--- /dev/null
+
+Clone the sshsm repo using
+
+git clone https://gerrit.onap.org/r/aaf/sshsm
+
+cd ~/sshsm/test/func
+
+Run tests using:
+
+./test.sh <srk handle> <password>
+
+A return value of 0 is considered successful completion of all the tests
--- /dev/null
+name = localca
--- /dev/null
+##
+## org.osaaf.cm.ca.props
+## Properties to access Certifiate Authority
+##
+
+#Certman
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.pkcs11;0x2222;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw
+cm_ca.local.idDomains=org.osaaf
+cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
+cm_ca.local.perm_type=org.osaaf.aaf.ca
+
--- /dev/null
+csittestphrase
--- /dev/null
+csittestphrase
--- /dev/null
+csittestphrase
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Receives two arguments 1. srk_handle 2. password
+
+docker login -u docker -p docker nexus3.onap.org:10001
+docker pull nexus3.onap.org:10001/onap/aaf/distcenter
+docker pull nexus3.onap.org:10001/onap/aaf/abrmd
+docker pull nexus3.onap.org:10001/onap/aaf/testcaservice
+docker pull nexus3.onap.org:10001/onap/aaf/aaf_cm
+
+ABRMD_DATA="$(pwd)/data/abrmd"
+SEC_FOLDER="$(pwd)/data/abrmd/cred"
+
+DISTCENTER_DATA="$(pwd)/data/distcenter"
+DISTCENTER_SEC="$(pwd)/data/distcenter/data"
+
+CASERVICE_DATA="$(pwd)/data/caservice"
+WORKDIR="$(pwd)/"
+
+echo $1 > $ABRMD_DATA/cred/srk_handle.txt
+echo $2 > $ABRMD_DATA/cred/opass.txt
+
+cp $ABRMD_DATA/cred/opass.txt $CASERVICE_DATA/ipass.txt
+base64 $ABRMD_DATA/cred/opass.txt > $ABRMD_DATA/cred/opass
+base64 $ABRMD_DATA/cred/srk_handle.txt > $ABRMD_DATA/cred/srk_handle
+
+
+if [ -e /dev/tpm0 ]; then
+
+ echo "found tpm device"
+ #
+ # Running the abrmd container for tpm init
+ #
+ docker run --privileged -device=/dev/tpm0 -e ABRMD_DATA=/abrmd/data \
+ -e TPM_NODE_NAME=testnode \
+ -v $SEC_FOLDER:/abrmd/cred \
+ -v $ABRMD_DATA:/abrmd/data \
+ --entrypoint /abrmd/bin/initialize_tpm.sh \
+ --name tpm-init nexus3.onap.org:10001/onap/aaf/abrmd
+
+ sleep 1m
+ mkdir -p $DISTCENTER_DATA/host_testnode
+ ls $ABRMD_DATA/host_testnode/
+ cp $ABRMD_DATA/host_testnode/out_parent_public \
+ $DISTCENTER_DATA/host_testnode/
+
+ docker run -d --privileged -device=/dev/tpm0 \
+ -v /tmp/run/dbus:/var/run/dbus:rw \
+ --entrypoint /abrmd/bin/run_abrmd.sh \
+ --name abrmd nexus3.onap.org:10001/onap/aaf/abrmd
+
+ sleep 1m
+fi
+
+#
+# Running the distcenter container
+#
+docker run -v $DISTCENTER_DATA:/distcenter/data \
+ --name distcenter nexus3.onap.org:10001/onap/aaf/distcenter
+
+
+mkdir -p $CASERVICE_DATA/host_testnode
+if [ -f $DISTCENTER_DATA/privkey.pem.gpg ]; then
+ cp $DISTCENTER_DATA/privkey.pem.gpg $CASERVICE_DATA/host_testnode/
+ cp $DISTCENTER_DATA/ca.cert $CASERVICE_DATA/host_testnode/
+ cp $DISTCENTER_DATA/passphrase $CASERVICE_DATA/host_testnode/
+else
+ cp $DISTCENTER_DATA/host_testnode/* \
+ $CASERVICE_DATA/host_testnode
+ cp $SEC_FOLDER/srk_handle $CASERVICE_DATA/host_testnode/
+fi
+
+cp $CASERVICE_DATA/passphrase-ipass $CASERVICE_DATA/host_testnode/
+cp $CASERVICE_DATA/passphrase-pin $CASERVICE_DATA/host_testnode/
