Adjust PNF simulator to use CertService from OOM repo

Issue-ID: INT-1730
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: Ica77a1099847e3b4c2670b6567416de75d6e2f45

7 files changed, 34 insertions, 40 deletions

diff --git a/netconfsimulator/Dockerfile_netopeer b/netconfsimulator/Dockerfile_netopeer
index ad8db7c..4d15392 100644
--- a/netconfsimulator/Dockerfile_netopeer
+++ b/netconfsimulator/Dockerfile_netopeer
@@ -1,4 +1,4 @@
-FROM docker.io/sysrepo/sysrepo-netopeer2:v0.7.7
+FROM docker.io/sysrepo/sysrepo-netopeer2:legacy
 ADD apt.conf /etc/apt/apt.conf
 RUN apt-get update &&  apt-get install -y python3 python3-pip python-pip && pip3 install flask flask_restful kafka-python && pip install kafka-python
 RUN cd /opt/dev/sysrepo && cmake -DGEN_PYTHON_VERSION=2 -DREPOSITORY_LOC:PATH=/etc/sysrepo . && make install
diff --git a/sanitycheck/pnfsimulator-secured/Makefile b/sanitycheck/pnfsimulator-secured/Makefile
index 92a9e1e..3783fbe 100644
--- a/sanitycheck/pnfsimulator-secured/Makefile
+++ b/sanitycheck/pnfsimulator-secured/Makefile
@@ -15,7 +15,7 @@ clean-pnfsim-with-certman-setup:
 	docker-compose -f docker-compose-certman.yml down
 
 clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean-client-volume
-	docker rm -f aafcert-ejbca || true
+	docker rm -f oomcert-ejbca || true
 	docker-compose -f docker-compose-certservice.yml down
 	docker-compose -f docker-compose-ves.yml down
 
@@ -23,7 +23,7 @@ clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean-
 	docker run \
 		-d \
 		--rm \
-		--name aafcert-ejbca \
+		--name oomcert-ejbca \
 		--hostname cahostname \
  		-p 80:8080 \
  		-p 443:8443 \
@@ -35,7 +35,7 @@ clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean-
 		primekey/ejbca-ce:6.15.2.5
 
 --configure-ejbca:
-	docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+	docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
 
 --create-client-volume:
 	mkdir -p ./certservice/client-resources/client-volume -m 777
@@ -54,4 +54,4 @@ clean-pnfsim-with-certservice-setup: --clean-certservice-internal-certs --clean-
 
 --wait-for-ejbca:
 	@echo 'Waiting for EJBCA...'
-	until docker container inspect aafcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done
+	until docker container inspect oomcert-ejbca | grep '"Status": "healthy"'; do sleep 3; done
diff --git a/sanitycheck/pnfsimulator-secured/README.md b/sanitycheck/pnfsimulator-secured/README.md
index 661806b..6a2cb37 100644
--- a/sanitycheck/pnfsimulator-secured/README.md
+++ b/sanitycheck/pnfsimulator-secured/README.md
@@ -9,7 +9,7 @@ chosen source.
 Makefile offers functionalities that allows to:    
 
     * Run PNF simulator with fetching certs from AAF Certman
-    * Run PNF simulator with fetching certs from AAF Certservice (CMPv2)
+    * Run PNF simulator with fetching certs from OOM Certservice (CMPv2)
 
