Makefile

   1 all: build start-backend run-client stop-backend
   2 start-with-client: start-backend run-client
   3 .PHONY: build
   4
   5 CA_NAME=RA
   6
   7 build:
   8         @echo "##### Build Cert Service images locally #####"
   9         mvn clean install -P docker
  10         @echo "##### DONE #####"
  11
  12 start-backend:
  13         @echo "##### Start Cert Service #####"
  14         docker-compose up -d
  15         @echo "## Configure ejbca ##"
  16         docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
  17         @echo "##### DONE #####"
  18
  19 run-client:
  20         @echo "##### Create Cert Service Client volume folder: `pwd`/compose-resources/client-volume/ #####"
  21         mkdir -p `pwd`/compose-resources/client-volume/
  22         @echo "##### Start Cert Service Client #####"
  23         docker run \
  24             --rm \
  25             --name oomcert-client \
  26             --env-file ./compose-resources/client-configuration.env \
  27             --network cert-service_certservice \
  28             --mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \
  29             --volume `pwd`/certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks \
  30             --volume `pwd`/certs/certServiceClient-keystore.jks:/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks \
  31             nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
  32
  33 stop-backend:
  34         @echo "##### Stop Cert Service #####"
  35         docker-compose down
  36         @echo "##### DONE #####"
  37
  38 send-initialization-request:
  39         @echo "##### Create folder for certificates from curl: `pwd`/compose-resources/certs-from-curl/ #####"
  40         mkdir -p `pwd`/compose-resources/certs-from-curl/
  41         @echo "##### Generate CSR and Key #####"
  42         openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/ir.key \
  43             -out `pwd`/compose-resources/certs-from-curl/ir.csr \
  44             -subj "/C=US/ST=California/L=San-Francisco/OU=ONAP/O=Linux-Foundation/CN=onap.org" \
  45             -addext "subjectAltName = DNS.1:test.onap.org,DNS.2:onap.org,IP.1:127.0.0.1,URI.1:ftp://test.org,email.1:test@onap.org"
  46         @echo "##### Send Initialization Request #####"
  47         curl -sN https://localhost:8443/v1/certificate/${CA_NAME} -H "PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
  48             -H "CSR: $$(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
  49             --cert `pwd`/certs/cmpv2Issuer-cert.pem \
  50             --key `pwd`/certs/cmpv2Issuer-key.pem \
  51             --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
  52
  53 send-key-update-request: verify-initialization-request-files-exist
  54         @echo "##### Generate CSR and Key #####"
  55         openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/kur.key \
  56             -out `pwd`/compose-resources/certs-from-curl/kur.csr \
  57             -subj "/C=US/ST=California/L=San-Francisco/OU=ONAP/O=Linux-Foundation/CN=onap.org" \
  58             -addext "subjectAltName = DNS.1:test.onap.org,DNS.2:onap.org,IP.1:127.0.0.1,URI.1:ftp://test.org,email.1:test@onap.org"
  59         @echo "##### Send Key Update Request #####"
  60         curl -sN https://localhost:8443/v1/certificate-update/${CA_NAME} -H "PK: $$(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
  61             -H "CSR: $$(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
  62             -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
  63             -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
  64             --cert `pwd`/certs/cmpv2Issuer-cert.pem \
  65             --key `pwd`/certs/cmpv2Issuer-key.pem \
  66             --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
  67
  68 send-certification-request: verify-initialization-request-files-exist
  69         @echo "##### Generate CSR and Key #####"
  70         openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/cr.key \
  71             -out `pwd`/compose-resources/certs-from-curl/cr.csr \
  72             -subj "/C=US/ST=California/L=San-Francisco/OU=ONAP/O=Linux-Foundation/CN=new-onap.org" \
  73             -addext "subjectAltName = DNS.1:test.onap.org,DNS.2:onap.org,IP.1:127.0.0.1,URI.1:ftp://test.org,email.1:test@onap.org"
  74         @echo "##### Send Certification Request #####"
  75         curl -sN https://localhost:8443/v1/certificate-update/${CA_NAME} -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
  76             -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
  77             -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
  78             -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
  79             --cert `pwd`/certs/cmpv2Issuer-cert.pem \
  80             --key `pwd`/certs/cmpv2Issuer-key.pem \
  81             --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
  82
  83 verify-initialization-request-files-exist:
  84   ifeq (,$(wildcard compose-resources/certs-from-curl/ir.key))
  85   ifeq (,$(wildcard compose-resources/certs-from-curl/ir-cert.pem))
  86                         $(error Execute send-initialization-request first)
  87   endif
  88   endif