diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
index cde9ddef..d1f781e5 100644
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -94,4 +94,109 @@ jobs:
RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
-
+ build-maven-apitest-keymanager:
+ permissions:
+ contents: read
+ uses: mosip/kattu/.github/workflows/maven-build.yml@master-java21
+ with:
+ SERVICE_LOCATION: ./api-test
+ BUILD_ARTIFACT: apitest-keymanager
+ secrets:
+ OSSRH_USER: ${{ secrets.OSSRH_USER }}
+ OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }}
+ OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
+ GPG_SECRET: ${{ secrets.GPG_SECRET }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+ sonar_analysis_apitest_keymanager:
+ needs: build-maven-apitest-keymanager
+ if: "${{ github.event_name != 'pull_request' }}"
+ permissions:
+ contents: read
+ uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@master-java21
+ with:
+ SERVICE_LOCATION: ./api-test
+ secrets:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ ORG_KEY: ${{ secrets.ORG_KEY }}
+ OSSRH_USER: ${{ secrets.OSSRH_USER }}
+ OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }}
+ OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
+ GPG_SECRET: ${{ secrets.GPG_SECRET }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+ build-apitest-keymanager-local:
+ needs: build-maven-apitest-keymanager
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ env:
+ NAMESPACE: ${{ secrets.dev_namespace_docker_hub }}
+ SERVICE_NAME: apitest-keymanager
+ SERVICE_LOCATION: api-test
+ BUILD_ARTIFACT: apitest-keymanager-local
+ steps:
+ - uses: actions/checkout@v3
+ - name: Set up JDK 21
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'temurin'
+ java-version: 21
+ server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+ settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+ - name: Setup the settings file for ossrh server
+ run: echo " ossrh ${{secrets.ossrh_user}} ${{secrets.ossrh_secret}} ossrh true gpg2 ${{secrets.gpg_secret}} allow-snapshots true central-snapshots https://central.sonatype.com/repository/maven-snapshots false true snapshots-repo https://oss.sonatype.org/content/repositories/snapshots false true releases-repo https://oss.sonatype.org/service/local/staging/deploy/maven2 true false sonar . https://sonarcloud.io false " > $GITHUB_WORKSPACE/settings.xml
+
+ - name: Build Automationtests with Maven
+ run: |
+ cd ${{ env.SERVICE_LOCATION}}
+ mvn clean package -s $GITHUB_WORKSPACE/settings.xml
+ - name: Copy configuration files to target directory.
+ run: |
+ cp -r ${{ env.SERVICE_LOCATION}}/target/classes/config ${{ env.SERVICE_LOCATION}}/target/config
+ cp -r ${{ env.SERVICE_LOCATION}}/testNgXmlFiles ${{ env.SERVICE_LOCATION}}/target/testNgXmlFiles
+ - name: Ready the springboot artifacts
+ if: ${{ !contains(github.ref, 'master') && !contains(github.ref, 'main') }}
+ run: |
+ ## FIND JARS & COPY ONLY EXECUTABLE JARs STORED UNDER TARGET DIRECTORY
+ find ${{ env.SERVICE_LOCATION }} -path '*/target/*' -exec zip ${{ env.BUILD_ARTIFACT }}.zip {} +
+ - name: Upload the springboot jars
+ if: ${{ !contains(github.ref, 'master') && !contains(github.ref, 'main') }}
+ uses: actions/upload-artifact@v4
+ with:
+ name: ${{ env.BUILD_ARTIFACT }}
+ path: ${{ env.BUILD_ARTIFACT }}.zip
+
+ - uses: 8398a7/action-slack@v3
+ with:
+ status: ${{ job.status }}
+ fields: repo,message,author,commit,workflow,job # selectable (default: repo,message)
+ env:
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required
+ if: failure() # Pick up events even if the job fails or is canceled.
+
+ build-dockers-apitest-keymanager:
+ needs: build-apitest-keymanager-local
+ permissions:
+ contents: read
+ strategy:
+ matrix:
+ include:
+ - SERVICE_LOCATION: 'api-test'
+ SERVICE_NAME: 'apitest-keymanager'
+ BUILD_ARTIFACT: 'apitest-keymanager-local'
+ ONLY_DOCKER: true
+ fail-fast: false
+ name: ${{ matrix.SERVICE_NAME }}
+ uses: mosip/kattu/.github/workflows/docker-build.yml@master-java21
+ with:
+ SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }}
+ SERVICE_NAME: ${{ matrix.SERVICE_NAME }}
+ BUILD_ARTIFACT: ${{ matrix.BUILD_ARTIFACT }}
+ ONLY_DOCKER: ${{ matrix.ONLY_DOCKER }}
+ secrets:
+ DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
+ ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
+ RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.gitignore b/.gitignore
index 579a0cbf..89bb7f2a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,10 +22,15 @@ local.properties
.loadpath
.DS_Store
test.txt
-.idea/
.settings/
.sonarlint/
.recommenders/
/.recommenders/
**/*.iml
-.vscode
+testng-report/
+test-output/
+
+# Share IntelliJ run configurations, ignore the rest of .idea
+.idea/*
+!.idea/runConfigurations
+!.idea/runConfigurations/**
diff --git a/api-test/Dockerfile b/api-test/Dockerfile
new file mode 100644
index 00000000..8ab2efa8
--- /dev/null
+++ b/api-test/Dockerfile
@@ -0,0 +1,63 @@
+FROM mosipid/openjdk-21-jre:21.0.4
+
+ARG SOURCE
+ARG COMMIT_HASH
+ARG COMMIT_ID
+ARG BUILD_TIME
+LABEL source=${SOURCE}
+LABEL commit_hash=${COMMIT_HASH}
+LABEL commit_id=${COMMIT_ID}
+LABEL build_time=${BUILD_TIME}
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user=mosip
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_group=mosip
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_uid=1001
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_gid=1001
+
+ARG KUBECTL_VERSION=1.22.9
+
+# set working directory for the user
+WORKDIR /home/${container_user}
+
+ENV work_dir=/home/${container_user}
+
+# Combine all necessary files into a single COPY command
+COPY ./api-test/target $work_dir/
+COPY entrypoint.sh $work_dir
+
+# install packages and create user
+RUN apt-get -y update \
+&& apt-get install -y --no-install-recommends unzip jq curl \
+&& rm -rf /var/lib/apt/lists/* \
+&& groupadd -g ${container_user_gid} ${container_user_group} \
+&& useradd -u ${container_user_uid} -g ${container_user_group} -s /bin/bash -m ${container_user} \
+&& curl -fLO "https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
+&& curl -fLO "https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256" \
+&& echo "$(cat kubectl.sha256) kubectl" | sha256sum -c - \
+&& rm kubectl.sha256 \
+&& mkdir -p /home/${container_user} \
+&& chmod +x kubectl $work_dir/entrypoint.sh \
+&& mv kubectl /usr/local/bin/ \
+&& chown -R ${container_user}:${container_user} /home/${container_user} /etc/ssl/certs/java/cacerts \
+&& chmod 644 /etc/ssl/certs/java/cacerts
+
+#select container user for all tasks
+USER ${container_user_uid}:${container_user_gid}
+
+WORKDIR ${work_dir}
+
+EXPOSE 8083
+
+ENV MODULES=
+ENV ENV_USER=
+ENV ENV_ENDPOINT=
+ENV ENV_TESTLEVEL=smokeAndRegression
+
+ENTRYPOINT ["./entrypoint.sh"]
diff --git a/api-test/README.md b/api-test/README.md
new file mode 100644
index 00000000..599f6223
--- /dev/null
+++ b/api-test/README.md
@@ -0,0 +1,211 @@
+# Key Manager API Test Rig
+
+## Overview
+
+The **Key Manager API Test Rig** is designed for the execution of module-wise automation API tests for the MOSIP Key Manager service. This test rig utilizes **Java REST Assured** and **TestNG** frameworks to automate testing of the Key Manager API functionalities. The key focus is to validate master key generation, CSR generation, certificate upload/validation, EC sign key generation and related key management functionalities provided by the Key Manager module.
+
+---
+
+## Test Categories
+
+- **Smoke**: Contains only positive test scenarios for quick verification.
+- **Regression**: Includes all test scenarios, covering both positive and negative cases.
+
+---
+
+## Coverage
+
+This test rig covers only **external API endpoints** exposed by the Key Manager service module.
+
+---
+
+## Pre-requisites
+
+Before running the automation tests, ensure the following software is installed on the machine:
+
+- **Java 21** ([download here](https://jdk.java.net/))
+- **Maven 3.9.6** or higher ([installation guide](https://maven.apache.org/install.html))
+- **Lombok** (Refer to [Lombok Project](https://projectlombok.org/))
+- **settings.xml** ([download here](https://github.com/mosip/mosip-functional-tests/blob/master/settings.xml))
+
+### For Windows
+
+- **Git Bash 2.18.0** or higher
+- Ensure the `settings.xml` file is present in the `.m2` folder.
+
+### For Linux
+
+- The `settings.xml` file should be present in two places:
+ - In the regular Maven configuration folder (`/conf`)
+ - Under `/usr/local/maven/conf/`
+
+### Shared commons library
+
+All modules depend on `apitest-commons`. If it changed locally, rebuild it before rebuilding this module:
+
+```sh
+cd mosip-functional-tests/apitest-commons
+mvn clean install -Dgpg.skip=true -Dmaven.gitcommitid.skip=true
+```
+
+---
+
+## Access Test Automation Code
+
+You can access the test automation code using either of the following methods:
+
+### From Browser
+
+1. Clone or download the repository as a zip file from [GitHub](https://github.com/mosip/keymanager).
+2. Unzip the contents to your local machine.
+3. Open a terminal (Linux) or command prompt (Windows) and continue with the following steps.
+
+### From Git Bash
+
+1. Copy the Git repository URL: `https://github.com/mosip/keymanager`
+2. Open **Git Bash** on your local machine.
+3. Run the following command to clone the repository:
+ ```sh
+ git clone https://github.com/mosip/keymanager
+ ```
+
+---
+
+## Update the property file
+
+1. Navigate to the `keymanager.properties` file located at:
+ `keymanager/api-test/src/main/resources/config/keymanager.properties`
+2. Open the file in your preferred editor.
+3. Update the Keycloak/database passwords and client secret values as per your environment. These are intentionally left blank in the repository and must never be committed with real values.
+
+---
+
+## Build Test Automation Code
+
+Once the repository is cloned or downloaded, follow these steps to build and install the test automation code:
+
+1. Navigate to the project directory:
+ ```sh
+ cd api-test
+ ```
+
+2. Build the project using Maven:
+ ```sh
+ mvn clean install -Dgpg.skip=true -Dmaven.gitcommitid.skip=true
+ ```
+
+This will download the required dependencies and prepare the test suite for execution.
+
+---
+
+## Execute Test Automation Suite
+
+You can execute the test automation code using any of the following methods:
+
+### Using Jar
+
+1. Navigate to the `target` directory where the JAR file is generated:
+ ```sh
+ cd target/
+ ```
+
+2. Run the automation test suite JAR file:
+ ```sh
+ java -Dmodules=keymanager -Denv.user= -Denv.endpoint= -Denv.testLevel=smokeAndRegression -Xmx2G -jar apitest-keymanager-1.0.0-SNAPSHOT-jar-with-dependencies.jar
+ ```
+
+### Using Maven
+
+```sh
+mvn clean install -Dgpg.skip=true -Dmaven.gitcommitid.skip=true -Dmodules=keymanager -Denv.user=
+```
+
+### Using Eclipse IDE
+
+1. **Install Eclipse (Latest Version)** — download from the [Eclipse Downloads](https://www.eclipse.org/downloads/) page.
+
+2. **Import the Maven Project**
+ - Open Eclipse IDE.
+ - Go to `File` > `Import`.
+ - In the **Import** wizard, select `Maven` > `Existing Maven Projects`, then click **Next**.
+ - Browse to the location where the `api-test` folder is saved (either from the cloned Git repository or downloaded zip).
+ - Select the folder, and Eclipse will automatically detect the Maven project. Click **Finish** to import the project.
+
+3. **Build the Project**
+ - Right-click on the project in the **Project Explorer** and select `Maven` > `Update Project`.
+ - This will download the required dependencies as defined in the `pom.xml` and ensure everything is correctly set up.
+
+4. **Create a Run Configuration**
+ - Go to `Run` > `Run Configurations`.
+ - Right-click on **Java Application** and select **New**.
+ - In the **Main** tab, select the project and set the **Main class** to `io.mosip.testrig.apirig.keymanager.testrunner.MosipTestRunner`.
+ - In the **Arguments** tab, add the following **VM arguments**:
+ ```
+ -Dmodules=keymanager -Denv.user= -Denv.endpoint= -Denv.testLevel=smokeAndRegression -Xmx2G
+ ```
+ - Click **Run** (or **Debug** to troubleshoot with breakpoints).
+
+### Using IntelliJ IDEA
+
+1. Open the `api-test` folder (or the `keymanager` repo root) in IntelliJ IDEA as a Maven project and let it import.
+2. Create an `Application` run configuration with the following settings and replace `` / `` in the **VM options** field with your target environment:
+ ```
+ -Dmodules=keymanager -Denv.user= -Denv.endpoint= -Denv.testLevel=smokeAndRegression -Xmx2G
+ ```
+ - Main class: `io.mosip.testrig.apirig.keymanager.testrunner.MosipTestRunner`
+ - Working directory: `api-test`
+3. Click **Run** or **Debug**.
+
+### Using VS Code
+
+1. Open the `api-test` folder in VS Code with the **Extension Pack for Java** installed.
