aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBartek Grzybowski <b.grzybowski@partner.samsung.com>2020-07-30 09:36:24 +0000
committerGerrit Code Review <gerrit@onap.org>2020-07-30 09:36:24 +0000
commit9031bef617fc2996b5b2182ad07e2531c10e145c (patch)
tree60ff0abf6ca69ceac5ccf4fad9f3a6ad7701dde9
parent66eee8ddc9024899892630f35c8479b43c75a1df (diff)
parent2015144ab3a335fe2d0a39f64b6da7b488252040 (diff)
Merge "[SDNC-Netconf-TLS] Update SDNC CSIT"
-rw-r--r--plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh4
-rw-r--r--plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh1
-rwxr-xr-xscripts/sdnc/netconf-pnp-simulator/docker-compose.yml2
-rw-r--r--tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env1
-rw-r--r--tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env1
-rw-r--r--tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py62
-rw-r--r--tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot2
7 files changed, 49 insertions, 24 deletions
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh
index 2a0451d1..a2020aee 100644
--- a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh
@@ -30,7 +30,6 @@ chmod +x "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config
export TEMP_DIR_PATH=${TEMP_DIR_PATH}
# Create temp directory to bind with docker containers
-mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp
mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs
mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data
@@ -54,6 +53,9 @@ echo "Reinstall pyOpenSSL library."
pip uninstall pyopenssl -y
pip install pyopenssl==17.5.0
+# Install PYJKS for .jks files management
+pip install pyjks
+
# Disable Proxy - for local run
unset http_proxy https_proxy
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh
index 2f451d50..b780ed49 100644
--- a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh
@@ -21,6 +21,5 @@ docker-compose -f "${SCRIPTS}"/sdnc/netconf-pnp-simulator/docker-compose.yml dow
make clear -C "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs
-rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp
rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs
rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data \ No newline at end of file
diff --git a/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml
index 67a75c94..d8e723ba 100755
--- a/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml
+++ b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
services:
netconf-pnp-simulator:
- image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.8.5
+ image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.8.6
container_name: netconf-simulator
restart: always
ports:
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env
index 557860de..e85ab6cc 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env
@@ -2,6 +2,7 @@
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
+OUTPUT_TYPE=P12
KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
index 28411797..57894753 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
@@ -2,6 +2,7 @@
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
+OUTPUT_TYPE=JKS
KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
index ceff9742..b2399dfb 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
@@ -25,6 +25,7 @@ import shutil
import subprocess
import docker
+import jks
from OpenSSL import crypto
from docker.types import Mount
@@ -42,8 +43,10 @@ class ClientManager:
self.serverKeyPem = mount_path + '/server_key.pem'
self.serverCertPem = mount_path + '/server_cert.pem'
self.keystoreJksPath = mount_path + '/keystore.jks'
+ self.keystoreP12Path = mount_path + '/keystore.p12'
self.keystorePassPath = mount_path + '/keystore.pass'
self.truststoreJksPath = mount_path + '/truststore.jks'
+ self.truststoreP12Path = mount_path + '/truststore.p12'
self.truststorePassPath = mount_path + '/truststore.pass'
# Function Create docker container.
@@ -65,10 +68,27 @@ class ClientManager:
exitcode = container.wait()
return exitcode
+ # Function to validate keystore/truststore can be opened with generated pass-phrase.
+ def can_open_keystore_and_truststore_with_pass(self, container_name):
+ if container_name != NETCONF_PNP_SIM_CONTAINER_NAME:
+ return self.can_open_keystore_and_truststore_jks_files()
+ else:
+ return self.can_open_keystore_and_truststore_p12_files()
+
# Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase.
- def can_open_keystore_and_truststore_with_pass(self):
- can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
- can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
+ def can_open_keystore_and_truststore_jks_files(self):
+ try:
+ jks.KeyStore.load(self.keystoreJksPath, open(self.keystorePassPath, 'rb').read())
+ jks.KeyStore.load(self.truststoreJksPath, open(self.truststorePassPath, 'rb').read())
+ return True
+ except Exception as e:
+ print("UnExpected Error in validating keystore.jks/truststore.jks: {0}".format(e))
+ return False
+
+ # Function to validate keystore.p12/truststore.p12 can be opened with generated pass-phrase.
