Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 8d8ce965d925293c42c3c3a80e3ce09d87ca213e / . / redfish / dmtf_tools / test_redfishtool_certificate.robot
blob: e1c4dc16f275cd0bc563b66de6b129faeaf5cb04 [file] [log] [blame]
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]1*** Settings ***
2
3
4Documentation Suite to test certificate via DMTF redfishtool.
5
6Library OperatingSystem
7Library String
8Library Collections
9
10Resource ../../lib/resource.robot
11Resource ../../lib/bmc_redfish_resource.robot
12Resource ../../lib/openbmc_ffdc.robot
13Resource ../../lib/certificate_utils.robot
14
15
16Suite Setup Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} = SEPARATOR=
22... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27
28Verify Redfishtool Replace Server Certificate Valid CertKey
29 [Documentation] Verify replace server certificate.
30 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey
31
32 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok
33
34
35Verify Redfishtool Replace Client Certificate Valid CertKey
36 [Documentation] Verify replace client certificate.
37 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey
38
39 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok
40
41
42Verify Redfishtool Replace CA Certificate Valid Cert
43 [Documentation] Verify replace CA certificate.
44 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert
45
46 Verify Redfishtool Replace Certificate CA Valid Certificate ok
47
48
49Verify Redfishtool Client Certificate Install Valid CertKey
50 [Documentation] Verify client certificate installation.
51 [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey
52
53 Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok
54
55
56Verify Redfishtool CA Certificate Install Valid Cert
57 [Documentation] Verify CA Certificate installation.
58 [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert
59
60 Verify Redfishtool Install Certificate CA Valid Certificate ok
61
62
63Verify Redfishtool Replace Server Certificate Errors
64 [Documentation] Verify error while replacing invalid server certificate.
65 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors
66 [Template] Verify Redfishtool Replace Certificate
67
68 Server Empty Certificate Empty Privatekey error
69 Server Empty Certificate Valid Privatekey error
70 Server Valid Certificate Empty Privatekey error
71
72
73Verify Redfishtool Replace Client Certificate Errors
74 [Documentation] Verify error while replacing invalid client certificate.
75 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors
76 [Template] Verify Redfishtool Replace Certificate
77
78 Client Empty Certificate Empty Privatekey error
79 Client Empty Certificate Valid Privatekey error
80 Client Valid Certificate Empty Privatekey error
81
82
83Verify Redfishtool Replace CA Certificate Errors
84 [Documentation] Verify error while replacing invalid CA certificate.
85 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors
86 [Template] Verify Redfishtool Replace Certificate
87
88 CA Empty Certificate error
89
90
91Verify Redfishtool Client Certificate Install Errors
92 [Documentation] Verify error while installing invalid client certificate.
93 [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors
94 [Template] Verify Redfishtool Install Certificate
95
96 Client Empty Certificate Empty Privatekey error
97 Client Empty Certificate Valid Privatekey error
98 Client Valid Certificate Empty Privatekey error
99
100
101*** Keywords ***
102
103
104Is HTTP error Expected
105 [Documentation] Check if the HTTP error is expected.
106 [Arguments] ${cmd_output} ${error_expected}
107
108 # Description of argument(s):
109 # cmd_output Output of an HTTP operation.
110 # error_expected Expected error.
111
112 @{words} = Split String ${error_expected} ,
113 @{errorString}= Split String ${cmd_output} ${SPACE}
114 Should Contain Any ${errorString} @{words}
115
116
117Verify Redfishtool Install Certificate
118 [Documentation] Install and verify certificate using Redfishtool.
119 [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True}
120
121 # Description of argument(s):
122 # cert_type Certificate type (e.g. "Client" or "CA").
123 # cert_format Certificate file format
124 # expected_status Expected status of certificate install Redfishtool
125 # request (i.e. "ok" or "error").
126 # delete_cert Certificate will be deleted before installing if this True.
127
128 Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}'
129 ... Delete All CA Certificate Via Redfisthtool
130 ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}'
131 ... Redfishtool Delete Certificate Via BMC CLI ${cert_type}
132
133 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
134 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
135 ${file_data}= Decode Bytes To String ${bytes} UTF-8
136
137 ${certificate_uri}= Set Variable If
138 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
139 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
140
141 ${cert_id}= Redfishtool Install Certificate File On BMC
142 ... ${certificate_uri} ${expected_status} data=${file_data}
143 Logging Installed certificate id: ${cert_id}
144
145 # Adding delay after certificate installation.
146 Sleep 30s
147
148 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
149
150 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok'
151 ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString
152
153 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
154
155 [Return] ${cert_id}
156
157
158Delete All CA Certificate Via Redfisthtool
159 [Documentation] Delete all CA certificate via Redfish.
160
161 ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates
162 ${json_object}= To JSON ${cmd_output}
163 ${cert_list}= Set Variable ${json_object["Members"]}
164 FOR ${cert} IN @{cert_list}
165 Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} ${HTTP_NO_CONTENT}
166 END
167
168
169Redfishtool Delete Certificate Via BMC CLI
170 [Documentation] Delete certificate via BMC CLI.
171 [Arguments] ${cert_type}
172
173 # Description of argument(s):
174 # cert_type Certificate type (e.g. "Client" or "CA").