+2. Create a launch configuration for the main class `io.mosip.testrig.apirig.keymanager.testrunner.MosipTestRunner` with `vmArgs` set to your target environment:
+ ```
+ -Dmodules=keymanager -Denv.user= -Denv.endpoint= -Denv.testLevel=smokeAndRegression -Xmx2G
+ ```
+3. Use the **Run and Debug** panel to launch or debug the configuration.
+
+---
+
+## 6. View Test Results
+
+- After the tests are executed, you can view the detailed results in the `api-test/testng-report` directory.
+- The report will have two sections:
+ - One section for pre-requisite APIs test cases.
+ - Another section for core test cases.
+
+---
+
+## Test Report Column Definitions
+
+This section describes the meaning of each column in the test report:
+- **Total (T)** — The total number of test cases considered in the report.
+- **Passed (P)** — Indicates the number of test cases that executed successfully with the expected results.
+- **Failed (F)** — Indicates the number of test cases that failed due to issues such as output validation mismatches or unexpected errors during execution.
+- **Skipped (S)** — Represents test cases that were not executed due to missing prerequisites or data dependencies.
+- **Ignored (I)** — Represents test cases that were intentionally not executed due to limitations such as unsupported features, incompatibilities, or undeployed services.
+- **Known Issues (KI)** — Indicates test cases that failed but are already acknowledged as known issues for the current release, typically linked with a bug or defect ID.
+
+## Details of Arguments Used
+
+- **env.user**: Replace `` with the appropriate environment name (e.g., `dev`, `qa`, etc.).
+- **env.endpoint**: The environment where the application under test is deployed. Replace `` with the correct base URL for the environment (e.g., `https://api-internal..mosip.net`).
+- **env.testLevel**: Set this to `smoke` to run only smoke test cases, or `smokeAndRegression` to run both smoke and regression tests.
+- **jar**: Specify the name of the JAR file to execute. The version will change according to the development code version — for example, the current version is `apitest-keymanager-1.0.0-SNAPSHOT-jar-with-dependencies.jar`.
+
+### Running a subset of test cases
+
+Set `testCasesToExecute` in `keymanager.properties` to a comma-separated list of `uniqueIdentifier` values, or use `moduleNamePattern` for module-level filtering:
+
+```properties
+testCasesToExecute = TC_KeyManager_GetCertificate_01,TC_KeyManager_GenerateCSR_01
+moduleNamePattern = (keymanager)
+```
+
+To skip specific test cases at runtime, add their names (one per line) to `src/main/resources/testCaseSkippedList.txt` — these are loaded at startup and silently skipped.
+
+---
+
+## License
+
+This project is licensed under the terms of the [Mozilla Public License 2.0](https://github.com/mosip/mosip-platform/blob/master/LICENSE)
\ No newline at end of file
diff --git a/api-test/entrypoint.sh b/api-test/entrypoint.sh
new file mode 100644
index 00000000..9e51b1ff
--- /dev/null
+++ b/api-test/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+## Run automationtests
+exec java -Dmodules="$MODULES" -Denv.user="$ENV_USER" -Denv.endpoint="$ENV_ENDPOINT" -Denv.testLevel="$ENV_TESTLEVEL" -jar apitest-keymanager-*-jar-with-dependencies.jar
\ No newline at end of file
diff --git a/api-test/pom.xml b/api-test/pom.xml
new file mode 100644
index 00000000..bcf3b70b
--- /dev/null
+++ b/api-test/pom.xml
@@ -0,0 +1,288 @@
+
+ 4.0.0
+ io.mosip.testrig.apitest.keymanager
+ apitest-keymanager
+ jar
+ apitest-keymanager
+ API test automation for MOSIP Key Manager service
+ https://github.com/mosip/keymanager
+ 1.0.0-SNAPSHOT
+
+
+
+ MPL 2.0
+ https://www.mozilla.org/en-US/MPL/2.0/
+
+
+
+
+ scm:git:git://github.com/mosip/keymanager.git
+ scm:git:ssh://github.com:mosip/keymanager.git
+ https://github.com/mosip/keymanager
+ HEAD
+
+
+
+
+ Mosip
+ mosip.emailnotifier@gmail.com
+ io.mosip
+ https://github.com/mosip/keymanager
+
+
+
+
+
+ ossrh
+ CentralRepository
+ https://oss.sonatype.org/content/repositories/snapshots
+ default
+
+ true
+
+
+
+ central
+ MavenCentral
+ default
+ https://repo1.maven.org/maven2
+
+ false
+
+
+
+ google
+ GoogleMaven
+ default
+ https://maven.google.com
+
+ false
+
+
+
+
+
+ UTF-8
+ 21
+ 21
+ 3.8.0
+ 3.0.2
+ 3.1.0
+ 3.2.0
+ 1.5
+ 3.2.4
+ 3.0.0
+ 2.2.1
+ 3.0.1
+ apitest-keymanager-1.0.0-SNAPSHOT-jar-with-dependencies
+
+
+
+
+ io.mosip.testrig.apitest.commons
+ apitest-commons
+ 1.7.0-SNAPSHOT
+
+
+
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+
+
+ attach-javadocs
+
+ jar
+
+
+
+
+ none
+
+
+
+ maven-compiler-plugin
+ ${maven.compiler.version}
+
+ ${maven.compiler.source}
+ ${maven.compiler.target}
+ -Dfile.encoding=UTF-8
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ ${maven.javadoc.version}
+
+ none
+
+
+
+ pl.project13.maven
+ git-commit-id-plugin
+ ${git.commit.id.plugin.version}
+
+
+ populate-git-commit-information
+
+ revision
+
+
+ true
+ MM/dd/yyyy HH:mm:ss Z
+ 8
+ true
+
+ ${project.build.outputDirectory}/git.properties
+
+
+
+
+ ${project.basedir}/.git
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ ${maven.gpg.plugin.version}
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+ --pinentry-mode
+ loopback
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-shade-plugin
+ ${maven.shade.plugin.version}
+
+
+
+ shade
+
+
+ ${fileName}
+
+
+
+
+ io.mosip.testrig.apirig.keymanager.testrunner.MosipTestRunner
+
+
+
+
+ *:*
+
+ META-INF/*.SF
+ META-INF/*.DSA
+ META-INF/*.RSA
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ ${maven.jar.plugin.version}
+
+
+
+ true
+ true
+
+
+ ${project.name}
+ ${project.version}
+ ${user.name}
+ ${os.name}
+ ${maven.build.timestamp}
+ ${env.BUILD_NUMBER}
+ ${env.BUILD_ID}
+ ${env.BUILD_URL}
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-war-plugin
+ ${maven.war.plugin.version}
+
+
+
+ true
+ true
+
+
+ ${project.name}
+ ${project.version}
+ ${user.name}
+ ${os.name}
+ ${maven.build.timestamp}
+ ${env.BUILD_NUMBER}
+ ${env.BUILD_ID}
+ ${env.BUILD_URL}
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ ${maven.source.plugin.version}
+
+
+ attach-sources
+
+ jar-no-fork
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-antrun-plugin
+ ${maven.antrun.plugin.version}
+
+
+ make-jar-executable
+ package
+
+ run
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testrunner/MosipTestRunner.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testrunner/MosipTestRunner.java
new file mode 100644
index 00000000..9f9fd9bc
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testrunner/MosipTestRunner.java
@@ -0,0 +1,211 @@
+package io.mosip.testrig.apirig.keymanager.testrunner;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+import io.mosip.testrig.apirig.testrunner.OTPListener;
+import io.mosip.testrig.apirig.utils.*;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.TestNG;
+
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.BaseTestCase;
+import io.mosip.testrig.apirig.testrunner.ExtractResource;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+
+/**
+ * Entry point for Key Manager API test execution.
+ */
+public class MosipTestRunner {
+ private static final Logger LOGGER = Logger.getLogger(MosipTestRunner.class);
+ private static String cachedPath = null;
+ private static String generateDependency;
+
+ public static String jarUrl = MosipTestRunner.class.getProtectionDomain().getCodeSource().getLocation().getPath();
+ public static List languageList = new ArrayList<>();
+ public static boolean skipAll = false;
+
+ public static void main(String[] arg) {
+ boolean testRunSucceeded = false;
+ try {
+ LOGGER.info("** ------------- Key Manager API Test Rig Started --------------------------------------------- **");
+ setLogLevels();
+ BaseTestCase.setRunContext(getRunType(), jarUrl);
+ ExtractResource.removeOldMosipTestTestResource();
+ if (getRunType().equalsIgnoreCase("JAR")) {
+ ExtractResource.extractCommonResourceFromJar();
+ } else {
+ ExtractResource.copyCommonResources();
+ }
+ AdminTestUtil.init();
+ KeyManagerConfigManager.init();
+ suiteSetup(getRunType());
+ SkipTestCaseHandler.loadTestcaseToBeSkippedList("testCaseSkippedList.txt");
+ GlobalMethods.setModuleNameAndReCompilePattern(KeyManagerConfigManager.getproperty("moduleNamePattern"));
+ setLogLevels();
+
+ HealthChecker healthcheck = new HealthChecker();
+ healthcheck.setCurrentRunningModule(BaseTestCase.currentModule);
+ Thread trigger = new Thread(healthcheck);
+ trigger.start();
+
+ KeycloakUserManager.removeUser();
+ KeycloakUserManager.createUsers();
+ KeycloakUserManager.closeKeycloakInstance();
+
+ generateDependency = KeyManagerConfigManager.getproperty("generateDependencyJson");
+
+ if (!"yes".equalsIgnoreCase(generateDependency)) {
+ String testCasesToExecute = KeyManagerConfigManager.getproperty("testCasesToExecute");
+ LOGGER.info("Testcases to execute as per config: " + testCasesToExecute);
+
+ if (testCasesToExecute != null && !testCasesToExecute.isBlank()) {
+ DependencyResolver.loadDependencies(
+ getGlobalResourcePath() + "/config/testCaseInterDependency.json");
+ KeyManagerUtil.testCasesInRunScope = DependencyResolver.getDependencies(testCasesToExecute);
+ }
+ }
+
+ KeyManagerUtil.dbCleanUp();
+ KeyManagerUtil.dbSetup();
+ try {
+ testRunSucceeded = startTestRunner();
+ } finally {
+ KeyManagerUtil.dbCleanUp();
+ }
+
+ } catch (Exception e) {
+ LOGGER.error("Exception: " + e.getMessage());
+ }
+
+ KeycloakUserManager.removeUser();
+ KeycloakUserManager.closeKeycloakInstance();
+
+ HealthChecker.bTerminate = true;
+
+ if ("yes".equalsIgnoreCase(generateDependency)) {
+ LOGGER.info("Generating test case inter-dependencies");
+ AdminTestUtil.generateTestCaseInterDependencies(BaseTestCase.getTestCaseInterDependencyPath());
+ }
+
+ System.exit(testRunSucceeded ? 0 : 1);
+ }
+
+ public static void suiteSetup(String runType) {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ LOGGER.setLevel(Level.ALL);
+ else
+ LOGGER.info("Key Manager Test Framework Initialized");
+ BaseTestCase.initialize();
+ LOGGER.info("Done with suite setup — starting test execution\n\n");
+
+ if (!runType.equalsIgnoreCase("JAR")) {
+ AuthTestsUtil.removeOldMosipTempTestResource();
+ }
+ BaseTestCase.currentModule = BaseTestCase.runContext + KeyManagerUtil.MODULE_NAME;
+ BaseTestCase.certsForModule = BaseTestCase.runContext + KeyManagerUtil.MODULE_NAME;
+ AdminTestUtil.copymoduleSpecificAndConfigFile(KeyManagerUtil.MODULE_NAME);
+ }
+
+ private static void setLogLevels() {
+ AdminTestUtil.setLogLevel();
+ OutputValidationUtil.setLogLevel();
+ PartnerRegistration.setLogLevel();
+ KeyCloakUserAndAPIKeyGeneration.setLogLevel();
+ MispPartnerAndLicenseKeyGeneration.setLogLevel();
+ JWKKeyUtil.setLogLevel();
+ CertsUtil.setLogLevel();
+ KernelAuthentication.setLogLevel();
+ }
+
+ public static boolean startTestRunner() {
+ File homeDir = null;
+ String os = System.getProperty("os.name");
+ LOGGER.info(os);
+ if (getRunType().contains("IDE") || os.toLowerCase().contains("windows")) {
+ homeDir = new File(System.getProperty("user.dir") + "/testNgXmlFiles");
+ LOGGER.info("IDE: " + homeDir);
+ } else {
+ File dir = new File(System.getProperty("user.dir"));
+ homeDir = new File(dir.getParent() + "/mosip/testNgXmlFiles");
+ LOGGER.info("JAR: " + homeDir);
+ }
+ File[] files = homeDir.listFiles();
+ boolean suiteFound = false;
+ boolean allPassed = true;
+ if (files != null) {
+ for (File file : files) {
+ TestNG runner = new TestNG();
+ List suitefiles = new ArrayList<>();
+ if (file.getName().toLowerCase().contains("mastertestsuite")) {
+ suiteFound = true;
+ BaseTestCase.setReportName(KeyManagerUtil.MODULE_NAME);
+ suitefiles.add(file.getAbsolutePath());
+ runner.setTestSuites(suitefiles);
+ System.getProperties().setProperty("testng.outpur.dir", "testng-report");
+ runner.setOutputDirectory("testng-report");
+ runner.run();
+ if (runner.hasFailure()) {
+ allPassed = false;
+ }
+ }
+ }
+ } else {
+ LOGGER.error("No files found in directory: " + homeDir);
+ }
+ return suiteFound && allPassed;
+ }
+
+ public static String getGlobalResourcePath() {
+ if (cachedPath != null) {
+ return cachedPath;
+ }
+ String path = null;
+ if (getRunType().equalsIgnoreCase("JAR")) {
