Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / b0a491f2d88131ef8297730de09436786170dbe2 / . / redfish / managers / test_certificate.robot
blob: 7be20c451c72c2cc4b80860b3af6f897ddf25f64 [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]1*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
8
9Suite Setup Suite Setup Execution
10Test Teardown Test Teardown Execution
11
12
13** Test Cases **
14
15Verify Server Certificate Replace
16 [Documentation] Verify server certificate replace.
17 [Tags] Verify_Server_Certificate_Replace
18 [Template] Replace Certificate Via Redfish
19
20 # cert_type cert_format expected_status
21 Server Valid Certificate Valid Privatekey ok
22 Server Empty Certificate Valid Privatekey error
23 Server Valid Certificate Empty Privatekey error
24 Server Empty Certificate Empty Privatekey error
25 Server Expired Certificate error
26
27
28Verify Client Certificate Replace
29 [Documentation] Verify client certificate replace.
30 [Tags] Verify_Client_Certificate_Replace
31 [Template] Replace Certificate Via Redfish
32
33 # cert_type cert_format expected_status
34 Client Valid Certificate Valid Privatekey ok
35 Client Empty Certificate Valid Privatekey error
36 Client Valid Certificate Empty Privatekey error
37 Client Empty Certificate Empty Privatekey error
38 Client Expired Certificate error
39
40
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]41Verify Client Certificate Install
42 [Documentation] Verify client certificate install.
43 [Tags] Verify_Client_Certificate_Install
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]44 [Template] Install And Verify Client Certificate Via Redfish
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]45
46 # cert_format expected_status
47 Valid Certificate Valid Privatekey ok
48 Empty Certificate Valid Privatekey error
49 Valid Certificate Empty Privatekey error
50 Empty Certificate Empty Privatekey error
51
52
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]53Verify Server Certificate View Via Openssl
54 [Documentation] Verify server certificate via openssl command.
55 [Tags] Verify_Server_Certificate_View_Via_Openssl
56
57 redfish.Login
58
59 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
60 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
61
62 ${certificate_dict}= Create Dictionary
63 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
64 ${payload}= Create Dictionary CertificateString=${file_data}
65 ... CertificateType=PEM CertificateUri=${certificate_dict}
66
67 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
68 ... body=${payload}
69
70 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
71
72
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]73*** Keywords ***
74
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]75Install And Verify Client Certificate Via Redfish
76 [Documentation] Install and verify client certificate using Redfish.
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]77 [Arguments] ${cert_format} ${expected_status}
78
79 # Description of argument(s):
80 # cert_format Certificate file format
81 # (e.g. "Valid_Certificate_Valid_Privatekey").
82 # expected_status Expected status of certificate replace Redfish
83 # request (i.e. "ok" or "error").
84
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]85 Delete Client Certificate Via BMC CLI
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]86 # Adding delay after certificate deletion.
87 Sleep 15s
88
89 redfish.Login
90 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
91 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
92 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
93
94 Install Client Certificate File On BMC ${REDFISH_LDAP_CERTIFICATE_URI}
95 ... ${expected_status} data=${file_data}
96
97 # Adding delay after certificate installation.
98 Sleep 15s
99
100 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
101 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute
102 ... ${REDFISH_LDAP_CERTIFICATE_URI}/1 CertificateString
103
104 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
105
106
107Install Client Certificate File On BMC
108 [Documentation] Install certificate file in BMC using POST operation.
109 [Arguments] ${uri} ${status}=ok &{kwargs}
110
111 # Description of argument(s):
112 # uri URI for installing certificate file via REST
113 # e.g. "/xyz/openbmc_project/certs/server/https".
114 # status Expected status of certificate installation via REST
115 # e.g. error, ok.
116 # kwargs A dictionary of keys/values to be passed directly to
117 # POST Request.
118
119 Initialize OpenBMC quiet=${quiet}
120
121 ${headers}= Create Dictionary Content-Type=application/octet-stream
122 ... X-Auth-Token=${XAUTH_TOKEN}
123 Set To Dictionary ${kwargs} headers ${headers}
124
125 ${ret}= Post Request openbmc ${uri} &{kwargs}
126
127 Run Keyword If '${status}' == 'ok'
128 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
129 ... ELSE IF '${status}' == 'error'
130 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
131
132 Delete All Sessions
133
134
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]135Replace Certificate Via Redfish
136 [Documentation] Test 'replace certificate' operation in the BMC via Redfish.
137 [Arguments] ${cert_type} ${cert_format} ${expected_status}
138
139 # Description of argument(s):
140 # cert_type Certificate type (e.g. "Server" or "Client").
141 # cert_format Certificate file format
142 # (e.g. Valid_Certificate_Valid_Privatekey).
143 # expected_status Expected status of certificate replace Redfish
144 # request (i.e. "ok" or "error").
145
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]146 # Install client certificate before replacing client certificate.
147 Run Keyword If '${cert_type}' == 'Client' Install And Verify Client Certificate Via Redfish
148 ... Valid Certificate Valid Privatekey ok
149
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]150 redfish.Login
151
152 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
153 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
154
155 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
156
157 ${certificate_uri}= Set Variable If '${cert_type}' == 'Server'
158 ... /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
159 ... /redfish/v1/AccountService/LDAP/Certificates/1
160
161 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
162 ${payload}= Create Dictionary CertificateString=${file_data}
163 ... CertificateType=PEM CertificateUri=${certificate_dict}
Rahul Maheshwari9862eb52019-05-31 04:04:42 -0500[diff] [blame]164 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]165 ... body=${payload}
166
167 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
168 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString
169
170 Run Keyword If '${expected_status}' == 'ok'
171 ... Should Contain ${cert_file_content} ${bmc_cert_content}
172 ... ELSE
173 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
174
175
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]176Verify Certificate Visible Via OpenSSL
177 [Documentation] Checks if given certificate is visible via openssl's showcert command.
178 [Arguments] ${cert_file_path}
179
180 # Description of argument(s):
181 # cert_file_path Certificate file path.
182
183 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
184 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
185 Should Contain ${cert_file_content} ${openssl_cert_content}
186
187
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]188Delete Client Certificate Via BMC CLI
189 [Documentation] Delete client certificate via BMC CLI.
190
191 ${file_status} ${stderr} ${rc}= BMC Execute Command
192 ... [ -f /etc/nslcd/certs/cert.pem ] && echo "Found" || echo "Not Found"
193
194 Run Keyword If "${file_status}" == "Found"
195 ... Run Keywords BMC Execute Command rm /etc/nslcd/certs/cert.pem AND
196 ... BMC Execute Command systemctl restart phosphor-certificate-manager@nslcd.service
197
198
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]199Suite Setup Execution
200 [Documentation] Do suite setup tasks.
201
202 # Create certificate sub-directory in current working directory.
203 Create Directory certificate_dir
204
205
206Test Teardown Execution
207 [Documentation] Do the post test teardown.
208
209 FFDC On Test Case Fail
210 redfish.Logout