Don't save private key

GitHub complains if you include a private key in a repo.  Modified the
CSITs to generate the root CA so that it's private key does not have to
be stored.

Issue-ID: POLICY-3384
Change-Id: I4bebc3e4b0e386047d7f6fbd19150812cb605899
Signed-off-by: Jim Hahn <jrh3@att.com>

1 files changed, 40 insertions, 0 deletions

diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh
new file mode 100755
index 00000000..2ee96341
--- /dev/null
+++ b/csit/gen_truststore.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+# ===========LICENSE_START====================================================
+#  Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+#
+# Generates a root certificate and truststore for use by the various policy
+# docker images.
+#
+
+DIR="${0%/*}/config"
+cd "${DIR}"
+
+OUTFILE=policy-truststore
+PASS=Pol1cy_0nap
+
+openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \
+            -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap"
+
+openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \
+            -out caroot.cer -extensions v3_ca -passin "pass:${PASS}"
+
+keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \
+            -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}"
+
+chmod 644 "$OUTFILE"