aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorManjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>2018-07-13 16:26:16 -0700
committerManjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>2018-07-16 16:19:23 -0700
commitfd2e9971b51bee7a2f7d1c5890dfd147da02d7f4 (patch)
tree0c4f802699cd246ce32de086ee43da81d18efb1b
parentdeb3b369b80f7825a0d7d7ac15b4a1407903a344 (diff)
Key distribution center container
This container generates the ca key and certificate and encrypts it using SRK public key and stores the generated files on host folder shared with this container. The public key is built into the image for sample known target host. Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> Issue-ID: AAF-376
-rw-r--r--bin/distcenter/Dockerfile20
-rw-r--r--bin/distcenter/README.md17
-rwxr-xr-xbin/distcenter/create_ca.sh8
-rwxr-xr-xbin/distcenter/entrypoint.sh12
4 files changed, 57 insertions, 0 deletions
diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile
new file mode 100644
index 0000000..f79c7ef
--- /dev/null
+++ b/bin/distcenter/Dockerfile
@@ -0,0 +1,20 @@
+FROM rmannfv/aaf-base:openssl_1.1.0
+
+RUN git clone https://gerrit.onap.org/r/aaf/sshsm
+RUN cd sshsm && \
+ cd tpm-util && \
+ cd duplicate && \
+ make -f sampleMakefile
+
+RUN mkdir /createca
+COPY ./create_ca.sh /createca/
+RUN mkdir /dup
+RUN mkdir /dup/database
+RUN mkdir /dup/database/host_sample
+RUN mkdir /dup/bin
+
+RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin
+RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample
+
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md
new file mode 100644
index 0000000..973cbf9
--- /dev/null
+++ b/bin/distcenter/README.md
@@ -0,0 +1,17 @@
+Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now.
+
+Build the container using
+
+ docker build --no-cache -t dist-center .
+
+Run it mounting the volume
+
+ docker run -v /tmp/volume:/volume dist-center
+
+This will output the following files in /tmp/volume/host_sample
+
+ ca.cert
+ dupEncKey
+ dupPriv
+ dupPub
+ dupSymseed
diff --git a/bin/distcenter/create_ca.sh b/bin/distcenter/create_ca.sh
new file mode 100755
index 0000000..0296408
--- /dev/null
+++ b/bin/distcenter/create_ca.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+CA_DIR=$PWD/ca
+mkdir $CA_DIR
+mkdir -p $PWD/certs
+cd $CA_DIR
+echo "000a" > serial
+touch certindex
+openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -out ca.cert -subj '/C=US/ST=CA/L=local/O=onap/CN=test.onap.ca'
diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh
new file mode 100755
index 0000000..85cdf52
--- /dev/null
+++ b/bin/distcenter/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+cd /createca
+/createca/create_ca.sh
+cd /volume
+DLIST=`ls -d host_*`
+for DIR in $DLIST; do
+ echo $DIR
+ cp /createca/ca/ca.cert /volume/$DIR
+ cd /volume/$DIR
+ /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey
+done