+ path = new File(jarUrl).getParentFile().getAbsolutePath()
+ + "/MosipTestResource/MosipTemporaryTestResource";
+ } else if (getRunType().equalsIgnoreCase("IDE")) {
+ path = new File(MosipTestRunner.class.getClassLoader().getResource("").getPath()).getAbsolutePath()
+ + "/MosipTestResource/MosipTemporaryTestResource";
+ if (path.contains(GlobalConstants.TESTCLASSES))
+ path = path.replace(GlobalConstants.TESTCLASSES, "classes");
+ }
+ if (path != null) {
+ cachedPath = path;
+ return path;
+ }
+ return "Global Resource File Path Not Found";
+ }
+
+ public static String getResourcePath() {
+ return getGlobalResourcePath();
+ }
+
+ public static Properties getproperty(String path) {
+ Properties prop = new Properties();
+ FileInputStream inputStream = null;
+ try {
+ File file = new File(path);
+ inputStream = new FileInputStream(file);
+ prop.load(inputStream);
+ } catch (Exception e) {
+ LOGGER.error(GlobalConstants.EXCEPTION_STRING_2 + e.getMessage());
+ } finally {
+ AdminTestUtil.closeInputStream(inputStream);
+ }
+ return prop;
+ }
+
+ public static String getRunType() {
+ if (MosipTestRunner.class.getResource("MosipTestRunner.class").getPath().contains(".jar"))
+ return "JAR";
+ else
+ return "IDE";
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/GetWithParam.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/GetWithParam.java
new file mode 100644
index 00000000..54b81ed5
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/GetWithParam.java
@@ -0,0 +1,90 @@
+package io.mosip.testrig.apirig.keymanager.testscripts;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.ITest;
+import org.testng.ITestContext;
+import org.testng.ITestResult;
+import org.testng.Reporter;
+import org.testng.SkipException;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import io.mosip.testrig.apirig.dto.OutputValidationDto;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+import io.mosip.testrig.apirig.utils.AdminTestException;
+import io.mosip.testrig.apirig.utils.AuthenticationTestException;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.OutputValidationUtil;
+import io.mosip.testrig.apirig.utils.ReportUtil;
+import io.mosip.testrig.apirig.utils.SecurityXSSException;
+import io.restassured.response.Response;
+
+public class GetWithParam extends KeyManagerUtil implements ITest {
+ private static final Logger logger = Logger.getLogger(GetWithParam.class);
+ protected String testCaseName = "";
+ public Response response = null;
+ public boolean auditLogCheck = false;
+
+ @BeforeClass
+ public static void setLogLevel() {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ logger.setLevel(Level.ALL);
+ else
+ logger.setLevel(Level.ERROR);
+ }
+
+ @Override
+ public String getTestName() {
+ return testCaseName;
+ }
+
+ @DataProvider(name = "testcaselist")
+ public Object[] getTestCaseList(ITestContext context) {
+ String ymlFile = context.getCurrentXmlTest().getLocalParameters().get("ymlFile");
+ logger.info("Started executing yml: " + ymlFile);
+ return getYmlTestData(ymlFile);
+ }
+
+ @Test(dataProvider = "testcaselist")
+ public void test(TestCaseDTO testCaseDTO)
+ throws AuthenticationTestException, AdminTestException, SecurityXSSException {
+ testCaseName = testCaseDTO.getTestCaseName();
+ testCaseName = KeyManagerUtil.isTestCaseValidForExecution(testCaseDTO);
+ auditLogCheck = testCaseDTO.isAuditLogCheck();
+
+ if (HealthChecker.signalTerminateExecution) {
+ throw new SkipException(
+ GlobalConstants.TARGET_ENV_HEALTH_CHECK_FAILED + HealthChecker.healthCheckFailureMapS);
+ }
+
+ response = getWithPathParamAndCookie(ApplnURI + testCaseDTO.getEndPoint(),
+ getJsonFromTemplate(testCaseDTO.getInput(), testCaseDTO.getInputTemplate()), auditLogCheck,
+ COOKIENAME, testCaseDTO.getRole(), testCaseDTO.getTestCaseName());
+
+ Map> ouputValid = OutputValidationUtil.doJsonOutputValidation(
+ response.asString(),
+ getJsonFromTemplate(testCaseDTO.getOutput(), testCaseDTO.getOutputTemplate()),
+ testCaseDTO,
+ response.getStatusCode());
+
+ Reporter.log(ReportUtil.getOutputValidationReport(ouputValid));
+
+ if (!OutputValidationUtil.publishOutputResult(ouputValid)) {
+ throw new AdminTestException("Failed at output validation");
+ }
+ }
+
+ @AfterMethod(alwaysRun = true)
+ public void setResultTestName(ITestResult result) {
+ result.setAttribute("TestCaseName", testCaseName);
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePost.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePost.java
new file mode 100644
index 00000000..c26554d4
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePost.java
@@ -0,0 +1,92 @@
+package io.mosip.testrig.apirig.keymanager.testscripts;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.ITest;
+import org.testng.ITestContext;
+import org.testng.ITestResult;
+import org.testng.Reporter;
+import org.testng.SkipException;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import io.mosip.testrig.apirig.dto.OutputValidationDto;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+import io.mosip.testrig.apirig.utils.AdminTestException;
+import io.mosip.testrig.apirig.utils.AuthenticationTestException;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.OutputValidationUtil;
+import io.mosip.testrig.apirig.utils.ReportUtil;
+import io.mosip.testrig.apirig.utils.SecurityXSSException;
+import io.restassured.response.Response;
+
+public class SimplePost extends KeyManagerUtil implements ITest {
+ private static final Logger logger = Logger.getLogger(SimplePost.class);
+ protected String testCaseName = "";
+ public Response response = null;
+ public boolean auditLogCheck = false;
+
+ @BeforeClass
+ public static void setLogLevel() {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ logger.setLevel(Level.ALL);
+ else
+ logger.setLevel(Level.ERROR);
+ }
+
+ @Override
+ public String getTestName() {
+ return testCaseName;
+ }
+
+ @DataProvider(name = "testcaselist")
+ public Object[] getTestCaseList(ITestContext context) {
+ String ymlFile = context.getCurrentXmlTest().getLocalParameters().get("ymlFile");
+ logger.info("Started executing yml: " + ymlFile);
+ return getYmlTestData(ymlFile);
+ }
+
+ @Test(dataProvider = "testcaselist")
+ public void test(TestCaseDTO testCaseDTO)
+ throws AuthenticationTestException, AdminTestException, SecurityXSSException {
+ testCaseName = testCaseDTO.getTestCaseName();
+ testCaseName = KeyManagerUtil.isTestCaseValidForExecution(testCaseDTO);
+ auditLogCheck = testCaseDTO.isAuditLogCheck();
+
+ if (HealthChecker.signalTerminateExecution) {
+ throw new SkipException(
+ GlobalConstants.TARGET_ENV_HEALTH_CHECK_FAILED + HealthChecker.healthCheckFailureMapS);
+ }
+
+ String inputJson = getJsonFromTemplate(testCaseDTO.getInput(), testCaseDTO.getInputTemplate());
+ inputJson = inputJsonModuleKeyWordHandler(inputJson, testCaseName);
+
+ response = postWithBodyAndCookie(ApplnURI + testCaseDTO.getEndPoint(), inputJson, auditLogCheck,
+ COOKIENAME, testCaseDTO.getRole(), testCaseDTO.getTestCaseName());
+
+ Map> ouputValid = OutputValidationUtil.doJsonOutputValidation(
+ response.asString(),
+ getJsonFromTemplate(testCaseDTO.getOutput(), testCaseDTO.getOutputTemplate()),
+ testCaseDTO,
+ response.getStatusCode());
+
+ Reporter.log(ReportUtil.getOutputValidationReport(ouputValid));
+
+ if (!OutputValidationUtil.publishOutputResult(ouputValid)) {
+ throw new AdminTestException("Failed at output validation");
+ }
+ }
+
+ @AfterMethod(alwaysRun = true)
+ public void setResultTestName(ITestResult result) {
+ result.setAttribute("TestCaseName", testCaseName);
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostForAutoGenId.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostForAutoGenId.java
new file mode 100644
index 00000000..29e64b56
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostForAutoGenId.java
@@ -0,0 +1,91 @@
+package io.mosip.testrig.apirig.keymanager.testscripts;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.ITest;
+import org.testng.ITestContext;
+import org.testng.ITestResult;
+import org.testng.Reporter;
+import org.testng.SkipException;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import io.mosip.testrig.apirig.dto.OutputValidationDto;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+import io.mosip.testrig.apirig.utils.AdminTestException;
+import io.mosip.testrig.apirig.utils.AuthenticationTestException;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.OutputValidationUtil;
+import io.mosip.testrig.apirig.utils.ReportUtil;
+import io.mosip.testrig.apirig.utils.SecurityXSSException;
+import io.restassured.response.Response;
+
+public class SimplePostForAutoGenId extends KeyManagerUtil implements ITest {
+ private static final Logger logger = Logger.getLogger(SimplePostForAutoGenId.class);
+ protected String testCaseName = "";
+ public String idKeyName = null;
+ public Response response = null;
+ public boolean auditLogCheck = false;
+
+ @BeforeClass
+ public static void setLogLevel() {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ logger.setLevel(Level.ALL);
+ else
+ logger.setLevel(Level.ERROR);
+ }
+
+ @Override
+ public String getTestName() {
+ return testCaseName;
+ }
+
+ @DataProvider(name = "testcaselist")
+ public Object[] getTestCaseList(ITestContext context) {
+ String ymlFile = context.getCurrentXmlTest().getLocalParameters().get("ymlFile");
+ idKeyName = context.getCurrentXmlTest().getLocalParameters().get("idKeyName");
+ logger.info("Started executing yml: " + ymlFile);
+ return getYmlTestData(ymlFile);
+ }
+
+ @Test(dataProvider = "testcaselist")
+ public void test(TestCaseDTO testCaseDTO)
+ throws AuthenticationTestException, AdminTestException, SecurityXSSException {
+ testCaseName = testCaseDTO.getTestCaseName();
+ testCaseName = KeyManagerUtil.isTestCaseValidForExecution(testCaseDTO);
+ auditLogCheck = testCaseDTO.isAuditLogCheck();
+
+ if (HealthChecker.signalTerminateExecution) {
+ throw new SkipException(
+ GlobalConstants.TARGET_ENV_HEALTH_CHECK_FAILED + HealthChecker.healthCheckFailureMapS);
+ }
+
+ String inputJson = getJsonFromTemplate(testCaseDTO.getInput(), testCaseDTO.getInputTemplate());
+ String outputJson = getJsonFromTemplate(testCaseDTO.getOutput(), testCaseDTO.getOutputTemplate());
+
+ response = postWithBodyAndCookieForAutoGeneratedId(ApplnURI + testCaseDTO.getEndPoint(), inputJson,
+ auditLogCheck, COOKIENAME, testCaseDTO.getRole(), testCaseDTO.getTestCaseName(), idKeyName, false);
+
+ Map> ouputValid = OutputValidationUtil.doJsonOutputValidation(
+ response.asString(), outputJson, testCaseDTO, response.getStatusCode());
+
+ Reporter.log(ReportUtil.getOutputValidationReport(ouputValid));
+
+ if (!OutputValidationUtil.publishOutputResult(ouputValid)) {
+ throw new AdminTestException("Failed at output validation");
+ }
+ }
+
+ @AfterMethod(alwaysRun = true)
+ public void setResultTestName(ITestResult result) {
+ result.setAttribute("TestCaseName", testCaseName);
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostWithCertValidation.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostWithCertValidation.java
new file mode 100644
index 00000000..1ac6bd3c
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostWithCertValidation.java
@@ -0,0 +1,101 @@
+package io.mosip.testrig.apirig.keymanager.testscripts;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.ITest;
+import org.testng.ITestContext;
+import org.testng.ITestResult;
+import org.testng.Reporter;
+import org.testng.SkipException;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import io.mosip.testrig.apirig.dto.OutputValidationDto;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+import io.mosip.testrig.apirig.utils.AdminTestException;
+import io.mosip.testrig.apirig.utils.AuthenticationTestException;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.OutputValidationUtil;
+import io.mosip.testrig.apirig.utils.ReportUtil;
+import io.mosip.testrig.apirig.utils.SecurityXSSException;
+import io.restassured.response.Response;
+
+/**
+ * POST test script that augments the HTTP response JSON with decoded X.509
+ * certificate properties before passing it to OutputValidationUtil. Used for
+ * generateMasterKey CERTIFICATE tests so cert validation appears inline in the
+ * output validation report rather than as a separate test case.
