...
- Follow Google Java Style Guide
- Follow SONAR rules
- SONAR is available at https://sonarcloud.io/dashboard?id=onap_aaf-certservice
- Code Coverage MUST be at >= 80% level
- No new violation in the NEW code
- New libraries
- Before you add a new JAVA library contact with Specificator and Commiter to get confirmation that library can be used in the project!
- Remember to update README.md file (https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD)
Licenses
Tips & Tricks
...
How to run Jenkins Builds
How to create a new project in ONAP
- Create a repository in gerrit
- Configure pom.xml in project
- Configure Jenkins Jobs
- Documentation
- An example: https://gerrit.onap.org/r/#/c/cli/ /101293/
- Contact person:
Records
- CertService with TLS installation Poc <Polish>
View file | ||||
---|---|---|---|---|
|
How to
...
As standalone docker:
Simple docker run with environment file
Code Block |
---|
AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
DOCKER_ENV_FILE= <path to envfile>
NETWORK_CERT_SERVICE= <docker network of cert cert service>
docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE |
Enviroment file example:
Code Block | ||
---|---|---|
| ||
#Client envs
REQUEST_TIMEOUT=1000
OUTPUT_PATH=/var/log
CA_NAME=RA
#Csr config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
ORGANIZATION_UNIT=ONAP
LOCATION=San-Francisco
STATE=California
COUNTRY=US
SANS=example.com:example2.com |
As init container for K8s:
Client's exiting codes:
...
Success
...
create CSR and PK for certificate endpoint
- Create CSR and PK using openssl;
create configuration file :
Code Block title csr.config [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = San-Francisco organizationName = Organization Name (eg, company) organizationName_default = Linux-Foundation organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = ONAP commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = onap.org emailAddress = Email Address emailAddress_default = tester@onap.org [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = onap.org DNS.2 = test.onap.org
run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :
Code Block language bash openssl req -out onap.csr -newkey rsa:2048 -nodes -keyout onap.key -config csr.config
Encode CSR and private key in Base64. You can use this java code to create onap.csr.b64 and onap.key.b64 :
Code Block language java private static void encodeCsrAndPkInBase64() throws IOException { String csr = Files.readString(Paths.get(PATH_TO_CSR)); String pk = Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr = new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk = new String(Base64.getEncoder().encode(pk.getBytes())); Files.writeString(Paths.get(PATH_TO_CSR ".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK ".b64"), encodedPk); }
- Paste onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request
How to run CertService Client
All necessary information could be find in official documentation, see Read The Docs.
Client's exiting codes:
Exiting codes could be find in official documentation, see Read The Docs