diff options
Diffstat (limited to 'certService')
14 files changed, 97 insertions, 208 deletions
diff --git a/certService/OpenAPI.yaml b/certService/OpenAPI.yaml index cee5a402..14f8b6bc 100644 --- a/certService/OpenAPI.yaml +++ b/certService/OpenAPI.yaml @@ -1,3 +1,20 @@ +# ============LICENSE_START======================================================= +# aaf-certservice +# ================================================================================ +# Copyright (C) 2020 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= openapi: 3.0.1 info: title: CertService Documentation @@ -17,7 +34,7 @@ paths: get: tags: - CertificationService - summary: sign certificate + summary: Sign certificate description: Web endpoint for requesting certificate signing. Used by system components to gain certificate signed by CA. operationId: signCertificate @@ -28,6 +45,7 @@ paths: required: true schema: type: string + example: "RA_TEST" - name: CSR in: header description: Certificate signing request in form of PEM object encoded in @@ -35,6 +53,7 @@ paths: required: true schema: type: string + example: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREVqQ0NBZm9DQVFBd2daY3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhEQTFUWVc0dFJuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0RCQk1hVzUxZUMxR2IzVnVaR0YwCmFXOXVNUTB3Q3dZRFZRUUxEQVJQVGtGUU1SRXdEd1lEVlFRRERBaHZibUZ3TG05eVp6RWVNQndHQ1NxR1NJYjMKRFFFSkFSWVBkR1Z6ZEdWeVFHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQXpRekpQTmhrRURhL3JnUmhJUmpLVDF2RC84Wk9scXA3UmRuYTEybXFIU2FqQ0hHeGR0K1JPZk0vCkpINk9NczZNSjlwNXRJVE5VUWVDUEQ5cE44WkpzMCtOaWQvRE1Nb1B3MW94NnZyNFc5Rnh4K3NGN2hnK05nYjEKNGxvZVZob2EwajlKd1hlc2krSThNbFBObGRMRXlGYnZubDgyNzl0Qjg2dmRpR2g3blFjek8rbnY5elBqZllVcQpIaGlRK1ptMEZjbWFxblVJOG54aWJQNmFMMS9uWFQ3aHlwY0VzOCtpenNZVktqdVdwSjhlZHN0T1NBYTlkWXkrCkVhYTFPTlo5RFRDQzArZmM4S0pBNGJjWVE0T2tPYXFmcnhxY0xMOXZJL1BROWZtYThTUXBmcXVTbmQvbjNOazMKK1NoYnVCclorVnNQRWhsWnBJb2lXdS9scjlrdnp3SURBUUFCb0RVd013WUpLb1pJaHZjTkFRa09NU1l3SkRBaQpCZ05WSFJFRUd6QVpnZ2h2Ym1Gd0xtOXlaNElOZEdWemRDNXZibUZ3TG05eVp6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBV0N2QlJzTmZ5S0F1NWhIWldWUm8xd2VWSVJvbHQyRWdsSUkzbHI4d0ZlN1hobUtZVlhESzJ3aHEKc2hCakNNQUJHNW90MlBXUE8yK1JLSmsveEh2RXRoQzMybityQlhOS2hHUUJMY3dyeFNBbjVUMHFNa0xzTGJiRAphTU1nTnRiYWxmOC9mVmNWWDY1WTVVb052Y2FScEpvVUdYY1ovZ3kvMG5aWnNXbURkejk1Rys2MXFnY0s3RlhOClB1bENxLy9YNUZkK2NkQy9TTnNxaGtqdlgyd3hYMUZRVVYwcFp0akcwenl3b3JwNE9HSkRiUUxtaWFZSlQ2Ym8KNjAyZ21zWFNTQlJzVWFCOEsxeWMzalRkS043QjYxcjhwYW05NlBxQjdXME13MVRJVFAzQnhJTk5kN1hhNlI5VAo5T3BTcDhFcUZ5R043M3NJN0svbDdNZVJvUm1PUUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K" - name: PK in: header description: Private key in form of PEM object encoded in Base64 (with header @@ -42,109 +61,92 @@ paths: required: true schema: type: string + example: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRE5ETWs4MkdRUU5yK3UKQkdFaEdNcFBXOFAveGs2V3FudEYyZHJYYWFvZEpxTUljYkYyMzVFNTh6OGtmbzR5em93bjJubTBoTTFSQjRJOApQMmszeGttelQ0MkozOE13eWcvRFdqSHErdmhiMFhISDZ3WHVHRDQyQnZYaVdoNVdHaHJTUDBuQmQ2eUw0and5ClU4MlYwc1RJVnUrZVh6YnYyMEh6cTkySWFIdWRCek03NmUvM00rTjloU29lR0pENW1iUVZ5WnFxZFFqeWZHSnMKL3BvdlgrZGRQdUhLbHdTeno2TE94aFVxTzVha254NTJ5MDVJQnIxMWpMNFJwclU0MW4wTk1JTFQ1OXp3b2tEaAp0eGhEZzZRNXFwK3ZHcHdzdjI4ajg5RDErWnJ4SkNsK3E1S2QzK2ZjMlRmNUtGdTRHdG41V3c4U0dWbWtpaUphCjcrV3YyUy9QQWdNQkFBRUNnZ0VBZkN5cUVYYlo0aGZGckpScVhhaXRtN0Z1Mkk0M09YYTBnSENWM3EzV255Q3UKeW9aUGVqV1p0UVpoenEvMVhUOUlFVHAxU2FUQzBiZENYMG5uWmlkbXFuZ2F0c3dUWUpCOVMwaHJ3bW1KemREZwpucmp0Tm1yb0FiL2xWOVpMV01rbVJQeWVwZExiWXpyMlNXUUd0QnlYbnR0RzhSbW9JMGtjZjN3dEJGYUJ4VzFwClFzRUNXUFBpdjNZRDh2SzlSRG9wdmxCMnFZVWxCTm1kQ3AxWEJXMU9OZm5wckUwZFhiYTJxVzB3M3lqU2dJdGYKUWJBSTJZQzJEWlpIK3liRGFMZWVtb0p3dDdPK1F6NWp4SkgwWkFpSnVaNzNpSTVocFBJQlhLamRkU1p1bjRpRwpEOFZaaCtYWE9yQWJxVURXdlN4UW9kdFhYeGNSSS9aWUx5WWR1OHdhd1FLQmdRRHA3UEhwdWFDSk50MlBLV3d6Cll4SDhIYlB1L0pTS2R3UytZek5SNzJaYlUwSmQxWTdPc1JCR1Bvd24zOW55WDlJYzJINXBLc2VJYnpsK1lJS1MKQW9BKy9nbFZZUGpIZ2RmVHF6R01QMm5meVh0dVpFQzdicVBLSVlzL0Qwb0pGQzFkUThwUjFxcXp6NjJEMEUvawpSS1MrVFhpSlkvMlJiQVhDckFDVnNwVmQzUUtCZ1FEZ1prZE45SkhIMjYyRWdLQ3p1Q0NHMXlYa3IrcWVHZ3ozCldWbUtMaGVveitHVXlvVDVuaGlvUTJxNlllYTJ1ODlVYUdGZFk4Y0hIQVdhUy9UdU9FYzdBRHV4eTZsVWpKWkQKU3V0YU80cWk3eXh6UGxNN2w5alVpejV5MldZZGRnWEhLOG82M0pOSHdwd0FYaDgycytTbm9STUZSd1JOTGsyWQp4WmxxRm55WG13S0JnUUNkdEkrWEtmMHY1SnhVUXZIZVp3RWQvb3hySnoraFpnSDl0UFZKWE9PZDJERGEvL25xCklQYysxRFk3UDdBNHRoNzZNWDV2dWxhUkJhTTJMeXgzOFZXeW9pTjZ1d2lkd0V6WU9BY01iVWdjaGtJL3R6am8KNC90cWIxam9KNCtiTlU0c0hXTE43N0pmelRoR3NHN2NEdWNlSVM2Tk9hc2VtanY3OVdmamhHVXN4UUtCZ1FETQpwbHFYVE5uNjlHek9MK1Rmb3FmL2NZMjhmM2N3VXovS0FYRzRwSXF0U1ZGSXVsNEZyTnA5OG1ZT3J5U1RPTHRBCkZxWGRYeGJ2Yysza0p5dXNhaVVFT1JVMzlDNXN6bjVueHBiWHh2K0wweWF0djRSM0QrZ1BCeUtmNlliSWpZOTkKY29GUHAwU21xR1JQclljNEExNGdSclVyRmZabFVUb3hmdHlJTlJQUnl3S0JnUURoSFkvT24vRTNodmo4aHBKRQplMWNuQ2ZsV2VKWlZSdnBPQm96NCtwMVltMzZZZEQ0azBpSEh6anZUUGlBSnNGTFB5VXVTZXI0T3hpN2cvcmYvCklPVjN4bHZyNXdSRmxLYWxvWjY5azkxNm5qdWM0d2lXVzdMbGt1YWptVDhlSUszTU05MU9SL1VFcE16dFMyMHEKZ3hRMEVieTFaMlh6TWlkMEhZZTlVcTJaSmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" responses: "200": - description: certificate successfully signed + description: Certificate successfully signed content: - application/json; charset=utf-8: + application/json: schema: $ref: '#/components/schemas/CertificationModel' - "500": - description: something went wrong during connecting to cmp client + "400": + description: Given CSR or/and PK is incorrect content: - application/json; charset=utf-8: + application/json: schema: $ref: '#/components/schemas/ErrorResponseModel' "404": description: CA not found for given name content: - application/json; charset=utf-8: + application/json: schema: $ref: '#/components/schemas/ErrorResponseModel' - "400": - description: given CSR or/and PK is incorrect + "500": + description: Something went wrong during connectiion to CMPv2 server content: - application/json; charset=utf-8: + application/json: schema: $ref: '#/components/schemas/ErrorResponseModel' /ready: get: tags: - CertificationService - summary: check is container is ready + summary: Check if CertService application is ready description: Web endpoint for checking if service is ready to be used. operationId: checkReady responses: "200": - description: configuration is loaded and service is ready to use - content: - application/json; charset=utf-8: - schema: - type: string + description: Configuration is loaded and service is ready to use + content: {} "503": - description: