diff options
15 files changed, 168 insertions, 39 deletions
diff --git a/plans/oom-platform-cert-service/certservice/cmpServers.json b/plans/oom-platform-cert-service/certservice/cmpServers.json index 72564949..0d883eae 100644 --- a/plans/oom-platform-cert-service/certservice/cmpServers.json +++ b/plans/oom-platform-cert-service/certservice/cmpServers.json @@ -3,8 +3,7 @@ { "caName": "Client", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", + "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -13,8 +12,7 @@ { "caName": "RA", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", + "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", "authentication": { "iak": "mypassword", "rv": "mypassword" diff --git a/plans/oom-platform-cert-service/certservice/docker-compose.yml b/plans/oom-platform-cert-service/certservice/docker-compose.yml index 734ea131..dff46881 100644 --- a/plans/oom-platform-cert-service/certservice/docker-compose.yml +++ b/plans/oom-platform-cert-service/certservice/docker-compose.yml @@ -8,6 +8,8 @@ services: ports: - "80:8080" - "443:8443" + environment: + - NO_CREATE_CA=true volumes: - $RESOURCES_PATH/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh - $RESOURCES_PATH/certprofile_CUSTOM_ENDUSER-1834889499.xml:/opt/primekey/custom_profiles/certprofile_CUSTOM_ENDUSER-1834889499.xml diff --git a/plans/oom-platform-cert-service/certservice/resources/ejbca-configuration.sh b/plans/oom-platform-cert-service/certservice/resources/ejbca-configuration.sh index 3eb146db..3094b7f7 100755 --- a/plans/oom-platform-cert-service/certservice/resources/ejbca-configuration.sh +++ b/plans/oom-platform-cert-service/certservice/resources/ejbca-configuration.sh @@ -1,15 +1,30 @@ #!/bin/bash configureEjbca() { + ejbca.sh ca init \ + --caname ManagementCA \ + --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \ + --tokenType soft \ + --keyspec 3072 \ + --keytype RSA \ + -v 3652 \ + --policy null \ + -s SHA256WithRSA \ + -type "x509" ejbca.sh config cmp addalias --alias cmpRA ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature + ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate' + ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA' + ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 + caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p') + ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject" ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true @@ -19,6 +34,13 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN ejbca.sh config cmp dumpalias --alias cmp ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem + #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation) + ejbca.sh roles addrole "Certificate Update Admin" + ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT + ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation" } configureEjbca diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_sans.csr b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_sans.csr new file mode 100644 index 00000000..80b7440a --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_sans.csr @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREdqQ0NBZ0lDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdqRWtvT2RhUitHK0ZNRkVLWndYenRyVHp5dWk3V2ZKQlg0SApsMkU3S3JoTUprQ2ZzWTMydFpzN2JXeHFDWjJJdXhVdDZtWVNqeUJKQU4xelRaWWgwcEl6Z21URkNtTjZ2TmpnCmpVb1ovNUk1QTU5WlVZdVROVnhud0ExOUFGN1RvNm84UUE2S0xQZm5XaHVWYU1kM0h0aWVyQkVLRWNYYzV1UnYKOEdXVUdRajhjSVYzM0NaZnBsaUVodjU0SkM4WGtFU3N5dFFmMWFoWHVrZUszblFobU5XSm9lYlcxR1F0WGxiSgpCbUNsYkNyWCtVeTMrbFpQNmg3Qk5FZlIxU1RSaXFTWVdGUU1nYktPMHFRZEN4SFJ1RkFoV0NGb1hsa0MrT1d4ClkvWkU2UHdsMTNCa205MFlld0JoL1NMTmlIQnFmYUJjNGx5SWZDOEkwRWRpZEdsMTZ3SURBUUFCb0Y0d1hBWUoKS29aSWh2Y05BUWtPTVU4d1RUQkxCZ05WSFJFRVJEQkNnaEZ1WlhjdGRHVnpkQzV2Ym1Gd0xtOXlaNElJYjI1aApjQzV2Y21lSEJIOEFBQUdHRG1aMGNEb3ZMM1JsYzNRdWIzSm5nUTEwWlhOMFFHOXVZWEF1YjNKbk1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUFuK3VyTEp5bGhtVkxuUWx4TnBucUpUNm9KSHA5UWl3VmVPSElIOFRjbnluVnQKNExqUVFNWU9yR2FFNVVEZnlJVVhRdWtUb2RBWGlGeWVoWk1BdUF0Q2IyK3ljc0gzU3cyaVhmOWt5MEttS1FhMgpnTEw0Ymp2MG9rbFJLSzBHRldLMDFhZk82SUpNV3JlakV2U3hOUVpwWmU1TE1pSDFIWG1qeE9sdXZHTEZoUy96CmQwUm1sWHNXNEVQNWFuY2pNalpDRlJCZXhsaThpSmZlcEc2aDJSRVpRR1JRNGZqTDRhbXVvbnVKQ2dNRVR0L1cKKzJWNzhNNWNYWjVoa1NPejhOcWE0SURtNXJsTEhaTnlmM04rTGFWUVVOUnlNTlZKNzN3c1FxdytiS1RsanJWNAozL2pIekhYSmFCTjFNdHNBRnV2MFlJOHFOZ1QwRitWY0JxOUxCVlZaCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_sans.key