Loading services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh +1 −1 Original line number Original line Diff line number Diff line Loading @@ -46,7 +46,7 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do # Make the request to Vault and store the response in a variable # Make the request to Vault and store the response in a variable RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ --header "X-Vault-Token: $VAULT_TOKEN" \ --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_crt') --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub') echo "$RESPONSE" echo "$RESPONSE" Loading services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/app.py +17 −14 Original line number Original line Diff line number Diff line Loading @@ -114,20 +114,23 @@ def verbose_formatter(): ) ) with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as f: with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as pub_file: pem_data = f.read() pub_data = pub_file.read() # Extract the first certificate from the PEM (even if it comes in a bundle) # with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as f: cert = x509.load_pem_x509_certificate(pem_data, default_backend()) # pem_data = f.read() # Extract the public key # # Extract the first certificate from the PEM (even if it comes in a bundle) public_key = cert.public_key() # cert = x509.load_pem_x509_certificate(pem_data, default_backend()) # Convert the public key to PEM (which JWT needs) # # Extract the public key pub_data = public_key.public_bytes( # public_key = cert.public_key() encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, # # Convert the public key to PEM (which JWT needs) ) # pub_data = public_key.public_bytes( # encoding=serialization.Encoding.PEM, # format=serialization.PublicFormat.SubjectPublicKeyInfo, # ) Loading services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh +1 −1 Original line number Original line Diff line number Diff line Loading @@ -46,7 +46,7 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do # Make the request to Vault and store the response in a variable # Make the request to Vault and store the response in a variable RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ --header "X-Vault-Token: $VAULT_TOKEN" \ --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_crt') --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub') echo "$RESPONSE" echo "$RESPONSE" Loading services/nginx/nginx_prepare.sh +10 −3 Original line number Original line Diff line number Diff line Loading @@ -125,7 +125,12 @@ fi ############################################################### ############################################################### # 4) CCF_ID RETRIEVAL (from helper, inside docker network) # 4) Extract the public key from server.crt ############################################################### openssl x509 -pubkey -noout -in server.crt > server_pub.pem ############################################################### # 5) CCF_ID RETRIEVAL (from helper, inside docker network) ############################################################### ############################################################### HELPER_URL="http://helper:8080/helper/api/getCcfId" HELPER_URL="http://helper:8080/helper/api/getCcfId" ATTEMPT_CCFID=0 ATTEMPT_CCFID=0 Loading Loading @@ -160,12 +165,13 @@ fi ############################################################### ############################################################### # 5) STORE CERTIFICATES IN VAULT UNDER capif/<ccf_id> # 6) STORE CERTIFICATES IN VAULT UNDER capif/<ccf_id> ############################################################### ############################################################### echo "Storing CAPIF certificates in Vault..." echo "Storing CAPIF certificates in Vault..." SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.crt) SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.crt) SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.key) SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.key) SERVER_PUB_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server_pub.pem) CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' ca.crt) CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' ca.crt) # Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx # Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx Loading @@ -177,6 +183,7 @@ VAULT_RESPONSE=$(curl -s -w "%{http_code}" -o /tmp/vault_resp.json \ \"data\": { \"data\": { \"server_crt\": \"${SERVER_CRT_ESCAPED}\", \"server_crt\": \"${SERVER_CRT_ESCAPED}\", \"server_key\": \"${SERVER_KEY_ESCAPED}\", \"server_key\": \"${SERVER_KEY_ESCAPED}\", \"server_pub\": \"${SERVER_PUB_ESCAPED}\", \"ca\": \"${CA_ESCAPED}\" \"ca\": \"${CA_ESCAPED}\" } } }" \ }" \ Loading @@ -192,7 +199,7 @@ echo "Certificates successfully stored in Vault namespace: secret/capif/$CCF_ID" ############################################################### ############################################################### # 6) START NGINX # 7) START NGINX ############################################################### ############################################################### LOG_LEVEL=$(echo "${LOG_LEVEL}" | tr '[:upper:]' '[:lower:]') LOG_LEVEL=$(echo "${LOG_LEVEL}" | tr '[:upper:]' '[:lower:]') Loading Loading
