Adjust PNF simulator to read passwords to stores from files

Issue-ID: INT-1746
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Change-Id: Ib8a59500c15759bb09bb8b19e4757f1c48625af5

22 files changed, 252 insertions, 51 deletions

diff --git a/pnfsimulator/Dockerfile b/pnfsimulator/Dockerfile
index b029ce9..e53824e 100644
--- a/pnfsimulator/Dockerfile
+++ b/pnfsimulator/Dockerfile
@@ -13,7 +13,5 @@ CMD apk add ca-certificates
 RUN python -m pip install -r /opt/db/config/requirements.txt
 ADD certificates  /usr/local/share/ca-certificates/
 RUN update-ca-certificates
-CMD if [ -f /app/store/p12.pass ]; then export CLIENT_CERT_PASS=$(cat /app/store/p12.pass); fi \
-    && if [ -f /app/store/trust.pass ]; then export TRUST_CERT_PASS=$(cat /app/store/trust.pass); fi \
-    && python /opt/db/config/mongo_db_schema_creation.py \
+CMD python /opt/db/config/mongo_db_schema_creation.py \
     && java -Dspring.config.location=file:/app/application.properties  -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main \
diff --git a/pnfsimulator/README.md b/pnfsimulator/README.md
index 81e59fc..9f7e996 100644
--- a/pnfsimulator/README.md
+++ b/pnfsimulator/README.md
@@ -418,8 +418,8 @@ For this purpose:
 3. Edit /app/application.properties file as follow:
 - ssl.clientCertificateEnabled=true (to disable/enable client authentication)
 - ssl.strictHostnameVerification=true (to disable/enable hostname verification)
-- ssl.clientCertificateDir=/app/store/client.p12 (to replace keystore file)
-- ssl.clientCertificatePassword=collector (to replace password for keystore)
-- ssl.trustStoreDir=/app/store/trustStore (to replace truststore file)
-- ssl.trustStorePassword=collector (to replace password for truststore)
-4. Refresh configuration by sending simple POST request to correct actuator endpoint at: ```curl http://localhost:5000/refresh -H 'Content-type: application/json' -X POST --data '{}'```
+- ssl.clientCertificatePath=/app/store/client.p12 (to replace with keystore file)
+- ssl.clientCertificatePasswordPath=/app/store/keystore.pass (to replace with keystore password file)
+- ssl.trustStorePath=/app/store/trustStore (to replace with truststore file)
+- ssl.trustStorePasswordPath=/app/store/truststore.pass (to replace with truststore password file)
+4. Refresh configuration by sending simple POST request to correct actuator endpoint at: ```curl http://localhost:5001/refresh -H 'Content-type: application/json' -X POST --data '{}'```
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java
new file mode 100644
index 0000000..72af9e5
--- /dev/null
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.pnfsimulator.simulator.client.utils.ssl;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import javax.net.ssl.SSLContext;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+class CertAuthSslContextFactory {
+
+    private final CertificateReader certificateReader;
+
+    CertAuthSslContextFactory(CertificateReader certificateReader) {
+        this.certificateReader = certificateReader;
+    }
+
+    SSLContext createSslContext(SslAuthenticationHelper sslAuthenticationHelper)
+        throws GeneralSecurityException, IOException {
+        final String keystorePasswordPath = sslAuthenticationHelper.getClientCertificatePasswordPath();
+
+        final KeyStore keystore = certificateReader.read(sslAuthenticationHelper.getClientCertificatePath(),
+            keystorePasswordPath, "PKCS12");
+        final KeyStore truststore = certificateReader.read(sslAuthenticationHelper.getTrustStorePath(),
+            sslAuthenticationHelper.getTrustStorePasswordPath(), "JKS");
+
+        return SSLContexts.custom()
+            .loadKeyMaterial(keystore, certificateReader.readPassword(keystorePasswordPath))
+            .loadTrustMaterial(truststore, new TrustSelfSignedStrategy())
+            .build();
+    }
+
+}
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java
index e0b8cc2..a42114b 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java
@@ -23,16 +23,24 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 
 class CertificateReader {
 
