From b7a057e8017b7899de26f977fa3841882035200b Mon Sep 17 00:00:00 2001 From: Pawel Date: Fri, 7 Aug 2020 14:53:48 +0200 Subject: Move csits form aaf to oom create csit folder under oom move csits from aaf to oom reconfigure csits: remove aaf word, use new image Issue-ID: OOM-2526 Signed-off-by: Pawel Change-Id: I7b1f010fe46420cb734c67133f038bdadffd5ecc --- plans/aaf/certservice/certs/Makefile | 110 --------------- plans/aaf/certservice/cmpServers.json | 24 ---- plans/aaf/certservice/docker-compose.yml | 47 ------- .../aaf/certservice/scripts/ejbca-configuration.sh | 19 --- plans/aaf/certservice/setup.sh | 109 --------------- plans/aaf/certservice/teardown.sh | 25 ---- plans/aaf/certservice/testplan.txt | 3 - .../certservice/certs/Makefile | 110 +++++++++++++++ .../certservice/cmpServers.json | 24 ++++ .../certservice/docker-compose.yml | 47 +++++++ .../certservice/scripts/ejbca-configuration.sh | 19 +++ .../oom-platform-cert-service/certservice/setup.sh | 109 +++++++++++++++ .../certservice/teardown.sh | 25 ++++ .../certservice/testplan.txt | 3 + tests/aaf/certservice/assets/invalid.csr | 1 - tests/aaf/certservice/assets/invalid.key | 1 - .../certservice/assets/invalid_client_docker.env | 16 --- .../assets/invalid_client_docker_output_type.env | 17 --- tests/aaf/certservice/assets/valid_client.csr | 1 - tests/aaf/certservice/assets/valid_client.pk | 1 - .../aaf/certservice/assets/valid_client_docker.env | 16 --- .../certservice/assets/valid_client_docker_jks.env | 17 --- .../certservice/assets/valid_client_docker_p12.env | 17 --- .../certservice/assets/valid_client_docker_pem.env | 17 --- tests/aaf/certservice/assets/valid_ra.csr | 1 - tests/aaf/certservice/assets/valid_ra.pk | 1 - tests/aaf/certservice/cert-service-test.robot | 90 ------------ tests/aaf/certservice/libraries/ArtifactParser.py | 40 ------ .../aaf/certservice/libraries/CertClientManager.py | 72 ---------- tests/aaf/certservice/libraries/EnvsReader.py | 11 -- .../certservice/libraries/JksArtifactsValidator.py | 45 ------ .../certservice/libraries/P12ArtifactsValidator.py | 37 ----- .../certservice/libraries/PemArtifactsValidator.py | 39 ------ .../resources/cert-service-keywords.robot | 154 --------------------- .../resources/cert-service-properties.robot | 31 ----- .../certservice/assets/invalid.csr | 1 + .../certservice/assets/invalid.key | 1 + .../certservice/assets/invalid_client_docker.env | 16 +++ .../assets/invalid_client_docker_output_type.env | 17 +++ .../certservice/assets/valid_client.csr | 1 + .../certservice/assets/valid_client.pk | 1 + .../certservice/assets/valid_client_docker.env | 16 +++ .../certservice/assets/valid_client_docker_jks.env | 17 +++ .../certservice/assets/valid_client_docker_p12.env | 17 +++ .../certservice/assets/valid_client_docker_pem.env | 17 +++ .../certservice/assets/valid_ra.csr | 1 + .../certservice/assets/valid_ra.pk | 1 + .../certservice/cert-service-test.robot | 90 ++++++++++++ .../certservice/libraries/ArtifactParser.py | 40 ++++++ .../certservice/libraries/CertClientManager.py | 72 ++++++++++ .../certservice/libraries/EnvsReader.py | 11 ++ .../certservice/libraries/JksArtifactsValidator.py | 45 ++++++ .../certservice/libraries/P12ArtifactsValidator.py | 37 +++++ .../certservice/libraries/PemArtifactsValidator.py | 39 ++++++ .../resources/cert-service-keywords.robot | 154 +++++++++++++++++++++ .../resources/cert-service-properties.robot | 31 +++++ 56 files changed, 962 insertions(+), 962 deletions(-) delete mode 100644 plans/aaf/certservice/certs/Makefile delete mode 100644 plans/aaf/certservice/cmpServers.json delete mode 100644 plans/aaf/certservice/docker-compose.yml delete mode 100755 plans/aaf/certservice/scripts/ejbca-configuration.sh delete mode 100644 plans/aaf/certservice/setup.sh delete mode 100644 plans/aaf/certservice/teardown.sh delete mode 100755 plans/aaf/certservice/testplan.txt create mode 100644 plans/oom-platform-cert-service/certservice/certs/Makefile create mode 100644 plans/oom-platform-cert-service/certservice/cmpServers.json create mode 100644 plans/oom-platform-cert-service/certservice/docker-compose.yml create mode 100755 plans/oom-platform-cert-service/certservice/scripts/ejbca-configuration.sh create mode 100644 plans/oom-platform-cert-service/certservice/setup.sh create mode 100644 plans/oom-platform-cert-service/certservice/teardown.sh create mode 100755 plans/oom-platform-cert-service/certservice/testplan.txt delete mode 100644 tests/aaf/certservice/assets/invalid.csr delete mode 100644 tests/aaf/certservice/assets/invalid.key delete mode 100644 tests/aaf/certservice/assets/invalid_client_docker.env delete mode 100644 tests/aaf/certservice/assets/invalid_client_docker_output_type.env delete mode 100644 tests/aaf/certservice/assets/valid_client.csr delete mode 100644 tests/aaf/certservice/assets/valid_client.pk delete mode 100644 tests/aaf/certservice/assets/valid_client_docker.env delete mode 100644 tests/aaf/certservice/assets/valid_client_docker_jks.env delete mode 100644 tests/aaf/certservice/assets/valid_client_docker_p12.env delete mode 100644 tests/aaf/certservice/assets/valid_client_docker_pem.env delete mode 100644 tests/aaf/certservice/assets/valid_ra.csr delete mode 100644 tests/aaf/certservice/assets/valid_ra.pk delete mode 100644 tests/aaf/certservice/cert-service-test.robot delete mode 100644 tests/aaf/certservice/libraries/ArtifactParser.py delete mode 100644 tests/aaf/certservice/libraries/CertClientManager.py delete mode 100644 tests/aaf/certservice/libraries/EnvsReader.py delete mode 100644 tests/aaf/certservice/libraries/JksArtifactsValidator.py delete mode 100644 tests/aaf/certservice/libraries/P12ArtifactsValidator.py delete mode 100644 tests/aaf/certservice/libraries/PemArtifactsValidator.py delete mode 100644 tests/aaf/certservice/resources/cert-service-keywords.robot delete mode 100644 tests/aaf/certservice/resources/cert-service-properties.robot create mode 100644 tests/oom-platform-cert-service/certservice/assets/invalid.csr create mode 100644 tests/oom-platform-cert-service/certservice/assets/invalid.key create mode 100644 tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env create mode 100644 tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_client.csr create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_client.pk create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_ra.csr create mode 100644 tests/oom-platform-cert-service/certservice/assets/valid_ra.pk create mode 100644 tests/oom-platform-cert-service/certservice/cert-service-test.robot create mode 100644 tests/oom-platform-cert-service/certservice/libraries/ArtifactParser.py create mode 100644 tests/oom-platform-cert-service/certservice/libraries/CertClientManager.py create mode 100644 tests/oom-platform-cert-service/certservice/libraries/EnvsReader.py create mode 100644 tests/oom-platform-cert-service/certservice/libraries/JksArtifactsValidator.py create mode 100644 tests/oom-platform-cert-service/certservice/libraries/P12ArtifactsValidator.py create mode 100644 tests/oom-platform-cert-service/certservice/libraries/PemArtifactsValidator.py create mode 100644 tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot create mode 100644 tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot diff --git a/plans/aaf/certservice/certs/Makefile b/plans/aaf/certservice/certs/Makefile deleted file mode 100644 index 126e0533..00000000 --- a/plans/aaf/certservice/certs/Makefile +++ /dev/null @@ -1,110 +0,0 @@ -all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 -.PHONY: all -#Clear certificates -clear: - @echo "Clear certificates" - rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 - @echo "#####done#####" - -#Generate root private and public keys -step_1: - @echo "Generate root private and public keys" - keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ - -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ - -storepass secret -ext BasicConstraints:critical="ca:true" - @echo "#####done#####" - -#Export public key as certificate -step_2: - @echo "(Export public key as certificate)" - keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc - @echo "#####done#####" - -#Self-signed root (import root certificate into truststore) -step_3: - @echo "(Self-signed root (import root certificate into truststore))" - keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt - @echo "#####done#####" - -#Generate certService's client private and public keys -step_4: - @echo "Generate certService's client private and public keys" - keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ - -keystore certServiceClient-keystore.jks -storetype JKS \ - -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ - -keypass secret -storepass secret - @echo "####done####" - -#Generate certificate signing request for certService's client -step_5: - @echo "Generate certificate signing request for certService's client" - keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr - @echo "####done####" - -#Sign certService's client certificate by root CA -step_6: - @echo "Sign certService's client certificate by root CA" - keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ - -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" - @echo "####done####" - -#Import root certificate into client -step_7: - @echo "Import root certificate into intermediate" - cat root.crt >> certServiceClientByRoot.crt - @echo "####done####" - -#Import signed certificate into certService's client -step_8: - @echo "Import signed certificate into certService's client" - keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt - @echo "####done####" - -#Generate certService private and public keys -step_9: - @echo "Generate certService private and public keys" - keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \ - -keystore certServiceServer-keystore.jks -storetype JKS \ - -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ - -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" - @echo "####done####" - -#Generate certificate signing request for certService -step_10: - @echo "Generate certificate signing request for certService" - keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr - @echo "####done####" - -#Sign certService certificate by root CA -step_11: - @echo "Sign certService certificate by root CA" - keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ - -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ - -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost" - @echo "####done####" - -#Import root certificate into server -step_12: - @echo "Import root certificate into intermediate(server)" - cat root.crt >> certServiceServerByRoot.crt - @echo "####done####" - -#Import signed certificate into certService -step_13: - @echo "Import signed certificate into certService" - keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \ - -storepass secret -noprompt - @echo "####done####" - -#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) -step_14: - @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" - keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ - -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret - @echo "#####done#####" - -#Clear unused certificates -step_15: - @echo "Clear unused certificates" - rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr - @echo "#####done#####" diff --git a/plans/aaf/certservice/cmpServers.json b/plans/aaf/certservice/cmpServers.json deleted file mode 100644 index d6557c52..00000000 --- a/plans/aaf/certservice/cmpServers.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "cmpv2Servers": [ - { - "caName": "Client", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - }, - { - "caName": "RA", - "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", - "authentication": { - "iak": "mypassword", - "rv": "mypassword" - } - } - ] -} diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml deleted file mode 100644 index dcac7df0..00000000 --- a/plans/aaf/certservice/docker-compose.