X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=ntsimulator%2Fdeploy%2Ftls%2Fenable_tls.sh;fp=ntsimulator%2Fdeploy%2Ftls%2Fenable_tls.sh;h=97b539d86b2df2541b4467cea4ad0a7c2c056621;hb=1f1479ff8ce3a268acb7b70a32bb789d859a915b;hp=0000000000000000000000000000000000000000;hpb=34ec819462d5f81ceeb723e47467bf50a8454f34;p=sim%2Fo1-interface.git

diff --git a/ntsimulator/deploy/tls/enable_tls.sh b/ntsimulator/deploy/tls/enable_tls.sh
new file mode 100755
index 0000000..97b539d
--- /dev/null
+++ b/ntsimulator/deploy/tls/enable_tls.sh
@@ -0,0 +1,63 @@
+#! /bin/bash
+################################################################################
+#
+# Copyright 2020 highstreet technologies GmbH and others
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+################################################################################
+
+sleep 10
+
+openssl genrsa -out melacon.server.key 2048
+
+openssl req -new -sha256 -key melacon.server.key -subj "/C=US/ST=CA/O=MeLaCon, Inc./CN=melacon.com" -out melacon.server.csr
+openssl x509 -req -in melacon.server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out melacon.server.crt -days 500 -sha256
+rm melacon.server.csr
+
+MELACON_SERVER_KEY="$(sed '1d;$d' melacon.server.key)"
+
+echo '<action xmlns="urn:ietf:params:xml:ns:yang:1"><keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore"><private-keys><load-private-key><name>melacon_server_key</name>' >> load_private_key.xml
+echo '<private-key>'"$MELACON_SERVER_KEY"'</private-key></load-private-key></private-keys></keystore></action>' >> load_private_key.xml
+
+netopeer2-cli <<END
+auth pref publickey 1000
+auth keys add /home/netconf/.ssh/id_dsa.pub /home/netconf/.ssh/id_dsa
+connect --host 127.0.0.1 --login netconf
+user-rpc --content=load_private_key.xml
+disconnect
+END
+
+rm load_private_key.xml
+
+MELACON_CERT="$(sed '1d;$d' melacon.server.crt)"
+CA_CERT="$(sed '1d;$d' ca.pem)"
+
+echo '<keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore"><private-keys><private-key><name>melacon_server_key</name><certificate-chains><certificate-chain><name>melacon_server_cert</name>' >> load_server_certs.xml
+echo '<certificate>'"$MELACON_CERT"'</certificate></certificate-chain></certificate-chains></private-key></private-keys><trusted-certificates><name>trusted_ca_list</name><trusted-certificate><name>ca</name>' >> load_server_certs.xml
+echo '<certificate>'"$CA_CERT"'</certificate></trusted-certificate></trusted-certificates></keystore>' >> load_server_certs.xml
+
+sysrepocfg --merge=load_server_certs.xml --format=xml ietf-keystore
+rm load_server_certs.xml
+
+echo '<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server"><listen>' >> tls_endpoints.xml
+echo '<endpoint><name>MNG_TLS_1</name><tls><address>0.0.0.0</address><port>837</port><certificates><certificate><name>melacon_server_cert</name></certificate></certificates><client-auth><trusted-ca-certs>trusted_ca_list</trusted-ca-certs><cert-maps><cert-to-name><id>1</id><fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint><map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type><name>netconf</name></cert-to-name></cert-maps></client-auth></tls></endpoint>' >> tls_endpoints.xml
+echo '<endpoint><name>MNG_TLS_2</name><tls><address>0.0.0.0</address><port>838</port><certificates><certificate><name>melacon_server_cert</name></certificate></certificates><client-auth><trusted-ca-certs>trusted_ca_list</trusted-ca-certs><cert-maps><cert-to-name><id>1</id><fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint><map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type><name>netconf</name></cert-to-name></cert-maps></client-auth></tls></endpoint>' >> tls_endpoints.xml
+echo '<endpoint><name>MNG_TLS_3</name><tls><address>0.0.0.0</address><port>839</port><certificates><certificate><name>melacon_server_cert</name></certificate></certificates><client-auth><trusted-ca-certs>trusted_ca_list</trusted-ca-certs><cert-maps><cert-to-name><id>1</id><fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint><map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type><name>netconf</name></cert-to-name></cert-maps></client-auth></tls></endpoint>' >> tls_endpoints.xml
+echo '</listen></netconf-server>' >> tls_endpoints.xml
+
+sysrepocfg --merge=tls_endpoints.xml --format=xml ietf-netconf-server
+rm tls_endpoints.xml
+
+echo 'Done'
+exit 0
\ No newline at end of file
