README.md

   1 # Cert service
   2
   3 ### General description
   4
   5 More information about the project and all its functionalities you can find under the wiki page:
   6     ```
   7     https://wiki.onap.org/display/DW/OOM+Certification+Service
   8     ```
   9
  10 Project consists of four submodules:
  11 1. oom-certservice-api
  12 2. *deprecated (no longer built)* oom-certservice-client
  13 3. oom-certservice-post-processor
  14 4. oom-certservice-k8s-external-provider
  15
  16 Detailed information about submodules can be found in ```README.md``` in their directories.
  17
  18 ### Project building
  19 ```
  20 mvn clean package
  21 ```
  22
  23 ### Install the packages into the local repository
  24 ```
  25 mvn clean install
  26 ```
  27
  28 ### Building Docker images and install packages into local repository
  29 ```
  30 mvn clean install -P docker
  31 or
  32 make build
  33 ```
  34
  35 ### Generating certificates
  36 There are example certificates already generated in certs/ directory.
  37 In order to generate new certificates, first remove existing ones.
  38 Then execute following command from certs(!) directory:
  39 ```
  40  make
  41 ```
  42
  43 ### Running Docker containers from docker-compose with EJBCA
  44 Docker-compose uses a local image of certservice-api and make run-client uses a released image of certservice-client
  45 Build certservice-api docker image locally before running docker compose command.
  46 ```
  47 1. Build local images
  48 make build
  49 2. Start Cert Service with configured EJBCA
  50 make start-backend
  51 3. Run Cert Service Client
  52 make run-client
  53 4. Stop Cert Service and EJBCA
  54 make stop-backend
  55 ```
  56
  57 ### Generating certificates via REST Api
  58 #### Requirements
  59 * OpenSSL
  60 * cURL
  61 * jq (for parseCertServiceResponse.sh script)
  62 #### Initialization Request
  63 1. Create Certificate Signing Request and Private Key
  64 ```
  65 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/ir.key \
  66             -out ./compose-resources/certs-from-curl/ir.csr \
  67             -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
  68             -addext "subjectAltName = DNS:test.onap.org"
  69 ```
  70 2. Send Initialization Request
  71 ```
  72 curl -s https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
  73         -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
  74         --cert ./certs/cmpv2Issuer-cert.pem \
  75         --key ./certs/cmpv2Issuer-key.pem \
  76         --cacert ./certs/cacert.pem
  77 ```
  78 to parse the response pipe the output to `parseCertserviceResponse.sh` script, providing prefix as argument
  79 ```
  80 curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
  81         -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
  82         --cert ./certs/cmpv2Issuer-cert.pem \
  83         --key ./certs/cmpv2Issuer-key.pem \
  84         --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
  85 ```
  86
  87 #### Update Request
  88 1. Create Certificate Signing Request and Private Key - same as for Initialization Request.
  89 When CSR data (like Subject and SANS) is unchanged, Key Update Request will be performed.
  90 Otherwise Certification Request will be performed.
  91 Example for KUR:
  92 ```
  93 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/kur.key \
  94 -out ./compose-resources/certs-from-curl/kur.csr \
  95 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
  96 -addext "subjectAltName = DNS:test.onap.org"
  97 ```
  98 Example for CR:
  99 ```
 100 openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/cr.key \
 101 -out ./compose-resources/certs-from-curl/cr.csr \
 102 -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
 103 -addext "subjectAltName = DNS:test.onap.org"
 104 ```
 105 2. Send Update Request.
 106 Example for KUR:
 107 ```
 108 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
 109             -H "CSR: $(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
 110             -H "OLDPK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
 111             -H "OLDCERT: $(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
 112             --cert ./certs/cmpv2Issuer-cert.pem \
 113             --key ./certs/cmpv2Issuer-key.pem \
 114             --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
 115 ```
 116 Example CR:
 117 ```
 118 curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
 119             -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
 120             -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
 121             -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
 122             --cert ./certs/cmpv2Issuer-cert.pem \
 123             --key ./certs/cmpv2Issuer-key.pem \
 124             --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
 125 ```
 126
 127 #### Using makefile
 128 1. Perform Initialization Request:
 129 ```
 130 make send-initialization-request
 131 ```
 132 2. Perform Update Request:
 133 ```
 134 make send-key-update-request
 135 ```
 136 or:
 137 ```
 138 make send-certification-request
 139 ```
 140
 141 To send request to custom CA use ```make <request> -e CA_NAME=<custom CA>``` e.g:
 142 ```
 143 make send-initialization-request -e CA_NAME=CUSTOM_CA
 144 ```
 145
 146 ### OOM CertService CSITs
 147 #### CSIT repository
 148 ```
 149 https://gerrit.onap.org/r/admin/repos/integration/csit
 150 ```
 151
 152 ####How to run tests locally
 153 1. Checkout CSIT repository
 154 2. Configure CSIT local environment
 155 3. Inside CSIT directory execute
 156 ```
 157 sudo ./run-csit.sh plans/oom-platform-cert-service/certservice
 158 ```
 159
 160 ####Jenkins build
 161 https://jenkins.onap.org/view/CSIT/job/oom-platform-cert-service-master-csit-certservice/
 162
 163 ### Sonar results
 164 ```
 165 https://sonarcloud.io/dashboard?id=onap_oom-platform-cert-service
 166 ```
 167
 168 ### Maven artifacts
 169 All maven artifacts are deployed under nexus uri:
 170 ```
 171 https://nexus.onap.org/content/repositories/snapshots/org/onap/oom/certservice/
 172 ```
 173
 174 ### Docker artifacts
 175 All docker images are hosted under nexus3 uri:
 176 ```
 177 https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.oom.certservice.oom-certservice-api/
 178 ```
 179
 180 ### How to release containers
 181 ```
 182 https://github.com/lfit/releng-global-jjb/blob/master/docs/jjb/lf-release-jobs.rst
 183 ```