diff options
Diffstat (limited to 'plans/aaf')
-rw-r--r-- | plans/aaf/certservice/certs/Makefile | 110 | ||||
-rw-r--r-- | plans/aaf/certservice/cmpServers.json | 24 | ||||
-rw-r--r-- | plans/aaf/certservice/docker-compose.yml | 47 | ||||
-rwxr-xr-x | plans/aaf/certservice/scripts/ejbca-configuration.sh | 19 | ||||
-rw-r--r-- | plans/aaf/certservice/setup.sh | 109 | ||||
-rw-r--r-- | plans/aaf/certservice/teardown.sh | 25 | ||||
-rwxr-xr-x | plans/aaf/certservice/testplan.txt | 3 |
7 files changed, 0 insertions, 337 deletions
diff --git a/plans/aaf/certservice/certs/Makefile b/plans/aaf/certservice/certs/Makefile deleted file mode 100644 index 126e0533..00000000 --- a/plans/aaf/certservice/certs/Makefile +++ /dev/null @@ -1,110 +0,0 @@ -all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 -.PHONY: all -#Clear certificates -clear: - @echo "Clear certificates" - rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 - @echo "#####done#####" - -#Generate root private and public keys -step_1: - @echo "Generate root private and public keys" - keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ - -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ - -storepass secret -ext BasicConstraints:critical="ca:true" - @echo "#####done#####" - -#Export public key as certificate -step_2: - @echo "(Export public key as certificate)" - keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc - @echo "#####done#####" - -#Self-signed root (import root certificate into truststore) -step_3: - @echo "(Self-signed root (import root certificate into truststore))" - keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt - @echo "#####done#####" - -#Generate certService's client private and public keys -step_4: - @echo "Generate certService's client private and public keys" - keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ - -keystore certServiceClient-keystore.jks -storetype JKS \ - -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ - -keypass secret -storepass secret - @echo "####done####" - -#Generate certificate signing request for certService's client -step_5: - @echo "Generate certificate signing request for certService's client" - keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr - @echo "####done####" - -#Sign certService's client certificate by root CA -step_6: - @echo "Sign certService's client certificate by root CA" - keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ - -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" - @echo "####done####" - -#Import root certificate into client -step_7: - @echo "Import root certificate into intermediate" - cat root.crt >> certServiceClientByRoot.crt - @echo "####done####" - -#Import signed certificate into certService's client -step_8: - @echo "Import signed certificate into certService's client" - keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt - @echo "####done####" - -#Generate certService private and public keys -step_9: - @echo "Generate certService private and public keys" - keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \ - -keystore certServiceServer-keystore.jks -storetype JKS \ - -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ - -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" - @echo "####done####" - -#Generate certificate signing request for certService -step_10: - @echo "Generate certificate signing request for certService" - keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr - @echo "####done####" - -#Sign certService certificate by root CA -step_11: - @echo "Sign certService certificate by root CA" - keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ - -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ - -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost" - @echo "####done####" - -#Import root certificate into server -step_12: - @echo "Import root certificate into intermediate(server)" - cat root.crt >> certServiceServerByRoot.crt - @echo "####done####" - -#Import signed certificate into certService -step_13: - @echo "Import signed certificate into certService" - keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \ - -storepass secret -noprompt - @echo "####done####" - -#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) -step_14: - @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" - keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ - -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret - @echo "#####done#####" - -#Clear unused certificates -step_15: - @echo "Clear unused certificates" - rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr - @echo "#####done#####" diff --git a/plans/aaf/certservice/cmpServers.json b/plans/aaf/certservice/cmpServers.json deleted file mode 100644 index d6557c52..00000000 --- a/plans/aaf/certservice/cmpServers.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "cmpv2Servers": [ - { - "caName": "Client", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - }, - { - "caName": "RA", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - } - ] -} diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml deleted file mode 100644 index dcac7df0..00000000 --- a/plans/aaf/certservice/docker-compose.