diff options
author | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2018-09-21 11:31:59 +0200 |
---|---|---|
committer | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2018-09-25 08:40:25 +0200 |
commit | e4bd899f657daa88274f1419314f43953a6bc1ef (patch) | |
tree | 387b84c7f7e922a304acd960068b82eefdd53e3b /test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh | |
parent | b4c9fdb2aca5d283e16354c488460252c68c7d67 (diff) |
Use PKCS12 key and trust store in HV-VES Collector
Usage of keystore and truststore allows us to use JDK security
framework instead of openssl JNI bindings which are sometimes
problematic.
* Replace openssl with keytool when generating the scripts
Change-Id: Icaa21cd1db443b1dd8fe7e7c0523123df5ea2545
Issue-ID: DCAEGEN2-816
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh')
-rwxr-xr-x | test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh new file mode 100755 index 000000000..34572f7a7 --- /dev/null +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +set -eu -o pipefail -o xtrace + +STORE_PASS=onaponap +CN_PREFIX=dcaegen2-hvves +DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" + +store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" + +function gen_key() { + local key_name="$1" + local ca="$2" + local keystore="-keystore ${key_name}.p12 ${store_opts}" + keytool -genkey -alias ${key_name} \ + ${keystore} \ + -keyalg RSA \ + -validity 730 \ + -keysize 2048 \ + -dname "${DNAME_PREFIX}-${key_name}" + keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} + + keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ + keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ + keytool -alias ${key_name} -importcert ${keystore} +} + + +function gen_ca() { + local ca="$1" + keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 + keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 +} + +function gen_truststore() { + local name="$1" + local trusted_ca="$2" + keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${name}.p12 +} + +function clean() { + rm -f *.crt *.p12 +} + +if [[ $# -eq 0 ]]; then + gen_ca ca + gen_ca untrustedca + gen_truststore trust ca + gen_truststore untrustedtrust untrustedca + gen_key client ca + gen_key server ca + gen_key untrustedclient untrustedca +elif [[ $1 == "clean" ]]; then + clean +else + echo "usage: $0 [clean]" + exit 1 +fi + |