[OOM-CERT-SERVICE] Add curl requests to Makefile

Increase max header size (default was too low for update requests) Issue-ID: OOM-2753 Change-Id: I3614d8d34ed18ae52cec8fb4f9349e170c2ac3af Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
author: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> 2021-06-16 19:16:30 +0200
committer: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> 2021-06-30 06:49:34 +0000
commit: 27611bc9a6f855d439dbf68a2955e4651e83dd14 (patch)
tree: a3ab89fce392aa155d1c9fe3a383c0f12133a983 /README.md
parent: 1630a480ab3ac2aeb833855380be3dd89fdca248 (diff)
1 files changed, 84 insertions, 0 deletions
diff --git a/README.md b/README.md
index 2d91ee8f..ddbdfff7 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,90 @@ make run-client
 make stop-backend
 ```
 
+### Generating certificates via REST Api
+#### Requirements
+* OpenSSL
+* cURL
+* jq (for parseCertServiceResponse.sh script)
+#### Initialization Request
+1. Create Certificate Signing Request and Private Key
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/ir.key \
+	    -out ./compose-resources/certs-from-curl/ir.csr \
+	    -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+	    -addext "subjectAltName = DNS:test.onap.org"
+```
+2. Send Initialization Request
+```
+curl -s https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+        -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+        --cert ./certs/cmpv2Issuer-cert.pem \
+        --key ./certs/cmpv2Issuer-key.pem \
+        --cacert ./certs/cacert.pem
+```
+to parse the response pipe the output to `parseCertserviceResponse.sh` script, providing prefix as argument
+```
+curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+        -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+        --cert ./certs/cmpv2Issuer-cert.pem \
+        --key ./certs/cmpv2Issuer-key.pem \
+        --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
+```
+
+#### Update Request
+1. Create Certificate Signing Request and Private Key - same as for Initialization Request.
+When CSR data (like Subject and SANS) is unchanged, Key Update Request will be performed.
+Otherwise Certification Request will be performed. 
+Example for KUR:
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/kur.key \
+-out ./compose-resources/certs-from-curl/kur.csr \
+-subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+-addext "subjectAltName = DNS:test.onap.org"
+```
+Example for CR:
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/cr.key \
+-out ./compose-resources/certs-from-curl/cr.csr \
+-subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
+-addext "subjectAltName = DNS:test.onap.org"
+```
+2. Send Update Request.
+Example for KUR:
+```
+curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
+	    -H "CSR: $(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
+	    -H "OLDPK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+	    -H "OLDCERT: $(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+	    --cert ./certs/cmpv2Issuer-cert.pem \
+	    --key ./certs/cmpv2Issuer-key.pem \
+	    --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
+```
+Example CR:
+```
+curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
+	    -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
+	    -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+	    -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+	    --cert ./certs/cmpv2Issuer-cert.pem \
+	    --key ./certs/cmpv2Issuer-key.pem \
+	    --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
+```
+
+#### Using makefile
+1. Perform Initialization Request:
+```
+make send-initialization-request
+```
+2. Perform Update Request:
+```
+make send-key-update-request
+```
+or:
+```
+make send-certification-request
+```
+
 ### OOM CertService CSITs
 #### CSIT repository
 ```
author	Remigiusz Janeczek <remigiusz.janeczek@nokia.com>	2021-06-16 19:16:30 +0200
committer	Remigiusz Janeczek <remigiusz.janeczek@nokia.com>	2021-06-30 06:49:34 +0000
commit	27611bc9a6f855d439dbf68a2955e4651e83dd14 (patch)
tree	a3ab89fce392aa155d1c9fe3a383c0f12133a983 /README.md
parent	1630a480ab3ac2aeb833855380be3dd89fdca248 (diff)