E2E Integration Test for NETCONF/TLS Configuration in SDNC.
Story intended to capture needed updates to E2E Integration Test for NETCONF/TLS Configuration.
Involve updates to the PNF simulator.
Issue-ID: INT-1295
Signed-off-by: ajay_dp001 <ajay.deep.singh@est.tech>
Change-Id: Ie08fe9618a9a0522e00fe0af8d13ab48b0634a70
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile
new file mode 100644
index 0000000..b284e61
--- /dev/null
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile
@@ -0,0 +1,110 @@
+all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15
+.PHONY: all
+#Clear certificates
+clear:
+ @echo "***** Clear certificates *****"
+ rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ @echo "***** done *****"
+
+#Generate root private and public keys
+step_1:
+ @echo "***** Generate root private and public keys *****"
+ keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "***** done *****"
+
+#Export public key as certificate
+step_2:
+ @echo "***** Export public key as certificate *****"
+ keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "***** done *****"
+
+#Self-signed root (import root certificate into truststore)
+step_3:
+ @echo "***** Self-signed root import root certificate into truststore *****"
+ keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "***** done *****"
+
+#Generate certService's client private and public keys
+step_4:
+ @echo "***** Generate certService's client private and public keys *****"
+ keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "***** done *****"
+
+#Generate certificate signing request for certService's client
+step_5:
+ @echo "***** Generate certificate signing request for certService's client *****"
+ keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "***** done *****"
+
+#Sign certService's client certificate by root CA
+step_6:
+ @echo "***** Sign certService's client certificate by root CA *****"
+ keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "***** done *****"
+
+#Import root certificate into client
+step_7:
+ @echo "***** Import root certificate into intermediate *****"
+ cat root.crt >> certServiceClientByRoot.crt
+ @echo "***** done *****"
+
+#Import signed certificate into certService's client
+step_8:
+ @echo "***** Import signed certificate into certService's client *****"
+ keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "***** done *****"
+
+#Generate certService private and public keys
+step_9:
+ @echo "***** Generate certService private and public keys *****"
+ keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "***** done *****"
+
+#Generate certificate signing request for certService
+step_10:
+ @echo "***** Generate certificate signing request for certService***** "
+ keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
+ @echo "***** done *****"
+
+#Sign certService certificate by root CA
+step_11:
+ @echo "***** Sign certService certificate by root CA *****"
+ keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
+ @echo "***** done *****"
+
+#Import root certificate into server
+step_12:
+ @echo "***** Import root certificate into intermediate *****"
+ cat root.crt >> certServiceServerByRoot.crt
+ @echo "***** done *****"
+
+#Import signed certificate into certService
+step_13:
+ @echo "***** Import signed certificate into certService *****"
+ keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
+ -storepass secret -noprompt
+ @echo "***** done *****"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+step_14:
+ @echo "***** Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) *****"
+ keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+ -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "***** done *****"
+
+#Clear unused certificates
+step_15:
+ @echo "***** Clear unused certificates *****"
+ rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "***** done *****"
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env b/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env
new file mode 100644
index 0000000..75f5db8
--- /dev/null
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env
@@ -0,0 +1,16 @@
+GERRIT_BRANCH=master
+NEXUS_USERNAME=docker
+NEXUS_PASSWD=docker
+SDNC_CONTAINER_NAME=sdnc
+SDNC_IMAGE_TAG=1.8.2
+NEXUS_DOCKER_REPO=nexus3.onap.org:10001
+CLIENT_CONTAINER_NAME=CertServiceClient
+SDNC_CERT_PATH=${SCRIPTS}/sdnc/sdnc/certs
+REQUEST_DATA_PATH=${SCRIPTS}/sdnc/sdnc/config
+NETCONF_PNP_SIM_CONTAINER_NAME=netconf-simulator
+EJBCA_CERTPROFILE_PATH=${SCRIPTS}/sdnc/certservice/certprofile
+AAF_CERTSERVICE_SCRIPTS_PATH=${SCRIPTS}/sdnc/certservice/scripts
+TEMP_DIR_PATH=${WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp
+NETCONF_CONFIG_PATH=${SCRIPTS}/sdnc/netconf-pnp-simulator/netconf-config
+AAF_INITIAL_CERTS=${WORKSPACE}/plans/sdnc/sdnc_netconf_tls_post_deploy/certs
+AAF_CERTSERVICE_CONFIG_PATH=${SCRIPTS}/sdnc/certservice/config/cmpServers.json
\ No newline at end of file
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh
index f77b563..2a0451d 100644
--- a/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/setup.sh
@@ -1,151 +1,172 @@
#!/bin/bash
#
-# Copyright 2016-2017 Huawei Technologies Co., Ltd.
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Modifications copyright (c) 2017 AT&T Intellectual Property
-#
-# Place the scripts in run order:
-SCRIPTS="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source ${WORKSPACE}/scripts/sdnc/script1.sh
-export DOCKER_SDNC_TAG=1.8-STAGING-latest
-export NEXUS_USERNAME=docker
-export NEXUS_PASSWD=docker
-export NEXUS_DOCKER_REPO=nexus3.onap.org:10001
-export DMAAP_TOPIC=AUTO
-export DOCKER_IMAGE_VERSION=1.8-STAGING-latest
-export CCSDK_DOCKER_IMAGE_VERSION=0.7-STAGING-latest
-export SDNC_GERRIT_BRANCH=frankfurt
-export INTEGRATION_GERRIT_BRANCH=master
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# @author Ajay Deep Singh (ajay.deep.singh@est.tech)
+
+# Source SDNC, AAF-CertService, Netconf-Pnp-Simulator config env
+source "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/sdnc-csit.env
+
+chmod +x "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh
+chmod +x "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
+
+# Export temp directory
+export TEMP_DIR_PATH=${TEMP_DIR_PATH}
+
+# Create temp directory to bind with docker containers
+mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp
+mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs
+mkdir -m 755 -p "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data
export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
if [ "$MTU" == "" ]; then
- export MTU="1450"
+ export MTU="1450"
fi
-# Clone SDNC repo to get docker-compose for SDNC
-mkdir -p $WORKSPACE/archives/integration
-cd $WORKSPACE/archives
-git clone -b ${INTEGRATION_GERRIT_BRANCH} --single-branch --depth=1 http://gerrit.onap.org/r/integration.git integration
-cd $WORKSPACE/archives/integration
-git pull
-HOST_IP_ADDR=localhost
-# Clone SDNC repo to get docker-compose for SDNC
-mkdir -p $WORKSPACE/archives/sdnc
-cd $WORKSPACE/archives
-git clone -b ${SDNC_GERRIT_BRANCH} --single-branch --depth=1 http://gerrit.onap.org/r/sdnc/oam.git sdnc
-cd $WORKSPACE/archives/sdnc
-git pull
+# Export default Networking bridge created on the host machine
+export LOCAL_IP=$(ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+')
+
+# Prepare enviroment
+echo "Uninstall docker-py and reinstall docker."
+pip uninstall -y docker-py
+pip uninstall -y docker
+pip install -U docker==2.7.0
+
+# Reinstall pyOpenSSL library
+echo "Reinstall pyOpenSSL library."
