From e4bd899f657daa88274f1419314f43953a6bc1ef Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Fri, 21 Sep 2018 11:31:59 +0200 Subject: Use PKCS12 key and trust store in HV-VES Collector Usage of keystore and truststore allows us to use JDK security framework instead of openssl JNI bindings which are sometimes problematic. * Replace openssl with keytool when generating the scripts Change-Id: Icaa21cd1db443b1dd8fe7e7c0523123df5ea2545 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk --- .../testcases/libraries/XnfSimulatorLibrary.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'test/csit/tests') diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py index 26d5a91c2..f6a978754 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py @@ -6,7 +6,7 @@ from time import sleep XNF_SIMULATOR_NAME = "xNF Simulator" SIMULATOR_IMAGE_NAME = "onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator" -SIMULATOR_IMAGE_FULL_NAME = os.getenv("DOCKER_REGISTRY") + "/" + SIMULATOR_IMAGE_NAME + ":latest" +SIMULATOR_IMAGE_FULL_NAME = os.getenv("DOCKER_REGISTRY_PREFIX") + SIMULATOR_IMAGE_NAME + ":latest" WORKSPACE_ENV = os.getenv("WORKSPACE") certificates_dir_path = WORKSPACE_ENV + "/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/" collector_certs_lookup_dir = "/etc/ves-hv/" @@ -128,11 +128,11 @@ class XnfSimulator: should_disable_ssl, should_connect_to_unencrypted_hv_ves): self.port = port - cert_name_prefix = "" if should_use_valid_certs else "invalid_" + cert_name_prefix = "" if should_use_valid_certs else "untrusted" certificates_path_with_file_prefix = collector_certs_lookup_dir + cert_name_prefix - self.cert_path = certificates_path_with_file_prefix + "client.crt" - self.key_path = certificates_path_with_file_prefix + "client.key" - self.trust_cert_path = certificates_path_with_file_prefix + "trust.crt" + self.key_store_path = certificates_path_with_file_prefix + "client.p12" + self.trust_store_path = certificates_path_with_file_prefix + "trust.p12" + self.sec_store_passwd = "onaponap" self.disable_ssl = should_disable_ssl self.hv_collector_host = "unencrypted-ves-hv-collector" \ if should_connect_to_unencrypted_hv_ves else "ves-hv-collector" @@ -141,10 +141,12 @@ class XnfSimulator: startup_command = ["--listen-port", self.port, "--ves-host", self.hv_collector_host, "--ves-port", "6061", - "--cert-file", self.cert_path, - "--private-key-file", self.key_path, - "--trust-cert-file", self.trust_cert_path] - if (self.disable_ssl): + "--key-store", self.key_store_path, + "--trust-store", self.trust_store_path, + "--key-store-password", self.sec_store_passwd, + "--trust-store-password", self.sec_store_passwd + ] + if self.disable_ssl: startup_command.append("--ssl-disable") return startup_command -- cgit 1.2.3-korg