+cd $CASERVICE_DATA/
+cat passphrase-ipass | gpg --symmetric -z 9 --require-secmem \
+ --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
+ --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
+ --passphrase-fd 0 ipass.txt
+cat passphrase-pin | gpg --symmetric -z 9 --require-secmem \
+ --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
+ --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
+ --passphrase-fd 0 upin.txt
+cat passphrase-pin | gpg --symmetric -z 9 --require-secmem \
+ --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
+ --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
+ --passphrase-fd 0 sopin.txt
+cp $CASERVICE_DATA/*.gpg $CASERVICE_DATA/host_testnode/
+cp $ABRMD_DATA/cred/srk_handle.txt $CASERVICE_DATA/host_testnode/tpm-handle.txt
+cp $ABRMD_DATA/cred/opass $CASERVICE_DATA/host_testnode/prk_passwd
+sleep 1m
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+CASERVICE_DATA="$(pwd)/data/caservice"
+DISTCENTER_DATA="$(pwd)/data/distcenter"
+ABRMD_DATA="$(pwd)/data/abrmd"
+rm -rf $CASERVICE_DATA/host_testnode
+rm -rf $DISTCENTER_DATA/host_testnode
+rm -f $DISTCENTER_DATA/privkey.pem.gpg
+rm -f $DISTCENTER_DATA/ca.cert
+rm -rf $ABRMD_DATA/host_testnode
+rm -rf /tmp/run/dbus
+
+docker stop tpm-init abrmd distcenter testca aafca
+docker rm tpm-init abrmd distcenter testca aafca
+rm -f setup.log
+rm -f $CASERVICE_DATA/*.gpg
+rm -f $ABRMD_DATA/cred/opass*
+rm -f $ABRMD_DATA/cred/srk_handle*
+
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Receives two arguments 1. srk_handle 2. password
+
+#setup for testing
+./setup.sh $1 $2 >& setup.log
+
+#Run tests
+./testaafimport.sh
+if [ "$?" -ne 0 ]; then
+ exit 1
+fi
+./testcasign.sh
+if [ "$?" -ne 0 ]; then
+ exit 1
+fi
+
+#cleanup
+./teardown.sh >& /dev/null
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+CASERVICE_DATA="$(pwd)/data/caservice"
+
+echo -n "aaf_cm container ca key import: "
+docker run -v $CASERVICE_DATA/host_testnode:/tmp/files \
+ -v /tmp/run/dbus:/var/run/dbus:rw \
+ -v $CASERVICE_DATA/local:/opt/app/osaaf/local \
+ --entrypoint /sshsm/bin/import.sh \
+ --name aafca nexus3.onap.org:10001/onap/aaf/aaf_cm >& runaafca.log
+grep -q "swKeyImport success: 0x0 !" runaafca.log
+if [ "$?" -eq 0 ]; then
+ echo Success
+ rm -f runaafca.log
+else
+ grep -q "Created certificate:" runaafca.log
+ if [ "$?" -eq 0 ]; then
+ echo Success
+ rm -f runaafca.log
+ else
+ echo Failed
+ exit 1
+ fi
+fi
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+CASERVICE_DATA="$(pwd)/data/caservice"
+
+echo -n "testca container key import & sign: "
+docker run --workdir /testca/bin -e SECRETS_FOLDER=/caservice/data \
+ -e DATA_FOLDER=/caservice/data \
+ -v /tmp/run/dbus:/var/run/dbus:rw \
+ -v $CASERVICE_DATA/host_testnode:/caservice/data:rw \
+ --entrypoint /testca/bin/import.sh \
+ --name testca nexus3.onap.org:10001/onap/aaf/testcaservice \
+ >& runtestca.log
+grep -q "test.cert: OK" runtestca.log
+if [ "$?" -eq 0 ]; then
+ echo Success
+ rm -f runtestca.log
+else
+ echo Failed
+ exit 1
+fi
Code Review / aaf / sshsm.git / commitdiff