From df9e827fa3ec1c7e32b5f5eb7a63a4c11f9da4a7 Mon Sep 17 00:00:00 2001
From: Instrumental <jcgmisc@stl.gathman.org>
Date: Thu, 5 Apr 2018 20:52:32 -0500
Subject: [PATCH] rm CADI Cass

Issue-ID: AAF-212
Change-Id: I72b1a5ff68ae0f9527b3d82c9a84a0660fe380ae
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
---
 auth/auth-cass/docker/dbash |  3 +++
 auth/auth-cmd/temp          |  0
 auth/docker/d.props         | 13 ++++++++++
 auth/docker/dclean.sh       | 14 +++++++++++
 auth/docker/dstop.sh        | 12 +++++++++
 conf/CA/newIntermediate.sh  | 60 +++++++++++++++++++++++++++++++++++++++++++++
 conf/CA/truststore.sh       |  2 ++
 7 files changed, 104 insertions(+)
 create mode 100644 auth/auth-cass/docker/dbash
 create mode 100644 auth/auth-cmd/temp
 create mode 100644 auth/docker/d.props
 create mode 100644 auth/docker/dclean.sh
 create mode 100644 auth/docker/dstop.sh
 create mode 100644 conf/CA/newIntermediate.sh
 create mode 100644 conf/CA/truststore.sh

diff --git a/auth/auth-cass/docker/dbash b/auth/auth-cass/docker/dbash
new file mode 100644
index 00000000..e10afcc0
--- /dev/null
+++ b/auth/auth-cass/docker/dbash
@@ -0,0 +1,3 @@
+#!/bin/bash dbash
+docker exec -it aaf_cass bash
+
diff --git a/auth/auth-cmd/temp b/auth/auth-cmd/temp
new file mode 100644
index 00000000..e69de29b
diff --git a/auth/docker/d.props b/auth/docker/d.props
new file mode 100644
index 00000000..90bc5511
--- /dev/null
+++ b/auth/docker/d.props
@@ -0,0 +1,13 @@
+# Variables for building Docker entities
+ORG=onap
+PROJECT=aaf
+DOCKER_REPOSITORY=nexus3.onap.org:10003
+VERSION=2.1.0-SNAPSHOT
+CONF_ROOT_DIR=/opt/app/osaaf
+
+# Local Env info
+HOSTNAME=meriadoc.mithril.sbc.com
+HOST_IP=172.17.0.3
+CASS_HOST="cass.aaf.osaaf.org:172.17.0.2"
+
+
diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
new file mode 100644
index 00000000..b14f0bcc
--- /dev/null
+++ b/auth/docker/dclean.sh
@@ -0,0 +1,14 @@
+#!/bin/bash dclean.sh
+. d.props
+
+if [ "$1" == "" ]; then
+  AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'`
+else
+  AAF_COMPONENTS=$1
+fi
+
+echo "Y" | docker container prune
+for AAF_COMPONENT in ${AAF_COMPONENTS}; do
+  docker image rm $DOCKER_REPOSITORY/$ORG/$PROJECT/aaf_$AAF_COMPONENT:${VERSION}
+done
+echo "Y" | docker image prune
diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh
new file mode 100644
index 00000000..78088423
--- /dev/null
+++ b/auth/docker/dstop.sh
@@ -0,0 +1,12 @@
+#!/bin/bash dstop.sh
+. d.props
+
+if [ "$1" == "" ]; then
+  AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'`
+else
+  AAF_COMPONENTS=$1
+fi
+
+for AAF_COMPONENT in ${AAF_COMPONENTS}; do
+  docker stop aaf_$AAF_COMPONENT
+done
diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh
new file mode 100644
index 00000000..88b524b9
--- /dev/null
+++ b/conf/CA/newIntermediate.sh
@@ -0,0 +1,60 @@
+#
+# Initialize an Intermediate CA Cert.  
+#
+  if [ -e intermediate.serial ]; then
+    ((SERIAL=`cat intermediate.serial` + 1))
+  else
+    SERIAL=1
+  fi
+  echo $SERIAL > intermediate.serial
+DIR=intermediate_$SERIAL
+
+mkdir -p $DIR/private $DIR/certs $DIR/newcerts
+chmod 700 $DIR/private
+chmod 755 $DIR/certs $DIR/newcerts
+touch $DIR/index.txt
+if [ ! -e $DIR/serial ]; then
+  echo '01' > $DIR/serial
+fi
+cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
+
+if [  "$1" == "" ]; then
+  CN=intermediateCA_$SERIAL
+else
+  CN=$1
+fi
+
+SUBJECT="/CN=$CN`cat subject.aaf`"
+echo $SUBJECT
+  echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
+  echo "Enter the PassPhrase for the Key for $CN: "
+  `stty -echo`
+  read PASSPHRASE
+  `stty echo`
+ 
+  # Create a regaular rsa encrypted key
+  openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
+	   -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
+	   -passout stdin  << EOF
+$PASSPHRASE
+EOF
+
+  chmod 400 $DIR/private/$CN.key 
+  openssl req -verify -text -noout -in $DIR/$CN.csr
+
+  # Sign it
+  openssl ca -config openssl.conf -extensions v3_intermediate_ca \
+     -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
+	-infiles $DIR/$CN.csr
+
+    openssl x509 -text -noout -in $DIR/certs/ca.crt
+
+
+     openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
+
+
+# Create a Signer p12 script
+echo openssl pkcs12 -export -name aaf_$DIR \
+               -in certs/ca.crt -inkey private/ca.key \
+               -out aaf_$DIR.p12 >> $DIR/signerP12.sh
+
diff --git a/conf/CA/truststore.sh b/conf/CA/truststore.sh
new file mode 100644
index 00000000..397f7e70
--- /dev/null
+++ b/conf/CA/truststore.sh
@@ -0,0 +1,2 @@
+echo "FYI, by convention, truststore passwords are 'changeit', but you may add something more sophisticated"
+openssl pkcs12 -export -name AAF_Root_CA -in certs/ca.crt -inkey private/ca.key -out truststore.p12
-- 
2.16.6