VOL-1397: Adtran-OLT - Initial containerization commit
- Need to move VERSION to base directory
Change-Id: I9d62d0607a011ce642e379fd92b35ec48b300070
diff --git a/pki/Makefile b/pki/Makefile
new file mode 100644
index 0000000..d3d9a18
--- /dev/null
+++ b/pki/Makefile
@@ -0,0 +1,97 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# VOLTHA pki makefile
+# Configuration is also given in voltha.cnf
+
+SHELL = bash -eu -o pipefail
+
+# parameters
+
+KEY_SIZE ?= 2048
+EXPIRATION_DAYS ?= 366
+
+
+# utility/validation targets
+
+help:
+ @echo "Usually you want to run 'make voltha.crt'"
+
+validate:
+ openssl verify -verbose -purpose sslserver -CAfile voltha-CA.pem voltha.crt
+
+printca: voltha-CA.pem
+ openssl x509 -in voltha-CA.pem -text -noout
+
+printkey: voltha.key
+ openssl rsa -in voltha.key -check
+
+printcsr: voltha.csr
+ openssl req -in voltha.csr -text -noout -verify
+
+printcrt: voltha.crt
+ openssl x509 -in voltha.crt -text -noout
+
+clean:
+ rm -rf root_ca voltha-CA.pem voltha.key voltha.csr voltha.crt
+
+# CA creation
+
+root_ca:
+ mkdir -p root_ca/private root_ca/newcerts
+ chmod 700 root_ca/private
+ echo 1000 > root_ca/serial
+ touch root_ca/index.txt
+
+root_ca/private/ca_root_phrase: root_ca
+ @echo "TestingVOLTHARootCAPassPhrase" > root_ca/private/ca_root_phrase
+
+root_ca/private/ca_key.pem: root_ca root_ca/private/ca_root_phrase
+ @echo "## Creating CA private key"
+ openssl genrsa -aes256 \
+ -passout file:root_ca/private/ca_root_phrase \
+ -out root_ca/private/ca_key.pem $(KEY_SIZE)
+
+voltha-CA.pem: voltha.cnf root_ca/private/ca_key.pem
+ @echo "## Creating self-signed CA public key: voltha-CA.pem"
+ openssl req -config voltha.cnf \
+ -new -x509 -days $(EXPIRATION_DAYS) -sha256 \
+ -extensions v3_ca \
+ -key root_ca/private/ca_key.pem \
+ -passin file:root_ca/private/ca_root_phrase \
+ -subj "/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Test Root CA" \
+ -out voltha-CA.pem
+
+# server cert creation
+
+voltha.key:
+ @echo "## Creating server private key: voltha.key"
+ openssl genrsa -out voltha.key $(KEY_SIZE)
+
+voltha.csr: voltha.cnf voltha.key
+ @echo "## Creating signing request voltha.csr from voltha.key"
+ openssl req -config voltha.cnf \
+ -new -sha256 -key voltha.key \
+ -subj "/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Server" \
