From 764e0a41bd0fa062ff32287c53645fcbb650697e Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Thu, 13 Aug 2020 14:43:49 +0200 Subject: Add CSITs for Truststore Merger Issue-ID: DCAEGEN2-2253 Signed-off-by: Joanna Jeremicz Change-Id: Ie2d648108c99f4a1e61fe855f318078e6ffc0e21 --- .../truststoremerger/setup.sh | 28 +++++++++ .../truststoremerger/teardown.sh | 18 ++++++ .../truststoremerger/testplan.txt | 3 + .../expected_truststores/jksAndPemAndP12.jks | Bin 0 -> 3923 bytes .../assets/expected_truststores/pemAndP12.pem | 63 +++++++++++++++++++ .../assets/invalid_different_lists_size.env | 2 + .../assets/invalid_duplicated_aliases.env | 2 + .../assets/invalid_empty_certs.env | 2 + .../truststoremerger/assets/invalid_empty_file.env | 0 .../assets/invalid_empty_passwords.env | 2 + .../truststoremerger/assets/invalid_extension.env | 2 + .../assets/invalid_file_password_pair.env | 2 + .../assets/invalid_password_path.env | 2 + .../assets/invalid_truststore_paths.env | 2 + .../truststoremerger/assets/truststores/empty.pem | 0 .../assets/truststores/truststore.jks | Bin 0 -> 1413 bytes .../assets/truststores/truststore.p12 | Bin 0 -> 1530 bytes .../assets/truststores/truststore.pem | 28 +++++++++ .../assets/truststores/truststoreJks.pass | 1 + .../assets/truststores/truststoreP12.pass | 1 + .../truststoremerger/assets/valid_jks_pem_p12.env | 2 + .../truststoremerger/assets/valid_pem_p12.env | 2 + .../assets/valid_single_truststore.env | 2 + .../truststoremerger/libraries/EnvsReader.py | 11 ++++ .../libraries/JksTruststoreValidator.py | 18 ++++++ .../libraries/PemTruststoreValidator.py | 19 ++++++ .../libraries/TrustMergerManager.py | 47 +++++++++++++++ .../resources/trust-merger-keywords.robot | 34 +++++++++++ .../resources/trust-merger-properties.robot | 35 +++++++++++ .../truststoremerger/trust-merger-test.robot | 67 +++++++++++++++++++++ 30 files changed, 395 insertions(+) create mode 100644 plans/oom-platform-cert-service/truststoremerger/setup.sh create mode 100644 plans/oom-platform-cert-service/truststoremerger/teardown.sh create mode 100755 plans/oom-platform-cert-service/truststoremerger/testplan.txt create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/jksAndPemAndP12.jks create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/pemAndP12.pem create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_different_lists_size.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_duplicated_aliases.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_certs.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_file.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_passwords.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_extension.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_file_password_pair.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_password_path.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/invalid_truststore_paths.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/truststores/empty.pem create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.jks create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.p12 create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.pem create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreJks.pass create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreP12.pass create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/valid_jks_pem_p12.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/valid_pem_p12.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/assets/valid_single_truststore.env create mode 100644 tests/oom-platform-cert-service/truststoremerger/libraries/EnvsReader.py create mode 100644 tests/oom-platform-cert-service/truststoremerger/libraries/JksTruststoreValidator.py create mode 100644 tests/oom-platform-cert-service/truststoremerger/libraries/PemTruststoreValidator.py create mode 100644 tests/oom-platform-cert-service/truststoremerger/libraries/TrustMergerManager.py create mode 100644 tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-keywords.robot create mode 100644 tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-properties.robot create mode 100644 tests/oom-platform-cert-service/truststoremerger/trust-merger-test.robot diff --git a/plans/oom-platform-cert-service/truststoremerger/setup.sh b/plans/oom-platform-cert-service/truststoremerger/setup.sh new file mode 100644 index 00000000..9f618406 --- /dev/null +++ b/plans/oom-platform-cert-service/truststoremerger/setup.