-# Cert service client
+# Cert service client *(deprecated)*
+
+> Deprecated since Istanbul release in favor of Cert Manager certificates
+> (for more details see certServiceK8sExternalProvider submodule).
+
### Project building
```
mvn clean package
```
-### Building Docker image manually
-Go to the certServiceClient subfolder and execute following statement (1.0.0-SNAPSHOT is related to a current project.version parameter):
-```
-docker build --build-arg VERSION=1.0.0-SNAPSHOT -t onap/org.onap.aaf.certservice.aaf-certservice-client .
-```
### Install the package into the local repository
```
mvn clean install -P docker
```
-### Running Docker container local
+### Nexus container image
```
-docker run --name aaf-certservice-client onap/org.onap.aaf.certservice.aaf-certservice-client
+nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
```
-### Running Docker container from nexus
-```
-docker run --name aaf-certservice-client nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:1.0.0
-```
+### Running local client application as standalone docker container
+CertService API and client must be running in same network.
-### Running client as standalone docker container
-```
-AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
-DOCKER_ENV_FILE= <path to envfile>
-NETWORK_CERT_SERVICE= <docker network of cert service>
-
-docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE
+You need certificate and trust anchors (in JKS format) to connect to CertService API via HTTPS. Information how to generate truststore and keystore files you can find in CertService main README.
+
+To run CertService client as standalone docker container execute following steps:
+
+1. Create file ‘$PWD/client.env’ with environment variables as in example below:
```
-Sample Environment file:
-```aidl
#Client envs
-REQUEST_TIMEOUT=1000
-OUTPUT_PATH=/var/log
+REQUEST_URL=<URL to CertService API>
+REQUEST_TIMEOUT=10000
+OUTPUT_PATH=/var/certs
CA_NAME=RA
-#Csr config envs
+OUTPUT_TYPE=P12
+
+#CSR config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
ORGANIZATION_UNIT=ONAP
LOCATION=San-Francisco
STATE=California
COUNTRY=US
-SANS=example.com:example2.com
-```
+SANS=test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/
+
+#TLS config envs
+KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=<password to certServiceClient-keystore.jks>
+TRUSTSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-truststore.jks
+TRUSTSTORE_PASSWORD=<password to certServiceClient-truststore.jks>
+```
+2. Run docker container as in following example (API and client must be running in same network):
+```
+docker run \
+--rm \
+--name oomcert-client \
+--env-file <$PWD/client.env (same as in step1)> \
+--network <docker network of cert service> \
+--mount type=bind,src=<path to local host directory where certificate and trust anchor will be created>,dst=<OUTPUT_PATH (same as in step 1)> \
+--volume <local path to keystore in JKS format>:<KEYSTORE_PATH> \
+--volume <local path to truststore in JKS format>:<TRUSTSTORE_PATH> \
+nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
+```
+After successful creation of certifications, container exits with exit code 0.
### Logs locally
path:
```
-var/log/onap/aaf/certservice-client/certservice-client.log
+var/log/onap/oom/certservice-client/certservice-client.log
```
### Logs in Docker container
```
-docker logs aaf-certservice-client
+docker logs oom-certservice-client
```
###Exit codes
```
0 Success
1 Invalid client configuration
-2 Invalid CSR data
-3 Failed key pair generation
-4 Failed CSR generation
-5 API return unsuccessful response
-6 Problem with Http Client connection
-7 Failed PKCS12 conversion
-8 Failed Private Key to PEM Encoding
-```
\ No newline at end of file
+2 Invalid CSR configuration
+3 Fail in key pair generation
+4 Fail in CSR generation
+5 CertService HTTP unsuccessful response
+6 Internal HTTP Client connection problem
+7 Fail in PEM conversion
+8 Fail in Private Key to PEM Encoding
+9 Wrong TLS configuration
+10 File could not be created
+99 Application exited abnormally
Code Review / oom / platform / cert-service.git / blobdiff