 2018 14:40:03 -0700 Subject: Adding updated certs and encryption Adding new SAN certificates from AAF Adding encrypted storage for certificates Moving certificates to different folder during deployment. certs vs auth Issue-ID: AAF-284 Change-Id: Ic0c3972556b36f773c7a653059eccd077624e4b6 Signed-off-by: Kiran Kamineni --- sms-service/bin/build_quorum_image.sh | 2 +- sms-service/bin/build_sms_image.sh | 12 ++--- sms-service/bin/deploy/quorumconfig.json | 5 +- sms-service/bin/deploy/sms.sh | 13 ++--- sms-service/bin/deploy/smsconfig.json | 7 +-- sms-service/bin/quorumdockerfile | 2 +- sms-service/bin/smsdockerfile | 6 +-- .../sms/auth/aaf-sms.api.simpledemo.onap.org.pem | 59 --------------------- .../sms/auth/aaf-sms.api.simpledemo.onap.org.pr | 32 ------------ sms-service/src/sms/auth/aaf_root_ca.cer | 31 ----------- sms-service/src/sms/auth/auth.go | 57 +++++++++++++++++++- sms-service/src/sms/certs/aaf-sms.pr | 30 +++++++++++ sms-service/src/sms/certs/aaf-sms.pub | 60 ++++++++++++++++++++++ sms-service/src/sms/certs/aaf_root_ca.cer | 31 +++++++++++ sms-service/src/sms/config/config.go | 1 + sms-service/src/sms/sms.go | 10 ++-- sms-service/src/sms/smsconfig.json.template | 7 +-- sms-service/src/sms/test/loop_test.sh | 26 +++++----- 18 files changed, 224 insertions(+), 167 deletions(-) delete mode 100644 sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem delete mode 100644 sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr delete mode 100644 sms-service/src/sms/auth/aaf_root_ca.cer create mode 100644 sms-service/src/sms/certs/aaf-sms.pr create mode 100644 sms-service/src/sms/certs/aaf-sms.pub create mode 100644 sms-service/src/sms/certs/aaf_root_ca.cer diff --git a/sms-service/bin/build_quorum_image.sh b/sms-service/bin/build_quorum_image.sh index b26accf..72932e5 100755 --- a/sms-service/bin/build_quorum_image.sh +++ b/sms-service/bin/build_quorum_image.sh @@ -28,7 +28,7 @@ function generate_binary { } function copy_certificates { - cp ../src/sms/auth/aaf_root_ca.cer . + cp ../src/sms/certs/aaf_root_ca.cer . } function cleanup { diff --git a/sms-service/bin/build_sms_image.sh b/sms-service/bin/build_sms_image.sh index 46685b6..2a98709 100755 --- a/sms-service/bin/build_sms_image.sh +++ b/sms-service/bin/build_sms_image.sh @@ -28,16 +28,16 @@ function generate_binary { } function copy_certificates { - cp ../src/sms/auth/aaf_root_ca.cer . - cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem . - cp ../src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr . + cp ../src/sms/certs/aaf_root_ca.cer . + cp ../src/sms/certs/aaf-sms.pub . + cp ../src/sms/certs/aaf-sms.pr . } function cleanup { rm sms - rm aaf-sms.api.simpledemo.onap.org.pem - rm aaf-sms.api.simpledemo.onap.org.pr - rm aaf_root_ca.cer + rm aaf-sms.pub + rm aaf-sms.pr + rm aaf_root_ca.cer } function build_image { diff --git a/sms-service/bin/deploy/quorumconfig.json b/sms-service/bin/deploy/quorumconfig.json index d2f647f..696fec6 100644 --- a/sms-service/bin/deploy/quorumconfig.json +++ b/sms-service/bin/deploy/quorumconfig.json @@ -1,7 +1,6 @@ { - "url":"https://sms-service:10443", - "servername":"aaf-sms.api.simpledemo.onap.org", - "cafile":"cert/aaf_root_ca.cer", + "url":"https://aaf-sms.onap:10443", + "cafile":"certs/aaf_root_ca.cer", "clientcert":"client.cert", "clientkey":"client.key", "timeout":"10s" diff --git a/sms-service/bin/deploy/sms.sh b/sms-service/bin/deploy/sms.sh index 3a6153c..a7eca69 100755 --- a/sms-service/bin/deploy/sms.sh +++ b/sms-service/bin/deploy/sms.sh @@ -69,13 +69,14 @@ docker cp vault.json sms-vault:/vault/config/config.json; docker start sms-vault; # Start SMS -docker create --rm --name sms-service --network sms-net \ ---hostname sms-service -p "10443:10443" \ +# Matching hostname with cert name +docker create --rm --name aaf-sms.onap --network sms-net \ +--hostname aaf-sms.onap -p "10443:10443" \ -v sms-service:/sms/auth \ ${SMS_IMG}; -docker cp smsconfig.json sms-service:/sms/smsconfig.json -docker start sms-service +docker cp smsconfig.json aaf-sms.onap:/sms/smsconfig.json +docker start aaf-sms.onap # Start 3 Quorum Clients for i in {0..2} @@ -96,7 +97,7 @@ fi # Shutdown and clean up. if [ "$1" = "stop" ]; then -docker stop sms-vault sms-consul sms-service; +docker stop sms-vault sms-consul aaf-sms.onap; for i in {0..2}; do docker stop sms-quorum-$i done @@ -110,4 +111,4 @@ fi if [ $SS = 0 ]; then echo "Please type ${0} start or ${0} stop" -fi \ No newline at end of file +fi diff --git a/sms-service/bin/deploy/smsconfig.json b/sms-service/bin/deploy/smsconfig.json index 4c3cf3c..df446eb 100644 --- a/sms-service/bin/deploy/smsconfig.json +++ b/sms-service/bin/deploy/smsconfig.json @@ -1,7 +1,8 @@ { - "cafile": "cert/aaf_root_ca.cer", - "servercert": "cert/aaf-sms.api.simpledemo.onap.org.pem", - "serverkey": "cert/aaf-sms.api.simpledemo.onap.org.pr", + "cafile": "certs/aaf_root_ca.cer", + "servercert": "certs/aaf-sms.pub", + "serverkey": "certs/aaf-sms.pr", + "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==", "smsdbaddress": "http://sms-vault:8200" } diff --git a/sms-service/bin/quorumdockerfile b/sms-service/bin/quorumdockerfile index 3b787d7..2874b7a 100644 --- a/sms-service/bin/quorumdockerfile +++ b/sms-service/bin/quorumdockerfile @@ -5,7 +5,7 @@ LABEL version=2.0.0 LABEL maintainer="Girish Havaldar " RUN mkdir -p /quorumclient/auth -ADD aaf_root_ca.cer /quorumclient/cert/aaf_root_ca.cer +ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer ADD quorumclient /quorumclient/bin/quorumclient RUN chmod +x /quorumclient/bin/quorumclient diff --git a/sms-service/bin/smsdockerfile b/sms-service/bin/smsdockerfile index 14327dc..19ce84f 100644 --- a/sms-service/bin/smsdockerfile +++ b/sms-service/bin/smsdockerfile @@ -7,9 +7,9 @@ LABEL maintainer="vamshi krishna " EXPOSE 10443 RUN mkdir -p /sms/auth -ADD aaf_root_ca.cer /sms/cert/aaf_root_ca.cer -ADD aaf-sms.api.simpledemo.onap.org.pem /sms/cert/aaf-sms.api.simpledemo.onap.org.pem -ADD aaf-sms.api.simpledemo.onap.org.pr /sms/cert/aaf-sms.api.simpledemo.onap.org.pr +ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer +ADD aaf-sms.pub /sms/certs/aaf-sms.pub +ADD aaf-sms.pr /sms/certs/aaf-sms.pr ADD sms /sms/bin/sms RUN chmod +x /sms/bin/sms diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem