From 452cf07374e1eba2220ca516e6ad690f7715b248 Mon Sep 17 00:00:00 2001 From: efiacor Date: Thu, 18 Mar 2021 12:37:58 +0000 Subject: [PATCH] [DMAAP-DR] Refactoring ssl csit suite Signed-off-by: efiacor Change-Id: I6eafd28c5a61fda42ddc61b2d40c4c8208f62670 Issue-ID: DMAAP-1571 --- plans/dmaap-datarouter/ssl-dr-suite/setup.sh | 95 +++------------------ plans/dmaap-datarouter/ssl-dr-suite/teardown.sh | 22 +++-- scripts/dmaap-datarouter/datarouter-launch.sh | 92 ++++++++++++++++++++ scripts/dmaap-datarouter/datarouterCA.crt | 39 --------- .../docker-compose/docker-compose.yml | 22 +++-- .../docker-compose/node.properties | 39 ++++----- .../docker-compose/provserver.properties | 40 ++++----- .../docker-compose/subscriber.properties | 35 ++++++++ .../dr_certs/dr_node/org.onap.dmaap-dr-node.p12 | Bin 0 -> 4596 bytes .../dr_certs/dr_node/org.onap.dmaap-dr.cred.props | 17 ++++ .../dr_certs/dr_node/truststore.jks | Bin 0 -> 3234 bytes .../dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 | Bin 0 -> 4596 bytes .../dr_certs/dr_prov/org.onap.dmaap-dr.cred.props | 17 ++++ .../dr_certs/dr_prov/truststore.jks | Bin 0 -> 3234 bytes scripts/dmaap-datarouter/remove_cert_from_ca.py | 51 ----------- .../dmaap-datarouter/robot_ssl/onap_ca_cert.pem | 40 +++++++++ scripts/dmaap-datarouter/robot_ssl/update_ca.py | 65 ++++++++++++++ scripts/dmaap-datarouter/update_ca.py | 33 ------- 18 files changed, 338 insertions(+), 269 deletions(-) create mode 100644 scripts/dmaap-datarouter/datarouter-launch.sh delete mode 100644 scripts/dmaap-datarouter/datarouterCA.crt rename {plans/dmaap-datarouter/ssl-dr-suite => scripts/dmaap-datarouter}/docker-compose/docker-compose.yml (75%) rename {plans/dmaap-datarouter/ssl-dr-suite => scripts/dmaap-datarouter}/docker-compose/node.properties (63%) rename {plans/dmaap-datarouter/ssl-dr-suite => scripts/dmaap-datarouter}/docker-compose/provserver.properties (60%) create mode 100644 scripts/dmaap-datarouter/docker-compose/subscriber.properties create mode 100644 scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 create mode 100644 scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props create mode 100644 scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks create mode 100755 scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 create mode 100644 scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props create mode 100644 scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks delete mode 100644 scripts/dmaap-datarouter/remove_cert_from_ca.py create mode 100644 scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem create mode 100644 scripts/dmaap-datarouter/robot_ssl/update_ca.py delete mode 100644 scripts/dmaap-datarouter/update_ca.py diff --git a/plans/dmaap-datarouter/ssl-dr-suite/setup.sh b/plans/dmaap-datarouter/ssl-dr-suite/setup.sh index e1f2cb46..53b4387c 100755 --- a/plans/dmaap-datarouter/ssl-dr-suite/setup.sh +++ b/plans/dmaap-datarouter/ssl-dr-suite/setup.sh @@ -1,8 +1,7 @@ #!/bin/bash -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,83 +15,11 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - - -source ${SCRIPTS}/common_functions.sh - -# Clone DMaaP Data Router repo -mkdir -p $WORKSPACE/archives/dmaapdr -cd $WORKSPACE/archives/dmaapdr - -git clone --depth 1 https://gerrit.onap.org/r/dmaap/datarouter -b master -cd datarouter -git pull -cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources -cp $WORKSPACE/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml . -cp $WORKSPACE/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties ./prov_data/provserver.properties -cp $WORKSPACE/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties ./node_data/node.properties - -# start DMaaP DR containers with docker compose and configuration from docker-compose.yml -docker login -u docker -p docker nexus3.onap.org:10001 -docker-compose up -d - -# Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb -for i in {1..10}; do - if [ $(docker inspect --format '{{ .State.Running }}' subscriber-node2) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' subscriber-node) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ] && \ - [ $(docker inspect --format '{{ .State.Running }}' mariadb) ] - then - echo "DR Service Running" - break - else - echo sleep $i - sleep $i - fi -done - -# Wait for healthy container datarouter-prov -for i in {1..10}; do - if [ "$(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)" = 'healthy' ] - then - echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) - echo "DR Service Running, datarouter-prov container is healthy" - break - else - echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) - echo sleep $i - sleep $i - if [ $i = 10 ] - then - echo datarouter-prov container is not in healthy state - the test is not made, teardown... - cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources - docker-compose rm -sf - exit 1 - fi - fi -done - -DR_PROV_IP=`get-instance-ip.sh datarouter-prov` -DR_NODE_IP=`get-instance-ip.sh datarouter-node` -DR_SUB_IP=`get-instance-ip.sh subscriber-node` -DR_SUB2_IP=`get-instance-ip.sh subscriber-node2` -DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov) - -echo DR_PROV_IP=${DR_PROV_IP} -echo DR_NODE_IP=${DR_NODE_IP} -echo DR_SUB_IP=${DR_SUB_IP} -echo DR_SUB2_IP=${DR_SUB2_IP} -echo DR_GATEWAY_IP=${DR_GATEWAY_IP} - -sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts -sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts - -python $WORKSPACE/scripts/dmaap-datarouter/update_ca.py - -docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP" - -#Pass any variables required by Robot test suites in ROBOT_VARIABLES -ROBOT_VARIABLES="-v DR_PROV_IP:${DR_PROV_IP} -v DR_NODE_IP:${DR_NODE_IP} -v DR_SUB_IP:${DR_SUB_IP} -v DR_SUB2_IP:${DR_SUB2_IP}" \ No newline at end of file +# ============LICENSE_END===================================================== + +source ${WORKSPACE}/scripts/dmaap-datarouter/datarouter-launch.sh +# Launch DR. If true is passed, 2 subscriber containers are also deployed, else false. +dmaap_dr_launch true +cd ${WORKSPACE}/scripts/dmaap-datarouter/robot_ssl +# Add the root CA to robot framework. This is then removed on teardown. +python -c 'import update_ca; update_ca.add_onap_ca_cert()' \ No newline at end of file diff --git a/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh b/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh index d8ec4dc9..7ffd1fe2 100755 --- a/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh +++ b/plans/dmaap-datarouter/ssl-dr-suite/teardown.sh @@ -1,8 +1,7 @@ #!/bin/bash -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,11 +15,18 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# +# ============LICENSE_END===================================================== -cd $WORKSPACE/archives/dmaapdr/datarouter/datarouter-docker-compose/src/main/resources +cd ${WORKSPACE}/archives/dmaap/dr +rm -rf last_run_logs/* +docker cp datarouter-prov:/opt/app/datartr/logs last_run_logs/prov_logs +docker cp datarouter-node:/opt/app/datartr/logs last_run_logs/node_event_logs +docker cp datarouter-node:/var/log/onap/datarouter last_run_logs/node_server_logs +docker cp subscriber-node:/var/log/onap/datarouter last_run_logs/sub1_logs +docker cp subscriber-node2:/var/log/onap/datarouter last_run_logs/sub2_logs +cd ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose sudo sed -i".bak" '/dmaap-dr-prov/d' /etc/hosts sudo sed -i".bak" '/dmaap-dr-node/d' /etc/hosts docker-compose rm -sf -python $WORKSPACE/scripts/dmaap-datarouter/remove_cert_from_ca.py +cd ${WORKSPACE}/scripts/dmaap-datarouter/robot_ssl +python -c 'import update_ca; update_ca.remove_onap_ca_cert()' diff --git a/scripts/dmaap-datarouter/datarouter-launch.sh b/scripts/dmaap-datarouter/datarouter-launch.sh new file mode 100644 index 00000000..0339e389 --- /dev/null +++ b/scripts/dmaap-datarouter/datarouter-launch.sh @@ -0,0 +1,92 @@ +#!/bin/bash +# +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# + +function dmaap_dr_launch() { + + subscribers_required=$1 + mkdir -p ${WORKSPACE}/archives/dmaap/dr/last_run_logs + cd ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose + + # start DMaaP DR containers with docker compose and configuration from docker-compose.yml + docker login -u docker -p docker nexus3.onap.org:10001 + if [[ ${subscribers_required} == true ]]; then + docker-compose up -d + else + docker-compose up -d datarouter-prov datarouter-node mariadb + fi + + # Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb + for i in 1 2 3 4 5 6 7 8 9 10; do + if [[ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ]] && \ + [[ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ]] && \ + [[ $(docker inspect --format '{{ .State.Running }}' mariadb) ]] + then + echo "DR Service Running" + break + else + echo sleep ${i} + sleep ${i} + fi + done + + # Wait for healthy container datarouter-prov + for i in 1 2 3 4 5 6 7 8 9 10; do + if [[ "$(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)" = 'healthy' ]] + then + echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) + echo "DR Service Running, datarouter-prov container is healthy" + break + else + echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov) + echo sleep ${i} + sleep ${i} + if [[ ${i} = 10 ]] + then + echo datarouter-prov container is not in healthy state - the test is not made, teardown... + docker-compose rm -sf + exit 1 + fi + fi + done + + DR_PROV_IP=`get-instance-ip.sh datarouter-prov` + DR_NODE_IP=`get-instance-ip.sh datarouter-node` + DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov) + echo DR_PROV_IP=${DR_PROV_IP} + echo DR_NODE_IP=${DR_NODE_IP} + echo DR_GATEWAY_IP=${DR_GATEWAY_IP} + if [[ ${subscribers_required} == true ]] + then + DR_SUB_IP=`get-instance-ip.sh subscriber-node` + DR_SUB2_IP=`get-instance-ip.sh subscriber-node2` + echo DR_SUB_IP=${DR_SUB_IP} + echo DR_SUB2_IP=${DR_SUB2_IP} + fi + + + sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts + sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts + + docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP" + + #Pass any variables required by Robot test suites in ROBOT_VARIABLES + ROBOT_VARIABLES="-v DR_PROV_IP:${DR_PROV_IP} -v DR_NODE_IP:${DR_NODE_IP} -v DR_SUB_IP:${DR_SUB_IP} -v DR_SUB2_IP:${DR_SUB2_IP}" +} \ No newline at end of file diff --git a/scripts/dmaap-datarouter/datarouterCA.crt b/scripts/dmaap-datarouter/datarouterCA.crt deleted file mode 100644 index a8a0ed84..00000000 --- a/scripts/dmaap-datarouter/datarouterCA.crt +++ /dev/null @@ -1,39 +0,0 @@ - -# Issuer: C=US,O=ONAP,OU=OSAAF -# Subject: C=US,O=ONAP,OU=OSAAF -# Label: "" -# Serial: 0x9EAEEDC0A7CEB59D -# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F -# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B -# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- \ No newline at end of file diff --git a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml similarity index 75% rename from plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml rename to scripts/dmaap-datarouter/docker-compose/docker-compose.yml index ed8a7c04..377e5514 100644 --- a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/docker-compose.yml +++ b/scripts/dmaap-datarouter/docker-compose/docker-compose.yml @@ -1,6 +1,6 @@ # # ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. +# Copyright (C) 2019-21 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,11 +29,12 @@ services: - "8443:8443" - "8080:8080" volumes: - - ./prov_data/provserver.properties:/opt/app/datartr/etc/provserver.properties - - ./prov_data/addSubscriber.txt:/opt/app/datartr/addSubscriber.txt - - ./prov_data/addFeed3.txt:/opt/app/datartr/addFeed3.txt + - ./provserver.properties:/opt/app/datartr/etc/provserver.properties + - ../dr_certs/dr_prov/truststore.jks:/opt/app/osaaf/local/truststore.jks + - ../dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12 + - ../dr_certs/dr_prov/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props depends_on: - mariadb_container: + mariadb: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"] @@ -53,7 +54,10 @@ services: - "9443:8443" - "9090:8080" volumes: - - ./node_data/node.properties:/opt/app/datartr/etc/node.properties + - ./node.properties:/opt/app/datartr/etc/node.properties + - ../dr_certs/dr_node/truststore.jks:/opt/app/osaaf/local/truststore.jks + - ../dr_certs/dr_node/org.onap.dmaap-dr-node.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12 + - ../dr_certs/dr_node/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props depends_on: datarouter-prov: condition: service_healthy @@ -69,7 +73,7 @@ services: ports: - "7070:7070" volumes: - - ./subscriber_data/subscriber.properties:/opt/app/subscriber/etc/subscriber.properties + - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties networks: testing_net: aliases: @@ -82,13 +86,13 @@ services: ports: - "7071:7070" volumes: - - ./subscriber_data/subscriber.properties:/opt/app/subscriber/etc/subscriber.properties + - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties networks: testing_net: aliases: - subscriber2.com - mariadb_container: + mariadb: image: mariadb:10.2.14 container_name: mariadb hostname: datarouter-mariadb diff --git a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties b/scripts/dmaap-datarouter/docker-compose/node.properties similarity index 63% rename from plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties rename to scripts/dmaap-datarouter/docker-compose/node.properties index 1d7a5d42..58639cfd 100644 --- a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/node.properties +++ b/scripts/dmaap-datarouter/docker-compose/node.properties @@ -1,25 +1,20 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== # # Configuration parameters set at startup for the DataRouter node # diff --git a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties b/scripts/dmaap-datarouter/docker-compose/provserver.properties similarity index 60% rename from plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties rename to scripts/dmaap-datarouter/docker-compose/provserver.properties index 3930bd09..b54868e2 100755 --- a/plans/dmaap-datarouter/ssl-dr-suite/docker-compose/provserver.properties +++ b/scripts/dmaap-datarouter/docker-compose/provserver.properties @@ -1,26 +1,20 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * Modifications Copyright (C) 2018 Nokia. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== #Jetty Server properties org.onap.dmaap.datarouter.provserver.http.port = 8080 diff --git a/scripts/dmaap-datarouter/docker-compose/subscriber.properties b/scripts/dmaap-datarouter/docker-compose/subscriber.properties new file mode 100644 index 00000000..311bbe56 --- /dev/null +++ b/scripts/dmaap-datarouter/docker-compose/subscriber.properties @@ -0,0 +1,35 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== + +#Subscriber properties +org.onap.dmaap.datarouter.subscriber.http.port = 7070 +org.onap.dmaap.datarouter.subscriber.https.port = 7443 +org.onap.dmaap.datarouter.subscriber.auth.user = LOGIN +org.onap.dmaap.datarouter.subscriber.auth.password = PASSWORD +org.onap.dmaap.datarouter.subscriber.delivery.dir = /opt/app/subscriber/delivery + +org.onap.dmaap.datarouter.subscriber.https.relaxation = true +org.onap.dmaap.datarouter.subscriber.keystore.type = jks +org.onap.dmaap.datarouter.subscriber.keymanager.password = changeit +org.onap.dmaap.datarouter.subscriber.keystore.path = /opt/app/datartr/self_signed/keystore.jks +org.onap.dmaap.datarouter.subscriber.keystore.password = changeit +org.onap.dmaap.datarouter.subscriber.truststore.path = /opt/app/datartr/self_signed/cacerts.jks +org.onap.dmaap.datarouter.subscriber.truststore.password = changeit + + + diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 new file mode 100644 index 0000000000000000000000000000000000000000..3793a9d45c8b2fe8bc3a156f89e3353af5501851 GIT binary patch literal 4596 zcmZWsbyO4%kY?#+S#V(iY3YU~mhNzAq!AHTx>E$D7ePQ=Is^oyLqNJqBvu+p>5@je z&w2B~P>=&`01gZVslx|yhpUF4g8>A9Y!svr7X``vJI;ck zhzb6s@Uu~%3m6J?f(^j>+xGrt05CdyqW{`J48Vtx;1a%OEo;6Qt@FdiCd3LxfjYc* zx#%*3(hjvfd=YeE;{&F}CpN&=FrGs)+WjRXUU?iaMi) zUFcq!=6>Hy*`2^&gp9RMxw;v{9gb(T`)x!}Wt)wWFm;UJ`Y=*kePdHF`|Kp(tH*BBBiX1#kdi; z#woYIf>8EUwXI2>sOo8p>85{HH0pGQ@ zO`{6x?zE3~N-;I;B?&kTIgWqMAmZ;{wO0TQ+;@65463izw}}i3>>s#2Jmq*rWOs~P zRc~q&=P5vXn71(5Mi%1mu45PuXT4H2WkuEu4{DGsTjod}B#WP(LflDaDr$IkXJ18k zf|jU=WbZSPFjcH6t-{6G6X_xiIRN-`6!z68(qmh-$G<&!_*_aH4J)DHtE`foNFS23 z1q@RSdTixFIWa;uxMN^Tg!#skSK|XCc}|D8EJGD5rRVvDURzlW8jSeiJ+EEA7W#Zr zN<0u`Tg5@=5FP&0wLM5KMoK)kDv`B7kL9{`^D>fzbLYEOM8{srxv3>~I`9~=fL-9q zOg2wyCtE5u{@c!2rnTCIY*Jl7v=vE^#tUn33UJtL@jubB2g$g@Rma`pNi0@v?Nn}8I`mHs{93$NJJWMpg341JMT-=d}oa2A!S z@`mE%IQ0kL%hf?+ub@)>MWcPB-yglYQIx=b(41;a#5m>S#OiR}pTpg)$U(Lf)5#p2VihtFGCgA*h(9W# zk^$`3q))d?3R=k28Rzg$133HU0tlZthGida#7GWcrNa?V#(djWiiXu63DwTUO;DC@ zUM3FNFRwK%u02%uV@ zt1GZ&XcW5h!DO?KPOD2YTU6yIt&V}Su`K)9OC%8Ge5=@4@wm|kc-Y#rIx3+r@s*Il z%e`_H7-ipwZJ+TQ+ZdxeYlsDsq@VPXuI$@j<^wfIZp^3pwGuiMF0Fl zymh)GY@HRNzx~)Eq_yYhRZmBWnX<{;XmZruJsjsMse;ttqUuUxN{R=(;yebIm23^~ z8~AQfHsKpiJ+nq=*z9VKz=VK_%4Tb_FPB@tfi(<|6nQOhjTYq@74QIc#N=5judQA`` zW_QPI{4JHDS@l+&*+2JNH$;_#f;>rCdTyqSI?snsJ+rTYdAZY5GxT*IQ5DC!R(=8Z z3=VHRv>Y)pM5DIOL{A>FtAjjGNxDu0d>}yHh;S zSSc{I>QGVxYlG27T}t9u1n<~9Cj1~mW_2zN5Dj|H{k5D$&v&Zj>q6ZLWvH7Qkyk;< z#^_clbUbZC+o)TO=8^0^Q{)Ij*>h0gJYovk*~Cf9?XC5xY!*ZQ5YTyhbR$u7qM)F4w$#ub%Dl9bl$ zxmPcvD1b6QSY^!8*QkfMPqwA@JC)x%)AapT*T&VZ0>ZuPYzf=(x7sUD5dhL8YNruo zO5cxG@A@SVZm-AYQHRp0S6xC|kR`r98MIqax#oVj1iF2pDQ}DL(HZe5O!FPWI4XRS zibHa~_Pb<|WSd5q>{0g)cpBc)>7;0; zA9^_>=Q14=oFC=*!