Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 3ecd1a6875257ffff245d27bf70d98d7681b7ba4 / . / redfish / managers / test_certificate.robot
blob: d6c0cec222f37a2759955939fb6ea1024995d5fc [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]1*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
8
9Suite Setup Suite Setup Execution
10Test Teardown Test Teardown Execution
11
12
13** Test Cases **
14
15Verify Server Certificate Replace
16 [Documentation] Verify server certificate replace.
17 [Tags] Verify_Server_Certificate_Replace
18 [Template] Replace Certificate Via Redfish
19
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]20 # cert_type cert_format expected_status
21 Server Valid Certificate Valid Privatekey ok
22 Server Empty Certificate Valid Privatekey error
23 Server Valid Certificate Empty Privatekey error
24 Server Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]25
26
27Verify Client Certificate Replace
28 [Documentation] Verify client certificate replace.
29 [Tags] Verify_Client_Certificate_Replace
30 [Template] Replace Certificate Via Redfish
31
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]32 # cert_type cert_format expected_status
33 Client Valid Certificate Valid Privatekey ok
34 Client Empty Certificate Valid Privatekey error
35 Client Valid Certificate Empty Privatekey error
36 Client Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]37
38
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]39Verify Client Certificate Install
40 [Documentation] Verify client certificate install.
41 [Tags] Verify_Client_Certificate_Install
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]42 [Template] Install And Verify Certificate Via Redfish
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]43
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]44 # cert_type cert_format expected_status
45 Client Valid Certificate Valid Privatekey ok
46 Client Empty Certificate Valid Privatekey error
47 Client Valid Certificate Empty Privatekey error
48 Client Empty Certificate Empty Privatekey error
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]49
50
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]51Verify Server Certificate View Via Openssl
52 [Documentation] Verify server certificate via openssl command.
53 [Tags] Verify_Server_Certificate_View_Via_Openssl
54
55 redfish.Login
56
57 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
58 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
59
60 ${certificate_dict}= Create Dictionary
61 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
62 ${payload}= Create Dictionary CertificateString=${file_data}
63 ... CertificateType=PEM CertificateUri=${certificate_dict}
64
65 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
66 ... body=${payload}
67
68 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
69
70
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]71*** Keywords ***
72
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]73Install And Verify Certificate Via Redfish
74 [Documentation] Install and verify certificate using Redfish.
75 [Arguments] ${cert_type} ${cert_format} ${expected_status}
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]76
77 # Description of argument(s):
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]78 # cert_type Certificate type (e.g. "Client" or "CA").
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]79 # cert_format Certificate file format
80 # (e.g. "Valid_Certificate_Valid_Privatekey").
81 # expected_status Expected status of certificate replace Redfish
82 # request (i.e. "ok" or "error").
83
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]84 redfish.Login
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]85 Delete Certificate Via BMC CLI ${cert_type}
86
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]87 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
88 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
89 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
90
91 Install Client Certificate File On BMC ${REDFISH_LDAP_CERTIFICATE_URI}
92 ... ${expected_status} data=${file_data}
93
94 # Adding delay after certificate installation.
95 Sleep 15s
96
97 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
98 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute
99 ... ${REDFISH_LDAP_CERTIFICATE_URI}/1 CertificateString
100
101 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
102
103
104Install Client Certificate File On BMC
105 [Documentation] Install certificate file in BMC using POST operation.
106 [Arguments] ${uri} ${status}=ok &{kwargs}
107
108 # Description of argument(s):
109 # uri URI for installing certificate file via REST
110 # e.g. "/xyz/openbmc_project/certs/server/https".
111 # status Expected status of certificate installation via REST
112 # e.g. error, ok.
113 # kwargs A dictionary of keys/values to be passed directly to
114 # POST Request.