b/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem deleted file mode 100644 index a8ae076..0000000 --- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pem +++ /dev/null @@ -1,59 +0,0 @@ -Bag Attributes - localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08 - friendlyName: aaf-sms@aaf-sms.onap.org -subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms.api.simpledemo.onap.org -issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1 ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBHDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN -MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk -aWF0ZUNBXzEwHhcNMTgwNDI1MTEwOTI1WhcNMTkwNDIwMTEwOTI1WjB5MQswCQYD -VQQGEwJVUzENMAsGA1UECgwET05BUDEhMB8GA1UECwwYYWFmLXNtc0BhYWYtc21z -Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEoMCYGA1UEAwwfYWFmLXNtcy5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALA5rFblvq/bhtiP7n9SWzG+hmvoVD3zLyMpn2LrWhGvUBBZNU1RL7tPAU++ -HQpuf7klmrBAIAVZniKCGKHctOwXvy+GmbfOCZhSLCR31vmh8lS6Jme0TigKb6sL -tq1yahHNaWdWXv8RfiJ2WausCv8HUuGSOWpj/Wltno4bvctZ+kZoySrr8QjRURiy -DJxe3+JtaUi0GfCiVc+1yFWZU9aetEVBgouwaLOe4w/gL1XPinvmGseEYTbA7G6U -0Q9b3ZrdpmEWvQHRL4k5s66mvu8amW31aUSU4IlF3fKDr6xr/AS0j3qsJlEAgid/ -VueWU6ZyVw6c3BRowtcH4CKj0/8CAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCG -SAGG+EIBAQQEAwIGwDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQg -U2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTaf9ELsETQX2tK/ilkzkFwlNx+ -OzBUBgNVHSMETTBLgBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UE -CwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB -/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcN -AQELBQADggEBACJFD0XRb6YmL5n0+coxb6y/reG/aCgspiilIgS+DcDNSmUzU7gb -Yn43ZWQtgIepUk3vbv+lO15u7wbaHGWhJ7SAlFXzHgthjvi1wcLZilKdKTRktZa+ -q+v/3VrU8gZkf9sydbOseCA0vGdnO5UHQqMfIo3kpJsNxb2lT6FmdU5GKGellHvi -fkczO1UZnSYGgkpyBV+gU6peDLNDludiq1iD1gLHdSpn3U1pcaFaBg3lFQamEOVH -0vyxl6naD8C8K7wFFbFOJ9LV2dvTB04DmofUNaO9kuqRrLndHcR2b4htCLRHK4O2 -wap2ThiXgiy86zvTZKWt2YTghZUNjaPOpMQ= ------END CERTIFICATE----- -Bag Attributes: -subject=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1 -issuer=/OU=OSAAF/O=ONAP/C=US ------BEGIN CERTIFICATE----- -MIIEVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNDA1MTQxNTQwWhcN -MTgwNjA0MTQxNTQwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3YPA/YQdz4kaZQzdRzWNjmn33WYAWZ8+ -EIz3PhkEzk7M1q9N7Icx2LvozMj4VH0yGz/HYlliHhw26ZRsjYMSR8zATsXl4oW9 -w9BrjuyvM3w8Ptxe8WbUFF9LJDGyXPeVvcXVo0iyh3QYPWC/AWmomN19MvBFN5vH -AvEG/7qtonViNfISW9Gr9LpXB0foCmUDBu/lV+SwRGajoCPqdZhZ6/L6/yqDvha2 -wsML/UZXlGhXAedt/xOKmT/dSXx/I0vWBVp6Tq4zu87yCvd+I6Tpa5HjttA2I5EV -zdHX+JYBPBBcVCyO9YQOYjJuoVDE4D5etY6dEipKG/KZF/rqAoqZAgMBAAGjZjBk -MB0GA1UdDgQWBBQd5lldG54KOKRipsGF8/PP1vGX6jAfBgNVHSMEGDAWgBRTVTPy -S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmgeiitBDi/YEqFh2Cqp0VIEqw8hiuV87 -rADQWMK4hv5WXl3KJTjFAnWsYFUKrm6s1jNH16FyGExUQgwggob0Vt+MHiUs36jU -kyret/uE5qrjz+/J+i2XG6s1oKcDRVD/jU4qBygZWFBMuwl7sz8IEvaYXGM43s96 -Du3UF9E+V3aMppqkGWz6MnrTmANnWAlDAMeifcoexjrpxiKbp8f49HX1UzwFoeEg -RnVwNqgDWT66yGV6mbNl6FpE/U81RpCRY1ZJDeVTxbqIaG/UPV4hpQ+BEVBDF+cb -rGsvsNYYpWx5srIQ7WtGKIlaDFbfWPwnHDHegzr8ypAS3KNWULE+QXCbHWtB+b0Y -WhP/2F6Jjb+ByvJqQoE+nHEYBeUOZUUZC4IuQFNJ5Wy5P0CNXdheiWhdrBmG02Gy -KMi0FJx6BEoWM2xcdl6bn5j9mhF4TX7zgepNWlgTra4Z8Oz8iqbQk33/s2OKM4ic -6ZezUYhNp+MuUt4Se+ufNcGV65jnUKeROtWzNLwP+xwglEFlG8aNiAORthd7QJuT -Ey2cX7H7f38ENQ5YCriUk1nVLO9F66l/rNRzYZgQzRI3IvDW8vyM2TLW2mcZNsaf -qjFMcCDweV2FRb8eTbmWzzB2/xTVpGzVJqzwgE+U7UtJx5CZS3wPkvXuEgvcg1tY -m1r4NGYFvLM= ------END CERTIFICATE----- \ No newline at end of file diff --git a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr b/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr deleted file mode 100644 index e2204ae..0000000 --- a/sms-service/src/sms/auth/aaf-sms.api.simpledemo.onap.org.pr +++ /dev/null @@ -1,32 +0,0 @@ -Bag Attributes - localKeyID: F5 51 07 8F 6A B5 88 A5 C1 63 25 5E B8 0B 85 EB 6C BD 36 08 - friendlyName: aaf-sms@aaf-sms.onap.org -Key Attributes: ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwOaxW5b6v24bY -j+5/UlsxvoZr6FQ98y8jKZ9i61oRr1AQWTVNUS+7TwFPvh0Kbn+5JZqwQCAFWZ4i -ghih3LTsF78vhpm3zgmYUiwkd9b5ofJUuiZntE4oCm+rC7atcmoRzWlnVl7/EX4i -dlmrrAr/B1LhkjlqY/1pbZ6OG73LWfpGaMkq6/EI0VEYsgycXt/ibWlItBnwolXP -tchVmVPWnrRFQYKLsGiznuMP4C9Vz4p75hrHhGE2wOxulNEPW92a3aZhFr0B0S+J -ObOupr7vGplt9WlElOCJRd3yg6+sa/wEtI96rCZRAIInf1bnllOmclcOnNwUaMLX -B+Aio9P/AgMBAAECggEAVHvhxmswRujMtegS49FczPVVRkhEksqST541vluse4v7 -q0rJRf7lDjxrGYrAK28cJmwDw/mKIGZ9bHfITVkdF46u5p719Ot/KBpE9VrKojTk -k4AGx3LmgUW3kV31PyP5+/zpSlRbCJefS/BHPwkk4GznbCMJCZtUMwYNnH1qOSFn -MbHH5TRzfsFsF1OALYnXcq+zaUYXVM25hCiQ0pPtsnPcnVO+mV0mWRBQNbPMmV8A -Yy2XqB4fTxIjJ+k28ppmf2Eq9AuISJvwG/T2p+FHkXjNAYrJqUQw5S780499RqXI -6BhIjrjx9Pyb8zUle+3ZN+FbBcs4RHgrgL05ueWe4QKBgQDXLypqRuIRKAXrtAwo -fSCc/pKY9+rHvKQbqqY0eVSb8tZMMLDA0ElQuF3LoWIRJGYnb9PcQN/C+qtyY82Z -bG+iWmdHtrm361H8ry2Mjdo7T65qypHS++RhaUhEHgPQaqXNLcmyruI+EWG6cC7n -hNO3VY1G2xhaSaDF5sja4cjtMQKBgQDRpsDhJuXQb6L7yjDf3lYq3ZqjyY0P66Wo -DaBwnH0I3GFE+jyOfSFNAalLErbXZwD/XSS1dKE3iVrzy9tYCLp4n7TSLVI4n1bz -O8gH9qqbYEG8VhEYfuQF1wKxeqQ4q9fuzDe3dlAQyw80tFCiFvtPls67B5cRR6Di -5f15iBLILwKBgGKWX251r1mA5sWIphFe0rRbBjtDSrPcP6vVUXS1KgiRB5G8tR6B -zzVGYuLKu61y6cKjv4Mnzdz9D9PG2gmy3qqZlLwMgaY8EEIe2FWPIC8QYK7YxFrP -wWDH5a4fukugsPoCQmi1Kz6YpBfREgxMlNtoPOP7uXqURS6mf9uYmn/hAoGBAKuA -6lBFbcKxUHcB1DGOxJaUaiiKfKcFcqKjYxg8K9zPy5KN0nQN0OwZ68/KI2DalmpQ -W/NE0Y2JA6pkna7KlSCQJW+6O4SudIbN5Lj/BFnOyHe1QI71XruYRE/DsAvcJ+zl -ir6+Pok+U9Ydm8i9XCCjkcJWVzJ/khGLa2u78QFpAoGAKwlTP1rQGLMz0uUW8bx9 -EAHUf0IkXgs+qVCvg6gWE96q7l+UncLf4842Rl77uZfJr76yBhwo3ezCA+DQDqmg -JhktLPnaeHJcuTiYI/bXXlNCf56SsY88TxP1UGkbSmYryLAO/fM9nAHH7qj7DWqW -Ng8ecGGlcYcjmKxtWYolR+U= ------END PRIVATE KEY----- \ No newline at end of file diff --git a/sms-service/src/sms/auth/aaf_root_ca.cer b/sms-service/src/sms/auth/aaf_root_ca.cer deleted file mode 100644 index e9a50d7..0000000 --- a/sms-service/src/sms/auth/aaf_root_ca.