configuration loading failed and service is unavailable - content: - application/json; charset=utf-8: - schema: - type: string + description: Configuration loading failed and service is unavailable + content: {} /reload: get: tags: - CertificationService - summary: reload service configuration from file + summary: Reload CMPv2 servers configuration from configuration file description: Web endpoint for performing configuration reload. Used to reload - configuration file from file. + configuration from file. operationId: reloadConfiguration responses: "200": - description: configuration has been successfully reloaded - content: - application/json; charset=utf-8: - schema: - type: string + description: Configuration has been successfully reloaded + content: {} "500": - description: something went wrong during configuration loading + description: Something went wrong during configuration loading content: - application/json; charset=utf-8: + string: schema: - $ref: '#/components/schemas/ErrorResponseModel' + type: string + example: "can't parse JSON. Raw result: Exception occurred during CMP Servers configuration loading" /actuator/health: get: tags: - Actuator summary: Actuator web endpoint 'health' - operationId: handle_0 + operationId: healthCheck responses: "200": - description: default response - content: {} - /actuator/health/**: - get: - tags: - - Actuator - summary: Actuator web endpoint 'health-path' - operationId: handle_1 - responses: - "200": - description: default response - content: {} - /actuator: - get: - tags: - - Actuator - summary: Actuator root web endpoint - operationId: links_2 - responses: - "200": - description: default response - content: {} + description: Service is healthy + content: + string: + schema: + $ref: '#/components/schemas/StatusResponseModel' components: schemas: + StatusResponseModel: + type: object + properties: + status: + type: string + example: "UP" ErrorResponseModel: type: object properties: errorMessage: type: string + example: "Internal server error" CertificationModel: type: object properties: @@ -152,7 +154,9 @@ components: type: array items: type: string + example: "-----BEGIN CERTIFICATE-----\nMIIErDCCAxSgAwIBAgIUfYvpzoT6WTxiu2KtxDwdvB56iVUwDQYJKoZIhvcNAQEL\nBQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGI1YzFhYTBkNzA4NjVjNGUxFTATBgNV\nBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\nc3RhcnQwHhcNMjAwNDAxMTAyNzAwWhcNMjIwNDAxMTAyNDEyWjCBlzEeMBwGCSqG\nSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMREwDwYDVQQDDAhvbmFwLm9yZzENMAsG\nA1UECwwET05BUDEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEWMBQGA1UEBwwN\nU2FuLUZyYW5jaXNjbzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNDMk82GQQNr+uBGEhGMpP\nW8P/xk6WqntF2drXaaodJqMIcbF235E58z8kfo4yzown2nm0hM1RB4I8P2k3xkmz\nT42J38Mwyg/DWjHq+vhb0XHH6wXuGD42BvXiWh5WGhrSP0nBd6yL4jwyU82V0sTI\nVu+eXzbv20Hzq92IaHudBzM76e/3M+N9hSoeGJD5mbQVyZqqdQjyfGJs/povX+dd\nPuHKlwSzz6LOxhUqO5aknx52y05IBr11jL4RprU41n0NMILT59zwokDhtxhDg6Q5\nqp+vGpwsv28j89D1+ZrxJCl+q5Kd3+fc2Tf5KFu4Gtn5Ww8SGVmkiiJa7+Wv2S/P\nAgMBAAGjgaQwgaEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQ4TWsw5NCfgMjt\nc6sLNV008AniSjAiBgNVHREEGzAZgghvbmFwLm9yZ4INdGVzdC5vbmFwLm9yZzAd\nBