aboutsummaryrefslogtreecommitdiffstats
path: root/plans/aaf
diff options
context:
space:
mode:
Diffstat (limited to 'plans/aaf')
-rw-r--r--plans/aaf/certservice/certs/Makefile110
-rw-r--r--plans/aaf/certservice/cmpServers.json24
-rw-r--r--plans/aaf/certservice/docker-compose.yml47
-rwxr-xr-xplans/aaf/certservice/scripts/ejbca-configuration.sh19
-rw-r--r--plans/aaf/certservice/setup.sh109
-rw-r--r--plans/aaf/certservice/teardown.sh25
-rwxr-xr-xplans/aaf/certservice/testplan.txt3
7 files changed, 0 insertions, 337 deletions
diff --git a/plans/aaf/certservice/certs/Makefile b/plans/aaf/certservice/certs/Makefile
deleted file mode 100644
index 126e0533..00000000
--- a/plans/aaf/certservice/certs/Makefile
+++ /dev/null
@@ -1,110 +0,0 @@
-all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15
-.PHONY: all
-#Clear certificates
-clear:
- @echo "Clear certificates"
- rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
- @echo "#####done#####"
-
-#Generate root private and public keys
-step_1:
- @echo "Generate root private and public keys"
- keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
- -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
- -storepass secret -ext BasicConstraints:critical="ca:true"
- @echo "#####done#####"
-
-#Export public key as certificate
-step_2:
- @echo "(Export public key as certificate)"
- keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
- @echo "#####done#####"
-
-#Self-signed root (import root certificate into truststore)
-step_3:
- @echo "(Self-signed root (import root certificate into truststore))"
- keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
- @echo "#####done#####"
-
-#Generate certService's client private and public keys
-step_4:
- @echo "Generate certService's client private and public keys"
- keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \
- -keystore certServiceClient-keystore.jks -storetype JKS \
- -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret
- @echo "####done####"
-
-#Generate certificate signing request for certService's client
-step_5:
- @echo "Generate certificate signing request for certService's client"
- keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
- @echo "####done####"
-
-#Sign certService's client certificate by root CA
-step_6:
- @echo "Sign certService's client certificate by root CA"
- keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
- -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
- @echo "####done####"
-
-#Import root certificate into client
-step_7:
- @echo "Import root certificate into intermediate"
- cat root.crt >> certServiceClientByRoot.crt
- @echo "####done####"
-
-#Import signed certificate into certService's client
-step_8:
- @echo "Import signed certificate into certService's client"
- keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
- @echo "####done####"
-
-#Generate certService private and public keys
-step_9:
- @echo "Generate certService private and public keys"
- keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
- -keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
- @echo "####done####"
-
-#Generate certificate signing request for certService
-step_10:
- @echo "Generate certificate signing request for certService"
- keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
- @echo "####done####"
-
-#Sign certService certificate by root CA
-step_11:
- @echo "Sign certService certificate by root CA"
- keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
- -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
- @echo "####done####"
-
-#Import root certificate into server
-step_12:
- @echo "Import root certificate into intermediate(server)"
- cat root.crt >> certServiceServerByRoot.crt
- @echo "####done####"
-
-#Import signed certificate into certService
-step_13:
- @echo "Import signed certificate into certService"
- keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
- -storepass secret -noprompt
- @echo "####done####"
-
-#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
-step_14:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
- -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Clear unused certificates
-step_15:
- @echo "Clear unused certificates"
- rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
- @echo "#####done#####"
diff --git a/plans/aaf/certservice/cmpServers.json b/plans/aaf/certservice/cmpServers.json
deleted file mode 100644
index d6557c52..00000000
--- a/plans/aaf/certservice/cmpServers.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "cmpv2Servers": [
- {
- "caName": "Client",
- "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
- "caMode": "CLIENT",
- "authentication": {
- "iak": "mypassword",
- "rv": "mypassword"
- }
- },
- {
- "caName": "RA",
- "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
- "caMode": "RA",
- "authentication": {
- "iak": "mypassword",
- "rv": "mypassword"
- }
- }
- ]
-}
diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml
deleted file mode 100644
index dcac7df0..00000000
--- a/plans/aaf/certservice/docker-compose.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-version: "2.1"
-
-services:
- ejbca:
- image: primekey/ejbca-ce:6.15.2.5
- hostname: cahostname
- container_name: aafcert-ejbca
- ports:
- - "80:8080"
- - "443:8443"
- volumes:
- - $SCRIPTS_PATH:/opt/primekey/scripts
- healthcheck:
- test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
- interval: 20s
- timeout: 3s
- retries: 9
- networks:
- - certservice
-
- aaf-cert-service:
- image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
- volumes:
- - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json
- - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
- - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
- - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
- - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
- container_name: aafcert-service
- ports:
- - "8443:8443"
- depends_on:
- ejbca:
- condition: service_healthy
- healthcheck:
- test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
- interval: 10s
- timeout: 3s
- retries: 15
- networks:
- - certservice
-
-
-networks:
- certservice:
- driver: bridge
-
diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh
deleted file mode 100755
index 77f5c555..00000000
--- a/plans/aaf/certservice/scripts/ejbca-configuration.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-configureEjbca() {
- ejbca.sh config cmp addalias --alias cmpRA
- ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
- ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
- ejbca.sh config cmp dumpalias --alias cmpRA
- ejbca.sh config cmp addalias --alias cmp
- ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
- ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
- ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED
- ejbca.sh ra setclearpwd --username Node123 --password mypassword
- ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
- ejbca.sh config cmp dumpalias --alias cmp
- ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
-}
-
-configureEjbca
diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh
deleted file mode 100644
index 1200e964..00000000
--- a/plans/aaf/certservice/setup.sh
+++ /dev/null
@@ -1,109 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2020 Nokia.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# ------------------------------------
-# Resolve path to script's directory and cmp servers configuration
-
-SCRIPT=`realpath $0`
-CURRENT_WORKDIR_PATH=`dirname $SCRIPT`
-PROJECT_DIRECTORY="plans/aaf/certservice"
-
-SCRIPTS_DIRECTORY="scripts"
-
-JENKINS_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$SCRIPTS_DIRECTORY"
-LOCAL_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY"
-
-# ------------------------------------
-#Prepare enviroment for client
-#install docker sdk
-echo "Uninstall docker-py and reinstall docker."
