--- /dev/null
+#!/bin/bash
+#
+# Copyright 2016-2017 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Place the scripts in run order:
+source ${WORKSPACE}/scripts/ccsdk/script1.sh
+
+# CLI internet speed test
+curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
+
+# Test download a 100 MB file to check network speed to nexus.onap.org
+wget -O /dev/null https://nexus.onap.org/content/repositories/releases/org/onap/appc/appc-dg-shared-installer/1.3.0/appc-dg-shared-installer-1.3.0.zip
+
+# Test download a 100 MB file to check network speed to nexus3.onap.org
+wget -O /dev/null https://nexus3.onap.org/repository/docker.release/v2/-/blobs/sha256:04dc4b8163487bb1c40df1ce16f349b507c262d6e2f202baa2e66a42eb8c64a1
+
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2016-2017 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+kill-instance.sh i-mock
+
+
--- /dev/null
+# Test suites are relative paths under [integration/csit.git]/tests/.
+# Place the suites in run order.
+# Temporary change to trigger verify job.
+ccsdk/oran/suite1
+ccsdk/oran/suite2
#Generate certService private and public keys
step_9:
@echo "Generate certService private and public keys"
- keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+ keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \
-keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
-keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
@echo "####done####"
#Generate certificate signing request for certService
step_10:
@echo "Generate certificate signing request for certService"
- keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
+ keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
@echo "####done####"
#Sign certService certificate by root CA
@echo "Sign certService certificate by root CA"
keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
-outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
@echo "####done####"
#Import root certificate into server
#Import signed certificate into certService
step_13:
@echo "Import signed certificate into certService"
- keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
+ keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
-storepass secret -noprompt
@echo "####done####"
"cmpv2Servers": [
{
"caName": "Client",
- "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
+ "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
"issuerDN": "CN=ManagementCA",
"caMode": "CLIENT",
"authentication": {
},
{
"caName": "RA",
- "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+ "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
"issuerDN": "CN=ManagementCA",
"caMode": "RA",
"authentication": {
ejbca:
image: primekey/ejbca-ce:6.15.2.5
hostname: cahostname
- container_name: aafcert-ejbca
+ container_name: oomcert-ejbca
ports:
- "80:8080"
- "443:8443"
networks:
- certservice
- aaf-cert-service:
- image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
+ oom-cert-service:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:latest
volumes:
- - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json
- - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
- - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
- - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
- - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
- container_name: aafcert-service
+ - $CONFIGURATION_PATH:/etc/onap/oom/certservice/cmpServers.json
+ - ./certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+ - ./certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+ - ./certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+ container_name: oomcert-service
ports:
- "8443:8443"
depends_on:
ejbca:
condition: service_healthy
healthcheck:
- test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+ test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
interval: 10s
timeout: 3s
retries: 15
SCRIPT=`realpath $0`
CURRENT_WORKDIR_PATH=`dirname $SCRIPT`
-PROJECT_DIRECTORY="plans/aaf/certservice"
+PROJECT_DIRECTORY="plans/oom-platform-cert-service/certservice"
SCRIPTS_DIRECTORY="scripts"
export SCRIPTS_PATH=${SCRIPTS_PATH}
#Generate keystores, truststores, certificates and keys
-mkdir -p ${WORKSPACE}/tests/aaf/certservice/assets/certs/
+mkdir -p ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/
make all -C ./certs/
-cp ${WORKSPACE}/plans/aaf/certservice/certs/root.crt ${WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
+cp ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/root.crt ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt
echo "Generated keystores"
-openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
+openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt
echo "Generated server certificate"
-openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
+openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key
echo "Generated server key"
docker-compose up -d
-AAFCERT_IP='none'
+OOMCERT_IP='none'
# Wait container ready
for i in {1..9}
do
- AAFCERT_IP=`get-instance-ip.sh aafcert-service`
+ OOMCERT_IP=`get-instance-ip.sh oomcert-service`
RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \
python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]')
if [[ "$RESP_CODE" == "UP" ]]; then
- echo 'AAF Cert Service is ready'
- export AAFCERT_IP=${AAFCERT_IP}
- docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+ echo 'OOM Cert Service is ready'
+ export OOMCERT_IP=${OOMCERT_IP}
+ docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
break
fi
- echo 'Waiting for AAF Cert Service to start up...'
