From fd2e9971b51bee7a2f7d1c5890dfd147da02d7f4 Mon Sep 17 00:00:00 2001 From: Manjunath Ranganathaiah Date: Fri, 13 Jul 2018 16:26:16 -0700 Subject: Key distribution center container This container generates the ca key and certificate and encrypts it using SRK public key and stores the generated files on host folder shared with this container. The public key is built into the image for sample known target host. Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f Signed-off-by: Manjunath Ranganathaiah Issue-ID: AAF-376 --- bin/distcenter/Dockerfile | 20 ++++++++++++++++++++ bin/distcenter/README.md | 17 +++++++++++++++++ bin/distcenter/create_ca.sh | 8 ++++++++ bin/distcenter/entrypoint.sh | 12 ++++++++++++ 4 files changed, 57 insertions(+) create mode 100644 bin/distcenter/Dockerfile create mode 100644 bin/distcenter/README.md create mode 100755 bin/distcenter/create_ca.sh create mode 100755 bin/distcenter/entrypoint.sh diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile new file mode 100644 index 0000000..f79c7ef --- /dev/null +++ b/bin/distcenter/Dockerfile @@ -0,0 +1,20 @@ +FROM rmannfv/aaf-base:openssl_1.1.0 + +RUN git clone https://gerrit.onap.org/r/aaf/sshsm +RUN cd sshsm && \ + cd tpm-util && \ + cd duplicate && \ + make -f sampleMakefile + +RUN mkdir /createca +COPY ./create_ca.sh /createca/ +RUN mkdir /dup +RUN mkdir /dup/database +RUN mkdir /dup/database/host_sample +RUN mkdir /dup/bin + +RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin +RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample + +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md new file mode 100644 index 0000000..973cbf9 --- /dev/null +++ b/bin/distcenter/README.md @@ -0,0 +1,17 @@ +Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now. + +Build the container using + + docker build --no-cache -t dist-center . + +Run it mounting the volume + + docker run -v /tmp/volume:/volume dist-center + +This will output the following files in /tmp/volume/host_sample + + ca.cert + dupEncKey + dupPriv + dupPub + dupSymseed diff --git a/bin/distcenter/create_ca.sh b/bin/distcenter/create_ca.sh new file mode 100755 index 0000000..0296408 --- /dev/null +++ b/bin/distcenter/create_ca.sh @@ -0,0 +1,8 @@ +#!/bin/bash +CA_DIR=$PWD/ca +mkdir $CA_DIR +mkdir -p $PWD/certs +cd $CA_DIR +echo "000a" > serial +touch certindex +openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -out ca.cert -subj '/C=US/ST=CA/L=local/O=onap/CN=test.onap.ca' diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh new file mode 100755 index 0000000..85cdf52 --- /dev/null +++ b/bin/distcenter/entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e +cd /createca +/createca/create_ca.sh +cd /volume +DLIST=`ls -d host_*` +for DIR in $DLIST; do + echo $DIR + cp /createca/ca/ca.cert /volume/$DIR + cd /volume/$DIR + /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey +done -- cgit 1.2.3-korg