b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_sans.key new file mode 100644 index 00000000..2389f744 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_sans.key @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRENNU1NnNTFwSDRiNFUKd1VRcG5CZk8ydFBQSzZMdFo4a0ZmZ2VYWVRzcXVFd21RSit4amZhMW16dHRiR29KbllpN0ZTM3FaaEtQSUVrQQozWE5ObGlIU2tqT0NaTVVLWTNxODJPQ05TaG4va2prRG4xbFJpNU0xWEdmQURYMEFYdE9qcWp4QURvb3M5K2RhCkc1Vm94M2NlMko2c0VRb1J4ZHptNUcvd1paUVpDUHh3aFhmY0psK21XSVNHL25na0x4ZVFSS3pLMUIvVnFGZTYKUjRyZWRDR1kxWW1oNXRiVVpDMWVWc2tHWUtWc0t0ZjVUTGY2VmsvcUhzRTBSOUhWSk5HS3BKaFlWQXlCc283UwpwQjBMRWRHNFVDRllJV2hlV1FMNDViRmo5a1RvL0NYWGNHU2IzUmg3QUdIOUlzMkljR3A5b0Z6aVhJaDhMd2pRClIySjBhWFhyQWdNQkFBRUNnZ0VBQXN3U2F2N3FIZjd5YmZvYXNUNitXUXh0NEo0UVNyc2oraUJHbTdlYTBwSzEKQmhnSU5OYUdwemNGTkI1THFMZk1NR1d0czZLa3djc0ZRaTN1YXordVhRb2VFOUsvdzlhSy9nMWhycWRTbUl2UwpwbXExTHFlRUIxQzliZGJENWkxM2Z2UUV5aWRyZGhwY0NzQTY5cmRvejlqdThDdU9xWkxnQzdOZXFXZk5LazhnCll1WGw5SlZVY0p6RGhhdlRCV2JrMWZFclAzZGkzVDFtVjRPSE9vS2N0Zy9PYWpMZlVpSUl5WDZpSHR3VGVXRTEKTDNWMnM2MTdXWURZczVIcWlER0psU0ppL1FtMTgvZnBKMmt4UTJRZG5YZTlmN2FMeVBtWmRPWU1CQTFMUmlhNwpkbmxwVlpvWXZXa1RUZFdHMDAza05PcHlDOVduUCtLRHdLN0krcTRYZ1FLQmdRRHdER21YUUdXK045UFdVazY1CjBJVW50Q0ZjS3FtcTREcFJPRUIwKzJIWEpZczNxNjdvUmp5eXNFL29QOVliK1l6QXIzMnoybytqWkxyeGhLaVgKQW43ck12UUpLaXJkbWN4QkZQMFBxQXlGNWl2aHJJNWkydjBtSm9DcXcra0pvdVg2cy9YNVZGc3pic0Fxa2xKdgpqbWJkbjRKbkc4T1BOa1dadnR3UW1GelNmUUtCZ1FEUEdLUlM2eUg2OEZ5Q0o5akdyQmY1WlZ0bUpmWEJ6azZ1ClpWRXdjKzJlNExXVXJCdFEvcG1ybnY5am4vcTNzbTdBVS9BT3FYMHN5OWhkckw0ZURCN28zMHFQVmh0YTdORmoKbnFTek1kVkxaRGI0T2FudjhyWlNZYmMzOUU1L3cxOStWamxpM25EOUM4SXhORm56Y2ovcmtHRis2NDkxbWdzbwp4dmZpMFhRdWh3S0JnUUNxY3JYYlR6K3ZWS2JYalBRWG5zZWR6SnJQZmYraHRMdlVCaFJHdkdUWnh1L1dwTko2ClhiMGx5R25FNk9jWVVCY3dqcXU4TkpvL2svdm1HS001THUxK0JsMGYwTkJGTDdySUQ2WXRJczlabUhsYU1oT2MKZ0JDMnNTbzFsd3gyNmpOUTA4MzVyM3RleHVvdWtGMTJsdS9WdURoNURFN005dVZ1NlFZTHhwUktaUUtCZ1FESwphUFZDcmRvYVg0NnJEN01LQ3UycnJlcjFIYWpqY1hicGNORTNvRGJoRUJPcGFjV1JGaWF2M01rVVlDbzJITW11ClpOdStHTjNsU0o4Q2YzR2FBSks5WEhDTlE4V2N5dFdrbmt1dmNNZGQxbWI3bWJDRWV4N0R5Z20vUUtMd3NNM0cKdHhPRGxKR3VZUzI5MWNNTTg5K1JweDREWk14a1R0a1ZVOUszOTZ1c1JRS0JnUUNPU2puU2FhcU1tU1hnM2lxQQp4WVIycnp4bnBOSFVyWVZYNG1rV2lOMyt4V1ZwN05wS2I5MGlmSmU4UXVQRXFRbkRuV1I4TC9pQjd2VWFpQ3BECmpWQjVleXpTMnh1MXhMK1BvbEo1ODJCTHNzS2VJMHpFZ2hBRWx2aXgvWk1CeHdNV0tRK0tVZVJ1bVFYNXZiR3QKOWRvRGxETVUxWGp6d0JMNHJSSmRKSUNFRlE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_subject.csr b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_subject.csr new file mode 100644 index 00000000..7e9ea510 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_subject.csr @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREdqQ0NBZ0lDQVFBd2V6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEZUQVRCZ05WQkFNTURHNWxkeTF2Ym1Gd0xtOXlaekNDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0pSOGJTdjlQL1JONmZSbGYrWTR4YWxnd2Z1OEg1RQpMRmhzZmF3N3NYMEo2dDZIelFLa0YxQWFnVGlEODRpRHZua3J3ZUhjeUxsODdDN1d2NVVoaVZ6T0QvWEFqRmQ0Ci9jVVVaeXZPamZWNkxsWmdKTHMwT2JqK2JGNzdSbTdJWnZCeXpwRDJsLy9uOHNMWmxsTlBnY0Y2d1NnbHcwblgKZmxyYysxQUVaYVp6VHFvbStKMEsyZi9QQldQNVdsb29aUGRaOGR3cUI0TnczSmxkUzVwcEczRDVndUhDQmhDeQovRms1N0RVSnhxRDRSYVdKS3UwMnBQL2JqVXBYdjRuajQwNWUrVzZNSjd1blB4M1ZUYXcvUWQ0Mld4ODdJVG1LCjB5UmNVYW5qMGFrSWZSaUFid3VDZkJiWDlKazJjZU05d21qbm5mODlqNDkvNmpyd2lRMTh2bDBDQXdFQUFhQmEKTUZnR0NTcUdTSWIzRFFFSkRqRkxNRWt3UndZRFZSMFJCRUF3UG9JTmRHVnpkQzV2Ym1Gd0xtOXlaNElJYjI1aApjQzV2Y21lSEJIOEFBQUdHRG1aMGNEb3ZMM1JsYzNRdWIzSm5nUTEwWlhOMFFHOXVZWEF1YjNKbk1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUJNRzBwM3lQWHRuRFVWckRreEtweG1MVWk3bWtoamdVLzRkdWFHaHBlSmdyTU4KNGNFVFVHWDdtdWw0aElDckovSGJPMGh5bzdaM2xEaXVCYVhCSmxpU0JXdU4zTmhoNDM5UzBDK1ZEZkVyNGxUZgo4bDlQYXdJRHFVNldhQSs2ejY5WHB4em94YndUK3R3b0ZBdTNtT2U1dVV2bWxNNk1Ma3Q2WE41RnhlUG9Ec21pCjcvRFZDZ3VBWDZNMi92UHpLWGZ2TWFMTzltS0dxNC9WcVpRZ3VHSFZNNUhrbkZQeVJiTUFyV2N3YXBDaWxGNG4KSENiOVdqb1BwZVhxVjFWeUJ2VFhBWTNoRFIwbXlNaFZ2b0QvU2g4UTNjWWttbU1vYlN4WExOZGxsWEt3MFhFagpwY1h6VWtINW5ub2cyQWI3UkVjRnNpQjZ4Qy81WnRpZm1OQWZyVEdYCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_subject.key