+pip uninstall pyopenssl -y
+pip install pyopenssl==17.5.0
+
+# Disable Proxy - for local run
unset http_proxy https_proxy
-cd $WORKSPACE/archives/sdnc/installation/src/main/yaml
-sed -i "s/DMAAP_TOPIC_ENV=.*/DMAAP_TOPIC_ENV=\"AUTO\"/g" docker-compose.yml
-docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWD $NEXUS_DOCKER_REPO
+# Export AAF Certservice config path
+export AAF_INITIAL_CERTS
+export EJBCA_CERTPROFILE_PATH
+export AAF_CERTSERVICE_CONFIG_PATH
+export AAF_CERTSERVICE_SCRIPTS_PATH
+export CERT_PROFILE=${EJBCA_CERTPROFILE_PATH}
+export SCRIPTS_PATH=${AAF_CERTSERVICE_SCRIPTS_PATH}
+export CONFIGURATION_PATH=${AAF_CERTSERVICE_CONFIG_PATH}
-docker pull $NEXUS_DOCKER_REPO/onap/sdnc-image:$DOCKER_SDNC_TAG
-docker tag $NEXUS_DOCKER_REPO/onap/sdnc-image:$DOCKER_SDNC_TAG onap/sdnc-image:latest
+# Generate Keystores, Truststores, Certificates and Keys
+make all -C ./certs/
-docker pull $NEXUS_DOCKER_REPO/onap/sdnc-ansible-server-image:$DOCKER_IMAGE_VERSION
-docker tag $NEXUS_DOCKER_REPO/onap/sdnc-ansible-server-image:$DOCKER_IMAGE_VERSION onap/sdnc-ansible-server-image:latest
+cp "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/root.crt "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/root.crt
+openssl pkcs12 -in "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.crt
+openssl pkcs12 -in "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' >"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.key
-docker pull $NEXUS_DOCKER_REPO/onap/ccsdk-dgbuilder-image:$CCSDK_DOCKER_IMAGE_VERSION
-docker tag $NEXUS_DOCKER_REPO/onap/ccsdk-dgbuilder-image:$CCSDK_DOCKER_IMAGE_VERSION onap/ccsdk-dgbuilder-image:latest
+echo "Generated KeyStores, Server Certificate and Key"
-docker pull $NEXUS_DOCKER_REPO/onap/admportal-sdnc-image:$DOCKER_IMAGE_VERSION
-docker tag $NEXUS_DOCKER_REPO/onap/admportal-sdnc-image:$DOCKER_IMAGE_VERSION onap/admportal-sdnc-image:latest
+# Start EJBCA, AAF-CertService Containers with docker-compose and configuration from docker-compose.yml
+docker-compose -f "${SCRIPTS}"/sdnc/certservice/docker-compose.yml up -d
-docker pull $NEXUS_DOCKER_REPO/onap/sdnc-ueb-listener-image:$DOCKER_IMAGE_VERSION
-docker tag $NEXUS_DOCKER_REPO/onap/sdnc-ueb-listener-image:$DOCKER_IMAGE_VERSION onap/sdnc-ueb-listener-image:latest
-
-docker pull $NEXUS_DOCKER_REPO/onap/sdnc-dmaap-listener-image:$DOCKER_IMAGE_VERSION
-
-docker tag $NEXUS_DOCKER_REPO/onap/sdnc-dmaap-listener-image:$DOCKER_IMAGE_VERSION onap/sdnc-dmaap-listener-image:latest
-
-CERT_SUBPATH=plans/sdnc/sdnc_netconf_tls_post_deploy/certs
-
-export SDNC_CERT_PATH=${WORKSPACE}/${CERT_SUBPATH}
-sed -i 's/sdnc_controller_container/sdnc_controller_container\n volumes: \n - $SDNC_CERT_PATH:\/opt\/opendaylight\/current\/certs/' docker-compose.yml
-# start SDNC containers with docker compose and configuration from docker-compose.yml
-docker-compose up -d
-
-# PNF simulator has permission problems - creates files as root, which causes build to be unstable
-# Commenting it out for now, since netconf mount is not working anyway.
-# cd $WORKSPACE/archives/integration/test/mocks/pnfsimulator/pnfsimulator
-# docker-compose up -d
-
-# WAIT 10 minutes maximum and test every 5 seconds if SDNC is up using HealthCheck API
-TIME_OUT=1000
-INTERVAL=30
-TIME=0
-while [ "$TIME" -lt "$TIME_OUT" ]; do
- response=$(curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -X POST -H "X-FromAppId: csit-sdnc" -H "X-TransactionId: csit-sdnc" -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:8282/restconf/operations/SLI-API:healthcheck ); echo $response
-
- if [ "$response" == "200" ]; then
- echo SDNC started in $TIME seconds
- break;
+# Check if AAF-Certservice Service is healthy and ready
+AAFCERT_IP='none'
+for i in {1..9}; do
+ AAFCERT_IP=$(get-instance-ip.sh aaf-cert-service)
+ RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret |
+ python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]')
+ if [[ "${RESP_CODE}" == "UP" ]]; then
+ echo "AAF Cert Service is Ready."
+ export AAFCERT_IP=${AAFCERT_IP}
+ docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+ break
fi
-
- echo Sleep: $INTERVAL seconds before testing if SDNC is up. Total wait time up now is: $TIME seconds. Timeout is: $TIME_OUT seconds
- sleep $INTERVAL
- TIME=$(($TIME+$INTERVAL))
+ echo "Waiting for AAF Cert Service to Start Up..."
+ sleep 2m
done
-export PNF_IP=$(ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+')
-sed -i "s/pnfaddr/$PNF_IP/g" $WORKSPACE/tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml
-
-if [ "$TIME" -ge "$TIME_OUT" ]; then
- echo TIME OUT: Docker containers not started in $TIME_OUT seconds... Could cause problems for testing activities...
+if [[ "${AAFCERT_IP}" == "none" || "${AAFCERT_IP}" == '' || "${RESP_CODE}" != "UP" ]]; then
+ echo "AAF CertService not started Could cause problems for testing activities...!"
fi
-#sleep 800
+############################## SDNC Setup ##############################
-TIME_OUT=1500
-INTERVAL=60
-TIME=0
-while [ "$TIME" -lt "$TIME_OUT" ]; do
- response=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client system:start-level)
+# Export Mariadb, SDNC tmp, cert directory path
+export SDNC_CERT_PATH=${SDNC_CERT_PATH}
- if grep -q 'Level 100' <<< ${response}; then
- echo SDNC karaf started in $TIME seconds
- break;
+docker pull "${NEXUS_DOCKER_REPO}"/onap/sdnc-image:"${SDNC_IMAGE_TAG}"
+docker tag "${NEXUS_DOCKER_REPO}"/onap/sdnc-image:"${SDNC_IMAGE_TAG}" onap/sdnc-image:latest
+
+# Start Mariadb, SDNC Containers with docker-compose and configuration from docker-compose.yml
+docker-compose -f "${SCRIPTS}"/sdnc/sdnc/docker-compose.yml up -d
+
+# Check if SDNC Service is healthy and ready
+for i in {1..10}; do
+ SDNC_IP=$(get-instance-ip.sh sdnc)
+ RESP_CODE=$(curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -X POST -H "X-FromAppId: csit-sdnc" -H "X-TransactionId: csit-sdnc" -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:8282/restconf/operations/SLI-API:healthcheck)
+ if [[ "${RESP_CODE}" == '200' ]]; then
+ echo "SDNC Service is Ready."
+ break
fi
-
- echo Sleep: $INTERVAL seconds before testing if SDNC is up. Total wait time up now is: $TIME seconds. Timeout is: $TIME_OUT seconds
- sleep $INTERVAL
- TIME=$(($TIME+$INTERVAL))
+ echo "Waiting for SDNC Service to Start Up..."
+ sleep 2m
done
-if [ "$TIME" -ge "$TIME_OUT" ]; then
- echo TIME OUT: karaf session not started in $TIME_OUT seconds... Could cause problems for testing activities...
+if [[ "${SDNC_IP}" == 'none' || "${SDNC_IP}" == '' || "${RESP_CODE}" != '200' ]]; then
+ echo "SDNC Service not started Could cause problems for testing activities...!"
fi
-response=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client system:start-level)
-
- if grep -q 'Level 100' <<< ${response}; then
- num_failed_bundles=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client bundle:list | grep Failure | wc -l)
- failed_bundles=$(docker exec -ti sdnc_controller_container /opt/opendaylight/current/bin/client bundle:list | grep Failure)
- echo There is/are $num_failed_bundles failed bundles out of $num_bundles installed bundles.
+# Check if SDNC-ODL Karaf Session started
+for i in {1..15}; do
+ EXEC_RESP=$(docker exec -it sdnc /opt/opendaylight/current/bin/client system:start-level)
+ if grep -q 'Level 100' <<<"${EXEC_RESP}"; then
+ echo "SDNC-ODL Karaf Session Started."
+ break
fi
+ echo "Waiting for SDNC-ODL Karaf Session to Start Up..."
