summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-06-28 13:28:12 -0400
committerJim Hahn <jrh3@att.com>2021-06-28 13:30:43 -0400
commit29ed0d71a625d62f2f86f1d39257089df4c75ddc (patch)
tree4dc7201350b770f9451b164a408080f49f344752
parent4d0a1d766e645046a9bcbe3c0dbeb59d82fd2fa3 (diff)
Don't regenerate policy root CA in CSITs
If the truststore already contains a root CA for policy, then the script should not regenerate a root CA, as it interferes with pods that are brought up in subsequent runs. Issue-ID: POLICY-3384 Change-Id: I0c46fd23bd24ffd2add4e2d4914b6198a6f4b18f Signed-off-by: Jim Hahn <jrh3@att.com>
-rwxr-xr-xcsit/gen_truststore.sh11
1 files changed, 10 insertions, 1 deletions
diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh
index 2ee96341..748d5f30 100755
--- a/csit/gen_truststore.sh
+++ b/csit/gen_truststore.sh
@@ -26,15 +26,24 @@ DIR="${0%/*}/config"
cd "${DIR}"
OUTFILE=policy-truststore
+ALIAS=onap.policy.csit.root.ca
PASS=Pol1cy_0nap
+keytool -list -alias ${ALIAS} -keystore ${OUTFILE} -storepass "${PASS}" \
+ >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+ echo "Truststore already contains a policy root CA - not re-generating"
+ exit 0
+fi
+
openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \
-subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap"
openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \
-out caroot.cer -extensions v3_ca -passin "pass:${PASS}"
-keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \
+keytool -import -noprompt -trustcacerts -alias ${ALIAS} \
-file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}"
chmod 644 "$OUTFILE"