From 8f0b6f6e7a3a231558343b7dba0b06c0c1228527 Mon Sep 17 00:00:00 2001 From: Pawel Kasperkiewicz Date: Thu, 3 Sep 2020 10:56:30 +0200 Subject: [PATCH 1/1] [OOM] Automate certificate generation for CMPv2 Cert Service Add Makefiles to automatically and dynamically generate certificates, for CertService TLS communication. Makefiles are executed automatically during making project. Makefile uses docker container to generate certificates, because openssl and keytool is needed, so this solution was choosed to not add additional requirements for RKE Node. Certificates generated in docker container are mounted to resources directory. Removed hardcoded certificates as they are no longer needed. Issue-ID: OOM-2526 Signed-off-by: Pawel Change-Id: Ide350ee50a1d458d798ca655f7e83bac4096121c --- .../platform/components/oom-cert-service/Makefile | 148 +++++++++++++++++++++ .../resources/certServiceClient-keystore.jks | Bin 4066 -> 0 bytes .../resources/certServiceServer-keystore.jks | Bin 4109 -> 0 bytes .../resources/certServiceServer-keystore.p12 | Bin 4683 -> 0 bytes .../components/oom-cert-service/resources/root.crt | 33 ----- .../oom-cert-service/resources/truststore.jks | Bin 1730 -> 0 bytes 6 files changed, 148 insertions(+), 33 deletions(-) create mode 100644 kubernetes/platform/components/oom-cert-service/Makefile delete mode 100644 kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks delete mode 100644 kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks delete mode 100644 kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 delete mode 100644 kubernetes/platform/components/oom-cert-service/resources/root.crt delete mode 100644 kubernetes/platform/components/oom-cert-service/resources/truststore.jks diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile new file mode 100644 index 0000000000..c4723dfdd1 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -0,0 +1,148 @@ +CERTS_DIR = resources +CURRENT_DIR := ${CURDIR} +DOCKER_CONTAINER = generate-certs +DOCKER_EXEC = docker exec ${DOCKER_CONTAINER} + +all: start_docker \ + clear_all \ + root_generate_keys \ + root_create_certificate \ + root_self_sign_certificate \ + client_generate_keys \ + client_generate_csr \ + client_sign_certificate_by_root \ + client_import_root_certificate \ + client_convert_certificate_to_jks \ + server_generate_keys \ + server_generate_csr \ + server_sign_certificate_by_root \ + server_import_root_certificate \ + server_convert_certificate_to_jks \ + server_convert_certificate_to_p12 \ + clear_unused_files \ + stop_docker + +.PHONY: all + +# Starts docker container for generating certificates - deletes first, if already running +start_docker: + @make stop_docker + docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + +# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted +stop_docker: + docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true + +#Clear all files related to certificates +clear_all: + @make clear_existing_certificates + @make clear_unused_files + +#Clear certificates +clear_existing_certificates: + @echo "Clear certificates" + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "#####done#####" + +#Generate root private and public keys +root_generate_keys: + @echo "Generate root private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +root_create_certificate: + @echo "(Export public key as certificate)" + ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +root_self_sign_certificate: + @echo "(Self-signed root (import root certificate into truststore))" + ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +client_generate_keys: + @echo "Generate certService's client private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +client_generate_csr: + @echo "Generate certificate signing request for certService's client" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +client_sign_certificate_by_root: + @echo "Sign certService's client certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +client_import_root_certificate: + @echo "Import root certificate into intermediate" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService's client +client_convert_certificate_to_jks: + @echo "Import signed certificate into certService's client" + ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +server_generate_keys: + @echo "Generate certService private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +server_generate_csr: + @echo "Generate certificate signing request for certService" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +server_sign_certificate_by_root: + @echo "Sign certService certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +server_import_root_certificate: + @echo "Import root certificate into intermediate(server)" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService +server_convert_certificate_to_jks: + @echo "Import signed certificate into certService" + ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +server_convert_certificate_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +clear_unused_files: + @echo "Clear unused certificates" + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks deleted file mode 100644 index c089764466b3f513d229ab7629c681558752cc38..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4066 zcmc)LcQjmGy8!TMhG5h|f+2<^x*1*6L>V;%5hcnHMDIN!MvaKxTM{)&BFgAp)I`)E zx)^1&5E3oo%HH-|G$6ibKzdwxch(*`!GkWj^&66moFGWnqT-8R*G23ixRj-=C_O10G zCP!rY_0+nBHig}8LVd-UMs$1_Rk#I0`ABghbF*~xL?M)N`xm$;`fSD%;5Cx4`+4aL zyJEcAYj*?WWmyV`{WZ})>Ou^&HLpt=zie|74hpDri4=0rXbp&!55syP04LVwy~=#P zI<8edhm@cw47#LPdZ&9wsHXb$Vs6y&ChN>DCt0|KdQw|8PuK$`46Ov$&h_GG_<@6_ z1x3dyk;7~26N_vU`mlAnp~hQ_OLoP4;32;c#1#$Dlrz23A+8n(=GQ&T+OmX?= zqftHBbD4-rxb!I!-a&C7By$kXw~`j2OIzW@_H;6e zjpWjIlLUUU{C8&zO|N80jlJIb>B$4+IhGSsCL{O5MjUME^tAtoR$nFYs>epnRy&3}=^P8XNC_hfIFJ83%^hD#w(+NtO&%}ozA@h-@*CWzBQIl{27*RZTm<=dIDD!xcLFDO+K<|VK=l!l*;A? z5+J)N&7pVc_MYNGx^CcuuQL9ikk9~FX9847-s0;*gn8G*WLDw&cFdI3l25kuQPZ1v zuZ3^^lIh}pLagNx&bV8obVaw+DJdYlgEC(U->OPxrdC^e=R^*vbWeXW{KRmE=uw|&BsteK7bf%p=#nk z;?O@<8Z=R>u@6-d@*RQo9^Dx_iZw2jX`ctWV1Y0$)(?!c&jJnZfQIXoOt?`vF@v`z zG}ji`7G)Bos~6hk03EdUWcslnwt1s10jnal+~G`H?oQJN*Upk(UC5eAi`kVRkprI5 zt-^s(wakuyR`W^7*rG3M;RMvN#Vufu*j)Xr&y4XjH5&YEa_8|=zbsD0IF(sSIdV30 z;*_*u&vh%&s|M88od?IMg@OmgTEKeV&pr-5UV4ukvJHRqw`xYJ3})fdN?mMwJ{K=4 zaBO1IO(x($>i252GN^`#Mu)0X-0BkU_|nYT+%a{_7nqG7!Mti9j~$WHSC*|@Go)lN zsZ)8n5ae6tv+KS*Im=TbmB%BAnH^W0Yk{s2?fY7%G$cQiyZhYrilW1^ELx4_?a}Jx zCx2NuhD`Vda9pf?~Ru zC#R>;v~%|I6;N^Ua(;;Qv~zJr!%!3#OBD1F?K`)0(6lJ(ix5mt=HiTX6?Ad8MX@o# zgi$C-VF{F^n6Mbi_&h}aE&S&Wh65u1{*%sI2p9*X2B2_2au5y(1Z0Otu+6>E>oV@= zVics^Q=axAD$82Eu^Bs-OECGUdzjTDc6mY{m&It0XUHo&*Jh{(V=vS=LVf9A>^Wkj_a#w&Ma7LvbGB(dFJhbLS_|&<6H_{2- zu!YQX>H7-TOkA>Nt>hY*lDQP=7gGF4=w^W^FN~dJBNTd?IgBJ%||A2#i-WjxdNg5_Z3$)v4Q_Abt1&m3sv}QYQ z2Kb9t8-{>;@wY>yn|R`wy*qiyrWTzz9=NgSul1Z+f57Kie0+PD=WHAPE}x9>}ahoz7y<2bL*KQub!QBFbkQUy{tO zXwHTEtg-vU|5sV*(C?C3eD8^NMR^JIQRiF7F19(taDH(k!k}D6)F8g$=C^H{T!j+> zX+~6)6F+8pLU(mwO6R$vGT3?!X7+8VNRnatz4+}4W<}ICgm^OFT?ee6iKK9B!pp{= z5t)cq=jri~k|Wmz8&Jc{4FoJ0OFRn*g9rP1cpsgr99>lifis79^`6FRV-X)Slbx*# zol;_7BgW`lW5u6Uy5-l9Z~`*Hi7MAz$K?|Z z`QX}|32)hqPYayBR#qO5a-WjCOhov1d8tvcMesB;xoD1br_Uv~o;|zWZB?