+ -out voltha.csr
+
+voltha.crt: voltha-CA.pem voltha.cnf voltha.key voltha.csr
+ @echo "## Signing voltha.csr to create signed public key: voltha.crt"
+ openssl ca -config voltha.cnf \
+ -batch -days $(EXPIRATION_DAYS) -md sha256 \
+ -passin file:root_ca/private/ca_root_phrase \
+ -extensions server_cert \
+ -in voltha.csr \
+ -out voltha.crt
+
diff --git a/pki/voltha-CA.pem b/pki/voltha-CA.pem
new file mode 100644
index 0000000..a71091b
--- /dev/null
+++ b/pki/voltha-CA.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIJAPp3/HUhTzcGMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApNZW5sbyBQYXJr
+MQwwCgYDVQQKDANPTkYxFTATBgNVBAsMDFRlc3RpbmcgT25seTEcMBoGA1UEAwwT
+Vk9MVEhBIFRlc3QgUm9vdCBDQTAeFw0xODA3MTAxODQwMDVaFw0xOTA3MTExODQw
+MDVaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQH
+DApNZW5sbyBQYXJrMQwwCgYDVQQKDANPTkYxFTATBgNVBAsMDFRlc3RpbmcgT25s
+eTEcMBoGA1UEAwwTVk9MVEhBIFRlc3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMEawmybBpHIWVLGm9gqnfg4IpNNczCAeOB2w5UqsqIR
+mHMSa/f+wjDRztHhp+6FQfqN1ycWmrUAPyfYn63laRPM2VlnNOa0g8iS0uif2AaY
+3ms7PbjDNug2jtj/P7PNikHrd6cW/lWEXPhgGSWscNtlFvAjVwTs9pO6nELtw6XW
+wEgF40XB8UnwatD3J61G0TfcDlJMg0qMiTsnQzgrb6hUSI7IRSUKypFRii5lXts1
+Zt3VYz2yViMDat18ICz+oiVE3EL6YfTebM27m9UhhQn4BnBxwU18zcACz1SHGOPg
++hGFbO5NsXnVabvyNNuHabb4lDCYwcL8xGaPeqtm3jsCAwEAAaNjMGEwHQYDVR0O
+BBYEFBbNGGwDeW6Zmz9tF/QhGiExBmpnMB8GA1UdIwQYMBaAFBbNGGwDeW6Zmz9t
+F/QhGiExBmpnMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqG
+SIb3DQEBCwUAA4IBAQByQh5RKK5j01jjeBkCV0eonlMMWMKDIemKQLN6zlU3wvTV
+7++F1FT3IOhM3Oe/kS3JF7mG/jIhQuiycbIvmth/eUdPNJpePTHSilYVHLPXVMl2
+YUfkMyj5aRZCzSdzPfWEkJu/PceyBJP7vjnpOYOraqf6lU6sXBuTLVWRZADEQ9b4
+0oKa59pzOxFdtdDU5Pfnj/Vzaxsw8bpt/JINQb6VIqd71TASAdsuoQZXdYy7rvkl
+29M1gv2bTLxU7jE+5jIgfPtOde6cJeeuSNhKqaFJxTrbZFj4ZgQ4zXsr6QzO/hbV
+kLN8QechIcnf6F4tOTWEiPhs3yIE/947tFT3ZLcx
+-----END CERTIFICATE-----
diff --git a/pki/voltha.cnf b/pki/voltha.cnf
new file mode 100644
index 0000000..7552010
--- /dev/null
+++ b/pki/voltha.cnf
@@ -0,0 +1,89 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+dir = ./root_ca
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+
+private_key = $dir/private/ca_key.pem
+certificate = voltha-CA.pem
+
+# Make new requests easier to sign - allow two subjects with same name
+# (Or revoke the old certificate first.)
