bin/caservicecontainer/test.sh - onap/aaf/sshsm - Gitiles


 #NOTE - This scripts expects the Init and the Duplicate tools to be already run and the output files to be present at the
 # shared volume (input for Import tool)

 #!/bin/bash
 set -e

 #Placeholder of Input files to the Import tool which is the output of duplicate tool
 duplicatetooldir="/tmp/files/duplicatetoolfiles"
 #Pluginlibrary
 pluginlibrary="/usr/local/lib/libtpm2-plugin.so"
 #key_id is the parameter expected by SoftHSM
 key_id="8738"
 #TPM handle
 tpm_handle="0x81000011"
 #Key_label is the  parameter expected by SoftHSM
 key_label="ABC"
 #UserPin for the SoftHSM operations
 upin="123456789"
 #SoPin for the SoftHSM operations
 sopin="123456789"
 #Slot number for the SoftHSM operations. Initially it should be started with 0
 slot_no="0"
 #Name for creating the slot used by SoftHSM
 token_no="Token1"
 #Location for the application to fecth SoftHSM library
 applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so"
 #cert_id is the input for the application which is hexadecimal equivalent of key_id
 cert_id=$(printf '%x' ${key_id})

 #Plugin directory for the SoftHSM to load plugin and for further operations
 if [ ! "$SSHSM_HW_PLUGINS_PARENT_DIR" ]
 then
     echo "There is no Plugin directory assigned. Hence creating the directory required by SoftHSM"
     SSHSM_HW_PLUGINS_PARENT_DIR="/tmp/hwparent"
 fi
     mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}
 echo "The newly assigned plugin directory is ${SSHSM_HW_PLUGINS_PARENT_DIR}"

 mkdir -p /var/run/dbus

 # Initialize the token
 softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" --pin ${upin} --so-pin ${sopin}
 softhsm2-util --show-slots | grep 'Slot ' | cut -d\           -f2 | head -1 >> slotinfo.txt
 SoftHSMv2SlotID="$(cat slotinfo.txt)"
 echo "${SoftHSMv2SlotID}"

 # 1. Create the directory as expected by the SoftHSM to read the files
 mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm
 mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate
 mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01

 cp ${pluginlibrary} ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/plugin.so
 touch ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1
 chmod 755 ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1
 echo "$tpm_handle" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1

 # 2. Generate the pkcs11.cfg file required for the SoftHSM opeations
 touch ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
 chmod 755 ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
 echo "${key_id}"
 echo "key_id:${key_id}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
 echo "${key_label}"
 echo "key_label:${key_label}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
 echo "upin:${upin}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
 echo "sopin:${sopin}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
 echo "sopin is ${sopin}"
 echo "slot:${SoftHSMv2SlotID}" >>  ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg

 # 3.a Copy the required input files for the Import tool
 cp ${duplicatetooldir}/* /sshsm/tpm-util/initandverify

 # 3.b Run the Import Utility
 cd /sshsm/tpm-util/initandverify
 ./ImportTpmKey.sh

 # 3.c Copy the output of the Import utility to the directory that SoftHSMv2 expects
 cp /sshsm/tpm-util/initandverify/outPriv ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/Kfile1.priv
 cp /sshsm/tpm-util/initandverify/outPub ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/Kfile1.pub

 # Setting up the java application and running the application
 # 4. Create the configuration pkcs11.cfg for the application
 touch /tmp/pkcs11.cfg
 chmod 755 /tmp/pkcs11.cfg
 echo "name = ${key_label}" >> /tmp/pkcs11.cfg
 echo "${applicationlibrary}"
 echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg
 echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg

 # 5. Compile the Application
 cd /tmp/files/applicationfiles
 cp test.csr /tmp/test.csr
 javac CaSign.java

 # 6. Convert the crt to der format
 openssl x509 -in ca.cert -outform der -out ca.der

 # 7. Add the ca certificate
 pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} --write-object ./ca.der --type cert --id ${cert_id}

 # 8. Run the Application
 java CaSign ${upin} 0x${cert_id}

 # 9. Verify the generated certificate
 openssl verify -verbose -CAfile ca.cert /tmp/test.cert

 # 10. CleanUp
 cd /
 rm -rf slotinfo.txt

	#NOTE - This scripts expects the Init and the Duplicate tools to be already run and the output files to be present at the
	# shared volume (input for Import tool)