+ sleep 2m
+done
-if [ "$num_failed_bundles" -ge 1 ]; then
- echo "The following bundle(s) are in a failed state: "
- echo " $failed_bundles"
+if ! grep -q 'Level 100' <<<"${EXEC_RESP}"; then
+ echo "SDNC-ODL Karaf Session not Started, Could cause problems for testing activities...!"
fi
-# Sleep additional 5 minutes (300 secs) to give application time to finish
-sleep 200
+echo "Sleeping 5 minutes"
+sleep 5m
-# Pass any variables required by Robot test suites in ROBOT_VARIABLES
-ROBOT_VARIABLES="-v SCRIPTS:${SCRIPTS}"
+###################### Netconf-PNP-Simulator Setup ######################
+
+# Export netconf-pnp simulator conf path
+export NETCONF_CONFIG_PATH=${NETCONF_CONFIG_PATH}
+
+# Start Netconf-Pnp-Simulator Container with docker-compose and configuration from docker-compose.yml
+docker-compose -f "${SCRIPTS}"/sdnc/netconf-pnp-simulator/docker-compose.yml up -d
+
+# Update default Networking bridge IP in mount.json file
+sed -i "s/pnfaddr/${LOCAL_IP}/g" "${REQUEST_DATA_PATH}"/mount.xml
+
+#########################################################################
+
+echo "Sleeping additional for 3 minutes to give application time to finish"
+sleep 3m
+
+# Export SDNC, AAF-Certservice-Cient, Netconf-Pnp-Simulator Continer Names
+export REQUEST_DATA_PATH="${REQUEST_DATA_PATH}"
+export SDNC_CONTAINER_NAME="${SDNC_CONTAINER_NAME}"
+export CLIENT_CONTAINER_NAME="${CLIENT_CONTAINER_NAME}"
+export NETCONF_PNP_SIM_CONTAINER_NAME="${NETCONF_PNP_SIM_CONTAINER_NAME}"
+
+REPO_IP='127.0.0.1'
+ROBOT_VARIABLES+=" -v REPO_IP:${REPO_IP} "
+ROBOT_VARIABLES+=" -v SCRIPTS:${SCRIPTS} "
+
+echo "Finished executing setup for SDNC-Netconf-TLS-Post-Deploy"
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh
index 43294df..2f451d5 100644
--- a/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh
+++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/teardown.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# Copyright 2016-2017 Huawei Technologies Co., Ltd.
+# Copyright 2017 ZTE, Inc. and others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,22 +14,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-# Modifications copyright (c) 2017 AT&T Intellectual Property
-#
-docker cp sdnc_controller_container:/opt/opendaylight/data/log/karaf.log $WORKSPACE/archives/karaf.log
-docker cp sdnc_controller_container:/opt/opendaylight/data/log/installCerts.log $WORKSPACE/archives/installCerts.log
-kill-instance.sh sdnc_controller_container
-kill-instance.sh sdnc_dgbuilder_container
-kill-instance.sh sdnc_portal_container
-kill-instance.sh sdnc_db_container
-kill-instance.sh sdnc_ueblistener_container
-kill-instance.sh sdnc_dmaaplistener_container
-kill-instance.sh sdnc_ansible_container
-# Commented out startup of PNF simulator due to permission issues. Following lines can be uncommented
-# when/if that problem is resolved.
-#kill-instance.sh pnfsimulator_pnf-simulator_1
-#kill-instance.sh pnfsimulator_mongo-express_1
-#ill-instance.sh pnfsimulator_mongo_1
+docker-compose -f "${SCRIPTS}"/sdnc/certservice/docker-compose.yml down -v
+docker-compose -f "${SCRIPTS}"/sdnc/sdnc/docker-compose.yml down -v
+docker-compose -f "${SCRIPTS}"/sdnc/netconf-pnp-simulator/docker-compose.yml down -v
-# $WORKSPACE/archives/appc deleted with archives folder when tests starts so we keep it at the end for debugging
+make clear -C "${WORKSPACE}"/plans/sdnc/sdnc_netconf_tls_post_deploy/certs
+
+rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/tmp
+rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/certs
+rm -rf "${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data
\ No newline at end of file
diff --git a/scripts/sdnc/certservice/certprofile/certprofile_MY_ENDUSER-1667220921.xml b/scripts/sdnc/certservice/certprofile/certprofile_MY_ENDUSER-1667220921.xml
new file mode 100644
index 0000000..92fbdee
--- /dev/null
+++ b/scripts/sdnc/certservice/certprofile/certprofile_MY_ENDUSER-1667220921.xml
@@ -0,0 +1,594 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.7.0_111" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>46.0</float>
+ </void>
+ <void method="put">
+ <string>type</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>certversion</string>
+ <string>X509v3</string>
+ </void>
+ <void method="put">
+ <string>encodedvalidity</string>
+ <string>2y</string>
+ </void>
+ <void method="put">
+ <string>usecertificatevalidityoffset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatevalidityoffset</string>
+ <string>-10m</string>
+ </void>
+ <void method="put">
+ <string>useexpirationrestrictionforweekdays</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionforweekdaysbefore</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionweekdays</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowvalidityoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowextensionoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverridebyeei</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowbackdatedrevokation</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatestorage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storecertificatedata</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storesubjectaltname</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usebasicconstrants</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>basicconstraintscritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectkeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectkeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthoritykeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>authoritykeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectalternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectalternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useissueralternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>issueralternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultcrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointuri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usefreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecadefinedfreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>freshestcrluri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>crlissuer</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecertificatepolicies</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepoliciescritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepolicies</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablekeyalgorithms</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>DSA</string>
+ </void>
+ <void method="add">
+ <string>ECDSA</string>
+ </void>
+ <void method="add">
+ <string>RSA</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availableeccurves</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>ANY_EC_CURVE</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availablebitlengths</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>192</int>
+ </void>
+ <void method="add">
+ <int>224</int>
+ </void>
+ <void method="add">
+ <int>239</int>
+ </void>
+ <void method="add">
+ <int>256</int>
+ </void>
+ <void method="add">
+ <int>384</int>
+ </void>
+ <void method="add">
+ <int>512</int>
+ </void>
+ <void method="add">
+ <int>521</int>
+ </void>
+ <void method="add">
+ <int>1024</int>
+ </void>
+ <void method="add">
+ <int>1536</int>
+ </void>
+ <void method="add">
+ <int>2048</int>
+ </void>
+ <void method="add">
+ <int>3072</int>
+ </void>
+ <void method="add">
+ <int>4096</int>
+ </void>
+ <void method="add">
+ <int>6144</int>
+ </void>
+ <void method="add">
+ <int>8192</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>minimumavailablebitlength</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>maximumavailablebitlength</string>
+ <int>8192</int>
+ </void>
+ <void method="put">
+ <string>signaturealgorithm</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usekeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>keyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowkeyusageoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>keyusagecritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>useextendedkeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>extendedkeyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.2</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.4</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.1</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>extendedkeyusagecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedocumenttypelist</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelistcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelist</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablecas</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>-1</int>
+ </void>
+ <void method="add">
+ <int>1295313472</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>usedpublishers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>useocspnocheck</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useldapdnorder</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorder</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usemicrosofttemplate</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>microsofttemplate</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecardnumber</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecnpostfix</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>cnpostfix</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usesubjectdnsubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectdnsubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usesubjectaltnamesubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectaltnamesubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usepathlengthconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>pathlengthconstraint</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqcstatement</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usepkixqcsyntaxv2</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementraname</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcsematicsid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiqccompliance</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsisignaturedevice</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsivaluelimit</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimit</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitexp</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitcurrency</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiretentionperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsiretentionperiod</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqccustomstring</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qccustomstringoid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qccustomstringtext</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qcetsipds</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>qcetsitype</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyincerts</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinocsp</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinpublisher</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectdirattributes</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usenameconstraints</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthorityinformationaccess</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>caissuers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usedefaultcaissuer</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultocspservicelocator</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>ocspservicelocatoruri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>cvcaccessrights</string>
+ <int>3</int>
+ </void>
