aboutsummaryrefslogtreecommitdiffstats
path: root/tests/aaf/certservice/libraries
diff options
context:
space:
mode:
authorJoanna Jeremicz <joanna.jeremicz@nokia.com>2020-03-19 14:51:51 +0100
committerJoanna Jeremicz <joanna.jeremicz@nokia.com>2020-03-25 08:47:25 +0100
commit9c14f196a10973a07bf8da1c8033e491b5efaf3b (patch)
tree5e1865ed8de326081353dee3ad91b061b315fd38 /tests/aaf/certservice/libraries
parent7405933ba6de25b33ca577e714f298b9fe82beee (diff)
Verification of fields in trust/key store
Issue-ID: AAF-1107 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic5b897115980be19ca23f07778b5b9763764446c
Diffstat (limited to 'tests/aaf/certservice/libraries')
-rw-r--r--tests/aaf/certservice/libraries/CertClientManager.py47
-rw-r--r--tests/aaf/certservice/libraries/EnvsReader.py11
-rw-r--r--tests/aaf/certservice/libraries/JksFilesValidator.py70
3 files changed, 91 insertions, 37 deletions
diff --git a/tests/aaf/certservice/libraries/CertClientManager.py b/tests/aaf/certservice/libraries/CertClientManager.py
index 792b6939..a959c9ee 100644
--- a/tests/aaf/certservice/libraries/CertClientManager.py
+++ b/tests/aaf/certservice/libraries/CertClientManager.py
@@ -2,22 +2,23 @@ import docker
import os
import shutil
import re
-from OpenSSL import crypto
+from EnvsReader import EnvsReader
from docker.types import Mount
ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/"
-MOUNT_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp"
ERROR_API_REGEX = 'Error on API response.*[0-9]{3}'
RESPONSE_CODE_REGEX = '[0-9]{3}'
-
class CertClientManager:
+ def __init__(self, mount_path):
+ self.mount_path = mount_path
+
def run_client_container(self, client_image, container_name, path_to_env, request_url, network):
self.create_mount_dir()
client = docker.from_env()
- environment = self.read_list_env_from_file(path_to_env)
+ environment = EnvsReader().read_env_list_from_file(path_to_env)
environment.append("REQUEST_URL=" + request_url)
container = client.containers.run(
image=client_image,
@@ -25,55 +26,27 @@ class CertClientManager:
environment=environment,
network=network,
user='root', #Run container as root to avoid permission issues with volume mount access
- mounts=[Mount(target='/var/certs', source=MOUNT_PATH, type='bind')],
+ mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind')],
detach=True
)
exitcode = container.wait()
return exitcode
- def read_list_env_from_file(self, path):
- f = open(path, "r")
- r_list = []
- for line in f:
- line = line.strip()
- if line[0] != "#":
- r_list.append(line)
- return r_list
-
def remove_client_container_and_save_logs(self, container_name, log_file_name):
client = docker.from_env()
container = client.containers.get(container_name)
- text_file = open(ARCHIVES_PATH + "container_" + log_file_name + ".log", "w")
+ text_file = open(ARCHIVES_PATH + "client_container_" + log_file_name + ".log", "w")
text_file.write(container.logs())
text_file.close()
container.remove()
self.remove_mount_dir()
- def can_open_keystore_and_truststore_with_pass(self):
- keystore_pass_path = MOUNT_PATH + '/keystore.pass'
- keystore_jks_path = MOUNT_PATH + '/keystore.jks'
- can_open_keystore = self.can_open_jks_file_by_pass_file(keystore_pass_path, keystore_jks_path)
-
- truststore_pass_path = MOUNT_PATH + '/truststore.pass'
- truststore_jks_path = MOUNT_PATH + '/truststore.jks'
- can_open_truststore = self.can_open_jks_file_by_pass_file(truststore_pass_path, truststore_jks_path)
-
- return can_open_keystore & can_open_truststore
-
- def can_open_jks_file_by_pass_file(self, pass_file_path, jks_file_path):
- try:
- password = open(pass_file_path, 'rb').read()
- crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
- return True
- except:
- return False
-
def create_mount_dir(self):
- if not os.path.exists(MOUNT_PATH):
- os.makedirs(MOUNT_PATH)
+ if not os.path.exists(self.mount_path):
+ os.makedirs(self.mount_path)
def remove_mount_dir(self):
- shutil.rmtree(MOUNT_PATH)
+ shutil.rmtree(self.mount_path)
def can_find_api_response_in_logs(self, container_name):
logs = self.get_container_logs(container_name)
diff --git a/tests/aaf/certservice/libraries/EnvsReader.py b/tests/aaf/certservice/libraries/EnvsReader.py
new file mode 100644
index 00000000..cc60eed6
--- /dev/null
+++ b/tests/aaf/certservice/libraries/EnvsReader.py
@@ -0,0 +1,11 @@
+
+class EnvsReader:
+
+ def read_env_list_from_file(self, path):
+ f = open(path, "r")
+ r_list = []
+ for line in f:
+ line = line.strip()
+ if line[0] != "#":
+ r_list.append(line)
+ return r_list
diff --git a/tests/aaf/certservice/libraries/JksFilesValidator.py b/tests/aaf/certservice/libraries/JksFilesValidator.py
new file mode 100644
index 00000000..8c150de4
--- /dev/null
+++ b/tests/aaf/certservice/libraries/JksFilesValidator.py
@@ -0,0 +1,70 @@
+from OpenSSL import crypto
+from cryptography.x509.oid import ExtensionOID
+from cryptography import x509
+from EnvsReader import EnvsReader
+
+class JksFilesValidator:
+
+ def __init__(self, mount_path):
+ self.keystorePassPath = mount_path + '/keystore.pass'
+ self.keystoreJksPath = mount_path + '/keystore.jks'
+ self.truststorePassPath = mount_path + '/truststore.pass'
+ self.truststoreJksPath = mount_path + '/truststore.jks'
+
+ def get_and_compare_data(self, path_to_env):
+ data = self.get_data(path_to_env)
+ return data, self.contains_expected_data(data)
+
+ def can_open_keystore_and_truststore_with_pass(self):
+ can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
+ can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
+
+ return can_open_keystore & can_open_truststore
+
+ def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
+ try:
+ self.get_certificate(pass_file_path, jks_file_path)
+ return True
+ except:
+ return False
+
+ def get_data(self, path_to_env):
+ envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+ certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath)
+ data = self.get_owner_data_from_certificate(certificate)
+ data['SANS'] = self.get_sans(certificate)
+ return type('', (object,), {"expectedData": envs, "actualData": data})
+
+ def contains_expected_data(self, data):
+ expectedData = data.expectedData
+ actualData = data.actualData
+ return cmp(expectedData, actualData) == 0
+
+ def get_owner_data_from_certificate(self, certificate):
+ list = certificate.get_subject().get_components()
+ return dict((k, v) for k, v in list)
+
+ def get_certificate(self, pass_file_path, jks_file_path):
+ password = open(pass_file_path, 'rb').read()
+ crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
+ return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate()
+
+ def get_sans(self, cert):
+ extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+ dnsList = extension.value.get_values_for_type(x509.DNSName)
+ return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
+
+ def get_envs_as_dict(self, list):
+ envs = self.get_list_of_pairs_by_mappings(list)
+ return self.remove_nones_from_dict(envs)
+
+ def remove_nones_from_dict(self, dictionary):
+ return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
+
+ def get_list_of_pairs_by_mappings(self, list):
+ mappings = self.get_mappings()
+ listOfEnvs = map(lambda k: k.split('='), list)
+ return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
+
+ def get_mappings(self):
+ return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}