Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 99a6205799ff51afc0366ff743d9f0eb6346a131 / . / redfish / dmtf_tools / test_redfishtool_certificate.robot
blob: 5ec843740688aaaf493734c24d111df60d7b29ae [file] [log] [blame]
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]1*** Settings ***
2
3
4Documentation Suite to test certificate via DMTF redfishtool.
5
6Library OperatingSystem
7Library String
8Library Collections
9
10Resource ../../lib/resource.robot
11Resource ../../lib/bmc_redfish_resource.robot
12Resource ../../lib/openbmc_ffdc.robot
13Resource ../../lib/certificate_utils.robot
manashsarma579d8252020-05-28 08:10:51 -0500[diff] [blame]14Resource ../../lib/dmtf_redfishtool_utils.robot
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]15
16Suite Setup Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} = SEPARATOR=
22... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27
28Verify Redfishtool Replace Server Certificate Valid CertKey
29 [Documentation] Verify replace server certificate.
30 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey
31
32 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok
33
34
35Verify Redfishtool Replace Client Certificate Valid CertKey
36 [Documentation] Verify replace client certificate.
37 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey
38
39 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok
40
41
42Verify Redfishtool Replace CA Certificate Valid Cert
43 [Documentation] Verify replace CA certificate.
44 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert
45
46 Verify Redfishtool Replace Certificate CA Valid Certificate ok
47
48
49Verify Redfishtool Client Certificate Install Valid CertKey
50 [Documentation] Verify client certificate installation.
51 [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey
52
53 Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok
54
55
56Verify Redfishtool CA Certificate Install Valid Cert
57 [Documentation] Verify CA Certificate installation.
58 [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert
59
60 Verify Redfishtool Install Certificate CA Valid Certificate ok
61
62
63Verify Redfishtool Replace Server Certificate Errors
64 [Documentation] Verify error while replacing invalid server certificate.
65 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors
66 [Template] Verify Redfishtool Replace Certificate
67
68 Server Empty Certificate Empty Privatekey error
69 Server Empty Certificate Valid Privatekey error
70 Server Valid Certificate Empty Privatekey error
71
72
73Verify Redfishtool Replace Client Certificate Errors
74 [Documentation] Verify error while replacing invalid client certificate.
75 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors
76 [Template] Verify Redfishtool Replace Certificate
77
78 Client Empty Certificate Empty Privatekey error
79 Client Empty Certificate Valid Privatekey error
80 Client Valid Certificate Empty Privatekey error
81
82
83Verify Redfishtool Replace CA Certificate Errors
84 [Documentation] Verify error while replacing invalid CA certificate.
85 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors
86 [Template] Verify Redfishtool Replace Certificate
87
88 CA Empty Certificate error
89
90
91Verify Redfishtool Client Certificate Install Errors
92 [Documentation] Verify error while installing invalid client certificate.
93 [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors
94 [Template] Verify Redfishtool Install Certificate
95
96 Client Empty Certificate Empty Privatekey error
97 Client Empty Certificate Valid Privatekey error
98 Client Valid Certificate Empty Privatekey error
99
100
101*** Keywords ***
102
103
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]104Verify Redfishtool Install Certificate
105 [Documentation] Install and verify certificate using Redfishtool.
106 [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True}
107
108 # Description of argument(s):
109 # cert_type Certificate type (e.g. "Client" or "CA").
110 # cert_format Certificate file format
111 # expected_status Expected status of certificate install Redfishtool
112 # request (i.e. "ok" or "error").
113 # delete_cert Certificate will be deleted before installing if this True.
114
115 Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}'
116 ... Delete All CA Certificate Via Redfisthtool
117 ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}'
118 ... Redfishtool Delete Certificate Via BMC CLI ${cert_type}
119
120 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
121 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
122 ${file_data}= Decode Bytes To String ${bytes} UTF-8
123
124 ${certificate_uri}= Set Variable If
125 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
126 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
127
128 ${cert_id}= Redfishtool Install Certificate File On BMC
129 ... ${certificate_uri} ${expected_status} data=${file_data}
130 Logging Installed certificate id: ${cert_id}
131
132 # Adding delay after certificate installation.
133 Sleep 30s
134
135 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
136
137 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok'
138 ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString
139
140 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
141
142 [Return] ${cert_id}
143
144
145Delete All CA Certificate Via Redfisthtool
146 [Documentation] Delete all CA certificate via Redfish.
