Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 9d67d266cb9f924b1065a1e286c6b770b6d519fa / . / lib / certificate_utils.robot
blob: 895ca646a842eeded85c8fc8a44d96e318f9e1ae [file] [log] [blame]
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]1*** Settings ***
2Documentation Certificate utilities keywords.
3
4Library OperatingSystem
5Resource rest_client.robot
Sandhya Somashekar839a0c22019-01-31 05:05:43 -0600[diff] [blame]6Resource resource.robot
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]7
8
9*** Keywords ***
10
11Install Certificate File On BMC
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]12 [Documentation] Install certificate file in BMC using POST operation.
13 [Arguments] ${uri} ${status}=ok &{kwargs}
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]14
15 # Description of argument(s):
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]16 # uri URI for installing certificate file via Redfish
17 # e.g. "/redfish/v1/AccountService/LDAP/Certificates".
18 # status Expected status of certificate installation via Redfish
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]19 # e.g. error, ok.
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]20 # kwargs A dictionary of keys/values to be passed directly to
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]21 # POST Request.
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]22
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]23 Initialize OpenBMC
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]24
25 ${headers}= Create Dictionary Content-Type=application/octet-stream
Sridevi Ramesheadeef02019-01-17 08:56:18 -0600[diff] [blame]26 ... X-Auth-Token=${XAUTH_TOKEN}
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]27 Set To Dictionary ${kwargs} headers ${headers}
28
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]29 ${ret}= Post Request openbmc ${uri} &{kwargs}
30 ${content_json}= To JSON ${ret.content}
31 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]32
33 Run Keyword If '${status}' == 'ok'
34 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
35 ... ELSE IF '${status}' == 'error'
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]36 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]37
38 Delete All Sessions
39
Rahul Maheshwari6a849ad2020-02-26 03:31:19 -0600[diff] [blame]40 [Return] ${cert_id}
41
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]42
43Get Certificate Content From BMC Via Openssl
44 [Documentation] Get certificate content from BMC via openssl.
45
46 Check If Openssl Tool Exist
47
48 ${openssl_cmd}= Catenate
Anusha Dathatrid334bdf2020-06-10 04:19:07 -0500[diff] [blame]49 ... timeout 10 openssl s_client -connect ${OPENBMC_HOST}:${HTTPS_PORT} -showcerts
Rahul Maheshwari2a848cf2019-05-31 09:46:22 -0500[diff] [blame]50 ${output}= Run ${openssl_cmd}
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]51
52 ${result}= Fetch From Left
53 ... ${output} -----END CERTIFICATE-----
54 ${result}= Fetch From Right ${result} -----BEGIN CERTIFICATE-----
55 [Return] ${result}
56
57
Rahul Maheshwari081eadb2018-10-26 03:11:10 -0500[diff] [blame]58Get Certificate File Content From BMC
59 [Documentation] Get required certificate file content from BMC.
60 [Arguments] ${cert_type}=Client
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]61
Rahul Maheshwari081eadb2018-10-26 03:11:10 -0500[diff] [blame]62 # Description of argument(s):
63 # cert_type Certificate type (e.g. "Client" or "CA").
64
65 ${certificate} ${stderr} ${rc}= Run Keyword If '${cert_type}' == 'Client'
66 ... BMC Execute Command cat /etc/nslcd/certs/cert.pem
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]67
68 [Return] ${certificate}
69
70
71Generate Certificate File Via Openssl
72 [Documentation] Create certificate file via openssl with required content
73 ... and returns its path.
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]74 [Arguments] ${cert_format} ${time}=365 ${cert_dir_name}=certificate_dir
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]75
76 # Description of argument(s):
77 # cert_format Certificate file format
78 # e.g. Valid_Certificate_Empty_Privatekey.
79 # time Number of days to certify the certificate for.
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]80 # cert_dir_name The name of the sub-directory where the certificate
81 # is stored.
