{
"caName": "Client",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
- "caMode": "CLIENT",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"authentication": {
"iak": "mypassword",
"rv": "mypassword"
{
"caName": "RA",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
- "caMode": "RA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"authentication": {
"iak": "mypassword",
"rv": "mypassword"
ports:
- "80:8080"
- "443:8443"
+ environment:
+ - NO_CREATE_CA=true
volumes:
- $RESOURCES_PATH/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
- $RESOURCES_PATH/certprofile_CUSTOM_ENDUSER-1834889499.xml:/opt/primekey/custom_profiles/certprofile_CUSTOM_ENDUSER-1834889499.xml
#!/bin/bash
configureEjbca() {
+ ejbca.sh ca init \
+ --caname ManagementCA \
+ --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
+ --tokenType soft \
+ --keyspec 3072 \
+ --keytype RSA \
+ -v 3652 \
+ --policy null \
+ -s SHA256WithRSA \
+ -type "x509"
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA'
+ ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
#Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
#ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
+ caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
+ ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
ejbca.sh config cmp dumpalias --alias cmp
ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+ #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+ ejbca.sh roles addrole "Certificate Update Admin"
+ ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+ ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation"
}
configureEjbca
--- /dev/null
+LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREdqQ0NBZ0lDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdqRWtvT2RhUitHK0ZNRkVLWndYenRyVHp5dWk3V2ZKQlg0SApsMkU3S3JoTUprQ2ZzWTMydFpzN2JXeHFDWjJJdXhVdDZtWVNqeUJKQU4xelRaWWgwcEl6Z21URkNtTjZ2TmpnCmpVb1ovNUk1QTU5WlVZdVROVnhud0ExOUFGN1RvNm84UUE2S0xQZm5XaHVWYU1kM0h0aWVyQkVLRWNYYzV1UnYKOEdXVUdRajhjSVYzM0NaZnBsaUVodjU0SkM4WGtFU3N5dFFmMWFoWHVrZUszblFobU5XSm9lYlcxR1F0WGxiSgpCbUNsYkNyWCtVeTMrbFpQNmg3Qk5FZlIxU1RSaXFTWVdGUU1nYktPMHFRZEN4SFJ1RkFoV0NGb1hsa0MrT1d4ClkvWkU2UHdsMTNCa205MFlld0JoL1NMTmlIQnFmYUJjNGx5SWZDOEkwRWRpZEdsMTZ3SURBUUFCb0Y0d1hBWUoKS29aSWh2Y05BUWtPTVU4d1RUQkxCZ05WSFJFRVJEQkNnaEZ1WlhjdGRHVnpkQzV2Ym1Gd0xtOXlaNElJYjI1aApjQzV2Y21lSEJIOEFBQUdHRG1aMGNEb3ZMM1JsYzNRdWIzSm5nUTEwWlhOMFFHOXVZWEF1YjNKbk1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUFuK3VyTEp5bGhtVkxuUWx4TnBucUpUNm9KSHA5UWl3VmVPSElIOFRjbnluVnQKNExqUVFNWU9yR2FFNVVEZnlJVVhRdWtUb2RBWGlGeWVoWk1BdUF0Q2IyK3ljc0gzU3cyaVhmOWt5MEttS1FhMgpnTEw0Ymp2MG9rbFJLSzBHRldLMDFhZk82SUpNV3JlakV2U3hOUVpwWmU1TE1pSDFIWG1qeE9sdXZHTEZoUy96CmQwUm1sWHNXNEVQNWFuY2pNalpDRlJCZXhsaThpSmZlcEc2aDJSRVpRR1JRNGZqTDRhbXVvbnVKQ2dNRVR0L1cKKzJWNzhNNWNYWjVoa1NPejhOcWE0SURtNXJsTEhaTnlmM04rTGFWUVVOUnlNTlZKNzN3c1FxdytiS1RsanJWNAozL2pIekhYSmFCTjFNdHNBRnV2MFlJOHFOZ1QwRitWY0JxOUxCVlZaCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRENNU1NnNTFwSDRiNFUKd1VRcG5CZk8ydFBQSzZMdFo4a0ZmZ2VYWVRzcXVFd21RSit4amZhMW16dHRiR29KbllpN0ZTM3FaaEtQSUVrQQozWE5ObGlIU2tqT0NaTVVLWTNxODJPQ05TaG4va2prRG4xbFJpNU0xWEdmQURYMEFYdE9qcWp4QURvb3M5K2RhCkc1Vm94M2NlMko2c0VRb1J4ZHptNUcvd1paUVpDUHh3aFhmY0psK21XSVNHL25na0x4ZVFSS3pLMUIvVnFGZTYKUjRyZWRDR1kxWW1oNXRiVVpDMWVWc2tHWUtWc0t0ZjVUTGY2VmsvcUhzRTBSOUhWSk5HS3BKaFlWQXlCc283UwpwQjBMRWRHNFVDRllJV2hlV1FMNDViRmo5a1RvL0NYWGNHU2IzUmg3QUdIOUlzMkljR3A5b0Z6aVhJaDhMd2pRClIySjBhWFhyQWdNQkFBRUNnZ0VBQXN3U2F2N3FIZjd5YmZvYXNUNitXUXh0NEo0UVNyc2oraUJHbTdlYTBwSzEKQmhnSU5OYUdwemNGTkI1THFMZk1NR1d0czZLa3djc0ZRaTN1YXordVhRb2VFOUsvdzlhSy9nMWhycWRTbUl2UwpwbXExTHFlRUIxQzliZGJENWkxM2Z2UUV5aWRyZGhwY0NzQTY5cmRvejlqdThDdU9xWkxnQzdOZXFXZk5LazhnCll1WGw5SlZVY0p6RGhhdlRCV2JrMWZFclAzZGkzVDFtVjRPSE9vS2N0Zy9PYWpMZlVpSUl5WDZpSHR3VGVXRTEKTDNWMnM2MTdXWURZczVIcWlER0psU0ppL1FtMTgvZnBKMmt4UTJRZG5YZTlmN2FMeVBtWmRPWU1CQTFMUmlhNwpkbmxwVlpvWXZXa1RUZFdHMDAza05PcHlDOVduUCtLRHdLN0krcTRYZ1FLQmdRRHdER21YUUdXK045UFdVazY1CjBJVW50Q0ZjS3FtcTREcFJPRUIwKzJIWEpZczNxNjdvUmp5eXNFL29QOVliK1l6QXIzMnoybytqWkxyeGhLaVgKQW43ck12UUpLaXJkbWN4QkZQMFBxQXlGNWl2aHJJNWkydjBtSm9DcXcra0pvdVg2cy9YNVZGc3pic0Fxa2xKdgpqbWJkbjRKbkc4T1BOa1dadnR3UW1GelNmUUtCZ1FEUEdLUlM2eUg2OEZ5Q0o5akdyQmY1WlZ0bUpmWEJ6azZ1ClpWRXdjKzJlNExXVXJCdFEvcG1ybnY5am4vcTNzbTdBVS9BT3FYMHN5OWhkckw0ZURCN28zMHFQVmh0YTdORmoKbnFTek1kVkxaRGI0T2FudjhyWlNZYmMzOUU1L3cxOStWamxpM25EOUM4SXhORm56Y2ovcmtHRis2NDkxbWdzbwp4dmZpMFhRdWh3S0JnUUNxY3JYYlR6K3ZWS2JYalBRWG5zZWR6SnJQZmYraHRMdlVCaFJHdkdUWnh1L1dwTko2ClhiMGx5R25FNk9jWVVCY3dqcXU4TkpvL2svdm1HS001THUxK0JsMGYwTkJGTDdySUQ2WXRJczlabUhsYU1oT2MKZ0JDMnNTbzFsd3gyNmpOUTA4MzVyM3RleHVvdWtGMTJsdS9WdURoNURFN005dVZ1NlFZTHhwUktaUUtCZ1FESwphUFZDcmRvYVg0NnJEN01LQ3UycnJlcjFIYWpqY1hicGNORTNvRGJoRUJPcGFjV1JGaWF2M01rVVlDbzJITW11ClpOdStHTjNsU0o4Q2YzR2FBSks5WEhDTlE4V2N5dFdrbmt1dmNNZGQxbWI3bWJDRWV4N0R5Z20vUUtMd3NNM0cKdHhPRGxKR3VZUzI5MWNNTTg5K1JweDREWk14a1R0a1ZVOUszOTZ1c1JRS0JnUUNPU2puU2FhcU1tU1hnM2lxQQp4WVIycnp4bnBOSFVyWVZYNG1rV2lOMyt4V1ZwN05wS2I5MGlmSmU4UXVQRXFRbkRuV1I4TC9pQjd2VWFpQ3BECmpWQjVleXpTMnh1MXhMK1BvbEo1ODJCTHNzS2VJMHpFZ2hBRWx2aXgvWk1CeHdNV0tRK0tVZVJ1bVFYNXZiR3QKOWRvRGxETVUxWGp6d0JMNHJSSmRKSUNFRlE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREdqQ0NBZ0lDQVFBd2V6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEZUQVRCZ05WQkFNTURHNWxkeTF2Ym1Gd0xtOXlaekNDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0pSOGJTdjlQL1JONmZSbGYrWTR4YWxnd2Z1OEg1RQpMRmhzZmF3N3NYMEo2dDZIelFLa0YxQWFnVGlEODRpRHZua3J3ZUhjeUxsODdDN1d2NVVoaVZ6T0QvWEFqRmQ0Ci9jVVVaeXZPamZWNkxsWmdKTHMwT2JqK2JGNzdSbTdJWnZCeXpwRDJsLy9uOHNMWmxsTlBnY0Y2d1NnbHcwblgKZmxyYysxQUVaYVp6VHFvbStKMEsyZi9QQldQNVdsb29aUGRaOGR3cUI0TnczSmxkUzVwcEczRDVndUhDQmhDeQovRms1N0RVSnhxRDRSYVdKS3UwMnBQL2JqVXBYdjRuajQwNWUrVzZNSjd1blB4M1ZUYXcvUWQ0Mld4ODdJVG1LCjB5UmNVYW5qMGFrSWZSaUFid3VDZkJiWDlKazJjZU05d21qbm5mODlqNDkvNmpyd2lRMTh2bDBDQXdFQUFhQmEKTUZnR0NTcUdTSWIzRFFFSkRqRkxNRWt3UndZRFZSMFJCRUF3UG9JTmRHVnpkQzV2Ym1Gd0xtOXlaNElJYjI1aApjQzV2Y21lSEJIOEFBQUdHRG1aMGNEb3ZMM1JsYzNRdWIzSm5nUTEwWlhOMFFHOXVZWEF1YjNKbk1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUJNRzBwM3lQWHRuRFVWckRreEtweG1MVWk3bWtoamdVLzRkdWFHaHBlSmdyTU4KNGNFVFVHWDdtdWw0aElDckovSGJPMGh5bzdaM2xEaXVCYVhCSmxpU0JXdU4zTmhoNDM5UzBDK1ZEZkVyNGxUZgo4bDlQYXdJRHFVNldhQSs2ejY5WHB4em94YndUK3R3b0ZBdTNtT2U1dVV2bWxNNk1Ma3Q2WE41RnhlUG9Ec21pCjcvRFZDZ3VBWDZNMi92UHpLWGZ2TWFMTzltS0dxNC9WcVpRZ3VHSFZNNUhrbkZQeVJiTUFyV2N3YXBDaWxGNG4KSENiOVdqb1BwZVhxVjFWeUJ2VFhBWTNoRFIwbXlNaFZ2b0QvU2g4UTNjWWttbU1vYlN4WExOZGxsWEt3MFhFagpwY1h6VWtINW5ub2cyQWI3UkVjRnNpQjZ4Qy81WnRpZm1OQWZyVEdYCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGlVZkcwci9ULzBUZW4KMFpYL21PTVdwWU1IN3ZCK1JDeFliSDJzTzdGOUNlcmVoODBDcEJkUUdvRTRnL09JZzc1NUs4SGgzTWk1Zk93dQoxcitWSVlsY3pnLzF3SXhYZVAzRkZHY3J6bzMxZWk1V1lDUzdORG00L214ZSswWnV5R2J3Y3M2UTlwZi81L0xDCjJaWlRUNEhCZXNFb0pjTkoxMzVhM1B0UUJHV21jMDZxSnZpZEN0bi96d1ZqK1ZwYUtHVDNXZkhjS2dlRGNOeVoKWFV1YWFSdHcrWUxod2dZUXN2eFpPZXcxQ2NhZytFV2xpU3J0TnFULzI0MUtWNytKNCtOT1h2bHVqQ2U3cHo4ZAoxVTJzUDBIZU5sc2ZPeUU1aXRNa1hGR3A0OUdwQ0gwWWdHOExnbndXMS9TWk5uSGpQY0pvNTUzL1BZK1BmK282CjhJa05mTDVkQWdNQkFBRUNnZ0VCQUxFVVNMaUZ6SDYwNW9VcVdlRUpjUFZ4UDFyZnU5QXY2enFzZUpCZ2pIazMKWDB3S21YL3RnRWd1MU5peGRjVmt2NDN6ak5uNmRCdWVBUGFORkkzTkZidEZoL3RUVXZ2R01Wa1lvN2tFL3RJSgpiV1FzQ2RGb0Jab1hpQmV4SitUYWJLREtVNUhkUUFUOUtWY0lCTFRleXJubUlHZ1hVL3ZjM29LZDBRMUV3M3c5CjF2ZEo2dEhoS0xwRk54dk51M3FoV1QvT0gvVmdkY3RUVzltazgraWNtNVNJRlVxcWlVMlFTc1pYY0hpUzRnS0MKZFBUb1hEbThTVkk1QTI5VlRuUkJIYkt0WEVaSjQwQWFPczVVSWRDUnA2L1Z6WlhtSlQyNUsvNTRad3F3OEZuTAp5SUFEM1dTcTRWSktKQUQ3ZkpkMjcrditxNXJSVnl3dEt1dFBCK2JNU3dFQ2dZRUEvL0t6R1BJMEsvK0h0OWRFCkwwQXVFK0lyY3A2R0lwTXVDZGRKbms1bVdJMm13c3QyeXZOUllyanM3M3UxckZ4QkZHZnNCK2c0NW9Qa2g3YmYKTDRubjI0TlBkZEwxdlM4YW9EME5HUmJQT2JpU2tvYUxwRTBQNjdOeGNHSk1IL2N2ckFrcFhrWGtaaXFHNXZ0NApKUXlvb1k2eUhxMHNpRW1aSHlRRXA1ZklUR0VDZ1lFQTRsMjBkdnBUM2E1cDNRYWwwTG96RjBGTUxFb21LUFM2CmZDOWJPdXhmdC8wbjA1MFVVeUN3TUUydmZqb0JkekNkSjVrNlNCOWJ3L3U2aHBGY1J0TFliTWZId2piUi9OMjgKKzM2Qno5cUxoTWViQjZIRFZRRldGT0kyZ2RsOWlldndFZG9yVmNpOXpDRXk0TEJqTTNqYmtHaGpzR0RlaG9CcgpzZ1B1T3lkc1UzMENnWUVBckRaZ3l5Z3NjbTQ4b3pYMGF0YUVLbHpEWHh2S3BQaml3VHhhREdvejh1RmNrelRUCmVUcStSKzZsZlgxL2Y3bVRFR2ZjS0hYWDAwSnJRZVdKeGpMRURxOExoL3VwM09FVXlUeEswOWJGRjlGWXpiNDUKdHhNaTR6U1ozMFJFZEQyZGxlT1VNaHBVMDJsSjI2RFg5aFhPWU9YaWMwR1I5U0dRSmFQV2ZlMWltQUVDZ1lBTwoyaThaRDF1cFUrUkdTRVZnNkphcGsvTTNoTFgwUWZwcVk0RU00SzEzR1BrZi9WSjBFZFQ5bGx0SllPenZzUlRlCm9FTWVzRkFKRDk4eExTQnMxVEMyRW5XYzNKUHlqMm55NWw0R0VVVE9OWHFLaWFhVFVUOGdwNmNENWcxQ20yUnAKQjNPSWNWOWlvVnNCT3hHSE13clU4c1Izc2lObmw4MTVKS0RnNkxsRzBRS0JnUUNLbm8xOVpyVkc4U21VZzl1ZgpqRWowN21yUXZMNUFiSEJaVXBVVVZESkMvTGdoY25rbDQvNkZGbG83aDdxQ05hN1JHMUwrdWFrVENiaW95bDVFCmZtSWptVEpaVE9ZYTI4M2hYMk1BaXZFbkNVVUd2bVpjK0t1a1lrNS9YK0NCb0ZBWUx0VTdFUit4SExnZ0VIVFAKSEdUVWkvanhDQTNPU3g5c1VqSHQ1WUVqNHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREZqQ0NBZjRDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZPKzFuNEpuSzRIRFpmTDBqaFBvOGlYRFpobEtkalFCOVBWTQprZXp1cXpheTJja2NGY2t2aExxc3hRL1JHeHJLaHlZNkRGR2Y1WHVWNkVGYUY3NXF1RlliRlF1REhyV3p0YTFyCmIxQ3pRMFgydDJOOTlFRWVzcGVUUEkzU3dHRHkrb2xveHlvM3E3MXFsdXBRaEtjY2FpZUZRVlFvdzAzZkd5clcKbFJYSENNcjNCZEh2eEtiWFBUSXQ0OFl4ck1CK0FqUUxaUUVyYXlFTitybWlFZlFKUTFvam4rL25hdTZsL1VSVgppcFBVdHJiZVJuZWZRQlpKRzcwVmx0dGtxNUsvQm13Z1djMUtSOC90QnRmVjBFL1hKb2F6Uy9lamo0TCtDWlkrCkhiQTU3YXNmc2VpQ2djL1lBZ2JJRGhLNDg1K3lwbW1mYUpFWEluUDJnSHJkSURCVHh3SURBUUFCb0Zvd1dBWUoKS29aSWh2Y05BUWtPTVVzd1NUQkhCZ05WSFJFRVFEQStnZzEwWlhOMExtOXVZWEF1YjNKbmdnaHZibUZ3TG05eQpaNGNFZndBQUFZWU9ablJ3T2k4dmRHVnpkQzV2Y21lQkRYUmxjM1JBYjI1aGNDNXZjbWN3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFMemxBby9Tczh1ZHpYVWIxdHl1d1BISU03c3dzS3c3WGZHK25mdXpuQ1UrbUZzS01oNlcKWmFXQWtSZ3VUY2d3T2JaNXcwNS9rcjBpZDFrdjJ0WU9xYXViMWZXVisrVmRVSXNZcUoxTENwL3RHU241Rkt6SQpvMVdpcEFOTGJpTEU0MnVPWHA2aHlmeUZsdzhQa2RwdURrUUVrNFV6MGdWK2dVRGZBd0JsOEx3aHdiREY3a3lhCkFiekZrRE5sem9ZemZLRTR4enN5SDNtQlYwdVpGS1lodE9XLzBQYVRnY042NTd6eXRCUGMxMExJaXVDa0NvU2IKYXNueG5FTUJTVU1nbC9YYzM4TFB5WU5BZGNCQTJHS3daeXNBd0J6V3lrNlM1U2x1SG9xcjlJWmdDcldWTlU5YwpGU1VWL29jQWY5Y29CRkRDVXVTWFBxWlpacUxlRnlhclZRRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQzg3N1dmZ21jcmdjTmwKOHZTT0UranlKY05tR1VwMk5BSDA5VXlSN082ck5yTFp5UndWeVMrRXVxekZEOUViR3NxSEpqb01VWi9sZTVYbwpRVm9Ydm1xNFZoc1ZDNE1ldGJPMXJXdHZVTE5EUmZhM1kzMzBRUjZ5bDVNOGpkTEFZUEw2aVdqSEtqZXJ2V3FXCjZsQ0VweHhxSjRWQlZDakRUZDhiS3RhVkZjY0l5dmNGMGUvRXB0YzlNaTNqeGpHc3dINENOQXRsQVN0cklRMzYKdWFJUjlBbERXaU9mNytkcTdxWDlSRldLazlTMnR0NUdkNTlBRmtrYnZSV1cyMlNya3I4R2JDQlp6VXBIeiswRwoxOVhRVDljbWhyTkw5Nk9QZ3Y0SmxqNGRzRG50cXgreDZJS0J6OWdDQnNnT0VyanpuN0ttYVo5b2tSY2ljL2FBCmV0MGdNRlBIQWdNQkFBRUNnZ0VCQUx4aFJYWUZUMWpSeVVHZFBMbHNvSmJQa0VQOGM0SG4yUXVraVBQMmlRR3QKU0NaZG51TVo5WWNobWFIaVkxdmpHb3dtVVRwM0tEWm5RdENRV0lQVUdCUXp4a3oxYllieEpIM0FxNTRSbUtzNgoxd09DNzlMYUd3RjJvQmVBVU9IL3lFU0ZQVE5YcEtwWDhpOEc4Y0ZSM2NMNkpLTStobVkwL243WDk1d3VXb1VvCkloWW16Q0J2MmVWSG0veEtLZ01Lai82RWJkdE5uWlRack4rK3ZObmdqZndyTzEzQzR5STYxbzl5dDRzOGpMSHcKMnV4bUcwZ3RBZ0ZCZ0d6UWNFUG5tdEZDWkxYZkhiRVAreklwZ0U0eDZRakYzN05jYThHVmNINEVhOTViWG1LRgplWERlOElvWFJFOU9TZ25SR2hzeTVMUHNlTGYrZG1aVkx1WDNTK2c3WGdFQ2dZRUE2emZMd0U4akRyZUdhM2ExCkV4V2ZZOWZWeDMzWlREdytyYWxZVXBpUTAwWUlWYmRiVlZBZlpxRW1STzVYY2dKOXN1NDZtM3lDc2pZM1M1QnYKZ1daaGtHVmtSSnpoREdYRnpFdmdLcHRZZERNUDZQTzkyOVAyWmxacytnRVhVQlpnRkJ1SW9maWNqSHBuL0VHeAp0VTdGeW5VS1JqbDlDUitqVkN5d28yeGpLVzBDZ1lFQXphRWJuVUNnSTNTOWpvSTYxNVNxcmxCbVhacXpEckFMCi9jNFRPRTltVUhSeDduZ0I0ektERFd4Zys4NnVJQlBEUmc4RkVpQVFxb1g2bi9pUW9iKzFNdXRpYWE4ZUQ2ODIKVmFCL0hsT2NKMHdLVUlPZU0rNnh3WDhOUlRxb09KUjFEeUt3dThTWUNLN3BxcHRoSDgycmhZQ0pqRERlTnp6dwpwUnE1T3hWUEJZTUNnWUI1KzNhVDViWjFsR0dHYTRwZU9sRnRrdW9QeWNrZUN3UXFSVzlEYmxGMDc1VzA5aURNCmJuL0tWbm9sTjBGc0k3U1NUWTloUVVINkw3bWZXMmtvUHpNTGtqbGNoOHNDQmVsOUdFQkplRVI0Qmw4UzNReXgKNnd1V2FPMmMvV0hjcTYzcDM1bU0vZ1FacWdVeFFkUnFCVTczdnBpMGNHM1NoSERNWDF5L2M1ODlSUUtCZ1FDbwpGT0wvblUzSTdhbnNqU01RQ09PamJQRGYzbzR5bVZDVC9CalYxSUVyanFONmEvb08vc0VFL2V3Z3FJYklqWjcyCjYxd1h2c0lnd1RkbC84WXBrUXpLUElITEpXdUxJb3RsWHJYSjBrbzREUDM1Wmp5dzhwRzJPdVpjQ21CckwxNm8KS3BFUVN0aURjSVpzQUdwWmxzSjNjK1A3Qmc3K1UvL1kxWWxIZEZtTmhRS0JnQkRCbkVrQzlRdmZ0RGZaM0lxYwpvcUJNTElMSHJyV2NpRTM4K1JzV3RJSkk2WHhXbEVCV3ppRElBMHk3WXgrUENtYk9ybitlM2Zvd0VZU2E0eXA1ClgzMER3SFB5U1Z2WVAzNUY4NCtnd2FZalVaYW9uT2FBVnRpVXgzdDA3blRMaEEyNnJ0bWZWbDJvbEFTeWNOZWQKTXpZbFBiNUZEQThhRDB2blFteFI3Q2l4Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREZqQ0NBZjRDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTNpQjc1UExEM2hGWHRLMHNnWmhwLzcxWHExTFBUNWhLcVpkQwo4Sjl1Nkwxeitqb21mczJMN1FDQ2RDL21ic0p6djhZSWtZZGc1L05VVVN4dkxNU1pWN0kyQmRhRERzYUJOV3oxClVuVEQ5TU9mdG8wQTdtK1JZK2FIQnY3cFhYNlVUVkVqdm94MExId3dOanlCdUc3VytKRnR2dFFtR21wdDVUdWYKcHJWUm5jZ2duZlBkZXU1WDVsUTU3aUREYjRZL3VRSWZPRTdvc2MzTmJvN2ZpQ3NmR2VpWllFejB0bE05ZVlaRwpUOXI2WUlTOURqRDBYbDE3TXNCZjR6N1VNTWVOeXc1WTBMK3I3MTlVVDVic2lvaWJQbFdSeTFaZDdGL0UvZ3E5Ci9Yc3ZFMzVqZ0FZWG5STWRjek12TnozdkFWMzgzaWdHeGRMV2ltNnE0bDVKMklXNVpRSURBUUFCb0Zvd1dBWUoKS29aSWh2Y05BUWtPTVVzd1NUQkhCZ05WSFJFRVFEQStnZzEwWlhOMExtOXVZWEF1YjNKbmdnaHZibUZ3TG05eQpaNGNFZndBQUFZWU9ablJ3T2k4dmRHVnpkQzV2Y21lQkRYUmxjM1JBYjI1aGNDNXZjbWN3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFFUDB4UVdsNDduNEowNnUxSjJsTTI4aWhNcy9GaHJNaG5DeTlETFpoYU9uQ3BjSktPNkoKMUhHQU54OEFJRDI5dk93Q09xaVJ5OFZBNHU0aW9LdjdaaS9HT3NhaWh0RWEvQjY4dnBTR1p3RVlmeFJtMXdvYgpWWlRuR0pSbDdKVmg3OVc5SlFjeVcwbEFIRzFPdXdtQUZjc0NMUFlXRDRKVXMrUmptS0R4T2V6R3VpMTcxaUhWCnFHbkNIZGdSUDFFUE9IdnFsYWY2MnlnQ2RaWVoyZGlLK0s1VmJ3OE1XUmF2VGt3cFhEWjNGZGlwYUtQNmJZN3cKR0ROWUZNQ2FySHBsUy9DS2dPZENhdkh4UExTeGFTcis2dE5xV1pQbTBpUk1BdTZ3RThWRTNsMXZFRldUNlg4Rgo0WDNyaGFvQVduK3RabjZCanJtbnoveFlaTlhuck1CM0lLMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
\ No newline at end of file
--- /dev/null
+LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGVJSHZrOHNQZUVWZTAKclN5Qm1Hbi92VmVyVXM5UG1FcXBsMEx3bjI3b3ZYUDZPaVorell2dEFJSjBMK1p1d25PL3hnaVJoMkRuODFSUgpMRzhzeEpsWHNqWUYxb01PeG9FMWJQVlNkTVAwdzUrMmpRRHViNUZqNW9jRy91bGRmcFJOVVNPK2pIUXNmREEyClBJRzRidGI0a1cyKzFDWWFhbTNsTzUrbXRWR2R5Q0NkODkxNjdsZm1WRG51SU1OdmhqKzVBaDg0VHVpeHpjMXUKanQrSUt4OFo2SmxnVFBTMlV6MTVoa1pQMnZwZ2hMME9NUFJlWFhzeXdGL2pQdFF3eDQzTERsalF2NnZ2WDFSUApsdXlLaUpzK1ZaSExWbDNzWDhUK0NyMzlleThUZm1PQUJoZWRFeDF6TXk4M1BlOEJYZnplS0FiRjB0YUticXJpClhrblloYmxsQWdNQkFBRUNnZ0VCQU5WTU5DeUJ3ZnY0ZzFRSUJ2amJOczVSTDJKZ3Zwb2NEM1lTdmtENW1ETDkKMmVTcStsUkJaT0JNNFBoWkZ0bTgrQkZyUk1jYVRML3ZOVVJOZXVSdVZTR1ZDN05IYmNvK2E4eTF1RTFadXVITApDQTd3RDdqbWdhS0F0NkRNSDZPYjdTVGhpWVZzc2hJVm51WTE3QXNDeElNa2cxSC92aWNYbERmUHJWc1VPaTliCk41RzRVM041VGRLaDJOcDhQZXNPU0hUZXphamNtNmJXUy9xU3pkZTgzQjNDNE9ZcUFJdjlIVEpLZWpMY0p3WnAKbDlnMlBVTGlKR3I2S0J2aWZwM1lqSm5pQ3ZmbVdIMW5tbEdjaThTU09MeVNUM21MUm84QnhlQUFEenpsUmYvSgpDOHBVZ1ZsbDhUUDh2a1BJNXpsWVhYZExWVDBVVUM5SjRWZUE1cXZMZTNFQ2dZRUE4ZFRvTUMvaHgzR05qeWo2CkFWczNRN2FGUUlZd3FYNEZMbklPejhHKzVpdUZxY01wWWdyVjVwOWhHUm5ud0lIc0M1WE9yTU9ZL0dGdjJUN0oKZXdWZTJ1Z3lqcUF1djgrZTl4Q2JtdmVtcHhtNitkdnZTQjR3WmU1a1haQzM4UHlRUUtHcnB4aStnbUZkYlN0Rgp3a0U3YXFHNmlZUlptZm9jVlZSMjBMSmQ0VU1DZ1lFQTZ5UUpWRDFwRkRUK05ESzRMTmIyeTNGUThWZ2t4UW15CmsvTmdlaFU3SmVZc1pqWjRWaW9LOWp2MGFLbFdsckFyMkFLYUlrWHArTGdxSVB4aEVGWTVCNDJtYW15QlROT20KS3c5SE9FQXV2LzlsRDFvL0kxM1lWTkd5UWdyQjFOZEwwQ20wbmg1SFFLUVRXbFJ5TzBuQzVrTjhmVTJLYmpHTQpQZlI0aG14OUhEY0NnWUVBNVhLeGZvN2Z0S0VMdytvSUV1TmQ4eFFwS0FocUFWYTlTYzBVT3BERU5KVFV0RGFrCmZBNTExdVFmZDNaNXlkQTdpdDV2Z3NIdTFIOEtaV0JLUUR2ZlBPb1VsZmhyZ3JoV1JtcHVpVUV4ME5mNzdIZDkKZDdxVkJ4R0NEcmh4bmVlMFltNUNkRDlvK2tHeEtCUm5rcURiNUJkZzZuczFuSCtQQkhNb2JHamY1QXNDZ1lBZwoyNnBLRVVMTHhoUDNxMWE5UFZURFhSUlloVjZ1QWdyb1Rjd2ZnelArdWNsZWh5SU51RlpMemxqNi94N1FjOUhNCm42QjJSWnJLWE1IV1ZpNGlJRXBiMmRsMWFiQXYwaXVZUE14UStmY09jVnZuNTA2SFhLZk1RbmxNYlVCa3c2a2UKYjVXRHV1dHVCditGVWVPY2tWUWc1VEZTT1RHczhGT09uTWp5ejlvenhRS0JnUUNLcEtqOUxLRlR4bFJoUFduaApITkJ3QWJsMzI2NjhmSW1ORG1yQlkxWHdvczVQdnV2Mjcxckc2STJLUnJDbGdmb3NtdnlJVVY0NjBNZmZNanJrCmJlbFdDdFNyRU4wYlZtK2xQOGkwWGg3REMrRkxmbG1GdTVFclNDUkRjcTY0SzIxWHpSczVzOUVYVnpBekVGaE4KdWpPTExUSDIySUwrclpuZXlWbjUxdW1DQkE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
\ No newline at end of file
Send Get Request And Validate Response /ready 200
Generate Certificate In RA Mode For CA Name
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_CSR_FILE} ${VALID_RA_PK_FILE}
Generate Certificate with all Sans types In RA Mode For CA Name
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_ALL_SANS_CSR_FILE} ${VALID_RA_ALL_SANS_PK_FILE}
Report Not Found Error When Path To Service Is Not Valid
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT} endpoint and expect 404
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT} ${VALID_CLIENT_CSR_FILE} ${VALID_CLIENT_PK_FILE} 404
Report Bad Request Error When Header Is Missing In Request
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION
[Documentation] Send request without header to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request And Validate Response ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} 400
Report Bad Request Error When CSR Is Not Valid
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${INVALID_CSR_FILE} ${VALID_CLIENT_PK_FILE} 400
Report Bad Request Error When PK Is Not Valid
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-INITIALIZATION
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400
+Update Certificate With Key Update Request In RA Mode Should Succeed
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-UPDATE
+ [Documentation] Send Initialization Request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} then for received certificate send Key Update Request to ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
+ Send Initialization Request And Key Update Request And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME}
+ ... ${VALID_IR_CSR_FOR_UPDATE} ${VALID_IR_KEY_FOR_UPDATE} ${VALID_KUR_CSR} ${VALID_KUR_KEY}
+
+Update Certificate With Certification Request When Subject Changed In RA Mode Should Succeed