b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_subject.key new file mode 100644 index 00000000..0bbb2966 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_cr_changed_subject.key @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGlVZkcwci9ULzBUZW4KMFpYL21PTVdwWU1IN3ZCK1JDeFliSDJzTzdGOUNlcmVoODBDcEJkUUdvRTRnL09JZzc1NUs4SGgzTWk1Zk93dQoxcitWSVlsY3pnLzF3SXhYZVAzRkZHY3J6bzMxZWk1V1lDUzdORG00L214ZSswWnV5R2J3Y3M2UTlwZi81L0xDCjJaWlRUNEhCZXNFb0pjTkoxMzVhM1B0UUJHV21jMDZxSnZpZEN0bi96d1ZqK1ZwYUtHVDNXZkhjS2dlRGNOeVoKWFV1YWFSdHcrWUxod2dZUXN2eFpPZXcxQ2NhZytFV2xpU3J0TnFULzI0MUtWNytKNCtOT1h2bHVqQ2U3cHo4ZAoxVTJzUDBIZU5sc2ZPeUU1aXRNa1hGR3A0OUdwQ0gwWWdHOExnbndXMS9TWk5uSGpQY0pvNTUzL1BZK1BmK282CjhJa05mTDVkQWdNQkFBRUNnZ0VCQUxFVVNMaUZ6SDYwNW9VcVdlRUpjUFZ4UDFyZnU5QXY2enFzZUpCZ2pIazMKWDB3S21YL3RnRWd1MU5peGRjVmt2NDN6ak5uNmRCdWVBUGFORkkzTkZidEZoL3RUVXZ2R01Wa1lvN2tFL3RJSgpiV1FzQ2RGb0Jab1hpQmV4SitUYWJLREtVNUhkUUFUOUtWY0lCTFRleXJubUlHZ1hVL3ZjM29LZDBRMUV3M3c5CjF2ZEo2dEhoS0xwRk54dk51M3FoV1QvT0gvVmdkY3RUVzltazgraWNtNVNJRlVxcWlVMlFTc1pYY0hpUzRnS0MKZFBUb1hEbThTVkk1QTI5VlRuUkJIYkt0WEVaSjQwQWFPczVVSWRDUnA2L1Z6WlhtSlQyNUsvNTRad3F3OEZuTAp5SUFEM1dTcTRWSktKQUQ3ZkpkMjcrditxNXJSVnl3dEt1dFBCK2JNU3dFQ2dZRUEvL0t6R1BJMEsvK0h0OWRFCkwwQXVFK0lyY3A2R0lwTXVDZGRKbms1bVdJMm13c3QyeXZOUllyanM3M3UxckZ4QkZHZnNCK2c0NW9Qa2g3YmYKTDRubjI0TlBkZEwxdlM4YW9EME5HUmJQT2JpU2tvYUxwRTBQNjdOeGNHSk1IL2N2ckFrcFhrWGtaaXFHNXZ0NApKUXlvb1k2eUhxMHNpRW1aSHlRRXA1ZklUR0VDZ1lFQTRsMjBkdnBUM2E1cDNRYWwwTG96RjBGTUxFb21LUFM2CmZDOWJPdXhmdC8wbjA1MFVVeUN3TUUydmZqb0JkekNkSjVrNlNCOWJ3L3U2aHBGY1J0TFliTWZId2piUi9OMjgKKzM2Qno5cUxoTWViQjZIRFZRRldGT0kyZ2RsOWlldndFZG9yVmNpOXpDRXk0TEJqTTNqYmtHaGpzR0RlaG9CcgpzZ1B1T3lkc1UzMENnWUVBckRaZ3l5Z3NjbTQ4b3pYMGF0YUVLbHpEWHh2S3BQaml3VHhhREdvejh1RmNrelRUCmVUcStSKzZsZlgxL2Y3bVRFR2ZjS0hYWDAwSnJRZVdKeGpMRURxOExoL3VwM09FVXlUeEswOWJGRjlGWXpiNDUKdHhNaTR6U1ozMFJFZEQyZGxlT1VNaHBVMDJsSjI2RFg5aFhPWU9YaWMwR1I5U0dRSmFQV2ZlMWltQUVDZ1lBTwoyaThaRDF1cFUrUkdTRVZnNkphcGsvTTNoTFgwUWZwcVk0RU00SzEzR1BrZi9WSjBFZFQ5bGx0SllPenZzUlRlCm9FTWVzRkFKRDk4eExTQnMxVEMyRW5XYzNKUHlqMm55NWw0R0VVVE9OWHFLaWFhVFVUOGdwNmNENWcxQ20yUnAKQjNPSWNWOWlvVnNCT3hHSE13clU4c1Izc2lObmw4MTVKS0RnNkxsRzBRS0JnUUNLbm8xOVpyVkc4U21VZzl1ZgpqRWowN21yUXZMNUFiSEJaVXBVVVZESkMvTGdoY25rbDQvNkZGbG83aDdxQ05hN1JHMUwrdWFrVENiaW95bDVFCmZtSWptVEpaVE9ZYTI4M2hYMk1BaXZFbkNVVUd2bVpjK0t1a1lrNS9YK0NCb0ZBWUx0VTdFUit4SExnZ0VIVFAKSEdUVWkvanhDQTNPU3g5c1VqSHQ1WUVqNHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_ir_for_update.csr b/tests/oom-platform-cert-service/certservice/assets/valid_ir_for_update.csr new file mode 100644 index 00000000..7a07d6c3 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_ir_for_update.csr @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREZqQ0NBZjRDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZPKzFuNEpuSzRIRFpmTDBqaFBvOGlYRFpobEtkalFCOVBWTQprZXp1cXpheTJja2NGY2t2aExxc3hRL1JHeHJLaHlZNkRGR2Y1WHVWNkVGYUY3NXF1RlliRlF1REhyV3p0YTFyCmIxQ3pRMFgydDJOOTlFRWVzcGVUUEkzU3dHRHkrb2xveHlvM3E3MXFsdXBRaEtjY2FpZUZRVlFvdzAzZkd5clcKbFJYSENNcjNCZEh2eEtiWFBUSXQ0OFl4ck1CK0FqUUxaUUVyYXlFTitybWlFZlFKUTFvam4rL25hdTZsL1VSVgppcFBVdHJiZVJuZWZRQlpKRzcwVmx0dGtxNUsvQm13Z1djMUtSOC90QnRmVjBFL1hKb2F6Uy9lamo0TCtDWlkrCkhiQTU3YXNmc2VpQ2djL1lBZ2JJRGhLNDg1K3lwbW1mYUpFWEluUDJnSHJkSURCVHh3SURBUUFCb0Zvd1dBWUoKS29aSWh2Y05BUWtPTVVzd1NUQkhCZ05WSFJFRVFEQStnZzEwWlhOMExtOXVZWEF1YjNKbmdnaHZibUZ3TG05eQpaNGNFZndBQUFZWU9ablJ3T2k4dmRHVnpkQzV2Y21lQkRYUmxjM1JBYjI1aGNDNXZjbWN3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFMemxBby9Tczh1ZHpYVWIxdHl1d1BISU03c3dzS3c3WGZHK25mdXpuQ1UrbUZzS01oNlcKWmFXQWtSZ3VUY2d3T2JaNXcwNS9rcjBpZDFrdjJ0WU9xYXViMWZXVisrVmRVSXNZcUoxTENwL3RHU241Rkt6SQpvMVdpcEFOTGJpTEU0MnVPWHA2aHlmeUZsdzhQa2RwdURrUUVrNFV6MGdWK2dVRGZBd0JsOEx3aHdiREY3a3lhCkFiekZrRE5sem9ZemZLRTR4enN5SDNtQlYwdVpGS1lodE9XLzBQYVRnY042NTd6eXRCUGMxMExJaXVDa0NvU2IKYXNueG5FTUJTVU1nbC9YYzM4TFB5WU5BZGNCQTJHS3daeXNBd0J6V3lrNlM1U2x1SG9xcjlJWmdDcldWTlU5YwpGU1VWL29jQWY5Y29CRkRDVXVTWFBxWlpacUxlRnlhclZRRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_ir_for_update.key