+ echo 'Waiting for OOM Cert Service to start up...'
sleep 30s
done
-if [ "$AAFCERT_IP" == 'none' -o "$AAFCERT_IP" == '' ]; then
- echo "AAF Cert Service is not ready!"
+if [ "$OOMCERT_IP" == 'none' -o "$OOMCERT_IP" == '' ]; then
+ echo "OOM Cert Service is not ready!"
exit 1 # Return error code
fi
make clear -C ./certs/
echo "Removed old keystores"
-rm -rf ${WORKSPACE}/tests/aaf/certservice/assets/certs
+rm -rf ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs
echo "Removed old certificates"
kill-instance.sh ${ClientContainerName}
\ No newline at end of file
# Test suites are relative paths under [integration/csit.git]/tests/.
# Place the suites in run order.
-aaf/certservice
+oom-platform-cert-service/certservice
--- /dev/null
+#!/bin/bash
+#
+# Copyright 2016-2017 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+curl -v -X PUT -d @- http://$1:1080/expectation <<EOF
+{
+ "httpRequest": {
+ "method": "GET",
+ "path": "/hello"
+ },
+ "httpResponse": {
+ "body": "Hello world!",
+ "statusCode": 200
+ }
+}
+EOF
+
+++ /dev/null
-*** Variables ***
-
-${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service
-${CERT_SERVICE_PORT} 8443
-${AAFCERT_URL} https://localhost:${cert_service_port}
-${CLIENT_CA_NAME} Client
-${RA_CA_NAME} RA
-${CERT_SERVICE_ENDPOINT} /v1/certificate/
-${ROOTCA} %{WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
-${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
-${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
-${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.csr
-${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.pk
-${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.csr
-${VALID_RA_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.pk
-${INVALID_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.csr
-${INVALID_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.key
-
-
-${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
-${VALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env
-${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_jks.env
-${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_p12.env
-${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_pem.env
-${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker_output_type.env
-${INVALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env
-${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
-${CLIENT_CONTAINER_NAME} %{ClientContainerName}
-${CERT_SERVICE_NETWORK} certservice_certservice
-${MOUNT_PATH} %{WORKSPACE}/tests/aaf/certservice/tmp
-${TRUSTSTORE_PATH} %{WORKSPACE}/plans/aaf/certservice/certs
--- /dev/null
+*** Settings ***
+Documentation Ccsdk Oran - Suite 1
--- /dev/null
+*** Settings ***
+Library OperatingSystem
+Library RequestsLibrary
+
+*** Variables ***
+${MESSAGE} Hello, world!
+
+*** Test Cases ***
+String Equality Test
+ Should Be Equal ${MESSAGE} Hello, world!
+
+Dir Test
+ [Documentation] Check if /tmp exists
+ Log ${MESSAGE}
+ CheckDir /tmp
+
+Url Test
+ [Documentation] Check if google.com can be reached
+ CheckUrl http://www.google.com
+
+*** Keywords ***
+CheckDir
+ [Arguments] ${path}
+ Directory Should Exist ${path}
+
+CheckUrl
+ [Arguments] ${url}
+ Create Session session ${url}
+ ${resp}= Get Request session /
+ Should Be Equal As Integers ${resp.status_code} 200
--- /dev/null
+*** Settings ***
+Documentation Ccsdk Oran - Suite 2
--- /dev/null
+*** Settings ***
+Library OperatingSystem
+Library RequestsLibrary
+
+*** Variables ***
+${MESSAGE} Hello, world!
+
+*** Test Cases ***
+String Equality Test
+ Should Be Equal ${MESSAGE} Hello, world!
