diff options
Diffstat (limited to 'tests/sdnc/sdnc_netconf_tls_post_deploy/libraries')
3 files changed, 0 insertions, 440 deletions
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py deleted file mode 100644 index b1c024ff..00000000 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py +++ /dev/null @@ -1,207 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2020 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -__author__ = "Ajay Deep Singh (ajay.deep.singh@est.tech)" -__copyright__ = "Copyright (C) 2020 Nordix Foundation" -__license__ = "Apache 2.0" - -import os -import shutil -import subprocess - -import docker -from OpenSSL import crypto -from docker.types import Mount - -DEV_NULL = open(os.devnull, 'wb') -NETCONF_PNP_SIM_CONTAINER_NAME = 'netconf-simulator' -ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/" - - -class ClientManager: - - def __init__(self, mount_path, truststore_path): - self.mount_path = mount_path - self.truststore_path = truststore_path - self.keyPem = mount_path + '/key.pem' - self.caCertPem = mount_path + '/ca.pem' - self.serverKeyPem = mount_path + '/server_key.pem' - self.serverCertPem = mount_path + '/server_cert.pem' - self.keystorePemPath = mount_path + '/keystore.pem' - self.keystoreP12Path = mount_path + '/keystore.p12' - self.keystorePassPath = mount_path + '/keystore.pass' - self.truststorePemPath = mount_path + '/truststore.pem' - self.truststoreP12Path = mount_path + '/truststore.p12' - self.truststorePassPath = mount_path + '/truststore.pass' - - # Function Create docker container. - def run_client_container(self, client_image, container_name, path_to_env, request_url, network): - self.create_mount_dir() - client = docker.from_env() - environment = self.read_env_list_from_file(path_to_env) - environment.append("REQUEST_URL=" + request_url) - container = client.containers.run( - image=client_image, - name=container_name, - environment=environment, - network=network, - user='root', - mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'), - Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')], - detach=True - ) - exitcode = container.wait() - return exitcode - - # Function to validate keystore/truststore can be opened with generated pass-phrase. - def can_open_keystore_and_truststore_with_pass(self, container_name): - if container_name != NETCONF_PNP_SIM_CONTAINER_NAME: - return self.can_open_keystore_and_truststore_pem_files() - else: - return self.can_open_keystore_and_truststore_p12_files() - - # Function to validate keystore.pem/truststore.pem exist and are not empty. - def can_open_keystore_and_truststore_pem_files(self): - try: - private_key = self.file_exist_and_not_empty(self.keyPem) - keystore_pem = self.file_exist_and_not_empty(self.keystorePemPath) - truststore_pem = self.file_exist_and_not_empty(self.truststorePemPath) - return private_key and keystore_pem and truststore_pem - except Exception as e: - print("UnExpected Error in validating keystore.pem/truststore.pem: {0}".format(e)) - return False - - # Function to validate keystore.p12/truststore.p12 can be opened with generated pass-phrase. - def can_open_keystore_and_truststore_p12_files(self): - can_open_keystore = self.can_open_p12_file_with_pass_file(self.keystorePassPath, self.keystoreP12Path) - can_open_truststore = self.can_open_p12_file_with_pass_file(self.truststorePassPath, self.truststoreP12Path) - return can_open_keystore & can_open_truststore - - # Method for Uploading Certificate in SDNC-Container. - # Creating/Uploading Server-key, Server-cert, Ca-cert PEM files in Netconf-Pnp-Simulator. - def can_install_keystore_and_truststore_certs(self, cmd, cmd_tls, container_name): - continue_exec = True - if container_name == NETCONF_PNP_SIM_CONTAINER_NAME: - print("Generating PEM files for {0} from P12 files".format(container_name)) - continue_exec = self.create_pem(self.keystorePassPath, self.keystoreP12Path, self.truststorePassPath, - self.truststoreP12Path) - else: - cmd = cmd_tls - if continue_exec: - print("Initiate Configuration Push for : {0}".format(container_name)) - resp_code = self.execute_bash_config(cmd, container_name) - if resp_code == 0: - print("Execution Successful for: {0}".format(container_name)) - return True - else: - print("Execution Failed for: {0}".format(container_name)) - return False - - def create_pem(self, keystore_pass_path, keystore_p12_path, truststore_pass_path, truststore_p12_path): - # Create [server_key.pem, server_cert.pem, ca.pem] files for Netconf-Pnp-Simulation/TLS Configuration. - try: - with