aboutsummaryrefslogtreecommitdiffstats
path: root/plans/sdnc/sdnc_netconf_tls_post_deploy/certs
diff options
context:
space:
mode:
authorMorgan Richomme <morgan.richomme@orange.com>2020-05-11 16:07:28 +0000
committerGerrit Code Review <gerrit@onap.org>2020-05-11 16:07:28 +0000
commit59ece202f8ac9d84aae4bbe17defd9d374b513b8 (patch)
treeebaff7e967f08c4a03090651a81bda826668c557 /plans/sdnc/sdnc_netconf_tls_post_deploy/certs
parent9c41697bdcef2eddd9af6436f3feb5821c238b44 (diff)
parentebc79b2ed5b7b4bb2e8eb1d43d8710aa654b3421 (diff)
Merge "E2E Integration Test for NETCONF/TLS Configuration in SDNC."
Diffstat (limited to 'plans/sdnc/sdnc_netconf_tls_post_deploy/certs')
-rw-r--r--plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile110
-rw-r--r--plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties2
-rw-r--r--plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zipbin5057 -> 0 bytes
3 files changed, 110 insertions, 2 deletions
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile
new file mode 100644
index 00000000..b284e61e
--- /dev/null
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile
@@ -0,0 +1,110 @@
+all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15
+.PHONY: all
+#Clear certificates
+clear:
+ @echo "***** Clear certificates *****"
+ rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ @echo "***** done *****"
+
+#Generate root private and public keys
+step_1:
+ @echo "***** Generate root private and public keys *****"
+ keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "***** done *****"
+
+#Export public key as certificate
+step_2:
+ @echo "***** Export public key as certificate *****"
+ keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "***** done *****"
+
+#Self-signed root (import root certificate into truststore)
+step_3:
+ @echo "***** Self-signed root import root certificate into truststore *****"
+ keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "***** done *****"
+
+#Generate certService's client private and public keys
+step_4:
+ @echo "***** Generate certService's client private and public keys *****"
+ keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "***** done *****"
+
+#Generate certificate signing request for certService's client
+step_5:
+ @echo "***** Generate certificate signing request for certService's client *****"
+ keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "***** done *****"
+
+#Sign certService's client certificate by root CA
+step_6:
+ @echo "***** Sign certService's client certificate by root CA *****"
+ keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "***** done *****"
+
+#Import root certificate into client
+step_7:
+ @echo "***** Import root certificate into intermediate *****"
+ cat root.crt >> certServiceClientByRoot.crt
+ @echo "***** done *****"
+
+#Import signed certificate into certService's client
+step_8:
+ @echo "***** Import signed certificate into certService's client *****"
+ keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "***** done *****"
+
+#Generate certService private and public keys
+step_9:
+ @echo "***** Generate certService private and public keys *****"
+ keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "***** done *****"
+
+#Generate certificate signing request for certService
+step_10:
+ @echo "***** Generate certificate signing request for certService***** "
+ keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
+ @echo "***** done *****"
+
+#Sign certService certificate by root CA
+step_11:
+ @echo "***** Sign certService certificate by root CA *****"
+ keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
+ @echo "***** done *****"
+
+#Import root certificate into server
+step_12:
+ @echo "***** Import root certificate into intermediate *****"
+ cat root.crt >> certServiceServerByRoot.crt
+ @echo "***** done *****"
+
+#Import signed certificate into certService
+step_13:
+ @echo "***** Import signed certificate into certService *****"
+ keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
+ -storepass secret -noprompt
+ @echo "***** done *****"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+step_14:
+ @echo "***** Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) *****"
+ keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+ -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "***** done *****"
+
+#Clear unused certificates
+step_15:
+ @echo "***** Clear unused certificates *****"
+ rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "***** done *****"
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties
deleted file mode 100644
index f8f3fa72..00000000
--- a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-keys0.zip
-*****
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip
deleted file mode 100644
index 48b4d90a..00000000
--- a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip
+++ /dev/null
Binary files differ