Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / b2150da8e179bbc7511638c31ca3cb4c0f3f471e / . / openpower / ext_interfaces / test_vmicert_management.robot
blob: 2483581acfaf4fb555ab16f686bdace5322adfa9 [file] [log] [blame]
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]1*** Settings ***
2
3Documentation VMI certificate exchange tests.
4
5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
8Resource ../../lib/bmc_redfish_utils.robot
9Resource ../../lib/utils.robot
10
11Suite Setup Suite Setup Execution
12Test Teardown FFDC On Test Case Fail
13Suite Teardown Suite Teardown Execution
14
15
16*** Variables ***
17
18# users User Name password
19@{ADMIN} admin_user TestPwd123
20@{OPERATOR} operator_user TestPwd123
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]21@{ReadOnly} readonly_user TestPwd123
22@{NoAccess} noaccess_user TestPwd123
23&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly}
24... NoAccess=${NoAccess}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]25${VMI_BASE_URI} /ibm/v1/
26${CSR_FILE} csr_server.csr
27${CSR_KEY} csr_server.key
28
29*** Test Cases ***
30
31Get CSR Request Signed By VMI And Verify
32 [Documentation] Get CSR request signed by VMI using different user roles and verify.
33 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]34 [Setup] Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]35 [Template] Get Certificate Signed By VMI
36
37 # username password force_create valid_csr valid_status_code
38 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]39
40 # Send CSR request from operator user.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]41 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
42
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]43 # Send CSR request from ReadOnly user.
44 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
45
46 # Send CSR request from NoAccess user.
47 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
48
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]49
50Get Root Certificate Using Different Privilege Users Roles
51 [Documentation] Get root certificate using different users.
52 [Tags] Get_Root_Certificate_Using_Different_Users
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]53 [Setup] Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]54 [Template] Get Root Certificate
55
56 # username password force_create valid_csr valid_status_code
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]57 # Request root certificate from admin user.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]58 admin_user TestPwd123 ${True} ${True} ${HTTP_OK}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]59
60 # Request root certificate from operator user.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]61 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
62
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]63 # Request root certificate from ReadOnly user.
64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
65
66 # Request root certificate from NoAccess user.
67 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
68
69
70Send CSR Request When VMI Is Off And Verify
71 [Documentation] Send CSR signing request to VMI when it is off and expect an error.
72 [Tags] Get_CSR_Request_When_VMI_Is_Off_And_verify
73 [Setup] Redfish Power Off
74 [Template] Get Certificate Signed By VMI
75
76 # username password force_create valid_csr valid_status_code
77 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
78
79 # Send CSR request from operator user.
80 operator_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
81
82 # Send CSR request from ReadOnly user.
83 readonly_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
84
85 # Send CSR request from NoAccess user.
86 noaccess_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
87
shrsuman1231b1c2a42020-11-02 23:02:30 -0600[diff] [blame]88Get Corrupted CSR Request Signed By VMI And Verify
89 [Documentation] Send corrupted CSR for signing and expect an error.
90 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify
91 [Setup] Redfish Power On
92 [Template] Get Certificate Signed By VMI
93
94 # username password force_create valid_csr valid_status_code
95 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
96
97 # Send CSR request from operator user.
98 operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN}
99
100 # Send CSR request from ReadOnly user.
101 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN}
102
103 # Send CSR request from NoAccess user.
104 noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN}
105
106
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]107
108*** Keywords ***
109
110Generate CSR String
111 [Documentation] Generate a csr string.
112
113 # Note: Generates and returns csr string.
114 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
115 ${ssl_sub}= Set Variable
116 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
117
118 # Run openssl command to create a new private key and use that to generate a CSR string
119 # in server.csr file.
120 ${output}= Run ${ssl_cmd} ${ssl_sub}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]121 ${csr}= OperatingSystem.Get File ${CSR_FILE}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]122
123 [Return] ${csr}
124
125
126Send CSR To VMI And Get Signed
127 [Arguments] ${csr} ${force_create} ${username} ${password}
128
129 # Description of argument(s):
130 # csr Certificate request from client to VMI.
