diff options
author | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2018-09-21 11:31:59 +0200 |
---|---|---|
committer | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2018-09-25 08:40:25 +0200 |
commit | e4bd899f657daa88274f1419314f43953a6bc1ef (patch) | |
tree | 387b84c7f7e922a304acd960068b82eefdd53e3b /test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl | |
parent | b4c9fdb2aca5d283e16354c488460252c68c7d67 (diff) |
Use PKCS12 key and trust store in HV-VES Collector
Usage of keystore and truststore allows us to use JDK security
framework instead of openssl JNI bindings which are sometimes
problematic.
* Replace openssl with keytool when generating the scripts
Change-Id: Icaa21cd1db443b1dd8fe7e7c0523123df5ea2545
Issue-ID: DCAEGEN2-816
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl')
-rw-r--r-- | test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl new file mode 100644 index 000000000..a32d30dd0 --- /dev/null +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl @@ -0,0 +1,41 @@ +FILE=sample +PASSWD=onaponap +CA_PASSWD=onaponap +SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO +CA=trust + +sign: $(FILE).crt + +clean: + rm -f *.crt *.key *.srl *.csr *.pkcs12 + +generate-ca-certificate: $(CA).crt + +generate-private-key: $(FILE).key + +create-public-key: $(FILE).pub + +create-sign-request: $(FILE).csr + +create-key-store: $(FILE).ks.pkcs12 + +create-trust-store: $(CA).crt + openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) + +$(CA).crt: + openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" + +$(FILE).key: + openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 + +$(FILE).pub: $(FILE).key + openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt + +$(FILE).csr: $(FILE).key + openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" + +$(FILE).crt: $(CA).crt $(FILE).csr + openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) + +$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt + openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) |