From 46c8e697d5d49fca58501ab9614d250d7520d8aa Mon Sep 17 00:00:00 2001
From: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Date: Wed, 7 Jul 2021 13:56:47 +0200
Subject: [PATCH] [OOM-CERT-SERVICE] Alignment of makefile

- Add more SANs to openssl request creation
- Add customization of CA destination

Issue-ID: OOM-2753
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I409a874983bdc7cda61195086549abc30259fb3c
---
 Makefile  | 14 ++++++++------
 README.md |  5 +++++
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 1a6569bd..56e0e935 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,8 @@ all: build start-backend run-client stop-backend
 start-with-client: start-backend run-client
 .PHONY: build
 
+CA_NAME=RA
+
 build:
 	@echo "##### Build Cert Service images locally #####"
 	mvn clean install -P docker
@@ -40,9 +42,9 @@ send-initialization-request:
 	openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/ir.key \
 	    -out `pwd`/compose-resources/certs-from-curl/ir.csr \
 	    -subj "/C=US/ST=California/L=San-Francisco/OU=ONAP/O=Linux-Foundation/CN=onap.org" \
-	    -addext "subjectAltName = DNS:test.onap.org"
+	    -addext "subjectAltName = DNS.1:test.onap.org,DNS.2:onap.org,IP.1:127.0.0.1,URI.1:ftp://test.org,email.1:test@onap.org"
 	@echo "##### Send Initialization Request #####"
-	curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+	curl -sN https://localhost:8443/v1/certificate/${CA_NAME} -H "PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
 	    -H "CSR: $$(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
 	    --cert `pwd`/certs/cmpv2Issuer-cert.pem \
 	    --key `pwd`/certs/cmpv2Issuer-key.pem \
@@ -53,9 +55,9 @@ send-key-update-request: verify-initialization-request-files-exist
 	openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/kur.key \
 	    -out `pwd`/compose-resources/certs-from-curl/kur.csr \
 	    -subj "/C=US/ST=California/L=San-Francisco/OU=ONAP/O=Linux-Foundation/CN=onap.org" \
-	    -addext "subjectAltName = DNS:test.onap.org"
+	    -addext "subjectAltName = DNS.1:test.onap.org,DNS.2:onap.org,IP.1:127.0.0.1,URI.1:ftp://test.org,email.1:test@onap.org"
 	@echo "##### Send Key Update Request #####"
-	curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
+	curl -sN https://localhost:8443/v1/certificate-update/${CA_NAME} -H "PK: $$(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
 	    -H "CSR: $$(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
 	    -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
 	    -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
@@ -68,9 +70,9 @@ send-certification-request: verify-initialization-request-files-exist
 	openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/cr.key \
 	    -out `pwd`/compose-resources/certs-from-curl/cr.csr \
 	    -subj "/C=US/ST=California/L=San-Francisco/OU=ONAP/O=Linux-Foundation/CN=new-onap.org" \
-	    -addext "subjectAltName = DNS:test.onap.org"
+	    -addext "subjectAltName = DNS.1:test.onap.org,DNS.2:onap.org,IP.1:127.0.0.1,URI.1:ftp://test.org,email.1:test@onap.org"
 	@echo "##### Send Certification Request #####"
-	curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
+	curl -sN https://localhost:8443/v1/certificate-update/${CA_NAME} -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
 	    -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
 	    -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
 	    -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
diff --git a/README.md b/README.md
index ddbdfff7..82654bf4 100644
--- a/README.md
+++ b/README.md
@@ -138,6 +138,11 @@ or:
 make send-certification-request
 ```
 
+To send request to custom CA use ```make <request> -e CA_NAME=<custom CA>``` e.g: 
+```
+make send-initialization-request -e CA_NAME=CUSTOM_CA
+```
+
 ### OOM CertService CSITs
 #### CSIT repository
 ```
-- 
2.16.6