Resolved Intermittent failure issue in SDNC CSIT

Issue-ID: INT-1679
Signed-off-by: ajay_dp001 <ajay.deep.singh@est.tech>
Change-Id: I022f6c3dd9c651bf21f3201340ccf1dbd0ad20c7

4 files changed, 123 insertions, 13 deletions

diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
index 57894753..5d647de6 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
@@ -2,7 +2,7 @@
 REQUEST_TIMEOUT=30000
 OUTPUT_PATH=/var/certs
 CA_NAME=RA
-OUTPUT_TYPE=JKS
+OUTPUT_TYPE=PEM
 KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
 KEYSTORE_PASSWORD=secret
 TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
index b2399dfb..b1c024ff 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
@@ -25,7 +25,6 @@ import shutil
 import subprocess
 
 import docker
-import jks
 from OpenSSL import crypto
 from docker.types import Mount
 
@@ -39,13 +38,14 @@ class ClientManager:
     def __init__(self, mount_path, truststore_path):
         self.mount_path = mount_path
         self.truststore_path = truststore_path
+        self.keyPem = mount_path + '/key.pem'
         self.caCertPem = mount_path + '/ca.pem'
         self.serverKeyPem = mount_path + '/server_key.pem'
         self.serverCertPem = mount_path + '/server_cert.pem'
-        self.keystoreJksPath = mount_path + '/keystore.jks'
+        self.keystorePemPath = mount_path + '/keystore.pem'
         self.keystoreP12Path = mount_path + '/keystore.p12'
         self.keystorePassPath = mount_path + '/keystore.pass'
-        self.truststoreJksPath = mount_path + '/truststore.jks'
+        self.truststorePemPath = mount_path + '/truststore.pem'
         self.truststoreP12Path = mount_path + '/truststore.p12'
         self.truststorePassPath = mount_path + '/truststore.pass'
 
@@ -71,18 +71,19 @@ class ClientManager:
     # Function to validate keystore/truststore can be opened with generated pass-phrase.
     def can_open_keystore_and_truststore_with_pass(self, container_name):
         if container_name != NETCONF_PNP_SIM_CONTAINER_NAME:
-            return self.can_open_keystore_and_truststore_jks_files()
+            return self.can_open_keystore_and_truststore_pem_files()
         else:
             return self.can_open_keystore_and_truststore_p12_files()
 
-    # Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase.
-    def can_open_keystore_and_truststore_jks_files(self):
+    # Function to validate keystore.pem/truststore.pem exist and are not empty.
+    def can_open_keystore_and_truststore_pem_files(self):
         try:
-            jks.KeyStore.load(self.keystoreJksPath, open(self.keystorePassPath, 'rb').read())
-            jks.KeyStore.load(self.truststoreJksPath, open(self.truststorePassPath, 'rb').read())
-            return True
+            private_key = self.file_exist_and_not_empty(self.keyPem)
+            keystore_pem = self.file_exist_and_not_empty(self.keystorePemPath)
+            truststore_pem = self.file_exist_and_not_empty(self.truststorePemPath)
+            return private_key and keystore_pem and truststore_pem
         except Exception as e:
-            print("UnExpected Error in validating keystore.jks/truststore.jks: {0}".format(e))
+            print("UnExpected Error in validating keystore.pem/truststore.pem: {0}".format(e))
             return False
 
     # Function to validate keystore.p12/truststore.p12 can be opened with generated pass-phrase.
@@ -93,12 +94,14 @@ class ClientManager:
 
     # Method for Uploading Certificate in SDNC-Container.
     # Creating/Uploading Server-key, Server-cert, Ca-cert PEM files in Netconf-Pnp-Simulator.
-    def can_install_keystore_and_truststore_certs(self, cmd, container_name):
+    def can_install_keystore_and_truststore_certs(self, cmd, cmd_tls, container_name):
         continue_exec = True
         if container_name == NETCONF_PNP_SIM_CONTAINER_NAME:
             print("Generating PEM files for {0} from P12 files".format(container_name))
             continue_exec = self.create_pem(self.keystorePassPath, self.keystoreP12Path, self.truststorePassPath,
                                             self.truststoreP12Path)
+        else:
+            cmd = cmd_tls
         if continue_exec:
             print("Initiate Configuration Push for : {0}".format(container_name))
             resp_code = self.execute_bash_config(cmd, container_name)
@@ -165,6 +168,9 @@ class ClientManager:
     def remove_mount_dir(self):
         shutil.rmtree(self.mount_path)
 
