Change AAF Certservice CSITs to send requests via HTTPS

[integration/csit.git] / plans / aaf / certservice / setup.sh

diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh
index 76d9730..b23b719 100644 (file)
--- a/plans/aaf/certservice/setup.sh
+++ b/plans/aaf/certservice/setup.sh
@@ -35,6 +35,14 @@ pip uninstall -y docker-py
 pip uninstall -y docker
 pip install -U docker==2.7.0
 
+#reinstall pyopenssl library
+echo "Reinstall pyopenssl library."
+pip uninstall pyopenssl -y
+pip install pyopenssl==17.5.0
+
+#Disable proxy - for local run
+unset http_proxy https_proxy
+
 #export container name
 export ClientContainerName=CertServiceClient
 # ------------------------------------
@@ -63,15 +71,26 @@ echo "Use configuration from: $CONFIGURATION_PATH"
 export CONFIGURATION_PATH=${CONFIGURATION_PATH}
 export SCRIPTS_PATH=${SCRIPTS_PATH}
 
+#Generate keystores, truststores, certificates and keys
+mkdir -p ${WORKSPACE}/tests/aaf/certservice/assets/certs/
+make all -C ./certs/
+cp ${WORKSPACE}/plans/aaf/certservice/certs/root.crt ${WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
+echo "Generated keystores"
+openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
+echo "Generated server certificate"
+openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
+echo "Generated server key"
+
 docker-compose up -d
 
 AAFCERT_IP='none'
 # Wait container ready
 for i in {1..9}
 do
-   AAFCERT_IP=`get-instance-ip.sh aafcert`
-   RESP_CODE=$(curl -I -s -o /dev/null -w "%{http_code}"  http://${AAFCERT_IP}:8080/actuator/health)
-   if [[ "$RESP_CODE" == '200' ]]; then
+   AAFCERT_IP=`get-instance-ip.sh aafcert-service`
+   RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \
+   python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]')
+   if [[ "$RESP_CODE" == "UP" ]]; then
        echo 'AAF Cert Service is ready'
        export AAFCERT_IP=${AAFCERT_IP}
        docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh