aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorefiacor <fiachra.corcoran@est.tech>2021-03-18 12:37:58 +0000
committerefiacor <fiachra.corcoran@est.tech>2021-03-18 12:38:05 +0000
commit452cf07374e1eba2220ca516e6ad690f7715b248 (patch)
tree5759b02a98a535244ce84f87156c1caaaa1c034e /scripts
parent1d3ceea1defb5640e9f850dad647904b41002988 (diff)
[DMAAP-DR] Refactoring ssl csit suite
Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I6eafd28c5a61fda42ddc61b2d40c4c8208f62670 Issue-ID: DMAAP-1571
Diffstat (limited to 'scripts')
-rw-r--r--scripts/dmaap-datarouter/datarouter-launch.sh92
-rw-r--r--scripts/dmaap-datarouter/datarouterCA.crt39
-rw-r--r--scripts/dmaap-datarouter/docker-compose/docker-compose.yml118
-rw-r--r--scripts/dmaap-datarouter/docker-compose/node.properties82
-rwxr-xr-xscripts/dmaap-datarouter/docker-compose/provserver.properties55
-rw-r--r--scripts/dmaap-datarouter/docker-compose/subscriber.properties35
-rw-r--r--scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12bin0 -> 4596 bytes
-rw-r--r--scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props17
-rw-r--r--scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jksbin0 -> 3234 bytes
-rwxr-xr-xscripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12bin0 -> 4596 bytes
-rw-r--r--scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props17
-rw-r--r--scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jksbin0 -> 3234 bytes
-rw-r--r--scripts/dmaap-datarouter/remove_cert_from_ca.py51
-rw-r--r--scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem40
-rw-r--r--scripts/dmaap-datarouter/robot_ssl/update_ca.py65
-rw-r--r--scripts/dmaap-datarouter/update_ca.py33
16 files changed, 521 insertions, 123 deletions
diff --git a/scripts/dmaap-datarouter/datarouter-launch.sh b/scripts/dmaap-datarouter/datarouter-launch.sh
new file mode 100644
index 00000000..0339e389
--- /dev/null
+++ b/scripts/dmaap-datarouter/datarouter-launch.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+function dmaap_dr_launch() {
+
+ subscribers_required=$1
+ mkdir -p ${WORKSPACE}/archives/dmaap/dr/last_run_logs
+ cd ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose
+
+ # start DMaaP DR containers with docker compose and configuration from docker-compose.yml
+ docker login -u docker -p docker nexus3.onap.org:10001
+ if [[ ${subscribers_required} == true ]]; then
+ docker-compose up -d
+ else
+ docker-compose up -d datarouter-prov datarouter-node mariadb
+ fi
+
+ # Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb
+ for i in 1 2 3 4 5 6 7 8 9 10; do
+ if [[ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ]] && \
+ [[ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ]] && \
+ [[ $(docker inspect --format '{{ .State.Running }}' mariadb) ]]
+ then
+ echo "DR Service Running"
+ break
+ else
+ echo sleep ${i}
+ sleep ${i}
+ fi
+ done
+
+ # Wait for healthy container datarouter-prov
+ for i in 1 2 3 4 5 6 7 8 9 10; do
+ if [[ "$(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)" = 'healthy' ]]
+ then
+ echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)
+ echo "DR Service Running, datarouter-prov container is healthy"
+ break
+ else
+ echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)
+ echo sleep ${i}
+ sleep ${i}
+ if [[ ${i} = 10 ]]
+ then
+ echo datarouter-prov container is not in healthy state - the test is not made, teardown...
