summaryrefslogtreecommitdiffstats
path: root/csit/gen_truststore.sh
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-06-14 12:00:48 -0400
committerJim Hahn <jrh3@att.com>2021-06-14 12:06:51 -0400
commit548aa5aaf6e0c5fbcc92430855ddb24584352bd2 (patch)
tree8a8ec86fdc35c77832dff857236226902883f774 /csit/gen_truststore.sh
parentd6cc02e8a57ead99421947734b8f4bfb078fbfd5 (diff)
Don't save private key
GitHub complains if you include a private key in a repo. Modified the CSITs to generate the root CA so that it's private key does not have to be stored. Issue-ID: POLICY-3384 Change-Id: I4bebc3e4b0e386047d7f6fbd19150812cb605899 Signed-off-by: Jim Hahn <jrh3@att.com>
Diffstat (limited to 'csit/gen_truststore.sh')
-rwxr-xr-xcsit/gen_truststore.sh40
1 files changed, 40 insertions, 0 deletions
diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh
new file mode 100755
index 00000000..2ee96341
--- /dev/null
+++ b/csit/gen_truststore.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+#
+# Generates a root certificate and truststore for use by the various policy
+# docker images.
+#
+
+DIR="${0%/*}/config"
+cd "${DIR}"
+
+OUTFILE=policy-truststore
+PASS=Pol1cy_0nap
+
+openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \
+ -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap"
+
+openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \
+ -out caroot.cer -extensions v3_ca -passin "pass:${PASS}"
+
+keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \
+ -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}"
+
+chmod 644 "$OUTFILE"