+ <void method="put">
+ <string>usedcertificateextensions</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>approvals</string>
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>KEYRECOVER</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>ADDEDITENDENTITY</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>REVOCATION</string>
+ </object>
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotbefore</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotafter</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodstartoffset</string>
+ <long>0</long>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodlength</string>
+ <long>63072000</long>
+ </void>
+ <void method="put">
+ <string>usesingleactivecertificateconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>overridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>nonoverridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>usecustomdnorderldap</string>
+ <boolean>false</boolean>
+ </void>
+ </object>
+</java>
diff --git a/scripts/sdnc/certservice/certprofile/entityprofile_My_EndEntity-161023208.xml b/scripts/sdnc/certservice/certprofile/entityprofile_My_EndEntity-161023208.xml
new file mode 100644
index 0000000..cad4ca7
--- /dev/null
+++ b/scripts/sdnc/certservice/certprofile/entityprofile_My_EndEntity-161023208.xml
@@ -0,0 +1,917 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.7.0_111" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>14.0</float>
+ </void>
+ <void method="put">
+ <string>NUMBERARRAY</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>2</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDNFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>500</int>
+ </void>
+ <void method="add">
+ <int>1100</int>
+ </void>
+ <void method="add">
+ <int>1200</int>
+ </void>
+ <void method="add">
+ <int>1300</int>
+ </void>
+ <void method="add">
+ <int>1400</int>
+ </void>
+ <void method="add">
+ <int>1600</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTALTNAMEFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1800</int>
+ </void>
+ <void method="add">
+ <int>1801</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDIRATTRFIELDORDER</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <int>0</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>1</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>95</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20095</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>96</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20096</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>5</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>26</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20026</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>29</int>
+ <string>1667220921</string>
+ </void>
+ <void method="put">
+ <int>20029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30</int>
+ <string>1667220921</string>
+ </void>
+ <void method="put">
+ <int>20030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>31</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>32</int>
+ <string>1;2;3;4</string>
+ </void>
+ <void method="put">
+ <int>20032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>33</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>34</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10034</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>38</int>
+ <string>1295313472</string>
+ </void>
+ <void method="put">
+ <int>20038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>37</int>
+ <string>1295313472</string>
+ </void>
+ <void method="put">
+ <int>20037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>98</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30098</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>99</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30099</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>97</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30097</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>91</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30091</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>94</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20094</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>93</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>89</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30089</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>88</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30088</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>ALLOW_MERGEDN_WEBSERVICES</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>2</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10090</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>90</int>
+ <string>0</string>
+ </void>
+ <void method="put">
+ <string>REVERSEFFIELDCHECKS</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>28</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>REUSECERTIFICATE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>35</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10092</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>USEEXTENSIONDATA</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGUSE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGDEFAULT</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGREQUIRED</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGCOPIES</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>PRINTINGPRINTERNAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGDATA</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGFILENAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>11</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>12</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>13</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>14</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>16</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>18</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>118</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30118</int>
+ <boolean>true</boolean>
+ </void>
+ </object>
+</java>
diff --git a/scripts/sdnc/certservice/config/cmpServers.json b/scripts/sdnc/certservice/config/cmpServers.json
new file mode 100644
index 0000000..ce427c5
--- /dev/null
+++ b/scripts/sdnc/certservice/config/cmpServers.json
@@ -0,0 +1,24 @@
+{
+ "cmpv2Servers": [
+ {
+ "caName": "Client",
+ "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
+ "issuerDN": "CN=My_ManagementCA",
+ "caMode": "CLIENT",
+ "authentication": {
+ "iak": "mypassword",
+ "rv": "mypassword"
+ }
+ },
+ {
+ "caName": "RA",
+ "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+ "issuerDN": "CN=My_ManagementCA",
+ "caMode": "RA",
+ "authentication": {
+ "iak": "mypassword",
+ "rv": "mypassword"
+ }
+ }
+ ]
+}
diff --git a/scripts/sdnc/certservice/docker-compose.yml b/scripts/sdnc/certservice/docker-compose.yml
new file mode 100644
index 0000000..6e4c4b6
--- /dev/null
+++ b/scripts/sdnc/certservice/docker-compose.yml
@@ -0,0 +1,46 @@
+version: "2.1"
+
+services:
+ ejbca:
+ image: primekey/ejbca-ce:6.15.2.5
+ hostname: cahostname
+ container_name: aafcert-ejbca
+ ports:
+ - "80:8080"
+ - "443:8443"
+ volumes:
+ - $SCRIPTS_PATH:/opt/primekey/scripts
+ - $CERT_PROFILE:/opt/primekey/certprofile
+ healthcheck:
+ test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
+ interval: 20s
+ timeout: 3s
+ retries: 9
+ networks:
+ - certservice
+
+ aaf-cert-service:
+ image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
+ volumes:
+ - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json
+ - $AAF_INITIAL_CERTS/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
+ - $AAF_INITIAL_CERTS/root.crt:/etc/onap/aaf/certservice/certs/root.crt
+ - $AAF_INITIAL_CERTS/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
+ - $AAF_INITIAL_CERTS/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
+ container_name: aaf-cert-service
+ ports:
+ - "8443:8443"
+ depends_on:
+ ejbca:
+ condition: service_healthy
+ healthcheck:
+ test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+ interval: 10s
+ timeout: 3s
+ retries: 15
+ networks:
+ - certservice
+
+networks:
+ certservice:
+ driver: bridge
\ No newline at end of file
diff --git a/scripts/sdnc/certservice/scripts/cmp.cmpRA.dump b/scripts/sdnc/certservice/scripts/cmp.cmpRA.dump
new file mode 100644
index 0000000..900e676
--- /dev/null
+++ b/scripts/sdnc/certservice/scripts/cmp.cmpRA.dump
@@ -0,0 +1,6 @@
+cmpRA.operationmode = ra
+cmpRA.responseprotection = pbe
+cmpRA.ra.endentityprofileid = 161023208
+cmpRA.ra.certificateprofile = MY_ENDUSER
+cmpRA.ra.caname = My_ManagementCA
+cmpRA.allowautomatickeyupdate = true
\ No newline at end of file
diff --git a/scripts/sdnc/certservice/scripts/ejbca-configuration.sh b/scripts/sdnc/certservice/scripts/ejbca-configuration.sh
new file mode 100755
index 0000000..64045a7
--- /dev/null
+++ b/scripts/sdnc/certservice/scripts/ejbca-configuration.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+configureEjbca() {
+ ejbca.sh ca init My_ManagementCA "C=SE,O=PrimeKey,CN=My_ManagementCA" soft foo123 2048 RSA 365 --policy 2.5.29.32.0 SHA256WithRSA
+ ejbca.sh ca editca --caname My_ManagementCA --field cmpRaAuthSecret --value mypassword
+ ejbca.sh config cmp addalias --alias cmpRA
+ ejbca.sh ca importprofiles -d /opt/primekey/certprofile
+ ejbca.sh config cmp uploadfile --alias cmpRA --file /opt/primekey/scripts/cmp.cmpRA.dump
+ ejbca.sh config cmp dumpalias --alias cmpRA
+ ejbca.sh ca getcacert --caname My_ManagementCA -f /dev/stdout > cacert.pem
+}
+
+configureEjbca
diff --git a/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml
new file mode 100755
index 0000000..67a75c9
--- /dev/null
+++ b/scripts/sdnc/netconf-pnp-simulator/docker-compose.yml
@@ -0,0 +1,12 @@
+version: '3'
+
+services:
+ netconf-pnp-simulator:
+ image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.8.5
+ container_name: netconf-simulator
+ restart: always
+ ports:
+ - "830:830"
+ - "6513:6513"
+ volumes:
+ - ${NETCONF_CONFIG_PATH}:/config/modules/mynetconf
diff --git a/scripts/sdnc/netconf-pnp-simulator/netconf-config/data.json b/scripts/sdnc/netconf-pnp-simulator/netconf-config/data.json
new file mode 100644
index 0000000..63872ee
--- /dev/null
+++ b/scripts/sdnc/netconf-pnp-simulator/netconf-config/data.json
@@ -0,0 +1,10 @@
+{
+ "mynetconf:netconflist": {
+ "netconf": [
+ {
+ "netconf-id": 3,
+ "netconf-param": 3
+ }
+ ]
+ }
+}
diff --git a/scripts/sdnc/netconf-pnp-simulator/netconf-config/model.yang b/scripts/sdnc/netconf-pnp-simulator/netconf-config/model.yang
new file mode 100644
index 0000000..6c8c36a
--- /dev/null
+++ b/scripts/sdnc/netconf-pnp-simulator/netconf-config/model.yang
@@ -0,0 +1,29 @@
+module mynetconf {
+ yang-version 1.1;
+ namespace "urn:mynetconf:test";
+
+ prefix nft;
+
+ organization
+ "mynetconf";
+ contact
+ "my netconf address";
+ description
+ "yang model for mynetconf";
+ revision "2019-03-01" {
+ description
+ "initial version";
+ }
+
+ container netconflist {
+ list netconf {
+ key netconf-id;
+ leaf netconf-id {
+ type uint16;
+ }
+ leaf netconf-param {
+ type uint32;
+ }
+ }
+ }
+}
diff --git a/scripts/sdnc/netconf-pnp-simulator/netconf-config/subscriber.py b/scripts/sdnc/netconf-pnp-simulator/netconf-config/subscriber.py
new file mode 100755
index 0000000..6127296
--- /dev/null
+++ b/scripts/sdnc/netconf-pnp-simulator/netconf-config/subscriber.py
@@ -0,0 +1,136 @@
+#!/usr/bin/env python3
+
+__author__ = "Mislav Novakovic <mislav.novakovic@sartura.hr>"
+__copyright__ = "Copyright 2018, Deutsche Telekom AG"
+__license__ = "Apache 2.0"
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This sample application demonstrates use of Python programming language bindings for sysrepo library.
