diff options
Diffstat (limited to 'tests/aaf')
8 files changed, 136 insertions, 49 deletions
diff --git a/tests/aaf/certservice/assets/invalid_client_docker.env b/tests/aaf/certservice/assets/invalid_client_docker.env index 3e7d879b..e96237ca 100644 --- a/tests/aaf/certservice/assets/invalid_client_docker.env +++ b/tests/aaf/certservice/assets/invalid_client_docker.env @@ -2,6 +2,10 @@ REQUEST_TIMEOUT=5000 OUTPUT_PATH=/var/certs CA_NAME=Invalid +KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret #Csr config envs COMMON_NAME=onap.org ORGANIZATION=Linux-Foundation diff --git a/tests/aaf/certservice/assets/valid_client_docker.env b/tests/aaf/certservice/assets/valid_client_docker.env index 01818960..55fefa3e 100644 --- a/tests/aaf/certservice/assets/valid_client_docker.env +++ b/tests/aaf/certservice/assets/valid_client_docker.env @@ -2,6 +2,10 @@ REQUEST_TIMEOUT=30000 OUTPUT_PATH=/var/certs CA_NAME=RA +KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret #Csr config envs COMMON_NAME=onap.org ORGANIZATION=Linux-Foundation diff --git a/tests/aaf/certservice/cert-service-test.robot b/tests/aaf/certservice/cert-service-test.robot index f9fc0910..90ee1a37 100644 --- a/tests/aaf/certservice/cert-service-test.robot +++ b/tests/aaf/certservice/cert-service-test.robot @@ -53,6 +53,11 @@ Cert Service Client successfully creates keystore and truststore [Documentation] Run with correct env and expected exit code 0 Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE} 0 +Cert Service Client successfully creates keystore and truststore with expected data + [Tags] AAF-CERT-SERVICE + [Documentation] Run with correct env and JKS files created with correct data + Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE} 0 + Run Cert Service Client Container And Validate Exit Code And API Response [Tags] AAF-CERT-SERVICE [Documentation] Run with invalid CaName env and expected exit code 5 diff --git a/tests/aaf/certservice/libraries/CertClientManager.py b/tests/aaf/certservice/libraries/CertClientManager.py index 792b6939..a4a0df23 100644 --- a/tests/aaf/certservice/libraries/CertClientManager.py +++ b/tests/aaf/certservice/libraries/CertClientManager.py @@ -2,11 +2,10 @@ import docker import os import shutil import re -from OpenSSL import crypto +from EnvsReader import EnvsReader from docker.types import Mount ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/" -MOUNT_PATH = os.getenv("WORKSPACE") + "/tests/aaf/certservice/tmp" ERROR_API_REGEX = 'Error on API response.*[0-9]{3}' RESPONSE_CODE_REGEX = '[0-9]{3}' @@ -14,66 +13,43 @@ RESPONSE_CODE_REGEX = '[0-9]{3}' class CertClientManager: + def __init__(self, mount_path, truststore_path): + self.mount_path = mount_path + self.truststore_path = truststore_path + def run_client_container(self, client_image, container_name, path_to_env, request_url, network): self.create_mount_dir() client = docker.from_env() - environment = self.read_list_env_from_file(path_to_env) + environment = EnvsReader().read_env_list_from_file(path_to_env) environment.append("REQUEST_URL=" + request_url) container = client.containers.run( image=client_image, name=container_name, environment=environment, network=network, - user='root', #Run container as root to avoid permission issues with volume mount access - mounts=[Mount(target='/var/certs', source=MOUNT_PATH, type='bind')], + user='root', # Run container as root to avoid permission issues with volume mount access + mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'), + Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')], detach=True ) exitcode = container.wait() return exitcode - def read_list_env_from_file(self, path): - f = open(path, "r") - r_list = [] - for line in f: - line = line.strip() - if line[0] != "#": - r_list.append(line) - return r_list - def remove_client_container_and_save_logs(self, container_name, log_file_name): client = docker.from_env() container = client.containers.get(container_name) - text_file = open(ARCHIVES_PATH + "container_" + log_file_name + ".log", "w") + text_file = open(ARCHIVES_PATH + "client_container_" + log_file_name + ".log", "w") text_file.write(container.logs()) text_file.close() container.remove() self.remove_mount_dir() - def can_open_keystore_and_truststore_with_pass(self): - keystore_pass_path = MOUNT_PATH + '/keystore.pass' - keystore_jks_path = MOUNT_PATH + '/keystore.jks' - can_open_keystore = self.can_open_jks_file_by_pass_file(keystore_pass_path, keystore_jks_path) - - truststore_pass_path = MOUNT_PATH + '/truststore.pass' - truststore_jks_path = MOUNT_PATH + '/truststore.jks' - can_open_truststore = self.can_open_jks_file_by_pass_file(truststore_pass_path, truststore_jks_path) - - return can_open_keystore & can_open_truststore - - def can_open_jks_file_by_pass_file(self, pass_file_path, jks_file_path): - try: - password = open(pass_file_path, 'rb').read() - crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password) - return True - except: - return False - def create_mount_dir(self): - if not os.path.exists(MOUNT_PATH): - os.makedirs(MOUNT_PATH) + if not os.path.exists(self.mount_path): + os.makedirs(self.mount_path) def remove_mount_dir(self): - shutil.rmtree(MOUNT_PATH) + shutil.rmtree(self.mount_path) def can_find_api_response_in_logs(self, container_name): logs = self.get_container_logs(container_name) diff --git a/tests/aaf/certservice/libraries/EnvsReader.py b/tests/aaf/certservice/libraries/EnvsReader.py new file mode 100644 index 00000000..cc60eed6 --- /dev/null +++ b/tests/aaf/certservice/libraries/EnvsReader.py @@ -0,0 +1,11 @@ + +class EnvsReader: + + def read_env_list_from_file(self, path): + f = open(path, "r") + r_list = [] + for line in f: + line = line.strip() + if line[0] != "#": + r_list.append(line) + return r_list diff --git a/tests/aaf/certservice/libraries/JksFilesValidator.py b/tests/aaf/certservice/libraries/JksFilesValidator.py new file mode 100644 index 00000000..8c150de4 --- /dev/null +++ b/tests/aaf/certservice/libraries/JksFilesValidator.py @@ -0,0 +1,70 @@ +from OpenSSL import crypto +from cryptography.x509.oid import ExtensionOID +from cryptography import x509 +from EnvsReader import EnvsReader + +class JksFilesValidator: + + def __init__(self, mount_path): + self.keystorePassPath = mount_path + '/keystore.pass' + self.keystoreJksPath = mount_path + '/keystore.jks' + self.truststorePassPath = mount_path + '/truststore.pass' + self.truststoreJksPath = mount_path + '/truststore.jks' + + def get_and_compare_data(self, path_to_env): + data = self.get_data(path_to_env) + return data, self.contains_expected_data(data) + + def can_open_keystore_and_truststore_with_pass(self): + can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath) + can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath) + + return can_open_keystore & can_open_truststore + + def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path): + try: + self.get_certificate(pass_file_path, jks_file_path) + return True + except: + return False + + def get_data(self, path_to_env): + envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) + certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath) + data = self.get_owner_data_from_certificate(certificate) + data['SANS'] = self.get_sans(certificate) + return type('', (object,), {"expectedData": envs, "actualData": data}) + + def contains_expected_data(self, data): + expectedData = data.expectedData + actualData = data.actualData + return cmp(expectedData, actualData) == 0 + + def get_owner_data_from_certificate(self, certificate): + list = certificate.get_subject().get_components() + return dict((k, v) for k, v in list) + + def get_certificate(self, pass_file_path, jks_file_path): + password = open(pass_file_path, 'rb').read() + crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password) + return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate() + + def get_sans(self, cert): + extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) + dnsList = extension.value.get_values_for_type(x509.DNSName) + return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList)) + + def get_envs_as_dict(self, list): + envs = self.get_list_of_pairs_by_mappings(list) + return self.remove_nones_from_dict(envs) + + def remove_nones_from_dict(self, dictionary): + return dict((k, v) for k, v in dictionary.iteritems() if k is not None) + + def get_list_of_pairs_by_mappings(self, list): + mappings = self.get_mappings() + listOfEnvs = map(lambda k: k.split('='), list) + return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs) + + def get_mappings(self): + return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'} diff --git a/tests/aaf/certservice/resources/cert-service-keywords.robot b/tests/aaf/certservice/resources/cert-service-keywords.robot index 75cebadc..d4d4fd93 100644 --- a/tests/aaf/certservice/resources/cert-service-keywords.robot +++ b/tests/aaf/certservice/resources/cert-service-keywords.robot @@ -1,22 +1,24 @@ *** Settings *** +Resource ../../../common.robot +Resource ./cert-service-properties.robot Library RequestsLibrary Library HttpLibrary.HTTP Library Collections -Library ../libraries/CertClientManager.py -Resource ../../../common.robot -Resource ./cert-service-properties.robot +Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH} +Library ../libraries/JksFilesValidator.py ${MOUNT_PATH} *** Keywords *** Create sessions [Documentation] Create all required sessions - Create Session aaf_cert_service_url ${AAFCERT_URL} - Set Suite Variable ${http_session} aaf_cert_service_url + ${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY} + Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA} + Set Suite Variable ${https_valid_cert_session} alias Run Healthcheck [Documentation] Run Healthcheck - ${resp}= Get Request ${http_session} /actuator/health + ${resp}= Get Request ${https_valid_cert_session} /actuator/health Should Be Equal As Strings ${resp.status_code} 200 Validate Recieved Response ${resp} status UP @@ -30,7 +32,7 @@ Validate Recieved Response Send Get Request And Validate Response [Documentation] Send request to passed url and validate received response [Arguments] ${path} ${resp_code} - ${resp}= Get Request ${http_session} ${path} + ${resp}= Get Request ${https_valid_cert_session} ${path} Should Be Equal As Strings ${resp.status_code} ${resp_code} Send Get Request with Header @@ -38,7 +40,7 @@ Send Get Request with Header [Arguments] ${path} ${csr_file} ${pk_file} [Return] ${resp} ${headers}= Create Header with CSR and PK ${csr_file} ${pk_file} - ${resp}= Get Request ${http_session} ${path} headers=${headers} + ${resp}= Get Request ${https_valid_cert_session} ${path} headers=${headers} Send Get Request with Header And Expect Success [Documentation] Send request to passed url and validate received response @@ -80,7 +82,7 @@ Create Header with CSR and PK Send Post Request And Validate Response [Documentation] Send request to passed url and validate received response [Arguments] ${path} ${resp_code} - ${resp}= Post Request ${http_session} ${path} + ${resp}= Post Request ${https_valid_cert_session} ${path} Should Be Equal As Strings ${resp.status_code} ${resp_code} Run Cert Service Client And Validate JKS File Creation And Client Exit Code @@ -92,6 +94,15 @@ Run Cert Service Client And Validate JKS File Creation And Client Exit Code Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase +Run Cert Service Client And Validate JKS Files Contain Expected Data + [Documentation] Run Cert Service Client Container And Validate JKS Files Contain Expected Data + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${data} ${isEqual}= Get And Compare Data ${env_file} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} + Run Cert Service Client And Validate Http Response Code And Client Exit Code [Documentation] Run Cert Service Client Container And Validate Exit Code [Arguments] ${env_file} ${expected_api_response_code} ${expected_exit_code} diff --git a/tests/aaf/certservice/resources/cert-service-properties.robot b/tests/aaf/certservice/resources/cert-service-properties.robot index 5fd2d8af..53d6b246 100644 --- a/tests/aaf/certservice/resources/cert-service-properties.robot +++ b/tests/aaf/certservice/resources/cert-service-properties.robot @@ -1,10 +1,14 @@ *** Variables *** -${CERT_SERVICE_PORT} 8080 -${AAFCERT_URL} http://localhost:${cert_service_port} +${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service +${CERT_SERVICE_PORT} 8443 +${AAFCERT_URL} https://localhost:${cert_service_port} ${CLIENT_CA_NAME} Client ${RA_CA_NAME} RA ${CERT_SERVICE_ENDPOINT} /v1/certificate/ +${ROOTCA} %{WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt +${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt +${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key ${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.csr ${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.pk ${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.csr @@ -13,9 +17,11 @@ ${INVALID_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/asse ${INVALID_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.key -${CERT_SERVICE_ADDRESS} http://%{AAFCERT_IP}:${cert_service_port} +${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT} ${VALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env ${INVALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env ${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest ${CLIENT_CONTAINER_NAME} %{ClientContainerName} ${CERT_SERVICE_NETWORK} certservice_certservice +${MOUNT_PATH} %{WORKSPACE}/tests/aaf/certservice/tmp +${TRUSTSTORE_PATH} %{WORKSPACE}/plans/aaf/certservice/certs |