1 all: build start-backend run-client stop-backend
2 start-with-client: start-backend run-client
6 @echo "##### Build Cert Service images locally #####"
7 mvn clean install -P docker
8 @echo "##### DONE #####"
11 @echo "##### Start Cert Service #####"
13 @echo "## Configure ejbca ##"
14 docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
15 @echo "##### DONE #####"
18 @echo "##### Create Cert Service Client volume folder: `pwd`/compose-resources/client-volume/ #####"
19 mkdir -p `pwd`/compose-resources/client-volume/
20 @echo "##### Start Cert Service Client #####"
23 --name oomcert-client \
24 --env-file ./compose-resources/client-configuration.env \
25 --network cert-service_certservice \
26 --mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \
27 --volume `pwd`/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks \
28 --volume `pwd`/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks \
29 nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
32 @echo "##### Stop Cert Service #####"
34 @echo "##### DONE #####"
36 send-initialization-request:
37 @echo "##### Create folder for certificates from curl: `pwd`/compose-resources/certs-from-curl/ #####"
38 mkdir -p `pwd`/compose-resources/certs-from-curl/
39 @echo "##### Generate CSR and Key #####"
40 openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/ir.key \
41 -out `pwd`/compose-resources/certs-from-curl/ir.csr \
42 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
43 -addext "subjectAltName = DNS:test.onap.org"
44 @echo "##### Send Initialization Request #####"
45 curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
46 -H "CSR: $$(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
47 --cert `pwd`/certs/cmpv2Issuer-cert.pem \
48 --key `pwd`/certs/cmpv2Issuer-key.pem \
49 --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
51 send-key-update-request: verify-initialization-request-files-exist
52 @echo "##### Generate CSR and Key #####"
53 openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/kur.key \
54 -out `pwd`/compose-resources/certs-from-curl/kur.csr \
55 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
56 -addext "subjectAltName = DNS:test.onap.org"
57 @echo "##### Send Key Update Request #####"
58 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
59 -H "CSR: $$(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
60 -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
61 -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
62 --cert `pwd`/certs/cmpv2Issuer-cert.pem \
63 --key `pwd`/certs/cmpv2Issuer-key.pem \
64 --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
66 send-certification-request: verify-initialization-request-files-exist
67 @echo "##### Generate CSR and Key #####"
68 openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/cr.key \
69 -out `pwd`/compose-resources/certs-from-curl/cr.csr \
70 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
71 -addext "subjectAltName = DNS:test.onap.org"
72 @echo "##### Send Key Update Request #####"
73 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
74 -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
75 -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
76 -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
77 --cert `pwd`/certs/cmpv2Issuer-cert.pem \
78 --key `pwd`/certs/cmpv2Issuer-key.pem \
79 --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
81 verify-initialization-request-files-exist:
82 ifeq (,$(wildcard compose-resources/certs-from-curl/ir.key))
83 ifeq (,$(wildcard compose-resources/certs-from-curl/ir-cert.pem))
84 $(error Execute send-initialization-request first)