+ */
+public class SimplePostWithCertValidation extends KeyManagerUtil implements ITest {
+
+ private static final Logger logger = Logger.getLogger(SimplePostWithCertValidation.class);
+ protected String testCaseName = "";
+ public Response response = null;
+ public boolean auditLogCheck = false;
+
+ @BeforeClass
+ public static void setLogLevel() {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ logger.setLevel(Level.ALL);
+ else
+ logger.setLevel(Level.ERROR);
+ }
+
+ @Override
+ public String getTestName() {
+ return testCaseName;
+ }
+
+ @DataProvider(name = "testcaselist")
+ public Object[] getTestCaseList(ITestContext context) {
+ String ymlFile = context.getCurrentXmlTest().getLocalParameters().get("ymlFile");
+ logger.info("Started executing yml: " + ymlFile);
+ return getYmlTestData(ymlFile);
+ }
+
+ @Test(dataProvider = "testcaselist")
+ public void test(TestCaseDTO testCaseDTO)
+ throws AuthenticationTestException, AdminTestException, SecurityXSSException {
+ testCaseName = testCaseDTO.getTestCaseName();
+ testCaseName = KeyManagerUtil.isTestCaseValidForExecution(testCaseDTO);
+ auditLogCheck = testCaseDTO.isAuditLogCheck();
+
+ if (HealthChecker.signalTerminateExecution) {
+ throw new SkipException(
+ GlobalConstants.TARGET_ENV_HEALTH_CHECK_FAILED + HealthChecker.healthCheckFailureMapS);
+ }
+
+ String inputJson = getJsonFromTemplate(testCaseDTO.getInput(), testCaseDTO.getInputTemplate());
+ inputJson = inputJsonModuleKeyWordHandler(inputJson, testCaseName);
+
+ response = postWithBodyAndCookie(ApplnURI + testCaseDTO.getEndPoint(), inputJson, auditLogCheck,
+ COOKIENAME, testCaseDTO.getRole(), testCaseDTO.getTestCaseName());
+
+ String augmentedResponse = augmentResponseWithCertProperties(response.asString());
+
+ Map> ouputValid = OutputValidationUtil.doJsonOutputValidation(
+ augmentedResponse,
+ getJsonFromTemplate(testCaseDTO.getOutput(), testCaseDTO.getOutputTemplate()),
+ testCaseDTO,
+ response.getStatusCode());
+
+ Reporter.log(ReportUtil.getOutputValidationReport(ouputValid));
+
+ if (!OutputValidationUtil.publishOutputResult(ouputValid)) {
+ throw new AdminTestException("Failed at output validation");
+ }
+ }
+
+ @AfterMethod(alwaysRun = true)
+ public void setResultTestName(ITestResult result) {
+ result.setAttribute("TestCaseName", testCaseName);
+ }
+}
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostWithCsrValidation.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostWithCsrValidation.java
new file mode 100644
index 00000000..905deea5
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePostWithCsrValidation.java
@@ -0,0 +1,95 @@
+package io.mosip.testrig.apirig.keymanager.testscripts;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.ITest;
+import org.testng.ITestContext;
+import org.testng.ITestResult;
+import org.testng.Reporter;
+import org.testng.SkipException;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import io.mosip.testrig.apirig.dto.OutputValidationDto;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+import io.mosip.testrig.apirig.utils.AdminTestException;
+import io.mosip.testrig.apirig.utils.AuthenticationTestException;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.OutputValidationUtil;
+import io.mosip.testrig.apirig.utils.ReportUtil;
+import io.mosip.testrig.apirig.utils.SecurityXSSException;
+import io.restassured.response.Response;
+
+public class SimplePostWithCsrValidation extends KeyManagerUtil implements ITest {
+
+ private static final Logger logger = Logger.getLogger(SimplePostWithCsrValidation.class);
+ protected String testCaseName = "";
+ public Response response = null;
+ public boolean auditLogCheck = false;
+
+ @BeforeClass
+ public static void setLogLevel() {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ logger.setLevel(Level.ALL);
+ else
+ logger.setLevel(Level.ERROR);
+ }
+
+ @Override
+ public String getTestName() {
+ return testCaseName;
+ }
+
+ @DataProvider(name = "testcaselist")
+ public Object[] getTestCaseList(ITestContext context) {
+ String ymlFile = context.getCurrentXmlTest().getLocalParameters().get("ymlFile");
+ logger.info("Started executing yml: " + ymlFile);
+ return getYmlTestData(ymlFile);
+ }
+
+ @Test(dataProvider = "testcaselist")
+ public void test(TestCaseDTO testCaseDTO)
+ throws AuthenticationTestException, AdminTestException, SecurityXSSException {
+ testCaseName = testCaseDTO.getTestCaseName();
+ testCaseName = KeyManagerUtil.isTestCaseValidForExecution(testCaseDTO);
+ auditLogCheck = testCaseDTO.isAuditLogCheck();
+
+ if (HealthChecker.signalTerminateExecution) {
+ throw new SkipException(
+ GlobalConstants.TARGET_ENV_HEALTH_CHECK_FAILED + HealthChecker.healthCheckFailureMapS);
+ }
+
+ String inputJson = getJsonFromTemplate(testCaseDTO.getInput(), testCaseDTO.getInputTemplate());
+ inputJson = inputJsonModuleKeyWordHandler(inputJson, testCaseName);
+
+ response = postWithBodyAndCookie(ApplnURI + testCaseDTO.getEndPoint(), inputJson, auditLogCheck,
+ COOKIENAME, testCaseDTO.getRole(), testCaseDTO.getTestCaseName());
+
+ String augmentedResponse = augmentResponseWithCsrProperties(response.asString());
+
+ Map> ouputValid = OutputValidationUtil.doJsonOutputValidation(
+ augmentedResponse,
+ getJsonFromTemplate(testCaseDTO.getOutput(), testCaseDTO.getOutputTemplate()),
+ testCaseDTO,
+ response.getStatusCode());
+
+ Reporter.log(ReportUtil.getOutputValidationReport(ouputValid));
+
+ if (!OutputValidationUtil.publishOutputResult(ouputValid)) {
+ throw new AdminTestException("Failed at output validation");
+ }
+ }
+
+ @AfterMethod(alwaysRun = true)
+ public void setResultTestName(ITestResult result) {
+ result.setAttribute("TestCaseName", testCaseName);
+ }
+}
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePut.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePut.java
new file mode 100644
index 00000000..eb644bdd
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/testscripts/SimplePut.java
@@ -0,0 +1,91 @@
+package io.mosip.testrig.apirig.keymanager.testscripts;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.testng.ITest;
+import org.testng.ITestContext;
+import org.testng.ITestResult;
+import org.testng.Reporter;
+import org.testng.SkipException;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import io.mosip.testrig.apirig.dto.OutputValidationDto;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerConfigManager;
+import io.mosip.testrig.apirig.keymanager.utils.KeyManagerUtil;
+import io.mosip.testrig.apirig.testrunner.HealthChecker;
+import io.mosip.testrig.apirig.utils.AdminTestException;
+import io.mosip.testrig.apirig.utils.AuthenticationTestException;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.OutputValidationUtil;
+import io.mosip.testrig.apirig.utils.ReportUtil;
+import io.mosip.testrig.apirig.utils.SecurityXSSException;
+import io.restassured.response.Response;
+
+public class SimplePut extends KeyManagerUtil implements ITest {
+ private static final Logger logger = Logger.getLogger(SimplePut.class);
+ protected String testCaseName = "";
+ public Response response = null;
+ public boolean auditLogCheck = false;
+
+ @BeforeClass
+ public static void setLogLevel() {
+ if (KeyManagerConfigManager.IsDebugEnabled())
+ logger.setLevel(Level.ALL);
+ else
+ logger.setLevel(Level.ERROR);
+ }
+
+ @Override
+ public String getTestName() {
+ return testCaseName;
+ }
+
+ @DataProvider(name = "testcaselist")
+ public Object[] getTestCaseList(ITestContext context) {
+ String ymlFile = context.getCurrentXmlTest().getLocalParameters().get("ymlFile");
+ logger.info("Started executing yml: " + ymlFile);
+ return getYmlTestData(ymlFile);
+ }
+
+ @Test(dataProvider = "testcaselist")
+ public void test(TestCaseDTO testCaseDTO)
+ throws AuthenticationTestException, AdminTestException, SecurityXSSException {
+ testCaseName = testCaseDTO.getTestCaseName();
+ testCaseName = KeyManagerUtil.isTestCaseValidForExecution(testCaseDTO);
+ auditLogCheck = testCaseDTO.isAuditLogCheck();
+
+ if (HealthChecker.signalTerminateExecution) {
+ throw new SkipException(
+ GlobalConstants.TARGET_ENV_HEALTH_CHECK_FAILED + HealthChecker.healthCheckFailureMapS);
+ }
+
+ String inputJson = getJsonFromTemplate(testCaseDTO.getInput(), testCaseDTO.getInputTemplate());
+
+ response = putWithBodyAndCookie(ApplnURI + testCaseDTO.getEndPoint(), inputJson,
+ COOKIENAME, testCaseDTO.getRole(), testCaseDTO.getTestCaseName());
+
+ Map> ouputValid = OutputValidationUtil.doJsonOutputValidation(
+ response.asString(),
+ getJsonFromTemplate(testCaseDTO.getOutput(), testCaseDTO.getOutputTemplate()),
+ testCaseDTO,
+ response.getStatusCode());
+
+ Reporter.log(ReportUtil.getOutputValidationReport(ouputValid));
+
+ if (!OutputValidationUtil.publishOutputResult(ouputValid)) {
+ throw new AdminTestException("Failed at output validation");
+ }
+ }
+
+ @AfterMethod(alwaysRun = true)
+ public void setResultTestName(ITestResult result) {
+ result.setAttribute("TestCaseName", testCaseName);
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerConfigManager.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerConfigManager.java
new file mode 100644
index 00000000..60d7dc38
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerConfigManager.java
@@ -0,0 +1,29 @@
+package io.mosip.testrig.apirig.keymanager.utils;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+
+import io.mosip.testrig.apirig.keymanager.testrunner.MosipTestRunner;
+import io.mosip.testrig.apirig.utils.ConfigManager;
+
+public class KeyManagerConfigManager extends ConfigManager {
+ private static final Logger LOGGER = Logger.getLogger(KeyManagerConfigManager.class);
+
+ public static void init() {
+ Map moduleSpecificPropertiesMap = new HashMap<>();
+ try {
+ String path = MosipTestRunner.getGlobalResourcePath() + "/config/keymanager.properties";
+ Properties props = getproperties(path);
+ for (String key : props.stringPropertyNames()) {
+ moduleSpecificPropertiesMap.put(key, props.getProperty(key));
+ }
+ } catch (Exception e) {
+ LOGGER.error("Failed to load keymanager.properties: " + e.getMessage());
+ throw new RuntimeException("Failed to load keymanager.properties", e);
+ }
+ init(moduleSpecificPropertiesMap);
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerConstants.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerConstants.java
new file mode 100644
index 00000000..38fe1a8b
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerConstants.java
@@ -0,0 +1,4 @@
+package io.mosip.testrig.apirig.keymanager.utils;
+
+public class KeyManagerConstants {
+}
\ No newline at end of file
diff --git a/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerUtil.java b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerUtil.java
new file mode 100644
index 00000000..a6440647
--- /dev/null
+++ b/api-test/src/main/java/io/mosip/testrig/apirig/keymanager/utils/KeyManagerUtil.java
@@ -0,0 +1,176 @@
+package io.mosip.testrig.apirig.keymanager.utils;
+
+import java.io.StringReader;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.operator.ContentVerifierProvider;
+import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+
+import org.apache.log4j.Logger;
+import org.json.JSONObject;
+import org.testng.SkipException;
+
+import io.mosip.testrig.apirig.dbaccess.DBManager;
+import io.mosip.testrig.apirig.dto.TestCaseDTO;
+import io.mosip.testrig.apirig.testrunner.BaseTestCase;
+import io.mosip.testrig.apirig.utils.AdminTestUtil;
+import io.mosip.testrig.apirig.utils.GlobalConstants;
+import io.mosip.testrig.apirig.utils.SkipTestCaseHandler;
+
+public class KeyManagerUtil extends AdminTestUtil {
+
+ private static final Logger logger = Logger.getLogger(KeyManagerUtil.class);
+
+ public static final String MODULE_NAME = GlobalConstants.KEYMANAGER;
+
+ public static List testCasesInRunScope = new ArrayList<>();
+
+ public static String isTestCaseValidForExecution(TestCaseDTO testCaseDTO) {
+ String testCaseName = testCaseDTO.getTestCaseName();
+ currentTestCaseName = testCaseName;
+
+ int indexof = testCaseName.indexOf("_");
+ String modifiedTestCaseName = testCaseName.substring(indexof + 1);
+
+ addTestCaseDetailsToMap(modifiedTestCaseName, testCaseDTO.getUniqueIdentifier());
+
+ if (!testCasesInRunScope.isEmpty()
+ && !testCasesInRunScope.contains(testCaseDTO.getUniqueIdentifier())) {
+ throw new SkipException(GlobalConstants.NOT_IN_RUN_SCOPE_MESSAGE);
+ }
+
+ if (SkipTestCaseHandler.isTestCaseInSkippedList(testCaseName)) {
+ throw new SkipException(GlobalConstants.KNOWN_ISSUES);
+ }
+
+ if (testCaseDTO.getAdditionalDependencies() != null && AdminTestUtil.generateDependency) {
+ addAdditionalDependencies(testCaseDTO);
+ }
+
+ return testCaseName;
+ }
+
+ public static void dbSetup() {
+ DBManager.executeDBQueries(KeyManagerConfigManager.getKMDbUrl(), KeyManagerConfigManager.getKMDbUser(),
+ KeyManagerConfigManager.getKMDbPass(), KeyManagerConfigManager.getKMDbSchema(),
+ getGlobalResourcePath() + "/" + "config/keyManagerDataQueries.txt");
+ }
+
+ public static void dbCleanUp() {
+ DBManager.executeDBQueries(KeyManagerConfigManager.getKMDbUrl(), KeyManagerConfigManager.getKMDbUser(),
+ KeyManagerConfigManager.getKMDbPass(), KeyManagerConfigManager.getKMDbSchema(),
+ getGlobalResourcePath() + "/" + "config/keyManagerDeleteQueries.txt");
+ }
+
+ public String augmentResponseWithCsrProperties(String responseJson) {
+ try {
+ JSONObject json = new JSONObject(responseJson);
+ if (!json.has("response") || json.isNull("response"))
+ return responseJson;
+ JSONObject resp = json.getJSONObject("response");
+ if (!resp.has("certSignRequest") || resp.isNull("certSignRequest"))
+ return responseJson;
+
+ String csrPem = resp.getString("certSignRequest");
+ try (PEMParser parser = new PEMParser(new StringReader(csrPem))) {
+ Object obj;
+ try {
+ obj = parser.readObject();
+ } catch (Exception e) {
+ logger.warn("CSR parsing failed: " + e.getMessage());
+ resp.put("csrIsValid", "false");
+ resp.put("csrSignatureValid", "false");
+ return json.toString();
+ }
+ if (!(obj instanceof PKCS10CertificationRequest)) {
+ resp.put("csrIsValid", "false");
+ resp.put("csrSignatureValid", "false");
+ return json.toString();
+ }
+ PKCS10CertificationRequest csr = (PKCS10CertificationRequest) obj;
+
+ boolean signatureValid = false;
+ try {
+ ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder()
+ .setProvider(new BouncyCastleProvider()).build(csr.getSubjectPublicKeyInfo());
+ signatureValid = csr.isSignatureValid(verifier);
+ } catch (Exception e) {
+ logger.warn("CSR signature verification failed: " + e.getMessage());
+ }
+
+ resp.put("csrIsValid", "true");
+ resp.put("csrSignatureValid", signatureValid ? "true" : "false");
+
+ logger.info("CSR augmentation — subject: " + csr.getSubject()
+ + " | signatureValid: " + signatureValid);
+ }
+ return json.toString();
+ } catch (Exception e) {
+ logger.warn("augmentResponseWithCsrProperties failed: " + e.getMessage());
+ return responseJson;
+ }
+ }
+
+ public String inputJsonModuleKeyWordHandler(String jsonString, String testCaseName) {
+ if (jsonString.contains("$KEYMANAGERAPPID$")) {
+ jsonString = jsonString.replace("$KEYMANAGERAPPID$",
+ BaseTestCase.runContext.toUpperCase() + "AUTOMATION");
+ }
+ if (jsonString.contains("$KEYMANAGERCSRAPPID$")) {
+ jsonString = jsonString.replace("$KEYMANAGERCSRAPPID$",
+ BaseTestCase.runContext.toUpperCase() + "AUTOMATIONCSR");
+ }
+ return jsonString;
+ }
+
+ /**
+ * Decodes the X.509 certificate from {@code response.certificate} in the HTTP
+ * response JSON and injects validation results as extra fields. Returns the
+ * original JSON unchanged when the certificate field is absent or null
+ * (e.g., CSR responses and error responses).