+ def can_open_keystore_and_truststore_p12_files(self):
+ can_open_keystore = self.can_open_p12_file_with_pass_file(self.keystorePassPath, self.keystoreP12Path)
+ can_open_truststore = self.can_open_p12_file_with_pass_file(self.truststorePassPath, self.truststoreP12Path)
return can_open_keystore & can_open_truststore
# Method for Uploading Certificate in SDNC-Container.
@@ -76,9 +96,9 @@ class ClientManager:
def can_install_keystore_and_truststore_certs(self, cmd, container_name):
continue_exec = True
if container_name == NETCONF_PNP_SIM_CONTAINER_NAME:
- print("Generating PEM files for {0} from JKS files".format(container_name))
- continue_exec = self.create_pem(self.keystorePassPath, self.keystoreJksPath, self.truststorePassPath,
- self.truststoreJksPath)
+ print("Generating PEM files for {0} from P12 files".format(container_name))
+ continue_exec = self.create_pem(self.keystorePassPath, self.keystoreP12Path, self.truststorePassPath,
+ self.truststoreP12Path)
if continue_exec:
print("Initiate Configuration Push for : {0}".format(container_name))
resp_code = self.execute_bash_config(cmd, container_name)
@@ -89,19 +109,22 @@ class ClientManager:
print("Execution Failed for: {0}".format(container_name))
return False
- def create_pem(self, keystore_pass_file_path, keystore_jks_file_path, truststore_pass_file_path,
- truststore_jks_file_path):
+ def create_pem(self, keystore_pass_path, keystore_p12_path, truststore_pass_path, truststore_p12_path):
# Create [server_key.pem, server_cert.pem, ca.pem] files for Netconf-Pnp-Simulation/TLS Configuration.
try:
- keystore_p12 = self.get_pkcs12(keystore_pass_file_path, keystore_jks_file_path)
- truststore_p12 = self.get_pkcs12(truststore_pass_file_path, truststore_jks_file_path)
with open(self.serverKeyPem, "wb+") as key_file:
- key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, keystore_p12.get_privatekey()))
+ key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+ self.get_pkcs12(keystore_pass_path,
+ keystore_p12_path).get_privatekey()))
with open(self.serverCertPem, "wb+") as server_cert_file:
- server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, keystore_p12.get_certificate()))
+ server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM,
+ self.get_pkcs12(keystore_pass_path,
+ keystore_p12_path).get_certificate()))
with open(self.caCertPem, "wb+") as ca_cert_file:
ca_cert_file.write(
- crypto.dump_certificate(crypto.FILETYPE_PEM, truststore_p12.get_ca_certificates()[0]))
+ crypto.dump_certificate(crypto.FILETYPE_PEM,
+ self.get_pkcs12(truststore_pass_path,
+ truststore_p12_path).get_ca_certificates()[0]))
return True
except IOError as err:
print("I/O Error: {0}".format(err))
@@ -110,12 +133,12 @@ class ClientManager:
print("UnExpected Error: {0}".format(e))
return False
- def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
+ def can_open_p12_file_with_pass_file(self, pass_file_path, p12_file_path):
try:
- if jks_file_path.split('/')[-1] == 'truststore.jks':
- pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_ca_certificates()[0]
+ if p12_file_path.split('/')[-1] == 'truststore.p12':
+ pkcs12 = self.get_pkcs12(pass_file_path, p12_file_path).get_ca_certificates()[0]
else:
- pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_certificate()
+ pkcs12 = self.get_pkcs12(pass_file_path, p12_file_path).get_certificate()
if pkcs12 is None:
return False
return True
@@ -143,11 +166,10 @@ class ClientManager:
shutil.rmtree(self.mount_path)
@staticmethod
- def get_pkcs12(pass_file_path, jks_file_path):
+ def get_pkcs12(pass_file_path, p12_file_path):
# Load PKCS12 Object
password = open(pass_file_path, 'rb').read()
- p12 = crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
- return p12
+ return crypto.load_pkcs12(open(p12_file_path, 'rb').read(), password)
@staticmethod
def execute_bash_config(cmd, container_name):
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
index 8e36e65f..a7fbcccc 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
@@ -76,7 +76,7 @@ Run Cert Service Client And Validate JKS File Creation And Client Exit Code
[Documentation] Run Cert Service Client Container And Validate Exit Code For SDNC
[Arguments] ${env_file} ${CONTAINER_NAME} ${expected_exit_code}
${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
- ${can_open}= Can Open Keystore And Truststore With Pass
+ ${can_open}= Can Open Keystore And Truststore With Pass ${CONTAINER_NAME}
${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONTAINER_NAME}
Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}