Loading services/TS29222_CAPIF_Publish_Service_API/prepare_publish.sh +9 −3 Original line number Diff line number Diff line Loading @@ -19,9 +19,15 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do ATTEMPT=$((ATTEMPT+1)) RESP=$(curl -s -k --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx") CRT=$(echo "$RESP" | jq -r '.data.data.server_crt // empty') KEY=$(echo "$RESP" | jq -r '.data.data.server_key // empty') CA=$(echo "$RESP" | jq -r '.data.data.ca // empty') # skip this attempt if Vault didn't return valid JSON yet if ! printf '%s' "$RESP" | jq -e . >/dev/null 2>&1; then echo "[prepare_publish] invalid/empty JSON from Vault, retrying" sleep $RETRY_DELAY continue fi CRT=$(printf '%s' "$RESP" | jq -r '.data.data.server_crt // empty') KEY=$(printf '%s' "$RESP" | jq -r '.data.data.server_key // empty') CA=$(printf '%s' "$RESP" | jq -r '.data.data.ca // empty') if [ -n "$CRT" ] && [ -n "$KEY" ] && [ -n "$CA" ]; then printf '%s\n' "$CRT" > "$CERTS_DIR/server.crt" printf '%s\n' "$KEY" > "$CERTS_DIR/server.key" Loading services/helper/prepare_helper.sh +9 −3 Original line number Diff line number Diff line Loading @@ -19,9 +19,15 @@ fetch_certs() { attempt=$((attempt+1)) resp=$(curl -s -k --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${ccf_id}/nginx") crt=$(echo "$resp" | jq -r '.data.data.server_crt // empty') key=$(echo "$resp" | jq -r '.data.data.server_key // empty') ca=$(echo "$resp" | jq -r '.data.data.ca // empty') # skip this attempt if Vault didn't return valid JSON yet if ! printf '%s' "$resp" | jq -e . >/dev/null 2>&1; then echo "[prepare_helper] invalid/empty JSON from Vault, retrying" sleep $RETRY_DELAY continue fi crt=$(printf '%s' "$resp" | jq -r '.data.data.server_crt // empty') key=$(printf '%s' "$resp" | jq -r '.data.data.server_key // empty') ca=$(printf '%s' "$resp" | jq -r '.data.data.ca // empty') if [ -n "$crt" ] && [ -n "$key" ] && [ -n "$ca" ]; then printf '%s\n' "$crt" > "$CERTS_DIR/server.crt" printf '%s\n' "$key" > "$CERTS_DIR/server.key" Loading services/nginx/nginx_prepare.sh +8 −13 Original line number Diff line number Diff line Loading @@ -186,24 +186,19 @@ store_certs_in_vault() { ############################################################### echo "Storing CAPIF certificates in Vault..." SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/server.crt) SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/server.key) SERVER_PUB_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/server_pub.pem) CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/ca.crt) # Build the payload with jq so all newlines/CRs/control chars are escaped correctly PAYLOAD=$(jq -n \ --rawfile crt "$CERTS_FOLDER/server.crt" \ --rawfile key "$CERTS_FOLDER/server.key" \ --rawfile pub "$CERTS_FOLDER/server_pub.pem" \ --rawfile ca "$CERTS_FOLDER/ca.crt" \ '{data: {server_crt: $crt, server_key: $key, server_pub: $pub, ca: $ca}}') # Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx VAULT_RESPONSE=$(curl -s -w "%{http_code}" -o /tmp/vault_resp.json \ -X POST \ -H "X-Vault-Token: $VAULT_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"data\": { \"server_crt\": \"${SERVER_CRT_ESCAPED}\", \"server_key\": \"${SERVER_KEY_ESCAPED}\", \"server_pub\": \"${SERVER_PUB_ESCAPED}\", \"ca\": \"${CA_ESCAPED}\" } }" \ -d "$PAYLOAD" \ "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx") if [ "$VAULT_RESPONSE" != "200" ] && [ "$VAULT_RESPONSE" != "204" ]; then Loading Loading