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]82
83 Check If Openssl Tool Exist
84
85 ${openssl_cmd}= Catenate openssl req -x509 -sha256 -newkey rsa:2048
86 ... ${SPACE}-nodes -days ${time}
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]87 ... ${SPACE}-keyout ${cert_dir_name}/cert.pem -out ${cert_dir_name}/cert.pem
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]88 ... ${SPACE}-subj "/O=XYZ Corporation /CN=www.xyz.com"
89
90 ${rc} ${output}= Run And Return RC and Output ${openssl_cmd}
91 Should Be Equal ${rc} ${0} msg=${output}
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]92 OperatingSystem.File Should Exist
93 ... ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]94
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]95 ${file_content}= OperatingSystem.Get File
96 ... ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]97 ${result}= Fetch From Left ${file_content} -----END CERTIFICATE-----
98 ${cert_content}= Fetch From Right ${result} -----BEGIN CERTIFICATE-----
99
100 ${result}= Fetch From Left ${file_content} -----END PRIVATE KEY-----
101 ${private_key_content}= Fetch From Right ${result} -----BEGIN PRIVATE KEY-----
102
103 ${cert_data}=
104 ... Run Keyword if '${cert_format}' == 'Valid Certificate Valid Privatekey'
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]105 ... OperatingSystem.Get File ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]106 ... ELSE IF '${cert_format}' == 'Empty Certificate Valid Privatekey'
107 ... Remove String ${file_content} ${cert_content}
108 ... ELSE IF '${cert_format}' == 'Valid Certificate Empty Privatekey'
109 ... Remove String ${file_content} ${private_key_content}
110 ... ELSE IF '${cert_format}' == 'Empty Certificate Empty Privatekey'
111 ... Remove String ${file_content} ${cert_content} ${private_key_content}
Anusha Dathatribc855642020-06-17 05:21:14 -0500[diff] [blame]112 ... ELSE IF '${cert_format}' == 'Expired Certificate' or '${cert_format}' == 'Not Yet Valid Certificate'
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]113 ... OperatingSystem.Get File ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
Rahul Maheshwari081eadb2018-10-26 03:11:10 -0500[diff] [blame]114 ... ELSE IF '${cert_format}' == 'Valid Certificate'
115 ... Remove String ${file_content} ${private_key_content}
116 ... -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----
117 ... ELSE IF '${cert_format}' == 'Empty Certificate'
118 ... Remove String ${file_content} ${cert_content}
119 ... ${private_key_content} -----BEGIN PRIVATE KEY-----
120 ... -----END PRIVATE KEY-----
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]121
122 ${random_name}= Generate Random String 8
123 ${cert_name}= Catenate SEPARATOR= ${random_name} .pem
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]124 Create File ${cert_dir_name}/${cert_name} ${cert_data}
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]125
Rahul Maheshwari665bc612018-10-24 04:57:53 -0500[diff] [blame]126 [Return] ${EXECDIR}${/}${cert_dir_name}${/}${cert_name}
Rahul Maheshwari984791c2018-09-21 00:49:37 -0500[diff] [blame]127
128
129Get Certificate Content From File
130 [Documentation] Get certificate content from certificate file.
131 [Arguments] ${cert_file_path}
132
133 # Description of argument(s):
134 # cert_file_path Downloaded certificate file path.
135
136 ${file_content}= OperatingSystem.Get File ${cert_file_path}
137 ${result}= Fetch From Left ${file_content} -----END CERTIFICATE-----
138 ${result}= Fetch From Right ${result} -----BEGIN CERTIFICATE-----
139 [Return] ${result}
140
141
142Check If Openssl Tool Exist
143 [Documentation] Check if openssl tool installed or not.
144
145 ${rc} ${output}= Run And Return RC and Output which openssl
146 Should Not Be Empty ${output} msg=Openssl tool not installed.
147
Rahul Maheshwaria6ae3c32019-09-05 08:52:01 -0500[diff] [blame]148
149Verify Certificate Visible Via OpenSSL
150 [Documentation] Checks if given certificate is visible via openssl's showcert command.
151 [Arguments] ${cert_file_path}
152
153 # Description of argument(s):
154 # cert_file_path Certificate file path.
155
156 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
157 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
158 Should Contain ${cert_file_content} ${openssl_cert_content}
159