From: Bartek Grzybowski Date: Thu, 30 Jul 2020 09:36:24 +0000 (+0000) Subject: Merge "[SDNC-Netconf-TLS] Update SDNC CSIT" X-Git-Tag: 7.0.1~65 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=9031bef617fc2996b5b2182ad07e2531c10e145c;hp=66eee8ddc9024899892630f35c8479b43c75a1df;p=integration%2Fcsit.git Merge "[SDNC-Netconf-TLS] Update SDNC CSIT" --- diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh index 2a0451d1..a2020aee 100644 --- a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh @@ -30,7 +30,6 @@ chmod +x "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config export TEMP_DIR_PATH=${TEMP_DIR_PATH} # Create temp directory to bind with docker containers -mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data @@ -54,6 +53,9 @@ echo "Reinstall pyOpenSSL library." pip uninstall pyopenssl -y pip install pyopenssl==17.5.0 +# Install PYJKS for .jks files management +pip install pyjks + # Disable Proxy - for local run unset http_proxy https_proxy diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh index 2f451d50..b780ed49 100644 --- a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh @@ -21,6 +21,5 @@ docker-compose -f "${SCRIPTS}"/sdnc/netconf-pnp-simulator/docker-compose.yml dow make clear -C "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs -rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data \ No newline at end of file diff --git a/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml index 67a75c94..d8e723ba 100755 --- a/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml +++ b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: netconf-pnp-simulator: - image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.8.5 + image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.8.6 container_name: netconf-simulator restart: always ports: diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env index 557860de..e85ab6cc 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env @@ -2,6 +2,7 @@ REQUEST_TIMEOUT=30000 OUTPUT_PATH=/var/certs CA_NAME=RA +OUTPUT_TYPE=P12 KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks KEYSTORE_PASSWORD=secret TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env index 28411797..57894753 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env @@ -2,6 +2,7 @@ REQUEST_TIMEOUT=30000 OUTPUT_PATH=/var/certs CA_NAME=RA +OUTPUT_TYPE=JKS KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks KEYSTORE_PASSWORD=secret TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py index ceff9742..b2399dfb 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py @@ -25,6 +25,7 @@ import shutil import subprocess import docker +import jks from OpenSSL import crypto from docker.types import Mount @@ -42,8 +43,10 @@ class ClientManager: self.serverKeyPem = mount_path + '/server_key.pem' self.serverCertPem = mount_path + '/server_cert.pem' self.keystoreJksPath = mount_path + '/keystore.jks' + self.keystoreP12Path = mount_path + '/keystore.p12' self.keystorePassPath = mount_path + '/keystore.pass' self.truststoreJksPath = mount_path + '/truststore.jks' + self.truststoreP12Path = mount_path + '/truststore.p12' self.truststorePassPath = mount_path + '/truststore.pass' # Function Create docker container. @@ -65,10 +68,27 @@ class ClientManager: exitcode = container.wait() return exitcode + # Function to validate keystore/truststore can be opened with generated pass-phrase. + def can_open_keystore_and_truststore_with_pass(self, container_name): + if container_name != NETCONF_PNP_SIM_CONTAINER_NAME: + return self.can_open_keystore_and_truststore_jks_files() + else: + return self.can_open_keystore_and_truststore_p12_files() + # Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase. - def can_open_keystore_and_truststore_with_pass(self): - can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath) - can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath) + def can_open_keystore_and_truststore_jks_files(self): + try: + jks.KeyStore.load(self.keystoreJksPath, open(self.keystorePassPath, 'rb').read()) + jks.KeyStore.load(self.truststoreJksPath, open(self.truststorePassPath, 'rb').read()) + return True + except Exception as e: + print("UnExpected Error in validating keystore.jks/truststore.jks: {0}".format(e)) + return False + + # Function to validate keystore.p12/truststore.p12 can be opened with generated pass-phrase. + def can_open_keystore_and_truststore_p12_files(self): + can_open_keystore = self.can_open_p12_file_with_pass_file(self.keystorePassPath, self.keystoreP12Path) + can_open_truststore = self.can_open_p12_file_with_pass_file(self.truststorePassPath, self.truststoreP12Path) return can_open_keystore & can_open_truststore # Method for Uploading Certificate in SDNC-Container. @@ -76,9 +96,9 @@ class ClientManager: def can_install_keystore_and_truststore_certs(self, cmd, container_name): continue_exec = True if container_name == NETCONF_PNP_SIM_CONTAINER_NAME: - print("Generating PEM files for {0} from JKS files".format(container_name)) - continue_exec = self.create_pem(self.keystorePassPath, self.keystoreJksPath, self.truststorePassPath, - self.truststoreJksPath) + print("Generating PEM files for {0} from P12 files".format(container_name)) + continue_exec = self.create_pem(self.keystorePassPath, self.keystoreP12Path, self.truststorePassPath, + self.truststoreP12Path) if continue_exec: print("Initiate Configuration Push for : {0}".format(container_name)) resp_code = self.execute_bash_config(cmd, container_name) @@ -89,19 +109,22 @@ class ClientManager: print("Execution Failed for: {0}".format(container_name)) return False - def create_pem(self, keystore_pass_file_path, keystore_jks_file_path, truststore_pass_file_path, - truststore_jks_file_path): + def create_pem(self, keystore_pass_path, keystore_p12_path, truststore_pass_path, truststore_p12_path): # Create [server_key.pem, server_cert.pem, ca.pem] files for Netconf-Pnp-Simulation/TLS Configuration. try: - keystore_p12 = self.get_pkcs12(keystore_pass_file_path, keystore_jks_file_path) - truststore_p12 = self.get_pkcs12(truststore_pass_file_path, truststore_jks_file_path) with open(self.serverKeyPem, "wb+") as key_file: - key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, keystore_p12.get_privatekey())) + key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, + self.get_pkcs12(keystore_pass_path, + keystore_p12_path).get_privatekey())) with open(self.serverCertPem, "wb+") as server_cert_file: - server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, keystore_p12.get_certificate())) + server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, + self.get_pkcs12(keystore_pass_path, + keystore_p12_path).get_certificate())) with open(self.caCertPem, "wb+") as ca_cert_file: ca_cert_file.write( - crypto.dump_certificate(crypto.FILETYPE_PEM, truststore_p12.get_ca_certificates()[0])) + crypto.dump_certificate(crypto.FILETYPE_PEM, + self.get_pkcs12(truststore_pass_path, + truststore_p12_path).get_ca_certificates()[0])) return True except IOError as err: print("I/O Error: {0}".format(err)) @@ -110,12 +133,12 @@ class ClientManager: print("UnExpected Error: {0}".format(e)) return False - def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path): + def can_open_p12_file_with_pass_file(self, pass_file_path, p12_file_path): try: - if jks_file_path.split('/')[-1] == 'truststore.jks': - pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_ca_certificates()[0] + if p12_file_path.split('/')[-1] == 'truststore.p12': + pkcs12 = self.get_pkcs12(pass_file_path, p12_file_path).get_ca_certificates()[0] else: - pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_certificate() + pkcs12 = self.get_pkcs12(pass_file_path, p12_file_path).get_certificate() if pkcs12 is None: return False return True @@ -143,11 +166,10 @@ class ClientManager: shutil.rmtree(self.mount_path) @staticmethod - def get_pkcs12(pass_file_path, jks_file_path): + def get_pkcs12(pass_file_path, p12_file_path): # Load PKCS12 Object password = open(pass_file_path, 'rb').read() - p12 = crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password) - return p12 + return crypto.load_pkcs12(open(p12_file_path, 'rb').read(), password) @staticmethod def execute_bash_config(cmd, container_name): diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot index 8e36e65f..a7fbcccc 100644 --- a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot +++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot @@ -76,7 +76,7 @@ Run Cert Service Client And Validate JKS File Creation And Client Exit Code [Documentation] Run Cert Service Client Container And Validate Exit Code For SDNC [Arguments] ${env_file} ${CONTAINER_NAME} ${expected_exit_code} ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK} - ${can_open}= Can Open Keystore And Truststore With Pass + ${can_open}= Can Open Keystore And Truststore With Pass ${CONTAINER_NAME} ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONTAINER_NAME} Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}