Blame - kubernetes/platform/components/oom-cert-service/Makefile - onap/oom

blob: c4723dfdd1979da9b54085d93c7f397f5bad1f07 [file] [log] [blame]

Pawel Kasperkiewicz	8f0b6f6	2020-09-03 10:56:30 +0200	[diff] [blame]	1	CERTS_DIR = resources
				2	CURRENT_DIR := ${CURDIR}
				3	DOCKER_CONTAINER = generate-certs
				4	DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
				5
				6	all: start_docker \
				7	clear_all \
				8	root_generate_keys \
				9	root_create_certificate \
				10	root_self_sign_certificate \
				11	client_generate_keys \
				12	client_generate_csr \
				13	client_sign_certificate_by_root \
				14	client_import_root_certificate \
				15	client_convert_certificate_to_jks \
				16	server_generate_keys \
				17	server_generate_csr \
				18	server_sign_certificate_by_root \
				19	server_import_root_certificate \
				20	server_convert_certificate_to_jks \
				21	server_convert_certificate_to_p12 \
				22	clear_unused_files \
				23	stop_docker
				24
				25	.PHONY: all
				26
				27	# Starts docker container for generating certificates - deletes first, if already running
				28	start_docker:
				29	@make stop_docker
				30	docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
				31
				32	# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
				33	stop_docker:
				34	docker rm ${DOCKER_CONTAINER} -f 1>/dev/null \|\| true
				35
				36	#Clear all files related to certificates
				37	clear_all:
				38	@make clear_existing_certificates
				39	@make clear_unused_files
				40
				41	#Clear certificates
				42	clear_existing_certificates:
				43	@echo "Clear certificates"
				44	${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
				45	@echo "#####done#####"
				46
				47	#Generate root private and public keys
				48	root_generate_keys:
				49	@echo "Generate root private and public keys"
				50	${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
				51	-dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
				52	-storepass secret -ext BasicConstraints:critical="ca:true"
				53	@echo "#####done#####"
				54
				55	#Export public key as certificate
				56	root_create_certificate:
				57	@echo "(Export public key as certificate)"
				58	${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
				59	@echo "#####done#####"
				60
				61	#Self-signed root (import root certificate into truststore)
				62	root_self_sign_certificate:
				63	@echo "(Self-signed root (import root certificate into truststore))"
				64	${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
				65	@echo "#####done#####"
				66
				67	#Generate certService's client private and public keys
				68	client_generate_keys:
				69	@echo "Generate certService's client private and public keys"
				70	${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
				71	-keystore certServiceClient-keystore.jks -storetype JKS \
				72	-dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
				73	-keypass secret -storepass secret
				74	@echo "####done####"
				75
				76	#Generate certificate signing request for certService's client
				77	client_generate_csr:
				78	@echo "Generate certificate signing request for certService's client"
				79	${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
				80	@echo "####done####"
				81
				82	#Sign certService's client certificate by root CA
				83	client_sign_certificate_by_root:
				84	@echo "Sign certService's client certificate by root CA"
				85	${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
				86	-outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
				87	@echo "####done####"
				88
				89	#Import root certificate into client
				90	client_import_root_certificate:
				91	@echo "Import root certificate into intermediate"
				92	${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
				93	@echo "####done####"
				94
				95	#Import signed certificate into certService's client
				96	client_convert_certificate_to_jks:
				97	@echo "Import signed certificate into certService's client"
				98	${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
				99	@echo "####done####"
				100
				101	#Generate certService private and public keys
				102	server_generate_keys:
				103	@echo "Generate certService private and public keys"
				104	${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
				105	-keystore certServiceServer-keystore.jks -storetype JKS \
				106	-dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
				107	-keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
				108	@echo "####done####"
				109
				110	#Generate certificate signing request for certService
				111	server_generate_csr:
				112	@echo "Generate certificate signing request for certService"
				113	${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
				114	@echo "####done####"
				115
				116	#Sign certService certificate by root CA
				117	server_sign_certificate_by_root:
				118	@echo "Sign certService certificate by root CA"
				119	${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
				120	-outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
				121	-ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
				122	@echo "####done####"
				123
				124	#Import root certificate into server
				125	server_import_root_certificate:
				126	@echo "Import root certificate into intermediate(server)"
				127	${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
				128	@echo "####done####"
				129
				130	#Import signed certificate into certService
				131	server_convert_certificate_to_jks:
				132	@echo "Import signed certificate into certService"
				133	${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
				134	-storepass secret -noprompt
				135	@echo "####done####"
				136
				137	#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
				138	server_convert_certificate_to_p12:
				139	@echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
				140	${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
				141	-destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
				142	@echo "#####done#####"
				143
				144	#Clear unused certificates
				145	clear_unused_files:
				146	@echo "Clear unused certificates"
				147	${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
				148	@echo "#####done#####"