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go index 038e31d..9f6abde 100644 --- a/sms-service/src/sms/auth/auth.go +++ b/sms-service/src/sms/auth/auth.go @@ -22,21 +22,23 @@ import ( "crypto/tls" "crypto/x509" "encoding/base64" + "encoding/pem" "golang.org/x/crypto/openpgp" "golang.org/x/crypto/openpgp/packet" "io/ioutil" + smsconfig "sms/config" smslogger "sms/log" ) // GetTLSConfig initializes a tlsConfig using the CA's certificate // This config is then used to enable the server for mutual TLS -func GetTLSConfig(caCertFile string) (*tls.Config, error) { +func GetTLSConfig(caCertFile string, certFile string, keyFile string) (*tls.Config, error) { // Initialize tlsConfig once caCert, err := ioutil.ReadFile(caCertFile) - if err != nil { + if smslogger.CheckError(err, "Read CA Cert file") != nil { return nil, err } @@ -49,10 +51,61 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) { ClientCAs: caCertPool, MinVersion: tls.VersionTLS12, } + + certPEMBlk, err := readPEMBlock(certFile) + if smslogger.CheckError(err, "Read Cert File") != nil { + return nil, err + } + + keyPEMBlk, err := readPEMBlock(keyFile) + if smslogger.CheckError(err, "Read Key File") != nil { + return nil, err + } + + tlsConfig.Certificates = make([]tls.Certificate, 1) + tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlk, keyPEMBlk) + if smslogger.CheckError(err, "Load x509 cert and key") != nil { + return nil, err + } + tlsConfig.BuildNameToCertificate() return tlsConfig, nil } +func readPEMBlock(filename string) ([]byte, error) { + + pemData, err := ioutil.ReadFile(filename) + + if smslogger.CheckError(err, "Read PEM File") != nil { + return nil, err + } + + pemBlock, rest := pem.Decode(pemData) + if len(rest) > 0 { + smslogger.WriteWarn("Pemfile has extra data") + } + + if x509.IsEncryptedPEMBlock(pemBlock) { + pByte, err := base64.StdEncoding.DecodeString(smsconfig.SMSConfig.Password) + if smslogger.CheckError(err, "Decode PEM Password") != nil { + return nil, err + } + + pemData, err = x509.DecryptPEMBlock(pemBlock, pByte) + if smslogger.CheckError(err, "Decrypt PEM Data") != nil { + return nil, err + } + var newPEMBlock pem.Block + newPEMBlock.Type = pemBlock.Type + newPEMBlock.Bytes = pemData + // Converting back to PEM from DER data you get from + // DecryptPEMBlock + pemData = pem.EncodeToMemory(&newPEMBlock) + } + + return pemData, nil +} + // GeneratePGPKeyPair produces a PGP key pair and returns // two things: // A base64 encoded form of the public part of the entity diff --git a/sms-service/src/sms/certs/aaf-sms.pr b/sms-service/src/sms/certs/aaf-sms.pr new file mode 100644 index 0000000..21e1eed --- /dev/null +++ b/sms-service/src/sms/certs/aaf-sms.pr @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,092DAD75B21417FF + +1g81WUZ9gS39NIMr++2E7nLJ5WBZkKjIl0F7rINsaiiLzBHRo5yhlSECwLugFOTi +/X5jHweymAJny7gxxCZykfwwIWixtqyWCXsSfJpOX2VSUcsWWxIfFZQG6Os1HgU4 +XtPn6TgegX1BXgiQDN92tOBcspvVTyMRN+EOaYGj7J4NsJShAsWD7KSotpH63WDD +pBp67ieBaVm4544u66pty76DT5AmZ/Lq7fXsAwTbwZXEVSFCjhoiIKq2d31USmEs +I73+GU1IODFIftKLfTWnU94BWYtvGjmyv0p89LahvhhpuieJAL7883lIE1mXHw9m +1y3VURxSW/OqjUv6cyJWVxLKzplhAfp9VI8lbkQe3n1N++ZC0+brz7ynpBGdElts +DvajPs/doXdPsJMO2DHKLNHLjLnnp0wlJf0MXhwbr2wggveG9izUcmw3cBjumEJz +q0wNODxGS7pPesjbOmAVHjpVORaaTyZS4nkD0iFHA+bZ2Us2M90lfYLBkafx19vA +REBmxjwOWJAAAxn5f2mb6ji48L5nZGpETDnwH91uwS1EVBIvsoDSc2YXVDDYJhkA +lSGT/U6Zi/WZ8oRyFN9vnGMB8yLo3lU2STelNMvE7ou0P5Vo/TnXHZPEh0SBZf/o +tSa7cbKX0TlAd5oGcdq0yMcaXvU/CxVBKsZ4T+RJMChzQ5e1Jl46mi6ZrX7B3S5e +xml9RKHZ0G84c1paEp1GjnUO4z2wFBX/BdSeQ7QNd9J2owRzqE5X0ATeI/p/iSSc +y1AmX8pfakRKxY/Z2PcpSbq/K0TxVzpJMSkUCEQnFrlQJu6Clj2MQH4dq/PfS0r0 +8q28f3DymrvfBqtJp3FDRO2AE02PTILRXMJMQetsosRjfaQ9RUYEZo4EnoPQvjPl +u/UZ//afIr2AX4C5xXEUKSxtaaxcwMqTwf1+r1Ljnv8iq9hq3yZkMWUG3/ttCdcy +SU4fpOrBfwujq3NAKE+JVXr4MmRunjDqLuHrEk2MXebZfs1XgBF0wIka3xrO1iMl +DDKK3KYFmAVlsiC0YaVLldSKpqBKbauPMQAvGnSMmFsQnxGg484z5bf6/OcB0hSB +bxgGzFG/hTAfKsKIYDl/kezUEZZnTnY4DQH1gk5W2QFgi6df9RhO9ZagD2ZQym1M +xkKF+JmpqwSDO7NawXKsVPtXXaPZsT4ZUGeMeeQSGm7EoNQiV/Kih0Qn6zhCwlk4 +hyKD0Ctlelaz+eORATPH/sqaPNkV6bxJ25h+xFTIPSKc/+upsIygkaPFb6v6ypwd +ePFTiZ0ZL8zM+fcmwCTriAXmCiF/SA9WPR5i5yy96sKvjQ69fe4ADVShPEDwWtGH +4j/tVx3nVTeGVYMTZksmu2KfXgQ0lg5K971eVjXzAwf5D27PdQzrV2Lw/ss+ACuR +sJP0Ef5JImboiIN3noYIYInqffsNpXgFTPeukljRkh+GQgghEruXH4CCXKtQg5Ql +DXRSS4mEIDfT+9y5J3ysKqVQSwE3cz1ZCkTRCdXKEzeU5eJZW1r2Bs7V6v0eSJNN +p9qFqEGmW/MebytvEJso9ZzeI7OSyNWUNjUUdQvlZo3Z+eIcSVNUNag02lyYCaXL +-----END RSA PRIVATE KEY----- diff --git a/sms-service/src/sms/certs/aaf-sms.pub b/sms-service/src/sms/certs/aaf-sms.pub new file mode 100644 index 0000000..ac8ec6f --- /dev/null +++ b/sms-service/src/sms/certs/aaf-sms.pub @@ -0,0 +1,60 @@ +Bag Attributes + localKeyID: 70 BC 84 27 26 2F A9 A1 42 24 D6 1A 3B BA B8 84 A2 6A 69 56 + friendlyName: aaf-sms@aaf-sms.onap.org +subject=/C=US/O=ONAP/OU=aaf-sms@aaf-sms.onap.org/OU=OSAAF/CN=aaf-sms +issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1 +-----BEGIN CERTIFICATE----- +MIIEZzCCA0+gAwIBAgIBJTANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN +MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk +aWF0ZUNBXzEwHhcNMTgwNTA4MTIyNTMxWhcNMTkwNTAzMTIyNTMxWjBhMQswCQYD +VQQGEwJVUzENMAsGA1UECgwET05BUDEhMB8GA1UECwwYYWFmLXNtc0BhYWYtc21z +Lm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjEQMA4GA1UEAwwHYWFmLXNtczCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfY6LRP7EuYINoFoROTuuLZMbpD +rX6GxKIsa7Zu+gHC6SC07FrtwxSC7/PRhN+/RFbpmVxZTAyn0NL+lljF3zsSIuNK +Xz26YvKYp9A7hJUBZ0BoKFBEa7NC8Gb9OKLRJiCQucJ7OR/PXY1BDCXxXHJAt56u +JI6YLaGenk0nqqIpW8rIQjh0t89vBBJbkfSGGT4FFj9u1TGJ0hXI8QY5a9aTkXyt +BLxROArUPatw9mal3ZJX4l06OacpDGFSLRKtssG5fjk0dnTs4eox/3OilFs6x1Wn +f6oduIsuaROed7uhX+Do6UROnYr7LA4xXI1Gs9ONNBSE1/ySmiUXJXxB14kCAwEA +AaOCAUIwggE+MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgbAMDMGCWCGSAGG ++EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD +VR0OBBYEFHXg1N9VCaxvC/44iUnRuKWrUrdAMFQGA1UdIwRNMEuAFB3mWV0bngo4 +pGKmwYXz88/W8ZfqoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05B +UDELMAkGA1UEBhMCVVOCAQEwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjBFBgNVHREEPjA8ghthYWYtc21zLnNpbXBsZWRlbW8u +b25hcC5vcmeCD2FhZi1zbXMtZGIub25hcIIMYWFmLXNtcy5vbmFwMA0GCSqGSIb3 +DQEBCwUAA4IBAQA+KKgn7Q0svrdalZ574nhgibWGYnSzkL23RAUv4lkH3HEKAN9d +E961Dp112XFihKg0OFK/toENikj0iPHq09XgU9L/Ni3eaOWw1DP7r86JsQzSvtGa +J3r3T65D5rL+1ejpT6flMY6DG78/wh7OGQaPcSEpypWTi2lXhIrydfH3BQ5cCqvm +adNZS/BgbudIC4T0nOs7PbmzGuJmo7s06vkAhUt/HpGbjTC0xjoqPZWQVfaNzGqR +9YSKyRFvV6EAb7s9i6h15KRRIEItQCWZtKgCJDqYcUma1WJDNuZ2WQwfrUEupioV +BUs+joZT1unGYGhv6l+NPOw9tuPDi47Z8HzP +-----END CERTIFICATE----- +Bag Attributes: +subject=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_1 +issuer=/OU=OSAAF/O=ONAP/C=US +-----BEGIN