diff options
author | econwar <conor.ward@est.tech> | 2019-01-25 12:05:45 +0000 |
---|---|---|
committer | econwar <conor.ward@est.tech> | 2019-01-25 12:05:45 +0000 |
commit | 3acb57a71cf6ce59eae11883277e1915759b7606 (patch) | |
tree | a21ca8d74de17afd76d3b4224e6df94898481edb /scripts | |
parent | eb87542dbdaf427039eb6e963ee78bbd07ce551b (diff) |
Add DR suite that verifies security certs
Change-Id: I75e28171bc5999e8e19f5ca9a236e0a1d17a5a38
Issue-ID: DMAAP-1004
Signed-off-by: econwar <conor.ward@est.tech>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/dmaap-datarouter/datarouterCA.crt | 39 | ||||
-rw-r--r-- | scripts/dmaap-datarouter/remove_cert_from_ca.py | 51 | ||||
-rw-r--r-- | scripts/dmaap-datarouter/update_ca.py | 33 |
3 files changed, 123 insertions, 0 deletions
diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt new file mode 100644 index 00000000..a8a0ed84 --- /dev/null +++ b/scripts/dmaap-datarouter/datarouterCA.crt @@ -0,0 +1,39 @@ + +# Issuer: C=US,O=ONAP,OU=OSAAF +# Subject: C=US,O=ONAP,OU=OSAAF +# Label: "" +# Serial: 0x9EAEEDC0A7CEB59D +# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F +# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B +# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/scripts/dmaap-datarouter/remove_cert_from_ca.py b/scripts/dmaap-datarouter/remove_cert_from_ca.py new file mode 100644 index 00000000..192e274f --- /dev/null +++ b/scripts/dmaap-datarouter/remove_cert_from_ca.py @@ -0,0 +1,51 @@ +# +# ============LICENSE_START======================================================= +# Copyright (C) 2019 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# + +import certifi +import os + +cafile = certifi.where() +number_of_lines_to_delete = 39 +count = 0 +dr_cert_exists = False + +with open(cafile, 'r+b', buffering=0) as outfile: + for line in outfile.readlines()[-35:-34]: + if "# Serial: 0x9EAEEDC0A7CEB59D" in line: + dr_cert_exists = True + if dr_cert_exists: + outfile.seek(0, os.SEEK_END) + end = outfile.tell() + while outfile.tell() > 0: + outfile.seek(-1, os.SEEK_CUR) + char = outfile.read(1) + if char == b'\n': + count += 1 + if count == number_of_lines_to_delete: + outfile.truncate() + print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File") + exit(0) + outfile.seek(-1, os.SEEK_CUR) + else: + print("No DR cert in CA File to remove") + +if count < number_of_lines_to_delete + 1: + print("Number of lines in file less than number of lines to delete. Exiting...") + exit(1) diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py new file mode 100644 index 00000000..0d76e224 --- /dev/null +++ b/scripts/dmaap-datarouter/update_ca.py @@ -0,0 +1,33 @@ +# +# ============LICENSE_START======================================================= +# Copyright (C) 2019 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# + +import certifi +import os + +cafile = certifi.where() +dir_path = os.path.dirname(os.path.realpath(__file__)) +datarouter_ca = dir_path + '/datarouterCA.crt' +with open(datarouter_ca, 'rb') as infile: + customca = infile.read() + +with open(cafile, 'ab') as outfile: + outfile.write(customca) + +print("Added DR Cert to CA") |