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-UPDATE
+ [Documentation] Send Initialization Request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} then for received certificate send Key Update Request to ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
+ Send Initialization Request And Certification Request And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME}
+ ... ${VALID_IR_CSR_FOR_UPDATE} ${VALID_IR_KEY_FOR_UPDATE} ${VALID_CR_CSR_CHANGED_SUBJECT} ${VALID_CR_KEY_CHANGED_SUBJECT}
+
+Update Certificate With Certification Request When Sans Changed In RA Mode Should Succeed
+ [Tags] OOM-CERT-SERVICE CERTIFICATE-UPDATE
+ [Documentation] Send Initialization Request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} then for received certificate send Key Update Request to ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
+ Send Initialization Request And Certification Request And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${CERT_SERVICE_UPDATE_ENDPOINT}${RA_CA_NAME}
+ ... ${VALID_IR_CSR_FOR_UPDATE} ${VALID_IR_KEY_FOR_UPDATE} ${VALID_CR_CSR_CHANGED_SANS} ${VALID_CR_KEY_CHANGED_SANS}
+
Cert Service Client successfully creates keystore.p12 and truststore.p12
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0
Cert Service Client successfully creates keystore.jks and truststore.jks
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0
Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and PKCS12 files created with correct data
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0
Cert Service Client successfully creates keystore and truststore with all SANs types provided
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_ALL_SANS_TYPES} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and JKS files created with correct data
Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and PKCS12 files created with correct data
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with correct env and PEM files created with correct data
Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0
Cert Service Client reports error when OUTPUT_TYPE is invalid
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1
Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1
Run Cert Service Client Container And Validate Exit Code And API Response
- [Tags] OOM-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE OOM-CERT-SERVICE-CLIENT
[Documentation] Run with invalid CaName env and expected exit code 5
Run Cert Service Client And Validate Http Response Code And Client Exit Code ${INVALID_ENV_FILE} 404 5
--- /dev/null
+def parse_response(response):
+ certChain = response["certificateChain"]
+ return "".join(certChain).encode("base64").replace("\n", "").strip()
Library RequestsLibrary
Library HttpLibrary.HTTP
Library Collections
+Library Process
+Library DateTime
Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH}
Library ../libraries/P12ArtifactsValidator.py ${MOUNT_PATH}
Library ../libraries/JksArtifactsValidator.py ${MOUNT_PATH}
Library ../libraries/PemArtifactsValidator.py ${MOUNT_PATH}
+Library ../libraries/ResponseParser.py
*** Keywords ***
${resp}= Post Request ${https_valid_cert_session} ${path}
Should Be Equal As Strings ${resp.status_code} ${resp_code}
+Send Initialization Request And Key Update Request And Expect Success
+ [Documentation] Send initialization request and then key update request to passed urls and validate received response
+ [Arguments] ${path} ${update_path} ${csr_file} ${pk_file} ${update_csr_file} ${update_pk_file}
