From 3acb57a71cf6ce59eae11883277e1915759b7606 Mon Sep 17 00:00:00 2001
From: econwar <conor.ward@est.tech>
Date: Fri, 25 Jan 2019 12:05:45 +0000
Subject: Add DR suite that verifies security certs

Change-Id: I75e28171bc5999e8e19f5ca9a236e0a1d17a5a38
Issue-ID: DMAAP-1004
Signed-off-by: econwar <conor.ward@est.tech>
---
 scripts/dmaap-datarouter/datarouterCA.crt       | 39 +++++++++++++++++++
 scripts/dmaap-datarouter/remove_cert_from_ca.py | 51 +++++++++++++++++++++++++
 scripts/dmaap-datarouter/update_ca.py           | 33 ++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 scripts/dmaap-datarouter/datarouterCA.crt
 create mode 100644 scripts/dmaap-datarouter/remove_cert_from_ca.py
 create mode 100644 scripts/dmaap-datarouter/update_ca.py

(limited to 'scripts/dmaap-datarouter')

diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt
new file mode 100644
index 00000000..a8a0ed84
--- /dev/null
+++ b/scripts/dmaap-datarouter/datarouterCA.crt
@@ -0,0 +1,39 @@
+
+# Issuer: C=US,O=ONAP,OU=OSAAF
+# Subject: C=US,O=ONAP,OU=OSAAF
+# Label: ""
+# Serial: 0x9EAEEDC0A7CEB59D
+# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F
+# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B
+# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/scripts/dmaap-datarouter/remove_cert_from_ca.py b/scripts/dmaap-datarouter/remove_cert_from_ca.py
new file mode 100644
index 00000000..192e274f
--- /dev/null
+++ b/scripts/dmaap-datarouter/remove_cert_from_ca.py
@@ -0,0 +1,51 @@
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+import certifi
+import os
+
+cafile = certifi.where()
+number_of_lines_to_delete = 39
+count = 0
+dr_cert_exists = False
+
+with open(cafile, 'r+b', buffering=0) as outfile:
+    for line in outfile.readlines()[-35:-34]:
+        if "# Serial: 0x9EAEEDC0A7CEB59D" in line:
+            dr_cert_exists = True
+    if dr_cert_exists:
+        outfile.seek(0, os.SEEK_END)
+        end = outfile.tell()
+        while outfile.tell() > 0:
+            outfile.seek(-1, os.SEEK_CUR)
+            char = outfile.read(1)
+            if char == b'\n':
+                count += 1
+            if count == number_of_lines_to_delete:
+                outfile.truncate()
+                print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File")
+                exit(0)
+            outfile.seek(-1, os.SEEK_CUR)
+    else:
+        print("No DR cert in CA File to remove")
+
+if count < number_of_lines_to_delete + 1:
+    print("Number of lines in file less than number of lines to delete. Exiting...")
+    exit(1)
diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py
new file mode 100644
index 00000000..0d76e224
--- /dev/null
+++ b/scripts/dmaap-datarouter/update_ca.py
@@ -0,0 +1,33 @@
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+import certifi
+import os
+
+cafile = certifi.where()
+dir_path = os.path.dirname(os.path.realpath(__file__))
+datarouter_ca = dir_path + '/datarouterCA.crt'
+with open(datarouter_ca, 'rb') as infile:
+    customca = infile.read()
+
+with open(cafile, 'ab') as outfile:
+    outfile.write(customca)
+
+print("Added DR Cert to CA")
-- 
cgit 1.2.3-korg