Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 479c9c59691dbf3dafc81c0e7c6d1fa59f9b8b72 / . / redfish / managers / test_certificate.robot
blob: ef6384e3dc2e94bd319cf77b8ecc71f2dd11d59e [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]1*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
8
9Suite Setup Suite Setup Execution
10Test Teardown Test Teardown Execution
11
12
13** Test Cases **
14
15Verify Server Certificate Replace
16 [Documentation] Verify server certificate replace.
17 [Tags] Verify_Server_Certificate_Replace
18 [Template] Replace Certificate Via Redfish
19
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]20 # cert_type cert_format expected_status
21 Server Valid Certificate Valid Privatekey ok
22 Server Empty Certificate Valid Privatekey error
23 Server Valid Certificate Empty Privatekey error
24 Server Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]25
26
27Verify Client Certificate Replace
28 [Documentation] Verify client certificate replace.
29 [Tags] Verify_Client_Certificate_Replace
30 [Template] Replace Certificate Via Redfish
31
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]32 # cert_type cert_format expected_status
33 Client Valid Certificate Valid Privatekey ok
34 Client Empty Certificate Valid Privatekey error
35 Client Valid Certificate Empty Privatekey error
36 Client Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]37
38
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]39Verify Client Certificate Install
40 [Documentation] Verify client certificate install.
41 [Tags] Verify_Client_Certificate_Install
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]42 [Template] Install And Verify Certificate Via Redfish
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]43
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]44 # cert_type cert_format expected_status
45 Client Valid Certificate Valid Privatekey ok
46 Client Empty Certificate Valid Privatekey error
47 Client Valid Certificate Empty Privatekey error
48 Client Empty Certificate Empty Privatekey error
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]49
50
Rahul Maheshwari479c9c52019-06-03 01:23:12 -0500[diff] [blame^]51Verify CA Certificate Install
52 [Documentation] Verify CA certificate install.
53 [Tags] Verify_CA_Certificate_Install
54 [Template] Install And Verify Certificate Via Redfish
55
56 # cert_type cert_format expected_status
57 CA Valid Certificate ok
58 CA Empty Certificate error
59
60
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]61Verify Server Certificate View Via Openssl
62 [Documentation] Verify server certificate via openssl command.
63 [Tags] Verify_Server_Certificate_View_Via_Openssl
64
65 redfish.Login
66
67 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
68 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
69
70 ${certificate_dict}= Create Dictionary
71 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
72 ${payload}= Create Dictionary CertificateString=${file_data}
73 ... CertificateType=PEM CertificateUri=${certificate_dict}
74
75 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
76 ... body=${payload}
77
78 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
79
80
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]81*** Keywords ***
82
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]83Install And Verify Certificate Via Redfish
84 [Documentation] Install and verify certificate using Redfish.
85 [Arguments] ${cert_type} ${cert_format} ${expected_status}
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]86
87 # Description of argument(s):
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]88 # cert_type Certificate type (e.g. "Client" or "CA").
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]89 # cert_format Certificate file format
90 # (e.g. "Valid_Certificate_Valid_Privatekey").
91 # expected_status Expected status of certificate replace Redfish
92 # request (i.e. "ok" or "error").
93
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]94 redfish.Login
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]95 Delete Certificate Via BMC CLI ${cert_type}
96
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]97 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
98 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
99 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
100
Rahul Maheshwari479c9c52019-06-03 01:23:12 -0500[diff] [blame^]101 ${certificate_uri}= Set Variable If
102 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
103 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
104
105 Install Certificate File On BMC ${certificate_uri} ${expected_status} data=${file_data}
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]106
107 # Adding delay after certificate installation.
108 Sleep 15s
109
110 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
111 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute
Rahul Maheshwari479c9c52019-06-03 01:23:12 -0500[diff] [blame^]112 ... ${certificate_uri}/1 CertificateString
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]113
114 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
115
116
Rahul Maheshwari479c9c52019-06-03 01:23:12 -0500[diff] [blame^]117Install Certificate File On BMC
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]118 [Documentation] Install certificate file in BMC using POST operation.
119 [Arguments] ${uri} ${status}=ok &{kwargs}
120
121 # Description of argument(s):
122 # uri URI for installing certificate file via REST
123 # e.g. "/xyz/openbmc_project/certs/server/https".