+ docker-compose rm -sf
+ exit 1
+ fi
+ fi
+ done
+
+ DR_PROV_IP=`get-instance-ip.sh datarouter-prov`
+ DR_NODE_IP=`get-instance-ip.sh datarouter-node`
+ DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov)
+ echo DR_PROV_IP=${DR_PROV_IP}
+ echo DR_NODE_IP=${DR_NODE_IP}
+ echo DR_GATEWAY_IP=${DR_GATEWAY_IP}
+ if [[ ${subscribers_required} == true ]]
+ then
+ DR_SUB_IP=`get-instance-ip.sh subscriber-node`
+ DR_SUB2_IP=`get-instance-ip.sh subscriber-node2`
+ echo DR_SUB_IP=${DR_SUB_IP}
+ echo DR_SUB2_IP=${DR_SUB2_IP}
+ fi
+
+
+ sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts
+ sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts
+
+ docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP"
+
+ #Pass any variables required by Robot test suites in ROBOT_VARIABLES
+ ROBOT_VARIABLES="-v DR_PROV_IP:${DR_PROV_IP} -v DR_NODE_IP:${DR_NODE_IP} -v DR_SUB_IP:${DR_SUB_IP} -v DR_SUB2_IP:${DR_SUB2_IP}"
+} \ No newline at end of file
diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt
deleted file mode 100644
index a8a0ed84..00000000
--- a/scripts/dmaap-datarouter/datarouterCA.crt
+++ /dev/null
@@ -1,39 +0,0 @@
-
-# Issuer: C=US,O=ONAP,OU=OSAAF
-# Subject: C=US,O=ONAP,OU=OSAAF
-# Label: ""
-# Serial: 0x9EAEEDC0A7CEB59D
-# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F
-# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B
-# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE----- \ No newline at end of file
diff --git a/scripts/dmaap-datarouter/docker-compose/docker-compose.yml b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml
new file mode 100644
index 00000000..377e5514
--- /dev/null
+++ b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml
@@ -0,0 +1,118 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-21 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+#
+version: '2.1'
+services:
+ datarouter-prov:
+ image: nexus3.onap.org:10001/onap/dmaap/datarouter-prov
+ container_name: datarouter-prov
+ hostname: dmaap-dr-prov
+ ports:
+ - "443:8443"
+ - "8443:8443"
+ - "8080:8080"
+ volumes:
+ - ./provserver.properties:/opt/app/datartr/etc/provserver.properties
+ - ../dr_certs/dr_prov/truststore.jks:/opt/app/osaaf/local/truststore.jks
+ - ../dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12
+ - ../dr_certs/dr_prov/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props
+ depends_on:
+ mariadb:
+ condition: service_healthy
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"]
+ interval: 10s
+ timeout: 30s
+ retries: 5
+ networks:
+ testing_net:
+ aliases:
+ - dmaap-dr-prov
+
+ datarouter-node:
+ image: nexus3.onap.org:10001/onap/dmaap/datarouter-node
+ container_name: datarouter-node
+ hostname: dmaap-dr-node
+ ports:
+ - "9443:8443"
+ - "9090:8080"
+ volumes:
+ - ./node.properties:/opt/app/datartr/etc/node.properties
+ - ../dr_certs/dr_node/truststore.jks:/opt/app/osaaf/local/truststore.jks
+ - ../dr_certs/dr_node/org.onap.dmaap-dr-node.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12
+ - ../dr_certs/dr_node/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props
+ depends_on:
+ datarouter-prov:
+ condition: service_healthy
+ networks:
+ testing_net:
+ aliases:
+ - dmaap-dr-node
+
+ datarouter-subscriber:
+ image: nexus3.onap.org:10001/onap/dmaap/datarouter-subscriber
+ container_name: subscriber-node
+ hostname: subscriber.com
+ ports:
+ - "7070:7070"
+ volumes:
+ - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties
+ networks:
+ testing_net:
+ aliases:
+ - subscriber.com
+
+ datarouter-subscriber2:
+ image: nexus3.onap.org:10001/onap/dmaap/datarouter-subscriber
+ container_name: subscriber-node2
+ hostname: subscriber2.com
+ ports:
+ - "7071:7070"
+ volumes:
+ - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties
+ networks:
+ testing_net:
+ aliases:
+ - subscriber2.com
+
+ mariadb:
+ image: mariadb:10.2.14
+ container_name: mariadb
+ hostname: datarouter-mariadb
+ ports:
+ - "3306:3306"
+ environment:
+ MYSQL_ROOT_PASSWORD: datarouter
+ MYSQL_DATABASE: datarouter
+ MYSQL_USER: datarouter
+ MYSQL_PASSWORD: datarouter
+ healthcheck:
+ test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost", "-u", "datarouter", "-pdatarouter", "--silent"]
+ interval: 10s
+ timeout: 30s
+ retries: 5
+ networks:
+ testing_net:
+ aliases:
+ - datarouter-mariadb
+
+networks:
+ testing_net:
+ driver: bridge
diff --git a/scripts/dmaap-datarouter/docker-compose/node.properties b/scripts/dmaap-datarouter/docker-compose/node.properties
new file mode 100644
