manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 1 | *** Settings *** |
| 2 | |
| 3 | Documentation VMI certificate exchange tests. |
| 4 | |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 5 | Library ../../lib/jobs_processing.py |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 6 | Resource ../../lib/resource.robot |
| 7 | Resource ../../lib/bmc_redfish_resource.robot |
| 8 | Resource ../../lib/openbmc_ffdc.robot |
| 9 | Resource ../../lib/bmc_redfish_utils.robot |
| 10 | Resource ../../lib/utils.robot |
| 11 | |
| 12 | Suite Setup Suite Setup Execution |
| 13 | Test Teardown FFDC On Test Case Fail |
| 14 | Suite Teardown Suite Teardown Execution |
| 15 | |
| 16 | |
| 17 | *** Variables *** |
| 18 | |
| 19 | # users User Name password |
| 20 | @{ADMIN} admin_user TestPwd123 |
| 21 | @{OPERATOR} operator_user TestPwd123 |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 22 | @{ReadOnly} readonly_user TestPwd123 |
| 23 | @{NoAccess} noaccess_user TestPwd123 |
| 24 | &{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly} |
| 25 | ... NoAccess=${NoAccess} |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 26 | ${VMI_BASE_URI} /ibm/v1/ |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 27 | |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 28 | |
| 29 | *** Test Cases *** |
| 30 | |
| 31 | Get CSR Request Signed By VMI And Verify |
| 32 | [Documentation] Get CSR request signed by VMI using different user roles and verify. |
| 33 | [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 34 | [Setup] Redfish Power On |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 35 | [Template] Get Certificate Signed By VMI |
| 36 | |
| 37 | # username password force_create valid_csr valid_status_code |
| 38 | ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 39 | |
| 40 | # Send CSR request from operator user. |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 41 | operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 42 | |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 43 | # Send CSR request from ReadOnly user. |
| 44 | readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 45 | |
| 46 | # Send CSR request from NoAccess user. |
| 47 | noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 48 | |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 49 | |
| 50 | Get Root Certificate Using Different Privilege Users Roles |
| 51 | [Documentation] Get root certificate using different users. |
| 52 | [Tags] Get_Root_Certificate_Using_Different_Users |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 53 | [Setup] Redfish Power On |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 54 | [Template] Get Root Certificate |
| 55 | |
| 56 | # username password force_create valid_csr valid_status_code |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 57 | # Request root certificate from admin user. |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 58 | admin_user TestPwd123 ${True} ${True} ${HTTP_OK} |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 59 | |
| 60 | # Request root certificate from operator user. |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 61 | operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 62 | |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 63 | # Request root certificate from ReadOnly user. |
| 64 | readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 65 | |
| 66 | # Request root certificate from NoAccess user. |
| 67 | noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 68 | |
| 69 | |
| 70 | Send CSR Request When VMI Is Off And Verify |
| 71 | [Documentation] Send CSR signing request to VMI when it is off and expect an error. |
| 72 | [Tags] Get_CSR_Request_When_VMI_Is_Off_And_verify |
| 73 | [Setup] Redfish Power Off |
| 74 | [Template] Get Certificate Signed By VMI |
| 75 | |
| 76 | # username password force_create valid_csr valid_status_code |
| 77 | ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_INTERNAL_SERVER_ERROR} |
| 78 | |
| 79 | # Send CSR request from operator user. |
shrsuman123 | 3f70a6a | 2021-04-08 04:48:07 -0500 | [diff] [blame] | 80 | operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 81 | |
| 82 | # Send CSR request from ReadOnly user. |
shrsuman123 | 3f70a6a | 2021-04-08 04:48:07 -0500 | [diff] [blame] | 83 | readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 84 | |
| 85 | # Send CSR request from NoAccess user. |
shrsuman123 | 3f70a6a | 2021-04-08 04:48:07 -0500 | [diff] [blame] | 86 | noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 87 | |
shrsuman123 | 1b1c2a4 | 2020-11-02 23:02:30 -0600 | [diff] [blame] | 88 | Get Corrupted CSR Request Signed By VMI And Verify |
| 89 | [Documentation] Send corrupted CSR for signing and expect an error. |
| 90 | [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify |
| 91 | [Setup] Redfish Power On |
| 92 | [Template] Get Certificate Signed By VMI |
| 93 | |
| 94 | # username password force_create valid_csr valid_status_code |
| 95 | ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} |
| 96 | |
| 97 | # Send CSR request from operator user. |
| 98 | operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} |
| 99 | |
| 100 | # Send CSR request from ReadOnly user. |
| 101 | readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} |
| 102 | |
| 103 | # Send CSR request from NoAccess user. |
| 104 | noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} |
| 105 | |
shrsuman123 | 68bdcae | 2021-01-18 00:38:25 -0600 | [diff] [blame] | 106 | Get Root Certificate When VMI Is Off And Verify |
| 107 | [Documentation] Get root certificate when vmi is off and verify. |
| 108 | [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify |
| 109 | [Setup] Redfish Power Off |
| 110 | [Template] Get Root Certificate |
shrsuman123 | 1b1c2a4 | 2020-11-02 23:02:30 -0600 | [diff] [blame] | 111 | |
shrsuman123 | 68bdcae | 2021-01-18 00:38:25 -0600 | [diff] [blame] | 112 | # username password force_create valid_csr valid_status_code |
| 113 | ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 114 | |
| 115 | # Request root certificate from operator user. |
| 116 | operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 117 | |
| 118 | # Request root certificate from ReadOnly user. |