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFAMyW8sAIjOG\n4qiMVEWuBfliFNeyMA4GA1UdDwEB/wQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAYEA\nCviGRpVZgd4Vr3R3pslegH9GRa1TmCVP8wTD6CUA84VqMzVatcdWbaDFNoCVv54v\nUCYPsN8REx/I53R1jbQ5tralj8JMublrdDaKDQY7OdfjL53nGS4OGl76ZLMt50cF\nnXreoSixCdv3OkPO7+P5szzfnwcCQEa235GfHOxAKv2DIhI8+aFMdi1vTJMYmROs\nYA/6DuJAFjfjPM6T4hzKdW8FPyyUw4kWSNRtt+cxN1JxGDYRt1bnjj7u7nMA5Mge\noWn5oeHLO8rkWgMy0BPxL+YVJhqhdD1fiSek99vmWNUKqmui/4TOXf06SjuMgPgL\nOdp/e2+unwOw+TfdQ/Vu1736IRuWKgLxXOXoOHq2RCZpMgfol2wOFdWSeHWnOag2\nstKD9mmxUaq3wactkVQEkljo3vOgw3D829jC5BOVASxoYoiNzRQlpXrP+kj9QPt0\nZN6haQCgjejHOVpKeuUNoZTUyH+2MwpANLiaJjQcZrwt8N9bAN7WilY+f7CHwMK+\n-----END CERTIFICATE-----\n" trustedCertificates: type: array items: type: string + example: "-----BEGIN CERTIFICATE-----\nMIIEszCCAxugAwIBAgIUK3BbY7jXBtQfSMhob3Ls9BoorbYwDQYJKoZIhvcNAQEL\nBQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGI1YzFhYTBkNzA4NjVjNGUxFTATBgNV\nBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\nc3RhcnQwHhcNMjAwNDAxMTAyNzAwWhcNMzAwNDAxMTAyNzAwWjBhMSMwIQYKCZIm\niZPyLGQBAQwTYy0wYjVjMWFhMGQ3MDg2NWM0ZTEVMBMGA1UEAwwMTWFuYWdlbWVu\ndENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ\nKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJ5UAlOGkFyyjyDfFBADJrVzce5/wvNC\nDzL8OoB5CRa22NxHZqPL6fNpqexH1alE7ko/g+vvu1BLHnjKzglVMVV880jjG/tq\ngUf9syfmRdRcgPUrF71dOTNw52ZGB23e8es7VQNYca5QH0mfjaw2AxKf4pNzScTi\nbYXw/KxuoeBHP2ybKhSCxau1k6eePUEkpzHlu33XjtTKGRklCo4lDslLtMOV0gWm\nJj2pd9v+/qY9AMio1XkqczGmnGrSRDD7fp+3WpBI2Q4ZaDZZHnzg/9TXmpBGWhwi\n5Ca5e9Cmb9WGjE8W4uICyvaBSmvsGqB2nBjLC0rBUyJxkMxaxZYxoWbegCqlnwgo\naG2OMbGq1qO/U5ArW9WppovA9y540j49CuYWgvf2pH21GzQX2uCtiHDge01exko/\np7c8/20B0rNjyvBFM9s2NOQ4wCIrLVKPClX3mpzuIGliRpnXnC6FQMrC4yNvyO7s\nB2PwzesXaBdD07AfXpYtSaHeqLZafMtqRwIDAQABo2MwYTAPBgNVHRMBAf8EBTAD\nAQH/MB8GA1UdIwQYMBaAFDhNazDk0J+AyO1zqws1XTTwCeJKMB0GA1UdDgQWBBQ4\nTWsw5NCfgMjtc6sLNV008AniSjAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL\nBQADggGBAImYiKkQfR52L2NzjuHI6y8darhBNpZSNf5Hhzv5MOs6yKJSFxh6mQFg\nRfF860AbxgxAfE8bvK2IX+W6b193ecFXAOrRc+UcEyqTg2efqp2zuCdQpnA4nopf\n+474iRkAHdlwdeI0FTE931AOCMfKaQAiEn40Xo3xB09xvMhK7ce2xkxFp90uqbyZ\nwXPRORUj5rKhCiL10jkgXmTfGGlzgQfpHxQxnwQzuAPcv31l+0YVZpDpkSP8A2ts\nmS/yGFfBylyPnGa/+mChZoI7AAKUZ0QWSTDVQLFW6RIs0ByX9zPZqQx0ncGzXH++\nmLu/33YpyjfcjFzvhFVRJCNpELTa0aCElDcD+LIiz80fFP3bxbI42ifYXbt+k/8w\nAB8Ffh1GOneWnaOl42mghNs6ve9e+PjOphYS1sQI74b0liXQdI4tmobAyPoACpgR\ncJ9DAfYtkpMQjxkV/FUM92m76WQpFnIRNQl6C5XLzWHCAVvS+MxEydtINsl4FCvw\nPDdu3P8UkA==\n-----END CERTIFICATE-----\n" diff --git a/certService/README.md b/certService/README.md index 61506e79..645ca061 100644 --- a/certService/README.md +++ b/certService/README.md @@ -96,3 +96,7 @@ API is described by Swagger ( OpenAPI 3.0 ) on endpoint /docs ``` http://localchost:8080/docs ``` + +### OpenAPI +during project building yaml file with openAPI 3.0 documentation is generated in target directory with name api-docs.yaml +file OpenAPI.yaml located in certService directory must be update be hand if needed diff --git a/certService/helm/aaf-cert-service/.helmignore b/certService/helm/aaf-cert-service/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/certService/helm/aaf-cert-service/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/certService/helm/aaf-cert-service/Chart.yaml