+ ${start_time}= Get Current Timestamp For Docker Log
+ Send Initialization Request And Update Request And Check Status Code ${path} ${update_path} ${csr_file} ${pk_file}
+ ... ${update_csr_file} ${update_pk_file} 200
+ Verify Key Update Request Sent By Cert Service ${start_time}
+
+Send Initialization Request And Certification Request And Expect Success
+ [Documentation] Send initialization request and then certification request to passed urls and validate received response
+ [Arguments] ${path} ${update_path} ${csr_file} ${pk_file} ${update_csr_file} ${update_pk_file}
+ ${start_time}= Get Current Timestamp For Docker Log
+ Send Initialization Request And Update Request And Check Status Code ${path} ${update_path} ${csr_file} ${pk_file}
+ ... ${update_csr_file} ${update_pk_file} 200
+ Verify Certification Request Sent By Cert Service ${start_time}
+
+Send Initialization Request And Update Request And Check Status Code
+ [Documentation] Send certificate update request and check status code
+ [Arguments] ${path} ${update_path} ${csr_file} ${pk_file} ${update_csr_file} ${update_pk_file} ${expected_status_code}
+ ${old_cert}= Send Certificate Initialization Request And Return Certificate ${path} ${csr_file} ${pk_file}
+ ${resp}= Send Certificate Update Request And Return Response ${update_path} ${update_csr_file} ${update_pk_file} ${old_cert} ${pk_file}
+ Should Be Equal As Strings ${resp.status_code} ${expected_status_code}
+
+Send Certificate Initialization Request And Return Certificate
+ [Documentation] Send certificate initialization request and return base64 encoded certificate from response
+ [Arguments] ${path} ${csr_file} ${pk_file}
+ [Return] ${base64Certificate}
+ ${resp}= Send Get Request with Header ${path} ${csr_file} ${pk_file}
+ ${json}= Parse Json ${resp.content}
+ ${base64Certificate}= Parse Response ${json}
+
+Send Certificate Update Request And Return Response
+ [Documentation] Send certificate update request and return response code
+ [Arguments] ${path} ${csr_file} ${pk_file} ${old_cert} ${old_pk_file}
+ [Return] ${resp}
+ ${headers}= Create Header for Certificate Update ${csr_file} ${pk_file} ${old_cert} ${old_pk_file}
+ ${resp}= Get Request ${https_valid_cert_session} ${path} headers=${headers}
+
+Create Header for Certificate Update
+ [Documentation] Create header with CSR and PK, OLD_CERT and OLD_PK
+ [Arguments] ${csr_file} ${pk_file} ${old_cert} ${old_pk_file}
+ [Return] ${headers}
+ ${csr}= Get Data From File ${csr_file}
+ ${pk}= Get Data From File ${pk_file}
+ ${old_pk}= Get Data From File ${old_pk_file}
+ ${headers}= Create Dictionary CSR=${csr} PK=${pk} OLD_CERT=${old_cert} OLD_PK=${old_pk}
+
+Verify Key Update Request Sent By Cert Service
+ [Documentation] Verify that request was key update request
+ [Arguments] ${start_time}
+ ${result}= Run Process docker logs oomcert-service --since ${start_time} shell=yes
+ Should Contain ${result.stdout} ${EXPECTED_KUR_LOG}
+
+Verify Certification Request Sent By Cert Service
+ [Documentation] Verify that request was certification request
+ [Arguments] ${start_time}
+ ${result}= Run Process docker logs oomcert-service --since ${start_time} shell=yes
+ Should Contain ${result.stdout} ${EXPECTED_CR_LOG}
+
+Get Current Timestamp For Docker Log
+ [Documentation] Gets current timestamp valid for docker
+ [Return] ${timestamp}
+ ${timestamp}= Get Current Date result_format=%Y-%m-%dT%H:%M:%S.%f
+
Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code
