...
Input value | Input type | Description | Usage |
---|---|---|---|
CsrModel | Object | POJO which transfers sent CSR, plain fields extracted from CSR (like Common Name, Country, etc) | |
CsrModel:: csr | org.bouncycastle.pkcs.PKCS10CertificationRequest | Certificate Signing Request received via REST API | |
CsrModel:: subjectDN | org.bouncycastle.asn1.x500.X500Name | SubjectDN retrieved from sent CSR | |
CsrModel:: privateKey | java.security.PrivateKey | Private key received via REST API | |
CsrModel:: publicKey | java.security.PublicKey | Public key retrieved from sent CSR | |
CsrModel:: sans | List of Strings | Subject Alterative Names retrieved from sent CSR | |
CsrModel:: | |||
CMPv2ServerDetails | Object | POJO which transfers CMPv2 server properties | |
CMPv2ServerDetails:: CA name | String | CA name as configured in CMPv2 server properties | |
CMPv2ServerDetails:: URL | URL or String | URL to CMPv2 server as configured in CMPv2 server details | |
CMPv2ServerDetails:: IssuerDN | org.bouncycastle.asn1.x500.X500Name | Issuer DN as configured in CMPv2 server details | |
CMPv2ServerDetails:: CA mode | ENUM | CA mode as configured in CMPv2 server details | |
CMPv2ServerDetails:: IAK | String | IAK as configured in CMPv2 server details | |
CMPv2ServerDetails:: RV | String | RV as configured in CMPv2 server details | |
CA name | String | CA name received via REST API |
...
Return values from CMPv2 client
CMPv2 client POC
TBD
Currently the POC for CMPv2 client is working based on the inputs below.
...
CertService's client input properties
Group | Parameter name | ENV variable name | Required | Default | Syntax | Validation rules | Description | Origin |
---|---|---|---|---|---|---|---|---|
Url | REQUEST_URL | No | http(s)://cert-service:8080/v1/certificate/ | URL | Syntax column | URL to Cert Service. Default value will be aligned with ONAP K8s deployment (Cert Service's K8s service name and port). Needs to be changed for plain docker deployment. | Application helm chart | |
Timeout | REQUEST_TIMEOUT | No | 30000 | Int (0-120000) | Syntax column | Timeout for REST API calls. In miliseconds. A timeout value of zero is interpreted as an infinite timeout. | Application helm chart | |
Path | OUTPUT_PATH | Yes | String (1-256) | Syntax column Path is valid *inx path | Path where client will output generated keystore and truststore. Normally this path should be on a volume which is used to transfer keystore and truststore between CertService's client and end component | Application helm chart | ||
CA name | CA_NAME | Yes | String (1-128) | Syntax column Must contain only alphanumeric characters | Name of CA which will enroll certificate. Must be same as configured on server side. Used in REST API calls | OOM global value | ||
CSR details | Common Name | COMMON_NAME | Yes |
String (1-256) | Syntax column CN can't contain (special characters (?, $, % and so on), IP addresses, Port numbers, or "http:// or https://") | Common name for which certificate from CMPv2 server should be issued | Application |
helm chart | ||||||
Organization | ORGANIZATION | Yes | String (1-256) | Syntax column Organization can't contain invalid characters from list "! @ # $ % ^ * ( ) ~ ? > < / \" (without "") | Organization |
for which certificate from CMPv2 server should be issued | OOM global value | ||||||
Organization Unit | ORGANIZATION_UNIT | No | Not available in generated certificate | String (0-256) | Syntax column | Organization unit for which certificate from CMPv2 server should be issued | OOM global value |
Location | LOCATION | No | Not available in generated certificate | String (0-256) | Syntax column | Location for which certificate from CMPv2 server should be issued | OOM global value |
State | STATE | Yes | String (1-256) | Syntax column | State for which certificate from CMPv2 server should be issued | OOM global value | |
Country | COUNTRY | Yes | String(2) | C must be a 2-character ISO format country code | Country for which certificate from CMPv2 server should be issued | OOM global value | |
SANs | SANS | No | Not available in generated certificate | String (0-2048) SAN1[:SAN2] | Syntax column | Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued. Colon is used as delimiter | Application helm chart |
Results
As the successful result of running CertService's client (exitCode = 0) following artifacts are created:
...