-    KeyStore read(String certificate, String password, String type) throws GeneralSecurityException, IOException {
-        try (InputStream keyStoreStream = new FileInputStream(certificate)) {
+    KeyStore read(String certificatePath, String passwordPath, String type) throws GeneralSecurityException, IOException {
+        try (InputStream keyStoreStream = new FileInputStream(certificatePath)) {
             KeyStore keyStore = KeyStore.getInstance(type);
-            keyStore.load(keyStoreStream, PasswordConverter.convert(password));
+            keyStore.load(keyStoreStream, readPassword(passwordPath));
             return keyStore;
         }
     }
+
+    char[] readPassword(String passwordPath) throws IOException {
+        final String password = Files.readString(Path.of(passwordPath));
+        return PasswordConverter.convert(password);
+    }
+
 }
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java
index 521b584..dffd635 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java
@@ -20,10 +20,9 @@
 
 package org.onap.pnfsimulator.simulator.client.utils.ssl;
 
-import org.apache.http.client.HttpClient;
-
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import org.apache.http.client.HttpClient;
 
 public class HttpClientFactoryFacade {
 
@@ -31,7 +30,8 @@ public class HttpClientFactoryFacade {
     }
 
     private static final CertificateReader CERTIFICATE_READER = new CertificateReader();
-    private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERTIFICATE_READER);
+    private static final CertAuthSslContextFactory CERT_AUTH_SSL_CONTEXT_FACTORY = new CertAuthSslContextFactory(CERTIFICATE_READER);
+    private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERT_AUTH_SSL_CONTEXT_FACTORY);
     private static final HttpClientFactory HTTP_CLIENT_FACTORY = new HttpClientFactory(SSL_CONTEXT_FACTORY);
 
     public static HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException {
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java
index c4839fb..b8dfe6f 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java
@@ -19,32 +19,26 @@
  */
 package org.onap.pnfsimulator.simulator.client.utils.ssl;
 
-import org.apache.http.conn.ssl.TrustAllStrategy;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.conn.ssl.TrustStrategy;
-import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.http.ssl.SSLContexts;
-
-import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.ssl.SSLContextBuilder;
 
 class SSLContextFactory {
     private static final TrustStrategy TRUST_STRATEGY_ALWAYS = new TrustAllStrategy();
 
-    private final CertificateReader certificateReader;
+    private final CertAuthSslContextFactory certAuthSslContextFactory;
 
-    SSLContextFactory(CertificateReader certificateReader) {
-        this.certificateReader = certificateReader;
+    SSLContextFactory(CertAuthSslContextFactory certAuthSslContextFactory) {
+        this.certAuthSslContextFactory = certAuthSslContextFactory;
     }
     SSLContext create(SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException {
-        return SSLContexts.custom()
-                .loadKeyMaterial(certificateReader.read(sslAuthenticationHelper.getClientCertificateDir(), sslAuthenticationHelper.getClientCertificatePassword(), "PKCS12"), PasswordConverter.convert(sslAuthenticationHelper.getClientCertificatePassword()))
-                .loadTrustMaterial(certificateReader.read(sslAuthenticationHelper.getTrustStoreDir(), sslAuthenticationHelper.getTrustStorePassword(), "JKS"), new TrustSelfSignedStrategy())
-                .build();
+        return certAuthSslContextFactory.createSslContext(sslAuthenticationHelper);
     }
 