=|j7e=0pe0VhcBSie4*3|<2Np0P0h zEQ@W^`}dhRa>#LJO0s&AmR@=pWz zR(*2xV$uWo;^LeUQ#u20%7>W?38}O6<-QNzMz219apIRE5@v~A-rtbcODmMuN9S5$ zT9EqXBtUtjpK(p$=3eA=h2RK*aek{SIHwKJAhKlj{K)Df`C5O-949M(vm^;JAk!yM zg~td?4KnwWD7>6>kw@RkGyIv7;5ju^NAFSQKqp=56+dLXVTis}qfHnxu+-h>>EAo@ zhE(l8kD{mxr{VB#UOB?sR-}O#8hh+J!z@|srLwoUdgG}X9Z42p*LV|uMqO)V%hh}`*Y+LU9kVL*d2#uZKSyg%^U0 z!VCC2e*HJS@j?In{u2SPvr)MFFcj|g|8WI4|G0umKh}+={o2%jTmdc$w=XO{QtE*y z)Yde6#vPO4FH&^dk44gt|7;+G8Y*t3=%c1Jx#0n*OOKCLY*=E+}ZDwxr1bn-_**Io00?tx-q&v zok}fL>r9~@>dwZ@b`x`5|O#W1Jz^RtV>P3QKlDOgM) zK=b#{YQYU+e4En?{l?jEu3VEF3U)^74UNaTiH6@a-MOR&JR_>(vljzn`&We;%AfZ` z2@OK?5t{*|mgn_GkpPdc5+L%dj_6O%Bjy$OcymW|I7svLB&5q8eN5bE!Ptwo-1OI5 z5n);E6KP3)QS2>0!lR!;hAhjf>l@GKGL@*r3#O>ZT}Tv;T8s8Au3_~u;S|@WzAB4E zeUK^7Ef{Xm;_uvH{@$3gm4?_Wh$(tibp;(MxXG{(IEytciS_>mLs~y{T-Y_tq8LZf zPPpI9&KT6^)&9siPtbnR@_CcH)KtpFWMe=PNkW+=Aw*><13?mO2e1;Rs=ikb*%xOI zZE!Ui|03|C`DAsw#*TvYiAm!GC&TP5|1`TZYXx14A&6RNg6nygbK>62zU}*LlT^MV zvtlRnyP!a{f99gc(j;llKznRv6)yBt(eWj^KgoX`=ON=YB~y$ttgV}@guOl0@<5z)UUL$b75pVh4CUvdTWmx6`NngRg8jca91 z>zr091?by|g^|WaVWp>sN!gev2y6g3XHqFnD&?>kXpZl*Fx&I9^-zI8`^ICj$?R8% ztC~Bzub6SS&jye*jhG^{`Nm3XQjMYD*XD^c2!;lCPkY}Fv|vKSUWc)T*++}~NV0~@ z3)u&o>4^)6t}zD5xv7}rc5TjX=JO}`m7g>SK*D}T^5gMAVWOwixB2O6Xd)r~FK(7jxG27LCJ`o4em(npve zA{#SJ3vPsLA?8q~Sc7*La5IcE1;x^!zV#$Yv7{OSDAMbX5WoHVG!Rz8(_hERzh||@ zUOVJe8d4pKr-Pu;(>n>C`!#Lntsl#wkRi6|koO{z!uin4<>3yAcNl=m5TwFs=m|ZO z@g32#vFWQM(|(opv#5hsA{oIZo~L@v{Jstn7Bsf zLK)W218UzA)W;Y5l<_r+bj5l}%7xoX8h}hukjkJd#8% zybg9ZlFMI@vs9z89%NyouDhE>ju{1C++<6tt;4(tc>O zb2p-Hp^=q8qIYK>lvzuw5vrPldVI0_Ve!00>Bjifh#vhsE0vcr&#;x$tt8J|p`2FJ zKa72@69rDa%5<-rs~C{*^+ShH!Iv{LUxf*~qPjFt@z|*YSP5 z9Zc(A5mZo~K^Dsz%LVJj-*Cs``-?sQR#z;yzsLql{{M0Oe;L>R)c%7!vFu=iFeVrf wACHFw2b%^D3l|z_BA`=seM2>9g65Fh$eW^-XBNXHv>0g2LWHUc{Bv~w1Ni}>ssI20 literal 0 HcmV?d00001 diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props new file mode 100644 index 00000000..e32e7282 --- /dev/null +++ b/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by root +# on 2021-03-12T11:38:49.244+0000 +# @copyright 2019, AT&T +############################################################ +Challenge=secret +cadi_alias=dmaap-dr-node@dmaap-dr.onap.org +cadi_key_password=secret +#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile +cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12 +cadi_keystore_password=secret +cadi_keystore_password_jks=secret +cadi_keystore_password_p12=secret +cadi_truststore=/opt/app/osaaf/local/truststore.jks +cadi_truststore_password=secret +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks b/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..91547c6062ddb5d9fdf4b3f6ce463b3b67707091 GIT binary patch literal 3234 zcmV;T3|;duf()Jl0Ru3C3|9sTDuzgg_YDCD0ic2mNCbimL@fYK=a=D>Ytet=@xvCD$7(p!PXv%zffg#{1x$&%Tu$OBAtKkb}M1B+! z9&-G#Ne7ld-jnBLnfDr)ZNh zM$=Y;Fck97O@-0Z2$wj6=U_*m_4sFdx}!!p0|%ITsN=2WwxKBa<7l*}eo5c_xc(p; z)g98z=80cI)h>NgWiL$) z#f>@I-8*={UzPILVGoo-ia)pF1EK+#CP>^|LKTo8y)G2?lGi;KHMW7ZcK!F z#X7ir3#KQs3f#?G=KK!KObDi*MNKa!S?gt51m^9{IM-y(w7G4hJ2Sx|N+!b(?-e7} zGaucWHpt^(AcFsw&JIUH(PFAvo%d)x90mwY?ZeAYVxMFk+5591ocL031fj^(95#KB zf%dS7rMtZ^pb^KJGn~p%Uh$Phy9<1e9s8-dkV-K3G<_E}%WQ=3vVP1luhO-q3LUF< zWiFJL()Oh)Rn_uZcoo*H75He97WYb@Lci;<@J`%!qhx@XI!>Ts;puWQaR$r!%(VR% zK%bJSh>=Yq9H1J07?(rQ1i+$%X5bv?FkOnn*WFQGl` z$zS!#ux|^=BgkgtlWL2CE3KF=jugo660Xaxm|X?Kr82pa(UFQJYhL@Er9G&g1_~2q zI}0=VFrP{KCrRR43|i9wcHsLPxR4a757j%maLl|rIE0Wclq5M0&D3+{jp{9$sZ9j> z>udt)MTPyzU)%6lpdg=lkV}TmUO)Mbd`E*n(KiH;XnQuGb3M!6T{jhiy;tZ>`c~l_ z!p$@r3a?raZByF#x&PeQtm#mMd1Z7dDvB89IXEi`HBhX+&7-1ntbnn&8hLlTE`tK9 z#wv7dHk>t1+g)We>RSbJu1PaPq}Fz5JRg)-%1`Va*@Qm-iOkGtvUs2>ktlsV)S9j8 zWxKFI)*^k2(M+kqx(4I79U%P1Ri{#L{ooMImHMYv)x*>V=34Mgg@7_Ak^1q4$*E^U zkHfzXcuMA`5&6o-2BfKZv9Wgg6s9BKb>Qzz&!5krJO2mnZW$8N%hrv?FVJp7a}bR3 zgp!$j4^_AVxQiM;12ro!)o#JXT~0*Nn~y|~t%>jbBSI=4@hX>rn>8rKc-Fz!95U7!D5?3zIgMHqbvYShW+&mm+D`Oc(YsETIp#yJ3|)>hbU^tvVLvze zfMol0mM<0F44Bp7P|+2Zd)AdSf$nu5RR;N@#NGnhdTrla7n^Q~+olz>+0Pb7yjEcO zB~GtpO1Vrc+++l=s&k;ttNIk*i*}x}FWeE{YGOU|20k2ZT0jkn5K}oIM)KVm!XOqEBZ9d!p zJ-6RA=ZW|^IpQ({?Rdgk2DmHg+@vitWB;2xxB9OC*X^o(#q_KwHGmLG2OAsY$k_l@ zA@><~=7F_00+5o@6TCuqPQ-w0S zg@3F39T}P2Fni*cjybhAg^;?S!6B7@Yy|O4R;j<>R%adkmKT#ruw!_z!