[OOM-CERT-SERVICE] Add curl requests to Makefile

author Remigiusz Janeczek <remigiusz.janeczek@nokia.com>

Wed, 16 Jun 2021 17:16:30 +0000 (19:16 +0200)

committer Remigiusz Janeczek <remigiusz.janeczek@nokia.com>

Wed, 30 Jun 2021 06:49:34 +0000 (06:49 +0000)
author Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Wed, 16 Jun 2021 17:16:30 +0000 (19:16 +0200)
committer Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Wed, 30 Jun 2021 06:49:34 +0000 (06:49 +0000)
diff --git a/.gitignore b/.gitignore

index 8a3ca16..452eeeb 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ target/
  !**/src/test/**
  **/var
  compose-resources/client-volume
+compose-resources/certs-from-curl
  
  ### STS ###
  .apt_generated
diff --git a/Makefile b/Makefile

index d48fd99..5827199 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -32,3 +32,55 @@ stop-backend:
         @echo "##### Stop Cert Service #####"
         docker-compose down
         @echo "##### DONE #####"
+
+send-initialization-request:
+       @echo "##### Create folder for certificates from curl: `pwd`/compose-resources/certs-from-curl/ #####"
+       mkdir -p `pwd`/compose-resources/certs-from-curl/
+       @echo "##### Generate CSR and Key #####"
+       openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/ir.key \
+           -out `pwd`/compose-resources/certs-from-curl/ir.csr \
+           -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+           -addext "subjectAltName = DNS:test.onap.org"
+       @echo "##### Send Initialization Request #####"
+       curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+           -H "CSR: $$(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+           --cert `pwd`/certs/cmpv2Issuer-cert.pem \
+           --key `pwd`/certs/cmpv2Issuer-key.pem \
+           --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
+
+send-key-update-request: verify-initialization-request-files-exist
+       @echo "##### Generate CSR and Key #####"
+       openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/kur.key \
+           -out `pwd`/compose-resources/certs-from-curl/kur.csr \
+           -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+           -addext "subjectAltName = DNS:test.onap.org"
+       @echo "##### Send Key Update Request #####"
+       curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
+           -H "CSR: $$(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
+           -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+           -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+           --cert `pwd`/certs/cmpv2Issuer-cert.pem \
+           --key `pwd`/certs/cmpv2Issuer-key.pem \
+           --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
+
+send-certification-request: verify-initialization-request-files-exist
+       @echo "##### Generate CSR and Key #####"
+       openssl req -new -newkey rsa:2048 -nodes -keyout `pwd`/compose-resources/certs-from-curl/cr.key \
+           -out `pwd`/compose-resources/certs-from-curl/cr.csr \
+           -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
+           -addext "subjectAltName = DNS:test.onap.org"
+       @echo "##### Send Key Update Request #####"
+       curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
+           -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
+           -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+           -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+           --cert `pwd`/certs/cmpv2Issuer-cert.pem \
+           --key `pwd`/certs/cmpv2Issuer-key.pem \
+           --cacert `pwd`/certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
+
+verify-initialization-request-files-exist:
+  ifeq (,$(wildcard compose-resources/certs-from-curl/ir.key))
+  ifeq (,$(wildcard compose-resources/certs-from-curl/ir-cert.pem))
+                       $(error Execute send-initialization-request first)
+  endif
+  endif
diff --git a/README.md b/README.md

