# Configuration from the following modules will be imported to the sysrepo datastore.
# 1. Each module's configuration file should be placed under the $CONFIG_PATH folder with .xml extension, e.g. ietf-truststore.xml.
# 2. Script will replace all variable placeholders with corresponding environment variables, e.g. $CALL_HOME_SERVER_IP.
-# Please, note that following environment variables will be set according to the provided keys(under the $CONFIG_PATH folder):
+# Please, note that following environment variables will be set according to the provided keys and certificates(under the $CONFIG_PATH/certs folder):
# - $NP_PRIVKEY
# - $NP_PUBKEY
+# - $NP_CA_CERT
+# - $NP_CLIENT_CERT
+# - $NP_SERVER_PRIVATE_KEY
+# - $NP_SERVER_PUBLIC_KEY
+# - $NP_SERVER_CERTIFICATE
+# - $NP_CLIENT_CERT_FINGERPRINT
# 3. Modules must be provided in the correct order.
-MODULES_LIST=("ietf-keystore" "ietf-netconf-server")
+MODULES_LIST=("ietf-truststore" "ietf-keystore" "ietf-netconf-server")
import_module()
{
IFS=
export NP_PRIVKEY=`cat /etc/ssh/ssh_host_rsa_key | sed -u '1d; $d'`
export NP_PUBKEY=`openssl rsa -in /etc/ssh/ssh_host_rsa_key -pubout | sed -u '1d; $d'`
+
+if [ -d "$CONFIG_PATH/certs" ]; then
+ export NP_CA_CERT=`sed -u '1d; $d' $CONFIG_PATH/certs/ca.pem`
+ export NP_CLIENT_CERT=`sed -u '1d; $d' $CONFIG_PATH/certs/client.crt`
+ export NP_SERVER_PRIVATE_KEY=`sed -u '1d; $d' $CONFIG_PATH/certs/server.key`
+ export NP_SERVER_PUBLIC_KEY=`sed -u '1d; $d' $CONFIG_PATH/certs/server.pub`
+ export NP_SERVER_CERTIFICATE=`sed -u '1d; $d' $CONFIG_PATH/certs/server.crt`
+ export NP_CLIENT_CERT_FINGERPRINT=`openssl x509 -noout -fingerprint -in $CONFIG_PATH/certs/ca.pem -sha1 | cut -d'=' -f2-`
+fi
IFS=$SAVEIFS
# Import all provided configuration files for netopeer