From 29ed0d71a625d62f2f86f1d39257089df4c75ddc Mon Sep 17 00:00:00 2001
From: Jim Hahn <jrh3@att.com>
Date: Mon, 28 Jun 2021 13:28:12 -0400
Subject: Don't regenerate policy root CA in CSITs

If the truststore already contains a root CA for policy, then the
script should not regenerate a root CA, as it interferes with pods
that are brought up in subsequent runs.

Issue-ID: POLICY-3384
Change-Id: I0c46fd23bd24ffd2add4e2d4914b6198a6f4b18f
Signed-off-by: Jim Hahn <jrh3@att.com>
---
 csit/gen_truststore.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'csit/gen_truststore.sh')

diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh
index 2ee96341..748d5f30 100755
--- a/csit/gen_truststore.sh
+++ b/csit/gen_truststore.sh
@@ -26,15 +26,24 @@ DIR="${0%/*}/config"
 cd "${DIR}"
 
 OUTFILE=policy-truststore
+ALIAS=onap.policy.csit.root.ca
 PASS=Pol1cy_0nap
 
+keytool -list -alias ${ALIAS} -keystore ${OUTFILE} -storepass "${PASS}" \
+    >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+    echo "Truststore already contains a policy root CA - not re-generating"
+    exit 0
+fi
+
 openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \
             -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap"
 
 openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \
             -out caroot.cer -extensions v3_ca -passin "pass:${PASS}"
 
-keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \
+keytool -import -noprompt -trustcacerts -alias ${ALIAS} \
             -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}"
 
 chmod 644 "$OUTFILE"
-- 
cgit 1.2.3-korg