Add testcases for PEM and JKS output type

Issue-ID: AAF-1152
Change-Id: I99f7fadf7e4e890ff86011226dbcf3761c185072
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh
index b23b719..1200e96 100644
--- a/plans/aaf/certservice/setup.sh
+++ b/plans/aaf/certservice/setup.sh
@@ -40,6 +40,9 @@
 pip uninstall pyopenssl -y
 pip install pyopenssl==17.5.0
 
+#install pyjks for .jks files management
+pip install pyjks
+
 #Disable proxy - for local run
 unset http_proxy https_proxy
 
diff --git a/tests/aaf/certservice/assets/invalid_client_docker_output_type.env b/tests/aaf/certservice/assets/invalid_client_docker_output_type.env
new file mode 100644
index 0000000..cff4664
--- /dev/null
+++ b/tests/aaf/certservice/assets/invalid_client_docker_output_type.env
@@ -0,0 +1,17 @@
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=INV
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
diff --git a/tests/aaf/certservice/assets/valid_client_docker_jks.env b/tests/aaf/certservice/assets/valid_client_docker_jks.env
new file mode 100644
index 0000000..19de075
--- /dev/null
+++ b/tests/aaf/certservice/assets/valid_client_docker_jks.env
@@ -0,0 +1,17 @@
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=JKS
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
diff --git a/tests/aaf/certservice/assets/valid_client_docker_p12.env b/tests/aaf/certservice/assets/valid_client_docker_p12.env
new file mode 100644
index 0000000..0f1cfc2
--- /dev/null
+++ b/tests/aaf/certservice/assets/valid_client_docker_p12.env
@@ -0,0 +1,17 @@
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=P12
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
diff --git a/tests/aaf/certservice/assets/valid_client_docker_pem.env b/tests/aaf/certservice/assets/valid_client_docker_pem.env
new file mode 100644
index 0000000..f704f21
--- /dev/null
+++ b/tests/aaf/certservice/assets/valid_client_docker_pem.env
@@ -0,0 +1,17 @@
+#Client envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+OUTPUT_TYPE=PEM
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#Csr config envs
+COMMON_NAME=onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
diff --git a/tests/aaf/certservice/cert-service-test.robot b/tests/aaf/certservice/cert-service-test.robot
index 90ee1a3..ddf7a17 100644
--- a/tests/aaf/certservice/cert-service-test.robot
+++ b/tests/aaf/certservice/cert-service-test.robot
@@ -48,15 +48,40 @@
     [Documentation]  Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
     Send Get Request with Header And Expect Error  ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME}  ${VALID_CLIENT_CSR_FILE}  ${INVALID_PK_FILE}  400
 
-Cert Service Client successfully creates keystore and truststore
+Cert Service Client successfully creates keystore.p12 and truststore.p12
     [Tags]      AAF-CERT-SERVICE
     [Documentation]  Run with correct env and expected exit code 0
-    Run Cert Service Client And Validate JKS File Creation And Client Exit Code  ${VALID_ENV_FILE}  0
+    Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code  ${VALID_ENV_FILE}  0
 
-Cert Service Client successfully creates keystore and truststore with expected data
+Cert Service Client successfully creates keystore.jks and truststore.jks
+    [Tags]      AAF-CERT-SERVICE
+    [Documentation]  Run with correct env and expected exit code 0
+    Run Cert Service Client And Validate JKS File Creation And Client Exit Code  ${VALID_ENV_FILE_JKS}  0
+
+Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE
+    [Tags]      AAF-CERT-SERVICE
+    [Documentation]  Run with correct env and PKCS12 files created with correct data
+    Run Cert Service Client And Validate PKCS12 Files Contain Expected Data  ${VALID_ENV_FILE}  0
+
+Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS
     [Tags]      AAF-CERT-SERVICE
     [Documentation]  Run with correct env and JKS files created with correct data
-    Run Cert Service Client And Validate JKS Files Contain Expected Data  ${VALID_ENV_FILE}  0
+    Run Cert Service Client And Validate JKS Files Contain Expected Data  ${VALID_ENV_FILE_JKS}  0
+
+Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12
+    [Tags]      AAF-CERT-SERVICE
+    [Documentation]  Run with correct env and PKCS12 files created with correct data
+    Run Cert Service Client And Validate PKCS12 Files Contain Expected Data  ${VALID_ENV_FILE_P12}  0
+
+Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM
+    [Tags]      AAF-CERT-SERVICE
+    [Documentation]  Run with correct env and PEM files created with correct data
+    Run Cert Service Client And Validate PEM Files Contain Expected Data  ${VALID_ENV_FILE_PEM}  0
+
+Cert Service Client reports error when OUTPUT_TYPE is invalid
+    [Tags]      AAF-CERT-SERVICE
+    [Documentation]  Run with invalid OUTPUT_TYPE env and expected exit code 1
+    Run Cert Service Client And Validate Client Exit Code  ${INVALID_ENV_FILE_OUTPUT_TYPE}  1
 