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright 2020 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#export container name +export MergerContainerName=TrustStoreMerger + +#install docker sdk +echo "Uninstall docker-py and reinstall docker." +pip uninstall -y docker-py +pip uninstall -y docker +pip install -U docker==2.7.0 + +#install pyjks for .jks files management +pip install pyjks diff --git a/plans/oom-platform-cert-service/truststoremerger/teardown.sh b/plans/oom-platform-cert-service/truststoremerger/teardown.sh new file mode 100644 index 00000000..a0ee4d26 --- /dev/null +++ b/plans/oom-platform-cert-service/truststoremerger/teardown.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Copyright 2017 ZTE, Inc. and others. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +kill-instance.sh ${MergerContainerName} diff --git a/plans/oom-platform-cert-service/truststoremerger/testplan.txt b/plans/oom-platform-cert-service/truststoremerger/testplan.txt new file mode 100755 index 00000000..11e00832 --- /dev/null +++ b/plans/oom-platform-cert-service/truststoremerger/testplan.txt @@ -0,0 +1,3 @@ +# Test suites are relative paths under [integration/csit.git]/tests/. +# Place the suites in run order. +oom-platform-cert-service/truststoremerger diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/jksAndPemAndP12.jks b/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/jksAndPemAndP12.jks new file mode 100644 index 00000000..1c9f111a Binary files /dev/null and b/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/jksAndPemAndP12.jks differ diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/pemAndP12.pem b/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/pemAndP12.pem new file mode 100644 index 00000000..978e682d --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/pemAndP12.pem @@ -0,0 +1,63 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIUZrzliCEcld8Q7Fa20QOooFrkewAwDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGI4NDYyNzkzMDkyYzFhZGYxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAwNzE1MTI1NTI1WhcNMzAwNzE1MTI1NTI1WjBhMSMwIQYKCZIm +iZPyLGQBAQwTYy0wYjg0NjI3OTMwOTJjMWFkZjEVMBMGA1UEAwwMTWFuYWdlbWVu +dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBAPKU+p62gXve2rCo2ojyyKcy9T/yEZJi +9eZJoawets18FNKzWgXDz3ZK+dgc8hVHZahmIzfh9ovcEALYvCx1bLKN5tqbV7O0 +lUFGI+DGlP9QzGKopCh/uMXas4/lfVNogEB7cXu62ak6FuIuaKHETeqez5wC0d1d +KcilG4loaN3tGXn8j1rnUq1fVu4QyxYfDekRzFiLOvdGeYfZlMkGcVYq3jDV9/sH +5wKUKIxRwa+t1GlvzJqjVY6K3UvxS8ZBrNYTAtsvI/s6fd8Ah4FIM0Zsc8X1CIb4 +rxqhU6CDx1fQCgKyO6FG/3kVA9Y6+VLeRXsa/VaZxRwQWn0XfVrVpajiD+q3m9xd +/NJUEAu1xEyfZw43ZSduGjrf5pwHR871noo+7pEbTDlM92ktDFW3go1DowrhEUlf +XaU6C25yuzThl8f9pFD9/Bo82nHL5n8BENLCmaYrioVWQBAmrQKo1Y3uFgY+fP7y +CL1POlJTuoXO++KhnEvhGfiIVBlzwdBATwIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFAZ6Sy3QQ0dNORdnfg5ppmOI6ngpMB0GA1UdDgQWBBQG +ekst0ENHTTkXZ34OaaZjiOp4KTAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggGBAM8MyROdYt0458uCRM/8KZYU9q5xRDGXUGXVpEcGyu1hVlnzlnv7YJSX +BWQenl092IVM7B0hsttpQIAXK4lS3hQ1fTaYWub0TPbK7xORGwi2uTDEagWXMc5e +c2J6Sb9IFl2UqX8cERRCJNuENnuf10MU3rXa2TfydaELDXxr49KPPx3tgl/OfbtY +MmFWLiyxo1jIZ/LeIiaN1m0OtGskkR8TF2D/ZA7YPzEWl2R3PhYNR1gkfAtYPWya +DTXgiQwXuWDhdSTqiN3QuxRDVXFiQgoV0wqjgkqh4NiOXWB2ryaPvqiYRCvoM6Ly +OcYy4LidGz9J+jQGAJPh4fI/1G4SgwVAT0bgYREy4IP6Y8R4zGoU0rGKnknfL70E +t4Xm2ASu5jEcne2l1UOPPctFmei+QHmZ0c8V8HNmP5XRf+47OSi+ryCrRQfKrkyw +UgvoB49yV3M1+IgCx18daEQCYal98hhQMn/3NVrOJeOjzDcF6Gxb679Cu/biZ8Wx +li7RV0Xt1g== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: trusted-certificate-1 + 2.16.840.1.113894.746875.1.1: +subject=UID = c-0b8462793092c1adf, CN = ManagementCA, O = EJBCA Container Quickstart + +issuer=UID = c-0b8462793092c1adf, CN = ManagementCA, O = EJBCA Container Quickstart + +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIUZrzliCEcld8Q7Fa20QOooFrkewAwDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGI4NDYyNzkzMDkyYzFhZGYxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAwNzE1MTI1NTI1WhcNMzAwNzE1MTI1NTI1WjBhMSMwIQYKCZIm +iZPyLGQBAQwTYy0wYjg0NjI3OTMwOTJjMWFkZjEVMBMGA1UEAwwMTWFuYWdlbWVu +dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBAPKU+p62gXve2rCo2ojyyKcy9T/yEZJi +9eZJoawets18FNKzWgXDz3ZK+dgc8hVHZahmIzfh9ovcEALYvCx1bLKN5tqbV7O0 +lUFGI+DGlP9QzGKopCh/uMXas4/lfVNogEB7cXu62ak6FuIuaKHETeqez5wC0d1d +KcilG4loaN3tGXn8j1rnUq1fVu4QyxYfDekRzFiLOvdGeYfZlMkGcVYq3jDV9/sH +5wKUKIxRwa+t1GlvzJqjVY6K3UvxS8ZBrNYTAtsvI/s6fd8Ah4FIM0Zsc8X1CIb4 +rxqhU6CDx1fQCgKyO6FG/3kVA9Y6+VLeRXsa/VaZxRwQWn0XfVrVpajiD+q3m9xd +/NJUEAu1xEyfZw43ZSduGjrf5pwHR871noo+7pEbTDlM92ktDFW3go1DowrhEUlf +XaU6C25yuzThl8f9pFD9/Bo82nHL5n8BENLCmaYrioVWQBAmrQKo1Y3uFgY+fP7y +CL1POlJTuoXO++KhnEvhGfiIVBlzwdBATwIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFAZ6Sy3QQ0dNORdnfg5ppmOI6ngpMB0GA1UdDgQWBBQG +ekst0ENHTTkXZ34OaaZjiOp4KTAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggGBAM8MyROdYt0458uCRM/8KZYU9q5xRDGXUGXVpEcGyu1hVlnzlnv7YJSX +BWQenl092IVM7B0hsttpQIAXK4lS3hQ1fTaYWub0TPbK7xORGwi2uTDEagWXMc5e +c2J6Sb9IFl2UqX8cERRCJNuENnuf10MU3rXa2TfydaELDXxr49KPPx3tgl/OfbtY +MmFWLiyxo1jIZ/LeIiaN1m0OtGskkR8TF2D/ZA7YPzEWl2R3PhYNR1gkfAtYPWya +DTXgiQwXuWDhdSTqiN3QuxRDVXFiQgoV0wqjgkqh4NiOXWB2ryaPvqiYRCvoM6Ly +OcYy4LidGz9J+jQGAJPh4fI/1G4SgwVAT0bgYREy4IP6Y8R4zGoU0rGKnknfL70E +t4Xm2ASu5jEcne2l1UOPPctFmei+QHmZ0c8V8HNmP5XRf+47OSi+ryCrRQfKrkyw +UgvoB49yV3M1+IgCx18daEQCYal98hhQMn/3NVrOJeOjzDcF6Gxb679Cu/biZ8Wx +li7RV0Xt1g== +-----END CERTIFICATE----- diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_different_lists_size.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_different_lists_size.env new file mode 100644 index 00000000..9edfaa41 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_different_lists_size.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks:/var/certs/truststore.pem:/var/certs/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks.pass:/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_duplicated_aliases.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_duplicated_aliases.env new file mode 100644 index 00000000..f98b3366 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_duplicated_aliases.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks:/var/certs/truststore.jks +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks.pass:/var/certs/truststoreJks.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_certs.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_certs.env new file mode 100644 index 00000000..95c00fc2 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_certs.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/empty.pem:/var/certs/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS=:/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_file.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_file.env new file mode 100644 index 00000000..e69de29b diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_passwords.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_passwords.env new file mode 100644 index 00000000..840728bb --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_passwords.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks:/var/certs/truststore.pem:/var/certs/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS= diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_extension.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_extension.env new file mode 100644 index 00000000..5b971616 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_extension.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.txt:/var/certs/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks.pass:/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_file_password_pair.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_file_password_pair.env new file mode 100644 index 00000000..1a195116 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_file_password_pair.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_password_path.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_password_path.env new file mode 100644 index 00000000..b397f9ac --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_password_path.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks_invalid.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/invalid_truststore_paths.env b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_truststore_paths.env new file mode 100644 index 00000000..52fa88c6 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/invalid_truststore_paths.