aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authoreconwar <conor.ward@est.tech>2019-01-25 12:05:45 +0000
committereconwar <conor.ward@est.tech>2019-01-25 12:05:45 +0000
commit3acb57a71cf6ce59eae11883277e1915759b7606 (patch)
treea21ca8d74de17afd76d3b4224e6df94898481edb /scripts
parenteb87542dbdaf427039eb6e963ee78bbd07ce551b (diff)
Add DR suite that verifies security certs
Change-Id: I75e28171bc5999e8e19f5ca9a236e0a1d17a5a38 Issue-ID: DMAAP-1004 Signed-off-by: econwar <conor.ward@est.tech>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/dmaap-datarouter/datarouterCA.crt39
-rw-r--r--scripts/dmaap-datarouter/remove_cert_from_ca.py51
-rw-r--r--scripts/dmaap-datarouter/update_ca.py33
3 files changed, 123 insertions, 0 deletions
diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt
new file mode 100644
index 00000000..a8a0ed84
--- /dev/null
+++ b/scripts/dmaap-datarouter/datarouterCA.crt
@@ -0,0 +1,39 @@
+
+# Issuer: C=US,O=ONAP,OU=OSAAF
+# Subject: C=US,O=ONAP,OU=OSAAF
+# Label: ""
+# Serial: 0x9EAEEDC0A7CEB59D
+# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F
+# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B
+# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/scripts/dmaap-datarouter/remove_cert_from_ca.py b/scripts/dmaap-datarouter/remove_cert_from_ca.py
new file mode 100644
index 00000000..192e274f
--- /dev/null
+++ b/scripts/dmaap-datarouter/remove_cert_from_ca.py
@@ -0,0 +1,51 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+import certifi
+import os
+
+cafile = certifi.where()
+number_of_lines_to_delete = 39
+count = 0
+dr_cert_exists = False
+
+with open(cafile, 'r+b', buffering=0) as outfile:
+ for line in outfile.readlines()[-35:-34]:
+ if "# Serial: 0x9EAEEDC0A7CEB59D" in line:
+ dr_cert_exists = True
+ if dr_cert_exists:
+ outfile.seek(0, os.SEEK_END)
+ end = outfile.tell()
+ while outfile.tell() > 0:
+ outfile.seek(-1, os.SEEK_CUR)
+ char = outfile.read(1)
+ if char == b'\n':
+ count += 1
+ if count == number_of_lines_to_delete:
+ outfile.truncate()
+ print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File")
+ exit(0)
+ outfile.seek(-1, os.SEEK_CUR)
+ else:
+ print("No DR cert in CA File to remove")
+
+if count < number_of_lines_to_delete + 1:
+ print("Number of lines in file less than number of lines to delete. Exiting...")
+ exit(1)
diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py
new file mode 100644
index 00000000..0d76e224
--- /dev/null
+++ b/scripts/dmaap-datarouter/update_ca.py
@@ -0,0 +1,33 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+import certifi
+import os
+
+cafile = certifi.where()
+dir_path = os.path.dirname(os.path.realpath(__file__))
+datarouter_ca = dir_path + '/datarouterCA.crt'
+with open(datarouter_ca, 'rb') as infile:
+ customca = infile.read()
+
+with open(cafile, 'ab') as outfile:
+ outfile.write(customca)
+
+print("Added DR Cert to CA")