3 ### General description
5 More information about the project and all its functionalities you can find under the wiki page:
7 https://wiki.onap.org/display/DW/OOM+Certification+Service
10 Project consists of four submodules:
11 1. oom-certservice-api
12 2. *deprecated (no longer built)* oom-certservice-client
13 3. oom-certservice-post-processor
14 4. oom-certservice-k8s-external-provider
16 Detailed information about submodules can be found in ```README.md``` in their directories.
23 ### Install the packages into the local repository
28 ### Building Docker images and install packages into local repository
30 mvn clean install -P docker
35 ### Generating certificates
36 There are example certificates already generated in certs/ directory.
37 In order to generate new certificates, first remove existing ones.
38 Then execute following command from certs(!) directory:
43 ### Running Docker containers from docker-compose with EJBCA
44 Docker-compose uses a local image of certservice-api and make run-client uses a released image of certservice-client
45 Build certservice-api docker image locally before running docker compose command.
49 2. Start Cert Service with configured EJBCA
51 3. Run Cert Service Client
53 4. Stop Cert Service and EJBCA
57 ### Generating certificates via REST Api
61 * jq (for parseCertServiceResponse.sh script)
62 #### Initialization Request
63 1. Create Certificate Signing Request and Private Key
65 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/ir.key \
66 -out ./compose-resources/certs-from-curl/ir.csr \
67 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
68 -addext "subjectAltName = DNS:test.onap.org"
70 2. Send Initialization Request
72 curl -s https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
73 -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
74 --cert ./certs/cmpv2Issuer-cert.pem \
75 --key ./certs/cmpv2Issuer-key.pem \
76 --cacert ./certs/cacert.pem
78 to parse the response pipe the output to `parseCertserviceResponse.sh` script, providing prefix as argument
80 curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
81 -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
82 --cert ./certs/cmpv2Issuer-cert.pem \
83 --key ./certs/cmpv2Issuer-key.pem \
84 --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
88 1. Create Certificate Signing Request and Private Key - same as for Initialization Request.
89 When CSR data (like Subject and SANS) is unchanged, Key Update Request will be performed.
90 Otherwise Certification Request will be performed.
93 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/kur.key \
94 -out ./compose-resources/certs-from-curl/kur.csr \
95 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
96 -addext "subjectAltName = DNS:test.onap.org"
100 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/cr.key \
101 -out ./compose-resources/certs-from-curl/cr.csr \
102 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
103 -addext "subjectAltName = DNS:test.onap.org"
105 2. Send Update Request.
108 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
109 -H "CSR: $(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
110 -H "OLDPK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
111 -H "OLDCERT: $(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
112 --cert ./certs/cmpv2Issuer-cert.pem \
113 --key ./certs/cmpv2Issuer-key.pem \
114 --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
118 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
119 -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
120 -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
121 -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
122 --cert ./certs/cmpv2Issuer-cert.pem \
123 --key ./certs/cmpv2Issuer-key.pem \
124 --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
128 1. Perform Initialization Request:
130 make send-initialization-request
132 2. Perform Update Request:
134 make send-key-update-request
138 make send-certification-request
141 ### OOM CertService CSITs
144 https://gerrit.onap.org/r/admin/repos/integration/csit
147 ####How to run tests locally
148 1. Checkout CSIT repository
149 2. Configure CSIT local environment
150 3. Inside CSIT directory execute
152 sudo ./run-csit.sh plans/oom-platform-cert-service/certservice
156 https://jenkins.onap.org/view/CSIT/job/oom-platform-cert-service-master-csit-certservice/
160 https://sonarcloud.io/dashboard?id=onap_oom-platform-cert-service
164 All maven artifacts are deployed under nexus uri:
166 https://nexus.onap.org/content/repositories/snapshots/org/onap/oom/certservice/
170 All docker images are hosted under nexus3 uri:
172 https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.oom.certservice.oom-certservice-api/
175 ### How to release containers
177 https://github.com/lfit/releng-global-jjb/blob/master/docs/jjb/lf-release-jobs.rst