#{1@Y9~)G zc(q@kPMV~#WdO|D={9tb|8p5x{jnFo_`=lt&H2B%+psaIuoQB{#GGgCoHSclM<}0bPBD1$S_DU&m=B@}6ni2p> zZ76kkgx|TH>s=omC3Iihu@ZMQe_BlLG|QF)2?gLQ-h;0_#$LMerc3|%SFqV}gin?) z{5gX7;u0Sw4{KQpX;rCYA@iI8Kv&@x(^$%L=Z96`LXOf7rfCHwnY&*dbgAe(Vr-4V zuGbaU&tA)TmpS2jp>`HN-SWr;@TrKS*D(kX&!1~#ywkmFpXxc--D(L!JIPimhRw6j z!f$5iyl*yn?8e2-9VA9*@Q&@6eIhxw#_is;af45VX+qiasxV!g`kc<5U|)mWFUKm) zw6p2z+e_Xaf#A`K@O~5XBEIQY<|F&GiM4MWBcSasR0jZr5LB zwyPe(evx~cxhFe`UWiwBM$W{zaoyNXHF04_Pp2+Z=paNOKa*{M*T5NnjTsCKzkSxP zB5RY(PC7(ZVg(Om$rnPtZmP1tuLQZmmlgtMb*eHk;LPgh=j^|}yrHR*quYxjkj8Ut z?DMVdhv^rQOdBYx@2kEF#bto~(YxVo=6jKHFmM}ivJbR?mNlRAn&KQ8$1K-7 zxD}1Wj%>x4*v2KT5r>%o=P_R4%0JV1J;;O=|&2LRP7%#u57gn+)mfhV{t%8umXi!Ja$O`k>HIi-kqRI!$vKR$h*k_k7|M z*UrKh{hQXgt~p}LW^0X9KVwUBS>i@QiKl%s_(bji3MaY_%;(A&;T2AG(kBdw{!v44 z3wp=rxjHkHvJ}nvdk}#mO&cS9ESmggu^1db`dB~@1_g+t)*t<^VLIIt@+vs*k|{xm z(ClG+MxKY8)*5lVb z@Z$VuxT=#b9N5lXfGi`ut@$h%$Q3)SAY^S%Nh*G5)w6-rKurXpC;WBtpBS-y7wmar z!N;oAA7O@25nF>PuMf5_wXG0bDccqcVGZr$?}!J$%35L0JDJDEC?DL*fOm@Fc&DiU z4v^eXHgmf`IQA1y#!&m6S0PX`5spsBmLnLJ*Af?E()uqnc_^)oInjlP;<|r0=A0BMTo*F22{WoRvlAf=2)t`=-H8?K|;B;JXWf|)1!oi9q zX19-;+OR|ciG?E60{62(xZ&TDMV2_`W=`-&V!7E%WReLkrj$gC50&1IACR_x$M4Sn?tb~7%{O6nCF~594pDDYn78uZ zI2)i}8(q@WQQD()xizllOx%?=;~`` zIN7jZGjV%uyvia;lFDM)XXYxjE3CV0k=CZ9@nF|nOcy%?gMJa|+v4*#LuXBG2g;wJ zoD{%R{4hQ+AutIB1uG5%0vZJX1Qh&>u3TFZ>Z-$_Ij8RQ9^U2Q*b{a($;s-G`dgvePJC-G4peghaq+l(v_)!1K&#xUs z=b_3e;*R3a{i!*b)$ue5tLmXrP2(g41~u|NwGCgL5)=ubq%nFa$5N;rdo~OrHxB`$ z?Rqj^;%S`WhxEMpOFbffZo$r__n8nZ5U8?wzXYpEmf23MADCrrDQsyfpL$|;ZlI5% z5B@P}RUyyMFYnq=Qh2_2FRsK9b1r%;V;Whjq!3qPB;@u9RkE6N6_fnp1 zMloFYWAW}7p3N~Mw-J1|6SHDt-vcja&I~(}pj8GfXjE`Nm*aVDZCYYsucdaWwy6l8 zkm$u2|4_yeloTiom}IU+^MzAS1;m~>`F0t##6S7S-3u5nzTd%~VnO^=!}7&L=oy52 z9->pTD5)>32T3{A@i9lH`7&Y&)sd@F4)GXFmby>vH#shzE`=|!41LZ<_GyBFGTr@^ zd-fk=TZw*W$~3Fz%r@>~He4v5x@8ZPyy{|aL5Fj|A!pv}6|^~U!EX_J077xS-wQXJ zws{_zb8crVBNu-6*h=t$aIzEnG=iG>UxZEe=$Vl}1BL4?Wh}E+q`L7+F;;*8aDkzW z?aQH@vHG;C*?Q0YBf@)ddpRpSkgonp&|moAJm(Y^~Hec{^k6Cn~7?`(RI9Q%+}y7oQ3NwLH!~*LzZ4ygyX< zG`kGOsi!%^%LPK47lzbzz@@s@$eQd*a2>muWPKN9T5-ilF8s_=O1xlTb7lAxg+Z!i zNQTy3wr69E69^2NnfuyquwQA@YWbO2i*%5%%U{y{+~-7>=|F+HZlu8_J#BlOR3bU1yu(J4 z4{g>33Bo5Ufe;624^smCmJ+{+f2SL1N)zdn_D5!`UUoE+b&{B(;>I1s^Kv`;_882Y zgzIPK%S28~$zNO}14dpw+y>1a&z-~{q$kxDi8rvD%q3?!W;5I7g+`1wd-5=s z0y~w|Jwu^^$r3MzD6SI4R zkj`;~=b?XUu!n(SF%B{jq-u6lC(W@*h19`~#TcaG{&f3m&s0u#=d4FR6$r+P6Uup{ zix!7*yYWSwcZ{` z0urujyVMO9?!)kDA%x|6Lzov+zi*BU;z9N9~6=S2==wzJw$FE%3X{~`k-3{JJmWEUZzg?-qR5J8Oiqa9vGeSnPb-Xx5^H| z;OswOjpjUb(4r-N_(4LGtSRA3WkqDTGUFyfYF%G@*yElXUz%SYKkIq?%hTgOeY7w0 z8YZ9_6ky!347;ZL)C%eJw4+s(*JO!cFjus3lBL4K9g|KS8xv1HSK$iBPb3nQ?ek_> zmuvLd*%(U0UsUGWpC&h~Pi}kh2v3zo8r2spY*VIRWi+4Uszi{O#KtM%5P9N3;|^oH zSwv{&k{DFF?`$gDQ{08QTy>TnA|e(^_61@CtWnxsdH05*`E^MX=dK2-AM@?!ubbh@ zZFILZy^fFc+1)L9PPC~>?Y!z82_&0(5rd1?-AXj z_Ny$*moU91Zs!v83`+YhcklQ5_*k}Z8nCzY~^>?wZg(t)Q>_STLb>L zNsN=|dCr?ptQS*&8UX_39=Hd?ks#nm{fHKUtnSFf6a9+h@U!k+tpbxS(`>P;vwG01 zO9!YFxGON2er43J>986As&!$|P4gjYD_(>tw_JESP{evDOJuJYjK(mV_p(8c! z^mhx>3?BU%EGIyy%5}~u3YkS$*ExiFsJb{)S9f(X1&t2Xt9RBmQOZQNx%336#W!%C zn4gQAF`9bMO3(ThCdt~>4tvz>&$%L1?HN)c!vcJry0I;lx0(YlJf6!KXpRf5*FtHR z)}+++D4ROw__t)!)&*sEsNbfM5n2BhF=Q@e_472UwiV9`N-qt#sAYQ3Q|aMZlhTS| zAA)`)?0fmiv6kZ9j8qEQhXR3VmBA+Ep5)eky9s#}z($Chub|iCC~05L&&4dp+w^DC zSW0>n)KU7(QWsz*3*P!(PeMt#$Xsbh!|Ox2_x%1(*z^(P#aj|KR;1b$x=WO`MpnPI z9n~wQ=s$R`4K2n!Yue*ndg}rGfCJ}`->609^)?=4zEG;fB4;(IE+Q)0;O`I)dVg2n zN^Yj-KlP(7KRMeMM<_%ZBMR-^-o-H>W1C6#uKKv%ph5>KhH^VVsRhj`|eH+GE zVvSg3Nios$nuqIR^lPu4IE4CoUT*33%Q(VIOLb6JRw>opaY(ZQskc$p#?(>GjxO}* zn4Ki_q0w47NUUw%5z}+s%~dk2Y8U4&;frKk!bmxT8eiegX5f}?kr-L>H$CZ|UO@G# zsPH#DF5O=s6&B@B>e7X)#=>V7XLnJf5@$Z`U#=+&R+`L9y`ib^jsegU#~6nDl1AePiB*xG>SJhlqbKLzhaqN`aVGIB#c zwkjw`yw_;#JO@gUuXU9FCTot(Ypx6{V7+9~^{dU7a~thSO^)0oA+1yFHpkt1hW0^3 zcg~hcj?Qr$Go)U1kCH<_NyoPhQ8(wCSvvCUtHhcpEIP}sD#^YP$F`c8G`~$JPY4$| z@>HS}k8VSq_R59rm|$MCekzjkpgs#UEPUq#R*eDDzNG2$NLq%#fbaj;!=DEOh5=x} zpuh0jzv+WR@Zax0J|@jQZ zIAO`{wvUVspUvumJ!Lc*16f*Ir@ij{LoQFnoS|->+~YFOU8lERRN_fP&0qIA>Qcu9 z+W>44&Kc)2EE~61qO?a#4}JTzKZuWAjwyq|OG;)u8%p8NP!&2==TDUJ&Ot|8>zV=) z%%1{oiKLVSiVL92L^Xv=$D0MMek8(HsoN8fRtKKX$quM~$>@NBFYi2*(q%#JNJ&Yb zhPz?)bT>Ic&(e1jV`97>sPGR17Xz_NLLtQ>bAfaEkaNsp6e=CDatccH$E!`rdsvxZ z94*rv5!Y^(an^|`xxKl>Z$AK>BmF+w2-9;^yB!u-Y;E@@3QZzn`UZFSV`b;g@6j!H zT_cUM-Gc&VE7{qX?jH*WY3c8mNQA1ykx=R1C4t#X1@ zGEJ6%5GuYyz$T}+3^#ahP@ZxP%fy6b$8Bk{j~nTGTa%Mf&6H+7a;h%An|M_5?CLM> zNJN=!3N~xCVcz`+mPX=}MNK3KNqcLcSSOesFPy_u79jS}{Mm1h&PLcZT&nF}@(^Bl z$3=l+iKfIMTK0dod%0Y+^2?C;*;;momTx<97||0>`}E;(7=K};`fJYT*CNh8Zbu0E z8%5sXFKqlyTw2w?