Fix bugs in startup script and move scripts to bin
Testing in kubernetes revealed some issues that
needed to be fixed. This patch contains those changes.
Issue-ID: AAF-510
Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
diff --git a/bin/caservicecontainer/application.sh b/bin/caservicecontainer/application.sh
index 1a723ea..a7c864d 100755
--- a/bin/caservicecontainer/application.sh
+++ b/bin/caservicecontainer/application.sh
@@ -11,20 +11,21 @@
# Setting up the java application and running the application
# 1. Create the configuration pkcs11.cfg for the application
-touch /tmp/pkcs11.cfg
-chmod 755 /tmp/pkcs11.cfg
-echo "name = ${key_label}" >> /tmp/pkcs11.cfg
+# Remove any existing cfg file first from the CWD
+rm pkcs11.cfg
+touch pkcs11.cfg
+chmod 755 pkcs11.cfg
+echo "name = ${key_label}" >> pkcs11.cfg
echo "The location of applicationms library is ${applicationlibrary}"
-echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg
-echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg
+echo "library = ${applicationlibrary}" >> pkcs11.cfg
+echo "slot = ${SoftHSMv2SlotID}" >> pkcs11.cfg
# 2. Compile the Application
-cd /tmp/files
-cp test.csr /tmp/test.csr
+# CaSign requires test.csr to be available in CWD
javac CaSign.java
# 3. Run the Application
java CaSign ${upin} 0x${cert_id}
# 4. Verify the generated certificate
-openssl verify -verbose -CAfile ca.cert /tmp/test.cert
\ No newline at end of file
+openssl verify -verbose -CAfile ${DATA_FOLDER}/ca.cert test.cert
\ No newline at end of file
diff --git a/bin/caservicecontainer/build_testcaservice_image.sh b/bin/caservicecontainer/build_testcaservice_image.sh
index 0760950..f13993b 100755
--- a/bin/caservicecontainer/build_testcaservice_image.sh
+++ b/bin/caservicecontainer/build_testcaservice_image.sh
@@ -23,8 +23,16 @@
echo $BUILD_ARGS
function build_image {
+ echo "Copying files for image"
+ cp ../../test/integration/samplecaservicecontainer/applicationfiles/CaSign.java .
+ cp ../../test/integration/samplecaservicecontainer/applicationfiles/ca.cert .
+ cp ../../test/integration/samplecaservicecontainer/applicationfiles/test.csr .
+
echo "Start build docker image: ${IMAGE_NAME}:latest"
docker build ${BUILD_ARGS} -t ${IMAGE_NAME}:latest -f dockerfile .
+
+ echo "Remove files after image is built"
+ rm CaSign.java ca.cert test.csr
}
function push_image {
diff --git a/bin/caservicecontainer/dockerfile b/bin/caservicecontainer/dockerfile
index 7a70dc9..9fdbc30 100755
--- a/bin/caservicecontainer/dockerfile
+++ b/bin/caservicecontainer/dockerfile
@@ -13,9 +13,11 @@
RUN cp ./bcpg-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/
RUN cp ./bctls-jdk15on-159.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext
-# Create the directory for mounting the shared voulme
-RUN mkdir -p /tmp/files
+# Create the directory for running things in this container
+RUN mkdir -p /testca/bin
-COPY ./import.sh /
-COPY ./softhsmconfig.sh /
-COPY ./application.sh /
+COPY import.sh /testca/bin
+COPY softhsmconfig.sh /testca/bin
+COPY application.sh /testca/bin
+COPY CaSign.java /testca/bin
+COPY test.csr /testca/bin
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh
index 0efff37..27d5059 100755
--- a/bin/caservicecontainer/import.sh
+++ b/bin/caservicecontainer/import.sh
@@ -10,11 +10,9 @@
set -e
#Primary Key Password used by TPM Plugin to load keys
-TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
+export TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
#Handle to the aforementioned Primary Key
SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)"
-#Placeholder of Input files to the Import tool which is the output of duplicate tool
-sharedvolume="${DATA_FOLDER}"
#key_id is the parameter expected by SoftHSM
key_id="8738"
#Key_label is the parameter expected by SoftHSM
@@ -29,6 +27,8 @@
token_no="Token1"
#cert_id is the input for the application which is hexadecimal equivalent of key_id
cert_id=$(printf '%x' ${key_id})
+#Set working dir
+WORKDIR=$PWD
# 1.Initialize the token/
softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \
@@ -38,10 +38,10 @@
echo "The slot ID used is ${SoftHSMv2SlotID}"
# 2.Plugin directory for the SoftHSM to load plugin and for further operations
-if [ -f ${sharedvolume}/out_parent_public ]; then
+if [ -f ${DATA_FOLDER}/out_parent_public ]; then
# 2.a Copy the required input files for the Import tool
- cp ${sharedvolume}/dup* /tpm-util/bin/
+ cp ${DATA_FOLDER}/dup* /tpm-util/bin/
# 2.b Run the Import Utility
cd /tpm-util/bin
@@ -49,7 +49,7 @@
-dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \
-password $TPM_PRK_PASSWORD
- cd /
+ cd $WORKDIR
chmod 755 softhsmconfig.sh
./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID
else
@@ -58,7 +58,7 @@
echo "TPM hardware unavailable. Using SoftHSM implementation"
- cd ${sharedvolume}
+ cd ${DATA_FOLDER}
# 3.a Extract the Private key using passphrase
passphrase="$(cat passphrase)"
@@ -75,7 +75,7 @@
fi
# 3.a Application operation
-cd ${sharedvolume}
+cd ${DATA_FOLDER}
# 3.b Convert the crt to der format
openssl x509 -in ca.cert -outform der -out ca.der
@@ -85,10 +85,10 @@
--write-object ./ca.der --type cert --id ${cert_id}
# 4. Calling the functionalities of the sample application
-cd /
+cd $WORKDIR
chmod 755 application.sh
./application.sh $key_label $SoftHSMv2SlotID $upin $cert_id
# 5. Cleanup
-cd /
+cd $WORKDIR
rm -rf slotinfo.txt