From 642053077c36de0c8a259da058061c6a0ed1e12c Mon Sep 17 00:00:00 2001 From: Bartosz Gardziejewski Date: Tue, 9 Mar 2021 08:09:45 +0100 Subject: Create base netconf-server image. Signed-off-by: Bartosz Gardziejewski Change-Id: Ie19dd81608f56a4bc7f3b732cda8eed87136bd26 Issue-ID: INT-1869 --- .gitignore | 5 + Changelog.md | 7 + Dockerfile | 10 + README.md | 81 ++++++++ docker-compose.yml | 12 ++ models/pnf-simulator.yang | 9 + pom.xml | 106 +++++++++++ scripts/generate-certificates.sh | 43 +++++ scripts/install-all-module-from-directory.sh | 37 ++++ scripts/install-tls-with-custom-certificates.sh | 37 ++++ scripts/set-up-netopeer.sh | 46 +++++ scripts/tls/set-up-tls-certificates.py | 242 ++++++++++++++++++++++++ scripts/tls/tls_keystore.xml | 36 ++++ scripts/tls/tls_listen.xml | 58 ++++++ scripts/tls/tls_truststore.xml | 36 ++++ version.properties | 6 + 16 files changed, 771 insertions(+) create mode 100644 .gitignore create mode 100644 Changelog.md create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 models/pnf-simulator.yang create mode 100644 pom.xml create mode 100755 scripts/generate-certificates.sh create mode 100755 scripts/install-all-module-from-directory.sh create mode 100755 scripts/install-tls-with-custom-certificates.sh create mode 100755 scripts/set-up-netopeer.sh create mode 100755 scripts/tls/set-up-tls-certificates.py create mode 100644 scripts/tls/tls_keystore.xml create mode 100644 scripts/tls/tls_listen.xml create mode 100644 scripts/tls/tls_truststore.xml create mode 100644 version.properties diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a092a60 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +**/*.iml +**/.idea +**/target +**/logs +**/venv diff --git a/Changelog.md b/Changelog.md new file mode 100644 index 0000000..8b5f791 --- /dev/null +++ b/Changelog.md @@ -0,0 +1,7 @@ +# Change Log +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/) +and this project adheres to [Semantic Versioning](http://semver.org/). + +## [1.0.0] - 10/03/2021 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..000e15e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/sysrepo/sysrepo-netopeer2:latest +COPY ./models /resources/models +COPY ./scripts ./scripts + +ENV ENABLE_TLS=false + +RUN mkdir -p /resources/certs && \ + ./scripts/generate-certificates.sh /resources/certs + +ENTRYPOINT ["./scripts/set-up-netopeer.sh", "/resources/models", "/resources/certs"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..23aac6c --- /dev/null +++ b/README.md @@ -0,0 +1,81 @@ +# Netconf Server +This server uses sysrepo to simulate network configuration. +It is base od sysrepo-netopeer2 image. + +## User guide +### starting server +In order to start server use docker-compose located in root catalog: +```shell + docker-compose up -d +``` +or run image using docker: +```shell + docker run -it -p 830:830 -p 6513:6513 onap/org.onap.integration.simulators.netconf-server:latest +``` + +### using server +Server allows: + - installing custom configuration models on start up. + - changing configuration of that modules on runtime. + +Config can be changed with use of **SSH, be default expose on port 830** +and **TLS, be default exposed on port 6513**. +- SSH works "out of the box" with a username and password *netconf*. +- **TLS is disabled be default**, + in order to enable it, set environment variable `ENABLE_TLS=true`. + More about TLS in ***TLS*** section. + +### custom models +new models are loaded on the image start up from catalog `/resources/models`. +Be default this directory contains `pnf-simulator.yang` model. +In order to load custom models on start up, +volume with models, should be mounted to `/resources/models` directory. +It can be done in docker-compose, by putting +`./path/to/cusom/models:/resources/models` in *volumes* section. + +### TLS +TLS in disabled be default with environment variable `ENABLE_TLS` set to false. +In order to enable TLS, that environment variable need to be set to `true` +**on container start up**. +It can be done in docker-compose, +by putting `ENABLE_TLS=true` in *environment* section. + +#### Custom certificate +When TLS is enabled server will use auto generated certificates, be default. +That certificates are generated during image build and +are located in `/resources/certs` directory. +Certificates are loaded during image start up. +**In