     SSLContext createTrustAlways() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java
index b785be6..271ad93 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java
@@ -38,8 +38,8 @@ public class SslAuthenticationHelper implements Serializable {
 
     private boolean clientCertificateEnabled;
     private boolean strictHostnameVerification;
-    private String clientCertificateDir;
-    private String clientCertificatePassword;
-    private String trustStoreDir;
-    private String trustStorePassword;
+    private String clientCertificatePath;
+    private String clientCertificatePasswordPath;
+    private String trustStorePath;
+    private String trustStorePasswordPath;
 }
diff --git a/pnfsimulator/src/main/resources/application.properties b/pnfsimulator/src/main/resources/application.properties
index 39334d1..c566ce3 100644
--- a/pnfsimulator/src/main/resources/application.properties
+++ b/pnfsimulator/src/main/resources/application.properties
@@ -12,7 +12,7 @@ management.endpoints.web.exposure.include=refresh,health
 
 ssl.clientCertificateEnabled=true
 ssl.strictHostnameVerification=${STRICT_HOSTNAME_VERIFICATION:false}
-ssl.clientCertificateDir=/app/store/cert.p12
-ssl.clientCertificatePassword=${CLIENT_CERT_PASS:collector}
-ssl.trustStoreDir=/app/store/trust.jks
-ssl.trustStorePassword=${TRUST_CERT_PASS:collector}
+ssl.clientCertificatePath=/app/store/cert.p12
+ssl.clientCertificatePasswordPath=/app/store/p12.pass
+ssl.trustStorePath=/app/store/trust.jks
+ssl.trustStorePasswordPath=/app/store/trust.pass
\ No newline at end of file
diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java
new file mode 100644
index 0000000..c64ddd7
--- /dev/null
+++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java
@@ -0,0 +1,141 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.pnfsimulator.simulator.client.utils.ssl;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.nio.file.NoSuchFileException;
+import java.security.GeneralSecurityException;
+import javax.net.ssl.SSLContext;
+import org.hamcrest.CoreMatchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class CertAuthSslContextFactoryTest {
+
+    private static final String CERTIFICATES_DIRECTORY = "src/test/resources/certificates/";
+
+    private static final String KEYSTORE_FILENAME = "client.p12";
+    private static final String VALID_KEYSTORE_PASSWORD_FILENAME = "client.pass";
+    private static final String INVALID_KEYSTORE_PASSWORD_FILENAME = "client_invalid.pass";
+
+    private static final String TRUSTSTORE_FILENAME = "truststore";
+    private static final String VALID_TRUSTSTORE_PASSWORD_FILENAME = "truststore.pass";
+    private static final String INVALID_TRUSTSTORE_PASSWORD_FILENAME = "truststore_invalid.pass";
+
+    private static final String NON_EXISTING_PASSWORD_FILENAME = "non_existing.pass";
+    private static final String PASSWORD_INCORRECT = "password was incorrect";
+
+    private CertAuthSslContextFactory certAuthSslContextFactory;
+
+    @Before
+    public void setup() {
+        this.certAuthSslContextFactory = new CertAuthSslContextFactory(new CertificateReader());
+    }
+
+    @Test
+    public void shouldCreateSslContextSuccessfully_whenValidPasswordsUsed()
