Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 9358b5cd7d9ad9983a8b5f374355c8bb83b1599e / . / redfish / managers / test_certificate.robot
blob: 54969ccc3caa0062011c9d338b8af58df9478996 [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]1*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
8
9Suite Setup Suite Setup Execution
10Test Teardown Test Teardown Execution
11
12
13** Test Cases **
14
15Verify Server Certificate Replace
16 [Documentation] Verify server certificate replace.
17 [Tags] Verify_Server_Certificate_Replace
18 [Template] Replace Certificate Via Redfish
19
20 # cert_type cert_format expected_status
21 Server Valid Certificate Valid Privatekey ok
22 Server Empty Certificate Valid Privatekey error
23 Server Valid Certificate Empty Privatekey error
24 Server Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]25
26
27Verify Client Certificate Replace
28 [Documentation] Verify client certificate replace.
29 [Tags] Verify_Client_Certificate_Replace
30 [Template] Replace Certificate Via Redfish
31
32 # cert_type cert_format expected_status
33 Client Valid Certificate Valid Privatekey ok
34 Client Empty Certificate Valid Privatekey error
35 Client Valid Certificate Empty Privatekey error
36 Client Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]37
38
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]39Verify Client Certificate Install
40 [Documentation] Verify client certificate install.
41 [Tags] Verify_Client_Certificate_Install
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]42 [Template] Install And Verify Client Certificate Via Redfish
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]43
44 # cert_format expected_status
45 Valid Certificate Valid Privatekey ok
46 Empty Certificate Valid Privatekey error
47 Valid Certificate Empty Privatekey error
48 Empty Certificate Empty Privatekey error
49
50
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]51Verify Server Certificate View Via Openssl
52 [Documentation] Verify server certificate via openssl command.
53 [Tags] Verify_Server_Certificate_View_Via_Openssl
54
55 redfish.Login
56
57 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
58 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
59
60 ${certificate_dict}= Create Dictionary
61 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
62 ${payload}= Create Dictionary CertificateString=${file_data}
63 ... CertificateType=PEM CertificateUri=${certificate_dict}
64
65 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
66 ... body=${payload}
67
68 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
69
70
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]71*** Keywords ***
72
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]73Install And Verify Client Certificate Via Redfish
74 [Documentation] Install and verify client certificate using Redfish.
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]75 [Arguments] ${cert_format} ${expected_status}
76
77 # Description of argument(s):
78 # cert_format Certificate file format
79 # (e.g. "Valid_Certificate_Valid_Privatekey").
80 # expected_status Expected status of certificate replace Redfish
81 # request (i.e. "ok" or "error").
82
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]83 Delete Client Certificate Via BMC CLI
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]84 # Adding delay after certificate deletion.
85 Sleep 15s
86
87 redfish.Login
88 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
89 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
90 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
91
92 Install Client Certificate File On BMC ${REDFISH_LDAP_CERTIFICATE_URI}
93 ... ${expected_status} data=${file_data}
94
95 # Adding delay after certificate installation.
96 Sleep 15s
97
98 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
99 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute
100 ... ${REDFISH_LDAP_CERTIFICATE_URI}/1 CertificateString
101
102 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
103
104
105Install Client Certificate File On BMC
106 [Documentation] Install certificate file in BMC using POST operation.
107 [Arguments] ${uri} ${status}=ok &{kwargs}
108
109 # Description of argument(s):
110 # uri URI for installing certificate file via REST
111 # e.g. "/xyz/openbmc_project/certs/server/https".
112 # status Expected status of certificate installation via REST
113 # e.g. error, ok.
114 # kwargs A dictionary of keys/values to be passed directly to
115 # POST Request.
116
117 Initialize OpenBMC quiet=${quiet}
118
119 ${headers}= Create Dictionary Content-Type=application/octet-stream
120 ... X-Auth-Token=${XAUTH_TOKEN}
121 Set To Dictionary ${kwargs} headers ${headers}
122
123 ${ret}= Post Request openbmc ${uri} &{kwargs}
124
125 Run Keyword If '${status}' == 'ok'
126 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
127 ... ELSE IF '${status}' == 'error'
128 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
129
130 Delete All Sessions
131
132
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]133Replace Certificate Via Redfish
134 [Documentation] Test 'replace certificate' operation in the BMC via Redfish.
135 [Arguments] ${cert_type} ${cert_format} ${expected_status}
136
137 # Description of argument(s):
138 # cert_type Certificate type (e.g. "Server" or "Client").
139 # cert_format Certificate file format
140 # (e.g. Valid_Certificate_Valid_Privatekey).
141 # expected_status Expected status of certificate replace Redfish
142 # request (i.e. "ok" or "error").
143
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]144 # Install client certificate before replacing client certificate.
145 Run Keyword If '${cert_type}' == 'Client' Install And Verify Client Certificate Via Redfish
146 ... Valid Certificate Valid Privatekey ok
147
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]148 redfish.Login
149
150 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
151 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
152
153 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
154
155 ${certificate_uri}= Set Variable If '${cert_type}' == 'Server'
156 ... /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
157 ... /redfish/v1/AccountService/LDAP/Certificates/1
158
159 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
160 ${payload}= Create Dictionary CertificateString=${file_data}
161 ... CertificateType=PEM CertificateUri=${certificate_dict}
Rahul Maheshwari19e6e442019-06-03 00:22:45 -0500[diff] [blame]162
163 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
164 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]165 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
Rahul Maheshwari19e6e442019-06-03 00:22:45 -0500[diff] [blame]166 ... body=${payload} valid_status_codes=[${expected_resp}]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]167
168 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
169 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString
170
171 Run Keyword If '${expected_status}' == 'ok'
172 ... Should Contain ${cert_file_content} ${bmc_cert_content}
173 ... ELSE
174 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
175
176
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]177Verify Certificate Visible Via OpenSSL
178 [Documentation] Checks if given certificate is visible via openssl's showcert command.
179 [Arguments] ${cert_file_path}
180
181 # Description of argument(s):
182 # cert_file_path Certificate file path.
183
184 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
185 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
186 Should Contain ${cert_file_content} ${openssl_cert_content}
187
188
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]189Delete Client Certificate Via BMC CLI
190 [Documentation] Delete client certificate via BMC CLI.
191
192 ${file_status} ${stderr} ${rc}= BMC Execute Command
193 ... [ -f /etc/nslcd/certs/cert.pem ] && echo "Found" || echo "Not Found"
194
195 Run Keyword If "${file_status}" == "Found"
196 ... Run Keywords BMC Execute Command rm /etc/nslcd/certs/cert.pem AND
197 ... BMC Execute Command systemctl restart phosphor-certificate-manager@nslcd.service
198
199
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]200Suite Setup Execution
201 [Documentation] Do suite setup tasks.
202
203 # Create certificate sub-directory in current working directory.
204 Create Directory certificate_dir
205
206
207Test Teardown Execution
208 [Documentation] Do the post test teardown.
209
210 FFDC On Test Case Fail
211 redfish.Logout