diff options
-rwxr-xr-x | bin/caservicecontainer/application.sh | 17 | ||||
-rwxr-xr-x | bin/caservicecontainer/build_testcaservice_image.sh | 8 | ||||
-rwxr-xr-x | bin/caservicecontainer/dockerfile | 12 | ||||
-rwxr-xr-x | bin/caservicecontainer/import.sh | 20 |
4 files changed, 34 insertions, 23 deletions
diff --git a/bin/caservicecontainer/application.sh b/bin/caservicecontainer/application.sh index 1a723ea..a7c864d 100755 --- a/bin/caservicecontainer/application.sh +++ b/bin/caservicecontainer/application.sh @@ -11,20 +11,21 @@ applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so" # Setting up the java application and running the application # 1. Create the configuration pkcs11.cfg for the application -touch /tmp/pkcs11.cfg -chmod 755 /tmp/pkcs11.cfg -echo "name = ${key_label}" >> /tmp/pkcs11.cfg +# Remove any existing cfg file first from the CWD +rm pkcs11.cfg +touch pkcs11.cfg +chmod 755 pkcs11.cfg +echo "name = ${key_label}" >> pkcs11.cfg echo "The location of applicationms library is ${applicationlibrary}" -echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg -echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg +echo "library = ${applicationlibrary}" >> pkcs11.cfg +echo "slot = ${SoftHSMv2SlotID}" >> pkcs11.cfg # 2. Compile the Application -cd /tmp/files -cp test.csr /tmp/test.csr +# CaSign requires test.csr to be available in CWD javac CaSign.java # 3. Run the Application java CaSign ${upin} 0x${cert_id} # 4. Verify the generated certificate -openssl verify -verbose -CAfile ca.cert /tmp/test.cert
\ No newline at end of file +openssl verify -verbose -CAfile ${DATA_FOLDER}/ca.cert test.cert
\ No newline at end of file diff --git a/bin/caservicecontainer/build_testcaservice_image.sh b/bin/caservicecontainer/build_testcaservice_image.sh index 0760950..f13993b 100755 --- a/bin/caservicecontainer/build_testcaservice_image.sh +++ b/bin/caservicecontainer/build_testcaservice_image.sh @@ -23,8 +23,16 @@ fi echo $BUILD_ARGS function build_image { + echo "Copying files for image" + cp ../../test/integration/samplecaservicecontainer/applicationfiles/CaSign.java . + cp ../../test/integration/samplecaservicecontainer/applicationfiles/ca.cert . + cp ../../test/integration/samplecaservicecontainer/applicationfiles/test.csr . + echo "Start build docker image: ${IMAGE_NAME}:latest" docker build ${BUILD_ARGS} -t ${IMAGE_NAME}:latest -f dockerfile . + + echo "Remove files after image is built" + rm CaSign.java ca.cert test.csr } function push_image { diff --git a/bin/caservicecontainer/dockerfile b/bin/caservicecontainer/dockerfile index 7a70dc9..9fdbc30 100755 --- a/bin/caservicecontainer/dockerfile +++ b/bin/caservicecontainer/dockerfile @@ -13,9 +13,11 @@ RUN cp ./bcmail-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/ RUN cp ./bcpg-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/ RUN cp ./bctls-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext -# Create the directory for mounting the shared voulme -RUN mkdir -p /tmp/files +# Create the directory for running things in this container +RUN mkdir -p /testca/bin -COPY ./import.sh / -COPY ./softhsmconfig.sh / -COPY ./application.sh / +COPY import.sh /testca/bin +COPY softhsmconfig.sh /testca/bin +COPY application.sh /testca/bin +COPY CaSign.java /testca/bin +COPY test.csr /testca/bin diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh index 0efff37..27d5059 100755 --- a/bin/caservicecontainer/import.sh +++ b/bin/caservicecontainer/import.sh @@ -10,11 +10,9 @@ set -e #Primary Key Password used by TPM Plugin to load keys -TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)" +export TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)" #Handle to the aforementioned Primary Key SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)" -#Placeholder of Input files to the Import tool which is the output of duplicate tool -sharedvolume="${DATA_FOLDER}" #key_id is the parameter expected by SoftHSM key_id="8738" #Key_label is the parameter expected by SoftHSM @@ -29,6 +27,8 @@ slot_no="0" token_no="Token1" #cert_id is the input for the application which is hexadecimal equivalent of key_id cert_id=$(printf '%x' ${key_id}) +#Set working dir +WORKDIR=$PWD # 1.Initialize the token/ softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \ @@ -38,10 +38,10 @@ cert_id=$(printf '%x' ${key_id}) echo "The slot ID used is ${SoftHSMv2SlotID}" # 2.Plugin directory for the SoftHSM to load plugin and for further operations -if [ -f ${sharedvolume}/out_parent_public ]; then +if [ -f ${DATA_FOLDER}/out_parent_public ]; then # 2.a Copy the required input files for the Import tool - cp ${sharedvolume}/dup* /tpm-util/bin/ + cp ${DATA_FOLDER}/dup* /tpm-util/bin/ # 2.b Run the Import Utility cd /tpm-util/bin @@ -49,7 +49,7 @@ if [ -f ${sharedvolume}/out_parent_public ]; then -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \ -password $TPM_PRK_PASSWORD - cd / + cd $WORKDIR chmod 755 softhsmconfig.sh ./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID else @@ -58,7 +58,7 @@ else echo "TPM hardware unavailable. Using SoftHSM implementation" - cd ${sharedvolume} + cd ${DATA_FOLDER} # 3.a Extract the Private key using passphrase passphrase="$(cat passphrase)" @@ -75,7 +75,7 @@ else fi # 3.a Application operation -cd ${sharedvolume} +cd ${DATA_FOLDER} # 3.b Convert the crt to der format openssl x509 -in ca.cert -outform der -out ca.der @@ -85,10 +85,10 @@ pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \ --write-object ./ca.der --type cert --id ${cert_id} # 4. Calling the functionalities of the sample application -cd / +cd $WORKDIR chmod 755 application.sh ./application.sh $key_label $SoftHSMv2SlotID $upin $cert_id # 5. Cleanup -cd / +cd $WORKDIR rm -rf slotinfo.txt |