X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=ntsimulator%2Fdeploy%2Ftls%2Fenable_tls.sh;h=97ba4c229e20887e70b1356703aff580a378cba8;hb=f2d8f1002fa93848c80a88e5658db4816cba3020;hp=97b539d86b2df2541b4467cea4ad0a7c2c056621;hpb=1f1479ff8ce3a268acb7b70a32bb789d859a915b;p=sim%2Fo1-interface.git

diff --git a/ntsimulator/deploy/tls/enable_tls.sh b/ntsimulator/deploy/tls/enable_tls.sh
index 97b539d..97ba4c2 100755
--- a/ntsimulator/deploy/tls/enable_tls.sh
+++ b/ntsimulator/deploy/tls/enable_tls.sh
@@ -24,6 +24,24 @@ openssl genrsa -out melacon.server.key 2048
 openssl req -new -sha256 -key melacon.server.key -subj "/C=US/ST=CA/O=MeLaCon, Inc./CN=melacon.com" -out melacon.server.csr
 openssl x509 -req -in melacon.server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out melacon.server.crt -days 500 -sha256
 rm melacon.server.csr
+ssh-keygen -y -f melacon.server.key > melacon.server.key.pub
+
+SSH_PUB_KEY="$(cat /home/netconf/.ssh/id_dsa.pub| awk '{print $2}')"
+SSH_PUB_KEY_MELACON="$(cat melacon.server.key.pub | awk '{print $2}')"
+
+echo '<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system"><authentication><user><name>netconf</name>'  >> load_auth_pubkey.xml
+echo '<authorized-key><name>ssh_key</name><algorithm>ssh-dss</algorithm>' >> load_auth_pubkey.xml
+echo '<key-data>'"$SSH_PUB_KEY"'</key-data></authorized-key>' >> load_auth_pubkey.xml
+echo '<authorized-key><name>melacon_server_key</name><algorithm>ssh-rsa</algorithm>' >> load_auth_pubkey.xml
+echo '<key-data>'"$SSH_PUB_KEY_MELACON"'</key-data></authorized-key></user></authentication></system>' >> load_auth_pubkey.xml
+
+sysrepocfg --merge=load_auth_pubkey.xml --format=xml ietf-system
+rm load_auth_pubkey.xml
+
+if [ $IPv6Enabled = "true" ]; then
+   ssh-keyscan -p 830 :: >> ~/.ssh/known_hosts
+fi
+ssh-keyscan -p 830 127.0.0.1 >> /root/.ssh/known_hosts
 
 MELACON_SERVER_KEY="$(sed '1d;$d' melacon.server.key)"
 
@@ -50,14 +68,8 @@ echo '<certificate>'"$CA_CERT"'</certificate></trusted-certificate></trusted-cer
 sysrepocfg --merge=load_server_certs.xml --format=xml ietf-keystore
 rm load_server_certs.xml
 
-echo '<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server"><listen>' >> tls_endpoints.xml
-echo '<endpoint><name>MNG_TLS_1</name><tls><address>0.0.0.0</address><port>837</port><certificates><certificate><name>melacon_server_cert</name></certificate></certificates><client-auth><trusted-ca-certs>trusted_ca_list</trusted-ca-certs><cert-maps><cert-to-name><id>1</id><fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint><map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type><name>netconf</name></cert-to-name></cert-maps></client-auth></tls></endpoint>' >> tls_endpoints.xml
-echo '<endpoint><name>MNG_TLS_2</name><tls><address>0.0.0.0</address><port>838</port><certificates><certificate><name>melacon_server_cert</name></certificate></certificates><client-auth><trusted-ca-certs>trusted_ca_list</trusted-ca-certs><cert-maps><cert-to-name><id>1</id><fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint><map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type><name>netconf</name></cert-to-name></cert-maps></client-auth></tls></endpoint>' >> tls_endpoints.xml
-echo '<endpoint><name>MNG_TLS_3</name><tls><address>0.0.0.0</address><port>839</port><certificates><certificate><name>melacon_server_cert</name></certificate></certificates><client-auth><trusted-ca-certs>trusted_ca_list</trusted-ca-certs><cert-maps><cert-to-name><id>1</id><fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint><map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type><name>netconf</name></cert-to-name></cert-maps></client-auth></tls></endpoint>' >> tls_endpoints.xml
-echo '</listen></netconf-server>' >> tls_endpoints.xml
-
-sysrepocfg --merge=tls_endpoints.xml --format=xml ietf-netconf-server
-rm tls_endpoints.xml
+# enable the SSH and TLS connections, according to the configuration file
+./enable_connections.sh
 
 echo 'Done'
 exit 0
\ No newline at end of file
