Code Review / aaf / sshsm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: deb3b36)
Key distribution center container 23/56423/5
authorManjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Fri, 13 Jul 2018 23:26:16 +0000 (16:26 -0700)
committerManjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Mon, 16 Jul 2018 23:19:23 +0000 (16:19 -0700)
This container generates the ca key and
certificate and encrypts it using SRK public
key and stores the generated files on host
folder shared with this container. The public
key is built into the image for sample
known target host.

Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Issue-ID: AAF-376

bin/distcenter/Dockerfile [new file with mode: 0644] patch | blob
bin/distcenter/README.md [new file with mode: 0644] patch | blob
bin/distcenter/create_ca.sh [new file with mode: 0755] patch | blob
bin/distcenter/entrypoint.sh [new file with mode: 0755] patch | blob

diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile
new file mode 100644 (file)
index 0000000..f79c7ef
--- /dev/null
+++ b/bin/distcenter/Dockerfile
@@ -0,0 +1,20 @@
+FROM rmannfv/aaf-base:openssl_1.1.0
+
+RUN git clone https://gerrit.onap.org/r/aaf/sshsm
+RUN cd sshsm && \
+  cd tpm-util && \
+  cd duplicate && \
+  make -f sampleMakefile
+
+RUN mkdir /createca
+COPY ./create_ca.sh /createca/
+RUN mkdir /dup
+RUN mkdir /dup/database
+RUN mkdir /dup/database/host_sample
+RUN mkdir /dup/bin
+
+RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin
+RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample
+
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md
new file mode 100644 (file)
index 0000000..973cbf9
--- /dev/null
+++ b/bin/distcenter/README.md
@@ -0,0 +1,17 @@
+Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now.
+
+Build the container using
+
+  docker build --no-cache -t dist-center .
+
+Run it mounting the volume
+
+ docker run -v /tmp/volume:/volume dist-center
+
+This will output the following files in /tmp/volume/host_sample
+
+  ca.cert
+  dupEncKey
+  dupPriv
+  dupPub
+  dupSymseed
diff --git a/bin/distcenter/create_ca.sh b/bin/distcenter/create_ca.sh
new file mode 100755 (executable)
index 0000000..0296408
--- /dev/null
+++ b/bin/distcenter/create_ca.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+CA_DIR=$PWD/ca
+mkdir $CA_DIR
+mkdir -p $PWD/certs
+cd $CA_DIR
+echo "000a" > serial
+touch certindex
+openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -out ca.cert -subj '/C=US/ST=CA/L=local/O=onap/CN=test.onap.ca'
diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh
new file mode 100755 (executable)
index 0000000..85cdf52
--- /dev/null
+++ b/bin/distcenter/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+cd /createca
+/createca/create_ca.sh
+cd /volume
+DLIST=`ls -d host_*`
+for DIR in $DLIST; do
+  echo $DIR
+  cp /createca/ca/ca.cert /volume/$DIR
+  cd /volume/$DIR
+  /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem  -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey
+done
A repository for softhsm modifications and hardware security plugin.