[Documentation] Run Cert Service Client Container And Validate Exit Code
[Arguments] ${env_file} ${expected_exit_code}
${CLIENT_CA_NAME} Client
${RA_CA_NAME} RA
${CERT_SERVICE_ENDPOINT} /v1/certificate/
-${ROOTCA} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt
-${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt
-${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key
-${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.csr
-${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.pk
-${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr
-${VALID_RA_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk
-${VALID_RA_ALL_SANS_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra_all_sans.csr
-${VALID_RA_ALL_SANS_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra_all_sans.pk
-${INVALID_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.csr
-${INVALID_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.key
-
+${CERT_SERVICE_UPDATE_ENDPOINT} /v1/certificate-update/
+${ASSETS_DIR} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets
+${ROOTCA} ${ASSETS_DIR}/certs/root.crt
+${CERTSERVICE_SERVER_CRT} ${ASSETS_DIR}/certs/certServiceServer.crt
+${CERTSERVICE_SERVER_KEY} ${ASSETS_DIR}/certs/certServiceServer.key
+${VALID_CLIENT_CSR_FILE} ${ASSETS_DIR}/valid_client.csr
+${VALID_CLIENT_PK_FILE} ${ASSETS_DIR}/valid_client.pk
+${VALID_RA_CSR_FILE} ${ASSETS_DIR}/valid_ra.csr
+${VALID_RA_PK_FILE} ${ASSETS_DIR}/valid_ra.pk
+${VALID_RA_ALL_SANS_CSR_FILE} ${ASSETS_DIR}/valid_ra_all_sans.csr
+${VALID_RA_ALL_SANS_PK_FILE} ${ASSETS_DIR}/valid_ra_all_sans.pk
+${INVALID_CSR_FILE} ${ASSETS_DIR}/invalid.csr
+${INVALID_PK_FILE} ${ASSETS_DIR}/invalid.csr
+${VALID_IR_CSR_FOR_UPDATE} ${ASSETS_DIR}/valid_ir_for_update.csr
+${VALID_IR_KEY_FOR_UPDATE} ${ASSETS_DIR}/valid_ir_for_update.key
+${VALID_KUR_CSR} ${ASSETS_DIR}/valid_kur.csr
+${VALID_KUR_KEY} ${ASSETS_DIR}/valid_kur.key
+${VALID_CR_CSR_CHANGED_SUBJECT} ${ASSETS_DIR}/valid_cr_changed_subject.csr
+${VALID_CR_KEY_CHANGED_SUBJECT} ${ASSETS_DIR}/valid_cr_changed_subject.key
+${VALID_CR_CSR_CHANGED_SANS} ${ASSETS_DIR}/valid_cr_changed_sans.csr
+${VALID_CR_KEY_CHANGED_SANS} ${ASSETS_DIR}/valid_cr_changed_sans.key
+${EXPECTED_KUR_LOG} Preparing Key Update Request
+${EXPECTED_CR_LOG} Preparing Certification Request
${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
-${VALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env
-${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env
-${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env
-${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env
-${VALID_ENV_FILE_ALL_SANS_TYPES} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_all_sans_types.env
-${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env
-${INVALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env
+${VALID_ENV_FILE} ${ASSETS_DIR}/valid_client_docker.env
+${VALID_ENV_FILE_JKS} ${ASSETS_DIR}/valid_client_docker_jks.env
+${VALID_ENV_FILE_P12} ${ASSETS_DIR}/valid_client_docker_p12.env
+${VALID_ENV_FILE_PEM} ${ASSETS_DIR}/valid_client_docker_pem.env
+${VALID_ENV_FILE_ALL_SANS_TYPES} ${ASSETS_DIR}/valid_client_docker_all_sans_types.env
+${INVALID_ENV_FILE_OUTPUT_TYPE} ${ASSETS_DIR}/invalid_client_docker_output_type.env
+${INVALID_ENV_FILE} ${ASSETS_DIR}/invalid_client_docker.env
${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
${CLIENT_CONTAINER_NAME} %{ClientContainerName}
${CERT_SERVICE_NETWORK} certservice_certservice
Code Review / integration / csit.git / commitdiff