blob: 921d5797b8720114a161c9a0eb717ff1abd82b1e [file] [log] [blame]
manashsarmab7af8172020-07-16 05:05:44 -05001*** Settings ***
2
3Documentation VMI certificate exchange tests.
4
5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
8Resource ../../lib/bmc_redfish_utils.robot
9Resource ../../lib/utils.robot
10
11Suite Setup Suite Setup Execution
12Test Teardown FFDC On Test Case Fail
13Suite Teardown Suite Teardown Execution
14
15
16*** Variables ***
17
18# users User Name password
19@{ADMIN} admin_user TestPwd123
20@{OPERATOR} operator_user TestPwd123
Prashanth Katti7ee28252020-09-17 01:55:17 -050021@{ReadOnly} readonly_user TestPwd123
22@{NoAccess} noaccess_user TestPwd123
23&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly}
24... NoAccess=${NoAccess}
manashsarmab7af8172020-07-16 05:05:44 -050025${VMI_BASE_URI} /ibm/v1/
26${CSR_FILE} csr_server.csr
27${CSR_KEY} csr_server.key
28
29*** Test Cases ***
30
31Get CSR Request Signed By VMI And Verify
32 [Documentation] Get CSR request signed by VMI using different user roles and verify.
33 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify
Prashanth Katti7ee28252020-09-17 01:55:17 -050034 [Setup] Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -050035 [Template] Get Certificate Signed By VMI
36
37 # username password force_create valid_csr valid_status_code
38 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
Prashanth Katti7ee28252020-09-17 01:55:17 -050039
40 # Send CSR request from operator user.
manashsarmab7af8172020-07-16 05:05:44 -050041 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
42
Prashanth Katti7ee28252020-09-17 01:55:17 -050043 # Send CSR request from ReadOnly user.
44 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
45
46 # Send CSR request from NoAccess user.
47 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
48
manashsarmab7af8172020-07-16 05:05:44 -050049
50Get Root Certificate Using Different Privilege Users Roles
51 [Documentation] Get root certificate using different users.
52 [Tags] Get_Root_Certificate_Using_Different_Users
Prashanth Katti7ee28252020-09-17 01:55:17 -050053 [Setup] Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -050054 [Template] Get Root Certificate
55
56 # username password force_create valid_csr valid_status_code
Prashanth Katti7ee28252020-09-17 01:55:17 -050057 # Request root certificate from admin user.
manashsarmab7af8172020-07-16 05:05:44 -050058 admin_user TestPwd123 ${True} ${True} ${HTTP_OK}
Prashanth Katti7ee28252020-09-17 01:55:17 -050059
60 # Request root certificate from operator user.
manashsarmab7af8172020-07-16 05:05:44 -050061 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
62
Prashanth Katti7ee28252020-09-17 01:55:17 -050063 # Request root certificate from ReadOnly user.
64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
65
66 # Request root certificate from NoAccess user.
67 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
68
69
70Send CSR Request When VMI Is Off And Verify
71 [Documentation] Send CSR signing request to VMI when it is off and expect an error.
72 [Tags] Get_CSR_Request_When_VMI_Is_Off_And_verify
73 [Setup] Redfish Power Off
74 [Template] Get Certificate Signed By VMI
75
76 # username password force_create valid_csr valid_status_code
77 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
78
79 # Send CSR request from operator user.
80 operator_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
81
82 # Send CSR request from ReadOnly user.
83 readonly_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
84
85 # Send CSR request from NoAccess user.
86 noaccess_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
87
manashsarmab7af8172020-07-16 05:05:44 -050088
89*** Keywords ***
90
91Generate CSR String
92 [Documentation] Generate a csr string.
93
94 # Note: Generates and returns csr string.
95 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
96 ${ssl_sub}= Set Variable
97 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
98
99 # Run openssl command to create a new private key and use that to generate a CSR string
100 # in server.csr file.
101 ${output}= Run ${ssl_cmd} ${ssl_sub}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500102 ${csr}= OperatingSystem.Get File ${CSR_FILE}
manashsarmab7af8172020-07-16 05:05:44 -0500103
104 [Return] ${csr}
105
106
107Send CSR To VMI And Get Signed
108 [Arguments] ${csr} ${force_create} ${username} ${password}
109
110 # Description of argument(s):
111 # csr Certificate request from client to VMI.