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: "2.1" - -services: - ejbca: - image: primekey/ejbca-ce:6.15.2.5 - hostname: cahostname - container_name: aafcert-ejbca - ports: - - "80:8080" - - "443:8443" - volumes: - - $SCRIPTS_PATH:/opt/primekey/scripts - healthcheck: - test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] - interval: 20s - timeout: 3s - retries: 9 - networks: - - certservice - - aaf-cert-service: - image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest - volumes: - - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json - - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks - - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt - - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks - - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 - container_name: aafcert-service - ports: - - "8443:8443" - depends_on: - ejbca: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"] - interval: 10s - timeout: 3s - retries: 15 - networks: - - certservice - - -networks: - certservice: - driver: bridge - diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh deleted file mode 100755 index 77f5c555..00000000 --- a/plans/aaf/certservice/scripts/ejbca-configuration.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -configureEjbca() { - ejbca.sh config cmp addalias --alias cmpRA - ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra - ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe - ejbca.sh config cmp dumpalias --alias cmpRA - ejbca.sh config cmp addalias --alias cmp - ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true - ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe - ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED - ejbca.sh ra setclearpwd --username Node123 --password mypassword - ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN - ejbca.sh config cmp dumpalias --alias cmp - ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem -} - -configureEjbca diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh deleted file mode 100644 index 1200e964..00000000 --- a/plans/aaf/certservice/setup.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash -# -# Copyright 2020 Nokia. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# ------------------------------------ -# Resolve path to script's directory and cmp servers configuration - -SCRIPT=`realpath $0` -CURRENT_WORKDIR_PATH=`dirname $SCRIPT` -PROJECT_DIRECTORY="plans/aaf/certservice" - -SCRIPTS_DIRECTORY="scripts" - -JENKINS_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$SCRIPTS_DIRECTORY" -LOCAL_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY" - -# ------------------------------------ -#Prepare enviroment for client -#install docker sdk -echo "Uninstall docker-py and reinstall docker." -pip uninstall -y docker-py -pip uninstall -y docker -pip install -U docker==2.7.0 - -#reinstall pyopenssl library -echo "Reinstall pyopenssl library." -pip uninstall pyopenssl -y -pip install pyopenssl==17.5.0 - -#install pyjks for .jks files management -pip install pyjks - -#Disable proxy - for local run -unset http_proxy https_proxy - -#export container name -export ClientContainerName=CertServiceClient -# ------------------------------------ - -if test -d "$JENKINS_SCRIPTS_PATH"; then - SCRIPTS_PATH=$JENKINS_SCRIPTS_PATH -else test -f "$LOCAL_SCRIPTS_PATH"; - SCRIPTS_PATH=$LOCAL_SCRIPTS_PATH -fi -echo "Use scripts from: $SCRIPTS_PATH" - -CONFIGURATION_FILE="cmpServers.json" - -JENKINS_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$CONFIGURATION_FILE" -LOCAL_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE" - -if test -f "$JENKINS_CONFIGURATION_PATH"; then - CONFIGURATION_PATH="$JENKINS_CONFIGURATION_PATH" -else test -f "$LOCAL_CONFIGURATION_PATH"; - CONFIGURATION_PATH=$LOCAL_CONFIGURATION_PATH -fi -echo "Use configuration from: $CONFIGURATION_PATH" - -# ------------------------------------- - -export CONFIGURATION_PATH=${CONFIGURATION_PATH} -export SCRIPTS_PATH=${SCRIPTS_PATH} - -#Generate keystores, truststores, certificates and keys -mkdir -p ${WORKSPACE}/tests/aaf/certservice/assets/certs/ -make all -C ./certs/ -cp ${WORKSPACE}/plans/aaf/certservice/certs/root.crt ${WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt -echo "Generated keystores" -openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt -echo "Generated server certificate" -openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key -echo "Generated server key" - -docker-compose up -d - -AAFCERT_IP='none' -# Wait container ready -for i in {1..9} -do - AAFCERT_IP=`get-instance-ip.sh aafcert-service` - RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \ - python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]') - if [[ "$RESP_CODE" == "UP" ]]; then - echo 'AAF Cert Service is ready' - export AAFCERT_IP=${AAFCERT_IP} - docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh - break - fi - echo 'Waiting for AAF Cert Service to start up...' - sleep 30s -done - -if [ "$AAFCERT_IP" == 'none' -o "$AAFCERT_IP" == '' ]; then - echo "AAF Cert Service is not ready!" - exit 1 # Return error code -fi diff --git a/plans/aaf/certservice/teardown.sh b/plans/aaf/certservice/teardown.sh deleted file mode 100644 index 71e20b7c..00000000 --- a/plans/aaf/certservice/teardown.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# -# Copyright 2017 ZTE, Inc. and others. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -docker-compose down - -make clear -C ./certs/ -echo "Removed old keystores" -rm -rf ${WORKSPACE}/tests/aaf/certservice/assets/certs -echo "Removed old certificates" - -kill-instance.sh ${ClientContainerName} \ No newline at end of file diff --git a/plans/aaf/certservice/testplan.txt b/plans/aaf/certservice/testplan.txt deleted file mode 100755 index 270fc6d4..00000000 --- a/plans/aaf/certservice/testplan.txt +++ /dev/null @@ -1,3 +0,0 @@ -# Test suites are relative paths under [integration/csit.git]/tests/. -# Place the suites in run order. -aaf/certservice diff --git a/plans/oom-platform-cert-service/certservice/certs/Makefile b/plans/oom-platform-cert-service/certservice/certs/Makefile new file mode 100644 index 00000000..ea90c5c7 --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/certs/Makefile @@ -0,0 +1,110 @@ +all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 +.PHONY: all +#Clear certificates +clear: + @echo "Clear certificates" + rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "#####done#####" + +#Generate root private and public keys +step_1: + @echo "Generate root private and public keys" + keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +step_2: + @echo "(Export public key as certificate)" + keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +step_3: + @echo "(Self-signed root (import root certificate into truststore))" + keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +step_4: + @echo "Generate certService's client private and public keys" + keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +step_5: + @echo "Generate certificate signing request for certService's client" + keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +step_6: + @echo "Sign certService's client certificate by root CA" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +step_7: + @echo "Import root certificate into intermediate" + cat root.crt >> certServiceClientByRoot.crt + @echo "####done####" + +#Import signed certificate into certService's client +step_8: + @echo "Import signed certificate into certService's client" + keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +step_9: + @echo "Generate certService private and public keys" + keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +step_10: + @echo "Generate certificate signing request for certService" + keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +step_11: + @echo "Sign certService certificate by root CA" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +step_12: + @echo "Import root certificate into intermediate(server)" + cat root.crt >> certServiceServerByRoot.crt + @echo "####done####" + +#Import signed certificate into certService +step_13: + @echo "Import signed certificate into certService" + keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +step_14: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +step_15: + @echo "Clear unused certificates" + rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/plans/oom-platform-cert-service/certservice/cmpServers.json b/plans/oom-platform-cert-service/certservice/cmpServers.json new file mode 100644 index 00000000..72564949 --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "Client", + "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "mypassword", + "rv": "mypassword" + } + }, + { + "caName": "RA", + "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "mypassword", + "rv": "mypassword" + } + } + ] +} diff --git a/plans/oom-platform-cert-service/certservice/docker-compose.yml b/plans/oom-platform-cert-service/certservice/docker-compose.yml new file mode 100644 index 00000000..b281101a --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/docker-compose.yml @@ -0,0 +1,47 @@ +version: "2.1" + +services: + ejbca: + image: primekey/ejbca-ce:6.15.2.5 + hostname: cahostname + container_name: oomcert-ejbca + ports: + - "80:8080" + - "443:8443" + volumes: + - $SCRIPTS_PATH:/opt/primekey/scripts + healthcheck: + test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"] + interval: 20s + timeout: 3s + retries: 9 + networks: + - certservice + + oom-cert-service: + image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:latest + volumes: + - $CONFIGURATION_PATH:/etc/onap/oom/certservice/cmpServers.json + - ./certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks + - ./certs/root.crt:/etc/onap/oom/certservice/certs/root.crt + - ./certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks + - ./certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 + container_name: oomcert-service + ports: + - "8443:8443" + depends_on: + ejbca: + condition: service_healthy + healthcheck: + test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"] + interval: 10s + timeout: 3s + retries: 15 + networks: + - certservice + + +networks: + certservice: + driver: bridge + diff --git a/plans/oom-platform-cert-service/certservice/scripts/ejbca-configuration.sh b/plans/oom-platform-cert-service/certservice/scripts/ejbca-configuration.sh new file mode 100755 index 00000000..77f5c555 --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/scripts/ejbca-configuration.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password mypassword + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + +configureEjbca diff --git a/plans/oom-platform-cert-service/certservice/setup.sh b/plans/oom-platform-cert-service/certservice/setup.sh new file mode 100644 index 00000000..bee54cde --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/setup.sh @@ -0,0 +1,109 @@ +#!