pip uninstall pyopenssl -y
pip install pyopenssl==17.5.0
+#install pyjks for .jks files management
+pip install pyjks
+
#Disable proxy - for local run
unset http_proxy https_proxy
--- /dev/null
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=INV
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
--- /dev/null
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=JKS
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
--- /dev/null
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=P12
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
--- /dev/null
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=PEM
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400
-Cert Service Client successfully creates keystore and truststore
+Cert Service Client successfully creates keystore.p12 and truststore.p12
[Tags] AAF-CERT-SERVICE
[Documentation] Run with correct env and expected exit code 0
- Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE} 0
+ Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0
-Cert Service Client successfully creates keystore and truststore with expected data
+Cert Service Client successfully creates keystore.jks and truststore.jks
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Run with correct env and expected exit code 0
+ Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0
+
+Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Run with correct env and PKCS12 files created with correct data
+ Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0
+
+Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS
[Tags] AAF-CERT-SERVICE
[Documentation] Run with correct env and JKS files created with correct data
- Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE} 0
+ Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0
+
+Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Run with correct env and PKCS12 files created with correct data
+ Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0
+
+Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Run with correct env and PEM files created with correct data
+ Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0
+
+Cert Service Client reports error when OUTPUT_TYPE is invalid
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1
+ Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1
Run Cert Service Client Container And Validate Exit Code And API Response
[Tags] AAF-CERT-SERVICE
--- /dev/null
+from cryptography.x509.oid import ExtensionOID
+from cryptography import x509
+
+class ArtifactParser:
+
+ def __init__(self, mount_path, ext):
+ self.keystorePassPath = mount_path + '/keystore.pass'
+ self.keystorePath = mount_path + '/keystore.' + ext
+ self.truststorePassPath = mount_path + '/truststore.pass'
+ self.truststorePath = mount_path + '/truststore.' + ext
+
+ def contains_expected_data(self, data):
+ expectedData = data.expectedData
+ actualData = data.actualData
+ return cmp(expectedData, actualData) == 0
+
+ def get_owner_data_from_certificate(self, certificate):
+ list = certificate.get_subject().get_components()
+ return dict((k, v) for k, v in list)
+
+ def get_sans(self, cert):
+ extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+ dnsList = extension.value.get_values_for_type(x509.DNSName)
+ return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
+
+ def get_envs_as_dict(self, list):
+ envs = self.get_list_of_pairs_by_mappings(list)
+ return self.remove_nones_from_dict(envs)
+
+ def remove_nones_from_dict(self, dictionary):
+ return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
+
+ def get_list_of_pairs_by_mappings(self, list):
+ mappings = self.get_mappings()
+ listOfEnvs = map(lambda k: k.split('='), list)
+ return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
+
+ def get_mappings(self):
+ return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}
+
--- /dev/null
+import jks
+from OpenSSL import crypto
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from EnvsReader import EnvsReader
+from ArtifactParser import ArtifactParser
+
+class JksArtifactsValidator:
+
+ def __init__(self, mount_path):
+ self.parser = ArtifactParser(mount_path, "jks")
+
+ def get_and_compare_data_jks(self, path_to_env):
+ data = self.get_data_jks(path_to_env)
+ return data, self.parser.contains_expected_data(data)
+
+ def get_keystore(self):
+ keystore = jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read())
+ return keystore.private_keys['certificate'].cert_chain[0][1]
+
+ def get_truststore(self):
+ truststore = jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read())
+ return truststore.certs
+
+ def can_open_keystore_and_truststore_with_pass_jks(self):
+ try:
+ jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read())
+ jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read())
+ return True
+ except:
+ return False
+
+ def get_data_jks(self, path_to_env):
+ envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+ certificate = self.get_keystore_certificate()
+ data = self.parser.get_owner_data_from_certificate(certificate)
+ data['SANS'] = self.parser.get_sans(certificate)
+ return type('', (object,), {"expectedData": envs, "actualData": data})