open(self.serverKeyPem, "wb+") as key_file: - key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, - self.get_pkcs12(keystore_pass_path, - keystore_p12_path).get_privatekey())) - with open(self.serverCertPem, "wb+") as server_cert_file: - server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, - self.get_pkcs12(keystore_pass_path, - keystore_p12_path).get_certificate())) - with open(self.caCertPem, "wb+") as ca_cert_file: - ca_cert_file.write( - crypto.dump_certificate(crypto.FILETYPE_PEM, - self.get_pkcs12(truststore_pass_path, - truststore_p12_path).get_ca_certificates()[0])) - return True - except IOError as err: - print("I/O Error: {0}".format(err)) - return False - except Exception as e: - print("UnExpected Error: {0}".format(e)) - return False - - def can_open_p12_file_with_pass_file(self, pass_file_path, p12_file_path): - try: - if p12_file_path.split('/')[-1] == 'truststore.p12': - pkcs12 = self.get_pkcs12(pass_file_path, p12_file_path).get_ca_certificates()[0] - else: - pkcs12 = self.get_pkcs12(pass_file_path, p12_file_path).get_certificate() - if pkcs12 is None: - return False - return True - except IOError as err: - print("I/O Error PKCS12 Creation failed: {0}".format(err)) - return False - except Exception as e: - print("UnExpected Error PKCS12 Creation failed: {0}".format(e)) - return False - - def remove_client_container_and_save_logs(self, container_name, log_file_name): - client = docker.from_env() - container = client.containers.get(container_name) - text_file = open(ARCHIVES_PATH + container_name + '_' + log_file_name + ".log", "w") - text_file.write(container.logs()) - text_file.close() - container.remove() - self.remove_mount_dir() - - def create_mount_dir(self): - if not os.path.exists(self.mount_path): - os.makedirs(self.mount_path) - - def remove_mount_dir(self): - shutil.rmtree(self.mount_path) - - def file_exist_and_not_empty(self, path_to_file): - return os.path.isfile(path_to_file) and os.path.getsize(path_to_file) > 0 - - @staticmethod - def get_pkcs12(pass_file_path, p12_file_path): - # Load PKCS12 Object - password = open(pass_file_path, 'rb').read() - return crypto.load_pkcs12(open(p12_file_path, 'rb').read(), password) - - @staticmethod - def execute_bash_config(cmd, container_name): - # Run command with arguments. Wait for command to complete or timeout, return code attribute. - try: - resp_code = subprocess.call(["%s %s" % (cmd, container_name)], shell=True, stdout=DEV_NULL, - stderr=subprocess.STDOUT) - print("Response Code from Config.sh execution: {0}".format(resp_code)) - return resp_code - except subprocess.CalledProcessError as e: - print("CalledProcessError Certificate installation failed in SDNC-ODL Container: {0}".format(e)) - return 1 # Return Error Code - - @staticmethod - def get_container_logs(container_name): - client = docker.from_env() - container = client.containers.get(container_name) - logs = container.logs() - return logs - - @staticmethod - def read_env_list_from_file(path): - f = open(path, "r") - r_list = [] - for line in f: - line = line.strip() - if line[0] != "#": - r_list.append(line) - return r_list diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh deleted file mode 100755 index cc6bf188..00000000 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/bash - -# -# ============LICENSE_START======================================================= -# Copyright (C) 2020 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -# @author Ajay Deep Singh (ajay.deep.singh@est.tech) - -CONTAINER_NAME="$1" -LOGFILE="${WORKSPACE}"/archives/config.log -CONTAINER_ID=$(docker inspect --format="{{.Id}}" "$CONTAINER_NAME") - -OWNER="odl" -DEST_DIR="/tmp" - -CERT_DIR="${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data/* - -function now_ms() { - date +"%Y-%m-%d %H:%M:%S.%3N" -} - -function log() { - local level=$1 - shift - local message="$*" - printf "%s %-5s %s\n" "$(now_ms)" "$level" "$message" >>"$LOGFILE" -} - -# Copy [keystore.jks, truststore.jks, truststore.pass, keystore.pass] files into SDNC container. -function docker_cp() { - local file=$1 - docker cp "$file" "$CONTAINER_ID":"$DEST_DIR" - docker exec -u 0 "$CONTAINER_ID" chown "$OWNER":"$OWNER" "$DEST_DIR"/"${file##*/}" -} - -# Run installCerts.py script to push X509 Certificates to SDNC-ODL Keystore/Truststore. -function sdnc_conf() { - log INFO "Configuring SDNC-ODL Keystore..." - count=0 - exit_code=false - for i in {1..4}; do - for file in $CERT_DIR; do - if [[ -f $file ]]; then - log INFO "Uploading file :" "$file" - docker_cp "$file" - count=$((count + 