index 00000000..58639cfd
--- /dev/null
+++ b/scripts/dmaap-datarouter/docker-compose/node.properties
@@ -0,0 +1,82 @@
+# ============LICENSE_START===================================================
+# Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+#
+# Configuration parameters set at startup for the DataRouter node
+#
+# URL to retrieve dynamic configuration
+ProvisioningURL = https://dmaap-dr-prov:8443/internal/prov
+#
+# URL to upload PUB/DEL/EXP logs
+LogUploadURL = https://dmaap-dr-prov:8443/internal/logs
+#
+# The port number for http as seen within the server
+IntHttpPort = 8080
+#
+# The port number for https as seen within the server
+IntHttpsPort = 8443
+#
+# The external port number for https taking port mapping into account
+ExtHttpsPort = 443
+#
+# The minimum interval between fetches of the dynamic configuration from the provisioning server
+MinProvFetchInterval = 10000
+#
+# The minimum interval between saves of the redirection data file
+MinRedirSaveInterval = 10000
+#
+# The path to the directory where log files are stored
+LogDir = /opt/app/datartr/logs
+#
+# The retention interval (in days) for log files
+LogRetention = 30
+#
+# The path to the directories where data and meta data files are stored
+SpoolDir = /opt/app/datartr/spool
+#
+# The path to the redirection data file
+RedirectionFile = etc/redirections.dat
+#
+# The type of keystore for https
+KeyStoreType = PKCS12
+#
+# The type of truststore for https
+TrustStoreType = jks
+#
+# The path to the file used to trigger an orderly shutdown
+QuiesceFile = etc/SHUTDOWN
+#
+# The key used to generate passwords for node to node transfers
+NodeAuthKey = Node123!
+#
+# DR_NODE DEFAULT ENABLED TLS PROTOCOLS
+NodeHttpsProtocols = TLSv1.1|TLSv1.2
+#
+# AAF type to generate permission string
+AAFType = org.onap.dmaap-dr.feed
+#
+# AAF default instance to generate permission string - default should be legacy
+AAFInstance = legacy
+#
+# AAF action to generate permission string - default should be publish
+AAFAction = publish
+#
+# AAF CADI enabled flag
+CadiEnabled = false
+#
+# AAF Props file path
+AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
diff --git a/scripts/dmaap-datarouter/docker-compose/provserver.properties b/scripts/dmaap-datarouter/docker-compose/provserver.properties
new file mode 100755
index 00000000..b54868e2
--- /dev/null
+++ b/scripts/dmaap-datarouter/docker-compose/provserver.properties
@@ -0,0 +1,55 @@
+# ============LICENSE_START===================================================
+# Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+#Jetty Server properties
+org.onap.dmaap.datarouter.provserver.http.port = 8080
+org.onap.dmaap.datarouter.provserver.https.port = 8443
+org.onap.dmaap.datarouter.provserver.https.relaxation = true
+
+org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
+org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
+org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
+org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
+org.onap.dmaap.datarouter.provserver.logretention = 30
+
+#DMAAP-597 (Tech Dept) REST request source IP auth
+# relaxation to accommodate OOM kubernetes deploy
+org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
+
+#Localhost address config
+org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1
+
+# Database access
+org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://datarouter-mariadb:3306/datarouter
+org.onap.dmaap.datarouter.db.login = datarouter
+org.onap.dmaap.datarouter.db.password = datarouter
+
+# PROV - DEFAULT ENABLED TLS PROTOCOLS
+org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
+
+# AAF config
+org.onap.dmaap.datarouter.provserver.cadi.enabled = false
+
+org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234#
+org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
+org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
+org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
+org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
+org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe \ No newline at end of file
diff --git a/scripts/dmaap-datarouter/docker-compose/subscriber.properties b/scripts/dmaap-datarouter/docker-compose/subscriber.properties
new file mode 100644
index 00000000..311bbe56
--- /dev/null
+++ b/scripts/dmaap-datarouter/docker-compose/subscriber.properties
@@ -0,0 +1,35 @@
+# ============LICENSE_START===================================================
+# Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+#Subscriber properties
+org.onap.dmaap.datarouter.subscriber.http.port = 7070
+org.onap.dmaap.datarouter.subscriber.https.port = 7443
+org.onap.dmaap.datarouter.subscriber.auth.user = LOGIN
+org.onap.dmaap.datarouter.subscriber.auth.password = PASSWORD
+org.onap.dmaap.datarouter.subscriber.delivery.dir = /opt/app/subscriber/delivery
+
+org.onap.dmaap.datarouter.subscriber.https.relaxation = true
+org.onap.dmaap.datarouter.subscriber.keystore.type = jks
+org.onap.dmaap.datarouter.subscriber.keymanager.password = changeit
+org.onap.dmaap.datarouter.subscriber.keystore.path = /opt/app/datartr/self_signed/keystore.jks
+org.onap.dmaap.datarouter.subscriber.keystore.password = changeit
+org.onap.dmaap.datarouter.subscriber.truststore.path = /opt/app/datartr/self_signed/cacerts.jks
+org.onap.dmaap.datarouter.subscriber.truststore.password = changeit
+
+
+
diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12
new file mode 100644
index 00000000..3793a9d4
--- /dev/null
+++ b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12
Binary files differ
diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props
new file mode 100644
index 00000000..e32e7282
--- /dev/null
+++ b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props
@@ -0,0 +1,17 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by root
+# on 2021-03-12T11:38:49.244+0000
+# @copyright 2019, AT&T
+############################################################
+Challenge=secret
+cadi_alias=dmaap-dr-node@dmaap-dr.onap.org
+cadi_key_password=secret
+#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile
+cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12
+cadi_keystore_password=secret
+cadi_keystore_password_jks=secret
+cadi_keystore_password_p12=secret
+cadi_truststore=/opt/app/osaaf/local/truststore.jks
+cadi_truststore_password=secret
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks b/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks
new file mode 100644
index 00000000..91547c60
--- /dev/null
+++ b/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks
Binary files differ
diff --git a/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12
new file mode 100755
index 00000000..1393fb05
--- /dev/null
+++ b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12
Binary files differ
diff --git a/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props
new file mode 100644
index 00000000..18f91ba8
--- /dev/null
+++ b/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props
@@ -0,0 +1,17 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by root
+# on 2021-03-12T11:29:50.699+0000
+# @copyright 2019, AT&T
+############################################################
+Challenge=secret
+cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org
+cadi_key_password=secret
+#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile
+cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12
+cadi_keystore_password=secret
+cadi_keystore_password_jks=secret
+cadi_keystore_password_p12=secret
+cadi_truststore=/opt/app/osaaf/local/truststore.jks
+cadi_truststore_password=secret
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks b/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks
new file mode 100644
index 00000000..91547c60
--- /dev/null
+++ b/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks
Binary files differ
diff --git a/scripts/dmaap-datarouter/remove_cert_from_ca.py b/scripts/dmaap-datarouter/remove_cert_from_ca.py
deleted file mode 100644
index 4ed9b777..00000000
--- a/scripts/dmaap-datarouter/remove_cert_from_ca.py
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-
-import certifi
-import os
-
-cafile = certifi.where()
-number_of_lines_to_delete = 39
-count = 0
-dr_cert_exists = False
-
-with open(cafile, 'r+b', buffering=0) as outfile:
- for line in outfile.readlines()[-35:-34]:
- if '# Serial: 0x9EAEEDC0A7CEB59D'.encode() in line:
- dr_cert_exists = True
- if dr_cert_exists:
- outfile.seek(0, os.SEEK_END)
- end = outfile.tell()
- while outfile.tell() > 0:
- outfile.seek(-1, os.SEEK_CUR)
- char = outfile.read(1)
- if char == b'\n':
- count += 1
- if count == number_of_lines_to_delete:
- outfile.truncate()
- print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File")
- exit(0)
- outfile.seek(-1, os.SEEK_CUR)
- else:
- print("No DR cert in CA File to remove")
-
-if count < number_of_lines_to_delete + 1:
- print("Number of lines in file less than number of lines to delete. Exiting...")