+ */
+ public String augmentResponseWithCertProperties(String responseJson) {
+ try {
+ JSONObject json = new JSONObject(responseJson);
+ if (!json.has("response") || json.isNull("response"))
+ return responseJson;
+ JSONObject resp = json.getJSONObject("response");
+ if (!resp.has("certificate") || resp.isNull("certificate"))
+ return responseJson;
+
+ String certPem = resp.getString("certificate");
+ X509Certificate cert = (X509Certificate) convertToCertificate(certPem);
+ if (cert == null) {
+ resp.put("certIsValid", "false");
+ return json.toString();
+ }
+
+ boolean isValid = true;
+ try {
+ cert.checkValidity();
+ } catch (Exception e) {
+ isValid = false;
+ }
+
+ boolean[] ku = cert.getKeyUsage();
+ boolean keyUsageOk = ku != null && (ku[0] || ku[2] || ku[5]);
+
+ resp.put("certIsValid", isValid ? "true" : "false");
+ resp.put("certKeyUsageValid", keyUsageOk ? "true" : "false");
+
+ logger.info("Cert augmentation — subject: " + cert.getSubjectX500Principal().getName()
+ + " | issuer: " + cert.getIssuerX500Principal().getName()
+ + " | valid: " + isValid + " | keyUsageOk: " + keyUsageOk);
+
+ return json.toString();
+ } catch (Exception e) {
+ logger.warn("augmentResponseWithCertProperties failed: " + e.getMessage());
+ return responseJson;
+ }
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/Authorization/OtpGeneration/request.json b/api-test/src/main/resources/config/Authorization/OtpGeneration/request.json
new file mode 100644
index 00000000..7ce05cc5
--- /dev/null
+++ b/api-test/src/main/resources/config/Authorization/OtpGeneration/request.json
@@ -0,0 +1,16 @@
+{
+ "id": "string",
+ "metadata": {},
+ "request": {
+ "appId": "prereg",
+ "context": "auth-otp",
+ "otpChannel": [
+ "EMAIL"
+ ],
+ "templateVariables": {},
+ "userId": "robin.hood@mailinator.com",
+ "useridtype": "USERID"
+ },
+ "requesttime": "2018-12-10T06:12:52.994Z",
+ "version": "string"
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/Authorization/OtpValidation/request.json b/api-test/src/main/resources/config/Authorization/OtpValidation/request.json
new file mode 100644
index 00000000..800b94ad
--- /dev/null
+++ b/api-test/src/main/resources/config/Authorization/OtpValidation/request.json
@@ -0,0 +1,11 @@
+{
+ "id": "string",
+ "metadata": {},
+ "request": {
+ "appId": "prereg",
+ "otp": "837439",
+ "userId": "9972388747"
+ },
+ "requesttime": "2018-12-10T06:12:52.994Z",
+ "version": "string"
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/Authorization/internalAuthRequest.json b/api-test/src/main/resources/config/Authorization/internalAuthRequest.json
new file mode 100644
index 00000000..57aa8f2f
--- /dev/null
+++ b/api-test/src/main/resources/config/Authorization/internalAuthRequest.json
@@ -0,0 +1,13 @@
+{
+ "id": "string",
+ "version": "string",
+ "requesttime": "2022-01-13T06:07:20.554Z",
+ "metadata": {},
+ "request": {
+ "userName": "110005",
+ "password": "mosip",
+ "appId": "admin",
+ "clientId": "mosip-admin-client",
+ "clientSecret": "xyz123"
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/Authorization/request.json b/api-test/src/main/resources/config/Authorization/request.json
new file mode 100644
index 00000000..57831153
--- /dev/null
+++ b/api-test/src/main/resources/config/Authorization/request.json
@@ -0,0 +1,11 @@
+{
+ "id": "string",
+ "metadata": {},
+ "request": {
+ "appId": "prereg",
+ "password": "prereguser",
+ "userName": "prereguser"
+ },
+ "requesttime": "2019-04-10T10:00:00.000Z",
+ "version": "string"
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/Authorization/zoneMappingRequest.json b/api-test/src/main/resources/config/Authorization/zoneMappingRequest.json
new file mode 100644
index 00000000..c7e5fbce
--- /dev/null
+++ b/api-test/src/main/resources/config/Authorization/zoneMappingRequest.json
@@ -0,0 +1,12 @@
+{
+ "id": "string",
+ "metadata": {},
+ "request": {
+ "zoneCode": "CSB",
+ "userId": "110123",
+ "isActive": true,
+ "langCode": "eng"
+ },
+ "requesttime": "2022-05-09T09:52:11.969Z",
+ "version": "string"
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/application.properties b/api-test/src/main/resources/config/application.properties
new file mode 100644
index 00000000..0f21ea7a
--- /dev/null
+++ b/api-test/src/main/resources/config/application.properties
@@ -0,0 +1,12 @@
+## Add Key Manager endpoint relative paths here as needed
+## Example: generateMasterKeyEndpoint=/v1/keymanager/generateMasterKey
+
+## Auto-generated properties written during test rig execution
+keymanagerAutoGeneratedIdPropFileName=/keymanager/autoGeneratedId.properties
+
+## Keycloak token endpoint
+getKeyCloakTokenUrl=/auth/realms/master/protocol/openid-connect/token
+
+## Common runtime values (not to be changed)
+proxyOTP=111111
+wrongOtp=123455
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/healthCheckEndpoint.properties b/api-test/src/main/resources/config/healthCheckEndpoint.properties
new file mode 100644
index 00000000..48f7e63a
--- /dev/null
+++ b/api-test/src/main/resources/config/healthCheckEndpoint.properties
@@ -0,0 +1,44 @@
+###### =
+regproc_masterdata=/v1/hotlist/actuator/health
+masterdata=/v1/admin/actuator/health
+auth_idrepo_resident_regproc_masterdata=/v1/auditmanager/actuator/health
+auth_idrepo_resident_regproc_masterdata=/v1/authmanager/actuator/health
+auth_idrepo_regproc=/biosdk-service/actuator/health
+auth_mobileid=/v1/credentialservice/actuator/health
+auth_mobileid=/v1/credentialrequest/actuator/health
+auth_idrepo_regproc_partner=/v1/datashare/actuator/health
+auth_mobileid_esignet=/idauthentication/v1/actuator/health
+auth_mobileid_esignet_partner=/idauthentication/v1/internal/actuator/health
+auth_mobileid_esignet=/idauthentication/v1/otp/actuator/health
+idrepo_auth_mobileid_mimoto_esignet_resident_regproc=/idrepository/v1/identity/actuator/health
+idrepo_regproc=/v1/idgenerator/actuator/health
+idrepo_resident_regproc_masterdata=/v1/keymanager/actuator/health
+auth_idrepo_masterdata_mobileid_mimoto_esignet_resident_partner_prereg_regproc=/v1/masterdata/actuator/health
+auth_idrepo_resident_regproc=/v1/notifier/actuator/health
+auth_mobileid=/v1/otpmanager/actuator/health
+partner_auth_esignet_idrepo_resident_regproc=/v1/partnermanager/actuator/health
+partner_auth_esignet_regproc=/v1/policymanager/actuator/health
+prereg=/v1/pridgenerator/actuator/health
+resident_regproc=/registrationprocessor/v1/packetreceiver/actuator/health
+regproc_masterdata=/registrationprocessor/v1/registrationstatus/actuator/health
+resident_auth_esignet_mobileid=/resident/v1/actuator/health
+# TO DO idrepo_auth_mobileid_mimoto_esignet_resident=/v1/ridgenerator/actuator/health
+regproc_masterdata=/v1/syncdata/actuator/health
+idrepo_auth_mobileid_mimoto_esignet_resident_regproc=/idrepository/v1/actuator/health
+auth_idrepo_resident_regproc=/hub/actuator/health
+resident_esignet=/v1/esignet/actuator/health
+
+#The below actuators are not used for functional test rigs.
+#regproc=/v1/identity/actuator/health
+#regproc=/registrationprocessor/v1/registrationtransaction/actuator/health
+#regproc=/registrationprocessor/v1/workflowmanager/actuator/health
+#regproc=/registrationprocessor/v1/landingzone/actuator/health
+#regproc=/registrationprocessor/v1/notification/actuator/health
+#regproc=/registrationprocessor/v1/opencrvs-stage/actuator/health
+#regproc=/registrationprocessor/v1/reprocessor/actuator/health
+#regproc=/v1/print/actuator/health
+#regproc=/registrationprocessor/v1/camelbridge/actuator/health
+#regproc=/v1/packetcreator/actuator/health
+#regproc=/commons/v1/packetmanager/actuator/health
+#regproc=/v1/mock-abis-service/actuator/health
+#regproc=/v1/mockmv/actuator/health
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/keyManagerDataQueries.txt b/api-test/src/main/resources/config/keyManagerDataQueries.txt
new file mode 100644
index 00000000..44d1ea4d
--- /dev/null
+++ b/api-test/src/main/resources/config/keyManagerDataQueries.txt
@@ -0,0 +1,4 @@
+##### DB queries to be executed as pre-requisite before keymanager test execution
+
+INSERT INTO keymgr.key_policy_def (app_id, key_validity_duration, is_active, pre_expire_days, access_allowed, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes) VALUES(UPPER('${runContext}AUTOMATION'), 1095, true, 60, 'NA', 'mosipadmin', NOW(), NULL, NULL, false, NULL)
+INSERT INTO keymgr.key_policy_def (app_id, key_validity_duration, is_active, pre_expire_days, access_allowed, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes) VALUES(UPPER('${runContext}AUTOMATIONCSR'), 1095, true, 60, 'NA', 'mosipadmin', NOW(), NULL, NULL, false, NULL)
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/keyManagerDeleteQueries.txt b/api-test/src/main/resources/config/keyManagerDeleteQueries.txt
new file mode 100644
index 00000000..29eb2fb7
--- /dev/null
+++ b/api-test/src/main/resources/config/keyManagerDeleteQueries.txt
@@ -0,0 +1,14 @@
+##### DB queries to be executed to tear down the data created during keymanager test execution
+
+##### key_policy_def is deleted: it is only used during key creation to set validity period.
+##### key_alias is intentionally NOT deleted: force=false checks this table to determine
+##### whether the HSM key already exists. Deleting key_alias while the HSM key remains
+##### causes the service to create a second HSM key with the same CKA_ID on the next run,
+##### resulting in KER-KMA-003 or "Missing key encoding" (KER-KMA-005).
+DELETE FROM keymgr.key_policy_def WHERE app_id = UPPER('${runContext}AUTOMATION')
+
+##### generateCSR tests use a dedicated appId (AUTOMATIONCSR) so their key_alias rows can be
+##### safely deleted. generateCSR has no force parameter — it always creates a new HSM key.
+##### Without deleting key_alias, run 2 creates a second HSM key with the same CKA_ID -> KER-KMA-003.