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/invalid/truststore.jks:/invalid/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks.pass:/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/truststores/empty.pem b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/empty.pem new file mode 100644 index 00000000..e69de29b diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.jks b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.jks new file mode 100644 index 00000000..3bd85a06 Binary files /dev/null and b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.jks differ diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.p12 b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.p12 new file mode 100644 index 00000000..3a98c4a2 Binary files /dev/null and b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.p12 differ diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.pem b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.pem new file mode 100644 index 00000000..8815d6cb --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIUZrzliCEcld8Q7Fa20QOooFrkewAwDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGI4NDYyNzkzMDkyYzFhZGYxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAwNzE1MTI1NTI1WhcNMzAwNzE1MTI1NTI1WjBhMSMwIQYKCZIm +iZPyLGQBAQwTYy0wYjg0NjI3OTMwOTJjMWFkZjEVMBMGA1UEAwwMTWFuYWdlbWVu +dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBAPKU+p62gXve2rCo2ojyyKcy9T/yEZJi +9eZJoawets18FNKzWgXDz3ZK+dgc8hVHZahmIzfh9ovcEALYvCx1bLKN5tqbV7O0 +lUFGI+DGlP9QzGKopCh/uMXas4/lfVNogEB7cXu62ak6FuIuaKHETeqez5wC0d1d +KcilG4loaN3tGXn8j1rnUq1fVu4QyxYfDekRzFiLOvdGeYfZlMkGcVYq3jDV9/sH +5wKUKIxRwa+t1GlvzJqjVY6K3UvxS8ZBrNYTAtsvI/s6fd8Ah4FIM0Zsc8X1CIb4 +rxqhU6CDx1fQCgKyO6FG/3kVA9Y6+VLeRXsa/VaZxRwQWn0XfVrVpajiD+q3m9xd +/NJUEAu1xEyfZw43ZSduGjrf5pwHR871noo+7pEbTDlM92ktDFW3go1DowrhEUlf +XaU6C25yuzThl8f9pFD9/Bo82nHL5n8BENLCmaYrioVWQBAmrQKo1Y3uFgY+fP7y +CL1POlJTuoXO++KhnEvhGfiIVBlzwdBATwIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFAZ6Sy3QQ0dNORdnfg5ppmOI6ngpMB0GA1UdDgQWBBQG +ekst0ENHTTkXZ34OaaZjiOp4KTAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggGBAM8MyROdYt0458uCRM/8KZYU9q5xRDGXUGXVpEcGyu1hVlnzlnv7YJSX +BWQenl092IVM7B0hsttpQIAXK4lS3hQ1fTaYWub0TPbK7xORGwi2uTDEagWXMc5e +c2J6Sb9IFl2UqX8cERRCJNuENnuf10MU3rXa2TfydaELDXxr49KPPx3tgl/OfbtY +MmFWLiyxo1jIZ/LeIiaN1m0OtGskkR8TF2D/ZA7YPzEWl2R3PhYNR1gkfAtYPWya +DTXgiQwXuWDhdSTqiN3QuxRDVXFiQgoV0wqjgkqh4NiOXWB2ryaPvqiYRCvoM6Ly +OcYy4LidGz9J+jQGAJPh4fI/1G4SgwVAT0bgYREy4IP6Y8R4zGoU0rGKnknfL70E +t4Xm2ASu5jEcne2l1UOPPctFmei+QHmZ0c8V8HNmP5XRf+47OSi+ryCrRQfKrkyw +UgvoB49yV3M1+IgCx18daEQCYal98hhQMn/3NVrOJeOjzDcF6Gxb679Cu/biZ8Wx +li7RV0Xt1g== +-----END CERTIFICATE----- diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreJks.pass b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreJks.pass new file mode 100644 index 00000000..817b6194 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreJks.pass @@ -0,0 +1 @@ +WkTGRmhSe%PM;it?NRY888Ak \ No newline at end of file diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreP12.pass b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreP12.pass new file mode 100644 index 00000000..48036abd --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreP12.pass @@ -0,0 +1 @@ +0TZd_x#qp$78hJsm0wzc1dm_ \ No newline at end of file diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/valid_jks_pem_p12.env b/tests/oom-platform-cert-service/truststoremerger/assets/valid_jks_pem_p12.env new file mode 100644 index 00000000..4afa1a27 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/valid_jks_pem_p12.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks:/var/certs/truststore.pem:/var/certs/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks.pass::/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/valid_pem_p12.env b/tests/oom-platform-cert-service/truststoremerger/assets/valid_pem_p12.env new file mode 100644 index 00000000..e0240a74 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/valid_pem_p12.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.pem:/var/certs/truststore.p12 +TRUSTSTORES_PASSWORDS_PATHS=:/var/certs/truststoreP12.