b/certService/helm/aaf-cert-service/Chart.yaml deleted file mode 100644 index 37c7d148..00000000 --- a/certService/helm/aaf-cert-service/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for AAF Cert Service -name: aaf-cert-service -version: 0.1.0 diff --git a/certService/helm/aaf-cert-service/resources/cmpServers.json b/certService/helm/aaf-cert-service/resources/cmpServers.json deleted file mode 100644 index d6557c52..00000000 --- a/certService/helm/aaf-cert-service/resources/cmpServers.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "cmpv2Servers": [ - { - "caName": "Client", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - }, - { - "caName": "RA", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - } - ] -} diff --git a/certService/helm/aaf-cert-service/templates/deployment.yaml b/certService/helm/aaf-cert-service/templates/deployment.yaml deleted file mode 100644 index f8b2d43f..00000000 --- a/certService/helm/aaf-cert-service/templates/deployment.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Chart.Name }}-deployment -spec: - selector: - matchLabels: - app: {{ .Values.appLabel }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ .Values.appLabel }} - spec: - volumes: - - name: {{ .Values.volume.name }} - secret: - secretName: {{ .Values.secret.name }} - containers: - - name: aaf-cert-service - image: {{ .Values.repository }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.containerPort }} - livenessProbe: - httpGet: - port: {{ .Values.containerPort }} - path: {{ .Values.liveness.path }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - readinessProbe: - httpGet: - port: {{ .Values.containerPort }} - path: {{ .Values.readiness.path }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - name: {{ .Values.volume.name }} - mountPath: {{ .Values.volume.mountPath }} - readOnly: true - resources: - {{ toYaml .Values.resources }} diff --git a/certService/helm/aaf-cert-service/templates/secret.yaml b/certService/helm/aaf-cert-service/templates/secret.yaml deleted file mode 100644 index 77b25f4e..00000000 --- a/certService/helm/aaf-cert-service/templates/secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secret.name }} -type: Opaque -data: - {{ (.Files.Glob "resources/cmpServers.json").AsSecrets }}
\ No newline at end of file diff --git a/certService/helm/aaf-cert-service/templates/service.yaml b/certService/helm/aaf-cert-service/templates/service.yaml deleted file mode 100644 index fba7e5fa..00000000 --- a/certService/helm/aaf-cert-service/templates/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }}-service -spec: - type: {{ .Values.service.type }} - selector: - app: {{ .Values.appLabel }} - ports: - - protocol: TCP - port: {{ .Values.containerPort }}
