...
- Follow Google Java Style Guide
- Follow SONAR rules
- SONAR is available at https://sonarcloud.io/dashboard?id=onap_aaf-certservice
- Code Coverage MUST be at >= 80% level
- No new violation in the NEW code
- New libraries
- Before you add a new JAVA library contact with Specificator and Commiter to get confirmation that library can be used in the project!
- Remember to update README.md file (https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD)
Licenses
Tips & Tricks
...
How to run Jenkins Builds
How to create a new project in ONAP
- Create a repository in gerrit
- Configure pom.xml in project
- Configure Jenkins Jobs
- Documentation
- An example: https://gerrit.onap.org/r/#/c/cli/ /101293/
- Contact person:
Records
- CertService with TLS installation Poc <Polish>
| View file | ||||
|---|---|---|---|---|
|
How to create CSR and PK for certificate endpoint
- Create CSR and PK using openssl;
create configuration file :
Code Block title csr.config [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = San-Francisco organizationName = Organization Name (eg, company) organizationName_default = Linux-Foundation organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = ONAP commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = onap.org emailAddress = Email Address emailAddress_default = tester@onap.org [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = onap.org DNS.2 = test.onap.org
run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :
Code Block language bash openssl req -out onap.csr -newkey rsa:2048 -nodes -keyout onap.key -config csr.config
Encode CSR and private key in Base64. You can use this java code to create onap.csr.b64 and onap.key.b64 :
Code Block language java private static void encodeCsrAndPkInBase64() throws IOException { String csr = Files.readString(Paths.get(PATH_TO_CSR)); String pk = Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr = new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk = new String(Base64.getEncoder().encode(pk.getBytes())); Files.writeString(Paths.get(PATH_TO_CSR+ ".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK+ ".b64"), encodedPk); }- Paste onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request
How to run CertService Client
As standalone docker:
Create file with environments as in example below.
| Code Block | ||
|---|---|---|
| ||
#Client envs
REQUEST_URL=http://aaf-cert-service-service:8080/v1/certificate/
REQUEST_TIMEOUT=1000
OUTPUT_PATH=/var/certs
CA_NAME=RA
#Csr config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
ORGANIZATION_UNIT=ONAP
LOCATION=San-Francisco
STATE=California
COUNTRY=US
SANS=test.onap.org:onap.com |
Run docker container with environments file and docker network (API and client must be running in same network).
| Code Block |
|---|
AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
DOCKER_ENV_FILE= <path to environment file>
NETWORK_CERT_SERVICE= <docker network of cert service>
DOCKER_VOLUME="<absolute path to local dir>:<output path>"
docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE --volume $DOCKER_VOLUME $AAFCERT_CLIENT_IMAGE |
As init container for K8s:
...
| title | Sample deployment |
|---|
...
All necessary information could be find in official documentation, see Read The Docs.
Client's exiting codes:
...
Success
...
Exiting codes could be find in official documentation, see Read The Docs