From 29ed0d71a625d62f2f86f1d39257089df4c75ddc Mon Sep 17 00:00:00 2001 From: Jim Hahn Date: Mon, 28 Jun 2021 13:28:12 -0400 Subject: Don't regenerate policy root CA in CSITs If the truststore already contains a root CA for policy, then the script should not regenerate a root CA, as it interferes with pods that are brought up in subsequent runs. Issue-ID: POLICY-3384 Change-Id: I0c46fd23bd24ffd2add4e2d4914b6198a6f4b18f Signed-off-by: Jim Hahn --- csit/gen_truststore.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'csit') diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh index 2ee96341..748d5f30 100755 --- a/csit/gen_truststore.sh +++ b/csit/gen_truststore.sh @@ -26,15 +26,24 @@ DIR="${0%/*}/config" cd "${DIR}" OUTFILE=policy-truststore +ALIAS=onap.policy.csit.root.ca PASS=Pol1cy_0nap +keytool -list -alias ${ALIAS} -keystore ${OUTFILE} -storepass "${PASS}" \ + >/dev/null 2>&1 +if [ $? -eq 0 ] +then + echo "Truststore already contains a policy root CA - not re-generating" + exit 0 +fi + openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \ -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap" openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \ -out caroot.cer -extensions v3_ca -passin "pass:${PASS}" -keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \ +keytool -import -noprompt -trustcacerts -alias ${ALIAS} \ -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}" chmod 644 "$OUTFILE" -- cgit 1.2.3-korg