AAF Certification Service
Specification
REQ - 140 Create Client, Plugin using Client and mechanisms for using CMPv2 as a CA
Team
Role | Name | |
---|---|---|
Specificator | Pawel Baniewski | pawel.baniewski@nokia.com |
Commiter | Bogumil Zebek | bogumil.zebek@nokia.com |
Project details
Location: https://gerrit.onap.org/r/admin/repos/aaf/certservice
Information for developers (README.md): https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD
Requirements for developers
Follow Google Java Style Guide
Follow SONAR rules
SONAR is available at https://sonarcloud.io/dashboard?id=onap_aaf-certservice
Code Coverage MUST be at >= 80% level
No new violation in the NEW code
New libraries
Before you add a new JAVA library contact with Specificator and Commiter to get confirmation that library can be used in the project!
Remember to update README.md file (https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD)
Licenses
https://wiki.onap.org/plugins/servlet/mobile?contentId=8228646#content/view/8228646
Tips & Tricks
How to run Jenkins Builds
How to create a new project in ONAP
Create a repository in gerrit
Configure pom.xml in project
Configure Jenkins Jobs
Documentation
An example: https://gerrit.onap.org/r/#/c/cli/ /101293/
Contact person:
Records
CertService with TLS installation Poc <Polish>
How to create CSR and PK for certificate endpoint
Create CSR and PK using openssl;
create configuration file :
csr.config
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = San-Francisco organizationName = Organization Name (eg, company) organizationName_default = Linux-Foundation organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = ONAP commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = onap.org emailAddress = Email Address emailAddress_default = tester@onap.org [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = onap.org DNS.2 = test.onap.org
run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :
openssl req -out onap.csr -newkey rsa:2048 -nodes -keyout onap.key -config csr.config
Encode CSR and private key in Base64. You can use this java code to create onap.csr.b64 and onap.key.b64 :
private static void encodeCsrAndPkInBase64() throws IOException { String csr = Files.readString(Paths.get(PATH_TO_CSR)); String pk = Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr = new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk = new String(Base64.getEncoder().encode(pk.getBytes())); Files.writeString(Paths.get(PATH_TO_CSR ".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK ".b64"), encodedPk); }
Paste onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request
How to run CertService Client
All necessary information could be find in official documentation, see Read The Docs.
Client's exiting codes:
Exiting codes could be find in official documentation, see Read The Docs