+DELETE FROM keymgr.key_alias WHERE app_id = UPPER('${runContext}AUTOMATIONCSR')
+DELETE FROM keymgr.key_policy_def WHERE app_id = UPPER('${runContext}AUTOMATIONCSR')
\ No newline at end of file
diff --git a/api-test/src/main/resources/config/keymanager.properties b/api-test/src/main/resources/config/keymanager.properties
new file mode 100644
index 00000000..eb642c64
--- /dev/null
+++ b/api-test/src/main/resources/config/keymanager.properties
@@ -0,0 +1,82 @@
+km_db_schema = keymgr
+
+#---------------------------------- Modifiable Properties ----------------------------------------------------------#
+
+#------------------------ Environment URLs and Database Connections ------------------------#
+
+# Keycloak URL.
+keycloak-external-url = https://iam.dev2.mosip.net
+
+# PostgreSQL URLs for audit and partner databases.
+audit_url = jdbc:postgresql://dev2.mosip.net:5433/mosip_audit
+partner_url = jdbc:postgresql://dev2.mosip.net:5433/mosip_ida
+
+# Database server for connections.
+db-server = api-internal.dev2.mosip.net
+db-port=
+
+#------------------------ secrets and passwords ------------------------#
+
+#------------------------ Keycloak Passwords ------------------------#
+# Used for Keycloak authentication.
+keycloak_Password =
+
+#------------------------ PostgreSQL Database Passwords ------------------------#
+# Credentials for connecting to Postgres databases.
+audit_password =
+partner_password =
+postgres-password =
+
+#-------- Client Secret Keys ----------#
+# These keys are used for various services, make sure to update the values as required when running locally.
+
+mosip_pms_client_secret =
+mosip_resident_client_secret =
+mosip_idrepo_client_secret =
+mosip_reg_client_secret =
+mosip_admin_client_secret =
+mosip_hotlist_client_secret =
+mosip_regproc_client_secret =
+mpartner_default_mobile_secret =
+mosip_testrig_client_secret =
+AuthClientSecret =
+mosip_crvs1_client_secret =
+
+
+#-------- Generic Configuration ----------#
+
+# Enable or disable debugging mode (yes/no).
+enableDebug = no
+
+# Mock Notification Channels (email/phone/email,phone).
+mockNotificationChannel = email,phone
+
+
+#------------------------ Mosip Components Base URLs ------------------------#
+# Define base URLs for different components if required.
+# Example:
+# mosip_components_base_urls = auditmanager=api-internal.released.mosip.net;idrepository=api-internal.released.mosip.net;authmanager=api-internal.released.mosip.net;resident=api-internal.released.mosip.net;partnermanager=api-internal.released.mosip.net;idauthentication=api-internal.released.mosip.net;masterdata=api-internal.released.mosip.net;idgenerator=api-internal.released.mosip.net;policymanager=api-internal.released.mosip.net;preregistration=api-internal.released.mosip.net;keymanager=api-internal.released.mosip.net;mock-identity-system=api.released.mosip.net
+# Feel free to add more components as needed.
+mosip_components_base_urls =
+
+#------------------------ Module Name Pattern ------------------------#
+# Define module name pattern if required.
+# Example:
+# moduleNamePattern = (mimoto|resident)
+# Feel free to add more values as needed.
+moduleNamePattern =
+
+
+#------------------------ Uncomment for Local Run ------------------------#
+
+# Path to the authentication certificates (if running locally, uncomment the below line and keep the value empty).
+#authCertsPath =
+
+# X-XSS-Protection: Controls the XSS (Cross-Site Scripting) filter in browsers.
+# Values: (yes/no)
+xssProtectionCheck = no
+
+testCasesToExecute=
+
+# Uncomment below line for generate dependency JSON. This works only in case of local run using IDE.
+#generateDependencyJson = yes
\ No newline at end of file
diff --git a/api-test/src/main/resources/customize-emailable-report-template.html b/api-test/src/main/resources/customize-emailable-report-template.html
new file mode 100644
index 00000000..cfeca4d6
--- /dev/null
+++ b/api-test/src/main/resources/customize-emailable-report-template.html
@@ -0,0 +1,61 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/api-test/src/main/resources/dbFiles/dbConfig.xml b/api-test/src/main/resources/dbFiles/dbConfig.xml
new file mode 100644
index 00000000..e27fb8f5
--- /dev/null
+++ b/api-test/src/main/resources/dbFiles/dbConfig.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSR.hbs b/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSR.hbs
new file mode 100644
index 00000000..530f14ef
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSR.hbs
@@ -0,0 +1,16 @@
+{
+ "id": "io.mosip.keymanager.generateCSR",
+ "metadata": {},
+ "request": {
+ "applicationId": "{{applicationId}}",
+ "referenceId": "{{referenceId}}"{{#if commonName}},
+ "commonName": "{{commonName}}"{{/if}}{{#if organizationUnit}},
+ "organizationUnit": "{{organizationUnit}}"{{/if}}{{#if organization}},
+ "organization": "{{organization}}"{{/if}}{{#if location}},
+ "location": "{{location}}"{{/if}}{{#if state}},
+ "state": "{{state}}"{{/if}}{{#if country}},
+ "country": "{{country}}"{{/if}}
+ },
+ "requesttime": "{{requesttime}}",
+ "version": "1.0"
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSR.yml b/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSR.yml
new file mode 100644
index 00000000..f2bc1ae3
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSR.yml
@@ -0,0 +1,168 @@
+GenerateCSR:
+
+ KeyManager_GenerateCSR_Valid_Smoke:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_01
+ description: Generate CSR for automation applicationId with empty referenceId - returns both PEM certificate and PEM CSR.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/GenerateCSR/GenerateCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*",
+ "csrIsValid": "true",
+ "csrSignatureValid": "true"
+ }'
+
+ KeyManager_GenerateCSR_WithReferenceId_Valid_Smoke:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_02
+ description: Generate CSR for automation applicationId with a non-empty referenceId - returns both PEM certificate and PEM CSR.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/GenerateCSR/GenerateCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "AUTOMATION-SIGN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*",
+ "csrIsValid": "true",
+ "csrSignatureValid": "true"
+ }'
+
+ KeyManager_GenerateCSR_WithSubjectFields_Valid:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_03
+ description: Generate CSR with all optional subject fields (CN, OU, O, L, ST, C) and empty referenceId.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/GenerateCSR/GenerateCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "",
+ "commonName": "www.mosip.io",
+ "organizationUnit": "MOSIP-TECH-CENTER",
+ "organization": "IITB",
+ "location": "BANGALORE",
+ "state": "KA",
+ "country": "IN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*",
+ "csrIsValid": "true",
+ "csrSignatureValid": "true"
+ }'
+
+ KeyManager_GenerateCSR_WithSubjectFieldsAndReferenceId_Valid:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_04
+ description: Generate CSR with all optional subject fields (CN, OU, O, L, ST, C) and a non-empty referenceId.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/GenerateCSR/GenerateCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "AUTOMATION-SIGN",
+ "commonName": "www.mosip.io",
+ "organizationUnit": "MOSIP-TECH-CENTER",
+ "organization": "IITB",
+ "location": "BANGALORE",
+ "state": "KA",
+ "country": "IN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*",
+ "csrIsValid": "true",
+ "csrSignatureValid": "true"
+ }'
+
+ KeyManager_GenerateCSR_EmptyApplicationId_Negative:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_05
+ description: Generate CSR with empty applicationId - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "",
+ "referenceId": "",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateCSR_WhitespaceApplicationId_Negative:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_06
+ description: Generate CSR with whitespace-only applicationId - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": " ",
+ "referenceId": "",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateCSR_Unauthenticated_Negative:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_07
+ description: Generate CSR without authentication token - expects 500 (no auth enforcement on this endpoint).
+ role: noauth
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/responseCode
+ checkOnlyStatusCodeInResponse: true
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{"responseCode": "500"}'
+
+ KeyManager_GenerateCSR_InvalidRequesttime_Negative:
+ endPoint: /v1/keymanager/generateCSR
+ uniqueIdentifier: TC_KeyManager_GenerateCSR_08
+ description: Generate CSR with invalid requesttime format - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateCSR/GenerateCSR
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "",
+ "requesttime": "INVALID-TIMESTAMP-FORMAT"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
diff --git a/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSRResult.hbs b/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSRResult.hbs
new file mode 100644
index 00000000..0088249c
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateCSR/GenerateCSRResult.hbs
@@ -0,0 +1,7 @@
+{
+ "response": {
+ "certSignRequest": "{{certSignRequest}}",
+ "csrIsValid": "{{csrIsValid}}",
+ "csrSignatureValid": "{{csrSignatureValid}}"
+ }
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateCSRPrereq/GenerateCSRPrereq.yml b/api-test/src/main/resources/keymanager/GenerateCSRPrereq/GenerateCSRPrereq.yml
new file mode 100644
index 00000000..00ebdf2b
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateCSRPrereq/GenerateCSRPrereq.yml
@@ -0,0 +1,19 @@
+GenerateCSRPrereq:
+
+ KeyManager_GenerateCSRPrereq_GenerateMasterKey_Valid:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateCSRPrereq_01
+ description: Generate master key for the CSR automation appId - prerequisite so generateCSR tests can use an existing key.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/GenerateCSRPrereq/GenerateCSRPrereqResult
+ input: '{
+ "applicationId": "$KEYMANAGERCSRAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*"
+ }'
\ No newline at end of file
diff --git a/api-test/src/main/resources/keymanager/GenerateCSRPrereq/GenerateCSRPrereqResult.hbs b/api-test/src/main/resources/keymanager/GenerateCSRPrereq/GenerateCSRPrereqResult.hbs
new file mode 100644
index 00000000..6f0bdfff
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateCSRPrereq/GenerateCSRPrereqResult.hbs
@@ -0,0 +1,5 @@
+{
+ "response": {
+ "certificate": "{{certificate}}"
+ }
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKey.hbs b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKey.hbs
new file mode 100644
index 00000000..df7f17b7
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKey.hbs
@@ -0,0 +1,17 @@
+{
+ "id": "io.mosip.keymanager.generateECSignKey",
+ "metadata": {},
+ "request": {
+ "applicationId": "{{applicationId}}",
+ "referenceId": "{{referenceId}}",
+ "force": {{force}}{{#if commonName}},
+ "commonName": "{{commonName}}"{{/if}}{{#if organizationUnit}},
+ "organizationUnit": "{{organizationUnit}}"{{/if}}{{#if organization}},
+ "organization": "{{organization}}"{{/if}}{{#if location}},
+ "location": "{{location}}"{{/if}}{{#if state}},
+ "state": "{{state}}"{{/if}}{{#if country}},
+ "country": "{{country}}"{{/if}}
+ },
+ "requesttime": "{{requesttime}}",
+ "version": "1.0"
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKey.yml b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKey.yml
new file mode 100644
index 00000000..9458e9f8
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKey.yml
@@ -0,0 +1,334 @@
+GenerateECSignKey:
+
+ KeyManager_GenerateECSignKey_Certificate_SECP256R1_Valid_Smoke:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_01
+ description: Generate EC sign key using SECP256R1 curve with CERTIFICATE objectType - validates PEM certificate in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateECSignKey_Certificate_SECP256K1_Valid_Smoke:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_02
+ description: Generate EC sign key using SECP256K1 curve with CERTIFICATE objectType - validates PEM certificate in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256K1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateECSignKey_Certificate_ED25519_Valid_Smoke:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_03
+ description: Generate EC sign key using ED25519 curve with CERTIFICATE objectType - validates PEM certificate in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "ED25519_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateECSignKey_CSR_SECP256R1_Valid_Smoke:
+ endPoint: /v1/keymanager/generateECSignKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_04
+ description: Generate EC sign key using SECP256R1 curve with CSR objectType - validates PEM CSR in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*"
+ }'
+
+ KeyManager_GenerateECSignKey_CSR_SECP256K1_Valid_Smoke:
+ endPoint: /v1/keymanager/generateECSignKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_05
+ description: Generate EC sign key using SECP256K1 curve with CSR objectType - validates PEM CSR in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256K1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*"
+ }'
+
+ KeyManager_GenerateECSignKey_CSR_ED25519_Valid_Smoke:
+ endPoint: /v1/keymanager/generateECSignKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_06
+ description: Generate EC sign key using ED25519 curve with CSR objectType - validates PEM CSR in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "ED25519_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*"
+ }'
+
+ KeyManager_GenerateECSignKey_Certificate_WithSubjectFields_Valid:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_07
+ description: Generate EC sign key with all optional subject fields (CN, OU, O, L, ST, C) using SECP256R1 and CERTIFICATE objectType.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "commonName": "www.mosip.io",
+ "organizationUnit": "MOSIP-TECH-CENTER",
+ "organization": "IITB",
+ "location": "BANGALORE",
+ "state": "KA",
+ "country": "IN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateECSignKey_CSR_WithSubjectFields_Valid:
+ endPoint: /v1/keymanager/generateECSignKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_08
+ description: Generate EC sign key with all optional subject fields (CN, OU, O, L, ST, C) using SECP256R1 and CSR objectType.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "commonName": "www.mosip.io",
+ "organizationUnit": "MOSIP-TECH-CENTER",
+ "organization": "IITB",
+ "location": "BANGALORE",
+ "state": "KA",
+ "country": "IN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*"
+ }'
+
+ KeyManager_GenerateECSignKey_Certificate_ForceFalse_Valid:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_09
+ description: Generate EC sign key with force=false on existing SECP256R1 key - returns existing certificate without regenerating.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/GenerateECSignKey/GenerateECSignKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateECSignKey_InvalidObjectType_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/INVALID
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_10
+ description: Generate EC sign key with invalid objectType path param - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateECSignKey_EmptyReferenceId_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_11
+ description: Generate EC sign key with empty referenceId - expects KER-KMS-030 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-030"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateECSignKey_InvalidReferenceId_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_12
+ description: Generate EC sign key with invalid referenceId - expects KER-KMS-030 (Invalid Reference Id).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "INVALID_CURVE",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-030"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateECSignKey_EmptyApplicationId_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_13
+ description: Generate EC sign key with empty applicationId - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateECSignKey_WhitespaceApplicationId_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_14
+ description: Generate EC sign key with whitespace-only applicationId - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": " ",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateECSignKey_Unauthenticated_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_15
+ description: Generate EC sign key without authentication token - expects 500 (no auth enforcement on this endpoint).
