Add Cert management test cases for valid scenario
Server cert upload, client cert install, CA cert
replace and install TCs are written, code is be moidified
with expecetd error code being checked.
Change-Id: Ica41da590eb2f5455e527c4966485141201dc3ad
Signed-off-by: manashsarma <manashsarma@in.ibm.com>
diff --git a/redfish/dmtf_tools/test_redfishtool.robot b/redfish/dmtf_tools/test_redfishtool.robot
index dfc34fe..612e0f4 100644
--- a/redfish/dmtf_tools/test_redfishtool.robot
+++ b/redfish/dmtf_tools/test_redfishtool.robot
@@ -1,7 +1,7 @@
*** Settings ***
-Documentation Verify Redfish tool functionality.
+Documentation Verify Redfish tool functionality.
Library OperatingSystem
Library String
@@ -10,6 +10,7 @@
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
+Resource ../../lib/certificate_utils.robot
Suite Setup Suite Setup Execution
@@ -18,7 +19,8 @@
*** Variables ***
-${root_cmd_args} redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
+${root_cmd_args} = SEPARATOR=
+... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
${min_number_sensors} ${15}
${min_number_roles} ${4}
${min_number_users} ${1}
@@ -82,7 +84,9 @@
Redfishtool Create User "UserT100" "TestPwd123" "Operator" true
Redfishtool Delete User "UserT100"
- Redfishtool Access Resource /redfish/v1/AccountService/Accounts "UserT100" "TestPwd123" ${HTTP_UNAUTHORIZED}
+ Redfishtool Access Resource /redfish/v1/AccountService/Accounts "UserT100" "TestPwd123"
+ ... ${HTTP_UNAUTHORIZED}
+
Verify Redfishtool Error Upon Creating Same Users With Different Privileges
[Documentation] Verify error upon creating same users with different privileges.
@@ -90,7 +94,8 @@
[Teardown] Redfishtool Delete User "UserT100"
Redfishtool Create User "UserT100" "TestPwd123" "Operator" true
- Redfishtool Create User "UserT100" "TestPwd123" "Administrator" true expected_error=${HTTP_BAD_REQUEST}
+ Redfishtool Create User "UserT100" "TestPwd123" "Administrator" true
+ ... expected_error=${HTTP_BAD_REQUEST}
Verify Redfishtool Admin User Privilege
@@ -117,6 +122,41 @@
... "UserT101" "TestPwd123" "Operator" true "UserT100" "TestPwd123" ${HTTP_FORBIDDEN}
+Verify Redfishtool Replace Server Certificate Valid CertKey
+ [Documentation] Verify replace server certificate.
+ [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey
+
+ Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok
+
+
+Verify Redfishtool Replace Client Certificate Valid CertKey
+ [Documentation] Verify replace client certificate.
+ [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey
+
+ Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok
+
+
+Verify Redfishtool Replace CA Certificate Valid Cert
+ [Documentation] Verify replace CA certificate.
+ [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert
+
+ Verify Redfishtool Replace Certificate CA Valid Certificate ok
+
+
+Verify Redfishtool Client Certificate Install Valid CertKey
+ [Documentation] Verify client certificate installation.
+ [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey
+
+ Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok
+
+
+Verify Redfishtool CA Certificate Install Valid Cert
+ [Documentation] Verify CA Certificate installation.
+ [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert
+
+ Verify Redfishtool Install Certificate CA Valid Certificate ok
+
+
*** Keywords ***
Redfishtool Access Resource
@@ -149,7 +189,8 @@
Redfishtool Create User
[Documentation] Create new user.
