diff options
author | Jack Lucas <jflucas@research.att.com> | 2019-11-22 17:32:55 -0500 |
---|---|---|
committer | Jack Lucas <jflucas@research.att.com> | 2020-02-03 09:30:48 -0500 |
commit | 81a0a2ed19dda1916df0a4695069e612697ba7c7 (patch) | |
tree | 6eeb53a2ff5295e6ace2d1424152c1d40e9488db /tls-init-container/dcae-cert-setup.sh | |
parent | 96e41fd64f9270cb8a434a4a586d62efb7ccadaf (diff) |
Provide truststore in JKS format2.1.0
Issue-ID: DCAEGEN2-1938
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: Ibd10d4e833bede448ebbc9b5e0e5be5a84155835
Diffstat (limited to 'tls-init-container/dcae-cert-setup.sh')
-rwxr-xr-x | tls-init-container/dcae-cert-setup.sh | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/tls-init-container/dcae-cert-setup.sh b/tls-init-container/dcae-cert-setup.sh index da52569..e3b5dbe 100755 --- a/tls-init-container/dcae-cert-setup.sh +++ b/tls-init-container/dcae-cert-setup.sh @@ -29,7 +29,7 @@ export DEPLOY_PASSWORD=${DEPLOY_PASSWORD:-"demo123456!"} export cadi_longitude=${cadi_longitude:-"-72.0"} export cadi_latitude=${cadi_latitude:-"38.0"} -# For now, we can deault aaf_locator_fqdn +# For now, we can default aaf_locator_fqdn # This points to the single DCAE cert with many SANs, # as used in previous releases # When we have individual certs per component, we will override this @@ -37,6 +37,10 @@ export cadi_latitude=${cadi_latitude:-"38.0"} # or via the k8s plugin export aaf_locator_fqdn=${aaf_locator_fqdn:-"dcae"} +# Our own environment variable to signal that the tls-init-container +# is being run for a component that is a TLS server +export TLS_SERVER=${TLS_SERVER:-"true"} + # Directory where AAF agent puts artifacts ARTIFACTS=/opt/app/osaaf/local # Directory where DCAE apps expect artifacts @@ -45,10 +49,20 @@ TARGET=/opt/app/osaaf # AAF namespace for the certs--used in naming artifacts AAFNS=org.onap.dcae +# Dummy certificate FQDN for client-only components +# Must be set up in AAF, but won't actually be used +DUMMY_FQDN=dcae + # Clean out any existing artifacts rm -rf ${ARTIFACTS} rm -f ${TARGET}/* +# Set the dummy FQDN for a client-only component +if [ "${TLS_SERVER}" == "false" ] +then + export aaf_locator_fqdn=${DUMMY_FQDN} +fi + # Get the certificate artifacts from AAF /opt/app/aaf_config/bin/agent.sh @@ -70,3 +84,10 @@ chmod 644 ${TARGET}/cert.pem ${TARGET}/key.pem # Get the ONAP AAF CA certificate -- pass in an empty password, since the trust store doesn't have one echo "" | keytool -exportcert -rfc -file ${TARGET}/cacert.pem -keystore ${ARTIFACTS}/${AAFNS}.trust.jks -alias ca_local_0 + +# Remove server-related files for client-only components +if [ "${TLS_SERVER}" == "false" ] +then + rm ${TARGET}/cert.p12 ${TARGET}/cert.jks ${TARGET}/cert.pem ${TARGET}/key.pem ${TARGET}/p12.pass ${TARGET}/jks.pass + rm ${ARTIFACTS}/${AAFNS}.p12 ${ARTIFACTS}/${AAFNS}.jks +fi
\ No newline at end of file |