Commit d01b21ed authored by Guillermo Sanz López's avatar Guillermo Sanz López
Browse files

create pubkey in nginx

parent dbc9aa72
Loading
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -46,7 +46,7 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do
    # Make the request to Vault and store the response in a variable
    RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \
        --header "X-Vault-Token: $VAULT_TOKEN" \
        --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_crt')
        --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub')

    echo "$RESPONSE"

+17 −14
Original line number Diff line number Diff line
@@ -114,20 +114,23 @@ def verbose_formatter():
    )


with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as f:
    pem_data = f.read()
with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as pub_file:
        pub_data = pub_file.read()
        
# Extract the first certificate from the PEM (even if it comes in a bundle)
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
# with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as f:
#     pem_data = f.read()

# Extract the public key
public_key = cert.public_key()
# # Extract the first certificate from the PEM (even if it comes in a bundle)
# cert = x509.load_pem_x509_certificate(pem_data, default_backend())

# Convert the public key to PEM (which JWT needs)
pub_data = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
# # Extract the public key
# public_key = cert.public_key()

# # Convert the public key to PEM (which JWT needs)
# pub_data = public_key.public_bytes(
#     encoding=serialization.Encoding.PEM,
#     format=serialization.PublicFormat.SubjectPublicKeyInfo,
# )



+1 −1
Original line number Diff line number Diff line
@@ -46,7 +46,7 @@ while [ $ATTEMPT -lt $MAX_RETRIES ]; do
    # Make the request to Vault and store the response in a variable
    RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \
        --header "X-Vault-Token: $VAULT_TOKEN" \
        --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_crt')
        --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub')

    echo "$RESPONSE"

+10 −3
Original line number Diff line number Diff line
@@ -125,7 +125,12 @@ fi


###############################################################
# 4) CCF_ID RETRIEVAL (from helper, inside docker network)
# 4) Extract the public key from server.crt
###############################################################
openssl x509 -pubkey -noout -in server.crt > server_pub.pem

###############################################################
# 5) CCF_ID RETRIEVAL (from helper, inside docker network)
###############################################################
HELPER_URL="http://helper:8080/helper/api/getCcfId"
ATTEMPT_CCFID=0
@@ -160,12 +165,13 @@ fi


###############################################################
# 5) STORE CERTIFICATES IN VAULT UNDER capif/<ccf_id>
# 6) STORE CERTIFICATES IN VAULT UNDER capif/<ccf_id>
###############################################################
echo "Storing CAPIF certificates in Vault..."

SERVER_CRT_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.crt)
SERVER_KEY_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server.key)
SERVER_PUB_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' server_pub.pem)
CA_ESCAPED=$(sed ':a;N;$!ba;s/\n/\\n/g' ca.crt)

# Store the server certificate, private key and CA certificate in Vault under secret/data/capif/<ccf_id>/nginx
@@ -177,6 +183,7 @@ VAULT_RESPONSE=$(curl -s -w "%{http_code}" -o /tmp/vault_resp.json \
    \"data\": {
      \"server_crt\": \"${SERVER_CRT_ESCAPED}\",
      \"server_key\": \"${SERVER_KEY_ESCAPED}\",
      \"server_pub\": \"${SERVER_PUB_ESCAPED}\",
      \"ca\": \"${CA_ESCAPED}\"
    }
  }" \
@@ -192,7 +199,7 @@ echo "Certificates successfully stored in Vault namespace: secret/capif/$CCF_ID"


###############################################################
# 6) START NGINX
# 7) START NGINX
###############################################################

LOG_LEVEL=$(echo "${LOG_LEVEL}" | tr '[:upper:]' '[:lower:]')