-pip uninstall -y docker-py
-pip uninstall -y docker
-pip install -U docker==2.7.0
-
-#reinstall pyopenssl library
-echo "Reinstall pyopenssl library."
-pip uninstall pyopenssl -y
-pip install pyopenssl==17.5.0
-
-#install pyjks for .jks files management
-pip install pyjks
-
-#Disable proxy - for local run
-unset http_proxy https_proxy
-
-#export container name
-export ClientContainerName=CertServiceClient
-# ------------------------------------
-
-if test -d "$JENKINS_SCRIPTS_PATH"; then
- SCRIPTS_PATH=$JENKINS_SCRIPTS_PATH
-else test -f "$LOCAL_SCRIPTS_PATH";
- SCRIPTS_PATH=$LOCAL_SCRIPTS_PATH
-fi
-echo "Use scripts from: $SCRIPTS_PATH"
-
-CONFIGURATION_FILE="cmpServers.json"
-
-JENKINS_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$CONFIGURATION_FILE"
-LOCAL_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE"
-
-if test -f "$JENKINS_CONFIGURATION_PATH"; then
- CONFIGURATION_PATH="$JENKINS_CONFIGURATION_PATH"
-else test -f "$LOCAL_CONFIGURATION_PATH";
- CONFIGURATION_PATH=$LOCAL_CONFIGURATION_PATH
-fi
-echo "Use configuration from: $CONFIGURATION_PATH"
-
-# -------------------------------------
-
-export CONFIGURATION_PATH=${CONFIGURATION_PATH}
-export SCRIPTS_PATH=${SCRIPTS_PATH}
-
-#Generate keystores, truststores, certificates and keys
-mkdir -p ${WORKSPACE}/tests/aaf/certservice/assets/certs/
-make all -C ./certs/
-cp ${WORKSPACE}/plans/aaf/certservice/certs/root.crt ${WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
-echo "Generated keystores"
-openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
-echo "Generated server certificate"
-openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
-echo "Generated server key"
-
-docker-compose up -d
-
-AAFCERT_IP='none'
-# Wait container ready
-for i in {1..9}
-do
- AAFCERT_IP=`get-instance-ip.sh aafcert-service`
- RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \
- python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]')
- if [[ "$RESP_CODE" == "UP" ]]; then
- echo 'AAF Cert Service is ready'
- export AAFCERT_IP=${AAFCERT_IP}
- docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
- break
- fi
- echo 'Waiting for AAF Cert Service to start up...'
- sleep 30s
-done
-
-if [ "$AAFCERT_IP" == 'none' -o "$AAFCERT_IP" == '' ]; then
- echo "AAF Cert Service is not ready!"
- exit 1 # Return error code
-fi
diff --git a/plans/aaf/certservice/teardown.sh b/plans/aaf/certservice/teardown.sh
deleted file mode 100644
index 71e20b7c..00000000
--- a/plans/aaf/certservice/teardown.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2017 ZTE, Inc. and others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-docker-compose down
-
-make clear -C ./certs/
-echo "Removed old keystores"
-rm -rf ${WORKSPACE}/tests/aaf/certservice/assets/certs
-echo "Removed old certificates"
-
-kill-instance.sh ${ClientContainerName} \ No newline at end of file
diff --git a/plans/aaf/certservice/testplan.txt b/plans/aaf/certservice/testplan.txt
deleted file mode 100755
index 270fc6d4..00000000
--- a/plans/aaf/certservice/testplan.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-# Test suites are relative paths under [integration/csit.git]/tests/.
-# Place the suites in run order.
-aaf/certservice