summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lucas <jflucas@research.att.com>2019-11-22 17:32:55 -0500
committerJack Lucas <jflucas@research.att.com>2020-02-03 09:30:48 -0500
commit81a0a2ed19dda1916df0a4695069e612697ba7c7 (patch)
tree6eeb53a2ff5295e6ace2d1424152c1d40e9488db
parent96e41fd64f9270cb8a434a4a586d62efb7ccadaf (diff)
Provide truststore in JKS format2.1.0
Issue-ID: DCAEGEN2-1938 Signed-off-by: Jack Lucas <jflucas@research.att.com> Change-Id: Ibd10d4e833bede448ebbc9b5e0e5be5a84155835
-rwxr-xr-xtls-init-container/dcae-cert-setup.sh23
-rw-r--r--tls-init-container/pom.xml2
2 files changed, 23 insertions, 2 deletions
diff --git a/tls-init-container/dcae-cert-setup.sh b/tls-init-container/dcae-cert-setup.sh
index da52569..e3b5dbe 100755
--- a/tls-init-container/dcae-cert-setup.sh
+++ b/tls-init-container/dcae-cert-setup.sh
@@ -29,7 +29,7 @@ export DEPLOY_PASSWORD=${DEPLOY_PASSWORD:-"demo123456!"}
export cadi_longitude=${cadi_longitude:-"-72.0"}
export cadi_latitude=${cadi_latitude:-"38.0"}
-# For now, we can deault aaf_locator_fqdn
+# For now, we can default aaf_locator_fqdn
# This points to the single DCAE cert with many SANs,
# as used in previous releases
# When we have individual certs per component, we will override this
@@ -37,6 +37,10 @@ export cadi_latitude=${cadi_latitude:-"38.0"}
# or via the k8s plugin
export aaf_locator_fqdn=${aaf_locator_fqdn:-"dcae"}
+# Our own environment variable to signal that the tls-init-container
+# is being run for a component that is a TLS server
+export TLS_SERVER=${TLS_SERVER:-"true"}
+
# Directory where AAF agent puts artifacts
ARTIFACTS=/opt/app/osaaf/local
# Directory where DCAE apps expect artifacts
@@ -45,10 +49,20 @@ TARGET=/opt/app/osaaf
# AAF namespace for the certs--used in naming artifacts
AAFNS=org.onap.dcae
+# Dummy certificate FQDN for client-only components
+# Must be set up in AAF, but won't actually be used
+DUMMY_FQDN=dcae
+
# Clean out any existing artifacts
rm -rf ${ARTIFACTS}
rm -f ${TARGET}/*
+# Set the dummy FQDN for a client-only component
+if [ "${TLS_SERVER}" == "false" ]
+then
+ export aaf_locator_fqdn=${DUMMY_FQDN}
+fi
+
# Get the certificate artifacts from AAF
/opt/app/aaf_config/bin/agent.sh
@@ -70,3 +84,10 @@ chmod 644 ${TARGET}/cert.pem ${TARGET}/key.pem
# Get the ONAP AAF CA certificate -- pass in an empty password, since the trust store doesn't have one
echo "" | keytool -exportcert -rfc -file ${TARGET}/cacert.pem -keystore ${ARTIFACTS}/${AAFNS}.trust.jks -alias ca_local_0
+
+# Remove server-related files for client-only components
+if [ "${TLS_SERVER}" == "false" ]
+then
+ rm ${TARGET}/cert.p12 ${TARGET}/cert.jks ${TARGET}/cert.pem ${TARGET}/key.pem ${TARGET}/p12.pass ${TARGET}/jks.pass
+ rm ${ARTIFACTS}/${AAFNS}.p12 ${ARTIFACTS}/${AAFNS}.jks
+fi \ No newline at end of file
diff --git a/tls-init-container/pom.xml b/tls-init-container/pom.xml
index a25a0bf..a439050 100644
--- a/tls-init-container/pom.xml
+++ b/tls-init-container/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
<groupId>org.onap.dcaegen2.deployments</groupId>
<artifactId>tls-init-container</artifactId>
<name>dcaegen2-deployments-tls-init-container</name>
- <version>2.0.1</version>
+ <version>2.1.0</version>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>