From fd2e9971b51bee7a2f7d1c5890dfd147da02d7f4 Mon Sep 17 00:00:00 2001
From: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Date: Fri, 13 Jul 2018 16:26:16 -0700
Subject: Key distribution center container

This container generates the ca key and
certificate and encrypts it using SRK public
key and stores the generated files on host
folder shared with this container. The public
key is built into the image for sample
known target host.

Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Issue-ID: AAF-376
---
 bin/distcenter/Dockerfile    | 20 ++++++++++++++++++++
 bin/distcenter/README.md     | 17 +++++++++++++++++
 bin/distcenter/create_ca.sh  |  8 ++++++++
 bin/distcenter/entrypoint.sh | 12 ++++++++++++
 4 files changed, 57 insertions(+)
 create mode 100644 bin/distcenter/Dockerfile
 create mode 100644 bin/distcenter/README.md
 create mode 100755 bin/distcenter/create_ca.sh
 create mode 100755 bin/distcenter/entrypoint.sh

diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile
new file mode 100644
index 0000000..f79c7ef
--- /dev/null
+++ b/bin/distcenter/Dockerfile
@@ -0,0 +1,20 @@
+FROM rmannfv/aaf-base:openssl_1.1.0
+
+RUN git clone https://gerrit.onap.org/r/aaf/sshsm
+RUN cd sshsm && \
+  cd tpm-util && \
+  cd duplicate && \
+  make -f sampleMakefile
+
+RUN mkdir /createca
+COPY ./create_ca.sh /createca/
+RUN mkdir /dup
+RUN mkdir /dup/database
+RUN mkdir /dup/database/host_sample
+RUN mkdir /dup/bin
+
+RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin
+RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample
+
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md
new file mode 100644
index 0000000..973cbf9
--- /dev/null
+++ b/bin/distcenter/README.md
@@ -0,0 +1,17 @@
+Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now.
+
+Build the container using
+
+  docker build --no-cache -t dist-center .
+
+Run it mounting the volume
+
+ docker run -v /tmp/volume:/volume dist-center
+
+This will output the following files in /tmp/volume/host_sample
+
+  ca.cert
+  dupEncKey
+  dupPriv
+  dupPub
+  dupSymseed
diff --git a/bin/distcenter/create_ca.sh b/bin/distcenter/create_ca.sh
new file mode 100755
index 0000000..0296408
--- /dev/null
+++ b/bin/distcenter/create_ca.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+CA_DIR=$PWD/ca
+mkdir $CA_DIR
+mkdir -p $PWD/certs
+cd $CA_DIR
+echo "000a" > serial
+touch certindex
+openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -out ca.cert -subj '/C=US/ST=CA/L=local/O=onap/CN=test.onap.ca'
diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh
new file mode 100755
index 0000000..85cdf52
--- /dev/null
+++ b/bin/distcenter/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+cd /createca
+/createca/create_ca.sh
+cd /volume
+DLIST=`ls -d host_*`
+for DIR in $DLIST; do
+  echo $DIR
+  cp /createca/ca/ca.cert /volume/$DIR
+  cd /volume/$DIR
+  /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem  -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey
+done
-- 
cgit 1.2.3-korg