 Run Cert Service Client Container And Validate Exit Code And API Response
     [Tags]      AAF-CERT-SERVICE
diff --git a/tests/aaf/certservice/libraries/ArtifactParser.py b/tests/aaf/certservice/libraries/ArtifactParser.py
new file mode 100644
index 0000000..54e8d0f
--- /dev/null
+++ b/tests/aaf/certservice/libraries/ArtifactParser.py
@@ -0,0 +1,40 @@
+from cryptography.x509.oid import ExtensionOID
+from cryptography import x509
+
+class ArtifactParser:
+
+  def __init__(self, mount_path, ext):
+    self.keystorePassPath = mount_path + '/keystore.pass'
+    self.keystorePath = mount_path + '/keystore.' + ext
+    self.truststorePassPath = mount_path + '/truststore.pass'
+    self.truststorePath = mount_path + '/truststore.' + ext
+
+  def contains_expected_data(self, data):
+    expectedData = data.expectedData
+    actualData = data.actualData
+    return cmp(expectedData, actualData) == 0
+
+  def get_owner_data_from_certificate(self, certificate):
+    list = certificate.get_subject().get_components()
+    return dict((k, v) for k, v in list)
+
+  def get_sans(self, cert):
+    extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+    dnsList = extension.value.get_values_for_type(x509.DNSName)
+    return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
+
+  def get_envs_as_dict(self, list):
+    envs = self.get_list_of_pairs_by_mappings(list)
+    return self.remove_nones_from_dict(envs)
+
+  def remove_nones_from_dict(self, dictionary):
+    return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
+
+  def get_list_of_pairs_by_mappings(self, list):
+    mappings = self.get_mappings()
+    listOfEnvs = map(lambda k: k.split('='), list)
+    return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
+
+  def get_mappings(self):
+    return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}
+
diff --git a/tests/aaf/certservice/libraries/JksArtifactsValidator.py b/tests/aaf/certservice/libraries/JksArtifactsValidator.py
new file mode 100644
index 0000000..e2fdde9
--- /dev/null
+++ b/tests/aaf/certservice/libraries/JksArtifactsValidator.py
@@ -0,0 +1,45 @@
+import jks
+from OpenSSL import crypto
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from EnvsReader import EnvsReader
+from ArtifactParser import ArtifactParser
+
+class JksArtifactsValidator:
+
+  def __init__(self, mount_path):
+    self.parser = ArtifactParser(mount_path, "jks")
+
+  def get_and_compare_data_jks(self, path_to_env):
+    data = self.get_data_jks(path_to_env)
+    return data, self.parser.contains_expected_data(data)
+
+  def get_keystore(self):
+    keystore = jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read())
+    return keystore.private_keys['certificate'].cert_chain[0][1]
+
+  def get_truststore(self):
+    truststore = jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read())
+    return truststore.certs
+
+  def can_open_keystore_and_truststore_with_pass_jks(self):
+    try:
+      jks.KeyStore.load(self.parser.keystorePath, open(self.parser.keystorePassPath, 'rb').read())
+      jks.KeyStore.load(self.parser.truststorePath, open(self.parser.truststorePassPath, 'rb').read())
+      return True
+    except:
+      return False
+
+  def get_data_jks(self, path_to_env):
+    envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+    certificate = self.get_keystore_certificate()
+    data = self.parser.get_owner_data_from_certificate(certificate)
+    data['SANS'] = self.parser.get_sans(certificate)
+    return type('', (object,), {"expectedData": envs, "actualData": data})
+
+  def get_keystore_certificate(self):
+    return crypto.X509.from_cryptography(self.load_x509_certificate(self.get_keystore()))
+
+  def load_x509_certificate(self, data):
+    cert = x509.load_der_x509_certificate(data, default_backend())
+    return cert