+# Original c application was rewritten in Python to show similarities and differences
+# between the two.
+#
+# Most notable difference is in the very different nature of languages, c is weakly statically typed language
+# while Python is strongly dynamically typed. Python code is much easier to read and logic easier to comprehend
+# for smaller scripts. Memory safety is not an issue but lower performance can be expected.
+#
+# The original c implementation is also available in the source, so one can refer to it to evaluate trade-offs.
+
+import sysrepo as sr
+import sys
+
+
+# Helper function for printing changes given operation, old and new value.
+def print_change(op, old_val, new_val):
+ if op == sr.SR_OP_CREATED:
+ print(f"CREATED: {new_val.to_string()}")
+ elif op == sr.SR_OP_DELETED:
+ print(f"DELETED: {old_val.to_string()}")
+ elif op == sr.SR_OP_MODIFIED:
+ print(f"MODIFIED: {old_val.to_string()} to {new_val.to_string()}")
+ elif op == sr.SR_OP_MOVED:
+ print(f"MOVED: {new_val.xpath()} after {old_val.xpath()}")
+
+
+# Helper function for printing events.
+def ev_to_str(ev):
+ if ev == sr.SR_EV_VERIFY:
+ return "verify"
+ elif ev == sr.SR_EV_APPLY:
+ return "apply"
+ elif ev == sr.SR_EV_ABORT:
+ return "abort"
+ else:
+ return "unknown"
+
+
+# Function to print current configuration state.
+# It does so by loading all the items of a session and printing them out.
+def print_current_config(session, module_name):
+ select_xpath = f"/{module_name}:*//*"
+
+ values = session.get_items(select_xpath)
+
+ if values is not None:
+ print("========== BEGIN CONFIG ==========")
+ for i in range(values.val_cnt()):
+ print(values.val(i).to_string(), end='')
+ print("=========== END CONFIG ===========")
+
+
+# Function to be called for subscribed client of given session whenever configuration changes.
+def module_change_cb(sess, module_name, event, private_ctx):
+ try:
+ print("========== Notification " + ev_to_str(event) + " =============================================")
+ if event == sr.SR_EV_APPLY:
+ print_current_config(sess, module_name)
+
+ print("========== CHANGES: =============================================")
+
+ change_path = f"/{module_name}:*"
+
+ it = sess.get_changes_iter(change_path)
+
+ while True:
+ change = sess.get_change_next(it)
+ if change is None:
+ break
+ print_change(change.oper(), change.old_val(), change.new_val())
+
+ print("========== END OF CHANGES =======================================")
+ except Exception as e:
+ print(e)
+
+ return sr.SR_ERR_OK
+
+
+def main():
+ # Notable difference between c implementation is using exception mechanism for open handling unexpected events.
+ # Here it is useful because `Connection`, `Session` and `Subscribe` could throw an exception.
+ try:
+ module_name = "ietf-interfaces"
+ if len(sys.argv) > 1:
+ module_name = sys.argv[1]
+ else:
+ print("\nYou can pass the module name to be subscribed as the first argument")
+
+ print(f"Application will watch for changes in {module_name}")
+
+ # connect to sysrepo
+ conn = sr.Connection(module_name)
+
+ # start session
+ sess = sr.Session(conn)
+
+ # subscribe for changes in running config */
+ subscribe = sr.Subscribe(sess)
+
+ subscribe.module_change_subscribe(module_name, module_change_cb)
+
+ try:
+ print_current_config(sess, module_name)
+ except Exception as e:
+ print(e)
+
+ print("========== STARTUP CONFIG APPLIED AS RUNNING ==========")
+
+ sr.global_loop()
+
+ print("Application exit requested, exiting.")
+
+ except Exception as e:
+ print(e)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties b/scripts/sdnc/sdnc/certs/certs.properties
similarity index 100%
rename from plans/sdnc/sdnc_netconf_tls_post_deploy/certs/certs.properties
rename to scripts/sdnc/sdnc/certs/certs.properties
diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip b/scripts/sdnc/sdnc/certs/keys0.zip
similarity index 100%
rename from plans/sdnc/sdnc_netconf_tls_post_deploy/certs/keys0.zip
rename to scripts/sdnc/sdnc/certs/keys0.zip
Binary files differ
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml b/scripts/sdnc/sdnc/config/mount.xml
similarity index 91%
rename from tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml
rename to scripts/sdnc/sdnc/config/mount.xml
index 108369b..0430525 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/data/mount.xml
+++ b/scripts/sdnc/sdnc/config/mount.xml
@@ -1,5 +1,5 @@
<node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
- <node-id>netopeer2</node-id>
+ <node-id>PNFDemo</node-id>
<key-based xmlns="urn:opendaylight:netconf-node-topology">
<key-id xmlns="urn:opendaylight:netconf-node-topology">ODL_private_key_0</key-id>
<username xmlns="urn:opendaylight:netconf-node-topology">netconf</username>
@@ -10,5 +10,5 @@
<protocol xmlns="urn:opendaylight:netconf-node-topology">
<name xmlns="urn:opendaylight:netconf-node-topology">TLS</name>
</protocol>
- <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">2</max-connection-attempts>
+ <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">5</max-connection-attempts>
</node>
diff --git a/scripts/sdnc/sdnc/docker-compose.yml b/scripts/sdnc/sdnc/docker-compose.yml
new file mode 100755
index 0000000..c47fab5
--- /dev/null
+++ b/scripts/sdnc/sdnc/docker-compose.yml
@@ -0,0 +1,50 @@
+version: '3'
+
+services:
+ mariadb:
+ image: nexus3.onap.org:10001/mariadb:10.1.11
+ ports:
+ - "3306:3306"
+ container_name: mariadb
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - MYSQL_ROOT_PASSWORD=password
+ hostname:
+ mariadb.so.testlab.onap.org
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "30m"
+ max-file: "5"
+
+ sdnc:
+ image: onap/sdnc-image:latest
+ container_name: sdnc
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - $SDNC_CERT_PATH:/opt/opendaylight/current/certs
+ entrypoint: ["/opt/onap/sdnc/bin/startODL.sh"]
+ ports:
+ - "8282:8181"
+ hostname:
+ sdnc
+ environment:
+ - MYSQL_ROOT_PASSWORD=password
+ - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties
+ - MYSQL_PASSWD=password
+ - ODL_ADMIN_USERNAME=admin
+ - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ depends_on:
+ - mariadb
+ dns:
+ - ${DNS_IP_ADDR-10.0.100.1}
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "30m"
+ max-file: "5"
+ extra_hosts:
+ - sdnctldb02:${LOCAL_IP}
+ - sdnctldb01:${LOCAL_IP}
+ - dbhost:${LOCAL_IP}
\ No newline at end of file
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/_init_.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/__init__.robot
similarity index 100%
rename from tests/sdnc/sdnc_netconf_tls_post_deploy/_init_.robot
rename to tests/sdnc/sdnc_netconf_tls_post_deploy/__init__.robot
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env
new file mode 100644
index 0000000..557860d
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env
@@ -0,0 +1,16 @@
+#Client Envs
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#CSR Config Envs
+COMMON_NAME=netconf.pnp.simulator.onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=netconf.com:netconfsimulator.com
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
new file mode 100644
index 0000000..2841179
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
@@ -0,0 +1,16 @@
+#Client CSR
+REQUEST_TIMEOUT=30000
+OUTPUT_PATH=/var/certs
+CA_NAME=RA
+KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PASSWORD=secret
+TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PASSWORD=secret
+#CSR Config Envs
+COMMON_NAME=sdnc.onap.org
+ORGANIZATION=Linux-Foundation
+ORGANIZATION_UNIT=ONAP
+LOCATION=San-Francisco
+STATE=California
+COUNTRY=US
+SANS=example.com:sample.com
\ No newline at end of file
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
new file mode 100644
index 0000000..ceff974
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/ClientManager.py
@@ -0,0 +1,179 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+__author__ = "Ajay Deep Singh (ajay.deep.singh@est.tech)"
+__copyright__ = "Copyright (C) 2020 Nordix Foundation"
+__license__ = "Apache 2.0"
+
+import os
+import shutil
+import subprocess
+
+import docker
+from OpenSSL import crypto
+from docker.types import Mount
+
+DEV_NULL = open(os.devnull, 'wb')
+NETCONF_PNP_SIM_CONTAINER_NAME = 'netconf-simulator'
+ARCHIVES_PATH = os.getenv("WORKSPACE") + "/archives/"
+
+
+class ClientManager:
+
+ def __init__(self, mount_path, truststore_path):
+ self.mount_path = mount_path
+ self.truststore_path = truststore_path
+ self.caCertPem = mount_path + '/ca.pem'
+ self.serverKeyPem = mount_path + '/server_key.pem'
+ self.serverCertPem = mount_path + '/server_cert.pem'
+ self.keystoreJksPath = mount_path + '/keystore.jks'
+ self.keystorePassPath = mount_path + '/keystore.pass'
+ self.truststoreJksPath = mount_path + '/truststore.jks'
+ self.truststorePassPath = mount_path + '/truststore.pass'
+
+ # Function Create docker container.
+ def run_client_container(self, client_image, container_name, path_to_env, request_url, network):
+ self.create_mount_dir()
+ client = docker.from_env()
+ environment = self.read_env_list_from_file(path_to_env)
+ environment.append("REQUEST_URL=" + request_url)
+ container = client.containers.run(
+ image=client_image,
+ name=container_name,
+ environment=environment,
+ network=network,
+ user='root',
+ mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'),
+ Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')],
+ detach=True
+ )
+ exitcode = container.wait()
+ return exitcode
+
+ # Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase.
+ def can_open_keystore_and_truststore_with_pass(self):
+ can_open_keystore = self.can_open_jks_file_with_pass_file(self.keystorePassPath, self.keystoreJksPath)
+ can_open_truststore = self.can_open_jks_file_with_pass_file(self.truststorePassPath, self.truststoreJksPath)
+ return can_open_keystore & can_open_truststore
+
+ # Method for Uploading Certificate in SDNC-Container.
+ # Creating/Uploading Server-key, Server-cert, Ca-cert PEM files in Netconf-Pnp-Simulator.
+ def can_install_keystore_and_truststore_certs(self, cmd, container_name):
+ continue_exec = True
+ if container_name == NETCONF_PNP_SIM_CONTAINER_NAME:
+ print("Generating PEM files for {0} from JKS files".format(container_name))
+ continue_exec = self.create_pem(self.keystorePassPath, self.keystoreJksPath, self.truststorePassPath,
+ self.truststoreJksPath)
+ if continue_exec:
+ print("Initiate Configuration Push for : {0}".format(container_name))
+ resp_code = self.execute_bash_config(cmd, container_name)
+ if resp_code == 0:
+ print("Execution Successful for: {0}".format(container_name))
+ return True
+ else:
+ print("Execution Failed for: {0}".format(container_name))
+ return False
+
+ def create_pem(self, keystore_pass_file_path, keystore_jks_file_path, truststore_pass_file_path,
+ truststore_jks_file_path):
+ # Create [server_key.pem, server_cert.pem, ca.pem] files for Netconf-Pnp-Simulation/TLS Configuration.
+ try:
+ keystore_p12 = self.get_pkcs12(keystore_pass_file_path, keystore_jks_file_path)
+ truststore_p12 = self.get_pkcs12(truststore_pass_file_path, truststore_jks_file_path)
+ with open(self.serverKeyPem, "wb+") as key_file:
+ key_file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, keystore_p12.get_privatekey()))
+ with open(self.serverCertPem, "wb+") as server_cert_file:
+ server_cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, keystore_p12.get_certificate()))
+ with open(self.caCertPem, "wb+") as ca_cert_file:
+ ca_cert_file.write(
+ crypto.dump_certificate(crypto.FILETYPE_PEM, truststore_p12.get_ca_certificates()[0]))
+ return True
+ except IOError as err:
+ print("I/O Error: {0}".format(err))
+ return False
+ except Exception as e:
+ print("UnExpected Error: {0}".format(e))
+ return False
+
+ def can_open_jks_file_with_pass_file(self, pass_file_path, jks_file_path):
+ try:
+ if jks_file_path.split('/')[-1] == 'truststore.jks':
+ pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_ca_certificates()[0]
+ else:
+ pkcs12 = self.get_pkcs12(pass_file_path, jks_file_path).get_certificate()
+ if pkcs12 is None:
+ return False
+ return True
+ except IOError as err:
+ print("I/O Error PKCS12 Creation failed: {0}".format(err))
+ return False
+ except Exception as e:
+ print("UnExpected Error PKCS12 Creation failed: {0}".format(e))
+ return False
+
+ def remove_client_container_and_save_logs(self, container_name, log_file_name):
+ client = docker.from_env()
+ container = client.containers.get(container_name)
+ text_file = open(ARCHIVES_PATH + container_name + '_' + log_file_name + ".log", "w")
+ text_file.write(container.logs())
+ text_file.close()
+ container.remove()
+ self.remove_mount_dir()
+
+ def create_mount_dir(self):
+ if not os.path.exists(self.mount_path):
+ os.makedirs(self.mount_path)
+
+ def remove_mount_dir(self):
+ shutil.rmtree(self.mount_path)
+
+ @staticmethod
+ def get_pkcs12(pass_file_path, jks_file_path):
+ # Load PKCS12 Object
+ password = open(pass_file_path, 'rb').read()
+ p12 = crypto.load_pkcs12(open(jks_file_path, 'rb').read(), password)
+ return p12
+
+ @staticmethod
+ def execute_bash_config(cmd, container_name):
+ # Run command with arguments. Wait for command to complete or timeout, return code attribute.
+ try:
+ resp_code = subprocess.call(["%s %s" % (cmd, container_name)], shell=True, stdout=DEV_NULL,
+ stderr=subprocess.STDOUT)
+ print("Response Code from Config.sh execution: {0}".format(resp_code))
+ return resp_code
+ except subprocess.CalledProcessError as e:
+ print("CalledProcessError Certificate installation failed in SDNC-ODL Container: {0}".format(e))
+ return 1 # Return Error Code
+
+ @staticmethod
+ def get_container_logs(container_name):
+ client = docker.from_env()
+ container = client.containers.get(container_name)
+ logs = container.logs()
+ return logs
+
+ @staticmethod
+ def read_env_list_from_file(path):
+ f = open(path, "r")
+ r_list = []
+ for line in f:
+ line = line.strip()
+ if line[0] != "#":
+ r_list.append(line)
+ return r_list
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh
new file mode 100755
index 0000000..cc6bf18
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# @author Ajay Deep Singh (ajay.deep.singh@est.tech)
+
+CONTAINER_NAME="$1"
+LOGFILE="${WORKSPACE}"/archives/config.log
+CONTAINER_ID=$(docker inspect --format="{{.Id}}" "$CONTAINER_NAME")
+
+OWNER="odl"
+DEST_DIR="/tmp"
+
+CERT_DIR="${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data/*
+
+function now_ms() {
+ date +"%Y-%m-%d %H:%M:%S.%3N"
+}
+
+function log() {
+ local level=$1
+ shift
+ local message="$*"
+ printf "%s %-5s %s\n" "$(now_ms)" "$level" "$message" >>"$LOGFILE"
+}
+
+# Copy [keystore.jks, truststore.jks, truststore.pass, keystore.pass] files into SDNC container.