order to use custom certs** +volume with certificates needs to be mounted to `/resources/certs` directory. +In this volume following files are required, **named accordingly**: +- **ca.crt** - CA/Root certificate +- **client.crt** - client certificate +- **server.crt** - server certificate +- **server.key** - server private key +- **server_pub.key** - server public key + + +## Development guide +### building image +In order to build image mvn command can be run: +```shell + mvn clean install -p docker +``` + +### image building process +To build image, Dockerfile is used. +During an image building: + - catalog `scripts` is copied to image home directory. + That catalog contains all scripts needed for + installing initial models and configuring TLS. + - catalog `models` is copied to image directory `/resources/models`. + That catalog contains default models + that will be installed on image start up. + - default certificates and keys for TLS are generated and + stored in `/resources/certs` directory. + - set-up-netopeer script is set to be run on image start up. + +### change log +This project contains `Changeloge.md` file. +Please update this file when change is made, +according to the guidelines. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..d9afeac --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3' + +services: + + netconf-server: + container_name: netconf-server + image: onap/org.onap.integration.simulators.netconf-server:latest + environment: + - ENABLE_TLS=true + ports: + - "830:830" + - "6513:6513" diff --git a/models/pnf-simulator.yang b/models/pnf-simulator.yang new file mode 100644 index 0000000..ba11585 --- /dev/null +++ b/models/pnf-simulator.yang @@ -0,0 +1,9 @@ +module pnf-simulator { + namespace "http://onap.org/pnf-simulator"; + prefix config; + container config { + config true; + leaf itemValue1 {type uint32;} + leaf itemValue2 {type uint32;} + } +} diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..37271bb --- /dev/null +++ b/pom.xml @@ -0,0 +1,106 @@ + + + + 4.0.0 + + + org.onap.oparent + oparent + 3.2.0 + + + org.onap.integration.simulators.nf-simulator.netconf-server + netconfserver + 1.0.0-SNAPSHOT + netconfserver + + + UTF-8 + yyyyMMdd'T'HHmmss + + true + nexus3.onap.org:10003 + 0.31.0 + latest + onap + org.onap.integration.simulators + + + + + docker + + false + + + linux + x86_64 + ${os.detected.name}-${os.detected.arch} + + + + + io.fabric8 + docker-maven-plugin + ${docker-maven-plugin.version} + + + docker-build-image + package + + build + + + + docker-push-image + deploy + + push + + + + + ${skipDockerPush} + true + IfNotPresent + + + ${docker-image.namespace}/${docker-image.name.prefix}.${project.artifactId} + ${docker.registry} + + ${project.basedir} + ${project.basedir}/Dockerfile + + ${project.version}-STAGE-${maven.build.timestamp}Z + + + + + + + + + + + + diff --git a/scripts/generate-certificates.sh b/scripts/generate-certificates.sh new file mode 100755 index 0000000..1c05172 --- /dev/null +++ b/scripts/generate-certificates.sh @@ -0,0 +1,43 @@ +#!/bin/sh +### +# ============LICENSE_START======================================================= +# Netconf-server +# ================================================================================ +# Copyright (C) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +## Set up certs path +cert_path="." +if [ "$#" -eq 1 ]; then + cert_path=$1 +fi +cd $cert_path + +## Generate self-signed CA cert and key +openssl req -nodes -newkey rsa:2048 -keyout ca.key -out ca.csr -subj "/C=US/O=ONAP/OU=OSAAF/CN=CA.NETCONF/" +openssl x509 -req -in ca.csr -signkey ca.key -days 730 -out ca.crt +rm ca.csr + +## Generate Server cert and key +openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=US/O=ONAP/OU=OSAAF/CN=CA.NETCONF.SERVER/" +openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 730 -sha256 +openssl x509 -pubkey -noout -in server.crt > server_pub.key +rm server.csrsrl + +## Generate Client cert and key +openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=US/O=ONAP/OU=OSAAF/CN=CA.NETCONF.CLIENT/" +openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 730 -sha256 +rm client.csr diff --git a/scripts/install-all-module-from-directory.sh b/scripts/install-all-module-from-directory.sh new file mode 100755 index 0000000..6644715 --- /dev/null +++ b/scripts/install-all-module-from-directory.sh @@ -0,0 +1,37 @@ +#!