-M@jJ0G z3AP!UG@Es$LC*3%ttodTu}%++?OUB6kG-~Ozg8?xZOL^X@ZZ>xlwDpb0e z*1ZIjaqo2Fn*Uve%T8LMQj0S`ZbrXb=gv>$=;Gl%3~wCD2;sC}d|@g+tMUGh;HieBX z<8c*cpKtf?IW^K%^sQ4Z@DU`3$5K|NgM0&A38qP_Zz`gcS270G*T7Ag0yoO^?m7>r zbuMQ#SZ@*^C<%EmAv)~w;E%8T3F_hebCB9p1B65cQY=Z-tl=(T=hUg*X0Ajt|0E7 zl!dIsw1mgn?xV)cZO%n4h3{DjN3YCaceKtVOKDQjcPwgiF_9V)6pY4cca_TMrR*a< zB;*hE6H`{rjX1bc^&OEa89?2&Ia*mCH*?b%vbY~Hs8shS!=~Mi*ygsQMbCpp%2Z{$ znX{*{dEH%=>~O${#F@-N3r2a^%BPaUA9)?j+sgmq|2TO;C&#o=a>c|j zYgIc=&~Qr~1>T8k$IWL|Ehi9c;PNE?CXuo7@i%35Jq17frjZ$0c~G+pX$efuk`+VV zy}srTI%zh0D_@ndCke0(ph;=SP%|;#P*KP1IXLv z1cer_)Zp+9=`a$^>mSNibx;PEO741l5>#U5z0Y!WN$pj~ICYH_Ok&qJK+gx3`hJog zQ?+drn`z9Nmd}VHY*7j!Pv)mGboq;aPQ0jvXyOD|j5X3*(*+#pPy+?2HJTN$sfJ~R zg>!lnBzGGRWfK~C@@VMx`w=AEWgSw!iq1K&Lk|nx?xTOPM8r$J8P{sn9+?dlMR08w zn%op=>Erf5Pt-TjI+#|TM)j$Ylx*pYyXAkZ&da~YZ(!`dOr6o_v&F{%=3t0gm*i0j cG_!a{3-xRW6(atUka$5w`Bd9;oT{1qUn2g>YybcN diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks deleted file mode 100644 index e3882b13573c223ecd79f82b91bbdfb70e32c21e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4109 zcmc(hXEdB!+sCJ>Q6^*b5-k}K%;oIhU}%dySS`kBz&Dti5RzdD0n?f)Bg5e8jKe94j3#)gQ-& zk&;~mRHmwf0wduz_{=A>BkJ`EFz|+b!((?DS!`jO6Zt^Xrj&o9I-1Vm`>_+Ygf03> zw_Bf*ut;NjP4RPp^g7AsGgI}i7j zm`DWd>?)Y7{M8~LId`WPPVFPeMWp3uhkZZDa`HM%;}(oyzkoj;DI>PpgljyU3g#Xf zwR)Z-pyo$ym5i7qOs0|`sXETnW7^`VBHlT0Qrr2h>v3#n$hjoVffQ!2x}hv#!7z8+ zyIZzrXkA6j=f%$P>*~Jg4-XkZd{Ulj)n@0BYbJK`4~06Uq|6={MZj_|@cLuzowM)I zmM&!u$3yt9v1JlxFOPo((REDg>c^EsgP1lx6@U#p!V}C9xYt)xaIawyKGvYR#ZQleO~+>vmj)UTk}=PHs8}Y9on6kEG31>(Q>A` z>Fc;lPLl7n3_&V5=BX+WC$__$endj#AaaduuQ;$2XbH*RCC{sZe=jPT4*VQ<>D?)o zr1X68!2Oos5>?(?4}C~j@9f81GdY$xgu8#SC7;&+#Tx|N8u(pNKq4Y$`2ca8c zA}WCCY}cubED{9fbTy7l)_S|X;KNPHoY9nUst%@&=hV{FJoswJfyHo9y($=P{W3R? z;^ekEaixijvVt`*$rRJ4aymbiP;SIZ{;9_rV$EOR*J@#RG_;4v5UoS+4*oIw-cm!K zMH251=!D4mDO#0iP}92N+70;#WGkf)?)teTsm0v0QgiBK3)Yj(v*c)gGSWmMXA*pH z)M=wJ`Q+Hp<;3URHgy*ELT?b1xf@hf7B(h2$=g;2@#j0eazR(M(V1u7qY!(ii ztUc9|w=q?$+U13?KRWXLMN4!Xhef0^x&*yxd*?vvBao>o#)~Zz=DFrI0M(dpxjEt2 zed4e&np05Y@W=oe@2W+sDseGnFfbr~B)+Da(3=#np#y0rr=^=4{Y~eM^~>Ku^e@5Q zYf=~4%BYC*O1t5<8;ly?12)cHx=_!eCSWGP`MKalKW=7$cu(oc1{OCW>l zRN{!aGM0=;T`upU}#BSlDF?kmpy94>qA^Yup*`NNHop&%iD5{%r6ouTu3 zIFig>#3OoGfw~GVCpo*PBb7XY#UG%$`V6-WY^kE~*+}|bdhwFlTRCJ3PV-|_yO!DQ zs1~M&{@PGV+j~I^Qk`@~XF=@r^d72Q+G-915k;L3-jN8ZhVV=t)}e01#4aArPKMA; zxme^2H$qWmc}T|gDEYH{>I~tVQhlbjRaRLy;5C`P!ow73j_#oG7s1}jN?|Hr^jMvX zm(5~p_x*WAxwI8*Z(Bn6QmKoH9HL3*1RW{6$Kr zF~0~(;u42cC<2rmMF1V-fk8kJ2*Ovo{TM|-M0z`1CH#Z}2)uR)Odm8kij)X!03m{d z4D`@&6zocnz{%t>IIJDs-35z5)1qjug2ZqNJ&X&Vk~_x52J2yiM>C-4uHs~HY7MN5 z*CRe9yqC*Ej3*ZFf~G)`U!