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/assets/valid_single_truststore.env b/tests/oom-platform-cert-service/truststoremerger/assets/valid_single_truststore.env new file mode 100644 index 00000000..66b6f66f --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/assets/valid_single_truststore.env @@ -0,0 +1,2 @@ +TRUSTSTORES_PATHS=/var/certs/truststore.jks +TRUSTSTORES_PASSWORDS_PATHS=/var/certs/truststoreJks.pass diff --git a/tests/oom-platform-cert-service/truststoremerger/libraries/EnvsReader.py b/tests/oom-platform-cert-service/truststoremerger/libraries/EnvsReader.py new file mode 100644 index 00000000..cc60eed6 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/libraries/EnvsReader.py @@ -0,0 +1,11 @@ + +class EnvsReader: + + def read_env_list_from_file(self, path): + f = open(path, "r") + r_list = [] + for line in f: + line = line.strip() + if line[0] != "#": + r_list.append(line) + return r_list diff --git a/tests/oom-platform-cert-service/truststoremerger/libraries/JksTruststoreValidator.py b/tests/oom-platform-cert-service/truststoremerger/libraries/JksTruststoreValidator.py new file mode 100644 index 00000000..e18ca12c --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/libraries/JksTruststoreValidator.py @@ -0,0 +1,18 @@ + +import jks + +class JksTruststoreValidator: + + def get_truststore(self, truststore_path, password_path): + truststore = jks.KeyStore.load(truststore_path, open(password_path, 'rb').read()) + return truststore.certs + + def assert_jks_truststores_equal(self, result_truststore_path, password_path, expected_truststore_path): + result_certs = self.get_truststore(result_truststore_path, password_path) + expected_certs = self.get_truststore(expected_truststore_path, password_path) + if len(result_certs) != len(expected_certs): + return False + for k in result_certs: + if not (k in expected_certs and result_certs[k].cert == expected_certs[k].cert): + return False + return True diff --git a/tests/oom-platform-cert-service/truststoremerger/libraries/PemTruststoreValidator.py b/tests/oom-platform-cert-service/truststoremerger/libraries/PemTruststoreValidator.py new file mode 100644 index 00000000..8dc9623d --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/libraries/PemTruststoreValidator.py @@ -0,0 +1,19 @@ +import re + +BEGIN_CERT = "-----BEGIN CERTIFICATE-----" +END_CERT = "-----END CERTIFICATE-----" + +class PemTruststoreValidator: + + def assert_pem_truststores_equal(self, result_pem_path, expected_pem_path): + result_certs = self.get_list_of_pem_certificates(result_pem_path) + expected_certs = self.get_list_of_pem_certificates(expected_pem_path) + result_certs.sort() + expected_certs.sort() + if len(result_certs) != len(expected_certs): + return False + return result_certs == expected_certs + + + def get_list_of_pem_certificates(self, path): + return re.findall(BEGIN_CERT + '(.+?)' + END_CERT, open(path, 'rb').read(), re.DOTALL) diff --git a/tests/oom-platform-cert-service/truststoremerger/libraries/TrustMergerManager.py b/tests/oom-platform-cert-service/truststoremerger/libraries/TrustMergerManager.py new file mode 100644 index 00000000..f7a493c4 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/libraries/TrustMergerManager.py @@ -0,0 +1,47 @@ +import docker +import os +import shutil +from EnvsReader import EnvsReader +from docker.types import Mount + +ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/" + + +class TrustMergerManager: + + def __init__(self, mount_path, truststores_path): + self.mount_path = mount_path + self.truststores_path = truststores_path + + def run_merger_container(self, merger_image, merger_name, path_to_env): + self.remove_mount_dir() + shutil.copytree(self.truststores_path, self.mount_path) + client = docker.from_env() + environment = EnvsReader().read_env_list_from_file(path_to_env) + container = client.containers.run( + image=merger_image, + name=merger_name, + environment=environment, + user='root', # Run container as root to avoid permission issues with volume mount access + mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind')], + detach=True + ) + exitcode = container.wait() + return exitcode + + def create_mount_dir(self): + if not os.path.exists(self.mount_path): + os.makedirs(self.mount_path) + + def remove_mount_dir(self): + if os.path.exists(self.mount_path): + shutil.rmtree(self.mount_path) + + def remove_merger_container_and_save_logs(self, container_name, log_file_name): + client = docker.from_env() + container = client.containers.get(container_name) + text_file = open(ARCHIVES_PATH + "merger_container_" + log_file_name + ".log", "w") + text_file.write(container.logs()) + text_file.close() + container.remove() + self.remove_mount_dir() diff --git a/tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-keywords.robot b/tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-keywords.robot new file mode 100644 index 00000000..1040afab --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-keywords.robot @@ -0,0 +1,34 @@ +*** Settings *** + +Resource ../../../common.robot +Resource ./trust-merger-properties.robot +Library ../libraries/TrustMergerManager.py ${MOUNT_PATH} ${TRUSTSTORES_PATH} +Library ../libraries/JksTruststoreValidator.py +Library ../libraries/PemTruststoreValidator.py + +*** Keywords *** + +Run Trust Merger And Expect Error + [Documentation] Run Truststore Merger Container And Validate Exit Code + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Merger Container ${DOCKER_MERGER_IMAGE} ${MERGER_CONTAINER_NAME} ${env_file} + Remove Merger Container And Save Logs ${MERGER_CONTAINER_NAME} negative_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} + +Run Trust Merger And Merge Truststore Files To Jks + [Documentation] Run Truststore Merger Container And Validate Exit Code And Files + [Arguments] ${env_file} ${expected_exit_code} ${jks_path} ${jks_password} ${expected_jks_path} + ${exit_code}= Run Merger Container ${DOCKER_MERGER_IMAGE} ${MERGER_CONTAINER_NAME} ${env_file} + ${files_equal}= Assert Jks Truststores Equal ${jks_path} ${jks_password} ${expected_jks_path} + Remove Merger Container And Save Logs ${MERGER_CONTAINER_NAME} positive_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} + Should Be True ${files_equal} + +Run Trust Merger And Merge Truststore Files To Pem + [Documentation] Run Truststore Merger Container And Validate Exit Code And Files + [Arguments] ${env_file} ${expected_exit_code} ${pem_path} ${expected_pem_path} + ${exit_code}= Run Merger Container ${DOCKER_MERGER_IMAGE} ${MERGER_CONTAINER_NAME} ${env_file} + ${files_equal}= Assert Pem Truststores Equal ${pem_path} ${expected_pem_path} + Remove Merger Container And Save Logs ${MERGER_CONTAINER_NAME} positive_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} + Should Be True ${files_equal} diff --git a/tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-properties.robot b/tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-properties.robot new file mode 100644 index 00000000..d356f604 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/resources/trust-merger-properties.robot @@ -0,0 +1,35 @@ +*** Variables *** + +${DOCKER_MERGER_IMAGE} nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-truststore-merger:latest +${MERGER_CONTAINER_NAME} %{MergerContainerName} +${MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/tmp +${TRUSTSTORES_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/truststores +${EXPECTED_TRUSTSTORES_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores + +${JKS_TRUSTSTORE_MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/tmp/truststore.jks +${JKS_PASSWORD_MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/tmp/truststoreJks.pass +${P12_TRUSTSTORE_MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/tmp/truststore.p12 +${P12_PASSWORD_MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/tmp/truststoreP12.pass +${PEM_TRUSTSTORE_MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/tmp/truststore.pem + +${JKS_TRUSTSTORE_EXPECTED_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/jksAndPemAndP12.jks +${PEM_TRUSTSTORE_EXPECTED_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/expected_truststores/pemAndP12.pem + +${INVALID_ENV_EMPTY_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_file.env +${INVALID_ENV_LIST_SIZE} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_different_lists_size.env +${INVALID_ENV_EMPTY_PASSWORDS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_passwords.env +${INVALID_PASSWORD_PATHS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_password_path.env +${INVALID_ENV_TRUSTSTORE_PATHS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_truststore_paths.env +${INVALID_ENV_FILE_PASSWORD} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_file_password_pair.env +${INVALID_ENV_EXTENSION} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_extension.env +${INVALID_ENV_DUPLICATED_ALIASES} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_duplicated_aliases.env +${INVALID_ENV_EMPTY_CERTS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/invalid_empty_certs.env +${VALID_ENV_JKS_PEM_P12} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/valid_jks_pem_p12.env +${VALID_ENV_PEM_P12} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/valid_pem_p12.env +${VALID_ENV_SINGLE_TRUSTSTORE} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/valid_single_truststore.env + +${TRUSTSTORE_JKS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.jks +${TRUSTSTORE_JKS_PASS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststoreJks.pass +${TRUSTSTORE_P12} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.p12 +${TRUSTSTORE_P12_PASS} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.pass +${TRUSTSTORE_PEM} %{WORKSPACE}/tests/oom-platform-cert-service/truststoremerger/assets/truststores/truststore.pem diff --git a/tests/oom-platform-cert-service/truststoremerger/trust-merger-test.robot b/tests/oom-platform-cert-service/truststoremerger/trust-merger-test.robot new file mode 100644 index 00000000..966a4243 --- /dev/null +++ b/tests/oom-platform-cert-service/truststoremerger/trust-merger-test.robot @@ -0,0 +1,67 @@ +*** Settings *** + +Documentation Truststore merger test case scenarios +Library RequestsLibrary +Resource ./resources/trust-merger-keywords.robot + +*** Test Cases *** + +Trust Merger fails when file extension is invalid + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with invalid truststore extension env and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_EXTENSION} 1 + +Trust Merger fails when truststore and passwords envs not provided + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with invalid empty envs and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_EMPTY_FILE} 1 + +Trust Merger fails when list sizes are different + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with different truststore and password envs size and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_LIST_SIZE} 2 + +Trust Merger fails when a variable is empty + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with empty truststore password path env and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_EMPTY_PASSWORDS} 2 + +Trust Merger fails when truststore paths are invalid + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with invalid truststore path and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_TRUSTSTORE_PATHS} 3 + +Trust Merger fails when password path is invalid + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with invalid password path and expect error code + Run Trust Merger And Expect Error ${INVALID_PASSWORD_PATHS} 4 + +Trust Merger fails when password file pair is invalid + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with incorrect password env and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_FILE_PASSWORD} 7 + +Trust Merger fails when pem does not contain cert + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with empty pem truststore and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_EMPTY_CERTS} 9 + +Trust Merger fails when aliases are duplicated + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with duplicated aliases in truststores and expect error code + Run Trust Merger And Expect Error ${INVALID_ENV_DUPLICATED_ALIASES} 10 + +Trust Merger merges successfully jks pem p12 + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with valid env file and expect merged certs from jks, pem and p12 + Run Trust Merger And Merge Truststore Files To Jks ${VALID_ENV_JKS_PEM_P12} 0 ${JKS_TRUSTSTORE_MOUNT_PATH} ${TRUSTSTORE_JKS_PASS} ${JKS_TRUSTSTORE_EXPECTED_PATH} + +Trust Merger merges successfully pem p12 + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with valid env file and expect merged certs from pem and p12 + Run Trust Merger And Merge Truststore Files To Pem ${VALID_ENV_PEM_P12} 0 ${PEM_TRUSTSTORE_MOUNT_PATH} ${PEM_TRUSTSTORE_EXPECTED_PATH} + +Trust Merger ends successfully with single truststore + [Tags] OOM-TRUST-STORE-MERGER + [Documentation] Run with one truststore in env file and expect code 0 + Run Trust Merger And Merge Truststore Files To Jks ${VALID_ENV_SINGLE_TRUSTSTORE} 0 ${JKS_TRUSTSTORE_MOUNT_PATH} ${TRUSTSTORE_JKS_PASS} ${TRUSTSTORE_JKS} -- cgit 1.2.3-korg