Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[COMMON] Fix condition equality bashisms
[oom.git] / kubernetes / platform / components / oom-cert-service / Makefile
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index c4723df..ea0cb8a 100644 (file)
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -19,6 +19,10 @@ all: start_docker \
      server_import_root_certificate \
      server_convert_certificate_to_jks \
      server_convert_certificate_to_p12 \
+     convert_truststore_to_p12 \
+     convert_truststore_to_pem \
+     server_export_certificate_to_pem \
+     server_export_key_to_pem \
      clear_unused_files \
      stop_docker
 
@@ -27,7 +31,12 @@ all: start_docker \
 # Starts docker container for generating certificates - deletes first, if already running
 start_docker:
        @make stop_docker
-       docker run -d --rm --name ${DOCKER_CONTAINER}  --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+       $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+       $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+       $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+       $(eval USERNAME :=$(shell id -u))
+       $(eval GROUP :=$(shell id -g))
+       docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
 
 # Stops docker container for generating  certificates. 'true' is used to return 0 status code, if container is already deleted
 stop_docker:
@@ -41,7 +50,7 @@ clear_all:
 #Clear certificates
 clear_existing_certificates:
        @echo "Clear certificates"
-       ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+       ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
        @echo "#####done#####"
 
 #Generate root private and public keys
@@ -89,7 +98,7 @@ client_sign_certificate_by_root:
 #Import root certificate into client
 client_import_root_certificate:
        @echo "Import root certificate into intermediate"
-       ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+       ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
        @echo "####done####"
 
 #Import signed certificate into certService's client
@@ -124,7 +133,7 @@ server_sign_certificate_by_root:
 #Import root certificate into server
 server_import_root_certificate:
        @echo "Import root certificate into intermediate(server)"
-       ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+       ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
        @echo "####done####"
 
 #Import signed certificate into certService
@@ -141,8 +150,34 @@ server_convert_certificate_to_p12:
         -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
        @echo "#####done#####"
 
+#Convert truststore(.jks) to PCKS12 format(.p12)
+convert_truststore_to_p12:
+       @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+       ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
+        -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
+       @echo "#####done#####"
+
+#Convert truststore(.p12) to PEM format(.pem)
+convert_truststore_to_pem:
+       @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
+       ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
+       @echo "#####done#####"
+
+#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_certificate_to_pem:
+       @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
+       ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
+       @echo "#####done#####"
+
+#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_key_to_pem:
+       @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
+       ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
+       @echo "#####done#####"
+
+
 #Clear unused certificates
 clear_unused_files:
        @echo "Clear unused certificates"
-       ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt  certServiceServer.csr
+       ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt  certServiceServer.csr truststore.p12
        @echo "#####done#####"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).