}<55N$0v9W)F@btS=Y61)q>l^^eJk7A{x5JaKG1;tR} zB7!19rk4`^H~G&^i~!{L`yyRB2$%q*y0jJ`8HfM`0q5EP+zZ1FZrv6=d#0 z)UI|$n}8^yVe?WLckM<8GmD7+*XGfRuHD|&JpT`zn78z`12v}fX={@{9-5zU24nN} zINyjf@cY;6K9 zZaGt7h5{kC7fD35R3s6ND!BKnuc)Rt#zLbT)$u{fP`>oSTbcL2R6%vu^JlN!OcX7P zie~s2@LE_@1OB5n#*k}8S5DaeH%$sBq0F#gDwVaM@*sC8Bsul2Q?RhwUA~qY z#CCX;%{on~K&f|>^|nlN#PHTU=tZ7nd0oL*I&u&g2mls5$w58IM6q1%Dhnlq7D7|D z4``CTfy{|<{J8t1{O(;YyUk$~&sF-;gfAd$C>FwhIX8h6hquAt9Pl2Vf7J&I972L3 zx_li31fbZi#&SaFQMAD{+<(mYm{`GHe$W?KYT>3o}N(=`6 z`w8^-ExfFAFyZo>Q6HP6jN5IUG^XYaT)eTww^kdFq!`&rb zyeouQY2D17VW+5iZ~NuGXVp|h8oug8p9!Bg* z_m}sg?aR0kUdfHP_ui^gMOC}-AHwQyZ#Lu>ui33I=*Jw+R(_3)n%pHzlB;Rcng2u& zg|n6GcAwZv^>uC)moA(Z%qcHp%RO8`;xJ*HjstS*t>a< zKf;?wGeS5W7vn5M=ha_d^sAtjGxNeR&NW{&DKeG0TY!!z=#Y}yhCA=h5U=S{y8ULegQ-tb>#CG$#GCHjd&A*jk3c{BvT+L@pA%ei z-IzpExoqgu1m(#&>S2JZ1=d{MI=Z2s5UllwWw4#m6R7S3f;|STKJvMknhG` zv$GmrxykMw#q5HdfX)Zq3!XC%#@$AR3&0|8KquMWD)l{+pY!iH1uQduMYZ(3(xY1H z{oF+NY7Rg6iq~`Ih6e}HhD;#X6@=_f{gU-8Eh#|TeZrKn-KC_p_%-wL&pb;CEzJw@ zGU`;cmUTnEa-_N#Ijw1$u0lCn!ZD&Nsc^J^J@uQF2|L%H`Zx}y4B&&c&oF5pH!F*H zl7#(u)SvD_V-`I)%-i;#i=HQo*Zx$*&RqmQt;|tbsF>6^tVZXmUA*6~@G$!2gh_Bb zt5+HJ>7e_UGhDj*-+bZ!MfcTZfCYZ#3s4mJvipyt_ZO^eNv%Q3{%I}Dx7AL6cu3fkH@-=wP2-!4aZlp6o4T~hXYm91I4 zYpK)%>2{<_N$ZM<%9C?`lTbRZnzUOZ?d#e;zZv4xG9x5dqeJ3C9G|RZlJ1C=Ap2um z?F0F{iK^>0j%g54V|0CgN__h@uK0LH&05?HHB#bdpjJW$VIiw#C284?Mh5C<7Wq^r zQBrEplfUbXT55dNynYYT8kmwLEyAIDbIlL*>#b#lOijjtIKbYYI<+Z7)y!&BNlp0x z7YzGIeCxPZ)0-CX5iwIllyf~h5XW{66k57kPpE53r+_Ly-&eG0Btqb;k#8KKsAri5 z!}l7KJ8Dh|YU-)V&$_zKaM(AUvh(z%h)0%DCS!mO3)`-x9EOnw4z&LdNh{*W diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 deleted file mode 100644 index ce9261146ce4ec3245c22010cee9e5bcb03146ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4683 zcmY+EbyO6Lw#5e+kfFOvS`ZjoJ{Y=&5`m$67-^IqT81H{rBhmD5NRZo?(XgsM5H7I zp7*Zz?p<%4b=KKypR>=OKQM|y4I2vwjG_SGf%qcSBQA-t9%1F9$WMSM@}FQ7`92th z8}$EHxNblcuG3%p<=?i&BmCbK5djujXMgcFuPw)u-&;I+I5lB_j=}9f_2PRQY zWv+0totAW_(_F*G0d(mCQNVtRZ0Nl@@SB{o{;12A&xw?g8($#VszUCY^1a% zf#fI?M}y7W-G(vYB#RqrqaumA_9i|mZ)IGDQk}O$3uW4)t0xB{Lc$V4Ym{To^I|%| z6?H|5wFfR!3=|Z8kMaYn>G5}6lyiYzf<+}pzvpmtN}J8_j!x)i#st_@$WWdONKK`u zPb3;FU3@VX2LxL$Q~BCdWUHT_Xq(&ybh3}$Uh|GZ`oG#)^O61PSkUI|a~Y$g19dL4 zU|)$7(lnkg&=%;PWj(2K0ND-qjZv=Ao|Q-cOe|A0(JaD*vsW+s7%heal;c*AsIU1sAV9EE4&-UpEo?&{tM(BT3D-9rA+ENT0>Jv{=0edDw4Elw? zYL>!u@6>3|hIn8U;A|4+mD-uZYV1KkWttP+r$^B)v823*0(cr*G&G+PVr8W&EKsF( ze^wN^kB?qbjEQqUiAd#nbT~MOL!qIRq+DPkC&$zQa7*qk;R8+K9=+85hD7pj%Cq;b z(N6;-%PREK3L=_(4XkDQbJ)T9$3wqpYcGu%%}c3=Cl7?