+
+Dir Test
+ [Documentation] Check if /tmp exists
+ Log ${MESSAGE}
+ CheckDir /tmp
+
+Url Test
+ [Documentation] Check if www.onap.org can be reached
+ Create Session openo http://www.onap.org
+ CheckUrl openo /
+
+*** Keywords ***
+CheckDir
+ [Arguments] ${path}
+ Directory Should Exist ${path}
+
+CheckUrl
+ [Arguments] ${session} ${path}
+ ${resp}= Get Request ${session} ${path}
+ Should Be Equal As Integers ${resp.status_code} 200
--- /dev/null
+*** Settings ***
+Documentation Ccsdk Oran - vCPE
--- /dev/null
+*** Settings ***
+Suite Setup Suite Setup
+Suite Teardown Suite Teardown
+Library OperatingSystem
+Library RequestsLibrary
+Library Process
+Library ONAPLibrary.Utilities
+
+*** Variables ***
+${GLOBAL_APPLICATION_ID} csit-vCPE
+${GLOBAL_MSO_USERNAME} InfraPortalClient
+${GLOBAL_MSO_PASSWORD} password1$
+
+*** Test Cases ***
+SO ServiceInstance health check
+ ${auth}= Create List ${GLOBAL_MSO_USERNAME} ${GLOBAL_MSO_PASSWORD}
+ ${session}= Create Session so http://${SO_IP}:8080
+ ${uuid}= Generate UUID4
+ ${headers}= Create Dictionary Accept=text/html Content-Type=text/html X-TransactionId=${GLOBAL_APPLICATION_ID}-${uuid} X-FromAppId=${GLOBAL_APPLICATION_ID}
+ ${resp}= Get Request so /ecomp/mso/infra/globalhealthcheck headers=${headers}
+ &{headers}= Create Dictionary Authorization=Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA== Content-Type=application/json Accept=application/json
+ ${resp}= Get Request so /ecomp/mso/infra/orchestrationRequests/v2 headers=${headers}
+ Should Not Contain ${resp.content} null
+
+*** Keywords ***
+Run Docker
+ [Arguments] ${image} ${name} ${parameters}=${EMPTY}
+ ${result}= Run Process docker run --name ${name} ${parameters} -d ${image} shell=True
+ Should Be Equal As Integers ${result.rc} 0
+ Log ${result.stdout}
+ ${result}= Run Process docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${name} shell=True
+ Should Be Equal As Integers ${result.rc} 0
+ Log ${result.stdout}
+ [Return] ${result.stdout}
+
+Kill Docker
+ [Arguments] ${name}
+ ${result}= Run Process docker logs ${name} shell=True
+ Should Be Equal As Integers ${result.rc} 0
+ Log ${result.stdout}
+ ${result}= Run Process docker kill ${name} shell=True
+ Should Be Equal As Integers ${result.rc} 0
+ Log ${result.stdout}
+ ${result}= Run Process docker rm ${name} shell=True
+ Should Be Equal As Integers ${result.rc} 0
+ Log ${result.stdout}
+
+CheckUrl
+ [Arguments] ${url}
+ Create Session session ${url} disable_warnings=True
+ ${resp}= Get Request session /
+ Should Be Equal As Integers ${resp.status_code} 200
+
+Suite Setup
+ ${SO_IP}= Run Docker nexus3.onap.org:10001/openecomp/mso i-so
+ Wait Until Keyword Succeeds 1 min 5 sec CheckUrl http://${SO_IP}:8080
+ Set Suite Variable ${SO_IP}
+
+Suite Teardown
+ Kill Docker i-so
Verify PM Mapper Receive Configuraton From Config Binding Service
[Tags] PM_MAPPER_01
[Documentation] Verify 3gpp pm mapper successfully receive config data from CBS
- CheckLog ${CLI_EXEC_CLI_CONFIG} Response code: 200, Server Response Received
+ CheckLog ${CLI_EXEC_CLI_CONFIG} Received pm-mapper configuration from ConfigBinding Service
Verify Health Check returns 200 when a REST GET request to healthcheck url
[Tags] PM_MAPPER_02
REQUEST_TIMEOUT=5000
OUTPUT_PATH=/var/certs
CA_NAME=Invalid
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=INV
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=JKS
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=P12
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=PEM
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
*** Settings ***
-Documentation AAF Cert Service API test case scenarios
+Documentation OOM Cert Service API test case scenarios
Library RequestsLibrary
Resource ./resources/cert-service-keywords.robot
*** Test Cases ***
Health Check
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Service is up and running
Run health check
Reload Configuration
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Configuration was changed
Send Get Request And Validate Response /reload 200
Check if application is ready
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to /ready endpoint and expect 200
Send Get Request And Validate Response /ready 200
Generate Certificate In RA Mode For CA Name
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_CSR_FILE} ${VALID_RA_PK_FILE}
Report Not Found Error When Path To Service Is Not Valid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT} endpoint and expect 404
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT} ${VALID_CLIENT_CSR_FILE} ${VALID_CLIENT_PK_FILE} 404
Report Bad Request Error When Header Is Missing In Request
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request without header to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request And Validate Response ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} 400
Report Bad Request Error When CSR Is Not Valid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${INVALID_CSR_FILE} ${VALID_CLIENT_PK_FILE} 400
