Fix bugs in startup script and move scripts to bin

Testing in kubernetes revealed some issues that
needed to be fixed. This patch contains those changes.

Issue-ID: AAF-510
Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>

4 files changed, 34 insertions, 23 deletions

diff --git a/bin/caservicecontainer/application.sh b/bin/caservicecontainer/application.sh
index 1a723ea..a7c864d 100755
--- a/bin/caservicecontainer/application.sh
+++ b/bin/caservicecontainer/application.sh
@@ -11,20 +11,21 @@ applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so"
 
 # Setting up the java application and running the application
 # 1. Create the configuration pkcs11.cfg for the application
-touch /tmp/pkcs11.cfg
-chmod 755 /tmp/pkcs11.cfg
-echo "name = ${key_label}" >> /tmp/pkcs11.cfg
+# Remove any existing cfg file first from the CWD
+rm pkcs11.cfg
+touch pkcs11.cfg
+chmod 755 pkcs11.cfg
+echo "name = ${key_label}" >> pkcs11.cfg
 echo "The location of applicationms library is ${applicationlibrary}"
-echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg
-echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg
+echo "library = ${applicationlibrary}" >> pkcs11.cfg
+echo "slot = ${SoftHSMv2SlotID}" >> pkcs11.cfg
 
 # 2. Compile the Application
-cd /tmp/files
-cp test.csr /tmp/test.csr
+# CaSign requires test.csr to be available in CWD
 javac CaSign.java
 
 # 3. Run the Application
 java CaSign ${upin} 0x${cert_id}
 
 # 4. Verify the generated certificate
-openssl verify -verbose -CAfile ca.cert /tmp/test.cert
\ No newline at end of file
+openssl verify -verbose -CAfile ${DATA_FOLDER}/ca.cert test.cert
\ No newline at end of file
diff --git a/bin/caservicecontainer/build_testcaservice_image.sh b/bin/caservicecontainer/build_testcaservice_image.sh
index 0760950..f13993b 100755
--- a/bin/caservicecontainer/build_testcaservice_image.sh
+++ b/bin/caservicecontainer/build_testcaservice_image.sh
@@ -23,8 +23,16 @@ fi
 echo $BUILD_ARGS
 
 function build_image {
+    echo "Copying files for image"
+    cp ../../test/integration/samplecaservicecontainer/applicationfiles/CaSign.java .
+    cp ../../test/integration/samplecaservicecontainer/applicationfiles/ca.cert .
+    cp ../../test/integration/samplecaservicecontainer/applicationfiles/test.csr .
+
     echo "Start build docker image: ${IMAGE_NAME}:latest"
     docker build ${BUILD_ARGS} -t ${IMAGE_NAME}:latest -f dockerfile .
+
+    echo "Remove files after image is built"
+    rm CaSign.java ca.cert test.csr
 }
 
 function push_image {
diff --git a/bin/caservicecontainer/dockerfile b/bin/caservicecontainer/dockerfile
index 7a70dc9..9fdbc30 100755
--- a/bin/caservicecontainer/dockerfile
+++ b/bin/caservicecontainer/dockerfile
@@ -13,9 +13,11 @@ RUN cp ./bcmail-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/
 RUN cp ./bcpg-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/
 RUN cp ./bctls-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext
 
-# Create the directory for mounting the shared voulme
-RUN mkdir -p /tmp/files
+# Create the directory for running things in this container
+RUN mkdir -p /testca/bin
 
-COPY ./import.sh /
-COPY ./softhsmconfig.sh /
-COPY ./application.sh /
+COPY import.sh /testca/bin
+COPY softhsmconfig.sh /testca/bin
+COPY application.sh /testca/bin
+COPY CaSign.java /testca/bin
+COPY test.csr /testca/bin
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh
index 0efff37..27d5059 100755
--- a/bin/caservicecontainer/import.sh
+++ b/bin/caservicecontainer/import.sh
@@ -10,11 +10,9 @@
 set -e
 
 #Primary Key Password used by TPM Plugin to load keys
-TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
+export TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
 #Handle to the aforementioned Primary Key
 SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)"
-#Placeholder of Input files to the Import tool which is the output of duplicate tool
-sharedvolume="${DATA_FOLDER}"
 #key_id is the parameter expected by SoftHSM
 key_id="8738"
 #Key_label is the  parameter expected by SoftHSM
@@ -29,6 +27,8 @@ slot_no="0"
 token_no="Token1"
 #cert_id is the input for the application which is hexadecimal equivalent of key_id
 cert_id=$(printf '%x' ${key_id})
+#Set working dir
+WORKDIR=$PWD
 
 # 1.Initialize the token/
     softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \
@@ -38,10 +38,10 @@ cert_id=$(printf '%x' ${key_id})
     echo "The slot ID used is ${SoftHSMv2SlotID}"
 
 # 2.Plugin directory for the SoftHSM to load plugin and for further operations
-if [ -f ${sharedvolume}/out_parent_public ]; then
+if [ -f ${DATA_FOLDER}/out_parent_public ]; then
 
     # 2.a Copy the required input files for the Import tool
-    cp ${sharedvolume}/dup* /tpm-util/bin/
+    cp ${DATA_FOLDER}/dup* /tpm-util/bin/
 
     # 2.b Run the Import Utility
     cd /tpm-util/bin
@@ -49,7 +49,7 @@ if [ -f ${sharedvolume}/out_parent_public ]; then
     -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \
     -password $TPM_PRK_PASSWORD
 
-    cd /
+    cd $WORKDIR
     chmod 755 softhsmconfig.sh
     ./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID
 else
@@ -58,7 +58,7 @@ else
 
     echo "TPM hardware unavailable. Using SoftHSM implementation"
 
-    cd ${sharedvolume}
+    cd ${DATA_FOLDER}
 
     # 3.a Extract the Private key using passphrase
     passphrase="$(cat passphrase)"
@@ -75,7 +75,7 @@ else
 fi
 
 # 3.a Application operation
-cd ${sharedvolume}
+cd ${DATA_FOLDER}
 
 # 3.b Convert the crt to der format
 openssl x509 -in ca.cert -outform der -out ca.der
@@ -85,10 +85,10 @@ pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \
 --write-object ./ca.der --type cert --id ${cert_id}
 
 # 4. Calling the functionalities of the sample application
-cd /
+cd $WORKDIR
 chmod 755 application.sh
 ./application.sh $key_label $SoftHSMv2SlotID $upin $cert_id
 
 # 5. Cleanup
-cd /
+cd $WORKDIR
 rm -rf slotinfo.txt