blob: ef6384e3dc2e94bd319cf77b8ecc71f2dd11d59e [file] [log] [blame]
*** Settings ***
Documentation Test certificate in OpenBMC.
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
Resource ../../lib/certificate_utils.robot
Suite Setup Suite Setup Execution
Test Teardown Test Teardown Execution
** Test Cases **
Verify Server Certificate Replace
[Documentation] Verify server certificate replace.
[Tags] Verify_Server_Certificate_Replace
[Template] Replace Certificate Via Redfish
# cert_type cert_format expected_status
Server Valid Certificate Valid Privatekey ok
Server Empty Certificate Valid Privatekey error
Server Valid Certificate Empty Privatekey error
Server Empty Certificate Empty Privatekey error
Verify Client Certificate Replace
[Documentation] Verify client certificate replace.
[Tags] Verify_Client_Certificate_Replace
[Template] Replace Certificate Via Redfish
# cert_type cert_format expected_status
Client Valid Certificate Valid Privatekey ok
Client Empty Certificate Valid Privatekey error
Client Valid Certificate Empty Privatekey error
Client Empty Certificate Empty Privatekey error
Verify Client Certificate Install
[Documentation] Verify client certificate install.
[Tags] Verify_Client_Certificate_Install
[Template] Install And Verify Certificate Via Redfish
# cert_type cert_format expected_status
Client Valid Certificate Valid Privatekey ok
Client Empty Certificate Valid Privatekey error
Client Valid Certificate Empty Privatekey error
Client Empty Certificate Empty Privatekey error
Verify CA Certificate Install
[Documentation] Verify CA certificate install.
[Tags] Verify_CA_Certificate_Install
[Template] Install And Verify Certificate Via Redfish
# cert_type cert_format expected_status
CA Valid Certificate ok
CA Empty Certificate error
Verify Server Certificate View Via Openssl
[Documentation] Verify server certificate via openssl command.
[Tags] Verify_Server_Certificate_View_Via_Openssl
redfish.Login
${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
${certificate_dict}= Create Dictionary
... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
${payload}= Create Dictionary CertificateString=${file_data}
... CertificateType=PEM CertificateUri=${certificate_dict}
${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
... body=${payload}
Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
*** Keywords ***
Install And Verify Certificate Via Redfish
[Documentation] Install and verify certificate using Redfish.
[Arguments] ${cert_type} ${cert_format} ${expected_status}
# Description of argument(s):
# cert_type Certificate type (e.g. "Client" or "CA").
# cert_format Certificate file format
# (e.g. "Valid_Certificate_Valid_Privatekey").
# expected_status Expected status of certificate replace Redfish
# request (i.e. "ok" or "error").
redfish.Login
Delete Certificate Via BMC CLI ${cert_type}
${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
${certificate_uri}= Set Variable If
... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
Install Certificate File On BMC ${certificate_uri} ${expected_status} data=${file_data}
# Adding delay after certificate installation.
Sleep 15s
${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute
... ${certificate_uri}/1 CertificateString
Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
Install Certificate File On BMC
[Documentation] Install certificate file in BMC using POST operation.
[Arguments] ${uri} ${status}=ok &{kwargs}
# Description of argument(s):
# uri URI for installing certificate file via REST
# e.g. "/xyz/openbmc_project/certs/server/https".
# status Expected status of certificate installation via REST
# e.g. error, ok.
# kwargs A dictionary of keys/values to be passed directly to
# POST Request.
Initialize OpenBMC quiet=${quiet}
${headers}= Create Dictionary Content-Type=application/octet-stream
... X-Auth-Token=${XAUTH_TOKEN}
Set To Dictionary ${kwargs} headers ${headers}
${ret}= Post Request openbmc ${uri} &{kwargs}
Run Keyword If '${status}' == 'ok'
... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
... ELSE IF '${status}' == 'error'
... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
Delete All Sessions
Replace Certificate Via Redfish
[Documentation] Test 'replace certificate' operation in the BMC via Redfish.
[Arguments] ${cert_type} ${cert_format} ${expected_status}
# Description of argument(s):
# cert_type Certificate type (e.g. "Server" or "Client").
# cert_format Certificate file format
# (e.g. Valid_Certificate_Valid_Privatekey).
# expected_status Expected status of certificate replace Redfish
# request (i.e. "ok" or "error").
# Install client certificate before replacing client certificate.
Run Keyword If '${cert_type}' == 'Client' Install And Verify Certificate Via Redfish
... ${cert_type} Valid Certificate Valid Privatekey ok
redfish.Login
${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
${certificate_uri}= Set Variable If '${cert_type}' == 'Server'
... /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
... /redfish/v1/AccountService/LDAP/Certificates/1
${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
${payload}= Create Dictionary CertificateString=${file_data}
... CertificateType=PEM CertificateUri=${certificate_dict}
${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}
${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
... body=${payload} valid_status_codes=[${expected_resp}]
${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString
Run Keyword If '${expected_status}' == 'ok'
... Should Contain ${cert_file_content} ${bmc_cert_content}
... ELSE
... Should Not Contain ${cert_file_content} ${bmc_cert_content}
Verify Certificate Visible Via OpenSSL
[Documentation] Checks if given certificate is visible via openssl's showcert command.
[Arguments] ${cert_file_path}
# Description of argument(s):
# cert_file_path Certificate file path.
${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
Should Contain ${cert_file_content} ${openssl_cert_content}
Delete Certificate Via BMC CLI
[Documentation] Delete certificate via BMC CLI.
[Arguments] ${cert_type}
# Description of argument(s):
# cert_type Certificate type (e.g. "Client" or "CA").
${certificate_file_path} ${certificate_service} ${certificate_uri}=
... Run Keyword If '${cert_type}' == 'Client'
... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
... ${REDFISH_LDAP_CERTIFICATE_URI}
... ELSE IF '${cert_type}' == 'CA'
... Set Variable /etc/ssl/certs/Root-CA.pem phosphor-certificate-manager@authority.service
... ${REDFISH_CA_CERTIFICATE_URI}
${file_status} ${stderr} ${rc}= BMC Execute Command
... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
Return From Keyword If "${file_status}" != "Found"
BMC Execute Command rm ${certificate_file_path}
BMC Execute Command systemctl restart ${certificate_service}
Wait Until Keyword Succeeds 1 min 10 sec
... Redfish.Get ${certificate_uri}/1 valid_status_codes=[${HTTP_INTERNAL_SERVER_ERROR}]
Suite Setup Execution
[Documentation] Do suite setup tasks.
# Create certificate sub-directory in current working directory.
Create Directory certificate_dir
Test Teardown Execution
[Documentation] Do the post test teardown.
FFDC On Test Case Fail
redfish.Logout