services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh +1 −1 Original line number Original line Diff line number Diff line Loading @@ -46,7 +46,7 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do # Make the request to Vault and store the response in a variable # Make the request to Vault and store the response in a variable RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ --header "X-Vault-Token: $VAULT_TOKEN" \ --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_crt') --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub') echo "$RESPONSE" echo "$RESPONSE" Loading
services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/app.py +17 −14 Original line number Original line Diff line number Diff line Loading @@ -114,20 +114,23 @@ def verbose_formatter(): ) ) with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as f: with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as pub_file: pem_data = f.read() pub_data = pub_file.read() # Extract the first certificate from the PEM (even if it comes in a bundle) # with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as f: cert = x509.load_pem_x509_certificate(pem_data, default_backend()) # pem_data = f.read() # Extract the public key # # Extract the first certificate from the PEM (even if it comes in a bundle) public_key = cert.public_key() # cert = x509.load_pem_x509_certificate(pem_data, default_backend()) # Convert the public key to PEM (which JWT needs) # # Extract the public key pub_data = public_key.public_bytes( # public_key = cert.public_key() encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, # # Convert the public key to PEM (which JWT needs) ) # pub_data = public_key.public_bytes( # encoding=serialization.Encoding.PEM, # format=serialization.PublicFormat.SubjectPublicKeyInfo, # ) Loading
services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh +1 −1 Original line number Original line Diff line number Diff line Loading @@ -46,7 +46,7 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do # Make the request to Vault and store the response in a variable # Make the request to Vault and store the response in a variable RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ --header "X-Vault-Token: $VAULT_TOKEN" \ --header "X-Vault-Token: $VAULT_TOKEN" \ --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_crt') --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub') echo "$RESPONSE" echo "$RESPONSE" Loading
services/nginx/nginx_prepare.sh +10 −3 Original line number Original line Diff line number Diff line Loading @@ -125,7 +125,12 @@ fi ############################################################### ############################################################### # 4) CCF_ID RETRIEVAL (from helper, inside docker network) # 4) Extract the public key from server.crt ############################################################### openssl x509 -pubkey -noout -in server.crt > server_pub.pem ############################################################### # 5) CCF_ID RETRIEVAL (from helper, inside docker network) ############################################################### ############################################################### HELPER_URL="http://helper:8080/helper/api/getCcfId" HELPER_URL="http://helper:8080/helper/api/getCcfId" ATTEMPT_CCFID=0 ATTEMPT_CCFID=0 Loading Loading @@ -160,12 +165,13 @@ fi ############################################################### ############################################################### # 5) STORE CERTIFICATES IN VAULT UNDER capif/<ccf_id> # 6) STORE CERTIFICATES IN VAULT UNDER capif/<ccf_id> ############################################################### ############################################################### echo "Storing CAPIF certificates in Vault..." echo "Storing CAPIF certificates in Vault..." SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.crt) SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.crt) SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.key) SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.key) SERVER_PUB_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server_pub.pem) CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' ca.crt) CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' ca.crt) # Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx # Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx Loading @@ -177,6 +183,7 @@ VAULT_RESPONSE=$(curl -s -w "%{http_code}" -o /tmp/vault_resp.json \ \"data\": { \"data\": { \"server_crt\": \"${SERVER_CRT_ESCAPED}\", \"server_crt\": \"${SERVER_CRT_ESCAPED}\", \"server_key\": \"${SERVER_KEY_ESCAPED}\", \"server_key\": \"${SERVER_KEY_ESCAPED}\", \"server_pub\": \"${SERVER_PUB_ESCAPED}\", \"ca\": \"${CA_ESCAPED}\" \"ca\": \"${CA_ESCAPED}\" } } }" \ }" \ Loading @@ -192,7 +199,7 @@ echo "Certificates successfully stored in Vault namespace: secret/capif/$CCF_ID" ############################################################### ############################################################### # 6) START NGINX # 7) START NGINX ############################################################### ############################################################### LOG_LEVEL=$(echo "${LOG_LEVEL}" | tr '[:upper:]' '[:lower:]') LOG_LEVEL=$(echo "${LOG_LEVEL}" | tr '[:upper:]' '[:lower:]') Loading