+ role: noauth
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/responseCode
+ checkOnlyStatusCodeInResponse: true
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{"responseCode": "500"}'
+
+ KeyManager_GenerateECSignKey_InvalidRequesttime_Negative:
+ endPoint: /v1/keymanager/generateECSignKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateECSignKey_16
+ description: Generate EC sign key with invalid requesttime format - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateECSignKey/GenerateECSignKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "EC_SECP256R1_SIGN",
+ "force": false,
+ "requesttime": "INVALID-TIMESTAMP-FORMAT"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
diff --git a/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult.hbs b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult.hbs
new file mode 100644
index 00000000..06a32747
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKeyCSRResult.hbs
@@ -0,0 +1,5 @@
+{
+ "response": {
+ "certSignRequest": "{{certSignRequest}}"
+ }
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKeyResult.hbs b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKeyResult.hbs
new file mode 100644
index 00000000..50509212
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateECSignKey/GenerateECSignKeyResult.hbs
@@ -0,0 +1,7 @@
+{
+ "response": {
+ "certificate": "{{certificate}}",
+ "certIsValid": "{{certIsValid}}",
+ "certKeyUsageValid": "{{certKeyUsageValid}}"
+ }
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKey.hbs b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKey.hbs
new file mode 100644
index 00000000..af8302f3
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKey.hbs
@@ -0,0 +1,17 @@
+{
+ "id": "io.mosip.keymanager.generateMasterKey",
+ "metadata": {},
+ "request": {
+ "applicationId": "{{applicationId}}",
+ "referenceId": "{{referenceId}}",
+ "force": {{force}}{{#if commonName}},
+ "commonName": "{{commonName}}"{{/if}}{{#if organizationUnit}},
+ "organizationUnit": "{{organizationUnit}}"{{/if}}{{#if organization}},
+ "organization": "{{organization}}"{{/if}}{{#if location}},
+ "location": "{{location}}"{{/if}}{{#if state}},
+ "state": "{{state}}"{{/if}}{{#if country}},
+ "country": "{{country}}"{{/if}}
+ },
+ "requesttime": "{{requesttime}}",
+ "version": "1.0"
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKey.yml b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKey.yml
new file mode 100644
index 00000000..20bda214
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKey.yml
@@ -0,0 +1,258 @@
+GenerateMasterKey:
+
+ KeyManager_GenerateMasterKey_Certificate_Valid_Smoke:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_01
+ description: Generate master key for automation applicationId using CERTIFICATE objectType - validates PEM certificate in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/GenerateMasterKey/GenerateMasterKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateMasterKey_CSR_Valid_Smoke:
+ endPoint: /v1/keymanager/generateMasterKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_02
+ description: Generate master key for automation applicationId using CSR objectType - validates PEM CSR in response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/GenerateMasterKey/GenerateMasterKeyCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*"
+ }'
+
+ KeyManager_GenerateMasterKey_Certificate_WithSubjectFields_Valid:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_03
+ description: Generate master key with all optional subject fields (CN, OU, O, L, ST, C) using CERTIFICATE objectType.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/GenerateMasterKey/GenerateMasterKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "commonName": "www.mosip.io",
+ "organizationUnit": "MOSIP-TECH-CENTER",
+ "organization": "IITB",
+ "location": "BANGALORE",
+ "state": "KA",
+ "country": "IN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateMasterKey_CSR_WithSubjectFields_Valid:
+ endPoint: /v1/keymanager/generateMasterKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_04
+ description: Generate master key with all optional subject fields (CN, OU, O, L, ST, C) using CSR objectType.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/GenerateMasterKey/GenerateMasterKeyCSRResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "commonName": "www.mosip.io",
+ "organizationUnit": "MOSIP-TECH-CENTER",
+ "organization": "IITB",
+ "location": "BANGALORE",
+ "state": "KA",
+ "country": "IN",
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certSignRequest": "$REGEXP:(?s).*-----BEGIN CERTIFICATE REQUEST-----.*"
+ }'
+
+ KeyManager_GenerateMasterKey_Certificate_ForceFalse_Valid:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_05
+ description: Generate master key with force=false on an existing key - returns existing certificate without regenerating.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/GenerateMasterKey/GenerateMasterKeyResult
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "certificate": "$REGEXP:(?s).*-----BEGIN CERTIFICATE-----.*",
+ "certIsValid": "true",
+ "certKeyUsageValid": "true"
+ }'
+
+ KeyManager_GenerateMasterKey_Certificate_WithReferenceId_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_08
+ description: Generate master key with non-empty referenceId using CERTIFICATE objectType - expects KER-KMS-010 (Reference Id Not Supported).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "AUTOMATION-REF",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-010"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateMasterKey_CSR_WithReferenceId_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/CSR
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_09
+ description: Generate master key with non-empty referenceId using CSR objectType - expects KER-KMS-010 (Reference Id Not Supported).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "AUTOMATION-REF",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-010"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateMasterKey_InvalidObjectType_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/INVALID
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_06
+ description: Generate master key with invalid objectType path param - expects KER-KMS-500 (Internal Server Error).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-500"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateMasterKey_EmptyApplicationId_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_07
+ description: Generate master key with empty applicationId - expects error response.
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateMasterKey_Unauthenticated_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_10
+ description: Generate master key without authentication token - expects 500 (no auth enforcement on this endpoint).
+ role: noauth
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/responseCode
+ checkOnlyStatusCodeInResponse: true
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{"responseCode": "500"}'
+
+ KeyManager_GenerateMasterKey_WhitespaceApplicationId_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_11
+ description: Generate master key with whitespace-only applicationId - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": " ",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "$TIMESTAMP$"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
+
+ KeyManager_GenerateMasterKey_InvalidRequesttime_Negative:
+ endPoint: /v1/keymanager/generateMasterKey/CERTIFICATE
+ uniqueIdentifier: TC_KeyManager_GenerateMasterKey_12
+ description: Generate master key with invalid requesttime format - expects KER-KMS-005 (Invalid Request).
+ role: admin
+ restMethod: post
+ inputTemplate: keymanager/GenerateMasterKey/GenerateMasterKey
+ outputTemplate: keymanager/error
+ input: '{
+ "applicationId": "$KEYMANAGERAPPID$",
+ "referenceId": "",
+ "force": false,
+ "requesttime": "INVALID-TIMESTAMP-FORMAT"
+ }'
+ output: '{
+ "errors": [
+ {
+ "errorCode": "KER-KMS-005"
+ }
+ ]
+ }'
diff --git a/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKeyCSRResult.hbs b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKeyCSRResult.hbs
new file mode 100644
index 00000000..06a32747
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKeyCSRResult.hbs
@@ -0,0 +1,5 @@
+{
+ "response": {
+ "certSignRequest": "{{certSignRequest}}"
+ }
+}
diff --git a/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKeyResult.hbs b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKeyResult.hbs
new file mode 100644
index 00000000..50509212
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/GenerateMasterKey/GenerateMasterKeyResult.hbs
@@ -0,0 +1,7 @@
+{
+ "response": {
+ "certificate": "{{certificate}}",
+ "certIsValid": "{{certIsValid}}",
+ "certKeyUsageValid": "{{certKeyUsageValid}}"
+ }
+}
diff --git a/api-test/src/main/resources/keymanager/error.hbs b/api-test/src/main/resources/keymanager/error.hbs
new file mode 100644
index 00000000..838ddc73
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/error.hbs
@@ -0,0 +1,10 @@
+{
+ "errors": [
+ {{#each errors}}
+ {
+ "errorCode": "{{errorCode}}"
+ }
+ {{#unless @last}},{{/unless}}
+ {{/each}}
+ ]
+}
\ No newline at end of file
diff --git a/api-test/src/main/resources/keymanager/responseCode.hbs b/api-test/src/main/resources/keymanager/responseCode.hbs
new file mode 100644
index 00000000..107651ca
--- /dev/null
+++ b/api-test/src/main/resources/keymanager/responseCode.hbs
@@ -0,0 +1,3 @@
+{
+ "responseCode": "{{responseCode}}"
+}
diff --git a/api-test/src/main/resources/log4j.properties b/api-test/src/main/resources/log4j.properties
new file mode 100644
index 00000000..128e1d1c
--- /dev/null
+++ b/api-test/src/main/resources/log4j.properties
@@ -0,0 +1,8 @@
+log4j.rootLogger=INFO, Appender1,Appender2
+log4j.appender.Appender1=org.apache.log4j.ConsoleAppender
+log4j.appender.Appender1.layout=org.apache.log4j.PatternLayout
+log4j.appender.Appender1.layout.ConversionPattern=%-7p %d [%t] %c %x - %m%n
+log4j.appender.Appender2=org.apache.log4j.FileAppender
+log4j.appender.Appender2.File=../logs/mosip-api-test.log
+log4j.appender.Appender2.layout=org.apache.log4j.PatternLayout
+log4j.appender.Appender2.layout.ConversionPattern=%-7p %d [%t] %c %x - %m%n
diff --git a/api-test/src/main/resources/metadata.xml b/api-test/src/main/resources/metadata.xml
new file mode 100644
index 00000000..ea66c92e
--- /dev/null
+++ b/api-test/src/main/resources/metadata.xml
@@ -0,0 +1,16 @@
+
+ 4.0.0
+ io.mosip.testrig.apirig.automationtests
+ automationtests
+ jar
+ io.mosip.testrig.apirig.automationtests
+ http://maven.apache.org
+
+
+ io.mosip
+ mosip-parent
+ 1.0.10
+
+
+
diff --git a/api-test/src/main/resources/spring.properties b/api-test/src/main/resources/spring.properties
new file mode 100644
index 00000000..edb4c056
--- /dev/null
+++ b/api-test/src/main/resources/spring.properties
@@ -0,0 +1,329 @@
+#Please change only required values
+logging.level.io.mosip.registration=DEBUG
+
+hibernate.hbm2ddl.auto=none
+hibernate.dialect=org.hibernate.dialect.DerbyTenSevenDialect
+hibernate.show_sql=false
+hibernate.format_sql=false
+hibernate.connection.charSet=utf8
+hibernate.cache.use_second_level_cache=false
+hibernate.cache.use_query_cache=false
+hibernate.cache.use_structured_entries=false
+hibernate.generate_statistics=false
+
+#otp validation time details
+otp_validity_in_mins=2
+
+
+#Timeout Configuration
+HTTP_API_READ_TIMEOUT = 60000
+HTTP_API_WRITE_TIMEOUT = 60000
+
+#Biometric Device
+PROVIDER_NAME = Mantra
+WEBCAM_LIBRARY_NAME = sarxos
+
+#document scanner properties
+DOCUMENT_SCANNER_DEPTH=10
+DOCUMENT_SCANNER_HOST=192.168.43.253
+DOCUMENT_SCANNER_PORT=6566
+DOCUMENT_SCANNER_TIMEOUT=5000
+
+#Client ID and Secret Key
+AUTH_CLIENT_ID=registration-client
+AUTH_SECRET_KEY=
+
+spring.cloud.config.uri=LOCAL
+spring.application.name=
+spring.profiles.active=
+spring.cloud.config.label=
+
+#AUTH_SDK
+mosip.registration.face.provider=com.identy.IdentyBioSDK
+mosip.registration.iris.provider=com.identy.IdentyBioSDK
+mosip.registration.finger.provider=com.identy.IdentyBioSDK
+
+
+#MDM
+#host has to be clarified whether nedd to be in config or hardcoded
+mdm.host=127.0.0.1
+#portRangeFrom and portRangeTo are mandate,portRangeTo can be same are greater than then portRangeFrom
+mdm.portRangeFrom=4500
+mdm.portRangeTo=4510
+mdm.contextPath=
+mdm.hostProtocol=http
+
+mdm.deviceInfo.service.path=deviceInfo
+mdm.deviceInfo.service.headers=Content-Type:APPLICATION/JSON
+mdm.deviceInfo.service.httpmethod=GET
+mdm.deviceInfo.service.responseType=java.lang.Object
+
+mdm.capture.service.path=capture
+mdm.capture.service.headers=Content-Type:APPLICATION/JSON
+mdm.capture.service.httpmethod=POST
+mdm.deviceInfo.service.responseType=java.lang.Object
+
+mdm.deviceDiscovery.service.path=deviceDiscovery
+mdm.deviceDiscovery.service.headers=Content-Type:APPLICATION/JSON
+mdm.deviceDiscovery.service.httpmethod=POST
