Code Review / aaf / sshsm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 4455ce1)
Copy out encrypted private key selectively 55/61155/1
authorManjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Fri, 17 Aug 2018 23:19:18 +0000 (16:19 -0700)
committerManjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Fri, 17 Aug 2018 23:29:05 +0000 (16:29 -0700)
Only in the case where no tpm hosts are present, then encrypt
and copy out the private key

Change-Id: I34fbcf65e61c4e6803f594ffe1c527c9afd8f184
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
bin/distcenter/entrypoint.sh patch | blob | history

diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh
index 25cefd6..6aac3ca 100755 (executable)
--- a/bin/distcenter/entrypoint.sh
+++ b/bin/distcenter/entrypoint.sh
@@ -2,22 +2,27 @@
 set -e
 cd /distcenter
 /distcenter/bin/create_ca.sh
-cd /distcenter/ca
-cat /distcenter/passphrase/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \
-  --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
-  --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
-  --passphrase-fd 0 privkey.pem
-cp /distcenter/ca/privkey.pem.gpg /distcenter/data
-cp /distcenter/ca/ca.cert /distcenter/data
 
 cd /distcenter/data
-DLIST=`ls -d host_*`
-#Iterate over all hosts (host in k8s corresponds node)
-for DIR in $DLIST; do
-  echo $DIR
-  cp /distcenter/ca/ca.cert /distcenter/data/$DIR
-  cd /distcenter/data/$DIR
-  /dup/bin/ossl_tpm_duplicate -pemfile /distcenter/ca/privkey.pem  -parentPub \
-  /distcenter/data/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \
-  dupSymseed -dupEncKey dupEncKey
-done
+DCOUNT=$(ls -d host_*  2> /dev/null | wc -l)
+if [ "$DCOUNT" != "0" ]
+then
+  DLIST=`ls -d host_*`
+  #Iterate over all hosts (host in k8s corresponds node)
+  for DIR in $DLIST; do
+    echo $DIR
+    cp /distcenter/ca/ca.cert /distcenter/data/$DIR
+    cd /distcenter/data/$DIR
+    /dup/bin/ossl_tpm_duplicate -pemfile /distcenter/ca/privkey.pem  -parentPub \
+    /distcenter/data/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \
+    dupSymseed -dupEncKey dupEncKey
+  done
+else
+  cd /distcenter/ca
+  cat /distcenter/passphrase/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \
+    --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
+    --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
+    --passphrase-fd 0 privkey.pem
+  cp /distcenter/ca/privkey.pem.gpg /distcenter/data
+  cp /distcenter/ca/ca.cert /distcenter/data
+fi
A repository for softhsm modifications and hardware security plugin.