b/tests/oom-platform-cert-service/certservice/assets/valid_ir_for_update.key new file mode 100644 index 00000000..6405104c --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_ir_for_update.key @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQzg3N1dmZ21jcmdjTmwKOHZTT0UranlKY05tR1VwMk5BSDA5VXlSN082ck5yTFp5UndWeVMrRXVxekZEOUViR3NxSEpqb01VWi9sZTVYbwpRVm9Ydm1xNFZoc1ZDNE1ldGJPMXJXdHZVTE5EUmZhM1kzMzBRUjZ5bDVNOGpkTEFZUEw2aVdqSEtqZXJ2V3FXCjZsQ0VweHhxSjRWQlZDakRUZDhiS3RhVkZjY0l5dmNGMGUvRXB0YzlNaTNqeGpHc3dINENOQXRsQVN0cklRMzYKdWFJUjlBbERXaU9mNytkcTdxWDlSRldLazlTMnR0NUdkNTlBRmtrYnZSV1cyMlNya3I4R2JDQlp6VXBIeiswRwoxOVhRVDljbWhyTkw5Nk9QZ3Y0SmxqNGRzRG50cXgreDZJS0J6OWdDQnNnT0VyanpuN0ttYVo5b2tSY2ljL2FBCmV0MGdNRlBIQWdNQkFBRUNnZ0VCQUx4aFJYWUZUMWpSeVVHZFBMbHNvSmJQa0VQOGM0SG4yUXVraVBQMmlRR3QKU0NaZG51TVo5WWNobWFIaVkxdmpHb3dtVVRwM0tEWm5RdENRV0lQVUdCUXp4a3oxYllieEpIM0FxNTRSbUtzNgoxd09DNzlMYUd3RjJvQmVBVU9IL3lFU0ZQVE5YcEtwWDhpOEc4Y0ZSM2NMNkpLTStobVkwL243WDk1d3VXb1VvCkloWW16Q0J2MmVWSG0veEtLZ01Lai82RWJkdE5uWlRack4rK3ZObmdqZndyTzEzQzR5STYxbzl5dDRzOGpMSHcKMnV4bUcwZ3RBZ0ZCZ0d6UWNFUG5tdEZDWkxYZkhiRVAreklwZ0U0eDZRakYzN05jYThHVmNINEVhOTViWG1LRgplWERlOElvWFJFOU9TZ25SR2hzeTVMUHNlTGYrZG1aVkx1WDNTK2c3WGdFQ2dZRUE2emZMd0U4akRyZUdhM2ExCkV4V2ZZOWZWeDMzWlREdytyYWxZVXBpUTAwWUlWYmRiVlZBZlpxRW1STzVYY2dKOXN1NDZtM3lDc2pZM1M1QnYKZ1daaGtHVmtSSnpoREdYRnpFdmdLcHRZZERNUDZQTzkyOVAyWmxacytnRVhVQlpnRkJ1SW9maWNqSHBuL0VHeAp0VTdGeW5VS1JqbDlDUitqVkN5d28yeGpLVzBDZ1lFQXphRWJuVUNnSTNTOWpvSTYxNVNxcmxCbVhacXpEckFMCi9jNFRPRTltVUhSeDduZ0I0ektERFd4Zys4NnVJQlBEUmc4RkVpQVFxb1g2bi9pUW9iKzFNdXRpYWE4ZUQ2ODIKVmFCL0hsT2NKMHdLVUlPZU0rNnh3WDhOUlRxb09KUjFEeUt3dThTWUNLN3BxcHRoSDgycmhZQ0pqRERlTnp6dwpwUnE1T3hWUEJZTUNnWUI1KzNhVDViWjFsR0dHYTRwZU9sRnRrdW9QeWNrZUN3UXFSVzlEYmxGMDc1VzA5aURNCmJuL0tWbm9sTjBGc0k3U1NUWTloUVVINkw3bWZXMmtvUHpNTGtqbGNoOHNDQmVsOUdFQkplRVI0Qmw4UzNReXgKNnd1V2FPMmMvV0hjcTYzcDM1bU0vZ1FacWdVeFFkUnFCVTczdnBpMGNHM1NoSERNWDF5L2M1ODlSUUtCZ1FDbwpGT0wvblUzSTdhbnNqU01RQ09PamJQRGYzbzR5bVZDVC9CalYxSUVyanFONmEvb08vc0VFL2V3Z3FJYklqWjcyCjYxd1h2c0lnd1RkbC84WXBrUXpLUElITEpXdUxJb3RsWHJYSjBrbzREUDM1Wmp5dzhwRzJPdVpjQ21CckwxNm8KS3BFUVN0aURjSVpzQUdwWmxzSjNjK1A3Qmc3K1UvL1kxWWxIZEZtTmhRS0JnQkRCbkVrQzlRdmZ0RGZaM0lxYwpvcUJNTElMSHJyV2NpRTM4K1JzV3RJSkk2WHhXbEVCV3ppRElBMHk3WXgrUENtYk9ybitlM2Zvd0VZU2E0eXA1ClgzMER3SFB5U1Z2WVAzNUY4NCtnd2FZalVaYW9uT2FBVnRpVXgzdDA3blRMaEEyNnJ0bWZWbDJvbEFTeWNOZWQKTXpZbFBiNUZEQThhRDB2blFteFI3Q2l4Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_kur.csr b/tests/oom-platform-cert-service/certservice/assets/valid_kur.csr new file mode 100644 index 00000000..3f898f58 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_kur.csr @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREZqQ0NBZjRDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTNpQjc1UExEM2hGWHRLMHNnWmhwLzcxWHExTFBUNWhLcVpkQwo4Sjl1Nkwxeitqb21mczJMN1FDQ2RDL21ic0p6djhZSWtZZGc1L05VVVN4dkxNU1pWN0kyQmRhRERzYUJOV3oxClVuVEQ5TU9mdG8wQTdtK1JZK2FIQnY3cFhYNlVUVkVqdm94MExId3dOanlCdUc3VytKRnR2dFFtR21wdDVUdWYKcHJWUm5jZ2duZlBkZXU1WDVsUTU3aUREYjRZL3VRSWZPRTdvc2MzTmJvN2ZpQ3NmR2VpWllFejB0bE05ZVlaRwpUOXI2WUlTOURqRDBYbDE3TXNCZjR6N1VNTWVOeXc1WTBMK3I3MTlVVDVic2lvaWJQbFdSeTFaZDdGL0UvZ3E5Ci9Yc3ZFMzVqZ0FZWG5STWRjek12TnozdkFWMzgzaWdHeGRMV2ltNnE0bDVKMklXNVpRSURBUUFCb0Zvd1dBWUoKS29aSWh2Y05BUWtPTVVzd1NUQkhCZ05WSFJFRVFEQStnZzEwWlhOMExtOXVZWEF1YjNKbmdnaHZibUZ3TG05eQpaNGNFZndBQUFZWU9ablJ3T2k4dmRHVnpkQzV2Y21lQkRYUmxjM1JBYjI1aGNDNXZjbWN3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFFUDB4UVdsNDduNEowNnUxSjJsTTI4aWhNcy9GaHJNaG5DeTlETFpoYU9uQ3BjSktPNkoKMUhHQU54OEFJRDI5dk93Q09xaVJ5OFZBNHU0aW9LdjdaaS9HT3NhaWh0RWEvQjY4dnBTR1p3RVlmeFJtMXdvYgpWWlRuR0pSbDdKVmg3OVc5SlFjeVcwbEFIRzFPdXdtQUZjc0NMUFlXRDRKVXMrUmptS0R4T2V6R3VpMTcxaUhWCnFHbkNIZGdSUDFFUE9IdnFsYWY2MnlnQ2RaWVoyZGlLK0s1VmJ3OE1XUmF2VGt3cFhEWjNGZGlwYUtQNmJZN3cKR0ROWUZNQ2FySHBsUy9DS2dPZENhdkh4UExTeGFTcis2dE5xV1pQbTBpUk1BdTZ3RThWRTNsMXZFRldUNlg4Rgo0WDNyaGFvQVduK3RabjZCanJtbnoveFlaTlhuck1CM0lLMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_kur.key