+mdm.deviceDiscovery.service.responseType=java.lang.Object
+
+mosip.kernel.idobjectvalidator.file-storage-uri=LOCAL
+mosip.kernel.idobjectvalidator.schema-name=mosip-identity-json-schema.json
+mosip.kernel.idobjectvalidator.property-source=LOCAL
+mosip.kernel.keymanager-service-sign-url=
+
+mosip.country.code=MOR
+
+#onboarded_user details
+user_machine_mapping.service.url=https://qa.mosip.io/v1/masterdata/registrationmachineusermappings
+user_machine_mapping.service.httpmethod=PUT
+user_machine_mapping.service.requestType=java.lang.Object
+user_machine_mapping.service.headers=Content-Type:APPLICATION/JSON
+user_machine_mapping.service.authrequired=true
+user_machine_mapping.service.signrequired=false
+user_machine_mapping.service.authheader=Authorization:OAUTH
+user_machine_mapping.service.requestsignrequired=true
+
+#packet_status details
+packet_status.service.url=https://qa.mosip.io/registrationprocessor/v1/registrationstatus/search
+packet_status.service.httpmethod=POST
+packet_status.service.responseType=java.util.LinkedHashMap
+packet_status.service.headers=Content-Type:APPLICATION/JSON
+packet_status.service.authrequired=true
+packet_status.service.signrequired=false
+packet_status.service.authheader=Authorization:OAUTH
+packet_status.service.requestsignrequired=true
+
+#sms
+sms.service.url=https://qa.mosip.io/v1/smsnotifier/sms/send
+sms.service.httpmethod=POST
+sms.service.requestType=java.lang.Object
+sms.service.headers=Content-Type:APPLICATION/JSON
+sms.service.authrequired=true
+sms.service.signrequired=false
+sms.service.authheader=Authorization:OAUTH
+sms.service.requestsignrequired=true
+
+#email
+email.service.url=https://qa.mosip.io/v1/emailnotifier/email/send
+email.service.httpmethod=POST
+email.service.requestType=java.lang.Object
+email.service.headers=Content-Type:multipart/form-data
+email.service.authrequired=true
+email.service.signrequired=false
+email.service.authheader=Authorization:OAUTH
+email.service.requestsignrequired=true
+
+#Upload
+packet_upload.service.url=https://qa.mosip.io/registrationprocessor/v1/packetreceiver/registrationpackets
+packet_upload.service.httpmethod=POST
+packet_upload.service.requestType=java.lang.String
+packet_upload.service.headers=Content-Type:multipart/form-data
+packet_upload.service.authrequired=true
+packet_upload.service.signrequired=false
+packet_upload.service.authheader=Authorization:OAUTH
+packet_upload.service.requestsignrequired=true
+
+#Packet Sync
+packet_sync.service.url=https://qa.mosip.io/registrationprocessor/v1/registrationstatus/sync
+packet_sync.service.httpmethod=POST
+packet_sync.service.requestType=java.lang.Object
+packet_sync.service.headers=Content-Type:APPLICATION/JSON,timestamp:timestamp,Center-Machine-RefId:centerId
+packet_sync.service.authrequired=true
+packet_sync.service.signrequired=false
+packet_sync.service.authheader=Authorization:OAUTH
+packet_sync.service.requestsignrequired=true
+
+#policy sync
+policysync.service.url= https://qa.mosip.io/v1/syncdata/publickey/REGISTRATION
+policysync.service.httpmethod=GET
+policysync.service.responseType=java.util.LinkedHashMap
+policysync.service.headers=Content-Type:APPLICATION/JSON
+policysync.service.authrequired=true
+policysync.service.signrequired=false
+policysync.service.authheader=Authorization:OAUTH
+policysync.service.requestsignrequired=true
+
+#Pre-Registration Get Pre-Reg Id's
+get_pre_registration_Ids.service.url=https://qa.mosip.io/preregistration/v1/sync
+get_pre_registration_Ids.service.httpmethod=POST
+get_pre_registration_Ids.service.requestType=java.lang.Object
+get_pre_registration_Ids.service.headers=Content-Type:APPLICATION/JSON
+get_pre_registration_Ids.service.authrequired=true
+get_pre_registration_Ids.service.signrequired=false
+get_pre_registration_Ids.service.authheader=Authorization:OAUTH
+get_pre_registration_Ids.service.requestsignrequired=true
+
+#Pre-Registration Get Pre-Reg packet
+get_pre_registration.service.url=https://qa.mosip.io/preregistration/v1/sync/{pre_registration_id}
+get_pre_registration.service.httpmethod=GET
+get_pre_registration.service.responseType=java.lang.Object
+get_pre_registration.service.headers=Content-Type:APPLICATION/JSON
+get_pre_registration.service.authrequired=true
+get_pre_registration.service.signrequired=false
+get_pre_registration.service.authheader=Authorization:OAUTH
+get_pre_registration.service.requestsignrequired=true
+
+#master_sync details
+master_sync.service.url=https://qa.mosip.io/v1/syncdata/masterdata
+master_sync.service.httpmethod=GET
+master_sync.service.responseType=java.lang.Object
+master_sync.service.headers=Content-Type:application/json;charset=UTF-8
+master_sync.service.authrequired=true
+master_sync.service.signrequired=false
+master_sync.service.authheader=Authorization:OAUTH
+master_sync.service.requestsignrequired=true
+
+#Get Global-Config Details
+get_registration_center_config.service.url=https://qa.mosip.io/v1/syncdata/configs
+get_registration_center_config.service.httpmethod=GET
+get_registration_center_config.service.responseType=java.util.LinkedHashMap
+get_registration_center_config.service.headers=Content-Type:APPLICATION/JSON
+get_registration_center_config.service.authrequired=true
+get_registration_center_config.service.signrequired=false
+get_registration_center_config.service.authheader=Authorization:OAUTH
+get_registration_center_config.service.requestsignrequired=true
+
+#Send OTP
+send_otp.service.url=https://qa.mosip.io/v1/authmanager/authenticate/sendotp
+send_otp.service.httpmethod=POST
+send_otp.service.requestType=java.lang.Object
+send_otp.service.headers=Content-Type:APPLICATION/JSON
+send_otp.service.authrequired=true
+send_otp.service.signrequired=false
+send_otp.service.authheader=Authorization:OAUTH
+send_otp.service.requestsignrequired=false
+
+#Validate Authorization Token
+validate_auth_token.service.url=https://qa.mosip.io/v1/authmanager/authorize/admin/validateToken
+validate_auth_token.service.httpmethod=POST
+validate_auth_token.service.requestType=java.lang.Object
+validate_auth_token.service.headers=Content-Type:APPLICATION/JSON
+validate_auth_token.service.authrequired=true
+validate_auth_token.service.signrequired=false
+validate_auth_token.service.authheader=Authorization:OAUTH
+validate_auth_token.service.requestsignrequired=false
+
+#Authentication API
+auth_by_password.service.url=https://qa.mosip.io/v1/authmanager/authenticate/useridPwd
+auth_by_otp.service.url=https://qa.mosip.io/v1/authmanager/authenticate/useridOTP
+auth_by_clientid_secretkey.service.url=https://qa.mosip.io/v1/authmanager/authenticate/clientidsecretkey
+
+#user details
+user_details.service.url=https://qa.mosip.io/v1/syncdata/userdetails/{regid}
+user_details.service.httpmethod=GET
+user_details.service.responseType=java.lang.Object
+user_details.service.headers=Content-Type:APPLICATION/JSON
+user_details.service.authrequired=true
+user_details.service.signrequired=false
+user_details.service.authheader=Authorization:OAUTH
+user_details.service.requestsignrequired=true
+
+#Invalidate Authorization Token
+invalidate_auth_token.service.url=https://qa.mosip.io/v1/authmanager/authorize/invalidateToken
+invalidate_auth_token.service.httpmethod=POST
+invalidate_auth_token.service.requestType=java.lang.Object
+invalidate_auth_token.service.headers=Content-Type:APPLICATION/JSON
+invalidate_auth_token.service.authrequired=true
+invalidate_auth_token.service.signrequired=false
+invalidate_auth_token.service.authheader=Authorization:OAUTH
+invalidate_auth_token.service.requestsignrequired=false
+
+#public_key details
+public_key.service.url=https://qa.mosip.io/v1/keymanager/publickey/KERNEL
+public_key.service.httpmethod=GET
+public_key.service.responseType=java.lang.Object
+public_key.service.headers=Content-Type:APPLICATION/JSON
+public_key.service.authrequired=true
+public_key.service.signrequired=false
+public_key.service.authheader=Authorization:OAUTH
+public_key.service.requestsignrequired=true
+
+#public_key details
+public_key.service.url=https://qa.mosip.io/v1/keymanager/publickey/KERNEL
+public_key.service.httpmethod=GET
+public_key.service.responseType=java.lang.Object
+public_key.service.headers=Content-Type:APPLICATION/JSON
+public_key.service.authrequired=true
+public_key.service.signrequired=false
+public_key.service.authheader=Authorization:OAUTH
+public_key.service.requestsignrequired=true
+
+#user_salt_details details
+user_salt_details.service.url=https://qa.mosip.io/v1/authmanager/usersaltdetails/registrationclient
+user_salt_details.service.httpmethod=GET
+user_salt_details.service.responseType=java.lang.Object
+user_salt_details.service.headers=Content-Type:APPLICATION/JSON
+user_salt_details.service.authrequired=true
+user_salt_details.service.signrequired=false
+user_salt_details.service.authheader=Authorization:OAUTH
+user_salt_details.service.requestsignrequired=true
+
+#SignatureResponseUrl's
+mosip.kernel.signature.cryptomanager-encrypt-url=https://qa.mosip.io/v1/cryptomanager/private/encrypt
+mosip.kernel.keymanager-service-publickey-url=https://qa.mosip.io/v1/keymanager/publickey/{applicationId}
+auth.server.validate.url=https://qa.mosip.io/v1/authmanager/authorize/validateToken
+auth.server.refreshToken.url=https://qa.mosip.io/v1/authmanager/authorize/refreshToken
+
+#master_sync details
+center_remap_sync.service.url=https://qa.mosip.io/v1/syncdata/masterdata/{regcenterId}
+center_remap_sync.service.httpmethod=GET
+center_remap_sync.service.responseType=java.lang.Object
+center_remap_sync.service.headers=Content-Type:application/json;charset=UTF-8
+center_remap_sync.service.authrequired=true
+center_remap_sync.service.signrequired=false
+center_remap_sync.service.authheader=Authorization:OAUTH
+center_remap_sync.service.requestsignrequired=true
+
+#ida_key details
+ida_key.service.url=https://qa.mosip.io/v1/keymanager/publickey/IDA
+ida_key.service.httpmethod=GET
+ida_key.service.responseType=java.util.LinkedHashMap
+ida_key.service.headers=Content-Type:APPLICATION/JSON
+ida_key.service.authrequired=true
+ida_key.service.signrequired=false
+ida_key.service.authheader=Authorization:OAUTH
+ida_key.service.requestsignrequired=true
+
+#ida_auth details
+ida_auth.service.url=https://qa.mosip.io/idauthentication/v1/internal/auth
+ida_auth.service.httpmethod=POST
+ida_auth.service.responseType=java.util.LinkedHashMap
+ida_auth.service.headers=Content-Type:APPLICATION/JSON
+ida_auth.service.authrequired=true
+ida_auth.service.signrequired=false
+ida_auth.service.authheader=Authorization:OAUTH
+ida_auth.service.requestsignrequired=true
+
+#TPM Public Key Upload
+tpm_public_key.service.url=https://qa.mosip.io/v1/syncdata/tpm/publickey
+tpm_public_key.service.httpmethod=POST
+tpm_public_key.service.responseType=java.lang.Object
+tpm_public_key.service.headers=Content-Type:APPLICATION/JSON
+tpm_public_key.service.authrequired=true
+tpm_public_key.service.signrequired=false
+tpm_public_key.service.authheader=Authorization:OAUTH
+ida_auth.service.requestsignrequired=false
+
+#Main Properties
+mosip.reg.client.url=https://devops.mosip.io/artifactory/libs-release/io/mosip/registration/registration-client/
+mosip.reg.logpath=../logs
+mosip.reg.packetstorepath=../PacketStore
+mosip.reg.healthcheck.url=https://qa.mosip.io/v1/authmanager/actuator/health
+mosip.reg.rollback.path=../BackUp
+mosip.reg.db.key=bW9zaXAxMjM0NQ\=\=
+mosip.reg.cerpath=/cer//mosip_cer.cer
+mosip.reg.xml.file.url=https://devops.mosip.io/artifactory/libs-release/io/mosip/registration/registration-client/maven-metadata.xml
+mosip.reg.dbpath=db/reg
+mosip.reg.client.tpm.availability=N
+
+#Cryptomanger
+session_key.service.url=https://qa.mosip.io/v1/cryptomanager/encrypt
+session_key.service.httpmethod=POST
+session_key.service.requestType=java.lang.Object
+session_key.service.headers=Content-Type:APPLICATION/JSON
+session_key.service.authrequired=true
+session_key.service.signrequired=false
+session_key.service.authheader=Authorization:OAUTH
+session_key.service.requestsignrequired=true
diff --git a/api-test/src/main/resources/testCaseSkippedList.txt b/api-test/src/main/resources/testCaseSkippedList.txt
new file mode 100644
index 00000000..c8e1fa31
--- /dev/null
+++ b/api-test/src/main/resources/testCaseSkippedList.txt
@@ -0,0 +1,2 @@
+######JIRA number;testcase
+#MOSIP-37220------IdRepository_AddIdentity_array_handle_post_update_value_smoke_Pos
\ No newline at end of file
diff --git a/api-test/testNgXmlFiles/keymanagerMasterTestSuite.xml b/api-test/testNgXmlFiles/keymanagerMasterTestSuite.xml
new file mode 100644
index 00000000..027d64f4
--- /dev/null
+++ b/api-test/testNgXmlFiles/keymanagerMasterTestSuite.xml
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/api-test/testNgXmlFiles/keymanagerSuite.xml b/api-test/testNgXmlFiles/keymanagerSuite.xml
new file mode 100644
index 00000000..c7a1c7eb
--- /dev/null
+++ b/api-test/testNgXmlFiles/keymanagerSuite.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+