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: "2.1" - -services: - ejbca: - image: primekey/ejbca-ce:6.15.2.5 - hostname: cahostname - container_name: aafcert-ejbca - ports: - - "80:8080" - - "443:8443" - volumes: - - $SCRIPTS_PATH:/opt/primekey/scripts - healthcheck: - test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] - interval: 20s - timeout: 3s - retries: 9 - networks: - - certservice - - aaf-cert-service: - image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest - volumes: - - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json - - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks - - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt - - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks - - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 - container_name: aafcert-service - ports: - - "8443:8443" - depends_on: - ejbca: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"] - interval: 10s - timeout: 3s - retries: 15 - networks: - - certservice - - -networks: - certservice: - driver: bridge - diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh deleted file mode 100755 index 77f5c555..00000000 --- a/plans/aaf/certservice/scripts/ejbca-configuration.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -configureEjbca() { - ejbca.sh config cmp addalias --alias cmpRA - ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra - ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe - ejbca.sh config cmp dumpalias --alias cmpRA - ejbca.sh config cmp addalias --alias cmp - ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true - ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe - ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED - ejbca.sh ra setclearpwd --username Node123 --password mypassword - ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN - ejbca.sh config cmp dumpalias --alias cmp - ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem -} - -configureEjbca diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh deleted file mode 100644 index 1200e964..00000000 --- a/plans/aaf/certservice/setup.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash -# -# Copyright 2020 Nokia. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# ------------------------------------ -# Resolve path to script's directory and cmp servers configuration - -SCRIPT=`realpath $0` -CURRENT_WORKDIR_PATH=`dirname $SCRIPT` -PROJECT_DIRECTORY="plans/aaf/certservice" - -SCRIPTS_DIRECTORY="scripts" - -JENKINS_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$SCRIPTS_DIRECTORY" -LOCAL_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY" - -# ------------------------------------ -#Prepare enviroment for client -#install docker sdk -echo "Uninstall docker-py and reinstall docker." -pip uninstall -y docker-py -pip uninstall -y docker -pip install -U docker==2.7.0 - -#reinstall pyopenssl library -echo "Reinstall pyopenssl library." -pip uninstall pyopenssl -y -pip install pyopenssl==17.5.0 - -#install pyjks for .jks files management -pip install pyjks - -#Disable proxy - for local run -unset http_proxy https_proxy - -#export container name -export ClientContainerName=CertServiceClient -# ------------------------------------ - -if test -d "$JENKINS_SCRIPTS_PATH"; then - SCRIPTS_PATH=$JENKINS_SCRIPTS_PATH -else test -f "$LOCAL_SCRIPTS_PATH"; - SCRIPTS_PATH=$LOCAL_SCRIPTS_PATH -fi -echo "Use scripts from: $SCRIPTS_PATH" - -CONFIGURATION_FILE="cmpServers.json" - -JENKINS_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$CONFIGURATION_FILE" -LOCAL_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE" - -if test -f "$JENKINS_CONFIGURATION_PATH"; then - CONFIGURATION_PATH="$JENKINS_CONFIGURATION_PATH" -else test -f "$LOCAL_CONFIGURATION_PATH"; - CONFIGURATION_PATH=$LOCAL_CONFIGURATION_PATH -fi -echo "Use configuration from: $CONFIGURATION_PATH" - -# ------------------------------------- - -export CONFIGURATION_PATH=${CONFIGURATION_PATH} -export SCRIPTS_PATH=${SCRIPTS_PATH} - -#Generate keystores, truststores, certificates and keys -mkdir -p ${WORKSPACE}/tests/aaf/certservice/assets/certs/ -make all -C ./certs/ -cp ${WORKSPACE}/plans/aaf/certservice/certs/root.crt ${WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt -echo "Generated keystores" -openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt -echo "Generated server certificate" -openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key -echo "Generated server key" - -docker-compose up -d - -AAFCERT_IP='none' -# Wait container ready -for i in {1..9} -do - AAFCERT_IP=`get-instance-ip.sh aafcert-service` - RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \ - python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]') - if [[ "$RESP_CODE" == "UP" ]]; then - echo 'AAF Cert Service is ready' - export AAFCERT_IP=${AAFCERT_IP} - docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh - break - fi - echo 'Waiting for AAF Cert Service to start up...' - sleep 30s -done - -if [ "$AAFCERT_IP" == 'none' -o "$AAFCERT_IP" == '' ]; then - echo "AAF Cert Service is not ready!" - exit 1 # Return error code -fi diff --git a/plans/aaf/certservice/teardown.sh b/plans/aaf/certservice/teardown.sh deleted file mode 100644 index 71e20b7c..00000000 --- a/plans/aaf/certservice/teardown.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# -# Copyright 2017 ZTE, Inc. and others. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -docker-compose down - -make clear -C ./certs/ -echo "Removed old keystores" -rm -rf ${WORKSPACE}/tests/aaf/certservice/assets/certs -echo "Removed old certificates" - -kill-instance.sh ${ClientContainerName}
\ No newline at end of file diff --git a/plans/aaf/certservice/testplan.txt b/plans/aaf/certservice/testplan.txt deleted file mode 100755 index 270fc6d4..00000000 --- a/plans/aaf/certservice/testplan.txt +++ /dev/null @@ -1,3 +0,0 @@ -# Test suites are relative paths under [integration/csit.git]/tests/. -# Place the suites in run order. -aaf/certservice |