New test to check PKI AEF flog (3651ce08) · Commits · OCF / documentation

doc/testing/testplan/api_security_service/README.md

+55 −0

Original line number	Diff line number	Diff line
		@@ -1341,6 +1341,61 @@ At this documentation you will have all information and related files and exampl
		* error invalid_scope
		* error_description=One of the api names does not exist or is not associated with the aef id provided

		## Test Case 28: Retrieve Security Context from AEF using PKI-secured API Invoker

		Test ID:: *capif_security_api-28, smoke*

		Description:

		Validate that the AEF can successfully retrieve the security context of an API Invoker when the selected security method is PKI and it contains CA root at *authenticationInfo* attribute inside securityInfo.

		Pre-Conditions:

		* API Invoker is pre-authorised and Provider is also authorized

		Execution Steps:

		1. Register and onboard Invoker at CCF.
		2. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF with only PKI as security method allowed.
		3. Create Security Context indicating all security methods security methods as preferred in *prefSecurityMethods* attribute.
		4. Retrieve Security Context by AEF.

		Information of Test:

		1. Perform [Invoker Onboarding] and [Provider Registration]

		2. Publish Service API at CCF:
		* Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
		* body [service api description] with apiName service_1
		* apiName: service_1
		* securityMethods: PKI
		* Use APF Certificate

		3. Create Security Context for this Invoker
		* Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
		* body [service security body]
		* prefSecurityMethods: ['PKI','PSK','OAUTH']
		* Using Invoker Certificate.
		* Create Security Information Body with one securityInfo for each aef present at each serviceAPIDescription present at Discover.

		4. Retrieve Service Security by AEF:
		* Sent GET https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true.
		* Query parameters *authenticationInfo* and *authorizationInfo* set to true.
		* Using AEF Certificate

		Expected Result:

		1. Response to Security Context Creation:
		1. 200 OK response.
		2. body returned must accomplish ServiceSecurity data structure, with:
		* *selSecurityMethod* inside *securityInfo: PKI*

		2. Response to GET Service Security:
		1. 200 OK Response.
		2. body returned must accomplish ServiceSecurity
		1. *securityinfo* attribue only contains one item with *authenticationInfo* containing CA root.



		[Return To All Test Plans]: ../README.md
		[service security body]: ./service_security.json "Service Security Request"

Original line number	Diff line number	Diff line
		@@ -1341,6 +1341,61 @@ At this documentation you will have all information and related files and exampl
		* error invalid_scope
		* error_description=One of the api names does not exist or is not associated with the aef id provided

		## Test Case 28: Retrieve Security Context from AEF using PKI-secured API Invoker

		Test ID:: *capif_security_api-28, smoke*

		Description:

		Validate that the AEF can successfully retrieve the security context of an API Invoker when the selected security method is PKI and it contains CA root at *authenticationInfo* attribute inside securityInfo.

		Pre-Conditions:

		* API Invoker is pre-authorised and Provider is also authorized

		Execution Steps:

		1. Register and onboard Invoker at CCF.
		2. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF with only PKI as security method allowed.
		3. Create Security Context indicating all security methods security methods as preferred in *prefSecurityMethods* attribute.
		4. Retrieve Security Context by AEF.

		Information of Test:

		1. Perform [Invoker Onboarding] and [Provider Registration]

		2. Publish Service API at CCF:
		* Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
		* body [service api description] with apiName service_1
		* apiName: service_1
		* securityMethods: PKI
		* Use APF Certificate

		3. Create Security Context for this Invoker
		* Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
		* body [service security body]
		* prefSecurityMethods: ['PKI','PSK','OAUTH']
		* Using Invoker Certificate.
		* Create Security Information Body with one securityInfo for each aef present at each serviceAPIDescription present at Discover.

		4. Retrieve Service Security by AEF:
		* Sent GET https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true.
		* Query parameters *authenticationInfo* and *authorizationInfo* set to true.
		* Using AEF Certificate

		Expected Result:

		1. Response to Security Context Creation:
		1. 200 OK response.
		2. body returned must accomplish ServiceSecurity data structure, with:
		* *selSecurityMethod* inside *securityInfo: PKI*

		2. Response to GET Service Security:
		1. 200 OK Response.
		2. body returned must accomplish ServiceSecurity
		1. *securityinfo* attribue only contains one item with *authenticationInfo* containing CA root.



		[Return To All Test Plans]: ../README.md
		[service security body]: ./service_security.json "Service Security Request"