112 # force_create Create a new REST session if True.
113 # username Username to create a REST session.
114 # password Password to create a REST session.
115
116 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
117 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
118
119 ${data}= Create Dictionary
120 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
121 ... Content-Type=application/json
122
123 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR
124
125 # For SignCSR request, we need to pass CSR string generated by openssl command.
126 ${csr_data}= Create Dictionary CsrString ${csr}
127 Set To Dictionary ${data} data ${csr_data}
128
129 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers}
130
131 [Return] ${resp}
132
133
134Get Root Certificate
135 [Documentation] Get root certificate from VMI.
136 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
137 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
138
139 # Description of argument(s):
140 # cert_type Type of the certificate requesting. eg. root or SignCSR.
141 # username Username to create a REST session.
142 # password Password to create a REST session.
143 # force_create Create a new REST session if True.
144 # valid_csr Uses valid CSR string in the REST request if True.
145 # This is not applicable for root certificate.
146 # valid_status_code Expected status code from REST request.
147
148 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
149 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
150
151 ${data}= Create Dictionary
152 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
153 ... Content-Type=application/json
154
155 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root
156
157 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers}
158
159 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
160 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
161
162 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
163 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
164 Should Contain ${cert["Certificate"]} END CERTIFICATE
165
166
167Get Subject
168 [Documentation] Generate a csr string.
169 [Arguments] ${file_name} ${is_csr_file}
170
171 # Description of argument(s):
172 # file_name Name of CSR or signed CERT file.
173 # is_csr_file A True value means a CSR while a False is for signed CERT file.
174
175 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject:
176 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject:
177
178 [Return] ${subject}
179
180
181Get Public Key
182 [Documentation] Generate a csr string.
183 [Arguments] ${file_name} ${is_csr_file}
184
185 # Description of argument(s):
186 # file_name Name of CSR or CERT file.
187 # is_csr_file A True value means a CSR while a False is for signed CERT file.
188
189 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey
190 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey
191
192 [Return] ${PublicKey}
193
194
195Get Certificate Signed By VMI
196 [Documentation] Get signed certificate from VMI.
197 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
198 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
199
200 # Description of argument(s):
201 # cert_type Type of the certificate requesting. eg. root or SignCSR.
202 # username Username to create a REST session.
203 # password Password to create a REST session.
204 # force_create Create a new REST session if True.
205 # valid_csr Uses valid CSR string in the REST request if True.
206 # This is not applicable for root certificate.
207 # valid_status_code Expected status code from REST request.
208
209 Set Test Variable ${CSR} CSR
210 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR
211
212 ${CSR}= Generate CSR String
213
214 # For SignCSR request, we need to pass CSR string generated by openssl command
215 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR}
216
217 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password}
218
219 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
220 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
221
222 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
223 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
224 Should Contain ${cert["Certificate"]} END CERTIFICATE
225
226 # Now do subject and public key verification
227 ${subject_csr}= Get Subject ${CSR_FILE} True
228 ${pubKey_csr}= Get Public Key ${CSR_FILE} True
229
230 # create a crt file with certificate string
231 ${signed_cert}= Set Variable ${cert["Certificate"]}
232
233 Create File test_certificate.crt ${signed_cert}
234 ${subject_signed_csr}= Get Subject test_certificate.crt False
235 ${pubKey_signed_csr}= Get Public Key test_certificate.crt False
236
237 Should be equal as strings ${subject_signed_csr} ${subject_csr}
238 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr}
239
240
241Suite Setup Execution
242 [Documentation] Suite setup execution.
243
244 # Create different user accounts.
245 Redfish.Login
246 Create Users With Different Roles users=${USERS} force=${True}
247
248
249Suite Teardown Execution
250 [Documentation] Suite teardown execution.
251
252 Delete BMC Users Via Redfish users=${USERS}
253 Delete All Sessions
254 Redfish.Logout