115
116 Initialize OpenBMC quiet=${quiet}
117
118 ${headers}= Create Dictionary Content-Type=application/octet-stream
119 ... X-Auth-Token=${XAUTH_TOKEN}
120 Set To Dictionary ${kwargs} headers ${headers}
121
122 ${ret}= Post Request openbmc ${uri} &{kwargs}
123
124 Run Keyword If '${status}' == 'ok'
125 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
126 ... ELSE IF '${status}' == 'error'
127 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
128
129 Delete All Sessions
130
131
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]132Replace Certificate Via Redfish
133 [Documentation] Test 'replace certificate' operation in the BMC via Redfish.
134 [Arguments] ${cert_type} ${cert_format} ${expected_status}
135
136 # Description of argument(s):
137 # cert_type Certificate type (e.g. "Server" or "Client").
138 # cert_format Certificate file format
139 # (e.g. Valid_Certificate_Valid_Privatekey).
140 # expected_status Expected status of certificate replace Redfish
141 # request (i.e. "ok" or "error").
142
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]143 # Install client certificate before replacing client certificate.
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]144 Run Keyword If '${cert_type}' == 'Client' Install And Verify Certificate Via Redfish
145 ... ${cert_type} Valid Certificate Valid Privatekey ok
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]146
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]147 redfish.Login
148
149 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
150 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
151
152 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
153
154 ${certificate_uri}= Set Variable If '${cert_type}' == 'Server'
155 ... /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
156 ... /redfish/v1/AccountService/LDAP/Certificates/1
157
158 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
159 ${payload}= Create Dictionary CertificateString=${file_data}
160 ... CertificateType=PEM CertificateUri=${certificate_dict}
Rahul Maheshwari19e6e442019-06-03 00:22:45 -0500[diff] [blame]161
162 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
163 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]164 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
Rahul Maheshwari19e6e442019-06-03 00:22:45 -0500[diff] [blame]165 ... body=${payload} valid_status_codes=[${expected_resp}]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]166
167 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
168 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString
169
170 Run Keyword If '${expected_status}' == 'ok'
171 ... Should Contain ${cert_file_content} ${bmc_cert_content}
172 ... ELSE
173 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
174
175
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]176Verify Certificate Visible Via OpenSSL
177 [Documentation] Checks if given certificate is visible via openssl's showcert command.
178 [Arguments] ${cert_file_path}
179
180 # Description of argument(s):
181 # cert_file_path Certificate file path.
182
183 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
184 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
185 Should Contain ${cert_file_content} ${openssl_cert_content}
186
187
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]188Delete Certificate Via BMC CLI
189 [Documentation] Delete certificate via BMC CLI.
190 [Arguments] ${cert_type}
191
192 # Description of argument(s):
193 # cert_type Certificate type (e.g. "Client" or "CA").
194
195 ${certificate_file_path} ${certificate_service} ${certificate_uri}=
196 ... Run Keyword If '${cert_type}' == 'Client'
197 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
198 ... ${REDFISH_LDAP_CERTIFICATE_URI}
199 ... ELSE IF '${cert_type}' == 'CA'
200 ... Set Variable /etc/ssl/certs/Root-CA.pem phosphor-certificate-manager@authority.service
201 ... ${REDFISH_CA_CERTIFICATE_URI}
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]202
203 ${file_status} ${stderr} ${rc}= BMC Execute Command
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]204 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]205
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame^]206 Return From Keyword If "${file_status}" != "Found"
207 BMC Execute Command rm ${certificate_file_path}
208 BMC Execute Command systemctl restart ${certificate_service}
209 Wait Until Keyword Succeeds 1 min 10 sec
210 ... Redfish.Get ${certificate_uri}/1 valid_status_codes=[${HTTP_INTERNAL_SERVER_ERROR}]
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]211
212
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]213Suite Setup Execution
214 [Documentation] Do suite setup tasks.
215
216 # Create certificate sub-directory in current working directory.
217 Create Directory certificate_dir
218
219
220Test Teardown Execution
221 [Documentation] Do the post test teardown.
222
223 FFDC On Test Case Fail
224 redfish.Logout