+        throws GeneralSecurityException, IOException {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            VALID_KEYSTORE_PASSWORD_FILENAME, VALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When
+        final SSLContext sslContext = certAuthSslContextFactory.createSslContext(sslAuthenticationHelper);
+
+        // Then
+        assertNotNull(sslContext);
+    }
+
+    @Test
+    public void shouldThrowIOException_whenInvalidKeystorePasswordUsed() {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            INVALID_KEYSTORE_PASSWORD_FILENAME, VALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When
+        final IOException exception = assertThrows(IOException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+
+        // Then
+        assertThat(exception.getMessage(), CoreMatchers.containsString(PASSWORD_INCORRECT));
+    }
+
+    @Test
+    public void shouldThrowIOException_whenInvalidTruststorePasswordUsed() {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            VALID_KEYSTORE_PASSWORD_FILENAME, INVALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When
+        final IOException exception = assertThrows(IOException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+
+        // Then
+        assertThat(exception.getMessage(), CoreMatchers.containsString(PASSWORD_INCORRECT));
+    }
+
+    @Test
+    public void shouldThrowNoSuchFileException_whenInvalidKeystoreFilePath() {
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            NON_EXISTING_PASSWORD_FILENAME, INVALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When, Then
+        assertThrows(NoSuchFileException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+    }
+
+    @Test
+    public void shouldThrowNoSuchFileException_whenInvalidTruststoreFilePath() {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            VALID_KEYSTORE_PASSWORD_FILENAME, NON_EXISTING_PASSWORD_FILENAME);
+
+        // When, Then
+        assertThrows(NoSuchFileException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+    }
+
+    private SslAuthenticationHelper mockSslAuthenticationHelperWithFiles(String keystorePasswordFilename,
+        String truststorePasswordFilename) {
+        final SslAuthenticationHelper sslAuthenticationHelper = Mockito.mock(SslAuthenticationHelper.class);
+
+        when(sslAuthenticationHelper.getClientCertificatePath())
+            .thenReturn(getPath(KEYSTORE_FILENAME));
+        when(sslAuthenticationHelper.getClientCertificatePasswordPath())
+            .thenReturn(getPath(keystorePasswordFilename));
+        when(sslAuthenticationHelper.getTrustStorePath())
+            .thenReturn(getPath(TRUSTSTORE_FILENAME));
+        when(sslAuthenticationHelper.getTrustStorePasswordPath())
+            .thenReturn(getPath(truststorePasswordFilename));
+
+        return sslAuthenticationHelper;
+    }
+
+    private String getPath(String fileName) {
+        return CERTIFICATES_DIRECTORY + fileName;
+    }
+}
\ No newline at end of file
diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java
index 8e82706..85e40e5 100644
--- a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java
+++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java
@@ -20,26 +20,27 @@
 