- exit(1)
diff --git a/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem b/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem
new file mode 100644
index 00000000..1f9d08e5
--- /dev/null
+++ b/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem
@@ -0,0 +1,40 @@
+
+# Issuer: C=US,O=ONAP,OU=OSAAF
+# Subject: C=US,O=ONAP,OU=OSAAF
+# Label: ""
+# Serial: 0x9EAEEDC0A7CEB59D
+# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F
+# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B
+# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA
+-----BEGIN CERTIFICATE-----
+MIIFczCCA1ugAwIBAgIUVl0TXS1NTKZy68+AFpfvCBbs3JwwDQYJKoZIhvcNAQEL
+BQAwQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNVBAoM
+BE9OQVAxDjAMBgNVBAsMBU9TQUFGMB4XDTIxMDMxNjE1MjA1MloXDTQxMDMxMTE1
+MjA1MlowQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNV
+BAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1NdArmwTe6C9NZnMAPP0uvy9IH/+Lc9dgO9+j6F+JqLDXn+O5vaj
+6EMU5o60sGzymbMdwk26jiR7KYG8puZzI0EsjwELrLV5NYrUR1y7g+sbJWFUiB0X
+SseifQD9bSG0YBX7J6bQEilh18+oWpXIygl8/VJuiuDhaYdakmwn9AxQRm/zRDcI
+tMS49gq7ARpwMrZaZkQ5eL2R0eX4yj915fAgsvLNmfNTkkTCTBuGYAfixz2+uz8r
+4xZqxXrln6CVe6pV5MOxxQsJq0QfSfNxKFqhVJTSj3STG8UDKDPIcTqVLS6v3/iY
+WX43pHuqjfrGLy3HjPCIWphsx9EWq02bnLvwsnibRgfXjZNbdhePOZV8Xd+4MfHy
+uyFRf5xHvQm3f3vLtCQ1rmHk/3wb2Mb1SbTGt6sL6Waqs/VnnPyTwhXJk6RnU991
+qAnqSCLzKNEPNnpSTQKU35NPbdCAw/z97K5Ar8JWH2XiM65dV0j0d/Ura0PXUXRN
+Royi7rREJKBMFszwxqCCHZkH6/Fbs8vmBWC1gLQgDqK+IgU1/+ytUPOsMVqPcNjM
+RrZyd8xCoxEyd+Ly6y2EF9RE6qS/rlW/yUh3AIBlpcsVxc+Kh1nvNRLLJzHvrvSs
+wvd6LpWHVaffO02hp3suXDwOtLq91lAHLA48iDty/Js+jFjohZJ/+LsCAwEAAaNj
+MGEwHQYDVR0OBBYEFMeiRem06VRh0sL0L5k9B5A01QAoMB8GA1UdIwQYMBaAFMei
+Rem06VRh0sL0L5k9B5A01QAoMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBGdpwWyOIw7jBkEJbheeje8ccc51Z0SY/8
+oo/cYi9cI2SNtE4yt9SOZtXiWO1ga1PuFP5vNkPZu3MtqtsDt8CsSgYfgCKX1DH4
+RloTJJO73UKuMmnoqHNsuE6rHRrcoqcV8XJJ9uBz2cDVWfVDG5Pf92lB1cLQ5AGb
+X7O7MKNHu4woFdbbI8f3TN6Qx5oAcrS1alLMuPJhIkwcHuiWdjJuORx2MK4K9gov
+yRJceVyqMiTr7GGYFi/FQKIzIaHeKgQy+YGLfQ1GcbUmVItU4aQMfSM2RXb7wJ90
+XBFi0NjXZfMXVZ9kxqIki/s6NefrDAOFjHINUxGucXjEw1raewprErlsNt/8SUKT
+EDSLe1YD558jzUaqVdWinL6gMRTyyHOwt/51mg4sn3i2WLdL1Hno4F7GUIbkBmi5
+VSDDWnXdpwaFWeqA8JAvy+JIh+Ju671U1HhB68lGRvNOgfZbvW3m8GGpXldR5krR
+OYhwbxdU1rNYHH+DJ0KE4L1Y6es/571+UH7NFbvO6jAk9G/Fudel+SwhXVfFo0pi