+    def file_exist_and_not_empty(self, path_to_file):
+        return os.path.isfile(path_to_file) and os.path.getsize(path_to_file) > 0
+
     @staticmethod
     def get_pkcs12(pass_file_path, p12_file_path):
         # Load PKCS12 Object
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
new file mode 100755
index 00000000..323f8100
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o errexit
+set -o pipefail
+set -o nounset
+[ "${SHELL_XTRACE:-false}" = "true" ] && set -o xtrace
+
+CONFIG=${CONFIG:-"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data}
+CONTAINER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' sdnc)
+ODL_URL=${ODL_URL:-http://"${CONTAINER_IP}":8282}
+PROC_NAME=${0##*/}
+PROC_NAME=${PROC_NAME%.sh}
+
+function now_ms() {
+    # Requires coreutils package
+    date +"%Y-%m-%d %H:%M:%S.%3N"
+}
+
+function log() {
+    local level=$1
+    shift
+    local message="$*"
+    printf "%s %-5s [%s] %s\n" "$(now_ms)" $level $PROC_NAME "$message"
+}
+
+# Extracts the body of a PEM file by removing the dashed header and footer
+pem_body() {
+    grep -Fv -- ----- $1
+}
+
+CA_CERT_ID=xNF_CA_certificate_0_0
+CA_CERT=$(pem_body $CONFIG/truststore.pem)
+
+SERVER_PRIV_KEY_ID=ODL_private_key_0
+SERVER_KEY=$(pem_body $CONFIG/key.pem)
+SERVER_CERT=$(pem_body $CONFIG/keystore.pem)
+
+RESTCONF_URL=$ODL_URL/restconf
+NETCONF_KEYSTORE_PATH=$RESTCONF_URL/config/netconf-keystore:keystore
+
+xcurl() {
+    curl -s -o /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -w %{http_code} "$@"
+}
+
+log INFO Delete Keystore
+sc=$(xcurl -X DELETE $NETCONF_KEYSTORE_PATH)
+
+if [ "$sc" != "200" -a "$sc" != "404" ]; then
+    log ERROR "Keystore deletion failed with SC=$sc"
+    exit 1
+fi
+
+log INFO Load CA certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+  \"trusted-certificate\": [
+    {
+      \"name\": \"$CA_CERT_ID\",
+      \"certificate\": \"$CA_CERT\"
+    }
+  ]
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+    log ERROR Trusted-certificate update failed with SC=$sc
+    exit 1
+fi
+
+log INFO Load server private key and certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+  \"private-key\": {
+    \"name\": \"$SERVER_PRIV_KEY_ID\",
+    \"certificate-chain\": [
+      \"$SERVER_CERT\"
+    ],
+    \"data\": \"$SERVER_KEY\"
+  }
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+    log ERROR Private-key update failed with SC=$sc
+    exit 1
+fi
\ No newline at end of file
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
index a7fbcccc..52cc5d2f 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
@@ -77,7 +77,7 @@ Run Cert Service Client And Validate JKS File Creation And Client Exit Code
     [Arguments]   ${env_file}  ${CONTAINER_NAME}  ${expected_exit_code}
     ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
     ${can_open}=  Can Open Keystore And Truststore With Pass  ${CONTAINER_NAME}
-    ${install_certs}=  Can Install Keystore And Truststore Certs  ${CONF_SCRIPT}  ${CONTAINER_NAME}
+    ${install_certs}=  Can Install Keystore And Truststore Certs  ${CONF_SCRIPT}  ${CONF_TLS_SCRIPT}  ${CONTAINER_NAME}
     Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  positive_path
     Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
     Should Be True  ${can_open}  Cannot Open Keystore/TrustStore by Passphrase