Test CSR generation
Test cases added:
- Verify CSR generation for server certificate
- Verify CSR generation for client certificate
- Verify CSR generation for server certificate with invalid value
- Verify CSR generation for client certificate with invalid value
Resolves openbmc/openbmc-test-automation#1932
Change-Id: Id575314c08639837dcac86474679f38e677f87cc
Signed-off-by: Rahul Maheshwari <rahulmaheshwari@in.ibm.com>
diff --git a/redfish/managers/test_certificate.robot b/redfish/managers/test_certificate.robot
index cf676eb..889b699 100644
--- a/redfish/managers/test_certificate.robot
+++ b/redfish/managers/test_certificate.robot
@@ -13,6 +13,11 @@
Test Teardown Test Teardown Execution
+*** Variables ***
+
+${invalid_value} abc
+
+
** Test Cases **
Verify Server Certificate Replace
@@ -92,6 +97,51 @@
Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
+Verify CSR Generation For Server Certificate
+ [Documentation] Verify CSR generation for server certificate.
+ [Tags] Verify_CSR_Generation_For_Server_Certificate
+ [Template] Generate CSR Via Redfish
+
+ # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
+ Server RSA ${2048} ${EMPTY} ok
+ Server EC ${EMPTY} prime256v1 ok
+ Server EC ${EMPTY} secp521r1 ok
+ Server EC ${EMPTY} secp384r1 ok
+
+
+Verify CSR Generation For Client Certificate
+ [Documentation] Verify CSR generation for client certificate.
+ [Tags] Verify_CSR_Generation_For_Client_Certificate
+ [Template] Generate CSR Via Redfish
+
+ # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
+ Client RSA ${2048} ${EMPTY} ok
+ Client EC ${EMPTY} prime256v1 ok
+ Client EC ${EMPTY} secp521r1 ok
+ Client EC ${EMPTY} secp384r1 ok
+
+
+Verify CSR Generation For Server Certificate With Invalid Value
+ [Documentation] Verify error while generating CSR for server certificate with invalid value.
+ [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value
+ [Template] Generate CSR Via Redfish
+
+ # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
+ Server ${invalid_value} ${2048} prime256v1 error
+ Server RAS ${invalid_value} ${EMPTY} error
+ Server EC ${EMPTY} ${invalid_value} error
+
+
+Verify CSR Generation For Client Certificate With Invalid Value
+ [Documentation] Verify error while generating CSR for client certificate with invalid value.
+ [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value
+ [Template] Generate CSR Via Redfish
+
+ Client ${invalid_value} ${2048} prime256v1 error
+ Client RSA ${invalid_value} ${EMPTY} error
+ Client EC ${EMPTY} ${invalid_value} error
+
+
*** Keywords ***
Install And Verify Certificate Via Redfish
@@ -205,6 +255,43 @@
... Should Not Contain ${cert_file_content} ${bmc_cert_content}
+Generate CSR Via Redfish
+ [Documentation] Generate CSR using Redfish.
+ [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status}
+
+ # Description of argument(s):
+ # cert_type Certificate type ("Server" or "Client").
+ # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA")
+ # key_bit_length CSR key bit length ("2048").
+ # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1").
+ # expected_status Expected status of certificate replace Redfish
+ # request ("ok" or "error").
+
+ redfish.Login
+
+ ${certificate_uri}= Set Variable If
+ ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/
+ ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/
+
+ ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
+ ${payload}= Create Dictionary City=Austin CertificateCollection=${certificate_dict}
+ ... CommonName=${OPENBMC_HOST} Country=US Organization=IBM
+ ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length}
+ ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id}
+
+ # Remove not applicable field for CSR generation.
+ Run Keyword If '${key_pair_algorithm}' == 'EC' Remove From Dictionary ${payload} KeyBitLength
+ ... ELSE IF '${key_pair_algorithm}' == 'RSA' Remove From Dictionary ${payload} KeyCurveId
+
+ ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
+ ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}, ${HTTP_BAD_REQUEST}
+ ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
+ ... body=${payload} valid_status_codes=[${expected_resp}]
+
+ # Delay added between two CSR generation request.
+ Sleep 5s
+
+
Delete Certificate Via BMC CLI
[Documentation] Delete certificate via BMC CLI.
[Arguments] ${cert_type}