From: PatrikBuhr Date: Wed, 10 Aug 2022 09:59:24 +0000 (+0200) Subject: Generated new cert X-Git-Tag: 1.4.0~10 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=5fe10ee9bdedd80bdf30cfc026221bd44c70158e;p=nonrtric%2Fplt%2Finformationcoordinatorservice.git Generated new cert The new cert will expire in 10 years. Signed-off-by: PatrikBuhr Issue-ID: NONRTRIC-743 Change-Id: I1c6778e7e4c34b3b547c7876a88983d9dc4dc0e2 --- diff --git a/config/README b/config/README index 140927f..cfde02e 100644 --- a/config/README +++ b/config/README @@ -3,13 +3,15 @@ The keystore.jks and truststore.jks files are created by using the following com 1) Create a CA certificate and a private key: openssl genrsa -des3 -out CA-key.pem 2048 -openssl req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem +openssl req -new -key CA-key.pem -x509 -days 3600 -out CA-cert.pem 2) Create a keystore with a private key entry that is signed by the CA: +Note: your name must be "localhost" + keytool -genkeypair -alias policy_agent -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass policy_agent keytool -certreq -alias policy_agent -file request.csr -keystore keystore.jks -ext san=dns:your.domain.com -storepass policy_agent -openssl x509 -req -days 365 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem +openssl x509 -req -days 3650 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem keytool -importcert -alias ca_cert -file CA-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent keytool -importcert -alias policy_agent -file ca_signed-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent @@ -26,7 +28,7 @@ keytool -list -v -keystore truststore.jks -storepass policy_agent ## License -Copyright (C) 2020 Nordix Foundation. All rights reserved. +Copyright (C) 2022 Nordix Foundation. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/config/keystore.jks b/config/keystore.jks index 122997a..563c67b 100644 Binary files a/config/keystore.jks and b/config/keystore.jks differ diff --git a/config/truststore.jks b/config/truststore.jks index 60d6288..50a0f9e 100644 Binary files a/config/truststore.jks and b/config/truststore.jks differ diff --git a/src/test/java/org/oransc/ics/ApplicationTest.java b/src/test/java/org/oransc/ics/ApplicationTest.java index 4ac4283..b08c455 100644 --- a/src/test/java/org/oransc/ics/ApplicationTest.java +++ b/src/test/java/org/oransc/ics/ApplicationTest.java @@ -43,7 +43,6 @@ import org.json.JSONObject; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; import org.oransc.ics.clients.AsyncRestClient; import org.oransc.ics.clients.AsyncRestClientFactory; import org.oransc.ics.clients.SecurityContext; @@ -93,18 +92,17 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.test.context.TestPropertySource; -import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.web.reactive.function.client.WebClientResponseException; import reactor.core.publisher.Mono; import reactor.test.StepVerifier; -@ExtendWith(SpringExtension.class) @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) @TestPropertySource( properties = { // "server.ssl.key-store=./config/keystore.jks", // "app.webclient.trust-store=./config/truststore.jks", // + "app.webclient.trust-store-used=true", // "app.vardata-directory=./target"}) class ApplicationTest { private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); @@ -206,6 +204,14 @@ class ApplicationTest { assertThat(rsp).isEqualTo("[\"test\"]"); } + @Test + void testTrustValidation() throws Exception { + putInfoProducerWithOneType(PRODUCER_ID, "test"); + String url = A1eConsts.API_ROOT + "/eitypes"; + String rsp = restClient(true).get(url).block(); + assertThat(rsp).isEqualTo("[\"test\"]"); + } + @Test void consumerGetInfoTypes() throws Exception { putInfoProducerWithOneType(PRODUCER_ID, "test");