/bin/bash +# +# Copyright 2020 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# ------------------------------------ +# Resolve path to script's directory and cmp servers configuration + +SCRIPT=`realpath $0` +CURRENT_WORKDIR_PATH=`dirname $SCRIPT` +PROJECT_DIRECTORY="plans/oom-platform-cert-service/certservice" + +SCRIPTS_DIRECTORY="scripts" + +JENKINS_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$SCRIPTS_DIRECTORY" +LOCAL_SCRIPTS_PATH="$CURRENT_WORKDIR_PATH/$SCRIPTS_DIRECTORY" + +# ------------------------------------ +#Prepare enviroment for client +#install docker sdk +echo "Uninstall docker-py and reinstall docker." +pip uninstall -y docker-py +pip uninstall -y docker +pip install -U docker==2.7.0 + +#reinstall pyopenssl library +echo "Reinstall pyopenssl library." +pip uninstall pyopenssl -y +pip install pyopenssl==17.5.0 + +#install pyjks for .jks files management +pip install pyjks + +#Disable proxy - for local run +unset http_proxy https_proxy + +#export container name +export ClientContainerName=CertServiceClient +# ------------------------------------ + +if test -d "$JENKINS_SCRIPTS_PATH"; then + SCRIPTS_PATH=$JENKINS_SCRIPTS_PATH +else test -f "$LOCAL_SCRIPTS_PATH"; + SCRIPTS_PATH=$LOCAL_SCRIPTS_PATH +fi +echo "Use scripts from: $SCRIPTS_PATH" + +CONFIGURATION_FILE="cmpServers.json" + +JENKINS_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$CONFIGURATION_FILE" +LOCAL_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE" + +if test -f "$JENKINS_CONFIGURATION_PATH"; then + CONFIGURATION_PATH="$JENKINS_CONFIGURATION_PATH" +else test -f "$LOCAL_CONFIGURATION_PATH"; + CONFIGURATION_PATH=$LOCAL_CONFIGURATION_PATH +fi +echo "Use configuration from: $CONFIGURATION_PATH" + +# ------------------------------------- + +export CONFIGURATION_PATH=${CONFIGURATION_PATH} +export SCRIPTS_PATH=${SCRIPTS_PATH} + +#Generate keystores, truststores, certificates and keys +mkdir -p ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/ +make all -C ./certs/ +cp ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/root.crt ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt +echo "Generated keystores" +openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt +echo "Generated server certificate" +openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key +echo "Generated server key" + +docker-compose up -d + +OOMCERT_IP='none' +# Wait container ready +for i in {1..9} +do + OOMCERT_IP=`get-instance-ip.sh oomcert-service` + RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \ + python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]') + if [[ "$RESP_CODE" == "UP" ]]; then + echo 'OOM Cert Service is ready' + export OOMCERT_IP=${OOMCERT_IP} + docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh + break + fi + echo 'Waiting for OOM Cert Service to start up...' + sleep 30s +done + +if [ "$OOMCERT_IP" == 'none' -o "$OOMCERT_IP" == '' ]; then + echo "OOM Cert Service is not ready!" + exit 1 # Return error code +fi diff --git a/plans/oom-platform-cert-service/certservice/teardown.sh b/plans/oom-platform-cert-service/certservice/teardown.sh new file mode 100644 index 00000000..f531180e --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/teardown.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# +# Copyright 2017 ZTE, Inc. and others. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +docker-compose down + +make clear -C ./certs/ +echo "Removed old keystores" +rm -rf ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs +echo "Removed old certificates" + +kill-instance.sh ${ClientContainerName} \ No newline at end of file diff --git a/plans/oom-platform-cert-service/certservice/testplan.txt b/plans/oom-platform-cert-service/certservice/testplan.txt new file mode 100755 index 00000000..ed9ee127 --- /dev/null +++ b/plans/oom-platform-cert-service/certservice/testplan.txt @@ -0,0 +1,3 @@ +# Test suites are relative paths under [integration/csit.git]/tests/. +# Place the suites in run order. +oom-platform-cert-service/certservice diff --git a/tests/aaf/certservice/assets/invalid.csr b/tests/aaf/certservice/assets/invalid.csr deleted file mode 100644 index 7284ab4d..00000000 --- a/tests/aaf/certservice/assets/invalid.csr +++ /dev/null @@ -1 +0,0 @@ -aaaa \ No newline at end of file diff --git a/tests/aaf/certservice/assets/invalid.key b/tests/aaf/certservice/assets/invalid.key deleted file mode 100644 index 6484fb6f..00000000 --- a/tests/aaf/certservice/assets/invalid.key +++ /dev/null @@ -1 +0,0 @@ -bbbb \ No newline at end of file diff --git a/tests/aaf/certservice/assets/invalid_client_docker.env b/tests/aaf/certservice/assets/invalid_client_docker.env deleted file mode 100644 index e96237ca..00000000 --- a/tests/aaf/certservice/assets/invalid_client_docker.env +++ /dev/null @@ -1,16 +0,0 @@ -#Client envs -REQUEST_TIMEOUT=5000 -OUTPUT_PATH=/var/certs -CA_NAME=Invalid -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.com:sample.com \ No newline at end of file diff --git a/tests/aaf/certservice/assets/invalid_client_docker_output_type.env b/tests/aaf/certservice/assets/invalid_client_docker_output_type.env deleted file mode 100644 index cff46646..00000000 --- a/tests/aaf/certservice/assets/invalid_client_docker_output_type.env +++ /dev/null @@ -1,17 +0,0 @@ -#Client envs -REQUEST_TIMEOUT=30000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=INV -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.com:sample.com diff --git a/tests/aaf/certservice/assets/valid_client.csr b/tests/aaf/certservice/assets/valid_client.csr deleted file mode 100644 index 59e5c6af..00000000 --- a/tests/aaf/certservice/assets/valid_client.csr +++ /dev/null @@ -1 +0,0 @@ -LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREVqQ0NBZm9DQVFBd2daZ3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhEQTFUWVc0dFJuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0RCQk1hVzUxZUMxR2IzVnVaR0YwCmFXOXVNUTB3Q3dZRFZRUUxEQVJQVGtGUU1SQXdEZ1lEVlFRRERBZE9iMlJsTVRJek1TQXdIZ1lKS29aSWh2Y04KQVFrQkZoRkRiMjF0YjI1T1lXMWxRR051TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQwpBUW9DZ2dFQkFOa0dmdXNKN25CQkt3dG5DdEdpa2pwSzFvcE1HUlhQWXVzbG05eG9VS0xiTk8zeG9Mb3dDOVF0ClBuV2lDVUQrNVUrK1pmQXhpaGdxN29TYWh6dWdrTitwSm5DeG1mNFZTM2g4amk3YTU0QUJ4UmVJN2plQ3Z6RHMKNDkvVU5DNzMyN3NmaGI2NWJ1cnVMQkhibHNkQUFidkExa1NaeG52VWNvNElJczRiY0JRQlVDSFRoWVVDWXJrbwppSGR2N3cyMGkvWm5ha0ltMGNncEtaMzlUUU1qeVl2Q2tkNE1aRTJ1TGE4NkdEUVNuZ2lvb0tCenArclpvWFovCkI3cEc1SGhKd3FTZVRVRktnM2d0MUJxMnhvZzYydjJTbzVjMnZyVG0zSDdjNFJMbzlsaC9jMUxJd1BRUVlTYWUKMlRORGJlUnZmUlFzczFtUTVZa1VXdE5DeWJaTXplTUNBd0VBQWFBME1ESUdDU3FHU0liM0RRRUpEakVsTUNNdwpJUVlEVlIwUkJCb3dHSUlIVG05a1pURXlNNElOZEdWemRDNXZibUZ3TG05eVp6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBcnBIc0ZaLzBpaDdQa0JEeW1DR0FkcnRxU0VVOVdyK1l4SHE5cjlhaFpLbXQrQ1lSMlpCN1pSUGwKT0JYQWlKQVAyeTlxeWtZUnNqUUJvMncycE9GSEJRdWV1VjgzU0tsaWtlVm9na1kxUUhzTEtyVU1heitxZWRrYQpKYkVVMnNqRU9YcVpHMmhYbS9jaGQwMFEwQU8rODlLOU4yYndTSGx2V2prSEdtYTBHeTl4ZUNNVXBTcUNCekJ1CkdoL2JVdFdzcUd1YWtSYW9VSS9OalFoRFpZTThjTVBnaWlLbGNIT3A5QzNBOFJ4VmtNZkxOaUxpczRzbGM2b0YKRU9KcjFwVkNBWURzQ3BPSWdHaE51L2VUSkpXay9ZSi9IWmw2L3RKcEZOcGtIdWc3dG9HUUlLNVp3WHpDVGIxUgo3WUoraG9ydzF0R1lIRFFFYXQ0NVlLOEdwRFJUeVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0= \ No newline at end of file diff --git a/tests/aaf/certservice/assets/valid_client.pk b/tests/aaf/certservice/assets/valid_client.pk deleted file mode 100644 index c84908ff..00000000 --- a/tests/aaf/certservice/assets/valid_client.pk +++ /dev/null @@ -1 +0,0 @@ -LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFpCbjdyQ2U1d1FTc0wKWndyUm9wSTZTdGFLVEJrVnoyTHJKWnZjYUZDaTJ6VHQ4YUM2TUF2VUxUNTFvZ2xBL3VWUHZtWHdNWW9ZS3U2RQptb2M3b0pEZnFTWndzWm4rRlV0NGZJNHUydWVBQWNVWGlPNDNncjh3N09QZjFEUXU5OXU3SDRXK3VXN3E3aXdSCjI1YkhRQUc3d05aRW1jWjcxSEtPQ0NMT0czQVVBVkFoMDRXRkFtSzVLSWgzYis4TnRJdjJaMnBDSnRISUtTbWQKL1UwREk4bUx3cEhlREdSTnJpMnZPaGcwRXA0SXFLQ2djNmZxMmFGMmZ3ZTZSdVI0U2NLa25rMUJTb040TGRRYQp0c2FJT3RyOWtxT1hOcjYwNXR4KzNPRVM2UFpZZjNOU3lNRDBFR0VtbnRrelEyM2tiMzBVTExOWmtPV0pGRnJUClFzbTJUTTNqQWdNQkFBRUNnZ0VBRm53cnppSTdSL29ZZ1pmdGNRYk02Nmt4VFNiUk9vZEFFbWpWR3lMYnArUGEKT2dUY3lDMk9MQzk3MXlnd21VRlBkTkdmTWlHUDB5MHZoU0dWZlVJSGdJUy83TkVaeVU5ZmdGNDNSUGQ5SUxBTwpRWC80WGx2M2Z4UXNEOWFtaVc4NG5zeUhTTmxoZW9tdW16TUxEaDI5a0R4TWR0TVAwMmlSYmRHOStXaXlWZ0FUCitpRlViRDRmRUtlQWl4eDRNUmswMmVzU001dERSVmRicHlHQzR4bzNSMGtPdU5MY21jWUlReE1HVFN5ZS85cEUKV21OcmkyNitZTUJNU1k1aUxrb055WlQ4U0tnaFV1R2JwRXpZUUM5dnpyQXpzS2RoNi8xVDJlSVA5eW9WU2dFZAprSjBoN0ZOY1pRa2pxY3YzR2oxMXRzTEw4aVJyWFBMclFncU02OW1uc1FLQmdRRHZlZVdBTkJpcFJGTzk3L0tNCk9WK2RIbTg1TXdLbXQ2bFZrakx5cDlDYUI1YTZUbzVVZnVmN215aWlDQ0tjcEtEcGdLZVhVTnlLM0hvMTJyTDYKZ09GVzVBOUpjT0hEWjUyeXRnNUZLNE91Zm9vTXUvbk5FTFcwS0lJUHo3Ni9FcGZ0M2orWmlORVVvV3BRNFN1WQphYmFwT0lVdWRaaXZwa1BicW5uUGpXa0szUUtCZ1FEb0FBZHBVYmpRREhNRlpiN2RKeExoVGNGSzBuWGZ5WmhNCkpkWXczR0J4U2N1TXNCVkZQdlAzRWVpS1RCbkY5Q2dodU9DNmRQUXltSStHbitraHFsWExBSit2T1NHUms3dUwKUStvQzhjMlJ3cXZtK3NyVm5VaDJ0bi9ZMVA4Uk1MTklLVUZaSVpxREJmQnFXWDh1SmQ3Q0Rkclg0RUxPQUhBZgpEcUJ5eXVuUHZ3S0JnUURKaG13U3drU0tsVHhmbDRBbWJ0VytrL0VIVXAwRmpZTkx4cGRuU3IrcUQzN1JVL0JFCnZQTWQ4a2wwYWFJdTdmK1g0TE9vQzkwOFlpUGFGQ3dQME10UTR1VFdhYzhqTUp3dDJ6VVJFbmhqTEl1aUFjSksKeHFnU2J4QmNtL2VxTmN4eTJWZnVMWXU5YjhUWFFWWDlrZUNzY1NycW1QMmZ1eXhadkJGOEQwVjVaUUtCZ1FDYwo1eUFjRDRRQldOb1ZoV2xmSWtUM2tXR3ZtOFRTbEFIblJoT2xPZllUeUVmY24xM1RWaThqSXI1MWdlQlFhNzhVCmgzZWRRdW5BcWtNdlZra1NWcVB0UmorNC90ZUFJRHpQaEIvbzIrWWV0VjBUT3Z3aEdsMWV4RENVMGdDcmZKZFQKcjJzZHY4ZEM0NnBrRXFFYjhjckV6Ui83cmhVZ1ExV1ErNUJ4OGwvTSt3S0JnQkJGMFJDVzZUaUJpQUkxY0NvTgo0NW1DbThuNnNrVS8vZ1kvb0ZueitUbExiZWN0U0lJcEgrbm1MWHFWamV4L1NPOGVNOE1Iekp5ZWRlWUxHck1LCnQwQ2t5a0h5cTQrOW5oSlB0aWQ2bzQra2o2MTRQQUVtYktKZytxYW90ckZmdWpDM3hEb00wQkdXYlcwRmR2WkwKR09tWXEwbnZ1TzY1UjJtWUlpREtiNm9GCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= \ No newline at end of file diff --git a/tests/aaf/certservice/assets/valid_client_docker.env b/tests/aaf/certservice/assets/valid_client_docker.env deleted file mode 100644 index 55fefa3e..00000000 --- a/tests/aaf/certservice/assets/valid_client_docker.env +++ /dev/null @@ -1,16 +0,0 @@ -#Client envs -REQUEST_TIMEOUT=30000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.com:sample.com \ No newline at end of file diff --git a/tests/aaf/certservice/assets/valid_client_docker_jks.env b/tests/aaf/certservice/assets/valid_client_docker_jks.env deleted file mode 100644 index 19de0750..00000000 --- a/tests/aaf/certservice/assets/valid_client_docker_jks.env +++ /dev/null @@ -1,17 +0,0 @@ -#Client envs -REQUEST_TIMEOUT=30000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=JKS -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.com:sample.com diff --git a/tests/aaf/certservice/assets/valid_client_docker_p12.env b/tests/aaf/certservice/assets/valid_client_docker_p12.env deleted file mode 100644 index 0f1cfc28..00000000 --- a/tests/aaf/certservice/assets/valid_client_docker_p12.env +++ /dev/null @@ -1,17 +0,0 @@ -#Client envs -REQUEST_TIMEOUT=30000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=P12 -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.com:sample.com diff --git a/tests/aaf/certservice/assets/valid_client_docker_pem.env b/tests/aaf/certservice/assets/valid_client_docker_pem.env deleted file mode 100644 index f704f21e..00000000 --- a/tests/aaf/certservice/assets/valid_client_docker_pem.env +++ /dev/null @@ -1,17 +0,0 @@ -#Client envs -REQUEST_TIMEOUT=30000 -OUTPUT_PATH=/var/certs -CA_NAME=RA -OUTPUT_TYPE=PEM -KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks -KEYSTORE_PASSWORD=secret -TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks -TRUSTSTORE_PASSWORD=secret -#Csr config envs -COMMON_NAME=onap.org -ORGANIZATION=Linux-Foundation -ORGANIZATION_UNIT=ONAP -LOCATION=San-Francisco -STATE=California -COUNTRY=US -SANS=example.com:sample.com diff --git a/tests/aaf/certservice/assets/valid_ra.csr b/tests/aaf/certservice/assets/valid_ra.csr deleted file mode 100644 index 5decd8ee..00000000 --- a/tests/aaf/certservice/assets/valid_ra.csr +++ /dev/null @@ -1 +0,0 @@ -LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRERqQ0NBZllDQVFBd2daWXhDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhEQTFUWVc0dFJuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0RCQk1hVzUxZUMxR2IzVnVaR0YwCmFXOXVNUTB3Q3dZRFZRUUxEQVJQVGtGUU1RNHdEQVlEVlFRRERBVkRiREV5TXpFZ01CNEdDU3FHU0liM0RRRUoKQVJZUlEyOXRiVzl1VG1GdFpVQmpiaTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDL2VCWEprWi80UFdQV2F4Qy9veW9ybmNjdzNiVlM2QmRJbzJUaGh0SzU4OG9wczg4RG8zZkN3Tkk0Cm1aV0xhYUEzbi9lVzJ6SG1TVENzeE4yd1BCREJhWWNwNmxCN1B5bmJDd1ZmcU55ZWhNNWFXQjY4TXFWKzVEcTQKc1BhT0haandNYnlSMTA3dHh3dGtub3lZeHh3SzVCY21vUkNkTjhxYndpY2Q0ajd4bDVDeVBiV1hyYUc0bFY3SgpRU1hlYmRJVUkvaVVNY3dKVThFdEgxZnNUS01CVTNMTE5pSlJsMzBJSGZQSEhZVndWVGhOUC82cFo5WktOeHR5Cm5oK2ZJaUZpNm9mU2h1dXRFZ25xRXdxS2UyenRUV20xYTNGNVlIUk5Pb1FMODA0OXhhQWNhanVTaEZnejZOZzYKOWRha1hhdkd5ejlrOUJHMDh3TU9BejFNQlBoL0FnTUJBQUdnTWpBd0Jna3Foa2lHOXcwQkNRNHhJekFoTUI4RwpBMVVkRVFRWU1CYUNCVU5zTVRJemdnMTBaWE4wTG05dVlYQXViM0puTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCCkFRQ1kwaUxKQWpWS3FSc0dBdTJOVzBHaGdPbTAvdkF0RmNNTWJOTTRBUGFNS2hiWTd6SGdob2U5VHMxTlBaUXkKSnZFRHJzOFhsSWIxeFN4NXJ1dktlY0JzamVLbEIzaU13V0dDeGViQ0lCMEsvbTV0YWI4cGtYQU0wVmJ3QTVIOAprWGRJS0xwK2grTVRLRnBNczY0OHk3eFRtcGFmb05CWld2d1ArODRsR295RDROZWJiRTN1anY1R21Id1JuK0xQCkRRNmJjSWxoWGNSN0JEMnZYNFdqdmY1YmVwL00yeVd4SkJPaTRzYjQ1NWdtTVpvYUJGSjF2OWpybUd6aDk2THEKck9NTEhCK1VOS0o1Tm1aQXZZVkNaNFVvVFpXZ3VQZVlMaXR6U2F0L0l3RGdJb3NSYXQrUGdJSkJWbXgzY212LwpJU0tncmRxckpKVFlmWGZrRnE5RG5vWHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0t \ No newline at end of file diff --git a/tests/aaf/certservice/assets/valid_ra.pk b/tests/aaf/certservice/assets/valid_ra.pk deleted file mode 100644 index b1ad633a..00000000 --- a/tests/aaf/certservice/assets/valid_ra.pk +++ /dev/null @@ -1 +0,0 @@ -LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQy9lQlhKa1ovNFBXUFcKYXhDL295b3JuY2N3M2JWUzZCZElvMlRoaHRLNTg4b3BzODhEbzNmQ3dOSTRtWldMYWFBM24vZVcyekhtU1RDcwp4TjJ3UEJEQmFZY3A2bEI3UHluYkN3VmZxTnllaE01YVdCNjhNcVYrNURxNHNQYU9IWmp3TWJ5UjEwN3R4d3RrCm5veVl4eHdLNUJjbW9SQ2ROOHFid2ljZDRqN3hsNUN5UGJXWHJhRzRsVjdKUVNYZWJkSVVJL2lVTWN3SlU4RXQKSDFmc1RLTUJVM0xMTmlKUmwzMElIZlBISFlWd1ZUaE5QLzZwWjlaS054dHluaCtmSWlGaTZvZlNodXV0RWducQpFd3FLZTJ6dFRXbTFhM0Y1WUhSTk9vUUw4MDQ5eGFBY2FqdVNoRmd6Nk5nNjlkYWtYYXZHeXo5azlCRzA4d01PCkF6MU1CUGgvQWdNQkFBRUNnZ0VCQUxOUFE2QXN0OUpqczU3M1Q0MFl3Z0pzMVVGbk1FdC9QV2J5VmlSNi9kZlYKZnN0Rk1DYXBMUnYvTmlCNWZMbzk1aVNScyszY1EwUDE0UmE3bXgxVGN5R2VzVTFJdWF4aVA5RjU1Y05yUVlsVwp1R1dWUnR0YTF2QVp6d0J1QWNpZjRUMTRacTl5SXVHOVdXY1dzSGJYYU9TdUxSd3BGSVVYM2ErMnlLbE0yME9sCjI2T0o2MDk2RjBtZWIvR1RMUTdLVms4MnBiOW5xSHE4OUtTY1VVZjA0b3FtV2kxdkRHMDVUUkNncHdGc1dtUHYKYVQyamNkN2x1TTdSWFFZN3Y3Ylp0Qjk1MzdMVDBHZHMyWnRSazBDK0JZVWxlYVR4VXNCcTJvM3FvRWN2T3NINQp3SUVEMElZc3h0anFuaSttaGRwVzdrSHViWFpoeVRKczYxQnBoTHkxZHFrQ2dZRUE5Vzc4bm0vZ0wxNmdCK3BJClJucTRvMVowR21xYlJpQXlCWm1QN25WK0RJRzBvZkdSSlR4bFBHT3JDd3QySUFjSVpxT3d0ZDVXdjd1KzdpdHAKVjdXNG1WQlh1NDZabTIzZ2RSMkpwNUpRWnRCaElxa3B3ZVBTN1doYjZ2YjFGT0tiWXFLZXoyYWdNSzFnZHZxawpLcmVYMmd4bXhjTmN4cDFoM1hHYWlhNDdTU3NDZ1lFQXg3WldFREpMbC9lbnp5UE1jOEF4QWszZFhLaVhhNXhBCnRzSzM5YUMrQ1BOaGV4YnBtNHlmc0JzL0hrdzJzdEk1Y3FEVnlrZGU2L05yM21Femg2RDJoK05tQmxwZ3RyaU8KK3R4RDJqRzRMME9mVEFXeEFsTzBwY2syNm1UUkt4VHlhWlBhcklidW42dXFlVThVNmQyeDkzS2ZQV1N0LzQ2ZQpFTnF6V2M3U2UvMENnWUIwd0w5YmYwemVPOTFVNXBaTE1NWDByWU85clVrQUt3Q2d1VlJHMDQySzFZamdJTkl6CkxHL2NNbTJEYTRoZDQvcVRHUHRQQ04ycmg5eGo0RExVanBXcUdSWWpHc3JuclhWQlFUUGlpeS9FT1F4OE9JeXMKdDN2M2c5VjJDTlM5Z3E3NFZQUEhKY0srWlR1bVhjVUtyUnVIbHE2dEZTcGxNU2tFOXEzVklSVUMwUUtCZ1FDNQpHQ0VEdWRtZDZ3WTRVUEY0aGpQbDhzeXF5QVl1MGc2WVZEZXpDMXVWYUJ4OHZHdWVvdUtOa1hNYVhZQ0VrNXB5Cnh1WGVKKyt0dDFuT0xVQlkvN0g5bDZCRFd4Z3Z3VFdqQXVwUUc2eWRBWXR1SmdnOEkrQlZsdnV5bWVYU2pBTncKSG55WlVpVnZEdWRjcnhLdS9hMm5yVEF3OGxMaGZBaTdqamFUa2NBNjhRS0JnRmRMREQycVc4RStHb3FhU1hFYgphT0w0ZHhNY1MyQnc0Ni92T1ZDREw4WGExbis4WVA0MHdDbXg2eEc4ZDdFUjdUTjFSUWovNElKRjByajl4bFhiCnFJejVkSGNBM3JKTVpKTHc4MmJURDR0S1VZNVZtOFVGQnE4NHhzaG4yblJqdTZkaTMrTkk1ajFMMVExcjBiU28KVnZCZE1zS0F1RXdiRS85aDlsbjFCRkNsCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= \ No newline at end of file diff --git a/tests/aaf/certservice/cert-service-test.robot b/tests/aaf/certservice/cert-service-test.robot deleted file mode 100644 index ddf7a174..00000000 --- a/tests/aaf/certservice/cert-service-test.robot +++ /dev/null @@ -1,90 +0,0 @@ -*** Settings *** - -Documentation AAF Cert Service API test case scenarios -Library RequestsLibrary -Resource ./resources/cert-service-keywords.robot - -Suite Setup Create sessions - -*** Test Cases *** - -Health Check - [Tags] AAF-CERT-SERVICE - [Documentation] Service is up and running - Run health check - -Reload Configuration - [Tags] AAF-CERT-SERVICE - [Documentation] Configuration was changed - Send Get Request And Validate Response /reload 200 - -Check if application is ready - [Tags] AAF-CERT-SERVICE - [Documentation] Send request to /ready endpoint and expect 200 - Send Get Request And Validate Response /ready 200 - -Generate Certificate In RA Mode For CA Name - [Tags] AAF-CERT-SERVICE - [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 - Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_CSR_FILE} ${VALID_RA_PK_FILE} - -Report Not Found Error When Path To Service Is Not Valid - [Tags] AAF-CERT-SERVICE - [Documentation] Send request to ${CERT_SERVICE_ENDPOINT} endpoint and expect 404 - Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT} ${VALID_CLIENT_CSR_FILE} ${VALID_CLIENT_PK_FILE} 404 - -Report Bad Request Error When Header Is Missing In Request - [Tags] AAF-CERT-SERVICE - [Documentation] Send request without header to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 - Send Get Request And Validate Response ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} 400 - -Report Bad Request Error When CSR Is Not Valid - [Tags] AAF-CERT-SERVICE - [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 - Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${INVALID_CSR_FILE} ${VALID_CLIENT_PK_FILE} 400 - -Report Bad Request Error When PK Is Not Valid - [Tags] AAF-CERT-SERVICE - [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 - Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400 - -Cert Service Client successfully creates keystore.p12 and truststore.p12 - [Tags] AAF-CERT-SERVICE - [Documentation] Run with correct env and expected exit code 0 - Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0 - -Cert Service Client successfully creates keystore.jks and truststore.jks - [Tags] AAF-CERT-SERVICE - [Documentation] Run with correct env and expected exit code 0 - Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0 - -Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE - [Tags] AAF-CERT-SERVICE - [Documentation] Run with correct env and PKCS12 files created with correct data - Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0 - -Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS - [Tags] AAF-CERT-SERVICE - [Documentation] Run with correct env and JKS files created with correct data - Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0 - -Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12 - [Tags] AAF-CERT-SERVICE - [Documentation] Run with correct env and PKCS12 files created with correct data - Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0 - -Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM - [Tags] AAF-CERT-SERVICE - [Documentation] Run with correct env and PEM files created with correct data - Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0 - -Cert Service Client reports error when OUTPUT_TYPE is invalid - [Tags] AAF-CERT-SERVICE - [Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1 - Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1 - -Run Cert Service Client Container And Validate Exit Code And API Response - [Tags] AAF-CERT-SERVICE - [Documentation] Run with invalid CaName env and expected exit code 5 - Run Cert Service Client And Validate Http Response Code And Client Exit Code ${INVALID_ENV_FILE} 404 5 - diff --git a/tests/aaf/certservice/libraries/ArtifactParser.py b/tests/aaf/certservice/libraries/ArtifactParser.py deleted file mode 100644 index 54e8d0ff..00000000 --- a/tests/aaf/certservice/libraries/ArtifactParser.py +++ /dev/null @@ -1,40 +0,0 @@ -from cryptography.x509.oid import ExtensionOID -from cryptography import x509 - -class ArtifactParser: - - def __init__(self, mount_path, ext): - self.keystorePassPath = mount_path + '/keystore.pass' - self.keystorePath = mount_path + '/keystore.' + ext - self.truststorePassPath = mount_path + '/truststore.pass' - self.truststorePath = mount_path + '/truststore.' + ext - - def contains_expected_data(self, data): - expectedData = data.expectedData - actualData = data.actualData - return cmp(expectedData, actualData) == 0 - - def get_owner_data_from_certificate(self, certificate): - list = certificate.get_subject().get_components() - return dict((k, v) for k, v in list) - - def get_sans(self, cert): - extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) - dnsList = extension.value.get_values_for_type(x509.DNSName) - return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList)) - - def get_envs_as_dict(self, list): - envs = self.get_list_of_pairs_by_mappings(list) - return self.remove_nones_from_dict(envs) - - def remove_nones_from_dict(self, dictionary): - return dict((k, v) for k, v in dictionary.iteritems() if k is not None) - - def get_list_of_pairs_by_mappings(self, list): - mappings = self.get_mappings() - listOfEnvs = map(lambda k: k.split('='), list) - return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs) - - def get_mappings(self): - return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'} - diff --git a/tests/aaf/certservice/libraries/CertClientManager.py b/tests/aaf/certservice/libraries/CertClientManager.py deleted file mode 100644 index a4a0df23..00000000 --- a/tests/aaf/certservice/libraries/CertClientManager.py +++ /dev/null @@ -1,72 +0,0 @@ -import docker -import os -import shutil -import re -from EnvsReader import EnvsReader -from docker.types import Mount - -ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/" - -ERROR_API_REGEX = 'Error on API response.*[0-9]{3}' -RESPONSE_CODE_REGEX = '[0-9]{3}' - - -class CertClientManager: - - def __init__(self, mount_path, truststore_path): - self.mount_path = mount_path - self.truststore_path = truststore_path - - def run_client_container(self, client_image, container_name, path_to_env, request_url, network): - self.create_mount_dir() - client = docker.from_env() - environment = EnvsReader().read_env_list_from_file(path_to_env) - environment.append("REQUEST_URL=" + request_url) - container = client.containers.run( - image=client_image, - name=container_name, - environment=environment, - network=network, - user='root', # Run container as root to avoid permission issues with volume mount access - mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'), - Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')], - detach=True - ) - exitcode = container.wait() - return exitcode - - def remove_client_container_and_save_logs(self, container_name, log_file_name): - client = docker.from_env() - container = client.containers.get(container_name) - text_file = open(ARCHIVES_PATH + "client_container_" + log_file_name + ".log", "w") - text_file.write(container.logs()) - text_file.close() - container.remove() - self.remove_mount_dir() - - def create_mount_dir(self): - if not os.path.exists(self.mount_path): - os.makedirs(self.mount_path) - - def remove_mount_dir(self): - shutil.rmtree(self.mount_path) - - def can_find_api_response_in_logs(self, container_name): - logs = self.get_container_logs(container_name) - api_logs = re.findall(ERROR_API_REGEX, logs) - if api_logs: - return True - else: - return False - - def get_api_response_from_logs(self, container_name): - logs = self.get_container_logs(container_name) - error_api_message = re.findall(ERROR_API_REGEX, logs) - code = re.findall(RESPONSE_CODE_REGEX, error_api_message[0]) - return code[0] - - def get_container_logs(self, container_name): - client = docker.from_env() - container = client.containers.get(container_name) - logs = container.logs() - return logs diff --git a/tests/aaf/certservice/libraries/EnvsReader.py b/tests/aaf/certservice/libraries/EnvsReader.py deleted file mode 100644 index cc60eed6..00000000 --- a/tests/aaf/certservice/libraries/EnvsReader.py +++ /dev/null @@ -1,11 +0,0 @@ - -class EnvsReader: - - def read_env_list_from_file(self, path): - f = open(path, "r") - r_list = [] - for line in f: - line = line.strip() - if line[0] != "#": - r_list.append(line) - return r_list diff --git a/tests/aaf/certservice/libraries/JksArtifactsValidator.py b/tests/aaf/certservice/libraries/JksArtifactsValidator.py deleted file mode 100644 index e2fdde91..00000000 --- a/tests/aaf/certservice/libraries/JksArtifactsValidator.py +++ /dev/null @@ -1,45 +0,0 @@ -import jks -from OpenSSL import crypto -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -from EnvsReader import EnvsReader -from ArtifactParser import ArtifactParser - -class JksArtifactsValidator: - - def __init__(self, mount_path): - self.parser = ArtifactParser(mount_path, "jks") - - def get_and_compare_data_jks(self, path_to_env): - data = self.get_data_jks(path_to_env) - return data, self.parser.contains_expected_data(data) - - def get_keystore(self): - keystore = jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read()) - return keystore.private_keys['certificate'].cert_chain[0][1] - - def get_truststore(self): - truststore = jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read()) - return truststore.certs - - def can_open_keystore_and_truststore_with_pass_jks(self): - try: - jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read()) - jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read()) - return True - except: - return False - - def get_data_jks(self, path_to_env): - envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) - certificate = self.get_keystore_certificate() - data = self.parser.get_owner_data_from_certificate(certificate) - data['SANS'] = self.parser.get_sans(certificate) - return type('', (object,), {"expectedData": envs, "actualData": data}) - - def get_keystore_certificate(self): - return crypto.X509.from_cryptography(self.load_x509_certificate(self.get_keystore())) - - def load_x509_certificate(self, data): - cert = x509.load_der_x509_certificate(data, default_backend()) - return cert diff --git a/tests/aaf/certservice/libraries/P12ArtifactsValidator.py b/tests/aaf/certservice/libraries/P12ArtifactsValidator.py deleted file mode 100644 index b0701718..00000000 --- a/tests/aaf/certservice/libraries/P12ArtifactsValidator.py +++ /dev/null @@ -1,37 +0,0 @@ -from OpenSSL import crypto -from EnvsReader import EnvsReader -from ArtifactParser import ArtifactParser - -class P12ArtifactsValidator: - - def __init__(self, mount_path): - self.parser = ArtifactParser(mount_path, "p12") - - def get_and_compare_data_p12(self, path_to_env): - data = self.get_data(path_to_env) - return data, self.parser.contains_expected_data(data) - - def can_open_keystore_and_truststore_with_pass(self): - can_open_keystore = self.can_open_store_file_with_pass_file(self.parser.keystorePassPath, self.parser.keystorePath) - can_open_truststore = self.can_open_store_file_with_pass_file(self.parser.truststorePassPath, self.parser.truststorePath) - - return can_open_keystore & can_open_truststore - - def can_open_store_file_with_pass_file(self, pass_file_path, store_file_path): - try: - self.get_certificate(pass_file_path, store_file_path) - return True - except: - return False - - def get_data(self, path_to_env): - envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) - certificate = self.get_certificate(self.parser.keystorePassPath, self.parser.keystorePath) - data = self.parser.get_owner_data_from_certificate(certificate) - data['SANS'] = self.parser.get_sans(certificate) - return type('', (object,), {"expectedData": envs, "actualData": data}) - - def get_certificate(self, pass_file_path, store_file_path): - password = open(pass_file_path, 'rb').read() - crypto.load_pkcs12(open(store_file_path, 'rb').read(), password) - return crypto.load_pkcs12(open(store_file_path, 'rb').read(), password).get_certificate() diff --git a/tests/aaf/certservice/libraries/PemArtifactsValidator.py b/tests/aaf/certservice/libraries/PemArtifactsValidator.py deleted file mode 100644 index 46e0357e..00000000 --- a/tests/aaf/certservice/libraries/PemArtifactsValidator.py +++ /dev/null @@ -1,39 +0,0 @@ -import os -from OpenSSL import crypto -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -from EnvsReader import EnvsReader -from ArtifactParser import ArtifactParser - -class PemArtifactsValidator: - - def __init__(self, mount_path): - self.parser = ArtifactParser(mount_path, "pem") - self.key = mount_path + '/key.pem' - - def get_and_compare_data_pem(self, path_to_env): - data = self.get_data_pem(path_to_env) - return data, self.parser.contains_expected_data(data) - - def artifacts_exist_and_are_not_empty(self): - keystoreExists = self.file_exists_and_is_not_empty(self.parser.keystorePath) - truststoreExists = self.file_exists_and_is_not_empty(self.parser.truststorePath) - keyExists = self.file_exists_and_is_not_empty(self.key) - return keystoreExists and truststoreExists and keyExists - - def file_exists_and_is_not_empty(self, pathToFile): - return os.path.isfile(pathToFile) and os.path.getsize(pathToFile) > 0 - - def get_data_pem(self, path_to_env): - envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) - certificate = self.get_keystore_certificate() - data = self.parser.get_owner_data_from_certificate(certificate) - data['SANS'] = self.parser.get_sans(certificate) - return type('', (object,), {"expectedData": envs, "actualData": data}) - - def get_keystore_certificate(self): - return crypto.X509.from_cryptography(self.load_x509_certificate()) - - def load_x509_certificate(self): - cert = x509.load_pem_x509_certificate(open(self.parser.keystorePath, 'rb').read(), default_backend()) - return cert diff --git a/tests/aaf/certservice/resources/cert-service-keywords.robot b/tests/aaf/certservice/resources/cert-service-keywords.robot deleted file mode 100644 index 39c26a6a..00000000 --- a/tests/aaf/certservice/resources/cert-service-keywords.robot +++ /dev/null @@ -1,154 +0,0 @@ -*** Settings *** - -Resource ../../../common.robot -Resource ./cert-service-properties.robot -Library RequestsLibrary -Library HttpLibrary.HTTP -Library Collections -Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH} -Library ../libraries/P12ArtifactsValidator.py ${MOUNT_PATH} -Library ../libraries/JksArtifactsValidator.py ${MOUNT_PATH} -Library ../libraries/PemArtifactsValidator.py ${MOUNT_PATH} - -*** Keywords *** - -Create sessions - [Documentation] Create all required sessions - ${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY} - Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA} - Set Suite Variable ${https_valid_cert_session} alias - -Run Healthcheck - [Documentation] Run Healthcheck - ${resp}= Get Request ${https_valid_cert_session} /actuator/health - Should Be Equal As Strings ${resp.status_code} 200 - Validate Recieved Response ${resp} status UP - -Validate Recieved Response - [Documentation] Validare message that has been received - [Arguments] ${resp} ${key} ${expected_value} - ${json}= Parse Json ${resp.content} - ${value}= Get From Dictionary ${json} ${key} - Should Be Equal As Strings ${value} ${expected_value} - -Send Get Request And Validate Response - [Documentation] Send request to passed url and validate received response - [Arguments] ${path} ${resp_code} - ${resp}= Get Request ${https_valid_cert_session} ${path} - Should Be Equal As Strings ${resp.status_code} ${resp_code} - -Send Get Request with Header - [Documentation] Send request to passed url - [Arguments] ${path} ${csr_file} ${pk_file} - [Return] ${resp} - ${headers}= Create Header with CSR and PK ${csr_file} ${pk_file} - ${resp}= Get Request ${https_valid_cert_session} ${path} headers=${headers} - -Send Get Request with Header And Expect Success - [Documentation] Send request to passed url and validate received response - [Arguments] ${path} ${csr_file} ${pk_file} - ${resp}= Send Get Request with Header ${path} ${csr_file} ${pk_file} - Should Be Equal As Strings ${resp.status_code} 200 - Check Message Recieved On Success ${resp.content} - -Check Message Recieved On Success - [Documentation] Check if correct messsage has been sent on successful request - [Arguments] ${content} - ${resp_content}= Parse Json ${content} - Dictionary Should Contain Key ${resp_content} certificateChain - @{list}= Get From Dictionary ${resp_content} certificateChain - List Should Contain Certificates @{list} - Dictionary Should Contain Key ${resp_content} trustedCertificates - -List Should Contain Certificates - [Documentation] Verify if list contains certificates - [Arguments] @{list} - :FOR ${content} IN @{list} - \ Should Contain ${content} BEGIN CERTIFICATE - \ Should Contain ${content} END CERTIFICATE - -Send Get Request with Header And Expect Error - [Documentation] Send request to passed url and validate received response - [Arguments] ${path} ${csr_file} ${pk_file} ${resp_code} - ${resp}= Send Get Request with Header ${path} ${csr_file} ${pk_file} - Should Be Equal As Strings ${resp.status_code} ${resp_code} - -Create Header with CSR and PK - [Documentation] Create header with CSR and PK - [Arguments] ${csr_file} ${pk_file} - [Return] ${headers} - ${csr}= Get Data From File ${csr_file} - ${pk}= Get Data From File ${pk_file} - ${headers}= Create Dictionary CSR=${csr} PK=${pk} - -Send Post Request And Validate Response - [Documentation] Send request to passed url and validate received response - [Arguments] ${path} ${resp_code} - ${resp}= Post Request ${https_valid_cert_session} ${path} - Should Be Equal As Strings ${resp.status_code} ${resp_code} - -Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code - [Documentation] Run Cert Service Client Container And Validate Exit Code - [Arguments] ${env_file} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${can_open}= Can Open Keystore And Truststore With Pass - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} - Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase - -Run Cert Service Client And Validate JKS File Creation And Client Exit Code - [Documentation] Run Cert Service Client Container And Validate Exit Code - [Arguments] ${env_file} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${can_open}= Can Open Keystore And Truststore With Pass Jks - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} - Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase - -Run Cert Service Client And Validate PKCS12 Files Contain Expected Data - [Documentation] Run Cert Service Client Container And Validate PKCS12 Files Contain Expected Data - [Arguments] ${env_file} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${data} ${isEqual}= Get And Compare Data P12 ${env_file} - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} - Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} - -Run Cert Service Client And Validate JKS Files Contain Expected Data - [Documentation] Run Cert Service Client Container And Validate JKS Files Contain Expected Data - [Arguments] ${env_file} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${data} ${isEqual}= Get And Compare Data Jks ${env_file} - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} - Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} - -Run Cert Service Client And Validate PEM Files Contain Expected Data - [Documentation] Run Cert Service Client Container And Validate PEM Files Contain Expected Data - [Arguments] ${env_file} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${existNotEmpty}= Artifacts Exist And Are Not Empty - ${data} ${isEqual}= Get And Compare Data Pem ${env_file} - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} - Should Be True ${existNotEmpty} PEM artifacts not created properly - Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} - -Run Cert Service Client And Validate Http Response Code And Client Exit Code - [Documentation] Run Cert Service Client Container And Validate Exit Code - [Arguments] ${env_file} ${expected_api_response_code} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${can_find_API_response}= Can Find Api Response In Logs ${CLIENT_CONTAINER_NAME} - ${api_response_code}= Get Api Response From Logs ${CLIENT_CONTAINER_NAME} - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} negative_path - Should Be True ${can_find_API_response} Cannot Find API response in logs - Should Be Equal As Strings ${api_response_code} ${expected_api_response_code} API return ${api_response_code} but expected: ${expected_api_response_code} - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} - -Run Cert Service Client And Validate Client Exit Code - [Documentation] Run Cert Service