More information about the project and all its functionalities you can find under the wiki page:
```
- https://wiki.onap.org/display/DW/AAF+Certification+Service
+ https://wiki.onap.org/display/DW/OOM+Certification+Service
```
-Project consists of two submodules:
-1. aaf-certservice-api
-2. aaf-certservice-client
+Project consists of four submodules:
+1. oom-certservice-api
+2. *deprecated (no longer built)* oom-certservice-client
+3. oom-certservice-post-processor
+4. oom-certservice-k8s-external-provider
Detailed information about submodules can be found in ```README.md``` in their directories.
```
### Running Docker containers from docker-compose with EJBCA
-Docker-compose uses a local image of certservice-api and make run-client uses a local image of certservice-client
-Build docker images locally before running docker compose command.
+Docker-compose uses a local image of certservice-api and make run-client uses a released image of certservice-client
+Build certservice-api docker image locally before running docker compose command.
```
1. Build local images
make build
make start-backend
3. Run Cert Service Client
make run-client
-3. Remove client container
-make stop-client
4. Stop Cert Service and EJBCA
make stop-backend
```
-### AAF CertService CSITs
+### Generating certificates via REST Api
+#### Requirements
+* OpenSSL
+* cURL
+* jq (for parseCertServiceResponse.sh script)
+#### Initialization Request
+1. Create Certificate Signing Request and Private Key
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/ir.key \
+ -out ./compose-resources/certs-from-curl/ir.csr \
+ -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+ -addext "subjectAltName = DNS:test.onap.org"
+```
+2. Send Initialization Request
+```
+curl -s https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+ -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+ --cert ./certs/cmpv2Issuer-cert.pem \
+ --key ./certs/cmpv2Issuer-key.pem \
+ --cacert ./certs/cacert.pem
+```
+to parse the response pipe the output to `parseCertserviceResponse.sh` script, providing prefix as argument
+```
+curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+ -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+ --cert ./certs/cmpv2Issuer-cert.pem \
+ --key ./certs/cmpv2Issuer-key.pem \
+ --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
+```
+
+#### Update Request
+1. Create Certificate Signing Request and Private Key - same as for Initialization Request.
+When CSR data (like Subject and SANS) is unchanged, Key Update Request will be performed.
+Otherwise Certification Request will be performed.
+Example for KUR:
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/kur.key \
+-out ./compose-resources/certs-from-curl/kur.csr \
+-subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+-addext "subjectAltName = DNS:test.onap.org"
+```
+Example for CR:
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/cr.key \
+-out ./compose-resources/certs-from-curl/cr.csr \
+-subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
+-addext "subjectAltName = DNS:test.onap.org"
+```
+2. Send Update Request.
+Example for KUR:
+```
+curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
+ -H "CSR: $(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
+ -H "OLDPK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+ -H "OLDCERT: $(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+ --cert ./certs/cmpv2Issuer-cert.pem \
+ --key ./certs/cmpv2Issuer-key.pem \
+ --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
+```
+Example CR:
+```
+curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
+ -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
+ -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+ -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+ --cert ./certs/cmpv2Issuer-cert.pem \
+ --key ./certs/cmpv2Issuer-key.pem \
+ --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
+```
+
+#### Using makefile
+1. Perform Initialization Request:
+```
+make send-initialization-request
+```
+2. Perform Update Request:
+```
+make send-key-update-request
+```
+or:
+```
+make send-certification-request
+```
+
+To send request to custom CA use ```make <request> -e CA_NAME=<custom CA>``` e.g:
+```
+make send-initialization-request -e CA_NAME=CUSTOM_CA
+```
+
+### OOM CertService CSITs
#### CSIT repository
```
https://gerrit.onap.org/r/admin/repos/integration/csit
2. Configure CSIT local environment
3. Inside CSIT directory execute
```
-sudo ./run-csit.sh plans/aaf/certservice
+sudo ./run-csit.sh plans/oom-platform-cert-service/certservice
```
####Jenkins build
-https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/
+https://jenkins.onap.org/view/CSIT/job/oom-platform-cert-service-master-csit-certservice/
### Sonar results
```
-https://sonarcloud.io/dashboard?id=onap_aaf-certservice
+https://sonarcloud.io/dashboard?id=onap_oom-platform-cert-service
```
### Maven artifacts
All maven artifacts are deployed under nexus uri:
```
-https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/
+https://nexus.onap.org/content/repositories/snapshots/org/onap/oom/certservice/
```
### Docker artifacts
All docker images are hosted under nexus3 uri:
```
-https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/
-```
\ No newline at end of file
+https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.oom.certservice.oom-certservice-api/
+```
+
+### How to release containers
+```
+https://github.com/lfit/releng-global-jjb/blob/master/docs/jjb/lf-release-jobs.rst
+```
Code Review / oom / platform / cert-service.git / blobdiff