- [Arguments] ${user_name} ${password} ${roleID} ${enable} ${login_user}="" ${login_pasword}="" ${expected_error}=""
+ [Arguments] ${user_name} ${password} ${roleID} ${enable} ${login_user}="" ${login_pasword}=""
+ ... ${expected_error}=""
# Description of argument(s):
# user_name The user name (e.g. "test", "robert", etc.).
@@ -159,8 +200,10 @@
# expected_error Expected error optionally provided in testcase (e.g. 401 /
# authentication error, etc. )
- ${user_cmd_args}= Set Variable redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
- ${data}= Set Variable '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
+ ${user_cmd_args}= Set Variable
+ ... redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
+ ${data}= Set Variable
+ ... '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
Run Keyword If ${login_user} == ""
... Redfishtool Post ${data} /redfish/v1/AccountService/Accounts ${root_cmd_args} ${expected_error}
... ELSE
@@ -180,11 +223,14 @@
# expected_error Expected error optionally provided in testcase (e.g. 401 /
# authentication error, etc. )
- ${user_cmd_args}= Set Variable redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
+ ${user_cmd_args}= Set Variable
+ ... redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
Run Keyword If ${login_user} == ""
- ... Redfishtool Patch '{"RoleId":${newRole}}' /redfish/v1/AccountService/Accounts/${user_name} ${root_cmd_args} ${expected_error}
+ ... Redfishtool Patch '{"RoleId":${newRole}}'
+ ... /redfish/v1/AccountService/Accounts/${user_name} ${root_cmd_args} ${expected_error}
... ELSE
- ... Redfishtool Patch '{"RoleId":${newRole}}' /redfish/v1/AccountService/Accounts/${user_name} ${user_cmd_args} ${expected_error}
+ ... Redfishtool Patch '{"RoleId":${newRole}}'
+ ... /redfish/v1/AccountService/Accounts/${user_name} ${user_cmd_args} ${expected_error}
Redfishtool Delete User
@@ -222,6 +268,7 @@
${status}= Run Keyword And Return Status redfishtool Get
... /redfish/v1/AccountService/Accounts/${user_name}
+
[return] ${status}
@@ -237,9 +284,179 @@
${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
+
[Return] ${cmd_output}
+Verify Redfishtool Install Certificate
+ [Documentation] Install and verify certificate using Redfishtool.
+ [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True}
+
+ # Description of argument(s):
+ # cert_type Certificate type (e.g. "Client" or "CA").
+ # cert_format Certificate file format
+ # expected_status Expected status of certificate install Redfishtool
+ # request (i.e. "ok" or "error").
+ # delete_cert Certificate will be deleted before installing if this True.
+
+ Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}'
+ ... Delete All CA Certificate Via Redfisthtool
+ ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}'
+ ... Redfishtool Delete Certificate Via BMC CLI ${cert_type}
+
+ ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
+ ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
+ ${file_data}= Decode Bytes To String ${bytes} UTF-8
+
+ ${certificate_uri}= Set Variable If
+ ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
+ ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
+
+ ${cert_id}= Redfishtool Install Certificate File On BMC ${certificate_uri} data=${file_data}
+ Logging Installed certificate id: ${cert_id}
+
+ # Adding delay after certificate installation.
+ Sleep 30s
+
+ ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
+
+ ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString
+
+ Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
+
+ [Return] ${cert_id}
+
+
+Delete All CA Certificate Via Redfisthtool
+ [Documentation] Delete all CA certificate via Redfish.
+
+ ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates
+ ${json_object}= To JSON ${cmd_output}
+ ${cert_list}= Set Variable ${json_object["Members"]}
+ FOR ${cert} IN @{cert_list}
+ Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} ${HTTP_NO_CONTENT}
+ END
+
+
+Redfishtool Delete Certificate Via BMC CLI
+ [Documentation] Delete certificate via BMC CLI.
+ [Arguments] ${cert_type}
+
+ # Description of argument(s):
+ # cert_type Certificate type (e.g. "Client" or "CA").
+
+ ${certificate_file_path} ${certificate_service} ${certificate_uri}=
+ ... Run Keyword If '${cert_type}' == 'Client'
+ ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
+ ... ${REDFISH_LDAP_CERTIFICATE_URI}
+ ... ELSE IF '${cert_type}' == 'CA'
+ ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service
+ ... ${REDFISH_CA_CERTIFICATE_URI}
+
+ ${file_status} ${stderr} ${rc}= BMC Execute Command
+ ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
+
+ Return From Keyword If "${file_status}" != "Found"
+ BMC Execute Command rm ${certificate_file_path}
+ BMC Execute Command systemctl restart ${certificate_service}
+ BMC Execute Command systemctl daemon-reload
+
+
+Redfishtool Install Certificate File On BMC
+ [Documentation] Install certificate file in BMC using POST operation.