b/tests/oom-platform-cert-service/certservice/assets/valid_kur.key new file mode 100644 index 00000000..07770d90 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_kur.key @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGVJSHZrOHNQZUVWZTAKclN5Qm1Hbi92VmVyVXM5UG1FcXBsMEx3bjI3b3ZYUDZPaVorell2dEFJSjBMK1p1d25PL3hnaVJoMkRuODFSUgpMRzhzeEpsWHNqWUYxb01PeG9FMWJQVlNkTVAwdzUrMmpRRHViNUZqNW9jRy91bGRmcFJOVVNPK2pIUXNmREEyClBJRzRidGI0a1cyKzFDWWFhbTNsTzUrbXRWR2R5Q0NkODkxNjdsZm1WRG51SU1OdmhqKzVBaDg0VHVpeHpjMXUKanQrSUt4OFo2SmxnVFBTMlV6MTVoa1pQMnZwZ2hMME9NUFJlWFhzeXdGL2pQdFF3eDQzTERsalF2NnZ2WDFSUApsdXlLaUpzK1ZaSExWbDNzWDhUK0NyMzlleThUZm1PQUJoZWRFeDF6TXk4M1BlOEJYZnplS0FiRjB0YUticXJpClhrblloYmxsQWdNQkFBRUNnZ0VCQU5WTU5DeUJ3ZnY0ZzFRSUJ2amJOczVSTDJKZ3Zwb2NEM1lTdmtENW1ETDkKMmVTcStsUkJaT0JNNFBoWkZ0bTgrQkZyUk1jYVRML3ZOVVJOZXVSdVZTR1ZDN05IYmNvK2E4eTF1RTFadXVITApDQTd3RDdqbWdhS0F0NkRNSDZPYjdTVGhpWVZzc2hJVm51WTE3QXNDeElNa2cxSC92aWNYbERmUHJWc1VPaTliCk41RzRVM041VGRLaDJOcDhQZXNPU0hUZXphamNtNmJXUy9xU3pkZTgzQjNDNE9ZcUFJdjlIVEpLZWpMY0p3WnAKbDlnMlBVTGlKR3I2S0J2aWZwM1lqSm5pQ3ZmbVdIMW5tbEdjaThTU09MeVNUM21MUm84QnhlQUFEenpsUmYvSgpDOHBVZ1ZsbDhUUDh2a1BJNXpsWVhYZExWVDBVVUM5SjRWZUE1cXZMZTNFQ2dZRUE4ZFRvTUMvaHgzR05qeWo2CkFWczNRN2FGUUlZd3FYNEZMbklPejhHKzVpdUZxY01wWWdyVjVwOWhHUm5ud0lIc0M1WE9yTU9ZL0dGdjJUN0oKZXdWZTJ1Z3lqcUF1djgrZTl4Q2JtdmVtcHhtNitkdnZTQjR3WmU1a1haQzM4UHlRUUtHcnB4aStnbUZkYlN0Rgp3a0U3YXFHNmlZUlptZm9jVlZSMjBMSmQ0VU1DZ1lFQTZ5UUpWRDFwRkRUK05ESzRMTmIyeTNGUThWZ2t4UW15CmsvTmdlaFU3SmVZc1pqWjRWaW9LOWp2MGFLbFdsckFyMkFLYUlrWHArTGdxSVB4aEVGWTVCNDJtYW15QlROT20KS3c5SE9FQXV2LzlsRDFvL0kxM1lWTkd5UWdyQjFOZEwwQ20wbmg1SFFLUVRXbFJ5TzBuQzVrTjhmVTJLYmpHTQpQZlI0aG14OUhEY0NnWUVBNVhLeGZvN2Z0S0VMdytvSUV1TmQ4eFFwS0FocUFWYTlTYzBVT3BERU5KVFV0RGFrCmZBNTExdVFmZDNaNXlkQTdpdDV2Z3NIdTFIOEtaV0JLUUR2ZlBPb1VsZmhyZ3JoV1JtcHVpVUV4ME5mNzdIZDkKZDdxVkJ4R0NEcmh4bmVlMFltNUNkRDlvK2tHeEtCUm5rcURiNUJkZzZuczFuSCtQQkhNb2JHamY1QXNDZ1lBZwoyNnBLRVVMTHhoUDNxMWE5UFZURFhSUlloVjZ1QWdyb1Rjd2ZnelArdWNsZWh5SU51RlpMemxqNi94N1FjOUhNCm42QjJSWnJLWE1IV1ZpNGlJRXBiMmRsMWFiQXYwaXVZUE14UStmY09jVnZuNTA2SFhLZk1RbmxNYlVCa3c2a2UKYjVXRHV1dHVCditGVWVPY2tWUWc1VEZTT1RHczhGT09uTWp5ejlvenhRS0JnUUNLcEtqOUxLRlR4bFJoUFduaApITkJ3QWJsMzI2NjhmSW1ORG1yQlkxWHdvczVQdnV2Mjcxckc2STJLUnJDbGdmb3NtdnlJVVY0NjBNZmZNanJrCmJlbFdDdFNyRU4wYlZtK2xQOGkwWGg3REMrRkxmbG1GdTVFclNDUkRjcTY0SzIxWHpSczVzOUVYVnpBekVGaE4KdWpPTExUSDIySUwrclpuZXlWbjUxdW1DQkE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
\ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/cert-service-test.robot b/tests/oom-platform-cert-service/certservice/cert-service-test.robot index 3cc2fce8..338d8117 100644 --- a/tests/oom-platform-cert-service/certservice/cert-service-test.robot +++ b/tests/oom-platform-cert-service/certservice/cert-service-test.robot @@ -24,77 +24,95 @@ Check if application is ready Send Get Request And Validate Response /ready 200 Generate Certificate In RA Mode For CA Name - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_CSR_FILE} ${VALID_RA_PK_FILE} Generate Certificate with all Sans types In RA Mode For CA Name - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_ALL_SANS_CSR_FILE} ${VALID_RA_ALL_SANS_PK_FILE} Report Not Found Error When Path To Service Is Not Valid - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION [Documentation] Send request to ${CERT_SERVICE_ENDPOINT} endpoint and expect 404 Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT} ${VALID_CLIENT_CSR_FILE} ${VALID_CLIENT_PK_FILE} 404 Report Bad Request Error When Header Is Missing In Request - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION [Documentation] Send request without header to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 Send Get Request And Validate Response ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} 400 Report Bad Request Error When CSR Is Not Valid - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${INVALID_CSR_FILE} ${VALID_CLIENT_PK_FILE} 400 Report Bad Request Error When PK Is Not Valid - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400 +Update Certificate With Key Update Request In RA Mode Should Succeed + [Tags] OOM-CERT-SERVICE CERTIFICATE-UPDATE + [Documentation] Send