AAF Certification Service

Specification

REQ - 140 Create Client, Plugin using Client and mechanisms for using CMPv2 as a CA

Team

Role

Name

E-mail

Role

Name

E-mail

Specificator

Pawel Baniewski

pawel.baniewski@nokia.com

Commiter

Bogumil Zebek

bogumil.zebek@nokia.com

 

Project details

Requirements for developers

Licenses

https://wiki.onap.org/plugins/servlet/mobile?contentId=8228646#content/view/8228646

 

Library

Version

Link to maven repo

License

Library

Version

Link to maven repo

License

assertj-core

3.15.0

https://mvnrepository.com/artifact/org.assertj/assertj-core

Apache 2.0

mockito-core

3.2.4

https://mvnrepository.com/artifact/org.mockito/mockito-core

MIT

spring-core

5.2.3.RELEASE

https://mvnrepository.com/artifact/org.springframework/spring-core

Apache 2.0

spring-boot-starter

2.2.4.RELEASE

https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter

Apache 2.0

maven-javadoc-plugin

3.1.1

https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-javadoc-plugin

Apache 2.0

maven-surefire-plugin

3.0.0-M4

https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-surefire-plugin

Apache 2.0

spring-boot-starter-actuator

2.2.4.RELEASE

https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-actuator

Apache 2.0

spring-boot-starter-log4j2

2.1.5.RELEASE

https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-log4j2

Apache 2.0

spring-cloud-starter-config

2.2.1.RELEASE

https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-config/

Apache 2.0

springdoc-openapi-ui

1.2.30

https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-ui

Apache 2.0

bouncycastle

1.60

https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on

MIT

docker-maven-plugin

0.33.0

https://mvnrepository.com/artifact/io.fabric8/docker-maven-plugin

Apache 2.0

springdoc-openapi-maven-plugin

0.2

https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-maven-plugin

Apache 2.0

gson

2.8.6

https://mvnrepository.com/artifact/com.google.code.gson/gson/

Apache 2.0

Apache httpclient

4.5.6

https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient

Apache 2.0

Apache Commons Lang

3.9

https://mvnrepository.com/artifact/org.apache.commons/commons-lang3

Apache 2.0

Apache Commons IO

2.6

https://mvnrepository.com/artifact/commons-io/commons-io

Apache 2.0

JUnit Jupiter

5.5.2

https://mvnrepository.com/artifact/org.junit.jupiter/junit-jupiter

EPL 2.0

Mockito JUnit Jupiter

2.17.0

https://mvnrepository.com/artifact/org.mockito/mockito-junit-jupiter

MIT

 

Tips & Tricks

How to run Jenkins Builds

How to create a new project in ONAP

  1. Create a repository in gerrit

    1. Create a ticket at https://jira.linuxfoundation.org/servicedesk/customer/portal/2/create/102?q=create%20repository&q_time=1581674068823

  2. Configure pom.xml in project

    1.  An example: https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/pom.xml;h=3f17f3904b45f48007c7cf10cb54b2b814447226;hb=HEAD

  3. Configure Jenkins Jobs

    1. https://gerrit.onap.org/r/c/ci-management/ /101668

    2. Contact person:

      1. jwagantall@linuxfoundation.org

  4. Documentation

    1. An example:  https://gerrit.onap.org/r/#/c/cli/ /101293/

    2. Contact person:

      1. sofia.wallin@est.tech

      2. jwagantall@linuxfoundation.org

Records

  • CertService with TLS installation Poc <Polish> 

How to create CSR and PK for certificate endpoint

  1. Create CSR and PK using openssl;

    1. create configuration file : 

      csr.config

      [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = San-Francisco organizationName = Organization Name (eg, company) organizationName_default = Linux-Foundation organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = ONAP commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = onap.org emailAddress = Email Address emailAddress_default = tester@onap.org [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = onap.org DNS.2 = test.onap.org

       

    2. run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :

      openssl req -out onap.csr -newkey rsa:2048 -nodes -keyout onap.key -config csr.config

       

  2. Encode CSR and private key in Base64. You can use this  java code to create onap.csr.b64 and onap.key.b64 :

    private static void encodeCsrAndPkInBase64() throws IOException { String csr = Files.readString(Paths.get(PATH_TO_CSR)); String pk = Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr = new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk = new String(Base64.getEncoder().encode(pk.getBytes())); Files.writeString(Paths.get(PATH_TO_CSR ".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK ".b64"), encodedPk); }

     

  3. Paste  onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request

How to run CertService Client

All necessary information could be find in official documentation, see Read The Docs.

Client's exiting codes:

Exiting codes could be find in official documentation, see Read The Docs