124 # status Expected status of certificate installation via REST
125 # e.g. error, ok.
126 # kwargs A dictionary of keys/values to be passed directly to
127 # POST Request.
128
129 Initialize OpenBMC quiet=${quiet}
130
131 ${headers}= Create Dictionary Content-Type=application/octet-stream
132 ... X-Auth-Token=${XAUTH_TOKEN}
133 Set To Dictionary ${kwargs} headers ${headers}
134
135 ${ret}= Post Request openbmc ${uri} &{kwargs}
136
137 Run Keyword If '${status}' == 'ok'
138 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
139 ... ELSE IF '${status}' == 'error'
140 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
141
142 Delete All Sessions
143
144
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]145Replace Certificate Via Redfish
146 [Documentation] Test 'replace certificate' operation in the BMC via Redfish.
147 [Arguments] ${cert_type} ${cert_format} ${expected_status}
148
149 # Description of argument(s):
150 # cert_type Certificate type (e.g. "Server" or "Client").
151 # cert_format Certificate file format
152 # (e.g. Valid_Certificate_Valid_Privatekey).
153 # expected_status Expected status of certificate replace Redfish
154 # request (i.e. "ok" or "error").
155
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]156 # Install client certificate before replacing client certificate.
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]157 Run Keyword If '${cert_type}' == 'Client' Install And Verify Certificate Via Redfish
158 ... ${cert_type} Valid Certificate Valid Privatekey ok
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]159
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]160 redfish.Login
161
162 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
163 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
164
165 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
166
167 ${certificate_uri}= Set Variable If '${cert_type}' == 'Server'
168 ... /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
169 ... /redfish/v1/AccountService/LDAP/Certificates/1
170
171 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
172 ${payload}= Create Dictionary CertificateString=${file_data}
173 ... CertificateType=PEM CertificateUri=${certificate_dict}
Rahul Maheshwari19e6e442019-06-03 00:22:45 -0500[diff] [blame]174
175 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
176 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]177 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
Rahul Maheshwari19e6e442019-06-03 00:22:45 -0500[diff] [blame]178 ... body=${payload} valid_status_codes=[${expected_resp}]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]179
180 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
181 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString
182
183 Run Keyword If '${expected_status}' == 'ok'
184 ... Should Contain ${cert_file_content} ${bmc_cert_content}
185 ... ELSE
186 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
187
188
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]189Verify Certificate Visible Via OpenSSL
190 [Documentation] Checks if given certificate is visible via openssl's showcert command.
191 [Arguments] ${cert_file_path}
192
193 # Description of argument(s):
194 # cert_file_path Certificate file path.
195
196 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
197 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
198 Should Contain ${cert_file_content} ${openssl_cert_content}
199
200
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]201Delete Certificate Via BMC CLI
202 [Documentation] Delete certificate via BMC CLI.
203 [Arguments] ${cert_type}
204
205 # Description of argument(s):
206 # cert_type Certificate type (e.g. "Client" or "CA").
207
208 ${certificate_file_path} ${certificate_service} ${certificate_uri}=
209 ... Run Keyword If '${cert_type}' == 'Client'
210 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
211 ... ${REDFISH_LDAP_CERTIFICATE_URI}
212 ... ELSE IF '${cert_type}' == 'CA'
213 ... Set Variable /etc/ssl/certs/Root-CA.pem phosphor-certificate-manager@authority.service
214 ... ${REDFISH_CA_CERTIFICATE_URI}
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]215
216 ${file_status} ${stderr} ${rc}= BMC Execute Command
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]217 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]218
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]219 Return From Keyword If "${file_status}" != "Found"
220 BMC Execute Command rm ${certificate_file_path}
221 BMC Execute Command systemctl restart ${certificate_service}
222 Wait Until Keyword Succeeds 1 min 10 sec
223 ... Redfish.Get ${certificate_uri}/1 valid_status_codes=[${HTTP_INTERNAL_SERVER_ERROR}]
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]224
225
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]226Suite Setup Execution
227 [Documentation] Do suite setup tasks.
228
229 # Create certificate sub-directory in current working directory.
230 Create Directory certificate_dir
231
232
233Test Teardown Execution
234 [Documentation] Do the post test teardown.
235
236 FFDC On Test Case Fail
237 redfish.Logout