commit 1e0f6a82e8669d8ff8df65f08bbdc94d15ff7a1d
author Rahul Maheshwari <rahulmaheshwari@in.ibm.com> Thu Aug 29 01:33:23 2019 -0500
committer George Keishing <gkeishin@in.ibm.com> Thu Sep 12 05:26:13 2019 +0000
tree 5183486bb5cc10f92aaa041ec608f05adca8db8d
parent b9d8dfd2442dbdf7d1fcb11b8fd79317a6e95fda

Test CSR generation

Test cases added:
    - Verify CSR generation for server certificate
    - Verify CSR generation for client certificate
    - Verify CSR generation for server certificate with invalid value
    - Verify CSR generation for client certificate with invalid value

Resolves  openbmc/openbmc-test-automation#1932

Change-Id: Id575314c08639837dcac86474679f38e677f87cc
Signed-off-by: Rahul Maheshwari <rahulmaheshwari@in.ibm.com>

redfish/managers/test_certificate.robot

diff --git a/redfish/managers/test_certificate.robot b/redfish/managers/test_certificate.robot
index cf676eb..889b699 100644
--- a/redfish/managers/test_certificate.robot
+++ b/redfish/managers/test_certificate.robot
@@ -13,6 +13,11 @@
 Test Teardown    Test Teardown Execution
 
 
+*** Variables ***
+
+${invalid_value}  abc
+
+
 ** Test Cases **
 
 Verify Server Certificate Replace
@@ -92,6 +97,51 @@
     Wait Until Keyword Succeeds  2 mins  15 secs  Verify Certificate Visible Via OpenSSL  ${cert_file_path}
 
 
+Verify CSR Generation For Server Certificate
+    [Documentation]  Verify CSR generation for server certificate.
+    [Tags]  Verify_CSR_Generation_For_Server_Certificate
+    [Template]  Generate CSR Via Redfish
+
+    # csr_type  key_pair_algorithm  key_bit_length  key_curv_id  expected_status
+    Server      RSA                 ${2048}         ${EMPTY}     ok
+    Server      EC                  ${EMPTY}        prime256v1   ok
+    Server      EC                  ${EMPTY}        secp521r1    ok
+    Server      EC                  ${EMPTY}        secp384r1    ok
+
+
+Verify CSR Generation For Client Certificate
+    [Documentation]  Verify CSR generation for client certificate.
+    [Tags]  Verify_CSR_Generation_For_Client_Certificate
+    [Template]  Generate CSR Via Redfish
+
+    # csr_type  key_pair_algorithm  key_bit_length  key_curv_id  expected_status
+    Client      RSA                 ${2048}         ${EMPTY}     ok
+    Client      EC                  ${EMPTY}        prime256v1   ok
+    Client      EC                  ${EMPTY}        secp521r1    ok
+    Client      EC                  ${EMPTY}        secp384r1    ok
+
+
+Verify CSR Generation For Server Certificate With Invalid Value
+    [Documentation]  Verify error while generating CSR for server certificate with invalid value.
+    [Tags]  Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value
+    [Template]  Generate CSR Via Redfish
+
+    # csr_type  key_pair_algorithm  key_bit_length    key_curv_id       expected_status
+    Server      ${invalid_value}    ${2048}           prime256v1        error
+    Server      RAS                 ${invalid_value}  ${EMPTY}          error
+    Server      EC                  ${EMPTY}          ${invalid_value}  error
+
+
+Verify CSR Generation For Client Certificate With Invalid Value
+    [Documentation]  Verify error while generating CSR for client certificate with invalid value.
+    [Tags]  Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value
+    [Template]  Generate CSR Via Redfish
+
+    Client      ${invalid_value}    ${2048}           prime256v1        error
+    Client      RSA                 ${invalid_value}  ${EMPTY}          error
+    Client      EC                  ${EMPTY}          ${invalid_value}  error
+
+
 *** Keywords ***
 
 Install And Verify Certificate Via Redfish
@@ -205,6 +255,43 @@
     ...    Should Not Contain  ${cert_file_content}  ${bmc_cert_content}
 
 
+Generate CSR Via Redfish
+    [Documentation]  Generate CSR using Redfish.
+    [Arguments]  ${cert_type}  ${key_pair_algorithm}  ${key_bit_length}  ${key_curv_id}  ${expected_status}
+
+    # Description of argument(s):
+    # cert_type           Certificate type ("Server" or "Client").
+    # key_pair_algorithm  CSR key pair algorithm ("EC" or "RSA")
+    # key_bit_length      CSR key bit length ("2048").
+    # key_curv_id         CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1").
+    # expected_status     Expected status of certificate replace Redfish
+    #                     request ("ok" or "error").
+
+    redfish.Login
+
+    ${certificate_uri}=  Set Variable If
+    ...  '${cert_type}' == 'Server'  ${REDFISH_HTTPS_CERTIFICATE_URI}/
+    ...  '${cert_type}' == 'Client'  ${REDFISH_LDAP_CERTIFICATE_URI}/
+
+    ${certificate_dict}=  Create Dictionary  @odata.id=${certificate_uri}
+    ${payload}=  Create Dictionary  City=Austin  CertificateCollection=${certificate_dict}
+    ...  CommonName=${OPENBMC_HOST}  Country=US  Organization=IBM
+    ...  OrganizationalUnit=ISL  State=AU  KeyBitLength=${key_bit_length}
+    ...  KeyPairAlgorithm=${key_pair_algorithm}  KeyCurveId=${key_curv_id}
+
+    # Remove not applicable field for CSR generation.
+    Run Keyword If  '${key_pair_algorithm}' == 'EC'  Remove From Dictionary  ${payload}  KeyBitLength
+    ...  ELSE IF  '${key_pair_algorithm}' == 'RSA'  Remove From Dictionary  ${payload}  KeyCurveId
+
+    ${expected_resp}=  Set Variable If  '${expected_status}' == 'ok'  ${HTTP_OK}
+    ...  '${expected_status}' == 'error'  ${HTTP_INTERNAL_SERVER_ERROR}, ${HTTP_BAD_REQUEST}
+    ${resp}=  redfish.Post  /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
+    ...  body=${payload}  valid_status_codes=[${expected_resp}]
+
+    # Delay added between two CSR generation request.
+    Sleep  5s
+
+
 Delete Certificate Via BMC CLI
     [Documentation]  Delete certificate via BMC CLI.
     [Arguments]  ${cert_type}