diff --git a/tests/aaf/certservice/libraries/JksFilesValidator.py b/tests/aaf/certservice/libraries/JksFilesValidator.py
deleted file mode 100644
index 8c150de..0000000
--- a/tests/aaf/certservice/libraries/JksFilesValidator.py
+++ /dev/null
@@ -1,70 +0,0 @@
-from OpenSSL import crypto
-from cryptography.x509.oid import ExtensionOID
-from cryptography import x509
-from EnvsReader import EnvsReader
-
-class JksFilesValidator:
-
-  def __init__(self, mount_path):
-    self.keystorePassPath = mount_path + '/keystore.pass'
-    self.keystoreJksPath = mount_path + '/keystore.jks'
-    self.truststorePassPath = mount_path + '/truststore.pass'
-    self.truststoreJksPath = mount_path + '/truststore.jks'
-
-  def get_and_compare_data(self, path_to_env):
-    data = self.get_data(path_to_env)
-    return data, self.contains_expected_data(data)
-
-  def can_open_keystore_and_truststore_with_pass(self):
-    can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
-    can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
-
-    return can_open_keystore & can_open_truststore
-
-  def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
-    try:
-      self.get_certificate(pass_file_path, jks_file_path)
-      return True
-    except:
-      return False
-
-  def get_data(self, path_to_env):
-    envs = self.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
-    certificate = self.get_certificate(self.keystorePassPath, self.keystoreJksPath)
-    data = self.get_owner_data_from_certificate(certificate)
-    data['SANS'] = self.get_sans(certificate)
-    return type('', (object,), {"expectedData": envs, "actualData": data})
-
-  def contains_expected_data(self, data):
-    expectedData = data.expectedData
-    actualData = data.actualData
-    return cmp(expectedData, actualData) == 0
-
-  def get_owner_data_from_certificate(self, certificate):
-    list = certificate.get_subject().get_components()
-    return dict((k, v) for k, v in list)
-
-  def get_certificate(self, pass_file_path, jks_file_path):
-    password = open(pass_file_path, 'rb').read()
-    crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
-    return crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password).get_certificate()
-
-  def get_sans(self, cert):
-    extension = cert.to_cryptography().extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
-    dnsList = extension.value.get_values_for_type(x509.DNSName)
-    return ':'.join(map(lambda dns: dns.encode('ascii','ignore'), dnsList))
-
-  def get_envs_as_dict(self, list):
-    envs = self.get_list_of_pairs_by_mappings(list)
-    return self.remove_nones_from_dict(envs)
-
-  def remove_nones_from_dict(self, dictionary):
-    return dict((k, v) for k, v in dictionary.iteritems() if k is not None)
-
-  def get_list_of_pairs_by_mappings(self, list):
-    mappings = self.get_mappings()
-    listOfEnvs = map(lambda k: k.split('='), list)
-    return dict((mappings.get(a[0]), a[1]) for a in listOfEnvs)
-
-  def get_mappings(self):
-    return {'COMMON_NAME':'CN', 'ORGANIZATION':'O', 'ORGANIZATION_UNIT':'OU', 'LOCATION':'L', 'STATE':'ST', 'COUNTRY':'C', 'SANS':'SANS'}
diff --git a/tests/aaf/certservice/libraries/P12ArtifactsValidator.py b/tests/aaf/certservice/libraries/P12ArtifactsValidator.py
new file mode 100644
index 0000000..b070171
--- /dev/null
+++ b/tests/aaf/certservice/libraries/P12ArtifactsValidator.py
@@ -0,0 +1,37 @@
+from OpenSSL import crypto
+from EnvsReader import EnvsReader
+from ArtifactParser import ArtifactParser
+
+class P12ArtifactsValidator:
+
+  def __init__(self, mount_path):
+    self.parser = ArtifactParser(mount_path, "p12")
+
+  def get_and_compare_data_p12(self, path_to_env):
+    data = self.get_data(path_to_env)
+    return data, self.parser.contains_expected_data(data)
+
+  def can_open_keystore_and_truststore_with_pass(self):
+    can_open_keystore = self.can_open_store_file_with_pass_file(self.parser.keystorePassPath, self.parser.keystorePath)
+    can_open_truststore = self.can_open_store_file_with_pass_file(self.parser.truststorePassPath, self.parser.truststorePath)
+
+    return can_open_keystore & can_open_truststore
+
+  def can_open_store_file_with_pass_file(self, pass_file_path, store_file_path):
+    try:
+      self.get_certificate(pass_file_path, store_file_path)
+      return True
+    except:
+      return False
+
+  def get_data(self, path_to_env):
+    envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+    certificate = self.get_certificate(self.parser.keystorePassPath, self.parser.keystorePath)
+    data = self.parser.get_owner_data_from_certificate(certificate)
+    data['SANS'] = self.parser.get_sans(certificate)
+    return type('', (object,), {"expectedData": envs, "actualData": data})
+
+  def get_certificate(self, pass_file_path, store_file_path):
+    password = open(pass_file_path, 'rb').read()
+    crypto.load_pkcs12(open(store_file_path, 'rb').read(), password)
+    return crypto.load_pkcs12(open(store_file_path, 'rb').read(), password).get_certificate()
diff --git a/tests/aaf/certservice/libraries/PemArtifactsValidator.py b/tests/aaf/certservice/libraries/PemArtifactsValidator.py
new file mode 100644
index 0000000..46e0357
--- /dev/null
+++ b/tests/aaf/certservice/libraries/PemArtifactsValidator.py
@@ -0,0 +1,39 @@
+import os
+from OpenSSL import crypto
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from EnvsReader import EnvsReader
+from ArtifactParser import ArtifactParser
+
+class PemArtifactsValidator:
+
+  def __init__(self, mount_path):
+    self.parser = ArtifactParser(mount_path, "pem")
+    self.key = mount_path + '/key.pem'
+
+  def get_and_compare_data_pem(self, path_to_env):
+    data = self.get_data_pem(path_to_env)
+    return data, self.parser.contains_expected_data(data)
+
+  def artifacts_exist_and_are_not_empty(self):
+    keystoreExists = self.file_exists_and_is_not_empty(self.parser.keystorePath)
+    truststoreExists = self.file_exists_and_is_not_empty(self.parser.truststorePath)
+    keyExists = self.file_exists_and_is_not_empty(self.key)
+    return keystoreExists and truststoreExists and keyExists
+
+  def file_exists_and_is_not_empty(self, pathToFile):
+    return os.path.isfile(pathToFile) and os.path.getsize(pathToFile) > 0
+
+  def get_data_pem(self, path_to_env):
+    envs = self.parser.get_envs_as_dict(EnvsReader().read_env_list_from_file(path_to_env))
+    certificate = self.get_keystore_certificate()
+    data = self.parser.get_owner_data_from_certificate(certificate)
+    data['SANS'] = self.parser.get_sans(certificate)
+    return type('', (object,), {"expectedData": envs, "actualData": data})
+
+  def get_keystore_certificate(self):
+    return crypto.X509.from_cryptography(self.load_x509_certificate())
+
+  def load_x509_certificate(self):
+    cert = x509.load_pem_x509_certificate(open(self.parser.keystorePath, 'rb').read(), default_backend())
+    return cert
diff --git a/tests/aaf/certservice/resources/cert-service-keywords.robot b/tests/aaf/certservice/resources/cert-service-keywords.robot
index d4d4fd9..39c26a6 100644
--- a/tests/aaf/certservice/resources/cert-service-keywords.robot
+++ b/tests/aaf/certservice/resources/cert-service-keywords.robot
@@ -6,7 +6,9 @@
 Library           HttpLibrary.HTTP
 Library           Collections
 Library           ../libraries/CertClientManager.py  ${MOUNT_PATH}  ${TRUSTSTORE_PATH}
-Library           ../libraries/JksFilesValidator.py  ${MOUNT_PATH}
+Library           ../libraries/P12ArtifactsValidator.py  ${MOUNT_PATH}
+Library           ../libraries/JksArtifactsValidator.py  ${MOUNT_PATH}
+Library           ../libraries/PemArtifactsValidator.py  ${MOUNT_PATH}
 
