From 6ee5a32752bd838225b9cbacd22ed451fd24c9a6 Mon Sep 17 00:00:00 2001 From: RehanRaza Date: Fri, 28 Aug 2020 14:37:34 +0200 Subject: [PATCH] Add a configurable truststore for A1 adapter The default truststore truststore.a1.adapter.jks contains a1simulator's cert from ORAN-SC: https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=blob;f=near-rt-ric-simulator/certificate/cert.crt;h=51e37a79a508242a2179f0607df61fb795e94a6a;hb=refs/heads/master This truststore can be overridden by mounting a new volume in docker-compose/helm, and the correpoding password for the truststore is set using an environment variable. Change-Id: Iec489a5a8f0435191475db0a1737e822f0a44b99 Issue-ID: SDNC-1339 Signed-off-by: RehanRaza --- .../sdnc/src/main/scripts/addA1TrustStore.sh | 28 +++++++++++++++++++++ installation/sdnc/src/main/scripts/startODL.oom.sh | 2 ++ installation/sdnc/src/main/scripts/startODL.sh | 2 ++ .../src/main/stores/truststore.a1.adapter.jks | Bin 0 -> 970 bytes installation/src/main/yaml/docker-compose.yml | 6 +++++ 5 files changed, 38 insertions(+) create mode 100755 installation/sdnc/src/main/scripts/addA1TrustStore.sh create mode 100644 installation/src/main/stores/truststore.a1.adapter.jks diff --git a/installation/sdnc/src/main/scripts/addA1TrustStore.sh b/installation/sdnc/src/main/scripts/addA1TrustStore.sh new file mode 100755 index 00000000..4e3fcab6 --- /dev/null +++ b/installation/sdnc/src/main/scripts/addA1TrustStore.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +### +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +SDNC_STORE_DIR=${SDNC_STORE_DIR:-/opt/onap/sdnc/data/stores} +A1_TRUSTSTORE=${SDNC_STORE_DIR}/truststore.a1.adapter.jks +ONAP_TRUSTSTORE=${SDNC_STORE_DIR}/truststoreONAPall.jks + +if [ -f ${A1_TRUST_STORE} ] +then + keytool -importkeystore -srckeystore ${A1_TRUSTSTORE} -srcstorepass ${A1_TRUSTSTORE_PASSWORD} -destkeystore ${ONAP_TRUSTSTORE} -deststorepass changeit +fi diff --git a/installation/sdnc/src/main/scripts/startODL.oom.sh b/installation/sdnc/src/main/scripts/startODL.oom.sh index f158c7dd..80fe9084 100755 --- a/installation/sdnc/src/main/scripts/startODL.oom.sh +++ b/installation/sdnc/src/main/scripts/startODL.oom.sh @@ -296,6 +296,8 @@ if [ ! -f ${SDNC_HOME}/.installed ] then echo "Installing SDN-C keyStore" /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh + echo "Installing A1-adapter trustStore" + /bin/bash ${SDNC_HOME}/bin/addA1TrustStore.sh if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh index 6f9bdad2..8da2c547 100755 --- a/installation/sdnc/src/main/scripts/startODL.sh +++ b/installation/sdnc/src/main/scripts/startODL.sh @@ -152,6 +152,8 @@ then ${SDNC_HOME}/bin/installSdncDb.sh echo "Installing SDN-C keyStore" ${SDNC_HOME}/bin/addSdncKeyStore.sh + echo "Installing A1-adapter trustStore" + ${SDNC_HOME}/bin/addA1TrustStore.sh #${CCSDK_HOME}/bin/installOdlHostKey.sh diff --git a/installation/src/main/stores/truststore.a1.adapter.jks b/installation/src/main/stores/truststore.a1.adapter.jks new file mode 100644 index 0000000000000000000000000000000000000000..35eaceb880bbd465bbfdf6246b6f0fc761c57a4f GIT binary patch literal 970 zcmV;*12z0Gf&<0^0Ru3C1AhhyDuzgg_YDCD0ic2da0G$_Y%qcYXfT2UWCjT;hDe6@ z4FLxRpn?NcFoFY70s#Opf&)qh2`Yw2hW8Bt2LUiC1_~;MNQU7XT(zxp5`1h^ckb!otn`8wz+Ov-4UOR4D=9I9L zf&j3?ll)IPt8vCL`}0f}(%4oDdyF9GQ=t6%*w zP+vm>?b?)9pY(i^#G!-Lxx5(VwVt^4IoO)KjC!jgeLH{B#}GiX>XWJfR&)gNKojZX za+$+M%;S9lnSU~zjrX_vgbtVE;R0X*;+BuLj-ke?tbE)T(q|C}scCM>@ab5j?>)Rw zDVy`4uc*YFn^cE^^{{CIO<_=-31btREknBJiwb3Is1La6s*W(oSo8F!2Os0mr!fYa z2hE1?>L7;P0WzkyI8RU#$v)0>cWF*rE2|v&gsn>2HDrIqTPZg#1*B21^`mdZGgK?Y zGI3LeVy_B1v&+R`?_`>a@0PV(s1zbCvg(vj#;PLZ)toZ18poP)FlnD?{&914L3frs zDK8~p9=5B7EJOt3p|9U>HFJW(E~DYX9%GlUUBIv8Tzy9jT1Co<|FkleDKQ800Z{ic z0$SBVGCpWXyWehx@v*XOjqWsIN6r0F>i%m@qytAutIB1uG5%0vZJX1Qba^stm35 seAhaTXzXiT7;jkMB*+95siM(PWXBGzTGbM;K?wK;GD@^A0s{etpbtF69{>OV literal 0 HcmV?d00001 diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml index 773d0616..96f9bb32 100644 --- a/installation/src/main/yaml/docker-compose.yml +++ b/installation/src/main/yaml/docker-compose.yml @@ -63,6 +63,12 @@ services: - ODL_CERT_DIR=/tmp - ODL_ADMIN_USERNAME=admin - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + - A1_TRUSTSTORE_PASSWORD=a1adapter + # The default truststore for A1 adapter can be overridden by mounting a new + # truststore (uncomment the lines below), whereas the corresponding password + # should be updated in A1_TRUSTSTORE_PASSWORD environment variable (in the line above) + #volumes: + # - ./a1_truststore.jks:/opt/onap/sdnc/data/stores/truststore.a1.adapter.jks:ro dns: - ${DNS_IP_ADDR-10.0.100.1} logging: -- 2.16.6