+unique_subject = no
+preserve = no
+
+# for CA that signs client certs
+policy = policy_loose
+
+[ policy_loose ]
+# Allow the to sign more types of certs
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+default_bits = 2048
+default_days = 366
+default_md = sha256
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+# Defaults DN
+countryName_default = US
+stateOrProvinceName_default = California
+localityName_default = Menlo Park
+0.organizationName_default = ONF
+organizationalUnitName_default = Testing Only
+commonName = VOLTHA Testing
+emailAddress_default = do-not-reply@opencord.org
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:TRUE
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+basicConstraints = CA:FALSE
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = 'DNS:voltha.dns'
+
diff --git a/pki/voltha.crt b/pki/voltha.crt
new file mode 100644
index 0000000..efeef03
--- /dev/null
+++ b/pki/voltha.crt
@@ -0,0 +1,92 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=ONF, OU=Testing Only, CN=VOLTHA Test Root CA
+ Validity
+ Not Before: Jul 10 18:40:05 2018 GMT
+ Not After : Jul 11 18:40:05 2019 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=ONF, OU=Testing Only, CN=VOLTHA Server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c6:90:b9:38:0e:d5:38:bd:20:54:8f:82:56:2b:
+ 54:da:16:6f:a2:84:63:99:f8:4b:8c:24:be:c6:17:
+ ee:ce:b1:e4:27:4c:4f:e0:7b:b9:1c:0c:a7:9d:45:
+ 37:39:1d:b0:41:fb:96:49:f4:02:1c:66:87:3a:87:
+ e6:59:fc:9d:4d:fb:73:74:50:8a:39:25:5c:7e:8f:
+ b4:de:3e:d5:10:5e:91:53:da:6a:3e:57:db:18:d8:
+ da:c6:33:90:ee:0a:6d:4d:e2:e9:cb:1b:21:c8:59:
+ 3e:e6:b2:bd:ee:d2:95:70:f7:0e:98:4e:bc:04:6b:
+ 5b:4f:63:0b:25:d8:0e:4f:10:f8:30:92:19:a8:1b:
+ a1:3a:be:51:73:24:bc:0f:f0:4c:26:8f:df:2a:a8:
+ cc:d8:38:7e:ad:d0:f5:cc:e9:e9:76:d8:3e:ff:55:
+ 94:23:69:74:8f:d2:00:51:c5:d6:56:61:09:0f:5e:
+ 70:4c:5f:5e:d6:a4:47:58:ff:73:40:c5:5e:e0:14:
+ 73:6c:8b:4d:54:e2:fc:d7:94:60:64:9b:db:2a:d6:
+ 38:a0:d3:ae:2e:47:d3:74:3c:0f:c0:fe:c6:af:af:
+ a0:08:1f:20:a8:3a:a7:74:58:af:94:35:66:4b:7c:
+ 97:26:1b:03:23:0f:3d:0a:9d:ea:9b:06:d4:96:ca:
+ 5c:4d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ F9:71:CB:9B:DC:B0:AB:C3:70:04:1B:9E:63:D0:21:01:CE:35:FF:19
+ X509v3 Authority Key Identifier:
+ keyid:16:CD:18:6C:03:79:6E:99:9B:3F:6D:17:F4:21:1A:21:31:06:6A:67