_=4aGQfy1&szV;lXKJ`EaLHQPq1)#P*=T&qUfovd=yUoPbbdYE z^L@Juc_?Kqzt5=Xvc)-OMlv};ymm=9Mac}qglMwecQ`R(n6g`KRI<8QyYl9z3^Z8e zNS+4R%kbG8n+B2=0?EIrjn#I)%II(yE za#l+j?%^~Ju^BGw;7Tc`8m$TnaGuyr9^D+tYj_p*Q?M$)6I*D~xM_$xr=Gb>s2uM% zXRZn>=}DP>ZgMxHMKLxz$hd&XSl_K=hIZ;W{ zdxU!>w@Kn~ngaxNp~g$E+#O>-UE3y^a9P&gzU>xO_omWjWVU4(gV@JR??!u~45qEb zyExs<*O_5MN|8Fj8d^~EW*rxPhr$%akNL3>6Dp;%c1hX>E2d8$+48Y(JDD1k&F0HR z=R;W)zI^S${aP!>kNqvxvir*EbX&^L>Y6D^K`;)j|E7vHYuzkL83wkPzB_X}#L=); z)w1YrbkArs*<%h|80op}YYi~~g&!>DRS%H27xuD~rMH-^{$PbR_)NBQkoflL_?iDO zDO;_v4S!E1TwpQAr~jjFGhbsf%YlgF$1>w2&LMH@g>_trQe0dGuSfN~5GdGSO69eE zn|V&h71&s8pqgVNm*HKqZPTs2hy)#{mUA{Ee}4OAE?WpztAM;VTPr2-o3qvVqnzg zF~Av4)A-d|VXFt!jyi~p6(+hyrdX_@%f4OeP#&TW(aM>fYK=a=D>Ytet=@xvCD$7(p!PXv%zffg#{1x$&%Tu$OBAtKkb}M1B+! z9&-G#Ne7ld-jnBLnfDr)ZNh zM$=Y;Fck97O@-0Z2$wj6=U_*m_4sFdx}!!p0|%ITsN=2WwxKBa<7l*}eo5c_xc(p; z)g98z=80cI)h>NgWiL$) z#f>@I-8*={UzPILVGoo-ia)pF1EK+#CP>^|LKTo8y)G2?lGi;KHMW7ZcK!F z#X7ir3#KQs3f#?G=KK!KObDi*MNKa!S?gt51m^9{IM-y(w7G4hJ2Sx|N+!b(?-e7} zGaucWHpt^(AcFsw&JIUH(PFAvo%d)x90mwY?ZeAYVxMFk+5591ocL031fj^(95#KB zf%dS7rMtZ^pb^KJGn~p%Uh$Phy9<1e9s8-dkV-K3G<_E}%WQ=3vVP1luhO-q3LUF< zWiFJL()Oh)Rn_uZcoo*H75He97WYb@Lci;<@J`%!qhx@XI!>Ts;puWQaR$r!%(VR% zK%bJSh>=Yq9H1J07?(rQ1i+$%X5bv?FkOnn*WFQGl` z$zS!#ux|^=BgkgtlWL2CE3KF=jugo660Xaxm|X?Kr82pa(UFQJYhL@Er9G&g1_~2q zI}0=VFrP{KCrRR43|i9wcHsLPxR4a757j%maLl|rIE0Wclq5M0&D3+{jp{9$sZ9j> z>udt)MTPyzU)%6lpdg=lkV}TmUO)Mbd`E*n(KiH;XnQuGb3M!6T{jhiy;tZ>`c~l_ z!p$@r3a?raZByF#x&PeQtm#mMd1Z7dDvB89IXEi`HBhX+&7-1ntbnn&8hLlTE`tK9 z#wv7dHk>t1+g)We>RSbJu1PaPq}Fz5JRg)-%1`Va*@Qm-iOkGtvUs2>ktlsV)S9j8 zWxKFI)*^k2(M+kqx(4I79U%P1Ri{#L{ooMImHMYv)x*>V=34Mgg@7_Ak^1q4$*E^U zkHfzXcuMA`5&6o-2BfKZv9Wgg6s9BKb>Qzz&!5krJO2mnZW$8N%hrv?FVJp7a}bR3 zgp!$j4^_AVxQiM;12ro!)o#JXT~0*Nn~y|~t%>jbBSI=4@hX>rn>8rKc-Fz!95U7!D5?3zIgMHqbvYShW+&mm+D`Oc(YsETIp#yJ3|)>hbU^tvVLvze zfMol0mM<0F44Bp7P|+2Zd)AdSf$nu5RR;N@#NGnhdTrla7n^Q~+olz>+0Pb7yjEcO zB~GtpO1Vrc+++l=s&k;ttNIk*i*}x}FWeE{YGOU|20k2ZT0jkn5K}oIM)KVm!XOqEBZ9d!p zJ-6RA=ZW|^IpQ({?Rdgk2DmHg+@vitWB;2xxB9OC*X^o(#q_KwHGmLG2OAsY$k_l@ zA@><~=7F_00+5o@6TCuqPQ-w0S zg@3F39T}P2Fni*cjybhAg^;?S!6B7@Yy|O4R;j<>R%adkmKT#ruw!_z!#{1@Y9~)G zc(q@kPMV~#WdO|D={9tb|8p5x{jnFo_`=lt&H2B%+psaIuoQB{#GGgCoHSclM<}0bPBD1$S_DU&m=B@}6ni2p> zZ76kkgx|TH>s=omC3Iihu@ZMQe_BlLG|QF)2?gLQ-h;0_#$LMerc3|%SFqV}gin?) z{5gX7;u0Sw4{KQpX;rCYA@iI8Kv&@x(^$%L=Z96`LXOf7rfCHwnY&*dbgAe(Vr-4V zuGbaU&tA)TmpS2jp>`HN-SWr;@TrKS*D(kX&!1~#ywkmFpXxc--D(L!JIPimhRw6j z!f$5iyl*yn?8e2-9VA9*@Q&@6eIhxw#_is;af45VX+qiasxV!g`kc<5U|)mWFUKm) zw6p2z+e_Xaf#A`K@O~5XBEIQY<|F&GiM4MWBcSasR0jZr5LB zwyPe(evx~cxhFe`UWiwBM$W{zaoyNXHF04_Pp2+Z=paNOKa*{M*T5NnjTsCKzkSxP zB5RY(PC7(ZVg(Om$rnPtZmP1tuLQZmmlgtMb*eHk;LPgh=j^|}yrHR*quYxjkj8Ut z?DMVdhv^rQOdBYx@2kEF#bto~(YxVo=6jKHFmM}ivJbR?mNlRAn&KQ8$1K-7 zxD}1Wj%>x4*v2KT5r>%o=P_R4%0JV1J;;O=|&2LRP7%#u57gn+)mfhV{t%8umXi!Ja$O`k>HIi-kqRI!$vKR$h*k_k7|M z*UrKh{hQXgt~p}LW^0X9KVwUBS>i@QiKl%s_(bji3MaY_%;(A&;T2AG(kBdw{!v44 z3wp=rxjHkHvJ}nvdk}#mO&cS9ESmggu^1db`dB~@1_g+t)*t<^VLIIt@+vs*k|{xm z(ClG+MxKY8)*5lVb z@Z$VuxT=#b9N5lXfGi`ut@$h%$Q3)SAY^S%Nh*G5)w6-rKurXpC;WBtpBS-y7wmar z!N;oAA7O@25nF>PuMf5_wXG0bDccqcVGZr$?}!J$%35L0JDJDEC?DL*fOm@Fc&DiU z4v^eXHgmf`IQA1y#!&m6S0PX`5spsBmLnLJ*Af?E()uqnc_^)oInjlP;<|r0=A0BMTo*F22{WoRvlAf=2)t`=-H8?K|;B;JXWf|)1!oi9q zX19-;+OR|ciG?E60{62(xZ&TDMV2_`W=`-&V!7E%WReLkrj$gC50&1IACR_x$M4Sn?tb~7%{O6nCF~594pDDYn78uZ zI2)i}8(q@WQQD()xizllOx%?=;~`` zIN7jZGjV%uyvia;lFDM)XXYxjE3CV0k=CZ9@nF|nOcy%?gMJa|+v4*#LuXBG2g;wJ zoD{%R{4hQ+AutIB1uG5%0vZJX1Qh& 0: - outfile.seek(-1, os.SEEK_CUR) - char = outfile.read(1) - if char == b'\n': - count += 1 - if count == number_of_lines_to_delete: - outfile.truncate() - print("Removed " + str(number_of_lines_to_delete) + " lines from end of CA File") - exit(0) - outfile.seek(-1, os.SEEK_CUR) - else: - print("No DR cert in CA File to remove") - -if count < number_of_lines_to_delete + 1: - print("Number of lines in file less than number of lines to delete. Exiting...") - exit(1) diff --git a/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem b/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem new file mode 100644 index 00000000..1f9d08e5 --- /dev/null +++ b/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem @@ -0,0 +1,40 @@ + +# Issuer: C=US,O=ONAP,OU=OSAAF +# Subject: C=US,O=ONAP,OU=OSAAF +# Label: "" +# Serial: 0x9EAEEDC0A7CEB59D +# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F +# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B +# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA +-----BEGIN CERTIFICATE----- +MIIFczCCA1ugAwIBAgIUVl0TXS1NTKZy68+AFpfvCBbs3JwwDQYJKoZIhvcNAQEL +BQAwQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNVBAoM +BE9OQVAxDjAMBgNVBAsMBU9TQUFGMB4XDTIxMDMxNjE1MjA1MloXDTQxMDMxMTE1 +MjA1MlowQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNV +BAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA1NdArmwTe6C9NZnMAPP0uvy9IH/+Lc9dgO9+j6F+JqLDXn+O5vaj +6EMU5o60sGzymbMdwk26jiR7KYG8puZzI0EsjwELrLV5NYrUR1y7g+sbJWFUiB0X +SseifQD9bSG0YBX7J6bQEilh18+oWpXIygl8/VJuiuDhaYdakmwn9AxQRm/zRDcI +tMS49gq7ARpwMrZaZkQ5eL2R0eX4yj915fAgsvLNmfNTkkTCTBuGYAfixz2+uz8r +4xZqxXrln6CVe6pV5MOxxQsJq0QfSfNxKFqhVJTSj3STG8UDKDPIcTqVLS6v3/iY +WX43pHuqjfrGLy3HjPCIWphsx9EWq02bnLvwsnibRgfXjZNbdhePOZV8Xd+4MfHy +uyFRf5xHvQm3f3vLtCQ1rmHk/3wb2Mb1SbTGt6sL6Waqs/VnnPyTwhXJk6RnU991 +qAnqSCLzKNEPNnpSTQKU35NPbdCAw/z97K5Ar8JWH2XiM65dV0j0d/Ura0PXUXRN +Royi7rREJKBMFszwxqCCHZkH6/Fbs8vmBWC1gLQgDqK+IgU1/+ytUPOsMVqPcNjM +RrZyd8xCoxEyd+Ly6y2EF9RE6qS/rlW/yUh3AIBlpcsVxc+Kh1nvNRLLJzHvrvSs +wvd6LpWHVaffO02hp3suXDwOtLq91lAHLA48iDty/Js+jFjohZJ/+LsCAwEAAaNj +MGEwHQYDVR0OBBYEFMeiRem06VRh0sL0L5k9B5A01QAoMB8GA1UdIwQYMBaAFMei +Rem06VRh0sL0L5k9B5A01QAoMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBGdpwWyOIw7jBkEJbheeje8ccc51Z0SY/8 +oo/cYi9cI2SNtE4yt9SOZtXiWO1ga1PuFP5vNkPZu3MtqtsDt8CsSgYfgCKX1DH4 +RloTJJO73UKuMmnoqHNsuE6rHRrcoqcV8XJJ9uBz2cDVWfVDG5Pf92lB1cLQ5AGb +X7O7MKNHu4woFdbbI8f3TN6Qx5oAcrS1alLMuPJhIkwcHuiWdjJuORx2MK4K9gov +yRJceVyqMiTr7GGYFi/FQKIzIaHeKgQy+YGLfQ1GcbUmVItU4aQMfSM2RXb7wJ90 +XBFi0NjXZfMXVZ9kxqIki/s6NefrDAOFjHINUxGucXjEw1raewprErlsNt/8SUKT +EDSLe1YD558jzUaqVdWinL6gMRTyyHOwt/51mg4sn3i2WLdL1Hno4F7GUIbkBmi5 +VSDDWnXdpwaFWeqA8JAvy+JIh+Ju671U1HhB68lGRvNOgfZbvW3m8GGpXldR5krR +OYhwbxdU1rNYHH+DJ0KE4L1Y6es/571+UH7NFbvO6jAk9G/Fudel+SwhXVfFo0pi +mmXAwT2bmDEiYBzDNHFwyT3+OGKXiDXuMvMB9ic7p3Zk9X0mRtpubW1gfZvUqIqe +jaVeZdad0DX1yfjwi5zYT+ViI7pjXVYlgiBAnjMrEmWOpRcs793F5zBiyDjaUNFt +3arVcS9XgA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/scripts/dmaap-datarouter/robot_ssl/update_ca.py b/scripts/dmaap-datarouter/robot_ssl/update_ca.py new file mode 100644 index 00000000..d36f8acc --- /dev/null +++ b/scripts/dmaap-datarouter/robot_ssl/update_ca.py @@ -0,0 +1,65 @@ +# ============LICENSE_START=================================================== +# Copyright (C) 2019-2021 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END===================================================== + +import certifi +import os + + +def add_onap_ca_cert(): + cafile = certifi.where() + dir_path = os.path.dirname(os.path.realpath(__file__)) + datarouter_ca = dir_path + '/onap_ca_cert.pem' + with open(datarouter_ca, 'rb') as infile: + customca = infile.read() + + with open(cafile, 'ab') as outfile: + outfile.write(customca) + + print("Added DR Cert to CA") + + +def remove_onap_ca_cert(): + cafile = certifi.where() + number_of_lines_to_delete = 40 + count = 0 + dr_cert_exists = False + + with open(cafile, 'r+b', buffering=0) as outfile: + for line in outfile.readlines()[-36:-35]: + if '# Serial: 0x9EAEEDC0A7CEB59D'.encode() in line: + dr_cert_exists = True + if dr_cert_exists: + outfile.seek(0, os.SEEK_END) + end = outfile.tell() + while outfile.tell() > 0: + outfile.seek(-1, os.SEEK_CUR) + char = outfile.read(1) + if char == b'\n': + count += 1 + if count == number_of_lines_to_delete: + outfile.truncate() + print( + "Removed " + str(number_of_lines_to_delete) + " lines from end of CA File") + exit(0) + outfile.seek(-1, os.SEEK_CUR) + else: + print("No DR cert in CA File to remove") + + if count < number_of_lines_to_delete + 1: + print("Number of lines in file less than number of lines to delete. Exiting...") + exit(1) diff --git a/scripts/dmaap-datarouter/update_ca.py b/scripts/dmaap-datarouter/update_ca.py deleted file mode 100644 index 0d76e224..00000000 --- a/scripts/dmaap-datarouter/update_ca.py +++ /dev/null @@ -1,33 +0,0 @@ -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - -import certifi -import os - -cafile = certifi.where() -dir_path = os.path.dirname(os.path.realpath(__file__)) -datarouter_ca = dir_path + '/datarouterCA.crt' -with open(datarouter_ca, 'rb') as infile: - customca = infile.read() - -with open(cafile, 'ab') as outfile: - outfile.write(customca) - -print("Added DR Cert to CA") -- 2.16.6