index 2d91ee8..ddbdfff 100644 (file)
--- a/README.md
+++ b/README.md
@@ -54,6 +54,90 @@ make run-client
  make stop-backend
  ```
  
+### Generating certificates via REST Api
+#### Requirements
+* OpenSSL
+* cURL
+* jq (for parseCertServiceResponse.sh script)
+#### Initialization Request
+1. Create Certificate Signing Request and Private Key
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/ir.key \
+           -out ./compose-resources/certs-from-curl/ir.csr \
+           -subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+           -addext "subjectAltName = DNS:test.onap.org"
+```
+2. Send Initialization Request
+```
+curl -s https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+        -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+        --cert ./certs/cmpv2Issuer-cert.pem \
+        --key ./certs/cmpv2Issuer-key.pem \
+        --cacert ./certs/cacert.pem
+```
+to parse the response pipe the output to `parseCertserviceResponse.sh` script, providing prefix as argument
+```
+curl -sN https://localhost:8443/v1/certificate/RA -H "PK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+        -H "CSR: $(cat ./compose-resources/certs-from-curl/ir.csr | base64 | tr -d \\n)" \
+        --cert ./certs/cmpv2Issuer-cert.pem \
+        --key ./certs/cmpv2Issuer-key.pem \
+        --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "ir"
+```
+
+#### Update Request
+1. Create Certificate Signing Request and Private Key - same as for Initialization Request.
+When CSR data (like Subject and SANS) is unchanged, Key Update Request will be performed.
+Otherwise Certification Request will be performed. 
+Example for KUR:
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/kur.key \
+-out ./compose-resources/certs-from-curl/kur.csr \
+-subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=onap.org" \
+-addext "subjectAltName = DNS:test.onap.org"
+```
+Example for CR:
+```
+openssl req -new -newkey rsa:2048 -nodes -keyout ./compose-resources/certs-from-curl/cr.key \
+-out ./compose-resources/certs-from-curl/cr.csr \
+-subj "/C=US/ST=California/L=San-Francisco/O=ONAP/OU=Linux-Foundation/CN=new-onap.org" \
+-addext "subjectAltName = DNS:test.onap.org"
+```
+2. Send Update Request.
+Example for KUR:
+```
+curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $(cat ./compose-resources/certs-from-curl/kur.key | base64 | tr -d \\n)" \
+           -H "CSR: $(cat ./compose-resources/certs-from-curl/kur.csr | base64 | tr -d \\n)" \
+           -H "OLDPK: $(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+           -H "OLDCERT: $(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+           --cert ./certs/cmpv2Issuer-cert.pem \
+           --key ./certs/cmpv2Issuer-key.pem \
+           --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "kur"
+```
+Example CR:
+```
+curl -sN https://localhost:8443/v1/certificate-update/RA -H "PK: $$(cat ./compose-resources/certs-from-curl/cr.key | base64 | tr -d \\n)" \
+           -H "CSR: $$(cat ./compose-resources/certs-from-curl/cr.csr | base64 | tr -d \\n)" \
+           -H "OLD_PK: $$(cat ./compose-resources/certs-from-curl/ir.key | base64 | tr -d \\n)" \
+           -H "OLD_CERT: $$(cat ./compose-resources/certs-from-curl/ir-cert.pem | base64 | tr -d \\n)" \
+           --cert ./certs/cmpv2Issuer-cert.pem \
+           --key ./certs/cmpv2Issuer-key.pem \
+           --cacert ./certs/cacert.pem | `pwd`/parseCertServiceResponse.sh "cr"
+```
+
+#### Using makefile
+1. Perform Initialization Request:
+```
+make send-initialization-request
+```
+2. Perform Update Request:
+```
+make send-key-update-request
+```
+or:
+```
+make send-certification-request
+```
+
  ### OOM CertService CSITs
  #### CSIT repository
  ```
diff --git a/certService/src/main/resources/application.properties b/certService/src/main/resources/application.properties

index a7f5eea..8698a31 100644 (file)
--- a/certService/src/main/resources/application.properties
+++ b/certService/src/main/resources/application.properties
@@ -10,6 +10,9 @@ springdoc.swagger-ui.path=/docs
  # OOM CertService app specific configuration
  app.config.path=/etc/onap/oom/certservice
  
+# HTTP Configuration
+server.max-http-header-size=16384
+
  # Mutual TLS configuration
  server.ssl.enabled=true
  server.ssl.client-auth=need
diff --git a/parseCertServiceResponse.sh b/parseCertServiceResponse.sh

new file mode 100755 (executable)

index 0000000..dff867f
--- /dev/null
+++ b/parseCertServiceResponse.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+read -r RESPONSE
+echo "$RESPONSE" | jq -r '.certificateChain[]' > ./compose-resources/certs-from-curl/$1-cert.pem
+echo "$RESPONSE" | jq -r '.trustedCertificates[]' > ./compose-resources/certs-from-curl/$1-cacert.pem
author	Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
	Wed, 16 Jun 2021 17:16:30 +0000 (19:16 +0200)
committer	Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
	Wed, 30 Jun 2021 06:49:34 +0000 (06:49 +0000)
.gitignore		patch \| blob \| history
Makefile		patch \| blob \| history
README.md		patch \| blob \| history
certService/src/main/resources/application.properties		patch \| blob \| history
parseCertServiceResponse.sh	[new file with mode: 0755]	patch \| blob