+function docker_cp() {
+ local file=$1
+ docker cp "$file" "$CONTAINER_ID":"$DEST_DIR"
+ docker exec -u 0 "$CONTAINER_ID" chown "$OWNER":"$OWNER" "$DEST_DIR"/"${file##*/}"
+}
+
+# Run installCerts.py script to push X509 Certificates to SDNC-ODL Keystore/Truststore.
+function sdnc_conf() {
+ log INFO "Configuring SDNC-ODL Keystore..."
+ count=0
+ exit_code=false
+ for i in {1..4}; do
+ for file in $CERT_DIR; do
+ if [[ -f $file ]]; then
+ log INFO "Uploading file :" "$file"
+ docker_cp "$file"
+ count=$((count + 1))
+ fi
+ done
+ if [[ $count -eq 4 ]]; then
+ log INFO "SDNC JKS files upload successful"
+ exit_code=true
+ break
+ fi
+ log DEBUG "Waiting for JKS files to be uploaded to SDNC container.."
+ sleep 2m
+ done
+ if [[ "$exit_code" != "true" ]]; then
+ log DEBUG "JKS files Not found in $CERT_DIR"
+ exit 1 # Return error code
+ fi
+ sleep 2m
+ docker exec "$CONTAINER_ID" rm -rf /tmp/certs.properties
+ docker exec "$CONTAINER_ID" rm -rf /tmp/keys0.zip
+ if ! docker exec "$CONTAINER_ID" /usr/bin/python /opt/onap/sdnc/bin/installCerts.py; then
+ log DEBUG "Issue executing installCerts.py script"
+ docker cp "$CONTAINER_ID":/opt/opendaylight/data/log/installCerts.log "${WORKSPACE}"/archives
+ exit 1 # Return error code
+ fi
+ log INFO "Configuring SDNC-ODL Keystore successful"
+}
+
+# Copy [Server_key.pem, Server_cert.pem, Ca.pem] files into Netconf-Simulator container.
+# Reconfigure TLS config by invoking reconfigure-tls.sh script.
+function netconf-simulator_conf() {
+ log INFO "Configuring Netconf-Pnp-Simulator..."
+ count=0
+ exit_code=false
+ for i in {1..4}; do
+ for file in $CERT_DIR; do
+ if [[ -f $file && ${file: -4} == ".pem" ]]; then
+ log INFO "Uploading file :" "$file"
+ docker cp "$file" "$CONTAINER_ID":/config/tls
+ count=$((count + 1))
+ fi
+ done
+ if [[ $count -eq 3 ]]; then
+ log INFO "PEM files upload successful"
+ exit_code=true
+ break
+ fi
+ log DEBUG "Waiting for PEM files to be uploaded to Netconf-Pnp-Simulator.."
+ sleep 2m
+ done
+ if [[ "$exit_code" != "true" ]]; then
+ log DEBUG "PEM files Not found in $CERT_DIR"
+ exit 1 # Return error code
+ fi
+ sleep 2m
+ if ! docker exec "$CONTAINER_ID" /opt/bin/reconfigure-tls.sh; then
+ log DEBUG "Issue executing reconfigure-tls.sh script"
+ docker logs "$CONTAINER_ID" > "${WORKSPACE}"/archives/simulator.log
+ exit 1 # Return error code
+ fi
+ log INFO "Configuring Netconf-Pnp-Simulator successful"
+}
+
+# Push Config on SDNC, Netconf-Simulator.
+if [[ -n $CONTAINER_ID ]]; then
+ log INFO "Container Name: $CONTAINER_NAME, Container Id: $CONTAINER_ID"
+ if [[ "$CONTAINER_NAME" == "sdnc" ]]; then
+ sdnc_conf
+ elif [[ "$CONTAINER_NAME" == "netconf-simulator" ]]; then
+ netconf-simulator_conf
+ fi
+fi
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
new file mode 100644
index 0000000..8e36e65
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-keywords.robot
@@ -0,0 +1,84 @@
+*** Settings ***
+
+Resource ../../../common.robot
+Resource ./sdnc-properties.robot
+
+Library Collections
+Library RequestsLibrary
+Library HttpLibrary.HTTP
+Library ../libraries/ClientManager.py ${MOUNT_PATH} ${TRUSTSTORE_PATH}
+
+*** Keywords ***
+
+Create sessions
+ [Documentation] Create all required sessions
+ ${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY}
+ Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA} disable_warnings=1
+ Set Suite Variable ${https_valid_cert_session} alias
+
+Run Healthcheck
+ [Documentation] Run Healthcheck
+ ${resp}= Get Request ${https_valid_cert_session} /actuator/health
+ Should Be Equal As Strings ${resp.status_code} 200
+ Validate Recieved Response ${resp} status UP
+
+Validate Recieved Response
+ [Documentation] Validate message that has been received
+ [Arguments] ${resp} ${key} ${expected_value}
+ ${json}= Parse Json ${resp.content}
+ ${value}= Get From Dictionary ${json} ${key}
+ Should Be Equal As Strings ${value} ${expected_value}
+
+Send Get Request And Validate Response
+ [Documentation] Send request to passed url and validate received response
+ [Arguments] ${path} ${resp_code}
+ ${resp}= Get Request ${https_valid_cert_session} ${path}
+ Should Be Equal As Strings ${resp.status_code} ${resp_code}
+
+Send Get Request And Validate Response Sdnc
+ [Documentation] Send request to passed url and validate received response
+ [Arguments] ${path} ${resp_code}
+ Create Session sdnc_restconf ${SDNC_RESTCONF_URL}
+ &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json
+ ${resp}= Get Request sdnc_restconf ${path} headers=${headers}
+ Should Be Equal As Strings ${resp.status_code} ${resp_code}
+
+Send Get Request And Validate TLS Connection Response
+ [Documentation] Send request to passed url and validate received response
+ [Arguments] ${path} ${resp_code}
+ Create Session sdnc_restconf ${SDNC_RESTCONF_URL}
+ ${mount}= Get File ${REQUEST_DATA_PATH}${/}mount.xml
+ &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/xml Accept=application/xml
+ ${resp}= Put Request sdnc_restconf ${path} data=${mount} headers=${headers}
+ Should Be Equal As Strings ${resp.status_code} 201
+ Sleep 30
+ &{headers1}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json
+ ${resp1}= Get Request sdnc_restconf ${PNFSIM_MOUNT_PATH} headers=${headers1}
+ Should Be Equal As Strings ${resp1.status_code} ${resp_code}
+ Should Contain ${resp1.content} netconf-id
+ Should Contain ${resp1.content} netconf-param
+
+Send Delete Request And Validate PNF Mount Deleted
+ [Documentation] Send request to passed url and validate received response
+ [Arguments] ${path} ${resp_code}
+ Create Session sdnc_restconf ${SDNC_RESTCONF_URL}
+ ${mount}= Get File ${REQUEST_DATA_PATH}${/}mount.xml
+ &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json
+ ${deleteresponse}= Delete Request sdnc_restconf ${path} data=${mount} headers=${headers}
+ Should Be Equal As Strings ${deleteresponse.status_code} ${resp_code}
+ Sleep 30
+ ${del_topology}= Delete Request sdnc_restconf ${SDNC_NETWORK_TOPOLOGY}
+ ${del_keystore}= Delete Request sdnc_restconf ${SDNC_KEYSTORE_CONFIG_PATH}
+ Should Be Equal As Strings ${del_keystore.status_code} ${resp_code}
+ Should Be Equal As Strings ${del_topology.status_code} ${resp_code}
+
+Run Cert Service Client And Validate JKS File Creation And Client Exit Code
+ [Documentation] Run Cert Service Client Container And Validate Exit Code For SDNC
+ [Arguments] ${env_file} ${CONTAINER_NAME} ${expected_exit_code}
+ ${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
+ ${can_open}= Can Open Keystore And Truststore With Pass
+ ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONTAINER_NAME}
+ Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path
+ Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
+ Should Be True ${can_open} Cannot Open Keystore/TrustStore by Passphrase
+ Should Be True ${install_certs} Cannot Install Keystore/Truststore
\ No newline at end of file