+ DirName:/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Test Root CA
+ serial:FA:77:FC:75:21:4F:37:06
+
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Alternative Name:
+ DNS:voltha.dns
+ Signature Algorithm: sha256WithRSAEncryption
+ 12:3e:b8:73:d1:ab:77:ec:7a:b0:d8:8e:94:8e:3c:fd:ff:b0:
+ 25:bf:e8:51:d7:b9:ae:55:03:28:cb:a2:9b:fb:86:9c:35:55:
+ 2b:c8:0c:c6:a9:b4:41:a3:12:d3:26:c9:33:93:4a:a1:7c:ad:
+ 06:eb:d5:d0:a4:63:e1:ad:7f:76:d7:7b:2b:44:ab:43:2b:26:
+ 84:a2:d6:5d:68:fc:bb:1b:15:3e:63:32:34:e8:1a:a4:d9:81:
+ 4b:28:17:e8:f7:1d:3a:d5:cb:37:87:77:04:3f:96:6d:17:e6:
+ 1e:90:0e:a8:6c:01:58:84:d4:1a:b4:9f:51:79:9c:03:23:1b:
+ b6:97:0c:28:a4:af:67:0b:da:b2:fa:6e:41:49:00:8a:36:11:
+ f8:80:50:61:03:c3:b5:df:f7:e5:ea:4b:9c:3f:68:68:e0:f8:
+ 78:f1:1d:ff:0b:23:45:2a:d6:19:a8:f6:b9:19:25:e0:46:ce:
+ 8b:56:ca:e5:da:2a:35:65:b8:e2:8d:6d:46:1e:9f:f3:4b:4d:
+ 7a:c0:f5:48:71:42:f6:95:f9:e5:c9:61:8f:7a:96:63:88:64:
+ 68:55:3e:d6:c6:c0:e2:cd:c9:03:93:87:4e:6f:c4:b4:fb:c3:
+ c4:ec:93:ad:88:28:17:fc:77:b8:a2:99:f6:26:ca:6f:36:2d:
+ 26:4f:d3:44
+-----BEGIN CERTIFICATE-----
+MIIEhTCCA22gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwejELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxvIFBhcmsxDDAKBgNV
+BAoMA09ORjEVMBMGA1UECwwMVGVzdGluZyBPbmx5MRwwGgYDVQQDDBNWT0xUSEEg
+VGVzdCBSb290IENBMB4XDTE4MDcxMDE4NDAwNVoXDTE5MDcxMTE4NDAwNVowdDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEzARBgNVBAcMCk1lbmxv
+IFBhcmsxDDAKBgNVBAoMA09ORjEVMBMGA1UECwwMVGVzdGluZyBPbmx5MRYwFAYD
+VQQDDA1WT0xUSEEgU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAxpC5OA7VOL0gVI+CVitU2hZvooRjmfhLjCS+xhfuzrHkJ0xP4Hu5HAynnUU3
+OR2wQfuWSfQCHGaHOofmWfydTftzdFCKOSVcfo+03j7VEF6RU9pqPlfbGNjaxjOQ
+7gptTeLpyxshyFk+5rK97tKVcPcOmE68BGtbT2MLJdgOTxD4MJIZqBuhOr5RcyS8
+D/BMJo/fKqjM2Dh+rdD1zOnpdtg+/1WUI2l0j9IAUcXWVmEJD15wTF9e1qRHWP9z
+QMVe4BRzbItNVOL815RgZJvbKtY4oNOuLkfTdDwPwP7Gr6+gCB8gqDqndFivlDVm
+S3yXJhsDIw89Cp3qmwbUlspcTQIDAQABo4IBGTCCARUwHQYDVR0OBBYEFPlxy5vc
+sKvDcAQbnmPQIQHONf8ZMIGsBgNVHSMEgaQwgaGAFBbNGGwDeW6Zmz9tF/QhGiEx
+BmpnoX6kfDB6MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTETMBEG
+A1UEBwwKTWVubG8gUGFyazEMMAoGA1UECgwDT05GMRUwEwYDVQQLDAxUZXN0aW5n
+IE9ubHkxHDAaBgNVBAMME1ZPTFRIQSBUZXN0IFJvb3QgQ0GCCQD6d/x1IU83BjAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAV
+BgNVHREEDjAMggp2b2x0aGEuZG5zMA0GCSqGSIb3DQEBCwUAA4IBAQASPrhz0at3
+7Hqw2I6Ujjz9/7Alv+hR17muVQMoy6Kb+4acNVUryAzGqbRBoxLTJskzk0qhfK0G
+69XQpGPhrX9213srRKtDKyaEotZdaPy7GxU+YzI06Bqk2YFLKBfo9x061cs3h3cE
+P5ZtF+YekA6obAFYhNQatJ9ReZwDIxu2lwwopK9nC9qy+m5BSQCKNhH4gFBhA8O1
+3/fl6kucP2ho4Ph48R3/CyNFKtYZqPa5GSXgRs6LVsrl2io1ZbjijW1GHp/zS016
+wPVIcUL2lfnlyWGPepZjiGRoVT7WxsDizckDk4dOb8S0+8PE7JOtiCgX/He4opn2
+JspvNi0mT9NE
+-----END CERTIFICATE-----
diff --git a/pki/voltha.key b/pki/voltha.key
new file mode 100644
index 0000000..614efa1
--- /dev/null
+++ b/pki/voltha.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAxpC5OA7VOL0gVI+CVitU2hZvooRjmfhLjCS+xhfuzrHkJ0xP
+4Hu5HAynnUU3OR2wQfuWSfQCHGaHOofmWfydTftzdFCKOSVcfo+03j7VEF6RU9pq
+PlfbGNjaxjOQ7gptTeLpyxshyFk+5rK97tKVcPcOmE68BGtbT2MLJdgOTxD4MJIZ
+qBuhOr5RcyS8D/BMJo/fKqjM2Dh+rdD1zOnpdtg+/1WUI2l0j9IAUcXWVmEJD15w
+TF9e1qRHWP9zQMVe4BRzbItNVOL815RgZJvbKtY4oNOuLkfTdDwPwP7Gr6+gCB8g
+qDqndFivlDVmS3yXJhsDIw89Cp3qmwbUlspcTQIDAQABAoIBAQCjM4YYbhCP7too
+xj8A5eJ60V/1ukxG2430ZKssE7WiyxFTv2QThH0Tcc898wq9dgpNYSQYKmalwxs4
+X0RUB82er6IoIp5I880+9Ixa8leaea+GtQkHrpwUov/FUdK343gNQQiZd/ZfPgL2
+CEkVhp1vWI/1XRkppLdK24PpGdhA4KXOKJTXrNCf4p7oJz+rEQrGuWrmHcoQV6Kc
+TrBMFvRRTaL6C2f+Nww8HMtpJjCCgMYNkHLH4sL2SbPiORwBJdXq+ajYfxqL6Swx
+DGUJqBJs8m1DDIAFDiDGhDiwLDBA/as8Ii1+wpayPfa5ulUvh3EkTyku9SXbJxJg
+7SBrzwVhAoGBAOno5coqNebro27vEKLnZX/Ttw1DWfklNuvF1e+O2nlttDL0K27p
+fMK2SAcIPz0RDFpt0kNuzMTkblvXseKZgnnYdVeDM0jIjfSDYyi6aI62UiTIb+m1
+mHljCBXu/V9kxNgcvt7R4rPStVtzvAI+I4kNxibh5O2XYw1MwsPdIDV1AoGBANlR
+UuZA1SKLgUMV5dFuJ7w31QY93AHq+XYbBbXM85IyQr4u05S6tgEQ0kI4odGP9boU
+GP5qoy3hem2c/K8QbZeGYD83zhsguEkq+FBavtqxCCIFJDvtCu+Hg8uQ4YGxTtdx
+Q9G6XBbL/reJ9o5ptRTm6FO/ya5Q1x5g7okV8bh5AoGBAI+g9MjolmSPOLG7limR
+kN+m7vXz72FvGoQ33J/Wxgxd8pJ/H9RhBrzBFQVMaRhkSYOVf9DsTkxwP9uhXJdZ
+z6Zl5dewtmLw00nbC55MqDtJdLMlaKLHYTLYPnTJZUeYJs7VB9bmZiApODdJn554
+7XUQwiXJ+7pwhN/7zHRcaZSpAoGBALhgghguu2YCvFnhk0m7zuSm7grMowPRi3ND
++/VB/Ql1sSDQc9zFCLQgxHNAvzIglNgaQxZf/TBpFEk5nz0ckA62CKS6QRjNCu2x
+ElqCk1jSSFcsy5A4TkXpUM1+j4VMnNq3E1Y2aflBfEvWNqSfVO519nlPx9ooZks0
+7EzMnHfpAoGBAOWg98M+I/FqziskKlB9QWTnFww/lGTTAGgOBHic0BJElzxiTVrx
+ZtnUCwlPi0fWSdrkWRcNYIMtfcDVA2Ifb9xhDHZLzfxznylhKiKrBSqAnQXjpkF7
+GGJLwMEzAjeb45HxydWoHWa0OaB1T9ZngAJs7mxFWYiPpS9ToO62L/IT
+-----END RSA PRIVATE KEY-----