\ No newline at end of file diff --git a/certService/helm/aaf-cert-service/values.yaml b/certService/helm/aaf-cert-service/values.yaml deleted file mode 100644 index 0dab1e32..00000000 --- a/certService/helm/aaf-cert-service/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -appLabel: aaf-cert-service -replicaCount: 1 -repository: nexus3.onap.org:10001 -image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 -pullPolicy: Always -containerPort: 8080 -service: - type: ClusterIP -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - path: /actuator/health -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - path: /ready -volume: - name: aaf-cert-service-volume - mountPath: /etc/onap/aaf/certservice - -resources: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - -secret: - name: aaf-cert-service-secret diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java index bf51e49e..c440ec34 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java +++ b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java @@ -64,14 +64,14 @@ public class CertificationController { * @param encodedPrivateKey Private key for CSR, needed for PoP, encoded in Base64 form * @return JSON containing trusted certificates and certificate chain */ - @GetMapping(value = "v1/certificate/{caName}", produces = "application/json; charset=utf-8") + @GetMapping(value = "v1/certificate/{caName}", produces = "application/json") @ApiResponses(value = { - @ApiResponse(responseCode = "200", description = "certificate successfully signed"), - @ApiResponse(responseCode = "400", description = "given CSR or/and PK is incorrect", + @ApiResponse(responseCode = "200", description = "Certificate successfully signed"), + @ApiResponse(responseCode = "400", description = "Given CSR or/and PK is incorrect", content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))), @ApiResponse(responseCode = "404", description = "CA not found for given name", content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))), - @ApiResponse(responseCode = "500", description = "something went wrong during connecting to cmp client", + @ApiResponse(responseCode = "500", description = "Something went wrong during connectiion to CMPv2 server", content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))) }) @Operation( diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java b/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java index f900edf9..9c8e1bf0 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java +++ b/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java @@ -42,13 +42,13 @@ public final class ReadinessController { this.cmpServersConfig = cmpServersConfig; } - @GetMapping(value = "/ready", produces = "application/json; charset=utf-8") + @GetMapping(value = "/ready", produces = "application/json") @ApiResponses(value = { - @ApiResponse(responseCode = "200", description = "configuration is loaded and service is ready to use"), - @ApiResponse(responseCode = "503", description = "configuration loading failed and service is unavailable") + @ApiResponse(responseCode = "200", description = "Configuration is loaded and service is ready to use"), + @ApiResponse(responseCode = "503", description = "Configuration loading failed and service is unavailable") }) @Operation( - summary = "check is container is ready", + summary = "Check if CertService application is ready", description = "Web endpoint for checking if service is ready to be used.", tags = {"CertificationService"}) public ResponseEntity<String> checkReady() { diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/ReloadConfigController.java