+ [Arguments] ${uri} ${status}=ok &{kwargs}
+
+ # Description of argument(s):
+ # uri URI for installing certificate file via Redfishtool.
+ # e.g. "/redfish/v1/AccountService/LDAP/Certificates".
+ # status Expected status of certificate installation via Redfishtool.
+ # e.g. error, ok.
+ # kwargs A dictionary of keys/values to be passed directly to
+ # POST Request.
+
+ Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD}
+
+ ${headers}= Create Dictionary Content-Type=application/octet-stream
+ ... X-Auth-Token=${XAUTH_TOKEN}
+ Set To Dictionary ${kwargs} headers ${headers}
+
+ ${ret}= Post Request openbmc ${uri} &{kwargs}
+ ${content_json}= To JSON ${ret.content}
+ ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1
+
+ Run Keyword If '${status}' == 'ok'
+ ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
+ ... ELSE IF '${status}' == 'error'
+ ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
+
+ Delete All Sessions
+
+ [Return] ${cert_id}
+
+
+Verify Redfishtool Replace Certificate
+ [Documentation] Verify replace server certificate.
+ [Arguments] ${cert_type} ${cert_format} ${expected_status}
+
+ # Description of argument(s):
+ # cert_type Certificate type (e.g. "Client", "Server" or "CA").
+ # cert_format Certificate file format
+ # (e.g. "Valid_Certificate_Valid_Privatekey").
+ # expected_status Expected status of certificate replace Redfishtool
+ # request (i.e. "ok" or "error").
+
+ Create Directory certificate_dir
+ # Install certificate before replacing client or CA certificate.
+ ${cert_id}= Run Keyword If '${cert_type}' == 'Client'
+ ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok
+ ... ELSE IF '${cert_type}' == 'CA'
+ ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok
+
+ ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
+ ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
+ ${file_data}= Decode Bytes To String ${bytes} UTF-8
+
+ ${certificate_uri}= Set Variable If
+ ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1
+ ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1
+ ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id}
+
+ ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
+ ${dict_objects}= Create Dictionary CertificateString=${file_data}
+ ... CertificateType=PEM CertificateUri=${certificate_dict}
+ ${string}= Convert To String ${dict_objects}
+ ${string}= Replace String ${string} ' "
+ ${payload}= Set Variable '${string}'
+ ${response}= Redfishtool Post
+ ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
+
+ ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
+ ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString
+
+ Run Keyword If '${expected_status}' == 'ok'
+ ... Should Contain ${cert_file_content} ${bmc_cert_content}
+ ... ELSE
+ ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
+
+
+Redfishtool GetAttribute
+ [Documentation] Execute redfishtool for GET operation.
+ [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}=""
+
+ # Description of argument(s):
+ # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
+ # Attribute The specific attribute to be retrieved with the URI.
+ # cmd_args Commandline arguments.
+ # expected_error Expected error optionally provided in testcase (e.g. 401 /
+ # authentication error, etc. ).
+
+ ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
+ Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
+ ${json_object}= To JSON ${cmd_output}
+
+ [Return] ${json_object["CertificateString"]}
+
+
Redfishtool Post
[Documentation] Execute redfishtool for Post operation.
[Arguments] ${payload} ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}=""
@@ -254,6 +471,7 @@
${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} POST ${uri} --data=${payload}
Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
+
[Return] ${cmd_output}
@@ -270,6 +488,7 @@
${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} PATCH ${uri} --data=${payload}
Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
+
[Return] ${cmd_output}
@@ -285,6 +504,7 @@
${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} DELETE ${uri}
Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
+
[Return] ${cmd_output}