Use single PRH container with ssl configuration

Generating new certificates since the old ones have expired

Change-Id: If68ceab0bea7dbc10db647af7530b39b44729c0c
Issue-ID: INT-1076
Signed-off-by: grabinsk <maciej.grabinski@nokia.com>

2 files changed, 172 insertions, 0 deletions

diff --git a/tests/dcaegen2/prh-testcases/resources/cert_generation/create_certs.sh b/tests/dcaegen2/prh-testcases/resources/cert_generation/create_certs.sh
new file mode 100755
index 00000000..a105f1a0
--- /dev/null
+++ b/tests/dcaegen2/prh-testcases/resources/cert_generation/create_certs.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+mkdir -p private certs newcerts
+chmod 700 private
+chmod 755 certs newcerts
+touch index.txt
+echo "unique_subject = no" > index.txt.attr
+echo '01' > serial
+
+openssl genrsa -out root.key 4096
+openssl req -config openssl.conf -key root.key -new -x509 -days 36500 -sha256 -extensions v3_ca -subj /CN=RootCA/OU=OSAAF/O=ONAP/C=US -out root.crt
+
+openssl genrsa -out intermediate.key 4096
+openssl req -new -sha256 -key intermediate.key -out intermediate.csr -outform PEM -subj /CN=intermediate/OU=OSAAF/O=ONAP/C=US
+openssl ca -batch -config openssl.conf -extensions v3_intermediate_ca -days 36500 -cert root.crt -keyfile root.key -out intermediate.crt -infiles intermediate.csr
+
+#openssl genrsa -out aai.key 4096
+cp ../simulator/certs/aai.key aai.key
+openssl req -new -sha256 -key aai.key -out aai.csr -outform PEM -subj /CN=aai/OU=OSAAF/O=ONAP/C=US
+openssl ca -batch -config openssl.conf -days 36500 -cert intermediate.crt -keyfile intermediate.key -out aai.crt -policy policy_loose -infiles aai.csr
+
+
+#openssl genrsa -out dmaap-mr.key 4096
+cp ../simulator/certs/dmaap-mr.key dmaap-mr.key
+openssl req -new -sha256 -key dmaap-mr.key -out dmaap-mr.csr -outform PEM -subj /CN=dmaap-mr/OU=OSAAF/O=ONAP/C=US
+openssl ca -batch -config openssl.conf -days 36500 -cert intermediate.crt -keyfile intermediate.key -out dmaap-mr.crt -policy policy_loose -infiles dmaap-mr.csr
+
+
+openssl genrsa -out prh.key 4096
+openssl req -new -sha256 -key prh.key -out prh.csr -outform PEM -subj /CN=prh/OU=OSAAF/O=ONAP/C=US
+openssl ca -batch -config openssl.conf -extensions server_cert -days 36500 -cert intermediate.crt -keyfile intermediate.key -out prh.crt -policy policy_loose -infiles prh.csr
+
+
+cat prh.crt intermediate.crt >> merged.crt
+
+openssl pkcs12 -export -name prh-cert -in merged.crt -inkey prh.key -passout pass:$(cat ../simulator/certs/keystore.password) -out keystore.p12
+keytool -import -alias intermediate-cert -file intermediate.crt -storepass $(cat ../simulator/certs/truststore.password) -keystore truststore.jks -noprompt
+keytool -import -alias root-cert -file root.crt -storepass $(cat ../simulator/certs/truststore.password) -keystore truststore.jks -noprompt
+
+
+cp aai.crt aai.key dmaap-mr.crt dmaap-mr.key root.crt keystore.p12 truststore.jks ../simulator/certs
\ No newline at end of file
diff --git a/tests/dcaegen2/prh-testcases/resources/cert_generation/openssl.conf b/tests/dcaegen2/prh-testcases/resources/cert_generation/openssl.conf
new file mode 100644
index 00000000..40940614
--- /dev/null
+++ b/tests/dcaegen2/prh-testcases/resources/cert_generation/openssl.conf
@@ -0,0 +1,131 @@
+# OpenSSL root CA configuration file.
+# Copy to `/opt/app/osaaf/CA/openssl.cnf`.
+
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = .
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+# The root key and root certificate.
+private_key       = $dir/private/ca.key
+certificate       = $dir/certs/ca.crt
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/crl/ca.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 60
+preserve          = no
+policy            = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName             = match
+stateOrProvinceName     = optional
+organizationName        = match
+organizationalUnitName  = supplied
+commonName              = supplied
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md          = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+commonName                      = Common Name
+emailAddress                    = Email Address
+
+# Optionally, specify some defaults.
+countryName_default             =
+stateOrProvinceName_default     =
+localityName_default            =
+0.organizationName_default      =
+organizationalUnitName_default  =
+emailAddress_default            =
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server, client
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
+extendedKeyUsage = serverAuth, clientAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning