Certificate: Hardcoded keybit length was removed and an keyword was introduced to have keybit length in variables section
Changes:
- ${keybit_length} keyword was introduced in variables section.
- keybit length(2048) declared inside test case was renamed to ${keybit_length}.
- Introduced ${keybit_length} variable in lib/certificate_utils.robot file.
- Renamed hardcoded keybit length in "Generate Certificate File Via Openssl" keyword.
Tested:
- Ran Following Scripts Successfully
- redfish/dmtf_tools/test_redfishtool_certificate.robot
- redfish/managers/test_certificate.robot
Change-Id: I9f6490acb468a61d4cd35b5082b770016f293005
Signed-off-by: ganesanb <ganesanb@ami.com>
diff --git a/lib/certificate_utils.robot b/lib/certificate_utils.robot
index 9930aac..961178c 100755
--- a/lib/certificate_utils.robot
+++ b/lib/certificate_utils.robot
@@ -9,6 +9,7 @@
# Default wait sync time for certificate install and restart services.
${wait_time} 30
+${keybit_length} 2048
*** Keywords ***
@@ -85,7 +86,7 @@
Check If Openssl Tool Exist
- ${openssl_cmd}= Catenate openssl req -x509 -sha256 -newkey rsa:2048
+ ${openssl_cmd}= Catenate openssl req -x509 -sha256 -newkey rsa:${keybit_length}
... ${SPACE}-nodes -days ${time}
... ${SPACE}-keyout ${cert_dir_name}/cert.pem -out ${cert_dir_name}/cert.pem
... ${SPACE}-subj "/O=XYZ Corporation /CN=www.xyz.com"
diff --git a/redfish/dmtf_tools/test_redfishtool_certificate.robot b/redfish/dmtf_tools/test_redfishtool_certificate.robot
index 586a766..327d1f8 100644
--- a/redfish/dmtf_tools/test_redfishtool_certificate.robot
+++ b/redfish/dmtf_tools/test_redfishtool_certificate.robot
@@ -21,8 +21,8 @@
${root_cmd_args} = SEPARATOR=
... redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
-
${invalid_value} abc
+${keybit_length} 2048
*** Test Cases ***
@@ -158,10 +158,10 @@
[Template] Generate CSR Via Redfishtool
# csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
- Server RSA ${2048} ${EMPTY} ok
- Server EC ${EMPTY} prime256v1 ok
- Server EC ${EMPTY} secp521r1 ok
- Server EC ${EMPTY} secp384r1 ok
+ Server RSA ${keybit_length} ${EMPTY} ok
+ Server EC ${EMPTY} prime256v1 ok
+ Server EC ${EMPTY} secp521r1 ok
+ Server EC ${EMPTY} secp384r1 ok
Verify CSR Generation For Client Certificate Via Redfishtool
@@ -170,10 +170,10 @@
[Template] Generate CSR Via Redfishtool
# csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
- Client RSA ${2048} ${EMPTY} ok
- Client EC ${EMPTY} prime256v1 ok
- Client EC ${EMPTY} secp521r1 ok
- Client EC ${EMPTY} secp384r1 ok
+ Client RSA ${keybit_length} ${EMPTY} ok
+ Client EC ${EMPTY} prime256v1 ok
+ Client EC ${EMPTY} secp521r1 ok
+ Client EC ${EMPTY} secp384r1 ok
Verify CSR Generation For Server Certificate With Invalid Value Via Redfishtool
@@ -182,8 +182,8 @@
[Template] Generate CSR Via Redfishtool
# csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
- Server ${invalid_value} ${2048} prime256v1 error
- Server RAS ${invalid_value} ${EMPTY} error
+ Server ${invalid_value} ${keybit_length} prime256v1 error
+ Server RAS ${invalid_value} ${EMPTY} error
Verify CSR Generation For Client Certificate With Invalid Value Via Redfishtool
@@ -191,8 +191,8 @@
[Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value_Via_Redfishtool
[Template] Generate CSR Via Redfishtool
- Client ${invalid_value} ${2048} prime256v1 error
- Client RSA ${invalid_value} ${EMPTY} error
+ Client ${invalid_value} ${keybit_length} prime256v1 error
+ Client RSA ${invalid_value} ${EMPTY} error
*** Keywords ***
diff --git a/redfish/managers/test_certificate.robot b/redfish/managers/test_certificate.robot
index f8f06ff..dd2c6d4 100644
--- a/redfish/managers/test_certificate.robot
+++ b/redfish/managers/test_certificate.robot
@@ -18,7 +18,7 @@
${invalid_value} abc
${ROOT_CA_FILE_PATH} /etc/ssl/certs/authority/*
-
+${keybit_length} 2048
** Test Cases **
@@ -141,10 +141,10 @@
[Template] Generate CSR Via Redfish
# csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
- Server RSA ${2048} ${EMPTY} ok
- Server EC ${EMPTY} prime256v1 ok
- Server EC ${EMPTY} secp521r1 ok
- Server EC ${EMPTY} secp384r1 ok
+ Server RSA ${keybit_length} ${EMPTY} ok
+ Server EC ${EMPTY} prime256v1 ok
+ Server EC ${EMPTY} secp521r1 ok
+ Server EC ${EMPTY} secp384r1 ok
Verify CSR Generation For Client Certificate
@@ -153,10 +153,10 @@
[Template] Generate CSR Via Redfish
# csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
- Client RSA ${2048} ${EMPTY} ok
- Client EC ${EMPTY} prime256v1 ok
- Client EC ${EMPTY} secp521r1 ok
- Client EC ${EMPTY} secp384r1 ok
+ Client RSA ${keybit_length} ${EMPTY} ok
+ Client EC ${EMPTY} prime256v1 ok
+ Client EC ${EMPTY} secp521r1 ok
+ Client EC ${EMPTY} secp384r1 ok
Verify CSR Generation For Server Certificate With Invalid Value
@@ -165,9 +165,9 @@
[Template] Generate CSR Via Redfish
# csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
- Server ${invalid_value} ${2048} prime256v1 error
- Server RAS ${invalid_value} ${EMPTY} error
- Server EC ${EMPTY} ${invalid_value} error
+ Server ${invalid_value} ${keybit_length} prime256v1 error
+ Server RAS ${invalid_value} ${EMPTY} error
+ Server EC ${EMPTY} ${invalid_value} error
Verify CSR Generation For Client Certificate With Invalid Value
@@ -175,9 +175,9 @@
[Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value
[Template] Generate CSR Via Redfish
- Client ${invalid_value} ${2048} prime256v1 error
- Client RSA ${invalid_value} ${EMPTY} error
- Client EC ${EMPTY} ${invalid_value} error
+ Client ${invalid_value} ${keybit_length} prime256v1 error
+ Client RSA ${invalid_value} ${EMPTY} error
+ Client EC ${EMPTY} ${invalid_value} error
Verify Expired Certificate Install