131 # force_create Create a new REST session if True.
132 # username Username to create a REST session.
133 # password Password to create a REST session.
134
135 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
136 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
137
138 ${data}= Create Dictionary
139 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
140 ... Content-Type=application/json
141
142 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR
143
144 # For SignCSR request, we need to pass CSR string generated by openssl command.
145 ${csr_data}= Create Dictionary CsrString ${csr}
146 Set To Dictionary ${data} data ${csr_data}
147
148 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers}
149
150 [Return] ${resp}
151
152
153Get Root Certificate
154 [Documentation] Get root certificate from VMI.
155 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
156 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
157
158 # Description of argument(s):
159 # cert_type Type of the certificate requesting. eg. root or SignCSR.
160 # username Username to create a REST session.
161 # password Password to create a REST session.
162 # force_create Create a new REST session if True.
163 # valid_csr Uses valid CSR string in the REST request if True.
164 # This is not applicable for root certificate.
165 # valid_status_code Expected status code from REST request.
166
167 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
168 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
169
170 ${data}= Create Dictionary
171 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
172 ... Content-Type=application/json
173
174 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root
175
176 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers}
177
178 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
179 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
180
181 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
182 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
183 Should Contain ${cert["Certificate"]} END CERTIFICATE
184
185
186Get Subject
187 [Documentation] Generate a csr string.
188 [Arguments] ${file_name} ${is_csr_file}
189
190 # Description of argument(s):
191 # file_name Name of CSR or signed CERT file.
192 # is_csr_file A True value means a CSR while a False is for signed CERT file.
193
194 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject:
195 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject:
196
197 [Return] ${subject}
198
199
200Get Public Key
201 [Documentation] Generate a csr string.
202 [Arguments] ${file_name} ${is_csr_file}
203
204 # Description of argument(s):
205 # file_name Name of CSR or CERT file.
206 # is_csr_file A True value means a CSR while a False is for signed CERT file.
207
208 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey
209 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey
210
211 [Return] ${PublicKey}
212
213
214Get Certificate Signed By VMI
215 [Documentation] Get signed certificate from VMI.
216 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
217 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
218
219 # Description of argument(s):
220 # cert_type Type of the certificate requesting. eg. root or SignCSR.
221 # username Username to create a REST session.
222 # password Password to create a REST session.
223 # force_create Create a new REST session if True.
224 # valid_csr Uses valid CSR string in the REST request if True.
225 # This is not applicable for root certificate.
226 # valid_status_code Expected status code from REST request.
227
228 Set Test Variable ${CSR} CSR
229 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR
230
231 ${CSR}= Generate CSR String
shrsuman1231b1c2a42020-11-02 23:02:30 -0600[diff] [blame]232 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1
233 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]234
235 # For SignCSR request, we need to pass CSR string generated by openssl command
236 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR}
237
238 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password}
239
240 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
241 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
242
243 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
244 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
245 Should Contain ${cert["Certificate"]} END CERTIFICATE
246
247 # Now do subject and public key verification
248 ${subject_csr}= Get Subject ${CSR_FILE} True
249 ${pubKey_csr}= Get Public Key ${CSR_FILE} True
250
251 # create a crt file with certificate string
252 ${signed_cert}= Set Variable ${cert["Certificate"]}
253
254 Create File test_certificate.crt ${signed_cert}
255 ${subject_signed_csr}= Get Subject test_certificate.crt False
256 ${pubKey_signed_csr}= Get Public Key test_certificate.crt False
257
258 Should be equal as strings ${subject_signed_csr} ${subject_csr}
259 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr}
260
261
262Suite Setup Execution
263 [Documentation] Suite setup execution.
264
265 # Create different user accounts.
266 Redfish.Login
267 Create Users With Different Roles users=${USERS} force=${True}
268
269
270Suite Teardown Execution
271 [Documentation] Suite teardown execution.
272
273 Delete BMC Users Via Redfish users=${USERS}
274 Delete All Sessions
275 Redfish.Logout