X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fplatform%2Fcomponents%2Foom-cert-service%2FMakefile;h=ea0cb8aae450b3636f396492c9777d7473e35ac6;hb=5f4af0525aacf7a13efbbcefeab436b915abc4c8;hp=c15fdc7a5199013f18559c2bd38b781afcb134ea;hpb=f1a17688557b78ade3c25ce7a1a98693e5e8c43d;p=oom.git diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index c15fdc7a51..ea0cb8aae4 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -19,6 +19,10 @@ all: start_docker \ server_import_root_certificate \ server_convert_certificate_to_jks \ server_convert_certificate_to_p12 \ + convert_truststore_to_p12 \ + convert_truststore_to_pem \ + server_export_certificate_to_pem \ + server_export_key_to_pem \ clear_unused_files \ stop_docker @@ -30,9 +34,9 @@ start_docker: $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2)) $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2)) $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) - $(eval USER :=$(shell id -u)) + $(eval USERNAME :=$(shell id -u)) $(eval GROUP :=$(shell id -g)) - docker run --rm --name ${DOCKER_CONTAINER} --user "$(USER):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -46,7 +50,7 @@ clear_all: #Clear certificates clear_existing_certificates: @echo "Clear certificates" - ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem @echo "#####done#####" #Generate root private and public keys @@ -146,8 +150,34 @@ server_convert_certificate_to_p12: -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret @echo "#####done#####" +#Convert truststore(.jks) to PCKS12 format(.p12) +convert_truststore_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \ + -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Convert truststore(.p12) to PEM format(.pem) +convert_truststore_to_pem: + @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret + @echo "#####done#####" + +#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem) +server_export_certificate_to_pem: + @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem + @echo "#####done#####" + +#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem) +server_export_key_to_pem: + @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem + @echo "#####done#####" + + #Clear unused certificates clear_unused_files: @echo "Clear unused certificates" - ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12 @echo "#####done#####"