=^1d@|f_^Y&qhZF74&1E0 z3*B`X&;U-X_$ACk!<|dWjv)K{FeZ%7+|~P(KU?~6AZS+ND$+#f!t>mk?N(w9#bPUK z)a~suz3ITzI9MnGGgxF~vl$1TuRkM zYX1!W^K?z2rO(}^8tF5Xrh8j4A8_pH1XZV<>ss^9XZIz+f~(24O#yJW zKEjgx-dO8h@6AP#bx~Hg9lc<`Qc!2gHl^~qt6-*AyUsJXSybpq;+qW|O0qVqxcc7q zG9OK3#VMZ^&8}_Y5hYCn)Zm|KGrt~AGo%+JQc`hO+4=UGDG?|P!4G8M>8NJGVfIh4 zoPygFGIlPt25kw(IdQk6cOyN^#U6U@ONnZcZ2o+sEhY6>h|kJDK{mm&=+UCmpxtiTyJ~Q zc=~VZzCjU@;n$o9H?PmEv5Q&6Bl3u`9fpXGq(ffXoDVHSJYTZE$PvhpP%dyB3`cG@ z#q%*QHpIAoYI|h8p)R9N;*naNi6?EtCe3f$(NV?Jm5zw({K*_S8riLWRr6By#g?J# z0zp6C2_(i%%Jq^=HB@h9l&5%Vcw5<}%HnyM1J9`<(;Xt>85-a4xfQ}LKGC5r@7*Q; z)JKShI=1 zqF-Oc8Gnw@U`s1-Wu!4DrAQf@wZFV{ADNMFY zEJ$5?znTHxlEb@5GCeBB)0<_s$}*OyarfG|J5qSEe-anjk+Fpjjx&6_3C;8}%vWY@ zs3+_zw%=$;7|-gL6=EG>Ge*0zyv`Ou>&zEsMS`=&Z;w5|yyS7jX7OHqam~}FL7Xm9 zGk5h?ELtViLb}i-^T7p`yjI&lY49)OX=kab?>Qi~Zwue!DvbSvtwupL#JkLog_k38 z@VWeY*PVJYjX}ND;WsvYnqF2WtWF8e`t3+=J^aZt*V{=UxIZWG*{+O8=)upoZDo(P z5uocOYF45iK|))s;^>Ibr0nvGyVt|VnK?<8OB8&ER#OS6tw`$6l9z9>T)CdXw=4hA zXiu(B!e!pJ>fKG!{-wV@8?t~Hph%HMM2K24rmXRvYGBC)T(A8ee-Z;6t{|n~$O*Ee zroM_SSyMNd%J(b%(hLcKfVL6vcKMQN%ll8=*!%tcvaQp6w}HuXN8R>YE-o=kUcZHC z{MsHU2Xk`LZMHI$$CZPhK2&ekclTv-1GIzYBI{zX z$yH{h3Dc9CN_cw&#Jfa;5Z`BS+kC^dr;b&Hd0DfRuCSG*mk5TO<&7j09Q5%&(0bCf zxAC;33CXjv-8HS{=Ojpn+7q^9{)R~aJ${s=*OcZ7)bn8D2>*o7jYvLn&0RGwX4_1D!r~+^ORd^*YQtNWe?9RQHHtP%&rtISi$@{q^?G|C7Owp+_GS0!E zT^11~l*|FiKL;d+14Wr@CCA8*x~++Zm9g9z;YLQWB8+lVYd_hz$4(YSPD7_zMOwf~ zn6Ken&bx=N-^xkcgWblNR08H$TK#UyHF3x1x)sPo>k89IVwZxdg@Pb1ZJMzMSmgNB%g*WVR-ETV>Fo*R4dqYGvU z7S7L*9PCHop4Vs`HJNKMSK<7=hA-vI|L9LV4Xx?=lo20x{E+jfwTNcJKX>Gio&Kef z#`?~AC4~HKoc;_b^(Zk*!%{bcpj=~wxq`I$12pc8#HWE0)5V&!oWi~Q+#)-OyQ{%o zJ|OiyJau{J;)ad=__gP#__!tuBa$Oi5xrodblNEcWivLfziR85DA=jfb*r#V{QN_) zUUTs0$Ohe#X>WCX`bDO&KnF#)=p{(96Fy-#$?owz$-1K$%NorJ7g;RVo#0t#_yD(3@G&jewYDha= z4DKjj*NcY^SRRKmQM_zgD zX}j!uu?;Dx``#wB&ep7{tDgka;D4rYhHzSS+CY6^?2*O4%uB9rmT}axN1zxypXuWiJoC?jZq%qPl^4` znCXqyjr@m-WjQG5Nnt6Im7xoFv(i>rxt>!2m2wHwOdKX7$xA#D!!R*ox<9}4kyt2QNya3-_I+-WcCox%<2v6gygKJzhSF9xzSGd_iG$;{PeT`399ceR4i&!0tI8I^2PVGom(^|L~Q`bJxqlE%%bM8WROKACW z&R|9cGRBb9rYaR6WGx<=!1}bQU}}Aq_;_m5RCZ~nmdunVVw$z#h30W-@aRLvBtMYI zUyk81@08o0bk8WyC*^kGkW00^tkgfhe3lR=74QVn5^%pEdxvyg* z&Gm1eT+Evq|4Gz^vK<{!IT?u1KB+rF%ia>`p)sOv&FxbCt)7muAK~j+KT#5+g}u&l zqa;0jpmz!LQ|AY}cU?72e#pj6BU)dWoD~reId^|4q({tJ7}x=Mp(DC;eaGC}_WSFb zA%X;3!o%D5M2uf4>E}0(O0BtulyyZT91l*?sY&2eRKxD`Pg9zUQcyOh3;7__$GxE}c>@`O4}s3>M(TigEsGGg;s`{UX>#0CtYt1UZsqfv)Q)HpwAOT0bLX