Client Container And Validate Exit Code - [Arguments] ${env_file} ${expected_exit_code} - ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} negative_path - Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} - diff --git a/tests/aaf/certservice/resources/cert-service-properties.robot b/tests/aaf/certservice/resources/cert-service-properties.robot deleted file mode 100644 index 54ddec11..00000000 --- a/tests/aaf/certservice/resources/cert-service-properties.robot +++ /dev/null @@ -1,31 +0,0 @@ -*** Variables *** - -${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service -${CERT_SERVICE_PORT} 8443 -${AAFCERT_URL} https://localhost:${cert_service_port} -${CLIENT_CA_NAME} Client -${RA_CA_NAME} RA -${CERT_SERVICE_ENDPOINT} /v1/certificate/ -${ROOTCA} %{WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt -${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt -${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key -${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.csr -${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.pk -${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.csr -${VALID_RA_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.pk -${INVALID_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.csr -${INVALID_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.key - - -${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT} -${VALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env -${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_jks.env -${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_p12.env -${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_pem.env -${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker_output_type.env -${INVALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env -${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest -${CLIENT_CONTAINER_NAME} %{ClientContainerName} -${CERT_SERVICE_NETWORK} certservice_certservice -${MOUNT_PATH} %{WORKSPACE}/tests/aaf/certservice/tmp -${TRUSTSTORE_PATH} %{WORKSPACE}/plans/aaf/certservice/certs diff --git a/tests/oom-platform-cert-service/certservice/assets/invalid.csr b/tests/oom-platform-cert-service/certservice/assets/invalid.csr new file mode 100644 index 00000000..7284ab4d --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/invalid.csr @@ -0,0 +1 @@ +aaaa \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/invalid.key b/tests/oom-platform-cert-service/certservice/assets/invalid.key new file mode 100644 index 00000000..6484fb6f --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/invalid.key @@ -0,0 +1 @@ +bbbb \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env b/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env new file mode 100644 index 00000000..4f19a9e7 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env @@ -0,0 +1,16 @@ +#Client envs +REQUEST_TIMEOUT=5000 +OUTPUT_PATH=/var/certs +CA_NAME=Invalid +KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env b/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env new file mode 100644 index 00000000..4cdcd9ed --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env @@ -0,0 +1,17 @@ +#Client envs +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=INV +KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_client.csr b/tests/oom-platform-cert-service/certservice/assets/valid_client.csr new file mode 100644 index 00000000..59e5c6af --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_client.csr @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREVqQ0NBZm9DQVFBd2daZ3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhEQTFUWVc0dFJuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0RCQk1hVzUxZUMxR2IzVnVaR0YwCmFXOXVNUTB3Q3dZRFZRUUxEQVJQVGtGUU1SQXdEZ1lEVlFRRERBZE9iMlJsTVRJek1TQXdIZ1lKS29aSWh2Y04KQVFrQkZoRkRiMjF0YjI1T1lXMWxRR051TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQwpBUW9DZ2dFQkFOa0dmdXNKN25CQkt3dG5DdEdpa2pwSzFvcE1HUlhQWXVzbG05eG9VS0xiTk8zeG9Mb3dDOVF0ClBuV2lDVUQrNVUrK1pmQXhpaGdxN29TYWh6dWdrTitwSm5DeG1mNFZTM2g4amk3YTU0QUJ4UmVJN2plQ3Z6RHMKNDkvVU5DNzMyN3NmaGI2NWJ1cnVMQkhibHNkQUFidkExa1NaeG52VWNvNElJczRiY0JRQlVDSFRoWVVDWXJrbwppSGR2N3cyMGkvWm5ha0ltMGNncEtaMzlUUU1qeVl2Q2tkNE1aRTJ1TGE4NkdEUVNuZ2lvb0tCenArclpvWFovCkI3cEc1SGhKd3FTZVRVRktnM2d0MUJxMnhvZzYydjJTbzVjMnZyVG0zSDdjNFJMbzlsaC9jMUxJd1BRUVlTYWUKMlRORGJlUnZmUlFzczFtUTVZa1VXdE5DeWJaTXplTUNBd0VBQWFBME1ESUdDU3FHU0liM0RRRUpEakVsTUNNdwpJUVlEVlIwUkJCb3dHSUlIVG05a1pURXlNNElOZEdWemRDNXZibUZ3TG05eVp6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBcnBIc0ZaLzBpaDdQa0JEeW1DR0FkcnRxU0VVOVdyK1l4SHE5cjlhaFpLbXQrQ1lSMlpCN1pSUGwKT0JYQWlKQVAyeTlxeWtZUnNqUUJvMncycE9GSEJRdWV1VjgzU0tsaWtlVm9na1kxUUhzTEtyVU1heitxZWRrYQpKYkVVMnNqRU9YcVpHMmhYbS9jaGQwMFEwQU8rODlLOU4yYndTSGx2V2prSEdtYTBHeTl4ZUNNVXBTcUNCekJ1CkdoL2JVdFdzcUd1YWtSYW9VSS9OalFoRFpZTThjTVBnaWlLbGNIT3A5QzNBOFJ4VmtNZkxOaUxpczRzbGM2b0YKRU9KcjFwVkNBWURzQ3BPSWdHaE51L2VUSkpXay9ZSi9IWmw2L3RKcEZOcGtIdWc3dG9HUUlLNVp3WHpDVGIxUgo3WUoraG9ydzF0R1lIRFFFYXQ0NVlLOEdwRFJUeVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0= \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_client.pk b/tests/oom-platform-cert-service/certservice/assets/valid_client.pk new file mode 100644 index 00000000..c84908ff --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_client.pk @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFpCbjdyQ2U1d1FTc0wKWndyUm9wSTZTdGFLVEJrVnoyTHJKWnZjYUZDaTJ6VHQ4YUM2TUF2VUxUNTFvZ2xBL3VWUHZtWHdNWW9ZS3U2RQptb2M3b0pEZnFTWndzWm4rRlV0NGZJNHUydWVBQWNVWGlPNDNncjh3N09QZjFEUXU5OXU3SDRXK3VXN3E3aXdSCjI1YkhRQUc3d05aRW1jWjcxSEtPQ0NMT0czQVVBVkFoMDRXRkFtSzVLSWgzYis4TnRJdjJaMnBDSnRISUtTbWQKL1UwREk4bUx3cEhlREdSTnJpMnZPaGcwRXA0SXFLQ2djNmZxMmFGMmZ3ZTZSdVI0U2NLa25rMUJTb040TGRRYQp0c2FJT3RyOWtxT1hOcjYwNXR4KzNPRVM2UFpZZjNOU3lNRDBFR0VtbnRrelEyM2tiMzBVTExOWmtPV0pGRnJUClFzbTJUTTNqQWdNQkFBRUNnZ0VBRm53cnppSTdSL29ZZ1pmdGNRYk02Nmt4VFNiUk9vZEFFbWpWR3lMYnArUGEKT2dUY3lDMk9MQzk3MXlnd21VRlBkTkdmTWlHUDB5MHZoU0dWZlVJSGdJUy83TkVaeVU5ZmdGNDNSUGQ5SUxBTwpRWC80WGx2M2Z4UXNEOWFtaVc4NG5zeUhTTmxoZW9tdW16TUxEaDI5a0R4TWR0TVAwMmlSYmRHOStXaXlWZ0FUCitpRlViRDRmRUtlQWl4eDRNUmswMmVzU001dERSVmRicHlHQzR4bzNSMGtPdU5MY21jWUlReE1HVFN5ZS85cEUKV21OcmkyNitZTUJNU1k1aUxrb055WlQ4U0tnaFV1R2JwRXpZUUM5dnpyQXpzS2RoNi8xVDJlSVA5eW9WU2dFZAprSjBoN0ZOY1pRa2pxY3YzR2oxMXRzTEw4aVJyWFBMclFncU02OW1uc1FLQmdRRHZlZVdBTkJpcFJGTzk3L0tNCk9WK2RIbTg1TXdLbXQ2bFZrakx5cDlDYUI1YTZUbzVVZnVmN215aWlDQ0tjcEtEcGdLZVhVTnlLM0hvMTJyTDYKZ09GVzVBOUpjT0hEWjUyeXRnNUZLNE91Zm9vTXUvbk5FTFcwS0lJUHo3Ni9FcGZ0M2orWmlORVVvV3BRNFN1WQphYmFwT0lVdWRaaXZwa1BicW5uUGpXa0szUUtCZ1FEb0FBZHBVYmpRREhNRlpiN2RKeExoVGNGSzBuWGZ5WmhNCkpkWXczR0J4U2N1TXNCVkZQdlAzRWVpS1RCbkY5Q2dodU9DNmRQUXltSStHbitraHFsWExBSit2T1NHUms3dUwKUStvQzhjMlJ3cXZtK3NyVm5VaDJ0bi9ZMVA4Uk1MTklLVUZaSVpxREJmQnFXWDh1SmQ3Q0Rkclg0RUxPQUhBZgpEcUJ5eXVuUHZ3S0JnUURKaG13U3drU0tsVHhmbDRBbWJ0VytrL0VIVXAwRmpZTkx4cGRuU3IrcUQzN1JVL0JFCnZQTWQ4a2wwYWFJdTdmK1g0TE9vQzkwOFlpUGFGQ3dQME10UTR1VFdhYzhqTUp3dDJ6VVJFbmhqTEl1aUFjSksKeHFnU2J4QmNtL2VxTmN4eTJWZnVMWXU5YjhUWFFWWDlrZUNzY1NycW1QMmZ1eXhadkJGOEQwVjVaUUtCZ1FDYwo1eUFjRDRRQldOb1ZoV2xmSWtUM2tXR3ZtOFRTbEFIblJoT2xPZllUeUVmY24xM1RWaThqSXI1MWdlQlFhNzhVCmgzZWRRdW5BcWtNdlZra1NWcVB0UmorNC90ZUFJRHpQaEIvbzIrWWV0VjBUT3Z3aEdsMWV4RENVMGdDcmZKZFQKcjJzZHY4ZEM0NnBrRXFFYjhjckV6Ui83cmhVZ1ExV1ErNUJ4OGwvTSt3S0JnQkJGMFJDVzZUaUJpQUkxY0NvTgo0NW1DbThuNnNrVS8vZ1kvb0ZueitUbExiZWN0U0lJcEgrbm1MWHFWamV4L1NPOGVNOE1Iekp5ZWRlWUxHck1LCnQwQ2t5a0h5cTQrOW5oSlB0aWQ2bzQra2o2MTRQQUVtYktKZytxYW90ckZmdWpDM3hEb00wQkdXYlcwRmR2WkwKR09tWXEwbnZ1TzY1UjJtWUlpREtiNm9GCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env new file mode 100644 index 00000000..6fad6d21 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env @@ -0,0 +1,16 @@ +#Client envs +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env new file mode 100644 index 00000000..0e2d8367 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env @@ -0,0 +1,17 @@ +#Client envs +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=JKS +KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env new file mode 100644 index 00000000..c3ed729f --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env @@ -0,0 +1,17 @@ +#Client envs +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=P12 +KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env new file mode 100644 index 00000000..aca2a54b --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env @@ -0,0 +1,17 @@ +#Client envs +REQUEST_TIMEOUT=30000 +OUTPUT_PATH=/var/certs +CA_NAME=RA +OUTPUT_TYPE=PEM +KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks +KEYSTORE_PASSWORD=secret +TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks +TRUSTSTORE_PASSWORD=secret +#Csr config envs +COMMON_NAME=onap.org +ORGANIZATION=Linux-Foundation +ORGANIZATION_UNIT=ONAP +LOCATION=San-Francisco +STATE=California +COUNTRY=US +SANS=example.com:sample.com diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr b/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr new file mode 100644 index 00000000..5decd8ee --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRERqQ0NBZllDQVFBd2daWXhDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhEQTFUWVc0dFJuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0RCQk1hVzUxZUMxR2IzVnVaR0YwCmFXOXVNUTB3Q3dZRFZRUUxEQVJQVGtGUU1RNHdEQVlEVlFRRERBVkRiREV5TXpFZ01CNEdDU3FHU0liM0RRRUoKQVJZUlEyOXRiVzl1VG1GdFpVQmpiaTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFSwpBb0lCQVFDL2VCWEprWi80UFdQV2F4Qy9veW9ybmNjdzNiVlM2QmRJbzJUaGh0SzU4OG9wczg4RG8zZkN3Tkk0Cm1aV0xhYUEzbi9lVzJ6SG1TVENzeE4yd1BCREJhWWNwNmxCN1B5bmJDd1ZmcU55ZWhNNWFXQjY4TXFWKzVEcTQKc1BhT0haandNYnlSMTA3dHh3dGtub3lZeHh3SzVCY21vUkNkTjhxYndpY2Q0ajd4bDVDeVBiV1hyYUc0bFY3SgpRU1hlYmRJVUkvaVVNY3dKVThFdEgxZnNUS01CVTNMTE5pSlJsMzBJSGZQSEhZVndWVGhOUC82cFo5WktOeHR5Cm5oK2ZJaUZpNm9mU2h1dXRFZ25xRXdxS2UyenRUV20xYTNGNVlIUk5Pb1FMODA0OXhhQWNhanVTaEZnejZOZzYKOWRha1hhdkd5ejlrOUJHMDh3TU9BejFNQlBoL0FnTUJBQUdnTWpBd0Jna3Foa2lHOXcwQkNRNHhJekFoTUI4RwpBMVVkRVFRWU1CYUNCVU5zTVRJemdnMTBaWE4wTG05dVlYQXViM0puTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCCkFRQ1kwaUxKQWpWS3FSc0dBdTJOVzBHaGdPbTAvdkF0RmNNTWJOTTRBUGFNS2hiWTd6SGdob2U5VHMxTlBaUXkKSnZFRHJzOFhsSWIxeFN4NXJ1dktlY0JzamVLbEIzaU13V0dDeGViQ0lCMEsvbTV0YWI4cGtYQU0wVmJ3QTVIOAprWGRJS0xwK2grTVRLRnBNczY0OHk3eFRtcGFmb05CWld2d1ArODRsR295RDROZWJiRTN1anY1R21Id1JuK0xQCkRRNmJjSWxoWGNSN0JEMnZYNFdqdmY1YmVwL00yeVd4SkJPaTRzYjQ1NWdtTVpvYUJGSjF2OWpybUd6aDk2THEKck9NTEhCK1VOS0o1Tm1aQXZZVkNaNFVvVFpXZ3VQZVlMaXR6U2F0L0l3RGdJb3NSYXQrUGdJSkJWbXgzY212LwpJU0tncmRxckpKVFlmWGZrRnE5RG5vWHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0t \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk b/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk new file mode 100644 index 00000000..b1ad633a --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQy9lQlhKa1ovNFBXUFcKYXhDL295b3JuY2N3M2JWUzZCZElvMlRoaHRLNTg4b3BzODhEbzNmQ3dOSTRtWldMYWFBM24vZVcyekhtU1RDcwp4TjJ3UEJEQmFZY3A2bEI3UHluYkN3VmZxTnllaE01YVdCNjhNcVYrNURxNHNQYU9IWmp3TWJ5UjEwN3R4d3RrCm5veVl4eHdLNUJjbW9SQ2ROOHFid2ljZDRqN3hsNUN5UGJXWHJhRzRsVjdKUVNYZWJkSVVJL2lVTWN3SlU4RXQKSDFmc1RLTUJVM0xMTmlKUmwzMElIZlBISFlWd1ZUaE5QLzZwWjlaS054dHluaCtmSWlGaTZvZlNodXV0RWducQpFd3FLZTJ6dFRXbTFhM0Y1WUhSTk9vUUw4MDQ5eGFBY2FqdVNoRmd6Nk5nNjlkYWtYYXZHeXo5azlCRzA4d01PCkF6MU1CUGgvQWdNQkFBRUNnZ0VCQUxOUFE2QXN0OUpqczU3M1Q0MFl3Z0pzMVVGbk1FdC9QV2J5VmlSNi9kZlYKZnN0Rk1DYXBMUnYvTmlCNWZMbzk1aVNScyszY1EwUDE0UmE3bXgxVGN5R2VzVTFJdWF4aVA5RjU1Y05yUVlsVwp1R1dWUnR0YTF2QVp6d0J1QWNpZjRUMTRacTl5SXVHOVdXY1dzSGJYYU9TdUxSd3BGSVVYM2ErMnlLbE0yME9sCjI2T0o2MDk2RjBtZWIvR1RMUTdLVms4MnBiOW5xSHE4OUtTY1VVZjA0b3FtV2kxdkRHMDVUUkNncHdGc1dtUHYKYVQyamNkN2x1TTdSWFFZN3Y3Ylp0Qjk1MzdMVDBHZHMyWnRSazBDK0JZVWxlYVR4VXNCcTJvM3FvRWN2T3NINQp3SUVEMElZc3h0anFuaSttaGRwVzdrSHViWFpoeVRKczYxQnBoTHkxZHFrQ2dZRUE5Vzc4bm0vZ0wxNmdCK3BJClJucTRvMVowR21xYlJpQXlCWm1QN25WK0RJRzBvZkdSSlR4bFBHT3JDd3QySUFjSVpxT3d0ZDVXdjd1KzdpdHAKVjdXNG1WQlh1NDZabTIzZ2RSMkpwNUpRWnRCaElxa3B3ZVBTN1doYjZ2YjFGT0tiWXFLZXoyYWdNSzFnZHZxawpLcmVYMmd4bXhjTmN4cDFoM1hHYWlhNDdTU3NDZ1lFQXg3WldFREpMbC9lbnp5UE1jOEF4QWszZFhLaVhhNXhBCnRzSzM5YUMrQ1BOaGV4YnBtNHlmc0JzL0hrdzJzdEk1Y3FEVnlrZGU2L05yM21Femg2RDJoK05tQmxwZ3RyaU8KK3R4RDJqRzRMME9mVEFXeEFsTzBwY2syNm1UUkt4VHlhWlBhcklidW42dXFlVThVNmQyeDkzS2ZQV1N0LzQ2ZQpFTnF6V2M3U2UvMENnWUIwd0w5YmYwemVPOTFVNXBaTE1NWDByWU85clVrQUt3Q2d1VlJHMDQySzFZamdJTkl6CkxHL2NNbTJEYTRoZDQvcVRHUHRQQ04ycmg5eGo0RExVanBXcUdSWWpHc3JuclhWQlFUUGlpeS9FT1F4OE9JeXMKdDN2M2c5VjJDTlM5Z3E3NFZQUEhKY0srWlR1bVhjVUtyUnVIbHE2dEZTcGxNU2tFOXEzVklSVUMwUUtCZ1FDNQpHQ0VEdWRtZDZ3WTRVUEY0aGpQbDhzeXF5QVl1MGc2WVZEZXpDMXVWYUJ4OHZHdWVvdUtOa1hNYVhZQ0VrNXB5Cnh1WGVKKyt0dDFuT0xVQlkvN0g5bDZCRFd4Z3Z3VFdqQXVwUUc2eWRBWXR1SmdnOEkrQlZsdnV5bWVYU2pBTncKSG55WlVpVnZEdWRjcnhLdS9hMm5yVEF3OGxMaGZBaTdqamFUa2NBNjhRS0JnRmRMREQycVc4RStHb3FhU1hFYgphT0w0ZHhNY1MyQnc0Ni92T1ZDREw4WGExbis4WVA0MHdDbXg2eEc4ZDdFUjdUTjFSUWovNElKRjByajl4bFhiCnFJejVkSGNBM3JKTVpKTHc4MmJURDR0S1VZNVZtOFVGQnE4NHhzaG4yblJqdTZkaTMrTkk1ajFMMVExcjBiU28KVnZCZE1zS0F1RXdiRS85aDlsbjFCRkNsCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= \ No newline at end of file diff --git a/tests/oom-platform-cert-service/certservice/cert-service-test.robot b/tests/oom-platform-cert-service/certservice/cert-service-test.robot new file mode 100644 index 00000000..58e8a7e3 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/cert-service-test.robot @@ -0,0 +1,90 @@ +*** Settings *** + +Documentation OOM Cert Service API test case scenarios +Library RequestsLibrary +Resource ./resources/cert-service-keywords.robot + +Suite Setup Create sessions + +*** Test Cases *** + +Health Check + [Tags] OOM-CERT-SERVICE + [Documentation] Service is up and running + Run health check + +Reload Configuration + [Tags] OOM-CERT-SERVICE + [Documentation] Configuration was changed + Send Get Request And Validate Response /reload 200 + +Check if application is ready + [Tags] OOM-CERT-SERVICE + [Documentation] Send request to /ready endpoint and expect 200 + Send Get Request And Validate Response /ready 200 + +Generate Certificate In RA Mode For CA Name + [Tags] OOM-CERT-SERVICE + [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200 + Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_CSR_FILE} ${VALID_RA_PK_FILE} + +Report Not Found Error When Path To Service Is Not Valid + [Tags] OOM-CERT-SERVICE + [Documentation] Send request to ${CERT_SERVICE_ENDPOINT} endpoint and expect 404 + Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT} ${VALID_CLIENT_CSR_FILE} ${VALID_CLIENT_PK_FILE} 404 + +Report Bad Request Error When Header Is Missing In Request + [Tags] OOM-CERT-SERVICE + [Documentation] Send request without header to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 + Send Get Request And Validate Response ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} 400 + +Report Bad Request Error When CSR Is Not Valid + [Tags] OOM-CERT-SERVICE + [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 + Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${INVALID_CSR_FILE} ${VALID_CLIENT_PK_FILE} 400 + +Report Bad Request Error When PK Is Not Valid + [Tags] OOM-CERT-SERVICE + [Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400 + Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400 + +Cert Service Client successfully creates keystore.p12 and truststore.p12 + [Tags] OOM-CERT-SERVICE + [Documentation] Run with correct env and expected exit code 0 + Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0 + +Cert Service Client successfully creates keystore.jks and truststore.jks + [Tags] OOM-CERT-SERVICE + [Documentation] Run with correct env and expected exit code 0 + Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0 + +Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE + [Tags] OOM-CERT-SERVICE + [Documentation] Run with correct env and PKCS12 files created with correct data + Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0 + +Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS + [Tags] OOM-CERT-SERVICE + [Documentation] Run with correct env and JKS files created with correct data + Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0 + +Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12 + [Tags] OOM-CERT-SERVICE + [Documentation] Run with correct env and PKCS12 files created with correct data + Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0 + +Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM + [Tags] OOM-CERT-SERVICE + [Documentation] Run with correct env and PEM files created with correct data + Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0 + +Cert Service Client reports error when OUTPUT_TYPE is invalid + [Tags] OOM-CERT-SERVICE + [Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1 + Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1 + +Run Cert Service Client Container And Validate Exit Code And API Response + [Tags] OOM-CERT-SERVICE + [Documentation] Run with invalid CaName env and expected exit code 5 + Run Cert Service Client And Validate Http Response Code And Client Exit Code ${INVALID_ENV_FILE} 404 5 + diff --git a/tests/oom-platform-cert-service/certservice/libraries/ArtifactParser.py b/tests/oom-platform-cert-service/certservice/libraries/ArtifactParser.py new file mode 100644 index 00000000..54e8d0ff --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/ArtifactParser.py @@ -0,0 +1,40 @@ +from cryptography.x509.oid import ExtensionOID +from cryptography import x509 + +class ArtifactParser: + + def __init__(self, mount_path, ext): + self.keystorePassPath = mount_path + '/keystore.pass' + self.keystorePath = mount_path + '/keystore.' + ext + self.truststorePassPath = mount_path + '/truststore.pass' + self.truststorePath = mount_path + '/truststore.' + ext + + def contains_expected_data(self, data): + expectedData = data.expectedData + actualData = data.actualData + return cmp(expectedData, actualData) == 0 + + def get_owner_data_from_certificate(self, certificate): + list = certificate.get_subject().get_components() + return dict((k, v) for k, v in list) + + def get_sans(self, cert): + extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) + dnsList = extension.value.get_values_for_type(x509.DNSName) + return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList)) + + def get_envs_as_dict(self, list): + envs = self.get_list_of_pairs_by_mappings(list) + return self.remove_nones_from_dict(envs) + + def remove_nones_from_dict(self, dictionary): + return dict((k, v) for k, v in dictionary.iteritems() if k is not None) + + def get_list_of_pairs_by_mappings(self, list): + mappings = self.get_mappings() + listOfEnvs = map(lambda k: k.split('='), list) + return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs) + + def get_mappings(self): + return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'} + diff --git a/tests/oom-platform-cert-service/certservice/libraries/CertClientManager.py b/tests/oom-platform-cert-service/certservice/libraries/CertClientManager.py new file mode 100644 index 00000000..46d69bb8 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/CertClientManager.py @@ -0,0 +1,72 @@ +import docker +import os +import shutil +import re +from EnvsReader import EnvsReader +from docker.types import Mount + +ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/" + +ERROR_API_REGEX = 'Error on API response.*[0-9]{3}' +RESPONSE_CODE_REGEX = '[0-9]{3}' + + +class CertClientManager: + + def __init__(self, mount_path, truststore_path): + self.mount_path = mount_path + self.truststore_path = truststore_path + + def run_client_container(self, client_image, container_name, path_to_env, request_url, network): + self.create_mount_dir() + client = docker.from_env() + environment = EnvsReader().read_env_list_from_file(path_to_env) + environment.append("REQUEST_URL=" + request_url) + container = client.containers.run( + image=client_image, + name=container_name, + environment=environment, + network=network, + user='root', # Run container as root to avoid permission issues with volume mount access + mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'), + Mount(target='/etc/onap/oom-platform-cert-service/certservice/certs/', source=self.truststore_path, type='bind')], + detach=True + ) + exitcode = container.wait() + return exitcode + + def remove_client_container_and_save_logs(self, container_name, log_file_name): + client = docker.from_env() + container = client.containers.get(container_name) + text_file = open(ARCHIVES_PATH + "client_container_" + log_file_name + ".log", "w") + text_file.write(container.logs()) + text_file.close() + container.remove() + self.remove_mount_dir() + + def create_mount_dir(self): + if not os.path.exists(self.mount_path): + os.makedirs(self.mount_path) + + def remove_mount_dir(self): + shutil.rmtree(self.mount_path) + + def can_find_api_response_in_logs(self, container_name): + logs = self.get_container_logs(container_name) + api_logs = re.findall(ERROR_API_REGEX, logs) + if api_logs: + return True + else: + return False + + def get_api_response_from_logs(self, container_name): + logs = self.get_container_logs(container_name) + error_api_message = re.findall(ERROR_API_REGEX, logs) + code = re.findall(RESPONSE_CODE_REGEX, error_api_message[0]) + return code[0] + + def get_container_logs(self, container_name): + client = docker.from_env() + container = client.containers.get(container_name) + logs = container.logs() + return logs diff --git a/tests/oom-platform-cert-service/certservice/libraries/EnvsReader.py b/tests/oom-platform-cert-service/certservice/libraries/EnvsReader.py new file mode 100644 index 00000000..cc60eed6 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/EnvsReader.py @@ -0,0 +1,11 @@ + +class EnvsReader: + + def read_env_list_from_file(self, path): + f = open(path, "r") + r_list = [] + for line in f: + line = line.strip() + if line[0] != "#": + r_list.append(line) + return r_list diff --git a/tests/oom-platform-cert-service/certservice/libraries/JksArtifactsValidator.py b/tests/oom-platform-cert-service/certservice/libraries/JksArtifactsValidator.py new file mode 100644 index 00000000..e2fdde91 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/JksArtifactsValidator.py @@ -0,0 +1,45 @@ +import jks +from OpenSSL import crypto +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +from EnvsReader import EnvsReader +from ArtifactParser import ArtifactParser + +class JksArtifactsValidator: + + def __init__(self, mount_path): + self.parser = ArtifactParser(mount_path, "jks") + + def get_and_compare_data_jks(self, path_to_env): + data = self.get_data_jks(path_to_env) + return data, self.parser.contains_expected_data(data) + + def get_keystore(self): + keystore = jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read()) + return keystore.private_keys['certificate'].cert_chain[0][1] + + def get_truststore(self): + truststore = jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read()) + return truststore.certs + + def can_open_keystore_and_truststore_with_pass_jks(self): + try: + jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read()) + jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read()) + return True + except: + return False + + def get_data_jks(self, path_to_env): + envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) + certificate = self.get_keystore_certificate() + data = self.parser.get_owner_data_from_certificate(certificate) + data['SANS'] = self.parser.get_sans(certificate) + return type('', (object,), {"expectedData": envs, "actualData": data}) + + def get_keystore_certificate(self): + return crypto.X509.from_cryptography(self.load_x509_certificate(self.get_keystore())) + + def load_x509_certificate(self, data): + cert = x509.load_der_x509_certificate(data, default_backend()) + return cert diff --git a/tests/oom-platform-cert-service/certservice/libraries/P12ArtifactsValidator.py b/tests/oom-platform-cert-service/certservice/libraries/P12ArtifactsValidator.py new file mode 100644 index 00000000..b0701718 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/P12ArtifactsValidator.py @@ -0,0 +1,37 @@ +from OpenSSL import crypto +from EnvsReader