/bin/bash +### +# ============LICENSE_START======================================================= +# Netconf-server +# ================================================================================ +# Copyright (C) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +if [ "$#" -eq 1 ]; then + + ## Get all files from given directory with extension .yang + FILES=$1/*.yang + + ## Install all module from selected yang files + for f in $FILES + do + echo "Installing module $f" + sysrepoctl -a -i $f + cat $f + done + +else + echo "Missing argument: path to file with YANG models." +fi diff --git a/scripts/install-tls-with-custom-certificates.sh b/scripts/install-tls-with-custom-certificates.sh new file mode 100755 index 0000000..545d01b --- /dev/null +++ b/scripts/install-tls-with-custom-certificates.sh @@ -0,0 +1,37 @@ +#!/bin/bash +### +# ============LICENSE_START======================================================= +# Netconf-server +# ================================================================================ +# Copyright (C) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +if [ "$#" -eq 2 ]; then + + ## Set up custom certificates + python $1/set-up-tls-certificates.py $2 \ + ca.crt server.crt server.key server_pub.key client.crt \ + $1/tls_keystore.xml $1/tls_truststore.xml $1/tls_listen.xml + + ## Configure and start TLS listener + sysrepocfg --edit=$1/tls_keystore.xml --format=xml --datastore=running --module=ietf-keystore + sysrepocfg --edit=$1/tls_truststore.xml --format=xml --datastore=running --module=ietf-truststore + sysrepocfg --edit=$1/tls_listen.xml --format=xml --datastore=running --module=ietf-netconf-server + sysrepocfg --copy-from=running --datastore=startup + +else + echo "Missing arguments: first argument should be path to file with tls scripts and/ore second argument should be path to file with certificates for TLS." +fi diff --git a/scripts/set-up-netopeer.sh b/scripts/set-up-netopeer.sh new file mode 100755 index 0000000..f6308d0 --- /dev/null +++ b/scripts/set-up-netopeer.sh @@ -0,0 +1,46 @@ +#!/bin/bash +### +# ============LICENSE_START======================================================= +# Netconf-server +# ================================================================================ +# Copyright (C) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +if [ "$#" -ge 1 ]; then + + ## Set up variable + SCRIPTS_DIR=$PWD/"$(dirname $0)" + enable_tls=${ENABLE_TLS:-false} + + ## Install all modules from given directory + $SCRIPTS_DIR/install-all-module-from-directory.sh $1 + + ## If TLS is enabled start initializing certificates + if [[ "$enable_tls" == "true" ]]; then + if [ "$#" -ge 2 ]; then + echo "initializing TLS" + $SCRIPTS_DIR/install-tls-with-custom-certificates.sh $SCRIPTS_DIR/tls $2 + else + echo "Missing second argument: path to file with certificates for TLS." + fi + fi + + ## Run sysrepo supervisor + /usr/bin/supervisord -c /etc/supervisord.conf + +else + echo "Missing first argument: path to file with YANG models." +fi diff --git a/scripts/tls/set-up-tls-certificates.py b/scripts/tls/set-up-tls-certificates.py new file mode 100755 index 0000000..16934b5 --- /dev/null +++ b/scripts/tls/set-up-tls-certificates.py @@ -0,0 +1,242 @@ +#!/usr/bin/env python +### +# ============LICENSE_START======================================================= +# Netconf-server +# ================================================================================ +# Copyright (C) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +import os +import sys +import logging + +logging.basicConfig() +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# Placeholders definition - this needs to match placeholders in +# tls_keystore.xml, tls_truststore.xml and tls_listen.xml +# Server certification +SERVER_KEY_NAME = "SERVER_KEY_NAME" +SERVER_CERT_NAME = "SERVER_CERT_NAME" +SERVER_CERTIFICATE_HERE = "SERVER_CERTIFICATE_HERE" +SERVER_KEY_HERE = "SERVER_KEY_HERE" +SERVER_PUB_KEY_HERE = "SERVER_PUB_KEY_HERE" +# CA certification +CA_CERT_NAME = "CA_CERT_NAME" +CA_CERTIFICATE_HERE = "CA_CERTIFICATE_HERE" +# Client certification +CLIENT_CERT_NAME = "CLIENT_CERT_NAME" +CLIENT_CERTIFICATE_HERE = "CLIENT_CERTIFICATE_HERE" +CLIENT_FINGERPRINT_HERE = "CLIENT_FINGERPRINT_HERE" + + +class FileHelper(object): + @classmethod + def