175
176 ${certificate_file_path} ${certificate_service} ${certificate_uri}=
177 ... Run Keyword If '${cert_type}' == 'Client'
178 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
179 ... ${REDFISH_LDAP_CERTIFICATE_URI}
180 ... ELSE IF '${cert_type}' == 'CA'
181 ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service
182 ... ${REDFISH_CA_CERTIFICATE_URI}
183
184 ${file_status} ${stderr} ${rc}= BMC Execute Command
185 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
186
187 Return From Keyword If "${file_status}" != "Found"
188 BMC Execute Command rm ${certificate_file_path}
189 BMC Execute Command systemctl restart ${certificate_service}
190 BMC Execute Command systemctl daemon-reload
191
192
193Redfishtool Install Certificate File On BMC
194 [Documentation] Install certificate file in BMC using POST operation.
195 [Arguments] ${uri} ${status}=ok &{kwargs}
196
197 # Description of argument(s):
198 # uri URI for installing certificate file via Redfishtool.
199 # e.g. "/redfish/v1/AccountService/LDAP/Certificates".
200 # status Expected status of certificate installation via Redfishtool.
201 # e.g. error, ok.
202 # kwargs A dictionary of keys/values to be passed directly to
203 # POST Request.
204
205 Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD}
206
207 ${headers}= Create Dictionary Content-Type=application/octet-stream
208 ... X-Auth-Token=${XAUTH_TOKEN}
209 Set To Dictionary ${kwargs} headers ${headers}
210
211 ${ret}= Post Request openbmc ${uri} &{kwargs}
212 ${content_json}= To JSON ${ret.content}
213 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1
214
215 Run Keyword If '${status}' == 'ok'
216 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
217 ... ELSE IF '${status}' == 'error'
218 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
219
220 Delete All Sessions
221
222 [Return] ${cert_id}
223
224
225Verify Redfishtool Replace Certificate
226 [Documentation] Verify replace server certificate.
227 [Arguments] ${cert_type} ${cert_format} ${expected_status}
228
229 # Description of argument(s):
230 # cert_type Certificate type (e.g. "Client", "Server" or "CA").
231 # cert_format Certificate file format
232 # (e.g. "Valid_Certificate_Valid_Privatekey").
233 # expected_status Expected status of certificate replace Redfishtool
234 # request (i.e. "ok" or "error").
235
236 # Install certificate before replacing client or CA certificate.
237 ${cert_id}= Run Keyword If '${cert_type}' == 'Client'
238 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok
239 ... ELSE IF '${cert_type}' == 'CA'
240 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok
241
242 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
243 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
244 ${file_data}= Decode Bytes To String ${bytes} UTF-8
245
246 ${certificate_uri}= Set Variable If
247 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1
248 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1
249 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id}
250
251 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
252 ${dict_objects}= Create Dictionary CertificateString=${file_data}
253 ... CertificateType=PEM CertificateUri=${certificate_dict}
254 ${string}= Convert To String ${dict_objects}
255 ${string}= Replace String ${string} ' "
256 ${payload}= Set Variable '${string}'
257
258 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
259 ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND}
260
261 ${response}= Redfishtool Post
262 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate expected_error=${expected_resp}
263
264 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
265 ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString
266
267 Run Keyword If '${expected_status}' == 'ok'
268 ... Should Contain ${cert_file_content} ${bmc_cert_content}
269 ... ELSE
270 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
271
272
273Redfishtool Get
274 [Documentation] Execute redfishtool for GET operation.
275 [Arguments] ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}=""
276
277 # Description of argument(s):
278 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
279 # cmd_args Commandline arguments.
280 # expected_error Expected error optionally provided in testcase (e.g. 401 /
281 # authentication error, etc. ).
282
283 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
284 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
285
286 [Return] ${cmd_output}
287
288
289Redfishtool GetAttribute
290 [Documentation] Execute redfishtool for GET operation.
291 [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}=""
292
293 # Description of argument(s):
294 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
295 # Attribute The specific attribute to be retrieved with the URI.
296 # cmd_args Commandline arguments.
297 # expected_error Expected error optionally provided in testcase (e.g. 401 /
298 # authentication error, etc. ).
299
300 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
301 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
302 ${json_object}= To JSON ${cmd_output}
303
304 [Return] ${json_object["CertificateString"]}
305
306
307Redfishtool Post
308 [Documentation] Execute redfishtool for Post operation.
309 [Arguments] ${payload} ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}=""
310
311 # Description of argument(s):
312 # payload Payload with POST operation (e.g. data for user name, password, role,
313 # enabled attribute)
314 # uri URI for POST operation (e.g. /redfish/v1/AccountService/Accounts/).
315 # cmd_args Commandline arguments.
316 # expected_error Expected error optionally provided in testcase (e.g. 401 /
317 # authentication error, etc. ).
318
319 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} POST ${uri} --data=${payload}
320 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
321
322 [Return] ${cmd_output}
323
324
325Redfishtool Delete
326 [Documentation] Execute redfishtool for Post operation.
327 [Arguments] ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}=""
328
329 # Description of argument(s):
330 # uri URI for DELETE operation.
331 # cmd_args Commandline arguments.
332 # expected_error Expected error optionally provided in testcase (e.g. 401 /
333 # authentication error, etc. ).
334
335 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} DELETE ${uri}
336 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
337
338 [Return] ${cmd_output}
339
340
341Suite Setup Execution
342 [Documentation] Do suite setup execution.
343
344 ${tool_exist}= Run which redfishtool
345 Should Not Be Empty ${tool_exist}
346
347 # Create certificate sub-directory in current working directory.
348 Create Directory certificate_dir