 *** Keywords ***
 
@@ -85,7 +87,7 @@
     ${resp}= 	Post Request 	${https_valid_cert_session}  ${path}
     Should Be Equal As Strings 	${resp.status_code} 	${resp_code}
 
-Run Cert Service Client And Validate JKS File Creation And Client Exit Code
+Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code
     [Documentation]  Run Cert Service Client Container And Validate Exit Code
     [Arguments]   ${env_file}  ${expected_exit_code}
     ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
@@ -94,15 +96,44 @@
     Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
     Should Be True  ${can_open}  Cannot Open Keystore/TrustStore by passpshase
 
+Run Cert Service Client And Validate JKS File Creation And Client Exit Code
+    [Documentation]  Run Cert Service Client Container And Validate Exit Code
+    [Arguments]   ${env_file}  ${expected_exit_code}
+    ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
+    ${can_open}=  Can Open Keystore And Truststore With Pass Jks
+    Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  positive_path
+    Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+    Should Be True  ${can_open}  Cannot Open Keystore/TrustStore by passpshase
+
+Run Cert Service Client And Validate PKCS12 Files Contain Expected Data
+    [Documentation]  Run Cert Service Client Container And Validate PKCS12 Files Contain Expected Data
+    [Arguments]  ${env_file}  ${expected_exit_code}
+    ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
+    ${data}    ${isEqual}=  Get And Compare Data P12  ${env_file}
+    Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  positive_path_with_data
+    Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+    Should Be True  ${isEqual}  Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
+
 Run Cert Service Client And Validate JKS Files Contain Expected Data
     [Documentation]  Run Cert Service Client Container And Validate JKS Files Contain Expected Data
     [Arguments]  ${env_file}  ${expected_exit_code}
     ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
-    ${data}    ${isEqual}=  Get And Compare Data  ${env_file}
+    ${data}    ${isEqual}=  Get And Compare Data Jks  ${env_file}
     Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  positive_path_with_data
     Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
     Should Be True  ${isEqual}  Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
 
+Run Cert Service Client And Validate PEM Files Contain Expected Data
+    [Documentation]  Run Cert Service Client Container And Validate PEM Files Contain Expected Data
+    [Arguments]  ${env_file}  ${expected_exit_code}
+    ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
+    ${existNotEmpty}=  Artifacts Exist And Are Not Empty
+    ${data}    ${isEqual}=  Get And Compare Data Pem  ${env_file}
+    Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  positive_path_with_data
+    Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+    Should Be True  ${existNotEmpty}  PEM artifacts not created properly
+    Should Be True  ${isEqual}  Keystore doesn't contain ${data.expectedData}. Actual data is: ${data.actualData}
+
 Run Cert Service Client And Validate Http Response Code And Client Exit Code
     [Documentation]  Run Cert Service Client Container And Validate Exit Code
     [Arguments]   ${env_file}  ${expected_api_response_code}  ${expected_exit_code}
@@ -113,3 +144,11 @@
     Should Be True  ${can_find_API_response}  Cannot Find API response in logs
     Should Be Equal As Strings  ${api_response_code}  ${expected_api_response_code}  API return ${api_response_code} but expected: ${expected_api_response_code}
     Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code}
+
+Run Cert Service Client And Validate Client Exit Code
+    [Documentation]  Run Cert Service Client Container And Validate Exit Code
+    [Arguments]   ${env_file}  ${expected_exit_code}
+    ${exit_code}=  Run Client Container  ${DOCKER_CLIENT_IMAGE}  ${CLIENT_CONTAINER_NAME}  ${env_file}  ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT}  ${CERT_SERVICE_NETWORK}
+    Remove Client Container And Save Logs  ${CLIENT_CONTAINER_NAME}  negative_path
+    Should Be Equal As Strings  ${exit_code}  ${expected_exit_code}  Client return unexpected exit code return: ${exitcode} , but expected: ${expected_exit_code}
+
diff --git a/tests/aaf/certservice/resources/cert-service-properties.robot b/tests/aaf/certservice/resources/cert-service-properties.robot
index 53d6b24..54ddec1 100644
--- a/tests/aaf/certservice/resources/cert-service-properties.robot
+++ b/tests/aaf/certservice/resources/cert-service-properties.robot
@@ -19,6 +19,10 @@
 
 ${CERT_SERVICE_ADDRESS}                  https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
 ${VALID_ENV_FILE}                        %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env
+${VALID_ENV_FILE_JKS}                    %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_jks.env
+${VALID_ENV_FILE_P12}                    %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_p12.env
+${VALID_ENV_FILE_PEM}                    %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_pem.env
+${INVALID_ENV_FILE_OUTPUT_TYPE}          %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker_output_type.env
 ${INVALID_ENV_FILE}                      %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env
 ${DOCKER_CLIENT_IMAGE}                   nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
 ${CLIENT_CONTAINER_NAME}                 %{ClientContainerName}