147
148 ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates
149 ${json_object}= To JSON ${cmd_output}
150 ${cert_list}= Set Variable ${json_object["Members"]}
151 FOR ${cert} IN @{cert_list}
manashsarma579d8252020-05-28 08:10:51 -0500[diff] [blame]152 Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args}
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]153 END
154
155
156Redfishtool Delete Certificate Via BMC CLI
157 [Documentation] Delete certificate via BMC CLI.
158 [Arguments] ${cert_type}
159
160 # Description of argument(s):
161 # cert_type Certificate type (e.g. "Client" or "CA").
162
163 ${certificate_file_path} ${certificate_service} ${certificate_uri}=
164 ... Run Keyword If '${cert_type}' == 'Client'
165 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
166 ... ${REDFISH_LDAP_CERTIFICATE_URI}
167 ... ELSE IF '${cert_type}' == 'CA'
168 ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service
169 ... ${REDFISH_CA_CERTIFICATE_URI}
170
171 ${file_status} ${stderr} ${rc}= BMC Execute Command
172 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
173
174 Return From Keyword If "${file_status}" != "Found"
175 BMC Execute Command rm ${certificate_file_path}
176 BMC Execute Command systemctl restart ${certificate_service}
177 BMC Execute Command systemctl daemon-reload
178
179
180Redfishtool Install Certificate File On BMC
181 [Documentation] Install certificate file in BMC using POST operation.
182 [Arguments] ${uri} ${status}=ok &{kwargs}
183
184 # Description of argument(s):
185 # uri URI for installing certificate file via Redfishtool.
186 # e.g. "/redfish/v1/AccountService/LDAP/Certificates".
187 # status Expected status of certificate installation via Redfishtool.
188 # e.g. error, ok.
189 # kwargs A dictionary of keys/values to be passed directly to
190 # POST Request.
191
192 Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD}
193
194 ${headers}= Create Dictionary Content-Type=application/octet-stream
195 ... X-Auth-Token=${XAUTH_TOKEN}
196 Set To Dictionary ${kwargs} headers ${headers}
197
198 ${ret}= Post Request openbmc ${uri} &{kwargs}
199 ${content_json}= To JSON ${ret.content}
200 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1
201
202 Run Keyword If '${status}' == 'ok'
203 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
204 ... ELSE IF '${status}' == 'error'
205 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
206
207 Delete All Sessions
208
209 [Return] ${cert_id}
210
211
212Verify Redfishtool Replace Certificate
213 [Documentation] Verify replace server certificate.
214 [Arguments] ${cert_type} ${cert_format} ${expected_status}
215
216 # Description of argument(s):
217 # cert_type Certificate type (e.g. "Client", "Server" or "CA").
218 # cert_format Certificate file format
219 # (e.g. "Valid_Certificate_Valid_Privatekey").
220 # expected_status Expected status of certificate replace Redfishtool
221 # request (i.e. "ok" or "error").
222
223 # Install certificate before replacing client or CA certificate.
224 ${cert_id}= Run Keyword If '${cert_type}' == 'Client'
225 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok
226 ... ELSE IF '${cert_type}' == 'CA'
227 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok
228
229 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
230 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
231 ${file_data}= Decode Bytes To String ${bytes} UTF-8
232
233 ${certificate_uri}= Set Variable If
234 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1
235 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1
236 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id}
237
238 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
239 ${dict_objects}= Create Dictionary CertificateString=${file_data}
240 ... CertificateType=PEM CertificateUri=${certificate_dict}
241 ${string}= Convert To String ${dict_objects}
242 ${string}= Replace String ${string} ' "
243 ${payload}= Set Variable '${string}'
244
245 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
246 ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND}
247
248 ${response}= Redfishtool Post
249 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate expected_error=${expected_resp}
250
251 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
252 ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString
253
254 Run Keyword If '${expected_status}' == 'ok'
255 ... Should Contain ${cert_file_content} ${bmc_cert_content}
256 ... ELSE
257 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
258
259
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]260Redfishtool GetAttribute
261 [Documentation] Execute redfishtool for GET operation.
262 [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}=""
263
264 # Description of argument(s):
265 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
266 # Attribute The specific attribute to be retrieved with the URI.
267 # cmd_args Commandline arguments.
268 # expected_error Expected error optionally provided in testcase (e.g. 401 /
269 # authentication error, etc. ).
270
271 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
272 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
273 ${json_object}= To JSON ${cmd_output}
274
275 [Return] ${json_object["CertificateString"]}
276
277
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]278Suite Setup Execution
279 [Documentation] Do suite setup execution.
280
281 ${tool_exist}= Run which redfishtool
282 Should Not Be Empty ${tool_exist}
283
284 # Create certificate sub-directory in current working directory.
285 Create Directory certificate_dir