...
| Code Block |
|---|
@Test
public void testServerWithRealUrl()
throws CmpClientException {
setValidCsrMetaValuesAndDateValues();
csrMeta.externalCaUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmpRA");
csrMeta.password("mypassword");
CmpClientImpl cmpClient = new CmpClientImpl();
try {
cmpClient.createCertRequest("data", "RA", csrMeta, cert, notBefore, notAfter);
} catch (CAOfflineException e) {
e.printStackTrace();
}
}
private void setValidCsrMetaValuesAndDateValues() {
ArrayList<RDN> rdns = new ArrayList<>();
try {
rdns.add(new RDN("O=CommonCompany"));
} catch (CertException e) {
e.printStackTrace();
}
csrMeta = new CSRMeta(rdns);
csrMeta.cn("Node123");
csrMeta.san("CommonName.com");
csrMeta.password("password");
csrMeta.email("CommonName@cn.com");
csrMeta.issuerCn("ManagementCA");
when(kpg.generateKeyPair()).thenReturn(keyPair);
csrMeta.keypair(trans);
csrMeta.externalCaUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmpRA");
try {
notBefore = Optional.ofNullable(new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00"));
notAfter = Optional.ofNullable(new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00"));
} catch (ParseException e) {
e.printStackTrace();
}
} |
Usage
Docker
Run CertService as docker via following command: 
TBA
| Code Block |
|---|
Kubernetes
For Kubernetes helm chart is provided. Just fill in all values and deploy helm chart using following command: TBA
| Code Block |
|---|
CertService's client
CertService's client properties
...
File interface (names, passwords) should be defined
Usage
Docker
Run CertService's client as docker via following command: TBA
| Code Block |
|---|
Kuberenetes
Cause ONAP is deployed in K8s, CertService's client will be delivered as independent container and should run as init container for end component. Both init container and end component must mount the same volume (persistent or ephemeral) to transfer generated artifacts.
Example
Volume to transfer generated artifacts should be mounted to application container (lines 46-49). Within K8s workload, CertService's client as init container should be added (lines 10-13). All needed ENV variables should be passed to CertService's client (lines 14-36). CertService's client should mount the same volume as application container (lines 37-39). Volume to transfer generated artifacts can be an emptyDir type (lines 51-53).
| Code Block | ||
|---|---|---|
| ||
... # WARNING - work in progress so still can change
kind: Deployment
metadata:
...
spec:
...
template:
...
spec:
initContainers:
- name: cert-service-client
image: {{ .Values.global.csClientRepository }}/{{ .Values.global.csClientImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: REQUEST_URL
value: {{ .Values.certService.url }}
- name: REQUEST_TIMEOUT
value: {{ .Values.certService.timeout }}
- name: OUTPUT_PATH
value: {{ .Values.certService.outputPath }}
- name: CA_NAME
value: {{ .Values.global.certService.caName }}
- name: COMMON_NAME
value: {{ .Values.certService.commonName }}
- name: ORGANIZATION
value: {{ .Values.global.certService.organization }}
- name: ORGANIZATION_UNIT
value: {{ .Values.global.certService.organizationUnit }}
- name: LOCATION
value: {{ .Values.global.certService.location }}
- name: STATE
value: {{ .Values.global.certService.state }}
- name: COUNTRY
value: {{ .Values.global.certService.country }}
- name: SANS
value: {{ .Values.certService.sans }}
volumeMounts:
- mountPath: {{ .Values.certService.outputPath }}
name: {{ include "common.fullname" . }}-cmpv2-certs
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
volumeMounts:
- mountPath: /certificates/external
name: {{ include "common.fullname" . }}-cmpv2-certs
readOnly: true
...
volumes:
- name: {{ include "common.fullname" . }}-cmpv2-certs
emptyDir: {} |
...