aboutsummaryrefslogtreecommitdiffstats
path: root/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh')
-rwxr-xr-xtests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh104
1 files changed, 104 insertions, 0 deletions
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
new file mode 100755
index 00000000..323f8100
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o errexit
+set -o pipefail
+set -o nounset
+[ "${SHELL_XTRACE:-false}" = "true" ] && set -o xtrace
+
+CONFIG=${CONFIG:-"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data}
+CONTAINER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' sdnc)
+ODL_URL=${ODL_URL:-http://"${CONTAINER_IP}":8282}
+PROC_NAME=${0##*/}
+PROC_NAME=${PROC_NAME%.sh}
+
+function now_ms() {
+ # Requires coreutils package
+ date +"%Y-%m-%d %H:%M:%S.%3N"
+}
+
+function log() {
+ local level=$1
+ shift
+ local message="$*"
+ printf "%s %-5s [%s] %s\n" "$(now_ms)" $level $PROC_NAME "$message"
+}
+
+# Extracts the body of a PEM file by removing the dashed header and footer
+pem_body() {
+ grep -Fv -- ----- $1
+}
+
+CA_CERT_ID=xNF_CA_certificate_0_0
+CA_CERT=$(pem_body $CONFIG/truststore.pem)
+
+SERVER_PRIV_KEY_ID=ODL_private_key_0
+SERVER_KEY=$(pem_body $CONFIG/key.pem)
+SERVER_CERT=$(pem_body $CONFIG/keystore.pem)
+
+RESTCONF_URL=$ODL_URL/restconf
+NETCONF_KEYSTORE_PATH=$RESTCONF_URL/config/netconf-keystore:keystore
+
+xcurl() {
+ curl -s -o /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -w %{http_code} "$@"
+}
+
+log INFO Delete Keystore
+sc=$(xcurl -X DELETE $NETCONF_KEYSTORE_PATH)
+
+if [ "$sc" != "200" -a "$sc" != "404" ]; then
+ log ERROR "Keystore deletion failed with SC=$sc"
+ exit 1
+fi
+
+log INFO Load CA certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+ \"trusted-certificate\": [
+ {
+ \"name\": \"$CA_CERT_ID\",
+ \"certificate\": \"$CA_CERT\"
+ }
+ ]
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+ log ERROR Trusted-certificate update failed with SC=$sc
+ exit 1
+fi
+
+log INFO Load server private key and certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+ \"private-key\": {
+ \"name\": \"$SERVER_PRIV_KEY_ID\",
+ \"certificate-chain\": [
+ \"$SERVER_CERT\"
+ ],
+ \"data\": \"$SERVER_KEY\"
+ }
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+ log ERROR Private-key update failed with SC=$sc
+ exit 1
+fi \ No newline at end of file