aboutsummaryrefslogtreecommitdiffstats
path: root/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-09-21 11:31:59 +0200
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-09-25 08:40:25 +0200
commite4bd899f657daa88274f1419314f43953a6bc1ef (patch)
tree387b84c7f7e922a304acd960068b82eefdd53e3b /test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh
parentb4c9fdb2aca5d283e16354c488460252c68c7d67 (diff)
Use PKCS12 key and trust store in HV-VES Collector
Usage of keystore and truststore allows us to use JDK security framework instead of openssl JNI bindings which are sometimes problematic. * Replace openssl with keytool when generating the scripts Change-Id: Icaa21cd1db443b1dd8fe7e7c0523123df5ea2545 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh')
-rwxr-xr-xtest/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh59
1 files changed, 59 insertions, 0 deletions
diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh
new file mode 100755
index 000000000..34572f7a7
--- /dev/null
+++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail -o xtrace
+
+STORE_PASS=onaponap
+CN_PREFIX=dcaegen2-hvves
+DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}"
+
+store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt"
+
+function gen_key() {
+ local key_name="$1"
+ local ca="$2"
+ local keystore="-keystore ${key_name}.p12 ${store_opts}"
+ keytool -genkey -alias ${key_name} \
+ ${keystore} \
+ -keyalg RSA \
+ -validity 730 \
+ -keysize 2048 \
+ -dname "${DNAME_PREFIX}-${key_name}"
+ keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore}
+
+ keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \
+ keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \
+ keytool -alias ${key_name} -importcert ${keystore}
+}
+
+
+function gen_ca() {
+ local ca="$1"
+ keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12
+ keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12
+}
+
+function gen_truststore() {
+ local name="$1"
+ local trusted_ca="$2"
+ keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${name}.p12
+}
+
+function clean() {
+ rm -f *.crt *.p12
+}
+
+if [[ $# -eq 0 ]]; then
+ gen_ca ca
+ gen_ca untrustedca
+ gen_truststore trust ca
+ gen_truststore untrustedtrust untrustedca
+ gen_key client ca
+ gen_key server ca
+ gen_key untrustedclient untrustedca
+elif [[ $1 == "clean" ]]; then
+ clean
+else
+ echo "usage: $0 [clean]"
+ exit 1
+fi
+