diff options
author | Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> | 2018-07-13 16:26:16 -0700 |
---|---|---|
committer | Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> | 2018-07-16 16:19:23 -0700 |
commit | fd2e9971b51bee7a2f7d1c5890dfd147da02d7f4 (patch) | |
tree | 0c4f802699cd246ce32de086ee43da81d18efb1b | |
parent | deb3b369b80f7825a0d7d7ac15b4a1407903a344 (diff) |
Key distribution center container
This container generates the ca key and
certificate and encrypts it using SRK public
key and stores the generated files on host
folder shared with this container. The public
key is built into the image for sample
known target host.
Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Issue-ID: AAF-376
-rw-r--r-- | bin/distcenter/Dockerfile | 20 | ||||
-rw-r--r-- | bin/distcenter/README.md | 17 | ||||
-rwxr-xr-x | bin/distcenter/create_ca.sh | 8 | ||||
-rwxr-xr-x | bin/distcenter/entrypoint.sh | 12 |
4 files changed, 57 insertions, 0 deletions
diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile new file mode 100644 index 0000000..f79c7ef --- /dev/null +++ b/bin/distcenter/Dockerfile @@ -0,0 +1,20 @@ +FROM rmannfv/aaf-base:openssl_1.1.0 + +RUN git clone https://gerrit.onap.org/r/aaf/sshsm +RUN cd sshsm && \ + cd tpm-util && \ + cd duplicate && \ + make -f sampleMakefile + +RUN mkdir /createca +COPY ./create_ca.sh /createca/ +RUN mkdir /dup +RUN mkdir /dup/database +RUN mkdir /dup/database/host_sample +RUN mkdir /dup/bin + +RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin +RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample + +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md new file mode 100644 index 0000000..973cbf9 --- /dev/null +++ b/bin/distcenter/README.md @@ -0,0 +1,17 @@ +Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now. + +Build the container using + + docker build --no-cache -t dist-center . + +Run it mounting the volume + + docker run -v /tmp/volume:/volume dist-center + +This will output the following files in /tmp/volume/host_sample + + ca.cert + dupEncKey + dupPriv + dupPub + dupSymseed diff --git a/bin/distcenter/create_ca.sh b/bin/distcenter/create_ca.sh new file mode 100755 index 0000000..0296408 --- /dev/null +++ b/bin/distcenter/create_ca.sh @@ -0,0 +1,8 @@ +#!/bin/bash +CA_DIR=$PWD/ca +mkdir $CA_DIR +mkdir -p $PWD/certs +cd $CA_DIR +echo "000a" > serial +touch certindex +openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -out ca.cert -subj '/C=US/ST=CA/L=local/O=onap/CN=test.onap.ca' diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh new file mode 100755 index 0000000..85cdf52 --- /dev/null +++ b/bin/distcenter/entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e +cd /createca +/createca/create_ca.sh +cd /volume +DLIST=`ls -d host_*` +for DIR in $DLIST; do + echo $DIR + cp /createca/ca/ca.cert /volume/$DIR + cd /volume/$DIR + /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey +done |