b/certService/src/main/java/org/onap/aaf/certservice/api/ReloadConfigController.java index e812ce0d..14bff8dd 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/api/ReloadConfigController.java +++ b/certService/src/main/java/org/onap/aaf/certservice/api/ReloadConfigController.java @@ -46,15 +46,15 @@ public final class ReloadConfigController { this.cmpServersConfig = cmpServersConfig; } - @GetMapping(value = "/reload", produces = "application/json; charset=utf-8") + @GetMapping(value = "/reload", produces = "application/json") @ApiResponses(value = { - @ApiResponse(responseCode = "200", description = "configuration has been successfully reloaded"), - @ApiResponse(responseCode = "500", description = "something went wrong during configuration loading", + @ApiResponse(responseCode = "200", description = "Configuration has been successfully reloaded"), + @ApiResponse(responseCode = "500", description = "Something went wrong during configuration loading", content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))) }) @Operation( - summary = "reload service configuration from file", - description = "Web endpoint for performing configuration reload. Used to reload configuration file from file.", + summary = "Reload CMPv2 servers configuration from configuration file", + description = "Web endpoint for performing configuration reload. Used to reload configuration from file.", tags = {"CertificationService"}) public ResponseEntity<String> reloadConfiguration() throws CmpServersConfigLoadingException { cmpServersConfig.reloadConfiguration(); diff --git a/certService/src/main/resources/application.properties b/certService/src/main/resources/application.properties index 9ccdd326..c5d14370 100644 --- a/certService/src/main/resources/application.properties +++ b/certService/src/main/resources/application.properties @@ -9,3 +9,14 @@ springdoc.swagger-ui.path=/docs # AAF CertService app specific configuration app.config.path=/etc/onap/aaf/certservice + +# Mutual TLS configuration +server.ssl.enabled=true +server.ssl.client-auth=need +server.port=${HTTPS_PORT:8443} + +server.ssl.key-store=${KEYSTORE_PATH:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks} +server.ssl.key-store-password=${KEYSTORE_PASSWORD:secret} + +server.ssl.trust-store=${TRUSTSTORE_PATH:/etc/onap/aaf/certservice/certs/truststore.jks} +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD:secret} diff --git a/certService/src/test/resources/application.properties b/certService/src/test/resources/application.properties index 39001571..b70ab3b4 100644 --- a/certService/src/test/resources/application.properties +++ b/certService/src/test/resources/application.properties @@ -1,2 +1,13 @@ # AAF CertService app specific configuration app.config.path=./src/test/resources + +# Mutual TLS configuration +server.ssl.enabled=true +server.ssl.client-auth=need +server.port=${HTTPS_PORT:8443} + +server.ssl.key-store=${KEYSTORE_PATH:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks} +server.ssl.key-store-password=${KEYSTORE_PASSWORD:secret} + +server.ssl.trust-store=${TRUSTSTORE_PATH:/etc/onap/aaf/certservice/certs/truststore.jks} +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD:secret}
\ No newline at end of file |