Initialization Request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} then for received certificate send Key Update Request to ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 + Send Initialization Request And Key Update Request And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} + ... ${VALID_IR_CSR_FOR_UPDATE} ${VALID_IR_KEY_FOR_UPDATE} ${VALID_KUR_CSR} ${VALID_KUR_KEY} + +Update Certificate With Certification Request When Subject Changed In RA Mode Should Succeed + [Tags] OOM-CERT-SERVICE CERTIFICATE-UPDATE + [Documentation] Send Initialization Request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} then for received certificate send Key Update Request to ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 + Send Initialization Request And Certification Request And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} + ... ${VALID_IR_CSR_FOR_UPDATE} ${VALID_IR_KEY_FOR_UPDATE} ${VALID_CR_CSR_CHANGED_SUBJECT} ${VALID_CR_KEY_CHANGED_SUBJECT} + +Update Certificate With Certification Request When Sans Changed In RA Mode Should Succeed + [Tags] OOM-CERT-SERVICE CERTIFICATE-UPDATE + [Documentation] Send Initialization Request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} then for received certificate send Key Update Request to ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 + Send Initialization Request And Certification Request And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} + ... ${VALID_IR_CSR_FOR_UPDATE} ${VALID_IR_KEY_FOR_UPDATE} ${VALID_CR_CSR_CHANGED_SANS} ${VALID_CR_KEY_CHANGED_SANS} + Cert Service Client successfully creates keystore.p12 and truststore.p12 - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and expected exit code 0 Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0 Cert Service Client successfully creates keystore.jks and truststore.jks - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and expected exit code 0 Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0 Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and PKCS12 files created with correct data Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0 Cert Service Client successfully creates keystore and truststore with all SANs types provided - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and expected exit code 0 Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_ALL_SANS_TYPES} 0 Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and JKS files created with correct data Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0 Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12 - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and PKCS12 files created with correct data Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0 Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with correct env and PEM files created with correct data Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0 Cert Service Client reports error when OUTPUT_TYPE is invalid - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1 Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1 Run Cert Service Client Container And Validate Exit Code And API Response - [Tags] OOM-CERT-SERVICE + [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT [Documentation] Run with invalid CaName env and expected exit code 5 Run Cert Service Client And Validate Http Response Code And Client Exit Code ${INVALID_ENV_FILE} 404 5 diff --git a/tests/oom-platform-cert-service/certservice/libraries/ResponseParser.py b/tests/oom-platform-cert-service/certservice/libraries/ResponseParser.py new file mode 100644 index 00000000..d4de5f28 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/ResponseParser.py @@ -0,0 +1,3 @@ +def parse_response(response): + certChain = response["certificateChain"] + return "".join(certChain).encode("base64").replace("\n", "").strip() diff --git a/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot b/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot index be2812d9..4d05af74 100644 --- a/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot +++ b/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot @@ -5,10 +5,13 @@ Resource ./cert-service-properties.robot Library RequestsLibrary Library HttpLibrary.HTTP Library Collections +Library Process +Library DateTime Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH} Library ../libraries/P12ArtifactsValidator.py ${MOUNT_PATH} Library ../libraries/JksArtifactsValidator.py ${MOUNT_PATH} Library ../libraries/PemArtifactsValidator.py ${MOUNT_PATH} +Library ../libraries/ResponseParser.py *** Keywords *** @@ -88,6 +91,70 @@ Send Post Request And Validate Response ${resp}= Post Request ${https_valid_cert_session} ${path} Should Be Equal As Strings ${resp.status_code} ${resp_code} +Send Initialization Request And Key Update Request And Expect Success + [Documentation] Send initialization request and then key update request to passed urls and validate received response + [Arguments] ${path} ${update_path} ${csr_file} ${pk_file} ${update_csr_file} ${update_pk_file} + ${start_time}= Get Current Timestamp For Docker Log + Send Initialization Request And Update Request And Check Status Code ${path} ${update_path} ${csr_file} ${pk_file} + ... ${update_csr_file} ${update_pk_file} 200 + Verify Key Update Request Sent By Cert Service ${start_time} + +Send Initialization Request And Certification Request And Expect Success + [Documentation] Send initialization request and then certification request to passed urls and validate received response + [Arguments] ${path} ${update_path} ${csr_file} ${pk_file} ${update_csr_file} ${update_pk_file} + ${start_time}= Get Current Timestamp For Docker Log + Send Initialization Request And Update Request And Check Status Code ${path} ${update_path} ${csr_file} ${pk_file} + ... ${update_csr_file} ${update_pk_file} 200 + Verify Certification Request Sent By Cert Service ${start_time} + +Send Initialization Request And Update Request And Check Status Code + [Documentation] Send certificate update request and check status code + [Arguments] ${path} ${update_path} ${csr_file} ${pk_file} ${update_csr_file} ${update_pk_file} ${expected_status_code} + ${old_cert}= Send Certificate Initialization Request And Return Certificate ${path} ${csr_file} ${pk_file} + ${resp}= Send Certificate Update Request And Return Response ${update_path} ${update_csr_file} ${update_pk_file} ${old_cert} ${pk_file} + Should Be Equal As Strings ${resp.status_code} ${expected_status_code} + +Send Certificate Initialization Request And Return Certificate + [Documentation] Send certificate initialization request and return base64 encoded certificate from response + [Arguments] ${path} ${csr_file} ${pk_file} + [Return] ${base64Certificate} + ${resp}= Send Get Request with Header ${path} ${csr_file} ${pk_file} + ${json}= Parse Json ${resp.content} + ${base64Certificate}= Parse Response ${json} + +Send Certificate Update Request And Return Response + [Documentation] Send certificate update request and return response code + [Arguments] ${path} ${csr_file} ${pk_file} ${old_cert} ${old_pk_file} + [Return] ${resp} + ${headers}= Create Header for Certificate Update ${csr_file} ${pk_file} ${old_cert} ${old_pk_file} + ${resp}= Get Request ${https_valid_cert_session} ${path} headers=${headers} + +Create Header for Certificate Update + [Documentation] Create header with CSR and PK, OLD_CERT and OLD_PK + [Arguments] ${csr_file} ${pk_file} ${old_cert} ${old_pk_file} + [Return] ${headers} + ${csr}= Get Data From File ${csr_file} + ${pk}= Get Data From File ${pk_file} + ${old_pk}= Get Data From File ${old_pk_file} + ${headers}= Create Dictionary CSR=${csr} PK=${pk} OLD_CERT=${old_cert} OLD_PK=${old_pk} + +Verify Key Update Request Sent By Cert Service + [Documentation] Verify that request was key update request + [Arguments] ${start_time} + ${result}= Run Process docker logs oomcert-service --since ${start_time} shell=yes + Should Contain ${result.stdout} ${EXPECTED_KUR_LOG} + +Verify Certification Request Sent By Cert Service + [Documentation] Verify that request was certification request + [Arguments] ${start_time} + ${result}= Run Process docker logs oomcert-service --since ${start_time} shell=yes + Should Contain ${result.stdout} ${EXPECTED_CR_LOG} + +Get Current Timestamp For Docker Log + [Documentation] Gets current timestamp valid for docker + [Return] ${timestamp} + ${timestamp}= Get Current Date result_format=%Y-%m-%dT%H:%M:%S.