...
- Follow Google Java Style Guide
- Follow SONAR rules
- SONAR is available at https://sonarcloud.io/dashboard?id=onap_aaf-certservice
- Code Coverage MUST be at >= 80% level
- No new violation in the NEW code
- New libraries
- Before you add a new JAVA library contact with Specificator and Commiter to get confirmation that library can be used in the project!
- Remember to update README.md file (https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD)
Licenses
Tips & Tricks
...
How to run Jenkins Builds
How to create a new project in ONAP
- Create a repository in gerrit
- Configure pom.xml in project
- Configure Jenkins Jobs
- Documentation
- An example: https://gerrit.onap.org/r/#/c/cli/ /101293/
- Contact person:
How to run CertService Client
As standalone docker:
...
Records
- CertService with TLS installation Poc <Polish>
| View file | ||||
|---|---|---|---|---|
|
How to create CSR and PK for certificate endpoint
- Create CSR and PK using openssl;
create configuration file :
Code Block title
...
csr.
...
config
...
[
...
Run docker container with environments file and docker network (API and client must be running in same network)
| Code Block |
|---|
AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
DOCKER_ENV_FILE= <path to environment file>
NETWORK_CERT_SERVICE= <docker network of cert service>
docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE |
As init container for K8s:
...
| title | Sample deployment |
|---|
...
req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default
...
...
...
...
= US stateOrProvinceName
...
...
= State or Province Name (full name) stateOrProvinceName_default
...
= California
...
localityName
...
...
...
...
= Locality Name (eg,
...
city) localityName_default
...
...
= San-Francisco organizationName
...
...
...
= Organization Name (eg, company) organizationName_default
...
...
= Linux-Foundation
...
organizationalUnitName
...
= Organizational Unit Name (eg,
...
section) organizationalUnitName_default = ONAP
...
commonName
...
...
= Common Name (e.g. server FQDN or YOUR
...
name
...
)
...
commonName_default
...
...
= onap.org emailAddress
...
...
...
= Email
...
Address emailAddress_default
...
...
...
= tester@onap.org [ req_ext ] subjectAltName = @alt_names [ alt_names
...
] DNS.1 = onap.org DNS.2 = test.onap.org
run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :
Code Block language bash openssl req -out
...
onap.csr -newkey rsa:2048 -nodes -keyout onap.key -config csr.config
Encode CSR and private key in Base64. You can use this java code to create onap.csr.b64 and onap.key.b64 :
Code Block language java private static void encodeCsrAndPkInBase64() throws IOException {
...
...
String csr = Files.readString(Paths.get(PATH_TO_CSR));
...
...
String
...
pk = Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr =
...
new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk
...
= new String(Base64.getEncoder().encode(pk.getBytes()));
...
Files.writeString(Paths.get(PATH_TO_CSR ".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK ".b64"), encodedPk);
...
}- Paste onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request
How to run CertService Client
All necessary information could be find in official documentation, see Read The Docs.
Client's exiting codes:
...
Success
...
Exiting codes could be find in official documentation, see Read The Docs