+mmXAwT2bmDEiYBzDNHFwyT3+OGKXiDXuMvMB9ic7p3Zk9X0mRtpubW1gfZvUqIqe
+jaVeZdad0DX1yfjwi5zYT+ViI7pjXVYlgiBAnjMrEmWOpRcs793F5zBiyDjaUNFt
+3arVcS9XgA==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/scripts/dmaap-datarouter/robot_ssl/update_ca.py b/scripts/dmaap-datarouter/robot_ssl/update_ca.py
new file mode 100644
index 00000000..d36f8acc
--- /dev/null
+++ b/scripts/dmaap-datarouter/robot_ssl/update_ca.py
@@ -0,0 +1,65 @@
+# ============LICENSE_START===================================================
+# Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+import certifi
+import os
+
+
+def add_onap_ca_cert():
+ cafile = certifi.where()
+ dir_path = os.path.dirname(os.path.realpath(__file__))
+ datarouter_ca = dir_path + '/onap_ca_cert.pem'
+ with open(datarouter_ca, 'rb') as infile:
+ customca = infile.read()
+
+ with open(cafile, 'ab') as outfile:
+ outfile.write(customca)
+
+ print("Added DR Cert to CA")
+
+
+def remove_onap_ca_cert():
+ cafile = certifi.where()
+ number_of_lines_to_delete = 40
+ count = 0
+ dr_cert_exists = False
+
+ with open(cafile, 'r+b', buffering=0) as outfile:
+ for line in outfile.readlines()[-36:-35]:
+ if '# Serial: 0x9EAEEDC0A7CEB59D'.encode() in line:
+ dr_cert_exists = True
+ if dr_cert_exists:
+ outfile.seek(0, os.SEEK_END)
+ end = outfile.tell()
+ while outfile.tell() > 0:
+ outfile.seek(-1, os.SEEK_CUR)
+ char = outfile.read(1)
+ if char == b'\n':
+ count += 1
+ if count == number_of_lines_to_delete:
+ outfile.truncate()
+ print(
+ "Removed " + str(number_of_lines_to_delete) + " lines from end of CA File")
+ exit(0)
+ outfile.seek(-1, os.SEEK_CUR)
+ else:
+ print("No DR cert in CA File to remove")
+
+ if count < number_of_lines_to_delete + 1:
+ print("Number of lines in file less than number of lines to delete. Exiting...")
+ exit(1)
diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py
deleted file mode 100644
index 0d76e224..00000000
--- a/scripts/dmaap-datarouter/update_ca.py
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-
-import certifi
-import os
-
-cafile = certifi.where()
-dir_path = os.path.dirname(os.path.realpath(__file__))
-datarouter_ca = dir_path + '/datarouterCA.crt'
-with open(datarouter_ca, 'rb') as infile:
- customca = infile.read()
-
-with open(cafile, 'ab') as outfile:
- outfile.write(customca)
-
-print("Added DR Cert to CA")