%f + Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code [Documentation] Run Cert Service Client Container And Validate Exit Code [Arguments] ${env_file} ${expected_exit_code} diff --git a/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot b/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot index d2ff4eeb..d02dc752 100644 --- a/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot +++ b/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot @@ -6,27 +6,38 @@ ${OOMCERT_URL} https://localhost:${cert_service_port} ${CLIENT_CA_NAME} Client ${RA_CA_NAME} RA ${CERT_SERVICE_ENDPOINT} /v1/certificate/ -${ROOTCA} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt -${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt -${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key -${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.csr -${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.pk -${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr -${VALID_RA_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk -${VALID_RA_ALL_SANS_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra_all_sans.csr -${VALID_RA_ALL_SANS_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra_all_sans.pk -${INVALID_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.csr -${INVALID_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.key - +${CERT_SERVICE_UPDATE_ENDPOINT} /v1/certificate-update/ +${ASSETS_DIR} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets +${ROOTCA} ${ASSETS_DIR}/certs/root.crt +${CERTSERVICE_SERVER_CRT} ${ASSETS_DIR}/certs/certServiceServer.crt +${CERTSERVICE_SERVER_KEY} ${ASSETS_DIR}/certs/certServiceServer.key +${VALID_CLIENT_CSR_FILE} ${ASSETS_DIR}/valid_client.csr +${VALID_CLIENT_PK_FILE} ${ASSETS_DIR}/valid_client.pk +${VALID_RA_CSR_FILE} ${ASSETS_DIR}/valid_ra.csr +${VALID_RA_PK_FILE} ${ASSETS_DIR}/valid_ra.pk +${VALID_RA_ALL_SANS_CSR_FILE} ${ASSETS_DIR}/valid_ra_all_sans.csr +${VALID_RA_ALL_SANS_PK_FILE} ${ASSETS_DIR}/valid_ra_all_sans.pk +${INVALID_CSR_FILE} ${ASSETS_DIR}/invalid.csr +${INVALID_PK_FILE} ${ASSETS_DIR}/invalid.csr +${VALID_IR_CSR_FOR_UPDATE} ${ASSETS_DIR}/valid_ir_for_update.csr +${VALID_IR_KEY_FOR_UPDATE} ${ASSETS_DIR}/valid_ir_for_update.key +${VALID_KUR_CSR} ${ASSETS_DIR}/valid_kur.csr +${VALID_KUR_KEY} ${ASSETS_DIR}/valid_kur.key +${VALID_CR_CSR_CHANGED_SUBJECT} ${ASSETS_DIR}/valid_cr_changed_subject.csr +${VALID_CR_KEY_CHANGED_SUBJECT} ${ASSETS_DIR}/valid_cr_changed_subject.key +${VALID_CR_CSR_CHANGED_SANS} ${ASSETS_DIR}/valid_cr_changed_sans.csr +${VALID_CR_KEY_CHANGED_SANS} ${ASSETS_DIR}/valid_cr_changed_sans.key +${EXPECTED_KUR_LOG} Preparing Key Update Request +${EXPECTED_CR_LOG} Preparing Certification Request ${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT} -${VALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env -${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env -${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env -${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env -${VALID_ENV_FILE_ALL_SANS_TYPES} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_all_sans_types.env -${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env -${INVALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env +${VALID_ENV_FILE} ${ASSETS_DIR}/valid_client_docker.env +${VALID_ENV_FILE_JKS} ${ASSETS_DIR}/valid_client_docker_jks.env +${VALID_ENV_FILE_P12} ${ASSETS_DIR}/valid_client_docker_p12.env +${VALID_ENV_FILE_PEM} ${ASSETS_DIR}/valid_client_docker_pem.env +${VALID_ENV_FILE_ALL_SANS_TYPES} ${ASSETS_DIR}/valid_client_docker_all_sans_types.env +${INVALID_ENV_FILE_OUTPUT_TYPE} ${ASSETS_DIR}/invalid_client_docker_output_type.env +${INVALID_ENV_FILE} ${ASSETS_DIR}/invalid_client_docker.env ${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 ${CLIENT_CONTAINER_NAME} %{ClientContainerName} ${CERT_SERVICE_NETWORK} certservice_certservice |