1)) - fi - done - if [[ $count -eq 4 ]]; then - log INFO "SDNC JKS files upload successful" - exit_code=true - break - fi - log DEBUG "Waiting for JKS files to be uploaded to SDNC container.." - sleep 2m - done - if [[ "$exit_code" != "true" ]]; then - log DEBUG "JKS files Not found in $CERT_DIR" - exit 1 # Return error code - fi - sleep 2m - docker exec "$CONTAINER_ID" rm -rf /tmp/certs.properties - docker exec "$CONTAINER_ID" rm -rf /tmp/keys0.zip - if ! docker exec "$CONTAINER_ID" /usr/bin/python /opt/onap/sdnc/bin/installCerts.py; then - log DEBUG "Issue executing installCerts.py script" - docker cp "$CONTAINER_ID":/opt/opendaylight/data/log/installCerts.log "${WORKSPACE}"/archives - exit 1 # Return error code - fi - log INFO "Configuring SDNC-ODL Keystore successful" -} - -# Copy [Server_key.pem, Server_cert.pem, Ca.pem] files into Netconf-Simulator container. -# Reconfigure TLS config by invoking reconfigure-tls.sh script. -function netconf-simulator_conf() { - log INFO "Configuring Netconf-Pnp-Simulator..." - count=0 - exit_code=false - for i in {1..4}; do - for file in $CERT_DIR; do - if [[ -f $file && ${file: -4} == ".pem" ]]; then - log INFO "Uploading file :" "$file" - docker cp "$file" "$CONTAINER_ID":/config/tls - count=$((count + 1)) - fi - done - if [[ $count -eq 3 ]]; then - log INFO "PEM files upload successful" - exit_code=true - break - fi - log DEBUG "Waiting for PEM files to be uploaded to Netconf-Pnp-Simulator.." - sleep 2m - done - if [[ "$exit_code" != "true" ]]; then - log DEBUG "PEM files Not found in $CERT_DIR" - exit 1 # Return error code - fi - sleep 2m - if ! docker exec "$CONTAINER_ID" /opt/bin/reconfigure-tls.sh; then - log DEBUG "Issue executing reconfigure-tls.sh script" - docker logs "$CONTAINER_ID" > "${WORKSPACE}"/archives/simulator.log - exit 1 # Return error code - fi - log INFO "Configuring Netconf-Pnp-Simulator successful" -} - -# Push Config on SDNC, Netconf-Simulator. -if [[ -n $CONTAINER_ID ]]; then - log INFO "Container Name: $CONTAINER_NAME, Container Id: $CONTAINER_ID" - if [[ "$CONTAINER_NAME" == "sdnc" ]]; then - sdnc_conf - elif [[ "$CONTAINER_NAME" == "netconf-simulator" ]]; then - netconf-simulator_conf - fi -fi diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh deleted file mode 100755 index 323f8100..00000000 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash - -# ============LICENSE_START======================================================= -# Copyright (C) 2020 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -set -o errexit -set -o pipefail -set -o nounset -[ "${SHELL_XTRACE:-false}" = "true" ] && set -o xtrace - -CONFIG=${CONFIG:-"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data} -CONTAINER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' sdnc) -ODL_URL=${ODL_URL:-http://"${CONTAINER_IP}":8282} -PROC_NAME=${0##*/} -PROC_NAME=${PROC_NAME%.sh} - -function now_ms() { - # Requires coreutils package - date +"%Y-%m-%d %H:%M:%S.%3N" -} - -function log() { - local level=$1 - shift - local message="$*" - printf "%s %-5s [%s] %s\n" "$(now_ms)" $level $PROC_NAME "$message" -} - -# Extracts the body of a PEM file by removing the dashed header and footer -pem_body() { - grep -Fv -- ----- $1 -} - -CA_CERT_ID=xNF_CA_certificate_0_0 -CA_CERT=$(pem_body $CONFIG/truststore.pem) - -SERVER_PRIV_KEY_ID=ODL_private_key_0 -SERVER_KEY=$(pem_body $CONFIG/key.pem) -SERVER_CERT=$(pem_body $CONFIG/keystore.pem) - -RESTCONF_URL=$ODL_URL/restconf -NETCONF_KEYSTORE_PATH=$RESTCONF_URL/config/netconf-keystore:keystore - -xcurl() { - curl -s -o /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -w %{http_code} "$@" -} - -log INFO Delete Keystore -sc=$(xcurl -X DELETE $NETCONF_KEYSTORE_PATH) - -if [ "$sc" != "200" -a "$sc" != "404" ]; then - log ERROR "Keystore deletion failed with SC=$sc" - exit 1 -fi - -log INFO Load CA certificate -sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data " -{ - \"trusted-certificate\": [ - { - \"name\": \"$CA_CERT_ID\", - \"certificate\": \"$CA_CERT\" - } - ] -} -") - -if [ "$sc" != "200" -a "$sc" != "204" ]; then - log ERROR Trusted-certificate update failed with SC=$sc - exit 1 -fi - -log INFO Load server private key and certificate -sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data " -{ - \"private-key\": { - \"name\": \"$SERVER_PRIV_KEY_ID\", - \"certificate-chain\": [ - \"$SERVER_CERT\" - ], - \"data\": \"$SERVER_KEY\" - } -} -") - -if [ "$sc" != "200" -a "$sc" != "204" ]; then - log ERROR Private-key update failed with SC=$sc - exit 1 -fi
\ No newline at end of file |