Report Bad Request Error When PK Is Not Valid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400
Cert Service Client successfully creates keystore.p12 and truststore.p12
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0
Cert Service Client successfully creates keystore.jks and truststore.jks
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0
Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and PKCS12 files created with correct data
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and JKS files created with correct data
Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and PKCS12 files created with correct data
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and PEM files created with correct data
Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0
Cert Service Client reports error when OUTPUT_TYPE is invalid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1
Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1
Run Cert Service Client Container And Validate Exit Code And API Response
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with invalid CaName env and expected exit code 5
Run Cert Service Client And Validate Http Response Code And Client Exit Code ${INVALID_ENV_FILE} 404 5
network=network,
user='root', # Run container as root to avoid permission issues with volume mount access
mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'),
- Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')],
+ Mount(target='/etc/onap/oom-platform-cert-service/certservice/certs/', source=self.truststore_path, type='bind')],
detach=True
)
exitcode = container.wait()
Create sessions
[Documentation] Create all required sessions
${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY}
- Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA}
+ Create Client Cert Session alias ${OOMCERT_URL} client_certs=${certs} verify=${ROOTCA}
Set Suite Variable ${https_valid_cert_session} alias
Run Healthcheck
--- /dev/null
+*** Variables ***
+
+${CERT_SERVICE_CONTAINER_NAME} oom-cert-service
+${CERT_SERVICE_PORT} 8443
+${OOMCERT_URL} https://localhost:${cert_service_port}
+${CLIENT_CA_NAME} Client
+${RA_CA_NAME} RA
+${CERT_SERVICE_ENDPOINT} /v1/certificate/
+${ROOTCA} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt
+${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt
+${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key
+${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.csr
+${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.pk
+${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr
+${VALID_RA_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk
+${INVALID_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.csr
+${INVALID_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.key
+
+
+${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
+${VALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env
+${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env
+${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env
+${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env
+${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env
+${INVALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env
+${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:latest
+${CLIENT_CONTAINER_NAME} %{ClientContainerName}
+${CERT_SERVICE_NETWORK} certservice_certservice
+${MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/tmp
+${TRUSTSTORE_PATH} %{WORKSPACE}/plans/oom-platform-cert-service/certservice/certs
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
-OUTPUT_TYPE=JKS
+OUTPUT_TYPE=PEM
KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
import subprocess
import docker
-import jks
from OpenSSL import crypto
from docker.types import Mount
def __init__(self, mount_path, truststore_path):
self.mount_path = mount_path
self.truststore_path = truststore_path
+ self.keyPem = mount_path + '/key.pem'
self.caCertPem = mount_path + '/ca.pem'
self.serverKeyPem = mount_path + '/server_key.pem'
self.serverCertPem = mount_path + '/server_cert.pem'
- self.keystoreJksPath = mount_path + '/keystore.jks'
+ self.keystorePemPath = mount_path + '/keystore.pem'
self.keystoreP12Path = mount_path + '/keystore.p12'
self.keystorePassPath = mount_path + '/keystore.pass'
- self.truststoreJksPath = mount_path + '/truststore.jks'
+ self.truststorePemPath = mount_path + '/truststore.pem'
self.truststoreP12Path = mount_path + '/truststore.p12'
self.truststorePassPath = mount_path + '/truststore.pass'
# Function to validate keystore/truststore can be opened with generated pass-phrase.
def can_open_keystore_and_truststore_with_pass(self, container_name):
if container_name != NETCONF_PNP_SIM_CONTAINER_NAME:
- return self.can_open_keystore_and_truststore_jks_files()
+ return self.can_open_keystore_and_truststore_pem_files()
else:
return self.can_open_keystore_and_truststore_p12_files()
- # Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase.
- def can_open_keystore_and_truststore_jks_files(self):
+ # Function to validate keystore.pem/truststore.pem exist and are not empty.