+
+ def get_keystore_certificate(self):
+ return crypto.X509.from_cryptography(self.load_x509_certificate(self.get_keystore()))
+
+ def load_x509_certificate(self, data):
+ cert = x509.load_der_x509_certificate(data, default_backend())
+ return cert
+++ /dev/null
-from OpenSSL import crypto
-from cryptography.x509.oid import ExtensionOID
-from cryptography import x509
-from EnvsReader import EnvsReader
-
-class JksFilesValidator:
-
- def __init__(self, mount_path):
- self.keystorePassPath = mount_path + '/keystore.pass'
- self.keystoreJksPath = mount_path + '/keystore.jks'
- self.truststorePassPath = mount_path + '/truststore.pass'
- self.truststoreJksPath = mount_path + '/truststore.jks'
-
- def get_and_compare_data(self, path_to_env):
- data = self.get_data(path_to_env)
- return data, self.contains_expected_data(data)
-
- def can_open_keystore_and_truststore_with_pass(self):
- can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
- can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
-
- return can_open_keystore & can_open_truststore
-
- def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
- try:
- self.get_certificate(pass_file_path, jks_file_path)
- return True
- except:
- return False
-
- def get_data(self, path_to_env):
- envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
- certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath)
- data = self.get_owner_data_from_certificate(certificate)
- data['SANS'] = self.get_sans(certificate)
- return type('', (object,), {"expectedData": envs, "actualData": data})
-
- def contains_expected_data(self, data):
- expectedData = data.expectedData
- actualData = data.actualData
- return cmp(expectedData, actualData) == 0
-
- def get_owner_data_from_certificate(self, certificate):
- list = certificate.get_subject().get_components()
- return dict((k, v) for k, v in list)
-
- def get_certificate(self, pass_file_path, jks_file_path):
- password = open(pass_file_path, 'rb').read()
- crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
- return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate()
-
- def get_sans(self, cert):
- extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
- dnsList = extension.value.get_values_for_type(x509.DNSName)
- return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
-
- def get_envs_as_dict(self, list):
- envs = self.get_list_of_pairs_by_mappings(list)
- return self.remove_nones_from_dict(envs)
-
- def remove_nones_from_dict(self, dictionary):
- return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
-
- def get_list_of_pairs_by_mappings(self, list):
- mappings = self.get_mappings()
- listOfEnvs = map(lambda k: k.split('='), list)
- return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
-
- def get_mappings(self):
- return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}
--- /dev/null
+from OpenSSL import crypto
+from EnvsReader import EnvsReader
+from ArtifactParser import ArtifactParser
+
+class P12ArtifactsValidator:
+
+ def __init__(self, mount_path):
+ self.parser = ArtifactParser(mount_path, "p12")
+
+ def get_and_compare_data_p12(self, path_to_env):
+ data = self.get_data(path_to_env)
+ return data, self.parser.contains_expected_data(data)
+
+ def can_open_keystore_and_truststore_with_pass(self):
+ can_open_keystore = self.can_open_store_file_with_pass_file(self.parser.keystorePassPath, self.parser.keystorePath)
+ can_open_truststore = self.can_open_store_file_with_pass_file(self.parser.truststorePassPath, self.parser.truststorePath)
+
+ return can_open_keystore & can_open_truststore
+
+ def can_open_store_file_with_pass_file(self, pass_file_path, store_file_path):
+ try:
+ self.get_certificate(pass_file_path, store_file_path)
+ return True
+ except:
+ return False
+
+ def get_data(self, path_to_env):
+ envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+ certificate = self.get_certificate(self.parser.keystorePassPath, self.parser.keystorePath)
+ data = self.parser.get_owner_data_from_certificate(certificate)
+ data['SANS'] = self.parser.get_sans(certificate)
+ return type('', (object,), {"expectedData": envs, "actualData": data})
+
+ def get_certificate(self, pass_file_path, store_file_path):
+ password = open(pass_file_path, 'rb').read()
+ crypto.load_pkcs12(open(store_file_path, 'rb').read(), password)
+ return crypto.load_pkcs12(open(store_file_path, 'rb').read(), password).get_certificate()
--- /dev/null
+import os
+from OpenSSL import crypto
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from EnvsReader import EnvsReader
+from ArtifactParser import ArtifactParser
+
+class PemArtifactsValidator:
+
+ def __init__(self, mount_path):
+ self.parser = ArtifactParser(mount_path, "pem")
+ self.key = mount_path + '/key.pem'
+
+ def get_and_compare_data_pem(self, path_to_env):
+ data = self.get_data_pem(path_to_env)
+ return data, self.parser.contains_expected_data(data)
+
+ def artifacts_exist_and_are_not_empty(self):
+ keystoreExists = self.file_exists_and_is_not_empty(self.parser.keystorePath)
+ truststoreExists = self.file_exists_and_is_not_empty(self.parser.truststorePath)
+ keyExists = self.file_exists_and_is_not_empty(self.key)