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-properties.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-properties.robot
new file mode 100644
index 0000000..131a52f
--- /dev/null
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/resources/sdnc-properties.robot
@@ -0,0 +1,37 @@
+*** Variables ***
+
+# AAF CertService
+${NEXUS_DOCKER_REPO} nexus3.onap.org:10001
+
+${RA_CA_NAME} RA
+${CERT_SERVICE_PORT} 8443
+${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service
+${CERT_SERVICE_NETWORK} certservice_certservice
+${AAFCERT_URL} https://localhost:${CERT_SERVICE_PORT}
+${CERT_SERVICE_ENDPOINT} /v1/certificate/
+${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
+${ROOTCA} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/root.crt
+${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.crt
+${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/certs/certServiceServer.key
+
+#AAF CerService Client
+${CLIENT_CONTAINER_NAME} %{CLIENT_CONTAINER_NAME}
+${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
+${TRUSTSTORE_PATH} %{WORKSPACE}/plans/sdnc/sdnc_netconf_tls_post_deploy/certs
+
+# SDNC Configuration
+${REQUEST_DATA_PATH} %{REQUEST_DATA_PATH}
+${SDNC_CONTAINER_NAME} %{SDNC_CONTAINER_NAME}
+${SDNC_RESTCONF_URL} http://localhost:8282/restconf
+${SDNC_KEYSTORE_CONFIG_PATH} /config/netconf-keystore:keystore
+${SDNC_NETWORK_TOPOLOGY} /config/network-topology:network-topology
+${MOUNT_PATH} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data
+${SDNC_CSR_FILE} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/sdnc_csr.env
+${SDNC_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/PNFDemo
+${PNFSIM_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/PNFDemo/yang-ext:mount/mynetconf:netconflist
+
+# Netconf-Pnp-Simulator
+${NETCONF_PNP_SIM_CONTAINER_NAME} %{NETCONF_PNP_SIM_CONTAINER_NAME}
+${NETCONF_PNP_SIM_CSR_FILE} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/csr/netconf_pnp_simulator_csr.env
+${CONF_SCRIPT} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config.sh
+${CONF_TLS_SCRIPT} %{WORKSPACE}/tests/sdnc/sdnc_netconf_tls_post_deploy/libraries/config_tls.sh
\ No newline at end of file
diff --git a/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot b/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot
index 75283dc..c2b35e1 100644
--- a/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot
+++ b/tests/sdnc/sdnc_netconf_tls_post_deploy/sdnc_post_deploy_cert_check.robot
@@ -1,39 +1,60 @@
*** Settings ***
-Library Collections
-Library RequestsLibrary
-Library OperatingSystem
-Library json
-Library String
-*** Variables ***
-${SDNC_KEYSTORE_CONFIG_PATH} /config/netconf-keystore:keystore
-${SDNC_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/netopeer2
-${PNFSIM_MOUNT_PATH} /config/network-topology:network-topology/topology/topology-netconf/node/netopeer2/yang-ext:mount/mynetconf:netconflist
+Documentation SDNC, Netconf-Pnp-Simulator E2E Test Case Scenarios
- *** Test Cases ***
- Test SDNC Keystore
- [Documentation] Checking keystore after SDNC installation
- Create Session sdnc http://localhost:8282/restconf
- &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json
- ${resp}= Get Request sdnc ${SDNC_KEYSTORE_CONFIG_PATH} headers=${headers}
- Should Be Equal As Strings ${resp.status_code} 200
- ${keystoreContent}= Convert To String ${resp.content}
- Log to console *************************
- Log to console ${resp.content}
- Log to console *************************
+Library RequestsLibrary
+Resource ./resources/sdnc-keywords.robot
-# Test SDNC PNF Mount
-# [Documentation] Checking PNF mount after SDNC installation
-# Create Session sdnc http://localhost:8282/restconf
-# ${mount}= Get File ${CURDIR}${/}data${/}mount.xml
-# Log to console ${mount}
-# &{headers}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/xml Accept=application/xml
-# ${resp}= Put Request sdnc ${SDNC_MOUNT_PATH} data=${mount} headers=${headers}
-# Should Be Equal As Strings ${resp.status_code} 201
-# Sleep 30
-# &{headers1}= Create Dictionary Authorization=Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== Content-Type=application/json Accept=application/json
-# ${resp1}= Get Request sdnc ${PNFSIM_MOUNT_PATH} headers=${headers1}
-# Should Be Equal As Strings ${resp1.status_code} 200
-# Log to console ${resp1.content}
-# Should Contain ${resp1.content} netconf-id
-# Should Contain ${resp1.content} netconf-param
\ No newline at end of file
+Suite Setup Create sessions
+
+*** Test Cases ***
+
+Health Check AAF CertService
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Service is Up and Running
+ Run health check
+
+Reload AAF CertService Configuration
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Configuration is Reloaded
+ Send Get Request And Validate Response /reload 200
+
+Check AAF CertService Container Is Ready
+ [Tags] AAF-CERT-SERVICE
+ [Documentation] Send Request to /ready Endpoint and Expect 200
+ Send Get Request And Validate Response /ready 200
+
+Check SDNC Keystore For Netopeer2 Certificates
+ [Tags] SDNC-NETOPEER2-CERT-DEPLOYMENT
+ [Documentation] Checking Keystore after SDNC istallation
+ Send Get Request And Validate Response Sdnc ${SDNC_KEYSTORE_CONFIG_PATH} 200
+
+Check SDNC And PNF TLS Connection Over Netopeer2 Certificates
+ [Tags] SDNC-PNF-TLS-CONNECTION-CHECK
+ [Documentation] Checking PNF Mount after SDNC Installation
+ Send Get Request And Validate TLS Connection Response ${SDNC_MOUNT_PATH} 200
+
+Check PNF Delete And Remove Netopeer2 Certificates From Keystore
+ [Tags] SDNC-PNF-MOUNT-DELETE-CLEAR-KEYSTORE
+ [Documentation] Checking PNF Mount Delete from SDNC
+ Send Delete Request And Validate PNF Mount Deleted ${SDNC_MOUNT_PATH} 200
+
+Check AAF-CertService Successfully Creates Certificates for SDNC
+ [Tags] AAF-CERT-SERVICE-SDNC
+ [Documentation] Run with SDNC CSR and Expected Exit Code 0
+ Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${SDNC_CSR_FILE} ${SDNC_CONTAINER_NAME} 0
+
+Check SDNC-ODL Certificates Installation In Keystore And Truststore
+ [Tags] SDNC-ODL-CERTIFICATE-KEYSTORE-VALIDATE
+ [Documentation] Validate Certificates Got Installed in SDNC-ODL Keystore
+ Send Get Request And Validate Response Sdnc ${SDNC_KEYSTORE_CONFIG_PATH} 200
+
+Check AAF-CertService Successfully Creates Certificates for Netconf-Pnp-Simulator
+ [Tags] AAF-CERT-SERVICE-NETCONF_PNP_SIMULATOR
+ [Documentation] Run with NETCONF-PNP-SIMULATOR CSR and Expect Exit Code 0
+ Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${NETCONF_PNP_SIM_CSR_FILE} ${NETCONF_PNP_SIM_CONTAINER_NAME} 0
+
+Check SDNC-ODL Netconf-Pnp-Simulatore TLS Connection Establishment
+ [Tags] SDNC-ODL-NETCONF-PNP_SIMULATION-TLS-CONNECTION
+ [Documentation] Validate SDNC-ODL and Netconf-Pnp-Simulation TLS Connection Establishment
+ Send Get Request And Validate TLS Connection Response ${SDNC_MOUNT_PATH} 200
\ No newline at end of file