+ def can_open_keystore_and_truststore_pem_files(self):
try:
- jks.KeyStore.load(self.keystoreJksPath, open(self.keystorePassPath, 'rb').read())
- jks.KeyStore.load(self.truststoreJksPath, open(self.truststorePassPath, 'rb').read())
- return True
+ private_key = self.file_exist_and_not_empty(self.keyPem)
+ keystore_pem = self.file_exist_and_not_empty(self.keystorePemPath)
+ truststore_pem = self.file_exist_and_not_empty(self.truststorePemPath)
+ return private_key and keystore_pem and truststore_pem
except Exception as e:
- print("UnExpected Error in validating keystore.jks/truststore.jks: {0}".format(e))
+ print("UnExpected Error in validating keystore.pem/truststore.pem: {0}".format(e))
return False
# Function to validate keystore.p12/truststore.p12 can be opened with generated pass-phrase.
# Method for Uploading Certificate in SDNC-Container.
# Creating/Uploading Server-key, Server-cert, Ca-cert PEM files in Netconf-Pnp-Simulator.
- def can_install_keystore_and_truststore_certs(self, cmd, container_name):
+ def can_install_keystore_and_truststore_certs(self, cmd, cmd_tls, container_name):
continue_exec = True
if container_name == NETCONF_PNP_SIM_CONTAINER_NAME:
print("Generating PEM files for {0} from P12 files".format(container_name))
continue_exec = self.create_pem(self.keystorePassPath, self.keystoreP12Path, self.truststorePassPath,
self.truststoreP12Path)
+ else:
+ cmd = cmd_tls
if continue_exec:
print("Initiate Configuration Push for : {0}".format(container_name))
resp_code = self.execute_bash_config(cmd, container_name)
def remove_mount_dir(self):
shutil.rmtree(self.mount_path)
+ def file_exist_and_not_empty(self, path_to_file):
+ return os.path.isfile(path_to_file) and os.path.getsize(path_to_file) > 0
+
@staticmethod
def get_pkcs12(pass_file_path, p12_file_path):
# Load PKCS12 Object
--- /dev/null
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o errexit
+set -o pipefail
+set -o nounset
+[ "${SHELL_XTRACE:-false}" = "true" ] && set -o xtrace
+
+CONFIG=${CONFIG:-"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data}
+CONTAINER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' sdnc)
+ODL_URL=${ODL_URL:-http://"${CONTAINER_IP}":8282}
+PROC_NAME=${0##*/}
+PROC_NAME=${PROC_NAME%.sh}
+
+function now_ms() {
+ # Requires coreutils package
+ date +"%Y-%m-%d %H:%M:%S.%3N"
+}
+
+function log() {
+ local level=$1
+ shift
+ local message="$*"
+ printf "%s %-5s [%s] %s\n" "$(now_ms)" $level $PROC_NAME "$message"
+}
+
+# Extracts the body of a PEM file by removing the dashed header and footer
+pem_body() {
+ grep -Fv -- ----- $1
+}
+
+CA_CERT_ID=xNF_CA_certificate_0_0
+CA_CERT=$(pem_body $CONFIG/truststore.pem)
+
+SERVER_PRIV_KEY_ID=ODL_private_key_0
+SERVER_KEY=$(pem_body $CONFIG/key.pem)
+SERVER_CERT=$(pem_body $CONFIG/keystore.pem)
+
+RESTCONF_URL=$ODL_URL/restconf
+NETCONF_KEYSTORE_PATH=$RESTCONF_URL/config/netconf-keystore:keystore
+
+xcurl() {
+ curl -s -o /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -w %{http_code} "$@"
+}
+
+log INFO Delete Keystore
+sc=$(xcurl -X DELETE $NETCONF_KEYSTORE_PATH)
+
+if [ "$sc" != "200" -a "$sc" != "404" ]; then
+ log ERROR "Keystore deletion failed with SC=$sc"
+ exit 1
+fi
+
+log INFO Load CA certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+ \"trusted-certificate\": [
+ {
+ \"name\": \"$CA_CERT_ID\",
+ \"certificate\": \"$CA_CERT\"
+ }
+ ]
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+ log ERROR Trusted-certificate update failed with SC=$sc
+ exit 1
+fi
+
+log INFO Load server private key and certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+ \"private-key\": {
+ \"name\": \"$SERVER_PRIV_KEY_ID\",
+ \"certificate-chain\": [
+ \"$SERVER_CERT\"
+ ],
+ \"data\": \"$SERVER_KEY\"
+ }
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+ log ERROR Private-key update failed with SC=$sc
+ exit 1
+fi
\ No newline at end of file
[Arguments] ${env_file} ${CONTAINER_NAME} ${expected_exit_code}
${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
${can_open}= Can Open Keystore And Truststore With Pass ${CONTAINER_NAME}
- ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONTAINER_NAME}
+ ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONF_TLS_SCRIPT} ${CONTAINER_NAME}
Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
Should Be True ${can_open} Cannot Open Keystore/TrustStore by Passphrase
Code Review / integration / csit.git / commitdiff