services/TS29222_CAPIF_Publish_Service_API/prepare_publish.sh +9 −3 Original line number Diff line number Diff line Loading @@ -19,9 +19,15 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do ATTEMPT=$((ATTEMPT+1)) RESP=$(curl -s -k --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx") CRT=$(echo "$RESP" | jq -r '.data.data.server_crt // empty') KEY=$(echo "$RESP" | jq -r '.data.data.server_key // empty') CA=$(echo "$RESP" | jq -r '.data.data.ca // empty') # skip this attempt if Vault didn't return valid JSON yet if ! printf '%s' "$RESP" | jq -e . >/dev/null 2>&1; then echo "[prepare_publish] invalid/empty JSON from Vault, retrying" sleep $RETRY_DELAY continue fi CRT=$(printf '%s' "$RESP" | jq -r '.data.data.server_crt // empty') KEY=$(printf '%s' "$RESP" | jq -r '.data.data.server_key // empty') CA=$(printf '%s' "$RESP" | jq -r '.data.data.ca // empty') if [ -n "$CRT" ] && [ -n "$KEY" ] && [ -n "$CA" ]; then printf '%s\n' "$CRT" > "$CERTS_DIR/server.crt" printf '%s\n' "$KEY" > "$CERTS_DIR/server.key" Loading
services/helper/prepare_helper.sh +9 −3 Original line number Diff line number Diff line Loading @@ -19,9 +19,15 @@ fetch_certs() { attempt=$((attempt+1)) resp=$(curl -s -k --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${ccf_id}/nginx") crt=$(echo "$resp" | jq -r '.data.data.server_crt // empty') key=$(echo "$resp" | jq -r '.data.data.server_key // empty') ca=$(echo "$resp" | jq -r '.data.data.ca // empty') # skip this attempt if Vault didn't return valid JSON yet if ! printf '%s' "$resp" | jq -e . >/dev/null 2>&1; then echo "[prepare_helper] invalid/empty JSON from Vault, retrying" sleep $RETRY_DELAY continue fi crt=$(printf '%s' "$resp" | jq -r '.data.data.server_crt // empty') key=$(printf '%s' "$resp" | jq -r '.data.data.server_key // empty') ca=$(printf '%s' "$resp" | jq -r '.data.data.ca // empty') if [ -n "$crt" ] && [ -n "$key" ] && [ -n "$ca" ]; then printf '%s\n' "$crt" > "$CERTS_DIR/server.crt" printf '%s\n' "$key" > "$CERTS_DIR/server.key" Loading
services/nginx/nginx_prepare.sh +8 −13 Original line number Diff line number Diff line Loading @@ -186,24 +186,19 @@ store_certs_in_vault() { ############################################################### echo "Storing CAPIF certificates in Vault..." SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/server.crt) SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/server.key) SERVER_PUB_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/server_pub.pem) CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' $CERTS_FOLDER/ca.crt) # Build the payload with jq so all newlines/CRs/control chars are escaped correctly PAYLOAD=$(jq -n \ --rawfile crt "$CERTS_FOLDER/server.crt" \ --rawfile key "$CERTS_FOLDER/server.key" \ --rawfile pub "$CERTS_FOLDER/server_pub.pem" \ --rawfile ca "$CERTS_FOLDER/ca.crt" \ '{data: {server_crt: $crt, server_key: $key, server_pub: $pub, ca: $ca}}') # Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx VAULT_RESPONSE=$(curl -s -w "%{http_code}" -o /tmp/vault_resp.json \ -X POST \ -H "X-Vault-Token: $VAULT_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"data\": { \"server_crt\": \"${SERVER_CRT_ESCAPED}\", \"server_key\": \"${SERVER_KEY_ESCAPED}\", \"server_pub\": \"${SERVER_PUB_ESCAPED}\", \"ca\": \"${CA_ESCAPED}\" } }" \ -d "$PAYLOAD" \ "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx") if [ "$VAULT_RESPONSE" != "200" ] && [ "$VAULT_RESPONSE" != "204" ]; then Loading