zQBJw3+&vOxO0qjNmTfMv|7dwx^&wC3`B^$?;2H}Juc5}brANbOPYCsT_O{Q5JSirr zt59Li2JC~RMK;ep2b9uATNcO}3~-=xL4xC$`7xh(b~hq( zrsKN^)BedMBNki{DRXQKDa)@(;}>e!E)JR`Jz;`VCr__(OokiUp=%}66^_3P z>(Q&b&appu0@4{z1P-WWSq?55Wi#ykY@s#WtsU=L-1A0Wnr4|O_&}R0Cqy4%xMi?O zz0R{wshi_(AO_xSu0DD@y;u_S0+?W*SE({onVe7nIo4hwtW;X{US~P>8*$8+;_>kF zHKER8j?HA=L=&8_U6ZB}0sItNQO_XX%gc_~Z2@eerCWNT+=ur%1_+kc7np(EKfxz; zL|3vQs__Glp&6hlvBy!B+BIY_wfVd*8!;VqxuY}#3(sIfq--3+ulmeEYLUS669)j%yvTphE^t} zec`ED+Zx}L2;o&&x7zyqV|t-SFMAj`$bI{{3;mg-c!vZ?L$b71wDv)do_Z7JDZAel z8-;$0*`ZalTWj-A{c31B)rOlh%(4if1Ga{O8N z&Xu^wul#C#?+z;?;nvAA`E4;*-gc9~T#Vnl3CJ3%9_CnS-eW8J5i+S7sc?X&fjJY; zEF&^DNq=RO$fw1)C{JPzPg|ETaq34?KU8J6fMvmt!5}V?B{T79IS}^{{cTy%y9q! diff --git a/kubernetes/platform/components/oom-cert-service/resources/root.crt b/kubernetes/platform/components/oom-cert-service/resources/root.crt deleted file mode 100644 index 242e437f75..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/root.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFnjCCA4agAwIBAgIEHn8h9TANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV -UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ -MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE -AxMIb25hcC5vcmcwHhcNMjAwODI3MDg1MjQ3WhcNMzAwODI1MDg1MjQ3WjB3MQsw -CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy -YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B -UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCOQ8TArFljhDu9EXKqAppV/eslelFAGG1NhDnh3PI6jK7qKKSTIcUpKPiG -u9CagyNq4Y1dNt1LsP/KSDDkm6CGYW2z4E0Nm0ckcGc4izdoFDFhoXkrMoKvQxct -az3YD1AiEH7kIYqDp7S3LMP8FbAXlcV62J2AEPqWtbFGszi6Pj65InNnFTGT4Oon -E46egKcSWAhNR6vN29MO9/0wZHxwXWlcS2CKt6+2QKpfimHf48EJ0idntsKpj302 -i93jWGVNtORZbDddmVZG6XaVQkfRrJiivPQHvIXU5bWCsV7OQsrzbbsSscnqDuAr -5DjR1Jbm2394e3DkXZTnqLGKReaaz0roA7ybLSesU1Fu0ZjD5Zq6ZezpXEQvcxcd -wmq1A8ugeuRKhizeBO9YddjYTHWflHLBpiEyIwDCUsXfdNdS0nHQNKMDNbkC9512 -SLbG1N6iLGt85BriMLzJrlMP48feuheu3G/Mrit01yBzIgbqP30DcAIox5bgnJOY -knxPctNaGsBup76msBzk+aBeDU5N/zirEJYxTmC3okeISzcLFlqYUUSsEzlqh8SS -pNDK6ZbnX1khJJdUbCJGmgFS6N4RPXdxX12OCJDyjjCXcn7RXcZsYb3A+eF09+EM -l0Vp3P+Aj6+eSN+t1Ez0sjGfSv/I8q1zV/trYZBq/LZIznfBFwIDAQABozIwMDAd -BgNVHQ4EFgQUC0e3vObokYFDHM21OlRF4UO6L7EwDwYDVR0TAQH/BAUwAwEB/zAN -BgkqhkiG9w0BAQwFAAOCAgEAWLrsWPcRJb81ozx1O8lytX4aUagjYyWIDOst1mqI -VH+U5bHo7oReKdfFcy4Zen2bKh9DITGD7jweqTxAVx3scLq/3PE2HSG+6fNJ6wt7 -amrMZA6IdWqDWnaFMZQug3JTMH7s6v3rD7FU7awVc6lY+7TjR3qunU2m8F5GvATF -ag+VmMSLiaBBbbmQqd1JkvCzPXlwwN3rg2u81zMys1AIbgeOlE5ZmWppOQpi7UrZ -C8PTsRKzapgENlgxtsqVjsAMJI6OGk20bNcQKDn5fU6QwYLfnLPlkuRmFD8FeluI -jz+ROjzxdC7E/BA80uZctvEEvn2VnD01IlEm6HoC+71erT+zmvM4AGd7EJa6mklb -X+tGSkfzbIAR2gcn9sdNdhYA2hXXpQaeEp19bB8MAoSp5raCtbqZDQVHofJFY7gG -FW+yKLlqBTCTm1XOPriUwbP6gkpLlkeTxeIAx8QbucoFx11J7jAeXY7oTXfSQw3h -OR0/CHlG0BjVep6RNGA0k9cDNRyIdkxvA31rtgYCSbtepR5IhZyFhiN25Djxu/g9 -krspoxAS9ModBSiswjl4Q26eoYT4pnFXMfYbh5E4qNZNv0/S3YQ0HSTupls6M77J -KHMx17m8EWtdsv2KyUkFqu1Q1nGky7SjpFUsVlp65Q+au3ftKxUDIRWK6jgpRH1e -YIk= ------END CERTIFICATE----- diff --git a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks b/kubernetes/platform/components/oom-cert-service/resources/truststore.jks deleted file mode 100644 index 3d857e34afc76880df4aafe48bc2a77f922e29fe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1730 zcmV;z20i&Of(E_<0Ru3C26qMtDuzgg_YDCD0ic2gXas@=WH5pTU@(FPTm}g$hDe6@ z4FLxRpn?WXFoFh20s#Opf(Akc2`Yw2hW8Bt2LUiC1_~;MNQU7sBuhWINoRd`#MDteDcxg15Dm=JB6?VC{v z@rI1|RmQG%rc5(-|-brDe$d{L9!Jjx362}vX3wy9u;AIkgW zBTmo_HRAeoj=h~hR_w%RbNVwg63}KHc2rb(!?qLqr1-{wDc6Xggu#XDFTs?mjf5Y! zcaPM?ixNhocx}>O--N)Zk+?NCuomc@GYMLF!ABa@9c|Vt8s+w9s8Euhh|sSZ`NKJB z|AP|YWsDQk`^zrgu&_lb#ST9U1B*6AWBAtHcV^56#Y?eraVRH z_Fp>sV*p}AS7kvO%pT%%1{||)?tU!e!E9Kv2sXKV*v!>5CdNM4cIL(c?<`_I?52eg zTd3+8GlU4;S5%a+UvH;Raj4w%{%i9J47B8yvlI+*k-TkV1&>7G{VDyl&yNjJP<%Ua zi~b+$e>j1)idd)QE@a1XeKdlLK%COl$f%LFM|IFnaQasHS>)n+*Ak4>F;&#Zwl)Zq z)cb;7w!{M0%VkFCVLJ@(m2y!5MrMOG#{3Uhv>Umb+092K?asd@*u|gzbg{U2+mi-- zYv5Aq9aYndY#gNWJvtmve^da=IZFDpUM!0rb?qGAtxw*@z~#6a?lAZ@_X7>1w7xcDXfrgst0Ya~GX6~mVMKvngx&0`P-g(o zkBm;90~0#%&1UJVj##ihbia#NFGt*7580ML=Sh~b^w+EF&{Ij}VJ*F+V%VESdvo-5 zDwUeFy2~nL;jA9h5)z*OV`Bw|LBimFN#l58S^G%PRQZHbY&c=~)#k3;xwFaKSL{moQEymg zavN#R%xjrMYS!Q$0YUHBIm)J-YsqV!7xi7h4~qQiP}A#H`1{;J|9ky0n$XtgdRh2% zU&}O&RGK1*>FlLxy#EFdtIrtR*TSG6t2t|>vM+U0*Pcmw%`1iOyY+@fWVqG{1J)He2_5l$@) zosspOvkzUw8KAvpFPuQj;9WdX{R)^w`qa$y7c0_L6@kcC|2788`L3S0LnNzxmWGJ# zkXzO^J9I7LCc^8tgj9&ZHyuqqla(KXEnW7J)Ua}Q-Uu=rrT**zVBv&kmWTV+<6vWD zXiB&6le++(yTqTc;1Rq564fB_Euq-zFl!vWDMA>?0MT@;>hAYl-(h`k#MFN zvt{b&Qi*pjg=8+hsnrIai1xb^{yi2Ocv(?T7PIvO;mA-LQK-a7>r^2gZYNZP-54ljBYt<`L?+apA|%$I%PX8% zGx$r^%UZ6?^4gKRr;eG_e@Q@cc+pD08Mx@gTmDfl*;-q#bP_|=q^ftL$GeZ(;Pw7pG{K6v zAJ;$=*o<8CWYDF9W76&tkowPoD!g*zY{W_Ie$s(1)ZP%14cLJL69LbgB3Tbv-9uIE zPG-V7WNYmsmCA4Lgi z?4jCy!#({3Ixs#kAutIB1uG5%0vZJX1QdWpqU&EcSOyKw2+lm`0s*E{xm*MkV^9@J YL`-h#nr(9PbcEvuVd}su0s{etpml^!-~a#s -- 2.16.6