 package org.onap.pnfsimulator.simulator.client.utils.ssl;
 
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
 class SSLContextFactoryTest {
     private CertificateReader certificateReaderMock;
+    private CertAuthSslContextFactory certAuthSslContextFactory;
     private SSLContextFactory sslContextFactory;
 
     @BeforeEach
     void setup() {
         certificateReaderMock = mock(CertificateReader.class);
-        sslContextFactory = new SSLContextFactory(certificateReaderMock);
+        certAuthSslContextFactory = new CertAuthSslContextFactory(certificateReaderMock);
+        sslContextFactory = new SSLContextFactory(certAuthSslContextFactory);
     }
 
     @Test
diff --git a/pnfsimulator/src/test/resources/client.p12 b/pnfsimulator/src/test/resources/certificates/client.p12
index 0bbec38..0bbec38 100644
--- a/pnfsimulator/src/test/resources/client.p12
+++ b/pnfsimulator/src/test/resources/certificates/client.p12
diff --git a/pnfsimulator/src/test/resources/certificates/client.pass b/pnfsimulator/src/test/resources/certificates/client.pass
new file mode 100644
index 0000000..25acfbf
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/client.pass
@@ -0,0 +1 @@
+collector
\ No newline at end of file
diff --git a/pnfsimulator/src/test/resources/certificates/client_invalid.pass b/pnfsimulator/src/test/resources/certificates/client_invalid.pass
new file mode 100644
index 0000000..0b54957
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/client_invalid.pass
@@ -0,0 +1 @@
+invalidpassword
\ No newline at end of file
diff --git a/pnfsimulator/src/test/resources/trustStore b/pnfsimulator/src/test/resources/certificates/truststore
index e90b710..e90b710 100644
--- a/pnfsimulator/src/test/resources/trustStore
+++ b/pnfsimulator/src/test/resources/certificates/truststore
diff --git a/pnfsimulator/src/test/resources/certificates/truststore.pass b/pnfsimulator/src/test/resources/certificates/truststore.pass
new file mode 100644
index 0000000..25acfbf
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/truststore.pass
@@ -0,0 +1 @@
+collector
\ No newline at end of file
diff --git a/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass b/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass
new file mode 100644
index 0000000..0b54957
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass
@@ -0,0 +1 @@
+invalidpassword
\ No newline at end of file
diff --git a/pnfsimulator/store/p12.pass b/pnfsimulator/store/p12.pass
new file mode 100644
index 0000000..25acfbf
--- /dev/null
+++ b/pnfsimulator/store/p12.pass
@@ -0,0 +1 @@
+collector
\ No newline at end of file
diff --git a/pnfsimulator/store/truststore.pass b/pnfsimulator/store/truststore.pass
new file mode 100644
index 0000000..25acfbf
--- /dev/null
+++ b/pnfsimulator/store/truststore.pass
@@ -0,0 +1 @@
+collector
\ No newline at end of file
diff --git a/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml b/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml
index 5b40a09..e233716 100644
--- a/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml
+++ b/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml
@@ -53,8 +53,6 @@ services:
       - "5000:5000"
     command: bash -c "
       while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done
-      && export CLIENT_CERT_PASS=$$(cat /app/store/p12.pass)
-      && export TRUST_CERT_PASS=$$(cat /app/store/trust.pass)
       && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main
       "
     volumes:
diff --git a/sanitycheck/pnfsimulator-secured/certservice/Makefile b/sanitycheck/pnfsimulator-secured/certservice/Makefile
index aea8477..2d3754c 100644
--- a/sanitycheck/pnfsimulator-secured/certservice/Makefile
+++ b/sanitycheck/pnfsimulator-secured/certservice/Makefile
@@ -44,8 +44,10 @@ clean-all: --clean-pnfsim --clean-env
 
 --clean-pnfsim:
 	docker-compose -f docker-compose-pnfsim.yml down
-	rm -rf ./resources/certservice-client/client-volume-for-pnfsim/cert.p12 || true
 	rm -rf ./resources/certservice-client/client-volume-for-pnfsim/trust.jks || true
+	rm -rf ./resources/certservice-client/client-volume-for-pnfsim/cert.p12 || true
+	rm -rf ./resources/certservice-client/client-volume-for-pnfsim/p12.pass || true
+	rm -rf ./resources/certservice-client/client-volume-for-pnfsim/trust.pass || true
 
 --clean-env:
 	docker-compose -f docker-compose-ves-dmaap.yml down
diff --git a/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml
index f09b0a9..d5bb5e2 100644
--- a/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml
+++ b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml
@@ -44,10 +44,10 @@ services:
       - public
     command: bash -c "
       while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done
-      && cp /app/store/truststore.jks /app/store/trust.jks
-      && cp /app/store/keystore.jks /app/store/cert.p12
-      && export CLIENT_CERT_PASS=$$(cat /app/store/keystore.pass)
-      && export TRUST_CERT_PASS=$$(cat /app/store/truststore.pass)
+      && cp /app/store/truststore.p12 /app/store/trust.jks
+      && cp /app/store/keystore.p12 /app/store/cert.p12
+      && cp /app/store/keystore.pass /app/store/p12.pass
+      && cp /app/store/truststore.pass /app/store/trust.pass
       && java -Dspring.config.location=file:/app/application.properties  -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main
       "
     volumes:
diff --git a/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env b/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env
index cda235d..c5f33b6 100644
--- a/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env
+++ b/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env
@@ -3,7 +3,7 @@ REQUEST_URL=https://oom-cert-service:8443/v1/certificate/
 REQUEST_TIMEOUT=10000
 OUTPUT_PATH=/var/certs
 CA_NAME=RA
-OUTPUT_TYPE=JKS
+OUTPUT_TYPE=P12
 #Csr config envs
 COMMON_NAME=onap.org
 ORGANIZATION=Linux-Foundation