get_file_contents(cls, filename): + with open(filename, "r") as f: + return f.read() + + @classmethod + def write_file_contents(cls, filename, data): + with open(filename, "w+") as f: + f.write(data) + + +class CertHelper(object): + @classmethod + def get_pem_content_stripped(cls, pem_dir, pem_filename): + cmd = "cat {}/{} | grep -v '^-'".format(pem_dir, pem_filename) + content = CertHelper.system(cmd) + return content + + @classmethod + def get_cert_fingerprint(cls, directory, cert_filename): + cmd = "openssl x509 -fingerprint -noout -in {}/{} | sed -e " \ + "'s/SHA1 Fingerprint//; s/=//; s/=//p'" \ + .format(directory, cert_filename) + fingerprint = CertHelper.system(cmd) + return fingerprint + + @classmethod + def print_keystore_info(cls, server_cert): + logger.info("Will use server certificate: " + server_cert) + + @classmethod + def print_truststore_info(cls, ca_cert): + logger.info("Will use CA certificate: " + ca_cert) + + @classmethod + def print_listener_info(cls, ca_fingerprint): + logger.info("CA certificate fingerprint: " + ca_fingerprint) + + @classmethod + def system(cls, cmd): + return os.popen(cmd).read().replace("\n", "") + + +class CertificationData(object): + + def __init__(self, + cert_dir, ca_cert_filename, + server_cert_filename, server_key_filename, server_pub_key_filename, + client_cert_filename, + tls_keystore_xml_file, tls_truststore_xml_file, tls_listen_xml_file + ): + self.cert_dir = cert_dir + self.ca_cert_filename = ca_cert_filename + self.server_cert_filename = server_cert_filename + self.server_key_filename = server_key_filename + self.server_pub_key_filename = server_pub_key_filename + self.client_cert_filename = client_cert_filename + self.tls_keystore_xml_file = tls_keystore_xml_file + self.tls_truststore_xml_file = tls_truststore_xml_file + self.tls_listen_xml_file = tls_listen_xml_file + + +class TlsConfigurationPatcher(object): + + def __init__(self, certification_data): + self.certification_data = certification_data + + def patch_configuration(self): + server_cert_name, server_key_name, ca_cert_name, client_cert_name = self.__load_names() + server_cert, server_key, server_pub_key = self.__load_server_data() + client_cert, client_fingerprint = self.__load_client_data() + ca_cert = self.__load_ca_data() + + self.__set_up_keystore(server_cert_name, server_key_name, server_cert, server_key, server_pub_key) + self.__set_up_truststore(ca_cert_name, client_cert_name, ca_cert, client_cert) + self.__set_up_listener(server_cert_name, server_key_name, ca_cert_name, client_cert_name, client_fingerprint) + + def __load_names(self): + server_cert_name = self.certification_data.server_cert_filename.replace(".crt", "") + server_key_name = self.certification_data.server_key_filename.replace(".key", "") + ca_cert_name = self.certification_data.ca_cert_filename.replace(".crt", "") + client_cert_name = self.certification_data.client_cert_filename.replace(".crt", "") + return server_cert_name, server_key_name, ca_cert_name, client_cert_name + + def __load_server_data(self): + server_cert = CertHelper.get_pem_content_stripped( + self.certification_data.cert_dir, self.certification_data.server_cert_filename) + server_key = CertHelper.get_pem_content_stripped( + self.certification_data.cert_dir, self.certification_data.server_key_filename) + server_pub_key = CertHelper.get_pem_content_stripped( + self.certification_data.cert_dir, self.certification_data.server_pub_key_filename) + return server_cert, server_key, server_pub_key + + def __load_client_data(self): + client_cert = CertHelper.get_pem_content_stripped( + self.certification_data.cert_dir, self.certification_data.client_cert_filename) + client_fingerprint = CertHelper.get_cert_fingerprint( + self.certification_data.cert_dir, self.certification_data.client_cert_filename) + return client_cert, client_fingerprint + + def __load_ca_data(self): + ca_cert = CertHelper.get_pem_content_stripped( + self.certification_data.cert_dir, self.certification_data.ca_cert_filename) + return ca_cert + + def __set_up_keystore(self, + server_cert_name, server_key_name, + server_cert, server_key, server_pub_key): + CertHelper.print_keystore_info(server_cert) + + # path tls configuration xml file for keystore + data_srv = FileHelper.get_file_contents(self.certification_data.tls_keystore_xml_file) + patched_srv = self.