CERTIFICATE----- +MIIEVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNDA1MTQxNTQwWhcN +MTgwNjA0MTQxNTQwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3YPA/YQdz4kaZQzdRzWNjmn33WYAWZ8+ +EIz3PhkEzk7M1q9N7Icx2LvozMj4VH0yGz/HYlliHhw26ZRsjYMSR8zATsXl4oW9 +w9BrjuyvM3w8Ptxe8WbUFF9LJDGyXPeVvcXVo0iyh3QYPWC/AWmomN19MvBFN5vH +AvEG/7qtonViNfISW9Gr9LpXB0foCmUDBu/lV+SwRGajoCPqdZhZ6/L6/yqDvha2 +wsML/UZXlGhXAedt/xOKmT/dSXx/I0vWBVp6Tq4zu87yCvd+I6Tpa5HjttA2I5EV +zdHX+JYBPBBcVCyO9YQOYjJuoVDE4D5etY6dEipKG/KZF/rqAoqZAgMBAAGjZjBk +MB0GA1UdDgQWBBQd5lldG54KOKRipsGF8/PP1vGX6jAfBgNVHSMEGDAWgBRTVTPy +S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmgeiitBDi/YEqFh2Cqp0VIEqw8hiuV87 +rADQWMK4hv5WXl3KJTjFAnWsYFUKrm6s1jNH16FyGExUQgwggob0Vt+MHiUs36jU +kyret/uE5qrjz+/J+i2XG6s1oKcDRVD/jU4qBygZWFBMuwl7sz8IEvaYXGM43s96 +Du3UF9E+V3aMppqkGWz6MnrTmANnWAlDAMeifcoexjrpxiKbp8f49HX1UzwFoeEg +RnVwNqgDWT66yGV6mbNl6FpE/U81RpCRY1ZJDeVTxbqIaG/UPV4hpQ+BEVBDF+cb +rGsvsNYYpWx5srIQ7WtGKIlaDFbfWPwnHDHegzr8ypAS3KNWULE+QXCbHWtB+b0Y +WhP/2F6Jjb+ByvJqQoE+nHEYBeUOZUUZC4IuQFNJ5Wy5P0CNXdheiWhdrBmG02Gy +KMi0FJx6BEoWM2xcdl6bn5j9mhF4TX7zgepNWlgTra4Z8Oz8iqbQk33/s2OKM4ic +6ZezUYhNp+MuUt4Se+ufNcGV65jnUKeROtWzNLwP+xwglEFlG8aNiAORthd7QJuT +Ey2cX7H7f38ENQ5YCriUk1nVLO9F66l/rNRzYZgQzRI3IvDW8vyM2TLW2mcZNsaf +qjFMcCDweV2FRb8eTbmWzzB2/xTVpGzVJqzwgE+U7UtJx5CZS3wPkvXuEgvcg1tY +m1r4NGYFvLM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/sms-service/src/sms/certs/aaf_root_ca.cer b/sms-service/src/sms/certs/aaf_root_ca.cer new file mode 100644 index 0000000..e9a50d7 --- /dev/null +++ b/sms-service/src/sms/certs/aaf_root_ca.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/sms-service/src/sms/config/config.go b/sms-service/src/sms/config/config.go index 3901817..30caf82 100644 --- a/sms-service/src/sms/config/config.go +++ b/sms-service/src/sms/config/config.go @@ -29,6 +29,7 @@ type SMSConfiguration struct { CAFile string `json:"cafile"` ServerCert string `json:"servercert"` ServerKey string `json:"serverkey"` + Password string `json:"password"` BackendAddress string `json:"smsdbaddress"` VaultToken string `json:"vaulttoken"` diff --git a/sms-service/src/sms/sms.go b/sms-service/src/sms/sms.go index fea6b10..9fc60bb 100644 --- a/sms-service/src/sms/sms.go +++ b/sms-service/src/sms/sms.go @@ -67,14 +67,16 @@ func main() { smslogger.WriteWarn("TLS is Disabled") err = httpServer.ListenAndServe() } else { - // TODO: Use CA certificate from AAF - tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile) - if err != nil { + // Populate TLSConfig with the certificates and privatekey + // information + tlsConfig, err := smsauth.GetTLSConfig(smsConf.CAFile, smsConf.ServerCert, smsConf.ServerKey) + if smslogger.CheckError(err, "Get TLS Configuration") != nil { log.Fatal(err) } httpServer.TLSConfig = tlsConfig - err = httpServer.ListenAndServeTLS(smsConf.ServerCert, smsConf.ServerKey) + // empty strings because tlsconfig already has this information + err = httpServer.ListenAndServeTLS("", "") } if err != nil && err != http.ErrServerClosed { diff --git a/sms-service/src/sms/smsconfig.json.template b/sms-service/src/sms/smsconfig.json.template index b74bdff..1779342 100644 --- a/sms-service/src/sms/smsconfig.json.template +++ b/sms-service/src/sms/smsconfig.json.template @@ -1,7 +1,8 @@ { - "cafile": "auth/aaf_root_ca.cer", - "servercert": "auth/aaf-sms.api.simpledemo.onap.org.pem", - "serverkey": "auth/aaf-sms.api.simpledemo.onap.org.pr", + "cafile": "certs/aaf_root_ca.cer", + "servercert": "certs/aaf-sms.pub", + "serverkey": "certs/aaf-sms.pr", + "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZAo=", "smsdbaddress": "http://localhost:8200", "vaulttoken": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", diff --git a/sms-service/src/sms/test/loop_test.sh b/sms-service/src/sms/test/loop_test.sh index a48c9b1..5fed4d2 100644 --- a/sms-service/src/sms/test/loop_test.sh +++ b/sms-service/src/sms/test/loop_test.sh @@ -6,54 +6,54 @@ PORT=$2 for i in `seq 1 2`; do echo -e "${RED}----------------BEGIN GET STATUS----------------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \ https://${URL}:${PORT}/v1/sms/quorum/status echo -e "${RED}----------------BEGIN CREATE SECRET DOMAIN------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \ -d @test/test_create_domain.json https://${URL}:${PORT}/v1/sms/domain echo -e "${RED}----------------BEGIN CREATE SECRET 1-----------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \ -d @test/test_create_secret1.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret echo -e "${RED}----------------BEGIN CREATE SECRET 2-----------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \ -d @test/test_create_secret2.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret echo -e "${RED}----------------BEGIN CREATE SECRET 3-----------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X POST \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X POST \ -d @test/test_create_secret3.json https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret echo -e "${RED}----------------BEGIN LIST SECRET---------------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret echo -e "${RED}----------------BEGIN GET SECRET 1--------------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1 echo -e "${RED}----------------BEGIN GET SECRET 2--------------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2 echo -e "${RED}----------------BEGIN GET SECRET 3--------------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X GET \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X GET \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3 echo -e "${RED}----------------BEGIN DELETE SECRET 1-----------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret1 echo -e "${RED}----------------BEGIN DELETE SECRET 2-----------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret2 echo -e "${RED}----------------BEGIN DELETE SECRET 3-----------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain/secret/curltestsecret3 echo -e "${RED}----------------BEGIN DELETE SECRET DOMAIN------${NC}" - curl -i -w "\n" -H "Accept: application/json" --cacert auth/aaf_root_ca.cer -X DELETE \ + curl -i -w "\n" -H "Accept: application/json" --cacert certs/aaf_root_ca.cer -X DELETE \ https://${URL}:${PORT}/v1/sms/domain/curltestdomain done -- cgit 1.2.3-korg