Code Review / oom / platform / cert-service.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[OOM-CERT-SERVICE] Add curl requests to Makefile
[oom/platform/cert-service.git] / README.md
1 # Cert service
2
3 ### General description
4
5 More information about the project and all its functionalities you can find under the wiki page: 
6     ```
7     https://wiki.onap.org/display/DW/OOM+Certification+Service
8     ``` 
9   
10 Project consists of four submodules:
11 1. oom-certservice-api
12 2. *deprecated (no longer built)* oom-certservice-client
13 3. oom-certservice-post-processor
14 4. oom-certservice-k8s-external-provider
15
16 Detailed information about submodules can be found in ```README.md``` in their directories.
17
18 ### Project building
19 ```
20 mvn clean package
21 ```
22
23 ### Install the packages into the local repository
24 ```
25 mvn clean install
26 ```     
27     
28 ### Building Docker images and install packages into local repository
29 ```
30 mvn clean install -P docker
31 or
32 make build
33 ```   
34
35 ### Generating certificates
36 There are example certificates already generated in certs/ directory.
37 In order to generate new certificates, first remove existing ones.
38 Then execute following command from certs(!) directory:
39 ```
40  make
41 ```
42
43 ### Running Docker containers from docker-compose with EJBCA
44 Docker-compose uses a local image of certservice-api and make run-client uses a released image of certservice-client
45 Build certservice-api docker image locally before running docker compose command.
46 ```
47 1. Build local images
48 make build
49 2. Start Cert Service with configured EJBCA
50 make start-backend
51 3. Run Cert Service Client
52 make run-client
53 4. Stop Cert Service and EJBCA
54 make stop-backend
55 ```
56
57 ### Generating certificates via REST Api
58 #### Requirements
59 * OpenSSL
60 * cURL
61 * jq (for parseCertServiceResponse.sh script)
62 #### Initialization Request
63 1. Create Certificate Signing Request and Private Key
64 ```
65 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/ir.key \
66             -out ./compose-resources/certs-from-curl/ir.csr \
67             -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
68             -addext "subjectAltName = DNS:test.onap.org"
69 ```
70 2. Send Initialization Request
71 ```
72 curl -s https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
73         -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
74         --cert ./certs/cmpv2Issuer-cert.pem \
75         --key ./certs/cmpv2Issuer-key.pem \
76         --cacert ./certs/cacert.pem
77 ```
78 to parse the response pipe the output to `parseCertserviceResponse.sh` script, providing prefix as argument
79 ```
80 curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
81         -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
82         --cert ./certs/cmpv2Issuer-cert.pem \
83         --key ./certs/cmpv2Issuer-key.pem \
84         --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
85 ```
86
87 #### Update Request
88 1. Create Certificate Signing Request and Private Key - same as for Initialization Request.
89 When CSR data (like Subject and SANS) is unchanged, Key Update Request will be performed.
90 Otherwise Certification Request will be performed. 
91 Example for KUR:
92 ```
93 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/kur.key \
94 -out ./compose-resources/certs-from-curl/kur.csr \
95 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
96 -addext "subjectAltName = DNS:test.onap.org"
97 ```
98 Example for CR:
99 ```
100 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/cr.key \
101 -out ./compose-resources/certs-from-curl/cr.csr \
102 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
103 -addext "subjectAltName = DNS:test.onap.org"
104 ```
105 2. Send Update Request.
106 Example for KUR:
107 ```
108 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
109             -H "CSR: $(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
110             -H "OLDPK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
111             -H "OLDCERT: $(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
112             --cert ./certs/cmpv2Issuer-cert.pem \
113             --key ./certs/cmpv2Issuer-key.pem \
114             --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
115 ```
116 Example CR:
117 ```
118 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
119             -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
120             -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
121             -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
122             --cert ./certs/cmpv2Issuer-cert.pem \
123             --key ./certs/cmpv2Issuer-key.pem \
124             --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
125 ```
126
127 #### Using makefile
128 1. Perform Initialization Request:
129 ```
130 make send-initialization-request
131 ```
132 2. Perform Update Request:
133 ```
134 make send-key-update-request
135 ```
136 or:
137 ```
138 make send-certification-request
139 ```
140
141 ### OOM CertService CSITs
142 #### CSIT repository
143 ```
144 https://gerrit.onap.org/r/admin/repos/integration/csit
145 ```
146
147 ####How to run tests locally
148 1. Checkout CSIT repository
149 2. Configure CSIT local environment
150 3. Inside CSIT directory execute
151 ```
152 sudo ./run-csit.sh plans/oom-platform-cert-service/certservice
153 ```
154
155 ####Jenkins build
156 https://jenkins.onap.org/view/CSIT/job/oom-platform-cert-service-master-csit-certservice/
157
158 ### Sonar results
159 ```     
160 https://sonarcloud.io/dashboard?id=onap_oom-platform-cert-service
161 ```
162     
163 ### Maven artifacts
164 All maven artifacts are deployed under nexus uri:
165 ```
166 https://nexus.onap.org/content/repositories/snapshots/org/onap/oom/certservice/
167 ```
168         
169 ### Docker artifacts
170 All docker images are hosted under nexus3 uri:
171 ```
172 https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.oom.certservice.oom-certservice-api/
173 ```
174
175 ### How to release containers
176 ```
177 https://github.com/lfit/releng-global-jjb/blob/master/docs/jjb/lf-release-jobs.rst
178 ```
"oom/platform/cert-service"