import EnvsReader +from ArtifactParser import ArtifactParser + +class P12ArtifactsValidator: + + def __init__(self, mount_path): + self.parser = ArtifactParser(mount_path, "p12") + + def get_and_compare_data_p12(self, path_to_env): + data = self.get_data(path_to_env) + return data, self.parser.contains_expected_data(data) + + def can_open_keystore_and_truststore_with_pass(self): + can_open_keystore = self.can_open_store_file_with_pass_file(self.parser.keystorePassPath, self.parser.keystorePath) + can_open_truststore = self.can_open_store_file_with_pass_file(self.parser.truststorePassPath, self.parser.truststorePath) + + return can_open_keystore & can_open_truststore + + def can_open_store_file_with_pass_file(self, pass_file_path, store_file_path): + try: + self.get_certificate(pass_file_path, store_file_path) + return True + except: + return False + + def get_data(self, path_to_env): + envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) + certificate = self.get_certificate(self.parser.keystorePassPath, self.parser.keystorePath) + data = self.parser.get_owner_data_from_certificate(certificate) + data['SANS'] = self.parser.get_sans(certificate) + return type('', (object,), {"expectedData": envs, "actualData": data}) + + def get_certificate(self, pass_file_path, store_file_path): + password = open(pass_file_path, 'rb').read() + crypto.load_pkcs12(open(store_file_path, 'rb').read(), password) + return crypto.load_pkcs12(open(store_file_path, 'rb').read(), password).get_certificate() diff --git a/tests/oom-platform-cert-service/certservice/libraries/PemArtifactsValidator.py b/tests/oom-platform-cert-service/certservice/libraries/PemArtifactsValidator.py new file mode 100644 index 00000000..46e0357e --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/libraries/PemArtifactsValidator.py @@ -0,0 +1,39 @@ +import os +from OpenSSL import crypto +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +from EnvsReader import EnvsReader +from ArtifactParser import ArtifactParser + +class PemArtifactsValidator: + + def __init__(self, mount_path): + self.parser = ArtifactParser(mount_path, "pem") + self.key = mount_path + '/key.pem' + + def get_and_compare_data_pem(self, path_to_env): + data = self.get_data_pem(path_to_env) + return data, self.parser.contains_expected_data(data) + + def artifacts_exist_and_are_not_empty(self): + keystoreExists = self.file_exists_and_is_not_empty(self.parser.keystorePath) + truststoreExists = self.file_exists_and_is_not_empty(self.parser.truststorePath) + keyExists = self.file_exists_and_is_not_empty(self.key) + return keystoreExists and truststoreExists and keyExists + + def file_exists_and_is_not_empty(self, pathToFile): + return os.path.isfile(pathToFile) and os.path.getsize(pathToFile) > 0 + + def get_data_pem(self, path_to_env): + envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env)) + certificate = self.get_keystore_certificate() + data = self.parser.get_owner_data_from_certificate(certificate) + data['SANS'] = self.parser.get_sans(certificate) + return type('', (object,), {"expectedData": envs, "actualData": data}) + + def get_keystore_certificate(self): + return crypto.X509.from_cryptography(self.load_x509_certificate()) + + def load_x509_certificate(self): + cert = x509.load_pem_x509_certificate(open(self.parser.keystorePath, 'rb').read(), default_backend()) + return cert diff --git a/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot b/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot new file mode 100644 index 00000000..fea210b5 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/resources/cert-service-keywords.robot @@ -0,0 +1,154 @@ +*** Settings *** + +Resource ../../../common.robot +Resource ./cert-service-properties.robot +Library RequestsLibrary +Library HttpLibrary.HTTP +Library Collections +Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH} +Library ../libraries/P12ArtifactsValidator.py ${MOUNT_PATH} +Library ../libraries/JksArtifactsValidator.py ${MOUNT_PATH} +Library ../libraries/PemArtifactsValidator.py ${MOUNT_PATH} + +*** Keywords *** + +Create sessions + [Documentation] Create all required sessions + ${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY} + Create Client Cert Session alias ${OOMCERT_URL} client_certs=${certs} verify=${ROOTCA} + Set Suite Variable ${https_valid_cert_session} alias + +Run Healthcheck + [Documentation] Run Healthcheck + ${resp}= Get Request ${https_valid_cert_session} /actuator/health + Should Be Equal As Strings ${resp.status_code} 200 + Validate Recieved Response ${resp} status UP + +Validate Recieved Response + [Documentation] Validare message that has been received + [Arguments] ${resp} ${key} ${expected_value} + ${json}= Parse Json ${resp.content} + ${value}= Get From Dictionary ${json} ${key} + Should Be Equal As Strings ${value} ${expected_value} + +Send Get Request And Validate Response + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${resp_code} + ${resp}= Get Request ${https_valid_cert_session} ${path} + Should Be Equal As Strings ${resp.status_code} ${resp_code} + +Send Get Request with Header + [Documentation] Send request to passed url + [Arguments] ${path} ${csr_file} ${pk_file} + [Return] ${resp} + ${headers}= Create Header with CSR and PK ${csr_file} ${pk_file} + ${resp}= Get Request ${https_valid_cert_session} ${path} headers=${headers} + +Send Get Request with Header And Expect Success + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${csr_file} ${pk_file} + ${resp}= Send Get Request with Header ${path} ${csr_file} ${pk_file} + Should Be Equal As Strings ${resp.status_code} 200 + Check Message Recieved On Success ${resp.content} + +Check Message Recieved On Success + [Documentation] Check if correct messsage has been sent on successful request + [Arguments] ${content} + ${resp_content}= Parse Json ${content} + Dictionary Should Contain Key ${resp_content} certificateChain + @{list}= Get From Dictionary ${resp_content} certificateChain + List Should Contain Certificates @{list} + Dictionary Should Contain Key ${resp_content} trustedCertificates + +List Should Contain Certificates + [Documentation] Verify if list contains certificates + [Arguments] @{list} + :FOR ${content} IN @{list} + \ Should Contain ${content} BEGIN CERTIFICATE + \ Should Contain ${content} END CERTIFICATE + +Send Get Request with Header And Expect Error + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${csr_file} ${pk_file} ${resp_code} + ${resp}= Send Get Request with Header ${path} ${csr_file} ${pk_file} + Should Be Equal As Strings ${resp.status_code} ${resp_code} + +Create Header with CSR and PK + [Documentation] Create header with CSR and PK + [Arguments] ${csr_file} ${pk_file} + [Return] ${headers} + ${csr}= Get Data From File ${csr_file} + ${pk}= Get Data From File ${pk_file} + ${headers}= Create Dictionary CSR=${csr} PK=${pk} + +Send Post Request And Validate Response + [Documentation] Send request to passed url and validate received response + [Arguments] ${path} ${resp_code} + ${resp}= Post Request ${https_valid_cert_session} ${path} + Should Be Equal As Strings ${resp.status_code} ${resp_code} + +Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code + [Documentation] Run Cert Service Client Container And Validate Exit Code + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${can_open}= Can Open Keystore And Truststore With Pass + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase + +Run Cert Service Client And Validate JKS File Creation And Client Exit Code + [Documentation] Run Cert Service Client Container And Validate Exit Code + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${can_open}= Can Open Keystore And Truststore With Pass Jks + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase + +Run Cert Service Client And Validate PKCS12 Files Contain Expected Data + [Documentation] Run Cert Service Client Container And Validate PKCS12 Files Contain Expected Data + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${data} ${isEqual}= Get And Compare Data P12 ${env_file} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} + +Run Cert Service Client And Validate JKS Files Contain Expected Data + [Documentation] Run Cert Service Client Container And Validate JKS Files Contain Expected Data + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${data} ${isEqual}= Get And Compare Data Jks ${env_file} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} + +Run Cert Service Client And Validate PEM Files Contain Expected Data + [Documentation] Run Cert Service Client Container And Validate PEM Files Contain Expected Data + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${existNotEmpty}= Artifacts Exist And Are Not Empty + ${data} ${isEqual}= Get And Compare Data Pem ${env_file} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code} + Should Be True ${existNotEmpty} PEM artifacts not created properly + Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData} + +Run Cert Service Client And Validate Http Response Code And Client Exit Code + [Documentation] Run Cert Service Client Container And Validate Exit Code + [Arguments] ${env_file} ${expected_api_response_code} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + ${can_find_API_response}= Can Find Api Response In Logs ${CLIENT_CONTAINER_NAME} + ${api_response_code}= Get Api Response From Logs ${CLIENT_CONTAINER_NAME} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} negative_path + Should Be True ${can_find_API_response} Cannot Find API response in logs + Should Be Equal As Strings ${api_response_code} ${expected_api_response_code} API return ${api_response_code} but expected: ${expected_api_response_code} + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} + +Run Cert Service Client And Validate Client Exit Code + [Documentation] Run Cert Service Client Container And Validate Exit Code + [Arguments] ${env_file} ${expected_exit_code} + ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} + Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} negative_path + Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code} + diff --git a/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot b/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot new file mode 100644 index 00000000..ff0500a2 --- /dev/null +++ b/tests/oom-platform-cert-service/certservice/resources/cert-service-properties.robot @@ -0,0 +1,31 @@ +*** Variables *** + +${CERT_SERVICE_CONTAINER_NAME} oom-cert-service +${CERT_SERVICE_PORT} 8443 +${OOMCERT_URL} https://localhost:${cert_service_port} +${CLIENT_CA_NAME} Client +${RA_CA_NAME} RA +${CERT_SERVICE_ENDPOINT} /v1/certificate/ +${ROOTCA} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt +${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt +${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key +${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.csr +${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.pk +${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr +${VALID_RA_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk +${INVALID_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.csr +${INVALID_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.key + + +${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT} +${VALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env +${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env +${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env +${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env +${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env +${INVALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env +${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:latest +${CLIENT_CONTAINER_NAME} %{ClientContainerName} +${CERT_SERVICE_NETWORK} certservice_certservice +${MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/tmp +${TRUSTSTORE_PATH} %{WORKSPACE}/plans/oom-platform-cert-service/certservice/certs -- cgit 1.2.3-korg