...
- Follow Google Java Style Guide
- Follow SONAR rules
- SONAR is available at https://sonarcloud.io/dashboard?id=onap_aaf-certservice
- Code Coverage MUST be at >= 80% level
- No new violation in the NEW code
- New libraries
- Before you add a new JAVA library contact with Specificator and Commiter to get confirmation that library can be used in the project!
- Remember to update README.md file (https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD)
Licenses
Tips & Tricks
...
How to run Jenkins Builds
How to create a new project in ONAP
- Create a repository in gerrit
- Configure pom.xml in project
- Configure Jenkins Jobs
- Documentation
- An example: https://gerrit.onap.org/r/#/c/cli/ /101293/
- Contact person:
Records
How to run CertService Client
As standalone docker:
Create file with environments as in example below.
| Code Block | ||
|---|---|---|
| ||
#Client envs
REQUEST_TIMEOUT=1000
OUTPUT_PATH=/var/log
CA_NAME=RA
#Csr config envs
COMMON_NAME=onap.org
ORGANIZATION=Linux-Foundation
ORGANIZATION_UNIT=ONAP
LOCATION=San-Francisco
STATE=California
COUNTRY=US
SANS=example.com:example2.com |
Run docker container with environments file and docker network (API and client must be running in same network)
| Code Block |
|---|
AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
DOCKER_ENV_FILE= <path to environment file>
NETWORK_CERT_SERVICE= <docker network of cert service>
docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE |
As init container for K8s:
...
| title | Sample deployment |
|---|
...
- CertService with TLS installation Poc <Polish>
| View file | ||||
|---|---|---|---|---|
|
How to create CSR and PK for certificate endpoint
- Create CSR and PK using openssl;
create configuration file :
Code Block title csr.config [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName
...
...
...
= Country Name (2 letter code) countryName_default
...
...
...
...
= US stateOrProvinceName
...
= State
...
or Province Name (full name) stateOrProvinceName_default
...
= California localityName
...
...
...
= Locality Name
...
(eg, city) localityName_default
...
...
...
= San-Francisco organizationName
...
...
= Organization Name
...
(eg, company) organizationName_default
...
= Linux-Foundation organizationalUnitName = Organizational Unit
...
Name (eg, section) organizationalUnitName_default = ONAP commonName
...
...
...
...
...
= Common Name (e.g. server FQDN or YOUR name) commonName_default
...
...
...
...
...
= onap.org emailAddress
...
...
=
...
Email Address emailAddress_default
...
...
= tester@onap.org [ req_ext ] subjectAltName = @alt_names [
...
alt_names ] DNS.1 = onap.org DNS.2 = test.onap.org
run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :
Code Block language bash openssl req -out onap.csr -newkey
...
rsa:2048
...
-nodes -keyout onap.key -config csr.config
Encode CSR and private key in Base64. You can use this java code to create onap.csr.b64 and onap.key.b64 :
Code Block language java private static void encodeCsrAndPkInBase64()
...
throws
...
IOException
...
{ String csr
...
= Files.readString(Paths.get(PATH_TO_CSR)); String pk
...
= Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr =
...
new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk
...
= new String(Base64.getEncoder().encode(pk.getBytes())); Files.writeString(Paths.get(PATH_TO_CSR
...
".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK ".b64"), encodedPk);
...
}- Paste onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request
How to run CertService Client
All necessary information could be find in official documentation, see Read The Docs.
Client's exiting codes:
...
Success
...
Exiting codes could be find in official documentation, see Read The Docs