aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-19 13:40:14 -0700
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-19 16:52:56 -0700
commit8b2b7295fd3538ee2e46eed1c55bfb256b644dd0 (patch)
tree6d3458e415e355ad2fd6da4ea9edcb38083ff326
parentcd713d4de6c3d08478d6f6ca27b0f9e1afd439fe (diff)
Fix bugs in startup script and move scripts to bin
Testing in kubernetes revealed some issues that needed to be fixed. This patch contains those changes. Issue-ID: AAF-510 Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rwxr-xr-xbin/caservicecontainer/application.sh17
-rwxr-xr-xbin/caservicecontainer/build_testcaservice_image.sh8
-rwxr-xr-xbin/caservicecontainer/dockerfile12
-rwxr-xr-xbin/caservicecontainer/import.sh20
4 files changed, 34 insertions, 23 deletions
diff --git a/bin/caservicecontainer/application.sh b/bin/caservicecontainer/application.sh
index 1a723ea..a7c864d 100755
--- a/bin/caservicecontainer/application.sh
+++ b/bin/caservicecontainer/application.sh
@@ -11,20 +11,21 @@ applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so"
# Setting up the java application and running the application
# 1. Create the configuration pkcs11.cfg for the application
-touch /tmp/pkcs11.cfg
-chmod 755 /tmp/pkcs11.cfg
-echo "name = ${key_label}" >> /tmp/pkcs11.cfg
+# Remove any existing cfg file first from the CWD
+rm pkcs11.cfg
+touch pkcs11.cfg
+chmod 755 pkcs11.cfg
+echo "name = ${key_label}" >> pkcs11.cfg
echo "The location of applicationms library is ${applicationlibrary}"
-echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg
-echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg
+echo "library = ${applicationlibrary}" >> pkcs11.cfg
+echo "slot = ${SoftHSMv2SlotID}" >> pkcs11.cfg
# 2. Compile the Application
-cd /tmp/files
-cp test.csr /tmp/test.csr
+# CaSign requires test.csr to be available in CWD
javac CaSign.java
# 3. Run the Application
java CaSign ${upin} 0x${cert_id}
# 4. Verify the generated certificate
-openssl verify -verbose -CAfile ca.cert /tmp/test.cert \ No newline at end of file
+openssl verify -verbose -CAfile ${DATA_FOLDER}/ca.cert test.cert \ No newline at end of file
diff --git a/bin/caservicecontainer/build_testcaservice_image.sh b/bin/caservicecontainer/build_testcaservice_image.sh
index 0760950..f13993b 100755
--- a/bin/caservicecontainer/build_testcaservice_image.sh
+++ b/bin/caservicecontainer/build_testcaservice_image.sh
@@ -23,8 +23,16 @@ fi
echo $BUILD_ARGS
function build_image {
+ echo "Copying files for image"
+ cp ../../test/integration/samplecaservicecontainer/applicationfiles/CaSign.java .
+ cp ../../test/integration/samplecaservicecontainer/applicationfiles/ca.cert .
+ cp ../../test/integration/samplecaservicecontainer/applicationfiles/test.csr .
+
echo "Start build docker image: ${IMAGE_NAME}:latest"
docker build ${BUILD_ARGS} -t ${IMAGE_NAME}:latest -f dockerfile .
+
+ echo "Remove files after image is built"
+ rm CaSign.java ca.cert test.csr
}
function push_image {
diff --git a/bin/caservicecontainer/dockerfile b/bin/caservicecontainer/dockerfile
index 7a70dc9..9fdbc30 100755
--- a/bin/caservicecontainer/dockerfile
+++ b/bin/caservicecontainer/dockerfile
@@ -13,9 +13,11 @@ RUN cp ./bcmail-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/
RUN cp ./bcpg-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/
RUN cp ./bctls-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext
-# Create the directory for mounting the shared voulme
-RUN mkdir -p /tmp/files
+# Create the directory for running things in this container
+RUN mkdir -p /testca/bin
-COPY ./import.sh /
-COPY ./softhsmconfig.sh /
-COPY ./application.sh /
+COPY import.sh /testca/bin
+COPY softhsmconfig.sh /testca/bin
+COPY application.sh /testca/bin
+COPY CaSign.java /testca/bin
+COPY test.csr /testca/bin
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh
index 0efff37..27d5059 100755
--- a/bin/caservicecontainer/import.sh
+++ b/bin/caservicecontainer/import.sh
@@ -10,11 +10,9 @@
set -e
#Primary Key Password used by TPM Plugin to load keys
-TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
+export TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
#Handle to the aforementioned Primary Key
SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)"
-#Placeholder of Input files to the Import tool which is the output of duplicate tool
-sharedvolume="${DATA_FOLDER}"
#key_id is the parameter expected by SoftHSM
key_id="8738"
#Key_label is the parameter expected by SoftHSM
@@ -29,6 +27,8 @@ slot_no="0"
token_no="Token1"
#cert_id is the input for the application which is hexadecimal equivalent of key_id
cert_id=$(printf '%x' ${key_id})
+#Set working dir
+WORKDIR=$PWD
# 1.Initialize the token/
softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \
@@ -38,10 +38,10 @@ cert_id=$(printf '%x' ${key_id})
echo "The slot ID used is ${SoftHSMv2SlotID}"
# 2.Plugin directory for the SoftHSM to load plugin and for further operations
-if [ -f ${sharedvolume}/out_parent_public ]; then
+if [ -f ${DATA_FOLDER}/out_parent_public ]; then
# 2.a Copy the required input files for the Import tool
- cp ${sharedvolume}/dup* /tpm-util/bin/
+ cp ${DATA_FOLDER}/dup* /tpm-util/bin/
# 2.b Run the Import Utility
cd /tpm-util/bin
@@ -49,7 +49,7 @@ if [ -f ${sharedvolume}/out_parent_public ]; then
-dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \
-password $TPM_PRK_PASSWORD
- cd /
+ cd $WORKDIR
chmod 755 softhsmconfig.sh
./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID
else
@@ -58,7 +58,7 @@ else
echo "TPM hardware unavailable. Using SoftHSM implementation"
- cd ${sharedvolume}
+ cd ${DATA_FOLDER}
# 3.a Extract the Private key using passphrase
passphrase="$(cat passphrase)"
@@ -75,7 +75,7 @@ else
fi
# 3.a Application operation
-cd ${sharedvolume}
+cd ${DATA_FOLDER}
# 3.b Convert the crt to der format
openssl x509 -in ca.cert -outform der -out ca.der
@@ -85,10 +85,10 @@ pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \
--write-object ./ca.der --type cert --id ${cert_id}
# 4. Calling the functionalities of the sample application
-cd /
+cd $WORKDIR
chmod 755 application.sh
./application.sh $key_label $SoftHSMv2SlotID $upin $cert_id
# 5. Cleanup
-cd /
+cd $WORKDIR
rm -rf slotinfo.txt