+ return keystoreExists and truststoreExists and keyExists
+
+ def file_exists_and_is_not_empty(self, pathToFile):
+ return os.path.isfile(pathToFile) and os.path.getsize(pathToFile) > 0
+
+ def get_data_pem(self, path_to_env):
+ envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+ certificate = self.get_keystore_certificate()
+ data = self.parser.get_owner_data_from_certificate(certificate)
+ data['SANS'] = self.parser.get_sans(certificate)
+ return type('', (object,), {"expectedData": envs, "actualData": data})
+
+ def get_keystore_certificate(self):
+ return crypto.X509.from_cryptography(self.load_x509_certificate())
+
+ def load_x509_certificate(self):
+ cert = x509.load_pem_x509_certificate(open(self.parser.keystorePath, 'rb').read(), default_backend())
+ return cert
Library HttpLibrary.HTTP
Library Collections
Library ../libraries/CertClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH}
-Library ../libraries/JksFilesValidator.py ${MOUNT_PATH}
+Library ../libraries/P12ArtifactsValidator.py ${MOUNT_PATH}
+Library ../libraries/JksArtifactsValidator.py ${MOUNT_PATH}
+Library ../libraries/PemArtifactsValidator.py ${MOUNT_PATH}
*** Keywords ***
${resp}= Post Request ${https_valid_cert_session} ${path}
Should Be Equal As Strings ${resp.status_code} ${resp_code}
-Run Cert Service Client And Validate JKS File Creation And Client Exit Code
+Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code
[Documentation] Run Cert Service Client Container And Validate Exit Code
[Arguments] ${env_file} ${expected_exit_code}
${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase
+Run Cert Service Client And Validate JKS File Creation And Client Exit Code
+ [Documentation] Run Cert Service Client Container And Validate Exit Code
+ [Arguments] ${env_file} ${expected_exit_code}
+ ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
+ ${can_open}= Can Open Keystore And Truststore With Pass Jks
+ Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path
+ Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+ Should Be True ${can_open} Cannot Open Keystore/TrustStore by passpshase
+
+Run Cert Service Client And Validate PKCS12 Files Contain Expected Data
+ [Documentation] Run Cert Service Client Container And Validate PKCS12 Files Contain Expected Data
+ [Arguments] ${env_file} ${expected_exit_code}
+ ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
+ ${data} ${isEqual}= Get And Compare Data P12 ${env_file}
+ Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data
+ Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+ Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
+
Run Cert Service Client And Validate JKS Files Contain Expected Data
[Documentation] Run Cert Service Client Container And Validate JKS Files Contain Expected Data
[Arguments] ${env_file} ${expected_exit_code}
${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
- ${data} ${isEqual}= Get And Compare Data ${env_file}
+ ${data} ${isEqual}= Get And Compare Data Jks ${env_file}
+ Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data
+ Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+ Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
+
+Run Cert Service Client And Validate PEM Files Contain Expected Data
+ [Documentation] Run Cert Service Client Container And Validate PEM Files Contain Expected Data
+ [Arguments] ${env_file} ${expected_exit_code}
+ ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
+ ${existNotEmpty}= Artifacts Exist And Are Not Empty
+ ${data} ${isEqual}= Get And Compare Data Pem ${env_file}
Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path_with_data
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+ Should Be True ${existNotEmpty} PEM artifacts not created properly
Should Be True ${isEqual} Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
Run Cert Service Client And Validate Http Response Code And Client Exit Code
Should Be True ${can_find_API_response} Cannot Find API response in logs
Should Be Equal As Strings ${api_response_code} ${expected_api_response_code} API return ${api_response_code} but expected: ${expected_api_response_code}
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code}
+
+Run Cert Service Client And Validate Client Exit Code
+ [Documentation] Run Cert Service Client Container And Validate Exit Code
+ [Arguments] ${env_file} ${expected_exit_code}
+ ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
+ Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} negative_path
+ Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code}
+
${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
${VALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env
+${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_jks.env
+${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_p12.env
+${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_pem.env
+${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker_output_type.env
${INVALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env
${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
${CLIENT_CONTAINER_NAME} %{ClientContainerName}
Code Review / integration / csit.git / commitdiff