aboutsummaryrefslogtreecommitdiffstats
path: root/test/mocks/pnfsimulator/netconfsimulator/netconf
diff options
context:
space:
mode:
Diffstat (limited to 'test/mocks/pnfsimulator/netconfsimulator/netconf')
-rwxr-xr-xtest/mocks/pnfsimulator/netconfsimulator/netconf/initialize_netopeer.sh2
-rw-r--r--test/mocks/pnfsimulator/netconfsimulator/netconf/load_server_certs.xml4
-rwxr-xr-xtest/mocks/pnfsimulator/netconfsimulator/netconf/set-up-xmls.py35
-rw-r--r--test/mocks/pnfsimulator/netconfsimulator/netconf/tls_listen.xml3
4 files changed, 29 insertions, 15 deletions
diff --git a/test/mocks/pnfsimulator/netconfsimulator/netconf/initialize_netopeer.sh b/test/mocks/pnfsimulator/netconfsimulator/netconf/initialize_netopeer.sh
index 550a64ff4..3ce53d510 100755
--- a/test/mocks/pnfsimulator/netconfsimulator/netconf/initialize_netopeer.sh
+++ b/test/mocks/pnfsimulator/netconfsimulator/netconf/initialize_netopeer.sh
@@ -34,7 +34,7 @@ cp /tls/* /usr/local/etc/keystored/keys/
cp /netconf/*.xml /tmp/
chmod +x /netconf/set-up-xmls.py
-/netconf/set-up-xmls.py /tls ca.crt server_cert.crt server_key.pem /tmp/load_server_certs.xml /tmp/tls_listen.xml
+/netconf/set-up-xmls.py /tls ca.crt server_cert.crt server_key.pem /tmp/load_server_certs.xml /tmp/tls_listen.xml client.crt
/usr/bin/supervisord -c /etc/supervisord.conf &
sysrepoctl --install --yang=/netconf/pnf-simulator.yang --owner=netconf:nogroup --permissions=777
diff --git a/test/mocks/pnfsimulator/netconfsimulator/netconf/load_server_certs.xml b/test/mocks/pnfsimulator/netconfsimulator/netconf/load_server_certs.xml
index 2524e08b0..b52f911c9 100644
--- a/test/mocks/pnfsimulator/netconfsimulator/netconf/load_server_certs.xml
+++ b/test/mocks/pnfsimulator/netconfsimulator/netconf/load_server_certs.xml
@@ -36,5 +36,9 @@
<name>CA_CERT_NAME</name>
<certificate>CA_CERTIFICATE_HERE</certificate>
</trusted-certificate>
+ <trusted-certificate>
+ <name>CLIENT_CERT_NAME</name>
+ <certificate>CLIENT_CERTIFICATE_HERE</certificate>
+ </trusted-certificate>
</trusted-certificates>
</keystore>
diff --git a/test/mocks/pnfsimulator/netconfsimulator/netconf/set-up-xmls.py b/test/mocks/pnfsimulator/netconfsimulator/netconf/set-up-xmls.py
index d46ff91f9..cdc4e4f3d 100755
--- a/test/mocks/pnfsimulator/netconfsimulator/netconf/set-up-xmls.py
+++ b/test/mocks/pnfsimulator/netconfsimulator/netconf/set-up-xmls.py
@@ -35,9 +35,10 @@ SERVER_KEY_NAME = "SERVER_KEY_NAME"
SERVER_CERT_NAME = "SERVER_CERT_NAME"
SERVER_CERTIFICATE_HERE = "SERVER_CERTIFICATE_HERE"
CA_CERT_NAME = "CA_CERT_NAME"
+CLIENT_CERT_NAME = "CLIENT_CERT_NAME"
+CLIENT_CERTIFICATE_HERE="CLIENT_CERTIFICATE_HERE"
CA_CERTIFICATE_HERE = "CA_CERTIFICATE_HERE"
-CA_FINGERPRINT_HERE = "CA_FINGERPRINT_HERE"
-CA_FINGERPRINT_ENV = "CA_FINGERPRINT"
+CLIENT_FINGERPRINT_HERE = "CLIENT_FINGERPRINT_HERE"
SERVER_CERTIFICATE_ENV = "SERVER_CERTIFICATE_ENV"
CA_CERTIFICATE_ENV = "CA_CERTIFICATE_ENV"
@@ -64,7 +65,7 @@ class CertHelper(object):
@classmethod
def get_cert_fingerprint(cls, directory, cert_filename):
cmd = "openssl x509 -fingerprint -noout -in {}/{} | sed -e " \
- "'s/SHA1 Fingerprint//; s/=//; s/=//p'" \
+ "'s/SHA1 Fingerprint//; s/=//; s/=//p'" \
.format(directory, cert_filename)
fingerprint = CertHelper.system(cmd)
return fingerprint
@@ -84,19 +85,21 @@ class App(object):
@classmethod
def patch_server_certs(cls, data, server_key_filename_noext,
server_cert_filename_noext, ca_cert_filename_noext,
- server_cert, ca_cert):
+ server_cert, ca_cert, client_cert_filename_noext, client_cert):
data = data.replace(SERVER_KEY_NAME, server_key_filename_noext)
data = data.replace(SERVER_CERT_NAME, server_cert_filename_noext)
data = data.replace(CA_CERT_NAME, ca_cert_filename_noext)
+ data = data.replace(CLIENT_CERT_NAME, client_cert_filename_noext)
+ data = data.replace(CLIENT_CERTIFICATE_HERE, client_cert)
data = data.replace(SERVER_CERTIFICATE_HERE, server_cert)
data = data.replace(CA_CERTIFICATE_HERE, ca_cert)
return data
@classmethod
- def patch_tls_listen(cls, data, server_cert_filename_noext, ca_fingerprint,
+ def patch_tls_listen(cls, data, server_cert_filename_noext, client_fingerprint,
server_cert, ca_cert):
data = data.replace(SERVER_CERT_NAME, server_cert_filename_noext)
- data = data.replace(CA_FINGERPRINT_HERE, ca_fingerprint)
+ data = data.replace(CLIENT_FINGERPRINT_HERE, client_fingerprint)
data = data.replace(SERVER_CERTIFICATE_HERE, server_cert)
data = data.replace(CA_CERTIFICATE_HERE, ca_cert)
return data
@@ -110,40 +113,46 @@ class App(object):
server_key_filename = sys.argv[4]
load_server_certs_xml_file = sys.argv[5]
tls_listen_xml_file = sys.argv[6]
+ client_cert_filename = sys.argv[7]
+
# strip extensions
ca_cert_filename_noext = ca_cert_filename.replace(".crt", "")
server_cert_filename_noext = server_cert_filename.replace(".crt", "")
server_key_filename_noext = server_key_filename.replace(".pem", "")
+ client_cert_filename_noext = client_cert_filename.replace(".crt", "")
# get certificates from files
server_cert = CertHelper.get_pem_content_stripped(cert_dir,
server_cert_filename)
ca_cert = CertHelper.get_pem_content_stripped(cert_dir,
ca_cert_filename)
- ca_fingerprint = CertHelper.get_cert_fingerprint(cert_dir,
- ca_cert_filename)
- CertHelper.print_certs_info(ca_cert, ca_fingerprint, server_cert)
+ client_fingerprint = CertHelper.get_cert_fingerprint(cert_dir,
+ client_cert_filename)
+ CertHelper.print_certs_info(ca_cert, client_fingerprint, server_cert)
+ client_cert = CertHelper.get_pem_content_stripped(cert_dir,
+ client_cert_filename)
# patch TLS configuration files
data_srv = FileHelper.get_file_contents(load_server_certs_xml_file)
patched_srv = App.patch_server_certs(data_srv, server_key_filename_noext,
server_cert_filename_noext,
ca_cert_filename_noext,
- server_cert, ca_cert)
+ server_cert, ca_cert,
+ client_cert_filename_noext, client_cert)
FileHelper.write_file_contents(load_server_certs_xml_file, patched_srv)
data_tls = FileHelper.get_file_contents(tls_listen_xml_file)
patched_tls = App.patch_tls_listen(data_tls, server_cert_filename_noext,
- ca_fingerprint, server_cert, ca_cert)
+ client_fingerprint, server_cert, ca_cert)
FileHelper.write_file_contents(tls_listen_xml_file, patched_tls)
def main():
- if len(sys.argv) is not 7:
+ if len(sys.argv) is not 8:
print("Usage: {1} <cert_dir> <ca_cert_filename> <server_cert_filename> "
"<server_key_filename> <load_server_certs_xml_full_path> "
- "<tls_listen_full_path>", sys.argv[0])
+ "<tls_listen_full_path> <client_cert_filename>", sys.argv[0])
return 1
App.run()
logger.info("XML files patched successfully")
diff --git a/test/mocks/pnfsimulator/netconfsimulator/netconf/tls_listen.xml b/test/mocks/pnfsimulator/netconfsimulator/netconf/tls_listen.xml
index 4f45b28a2..4f610b580 100644
--- a/test/mocks/pnfsimulator/netconfsimulator/netconf/tls_listen.xml
+++ b/test/mocks/pnfsimulator/netconfsimulator/netconf/tls_listen.xml
@@ -32,11 +32,12 @@
</certificates>
<client-auth>
<trusted-ca-certs>test_trusted_ca_list</trusted-ca-certs>
+ <trusted-client-certs>test_trusted_ca_list</trusted-client-certs>
<cert-maps>
<cert-to-name>
<id>1</id>
<!-- This is not a typo - 0x02 should stay there -->
- <fingerprint>02:CA_FINGERPRINT_HERE</fingerprint>
+ <fingerprint>02:CLIENT_FINGERPRINT_HERE</fingerprint>
<map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type>
<name>test</name>
</cert-to-name>