	#!/bin/bash
	set -e

	#Placeholder of Input files to the Import tool which is the output of duplicate tool
	duplicatetooldir="/tmp/files/duplicatetoolfiles"
	#Pluginlibrary
	pluginlibrary="/usr/local/lib/libtpm2-plugin.so"
	#key_id is the parameter expected by SoftHSM
	key_id="8738"
	#TPM handle
	tpm_handle="0x81000011"
	#Key_label is the parameter expected by SoftHSM
	key_label="ABC"
	#UserPin for the SoftHSM operations
	upin="123456789"
	#SoPin for the SoftHSM operations
	sopin="123456789"
	#Slot number for the SoftHSM operations. Initially it should be started with 0
	slot_no="0"
	#Name for creating the slot used by SoftHSM
	token_no="Token1"
	#Location for the application to fecth SoftHSM library
	applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so"
	#cert_id is the input for the application which is hexadecimal equivalent of key_id
	cert_id=$(printf '%x' ${key_id})

	#Plugin directory for the SoftHSM to load plugin and for further operations
	if [ ! "$SSHSM_HW_PLUGINS_PARENT_DIR" ]
	then
	echo "There is no Plugin directory assigned. Hence creating the directory required by SoftHSM"
	SSHSM_HW_PLUGINS_PARENT_DIR="/tmp/hwparent"
	fi
	mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}
	echo "The newly assigned plugin directory is ${SSHSM_HW_PLUGINS_PARENT_DIR}"

	mkdir -p /var/run/dbus

	# Initialize the token
	softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" --pin ${upin} --so-pin ${sopin}
	softhsm2-util --show-slots \| grep 'Slot ' \| cut -d\ -f2 \| head -1 >> slotinfo.txt
	SoftHSMv2SlotID="$(cat slotinfo.txt)"
	echo "${SoftHSMv2SlotID}"

	# 1. Create the directory as expected by the SoftHSM to read the files
	mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm
	mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate
	mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01

	cp ${pluginlibrary} ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/plugin.so
	touch ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1
	chmod 755 ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1
	echo "$tpm_handle" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1

	# 2. Generate the pkcs11.cfg file required for the SoftHSM opeations
	touch ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
	chmod 755 ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
	echo "${key_id}"
	echo "key_id:${key_id}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
	echo "${key_label}"
	echo "key_label:${key_label}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
	echo "upin:${upin}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
	echo "sopin:${sopin}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg
	echo "sopin is ${sopin}"
	echo "slot:${SoftHSMv2SlotID}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg

	# 3.a Copy the required input files for the Import tool
	cp ${duplicatetooldir}/* /sshsm/tpm-util/initandverify

	# 3.b Run the Import Utility
	cd /sshsm/tpm-util/initandverify
	./ImportTpmKey.sh

	# 3.c Copy the output of the Import utility to the directory that SoftHSMv2 expects
	cp /sshsm/tpm-util/initandverify/outPriv ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/Kfile1.priv
	cp /sshsm/tpm-util/initandverify/outPub ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/Kfile1.pub

	# Setting up the java application and running the application
	# 4. Create the configuration pkcs11.cfg for the application
	touch /tmp/pkcs11.cfg
	chmod 755 /tmp/pkcs11.cfg
	echo "name = ${key_label}" >> /tmp/pkcs11.cfg
	echo "${applicationlibrary}"
	echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg
	echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg

	# 5. Compile the Application
	cd /tmp/files/applicationfiles
	cp test.csr /tmp/test.csr
	javac CaSign.java

	# 6. Convert the crt to der format
	openssl x509 -in ca.cert -outform der -out ca.der

	# 7. Add the ca certificate
	pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} --write-object ./ca.der --type cert --id ${cert_id}

	# 8. Run the Application
	java CaSign ${upin} 0x${cert_id}

	# 9. Verify the generated certificate
	openssl verify -verbose -CAfile ca.cert /tmp/test.cert

	# 10. CleanUp
	cd /
	rm -rf slotinfo.txt