__patch_keystore_configuration( + data_srv, server_key_name, server_cert_name, server_cert, server_key, server_pub_key) + FileHelper.write_file_contents(self.certification_data.tls_keystore_xml_file, patched_srv) + + def __set_up_truststore(self, + ca_cert_name, client_cert_name, + ca_cert, client_cert): + CertHelper.print_truststore_info(ca_cert) + + # path tls configuration xml file for truststore + data_srv = FileHelper.get_file_contents(self.certification_data.tls_truststore_xml_file) + patched_srv = self.__patch_truststore_configuration( + data_srv, ca_cert_name, client_cert_name, ca_cert, client_cert) + FileHelper.write_file_contents(self.certification_data.tls_truststore_xml_file, patched_srv) + + def __set_up_listener(self, + server_cert_name, server_key_name, ca_cert_name, client_cert_name, + client_fingerprint): + CertHelper.print_listener_info(client_fingerprint) + + # path tls configuration xml file for listener + data_srv = FileHelper.get_file_contents(self.certification_data.tls_listen_xml_file) + patched_srv = self.__patch_listener_configuration( + data_srv, ca_cert_name, client_cert_name, server_key_name, server_cert_name, client_fingerprint) + FileHelper.write_file_contents(self.certification_data.tls_listen_xml_file, patched_srv) + + @classmethod + def __patch_keystore_configuration(cls, data, + server_key_name, server_cert_name, + server_cert, server_key, server_pub_key): + data = data.replace(SERVER_KEY_NAME, server_key_name) + data = data.replace(SERVER_CERT_NAME, server_cert_name) + data = data.replace(SERVER_CERTIFICATE_HERE, server_cert) + data = data.replace(SERVER_KEY_HERE, server_key) + data = data.replace(SERVER_PUB_KEY_HERE, server_pub_key) + return data + + @classmethod + def __patch_truststore_configuration(cls, data, + ca_cert_name, client_cert_name, + ca_cert, client_cert): + data = data.replace(CA_CERT_NAME, ca_cert_name) + data = data.replace(CLIENT_CERT_NAME, client_cert_name) + data = data.replace(CLIENT_CERTIFICATE_HERE, client_cert) + data = data.replace(CA_CERTIFICATE_HERE, ca_cert) + return data + + @classmethod + def __patch_listener_configuration(cls, data, + ca_cert_name, client_cert_name, server_key_name, server_cert_name, + client_fingerprint): + data = data.replace(CA_CERT_NAME, ca_cert_name) + data = data.replace(CLIENT_CERT_NAME, client_cert_name) + data = data.replace(SERVER_KEY_NAME, server_key_name) + data = data.replace(SERVER_CERT_NAME, server_cert_name) + data = data.replace(CLIENT_FINGERPRINT_HERE, client_fingerprint) + return data + + +def main(): + if len(sys.argv) == 10: + + certification_data = CertificationData( + sys.argv[1], + sys.argv[2], sys.argv[3], sys.argv[4], + sys.argv[5], + sys.argv[6], + sys.argv[7], sys.argv[8], sys.argv[9], + ) + configuration_loader = TlsConfigurationPatcher(certification_data) + configuration_loader.patch_configuration() + logger.info("XML files patched successfully") + + else: + logger.error("Usage: %s " + " " + " " + % sys.argv[0]) + return 1 + + +if __name__ == '__main__': + main() diff --git a/scripts/tls/tls_keystore.xml b/scripts/tls/tls_keystore.xml new file mode 100644 index 0000000..01e00a8 --- /dev/null +++ b/scripts/tls/tls_keystore.xml @@ -0,0 +1,36 @@ + + + + + + SERVER_KEY_NAME + rsa2048 + SERVER_PUB_KEY_HERE + SERVER_KEY_HERE + + + SERVER_CERT_NAME + SERVER_CERTIFICATE_HERE + + + + + diff --git a/scripts/tls/tls_listen.xml b/scripts/tls/tls_listen.xml new file mode 100644 index 0000000..3d583e8 --- /dev/null +++ b/scripts/tls/tls_listen.xml @@ -0,0 +1,58 @@ + + + + + + default-tls + + + 0.0.0.0 + + 1 + 10 + 5 + + + + + + SERVER_KEY_NAME + SERVER_CERT_NAME + + + + + CA_CERT_NAME + CLIENT_CERT_NAME + + + 1 + 02:CLIENT_FINGERPRINT_HERE + x509c2n:specified + tls-test + + + + + + + + diff --git a/scripts/tls/tls_truststore.xml b/scripts/tls/tls_truststore.xml new file mode 100644 index 0000000..80c877d --- /dev/null +++ b/scripts/tls/tls_truststore.xml @@ -0,0 +1,36 @@ + + + + + CLIENT_CERT_NAME + + client_cert + CLIENT_CERTIFICATE_HERE + + + + CA_CERT_NAME + + ca_cert + CA_CERTIFICATE_HERE + + + diff --git a/version.properties b/version.properties new file mode 100644 index 0000000..2ddebb3 --- /dev/null +++ b/version.properties @@ -0,0 +1,6 @@ +major=1 +minor=0 +patch=0 +base_version=${major}.${minor}.${patch} +release_version=${base_version} +snapshot_version=${base_version}-SNAPSHOT -- cgit 1.2.3-korg