aboutsummaryrefslogtreecommitdiffstats
path: root/misc
diff options
context:
space:
mode:
authordglFromAtt <dgl@research.att.com>2018-04-24 08:46:34 -0400
committerdglFromAtt <dgl@research.att.com>2018-04-24 08:46:40 -0400
commit038b4a47c7194b51106cf2c325078924403defea (patch)
tree5e8107c36e1a9cc791d7dc297d5f56ce599caccb /misc
parentd416829dabd3ea20cb756a69b60f179636839f4f (diff)
Integrate AAF certificate and CA truststore
This installs a server certificate with CN: dbc.api.simpledemo.onap.org which is probably good for the heat integration environment. Also, the container truststore is updated with the AAFRootCA so that Bus Controller can be a client to other ONAP components with AAF provided certificates. Change-Id: I158929dd86fa550f964fab18eb8e975cde8062d8 Signed-off-by: dglFromAtt <dgl@research.att.com> Issue-ID: DMAAP-435
Diffstat (limited to 'misc')
-rw-r--r--misc/cert-client-init.sh60
-rw-r--r--misc/dbc-api.jksbin0 -> 3570 bytes
-rw-r--r--misc/dmaapbc29
-rw-r--r--misc/doaction1
4 files changed, 52 insertions, 38 deletions
diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh
index 53701f8..cba9354 100644
--- a/misc/cert-client-init.sh
+++ b/misc/cert-client-init.sh
@@ -8,35 +8,49 @@
# Works on both CentOS and Ubuntu.
#
set -x
-cat >/tmp/aafcacert.crt <<'!EOF'
+
+# IMPORTANT: use a .crt suffix for update-ca-certificates to work
+#
+AAFCERT=AAF_RootCA.crt
+cat >/tmp/$AAFCERT <<'!EOF'
-----BEGIN CERTIFICATE-----
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-******* PUT REAL CERTIFICATE HERE ****************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
-****************************************************************
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
-----END CERTIFICATE-----
!EOF
-chmod 444 /tmp/aafcacert.crt
+chmod 444 /tmp/$AAFCERT
if [ -f /etc/redhat-release ]
then
- mv /tmp/aafcacert.crt /etc/pki/ca-trust/source/anchors/aafcacert.pem
+ mv /tmp/$AAFCERT /etc/pki/ca-trust/source/anchors/aafcacert.pem
update-ca-trust
else
- mv /tmp/aafcacert.crt /usr/local/share/ca-certificates/aafcacert.crt
+ mv /tmp/$AAFCERT /usr/local/share/ca-certificates/$AAFCERT
update-ca-certificates
fi
diff --git a/misc/dbc-api.jks b/misc/dbc-api.jks
new file mode 100644
index 0000000..8c0f61a
--- /dev/null
+++ b/misc/dbc-api.jks
Binary files differ
diff --git a/misc/dmaapbc b/misc/dmaapbc
index c63fcee..5254108 100644
--- a/misc/dmaapbc
+++ b/misc/dmaapbc
@@ -43,13 +43,15 @@ config() {
else
echo "Not creating $APP_ROOT/ok_to_exit"
fi
- # comment out till certs are available
- #if [ ! -f $APP_ROOT/misc/cert-client-init.sh ]
- #then
- # echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore"
- # exit 1
- #fi
- #$APP_ROOT/misc/cert-client-init.sh
+
+ if [ ! -f $APP_ROOT/misc/cert-client-init.sh ]
+ then
+ echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore"
+ exit 1
+ fi
+ $APP_ROOT/misc/cert-client-init.sh
+ . misc/havecert.tmpl > etc/havecert
+ chmod +x etc/havecert
. misc/dmaapbc.properties.tmpl > etc/dmaapbc.properties
. misc/PolicyEngineApi.properties.tmpl > config/PolicyEngineApi.properties
set +x
@@ -71,14 +73,13 @@ start() {
fi
cd $APP_ROOT
-# disable until we use certs
-# if etc/havecert
-# then
+ if etc/havecert
+ then
echo >/dev/null
-# else
-# echo No certificate file available. Cannot start
-# exit 0
-# fi
+ else
+ echo No certificate file available. Cannot start
+ exit 0
+ fi
PIDS=`pids`
if [ "$PIDS" != "" ]
then
diff --git a/misc/doaction b/misc/doaction
index d3dd9b8..18b0caa 100644
--- a/misc/doaction
+++ b/misc/doaction
@@ -20,7 +20,6 @@ case "$action" in
/bin/bash dmaapbc.properties.tmpl >dmaapbc.properties
/bin/bash havecert.tmpl >havecert
/bin/bash PolicyEngineApi.properties.tmpl > ../config/PolicyEngineApi.properties
- echo "$AFTSWM_ACTION_NEW_VERSION" >VERSION.dmaapbc
chmod +x havecert
rm -f /opt/app/platform/rc.d/K90dmaapbc /opt/app/platform/rc.d/S10dmaapbc
ln -s ../init.d/dmaapbc /opt/app/platform/rc.d/K90dmaapbc