Use SSL for encrypting the connection

Netty's OpenSSL bindings are used

Closes ONAP-179

Change-Id: I8249fbaaed1dd869b733db04a27cebf53962c80c
Issue-ID: DCAEGEN2-601
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
diff --git a/ssl/.gitignore b/ssl/.gitignore
new file mode 100644
index 0000000..598dc75
--- /dev/null
+++ b/ssl/.gitignore
@@ -0,0 +1,4 @@
+*.crt
+*.key
+*.srl
+*.csr
diff --git a/ssl/Makefile b/ssl/Makefile
new file mode 100644
index 0000000..d9d1027
--- /dev/null
+++ b/ssl/Makefile
@@ -0,0 +1,33 @@
+FILE=sample
+CA_PASSWD=onap
+SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO
+CA=onap
+
+sign: $(FILE).crt
+
+clean:
+	rm -f *.crt *.key *.srl *.csr
+
+generate-ca-certificate: $(CA).crt
+
+generate-private-key: $(FILE).key
+
+create-public-key: $(FILE).pub
+
+create-sign-request: $(FILE).csr
+
+$(CA).crt:
+	openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)"
+
+$(FILE).key:
+	openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048
+
+$(FILE).pub: $(FILE).key
+	openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt 
+
+$(FILE).csr: $(FILE).key
+	openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)"
+
+$(FILE).crt: $(CA).crt $(FILE).csr
+	openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD)
+
diff --git a/ssl/README.md b/ssl/README.md
new file mode 100644
index 0000000..efba610
--- /dev/null
+++ b/ssl/README.md
@@ -0,0 +1,28 @@
+# Generating SSL certificates
+
+Typical usage:
+
+```shell
+make FILE=client
+make FILE=server
+```
+
+Will generate CA certificate and signed client and server certificates.
+
+More "low-level" usage:
+
+```shell
+make generate-ca-certificate
+make generate-private-key FILE=client 
+make sign FILE=client
+```
+
+# Connecting to a server
+
+First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority.
+
+After that you can:
+
+```shell
+./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat
+```
diff --git a/ssl/connect.sh b/ssl/connect.sh
new file mode 100755
index 0000000..16524c3
--- /dev/null
+++ b/ssl/connect.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -eou pipefail
+
+if [[ $# < 2 ]]; then
+  echo "Please provide a key file prefix and a target host:port"
+  exit 1
+fi
+
+key_prefix=$1
+host_and_port=$2
+
+cert_file="$key_prefix.crt"
+key_file="$key_prefix.key"
+
+if [[ ! -r "$cert_file" ]]; then
+  echo "$cert_file is not readable"
+  exit 2
+fi
+    
+if [[ ! -r "$key_file" ]]; then
+  echo "$key_file is not readable"
+  exit 2
+fi
+
+openssl s_client -connect $host_and_port -cert "$cert_file" -key "$key_file" -CAfile onap.crt
+