diff options
| author |   Jim Hahn <jrh3@att.com> | 2021-06-14 12:00:48 -0400 |
|---|---|---|
| committer | Jim Hahn <jrh3@att.com> | 2021-06-14 12:06:51 -0400 |
| commit | 548aa5aaf6e0c5fbcc92430855ddb24584352bd2 (patch) | |
| tree | 8a8ec86fdc35c77832dff857236226902883f774 | |
| parent | d6cc02e8a57ead99421947734b8f4bfb078fbfd5 (diff) | |
Don't save private key
GitHub complains if you include a private key in a repo. Modified the
CSITs to generate the root CA so that it's private key does not have to
be stored.
Issue-ID: POLICY-3384
Change-Id: I4bebc3e4b0e386047d7f6fbd19150812cb605899
Signed-off-by: Jim Hahn <jrh3@att.com>
| -rw-r--r-- | csit/config/cakey.pem | 30 | ||||
| -rw-r--r-- | csit/config/careq.pem | 17 | ||||
| -rw-r--r-- | csit/config/caroot.cer | 20 | ||||
| -rw-r--r-- | csit/config/policy-truststore | bin | 125172 -> 124180 bytes | |||
| -rwxr-xr-x | csit/gen_truststore.sh | 40 | ||||
| -rwxr-xr-x | csit/run-project-csit.sh | 3 |
6 files changed, 42 insertions, 68 deletions
diff --git a/csit/config/cakey.pem b/csit/config/cakey.pem deleted file mode 100644 index 3300e6c1..00000000 --- a/csit/config/cakey.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIs2vpWNNWUx8CAggA -MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD6yFMOdJ6QRBIIEyKJhiRJR59dk -Jsu22pT45tGdZBG8xO97q09bxL3wydv7Iszn3jUxnWiDFa/wQ5cFd5HPii2WfFQ7 -EmBKmm6nN8aOYb/qDOi/uLwMowcCyklZVLGI5yPl2o6/Ud644r3NhB3vP3+Ov/zq -T0fIacUHEJRfizJGZ2sqMt+bI/+Fa/Ixb21Xh/LAAt+3SHVOCDkE2Uwl4QQl/Ia9 -x8FRHxpUQEPpbsVtC8l+e6kYPiRAhUjoRsNF6UyarRiHeiGXqedpvdtVavBmb1/i -R59wNJP8zW97ljBdoAiwVzm88CRcVSQ00AWNaclRH5z5MnpakV6OFXjlmHQl/a9t -OY7hqzLp5Q+r0Eo2iiS75ySMsr/8rOxBs8/EzTBSBcseSmjuhmw6H+d1ccRYUMmm -Hd0leMkm9qIfIwKXBdVqpU1GJLLRGzRe5Cvj0LXOIPT+ZUDWYD4W+p1kLI3xHzs5 -1pNML2+pTV/XDW3lT0cNl1pMzzpVUTD+G12NLLB+Df8kv310zMoxXiGduZ9IZ+Ox -McsOpc/Y6c1w4ce6eCKeWVBrWlbx+VmUh8f0nI4ushzv9KxzG+jroD7R1oqvY7EE -1oXj6ZPoz8cSVfaGMqFfmciZL7WrDsIsIAS+Ak37eAByD9chdGMzVPThra/KCbTD -ak/msiSQSuPhcmyzW6PQdjlzB4U++vZCfBrYYX+rbQNRluuz3xwZgGX6J9ThTQQC -kVhtBFf4EAciFyBK6M8DCCjDYtO+VfHEYQDwfwL85TPZrxeQJsRCQUieelsLsjyO -hluWlARA0H+zpDGthJY2RmOgtbD8WRstFpuSvGLNhLPwiXRfdi+rakrBRAufd1K9 -WYx2CMNX5GksW1eS/CwTFO8SpGtc18S5W10Lx0d2rvZzImC9pB1LWWgp0jJZ6+Lv -s5qsm11ThnLbvKf8EYFqD5oDaT2GHbxiQ1mau8X6ZYCthBLx0j+Efp30Veq0Fw6e -LS43HaH3/zQC5XXp2EZoJ4tkRDtOmZDRBNUTS7JTZ/mSTggBaxQo7X1H8MaPv6fS -HPSC/s59oPSBjYCwD/1mQz4lRpsQfLUBVIlG1IwM5k7oizAN49MoKkx/IsvKvAjL -8q7yvb8khN/giF6VmKZSw5UWoORo5dUzZO54WjScwVgxyA5B2F7FaD3ZpM5DJuTI -BiO1qzzQqZqr+/YVbHu+qFYxHSPE+HqfUK+oePklk9Wd6spmiqi6DBWubi7rZdfz -qFLzxXf0amlsMEvZIoGTgJio5GDDb+LA0xPpH4kEhJnRmr6zeapLX47B5mwrY4a3 -RHCeMUwViihsWdLAbT/rwpjE7LVlUxG/vlmefgOOda8orijYEFtqoLnfE0822TWf -BrqPJch+6CZWetR5jt3fk0ZZLoQZ75+DK38JKoNRqq2wmbROcG3yhrrjA66lswzQ -LVT2+KAJS9kLKrFn9RCb6WxxaZWYlikhmFHbFlMyQfvBl0sNd7BB+kl7k95Yj6wz -BOATVami77d2iOwwAUHUoF/H2dqF/auQgtMgasY4QNuMHPTxaUghx2qZ1zrph4+5 -rk27c/rqcBYeK9x3NpSnwIipXVfaOjh9k0ZkEqTBEp+eOWgZRjjYr/XoCnTuLTvO -xbBolHwGkirh9np5dCJCTw== ------END ENCRYPTED PRIVATE KEY----- diff --git a/csit/config/careq.pem b/csit/config/careq.pem deleted file mode 100644 index ea81b65d..00000000 --- a/csit/config/careq.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICyTCCAbECAQAwaDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEhMB8GA1UEAwwYb25h -cC5wb2xpY3kuY3NpdC5yb290LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAo2ivC+t42ljB9/f7kaX2ZOZKCOgp/Xxo4Se4UKl3ZN0pQ1HLe5FHlef9 -oP8baP8xdHS/w9lcc+ttpNZtCqlUB507iivSh8p+IZV/wwykxsVoAyPbkWkwA2k1 -5/HgQYTBMqqD+Q8luOVqA/g8u3W1VJicTNU+IB9UAtcggqJXzmZsTXy/WuHzLNzP -ZA2waWYrO058AeL1kWkr/U2MmQcDUy1zmKigGWlp0FY6ThFHajxuRVizIBo/9JN3 -1tcHMjKjm2d8DRRltjxyqZ84GbDEx7Z0Af9cXTQAN+E7Gk1fIeEWe2wRAxqAizIp -ecz5wMWzaxovli/6P43NMhYphM210wIDAQABoBwwGgYJKoZIhvcNAQkHMQ0MC1Bv -bDFjeV8wbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQAdiGQNFT48LcDcS5iG3gv4sQ05 -QOL2T3Ich1GOiW1IKbNUdeiT9ogqPHGBHYPl2bcCt3srwUKolfJp5tm3cbLmOzRn -pyarM2zRkMjlzGAY9ZTenolvkjcDOe3irKS6ogIZJBHTAbEywXVc+9jdYdXtYo1Q -wrIZjm/KTRE1gSPFMlrrEOmTVU5R6x29Ydu/tfPZfrNBGaTRqJQG3+mm1AMy2+pH -8w7bP4hqaGir757Eo0z9iE9XObUl+8DE2XOmjTWw9pm3zJ3kRXbi7Z4e2z6BfH0R -IAFzPrp+dn92cNX9FwlVpe/PKUvzPooDyvtc8yFoKq91VJxzIVge8Lbl26qr ------END CERTIFICATE REQUEST----- diff --git a/csit/config/caroot.cer b/csit/config/caroot.cer deleted file mode 100644 index bc01a947..00000000 --- a/csit/config/caroot.cer +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDVzCCAj8CFEeCWPdPiPmX+l+52bzikHXLgXc9MA0GCSqGSIb3DQEBCwUAMGgx -CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl -cm5ldCBXaWRnaXRzIFB0eSBMdGQxITAfBgNVBAMMGG9uYXAucG9saWN5LmNzaXQu -cm9vdC5jYTAeFw0yMTA2MTExNDI5MjNaFw0zMTA2MDkxNDI5MjNaMGgxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxITAfBgNVBAMMGG9uYXAucG9saWN5LmNzaXQucm9vdC5j -YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNorwvreNpYwff3+5Gl -9mTmSgjoKf18aOEnuFCpd2TdKUNRy3uRR5Xn/aD/G2j/MXR0v8PZXHPrbaTWbQqp -VAedO4or0ofKfiGVf8MMpMbFaAMj25FpMANpNefx4EGEwTKqg/kPJbjlagP4PLt1 -tVSYnEzVPiAfVALXIIKiV85mbE18v1rh8yzcz2QNsGlmKztOfAHi9ZFpK/1NjJkH -A1Mtc5iooBlpadBWOk4RR2o8bkVYsyAaP/STd9bXBzIyo5tnfA0UZbY8cqmfOBmw -xMe2dAH/XF00ADfhOxpNXyHhFntsEQMagIsyKXnM+cDFs2saL5Yv+j+NzTIWKYTN -tdMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAOraQVd0DaQI6q33zeebtTAHOcTQp -LZVgM0eZHw1VNiDCzh1n+ZsXu2pBOjqIgvRA9TR8wZS5tWTWYgutPKdWgnp7qspN -inngRtvgNtV0iY4J2DZqRXTwWZZgHbnnpwMEuRLmM6kq6lvBe1ebY1UogtD6Lnoa -yfLNjF3mzcLufI8MQtMgVKmvMl1e9m3l/SNoSK2f3IYjIHpwpP/LkdcW8JR27NfL -C/MmivAHR8Cmq95rxfGE7w5B4qKoJJED903Nx18K4rlM4eY9lv3DLlG31HrwZ6Zy -n1dadaa9Ie8LuEtA6PzFC1IdMyVqXkocLB86RLMv5WZFiIA/kjkNFKnrdg== ------END CERTIFICATE----- diff --git a/csit/config/policy-truststore b/csit/config/policy-truststore Binary files differindex 78389d94..883e0a9c 100644 --- a/csit/config/policy-truststore +++ b/csit/config/policy-truststore diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh new file mode 100755 index 00000000..2ee96341 --- /dev/null +++ b/csit/gen_truststore.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# +# Generates a root certificate and truststore for use by the various policy +# docker images. +# + +DIR="${0%/*}/config" +cd "${DIR}" + +OUTFILE=policy-truststore +PASS=Pol1cy_0nap + +openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \ + -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap" + +openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \ + -out caroot.cer -extensions v3_ca -passin "pass:${PASS}" + +keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \ + -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}" + +chmod 644 "$OUTFILE" diff --git a/csit/run-project-csit.sh b/csit/run-project-csit.sh index 3c35d8ab..d77b06fa 100755 --- a/csit/run-project-csit.sh +++ b/csit/run-project-csit.sh @@ -167,7 +167,8 @@ cd "${WORKDIR}" # Sign in to nexus3 docker repo docker login -u docker -p docker nexus3.onap.org:10001 -# Generate keystore to be used by repos +# Generate truststore and keystore to be used by repos +${SCRIPTS}/gen_truststore.sh ${SCRIPTS}/gen_keystore.sh cp ${SCRIPTS}/config/ks.jks ${SCRIPTS}/config/drools/custom/policy-keystore cp ${SCRIPTS}/config/ks.jks ${SCRIPTS}/config/drools-apps/custom/policy-keystore |