 ## Fetching from AAF Certman
 ### Description
@@ -103,7 +103,7 @@ To remove pnf-simulator containers use:
 make clean-pnfsim-with-certman-setup
 ```
 
-## Fetching certificates from AAF Certservice (CMPv2)
+## Fetching certificates from OOM Certservice (CMPv2)
 ### Description
 
 Running Makefile with Certservice target will start the following flow:
diff --git a/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile b/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile
index d6c3855..507a23c 100644
--- a/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile
+++ b/sanitycheck/pnfsimulator-secured/certservice/certs/Makefile
@@ -63,16 +63,16 @@ step_8:
 #Generate certService private and public keys
 step_9:
 	@echo "Generate certService private and public keys"
-	keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+	keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \
     -keystore certServiceServer-keystore.jks -storetype JKS \
-    -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
     -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
 	@echo "####done####"
 
 #Generate certificate signing request for certService
 step_10:
 	@echo "Generate certificate signing request for certService"
-	keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
+	keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
 	@echo "####done####"
 
 #Sign certService certificate by root CA
@@ -80,7 +80,7 @@ step_11:
 	@echo "Sign certService certificate by root CA"
 	keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
     -outfile certServiceServerByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth" \
-    -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
+    -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
 	@echo "####done####"
 
 #Import root certificate into server
@@ -92,7 +92,7 @@ step_12:
 #Import signed certificate into certService
 step_13:
 	@echo "Import signed certificate into certService"
-	keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
+	keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
     -storepass secret -noprompt
 	@echo "####done####"
 
diff --git a/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env b/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env
index bc62f1f..cda235d 100644
--- a/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env
+++ b/sanitycheck/pnfsimulator-secured/certservice/client-resources/client-configuration.env
@@ -1,8 +1,9 @@
 #Client envs
-REQUEST_URL=https://aaf-cert-service:8443/v1/certificate/
+REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
 REQUEST_TIMEOUT=10000
 OUTPUT_PATH=/var/certs
 CA_NAME=RA
+OUTPUT_TYPE=JKS
 #Csr config envs
 COMMON_NAME=onap.org
 ORGANIZATION=Linux-Foundation
@@ -10,9 +11,8 @@ ORGANIZATION_UNIT=ONAP
 LOCATION=San-Francisco
 STATE=California
 COUNTRY=US
-SANS=example.org
 #Tls config envs
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
 KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/truststore.jks
 TRUSTSTORE_PASSWORD=secret
diff --git a/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml b/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml
index 4548f04..e7d4cb6 100644
--- a/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml
+++ b/sanitycheck/pnfsimulator-secured/docker-compose-certservice.yml
@@ -10,37 +10,37 @@ networks:
 
 services:
 
-  aaf-cert-service:
-    image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
+  oom-cert-service:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
     volumes:
-      - ./certservice/certservice-resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json
-      - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
-      - ./certservice/certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
-      - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
-      - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
-    container_name: aafcert-service
+      - ./certservice/certservice-resources/cmpServers.json:/etc/onap/oom/certservice/cmpServers.json
+      - ./certservice/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+      - ./certservice/certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+      - ./certservice/certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+      - ./certservice/certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+    container_name: oomcert-service
     ports:
       - "8443:8443"
     healthcheck:
-      test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+      test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
       interval: 10s
       timeout: 3s
       retries: 15
     networks:
       - certservice-network
 
-  aaf-cert-client:
-    image: nexus3.onap.org:10003/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
-    container_name: aafcert-client
+  oom-cert-client:
+    image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+    container_name: oomcert-client
     env_file: ./certservice/client-resources/client-configuration.env
     networks:
       - certservice-network
     volumes:
     - ./certservice/client-resources/client-volume:/var/certs:rw
-    - ./certservice/certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
-    - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+    - ./certservice/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+    - ./certservice/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
     depends_on:
-      aaf-cert-service:
+      oom-cert-service:
         condition: service_healthy
 
   mongo:
@@ -76,8 +76,8 @@ services:
       - pnf-simulator-network
     command: bash -c "
       while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done
-      && mv /app/store/truststore.jks /app/store/trust.jks
-      && mv /app/store/keystore.jks /app/store/cert.p12
+      && cp /app/store/truststore.jks /app/store/trust.jks
+      && cp /app/store/keystore.jks /app/store/cert.p12
       && export CLIENT_CERT_PASS=$$(cat /app/store/keystore.pass)
       && export TRUST_CERT_PASS=$$(cat /app/store/truststore.pass)
       && java -Dspring.config.location=file:/app/application.properties  -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main
diff --git a/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml b/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml
index 85e4286..43d4f63 100644
--- a/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml
+++ b/sanitycheck/pnfsimulator-secured/docker-compose-ves.yml
@@ -8,14 +8,8 @@ services:
       - "8444:8443"
     networks:
       - vesnetwork
-    command: bash -c "
-      rm -f /opt/app/VESCollector/etc/keystore
-      && echo $$(cat /opt/app/VESCollector/etc/trustpasswordfile)
-      && keytool -importkeystore -srckeystore /opt/app/VESCollector/etc/cert.p12 -srcstorepass $$(cat /opt/app/VESCollector/etc/passwordfile) -srcstoretype pkcs12 -destkeystore /opt/app/VESCollector/etc/keystore -deststoretype jks -deststorepass $$(cat /opt/app/VESCollector/etc/passwordfile)
-      && bin/docker-entry.sh
-      "
     volumes:
-    - ./certservice/client-resources/client-volume/cert.p12:/opt/app/VESCollector/etc/cert.p12
+    - ./certservice/client-resources/client-volume/keystore.jks:/opt/app/VESCollector/etc/keystore
     - ./certservice/client-resources/client-volume/keystore.pass:/opt/app/VESCollector/etc/passwordfile
     - ./certservice/client-resources/client-volume/trust.jks:/opt/app/VESCollector/etc/truststore
     - ./certservice/client-resources/client-volume/truststore.pass:/opt/app/VESCollector/etc/trustpasswordfile