| 119 | readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 120 | |
| 121 | # Request root certificate from NoAccess user. |
| 122 | noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 123 | |
| 124 | |
| 125 | Get Root Certificate After BMC Reboot And Verify |
| 126 | [Documentation] Get root certificate after bmc reboot and verify. |
| 127 | [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify |
| 128 | [Setup] Run Keywords OBMC Reboot (off) AND Redfish Power On |
| 129 | [Template] Get Root Certificate |
| 130 | |
| 131 | # username password force_create valid_csr valid_status_code |
| 132 | ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 133 | |
| 134 | # Request root certificate from operator user. |
| 135 | operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 136 | |
| 137 | # Request root certificate from ReadOnly user. |
| 138 | readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
| 139 | |
| 140 | # Request root certificate from NoAccess user. |
| 141 | noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 142 | |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 143 | Get Concurrent Root Certificate Requests From Multiple Admin Users |
| 144 | [Documentation] Get multiple concurrent root certificate requests from multiple admins |
| 145 | ... and verify no errors. |
| 146 | [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users |
| 147 | |
| 148 | FOR ${i} IN RANGE ${5} |
| 149 | ${dict}= Execute Process Multi Keyword ${5} |
| 150 | ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 151 | ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 152 | ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 153 | Dictionary Should Not Contain Value ${dict} False |
| 154 | ... msg=One or more operations has failed. |
| 155 | END |
| 156 | |
| 157 | Get Concurrent CSR Requests From Multiple Admin Users |
| 158 | [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. |
| 159 | [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users |
| 160 | |
| 161 | FOR ${i} IN RANGE ${5} |
| 162 | ${dict}= Execute Process Multi Keyword ${5} |
| 163 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 164 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 165 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 166 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 167 | Dictionary Should Not Contain Value ${dict} False |
| 168 | ... msg=One or more operations has failed. |
| 169 | END |
| 170 | |
| 171 | Get Concurrent Corrupted CSR Requests From Multiple Admin Users |
| 172 | [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. |
| 173 | [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users |
| 174 | |
| 175 | FOR ${i} IN RANGE ${5} |
| 176 | ${dict}= Execute Process Multi Keyword ${5} |
| 177 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} |
| 178 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} |
| 179 | ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} |
| 180 | Dictionary Should Not Contain Value ${dict} False |
| 181 | ... msg=One or more operations has failed. |
| 182 | END |
| 183 | |
shrsuman123 | 82a9a31 | 2021-03-26 05:34:32 -0500 | [diff] [blame] | 184 | Get Concurrent Root Certificate Request From Operator Users |
| 185 | [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. |
| 186 | [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users |
| 187 | |
| 188 | FOR ${i} IN RANGE ${5} |
| 189 | ${dict}= Execute Process Multi Keyword ${5} |
| 190 | ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 191 | ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 192 | ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 193 | Dictionary Should Not Contain Value ${dict} False |
| 194 | ... msg=One or more operations has failed. |
| 195 | END |
| 196 | |
| 197 | Get Concurrent Root Certificate Request From Admin And Non Admin Users |
| 198 | [Documentation] Get multiple concurrent root certificate from admin and non admin users |
| 199 | ... and verify no errors. |
| 200 | [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users |
| 201 | |
| 202 | FOR ${i} IN RANGE ${5} |
| 203 | ${dict}= Execute Process Multi Keyword ${5} |
| 204 | ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} |
| 205 | ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 206 | ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 207 | Dictionary Should Not Contain Value ${dict} False |
| 208 | ... msg=One or more operations has failed. |
| 209 | END |
| 210 | |
| 211 | Get Concurrent Root Certificate Request From Different Non Admin Users |
| 212 | [Documentation] Get multiple concurrent root certificate from different non admin users |
| 213 | ... and verify no errors. |
| 214 | [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users |
| 215 | |
| 216 | FOR ${i} IN RANGE ${5} |
| 217 | ${dict}= Execute Process Multi Keyword ${5} |
| 218 | ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 219 | ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 220 | ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 221 | Dictionary Should Not Contain Value ${dict} False |
| 222 | ... msg=One or more operations has failed. |
| 223 | END |
| 224 | |
| 225 | Get Concurrent CSR Request From Operator Users |
| 226 | [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. |
| 227 | [Tags] Get_Concurrent_CSR_Request_From_Operator_Users |
| 228 | |
| 229 | FOR ${i} IN RANGE ${5} |
| 230 | ${dict}= Execute Process Multi Keyword ${5} |
| 231 | ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 232 | ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 233 | ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} |
| 234 | Dictionary Should Not Contain Value ${dict} False |
| 235 | ... msg=One or more operations has failed. |
| 236 | END |
| 237 | |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 238 | *** Keywords *** |
| 239 | |
| 240 | Generate CSR String |
| 241 | [Documentation] Generate a csr string. |
| 242 | |
| 243 | # Note: Generates and returns csr string. |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 244 | ${csr_gen_time} = Get Current Date Time |
| 245 | ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr |
| 246 | ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key |
| 247 | Set Test Variable ${CSR_FILE} |
| 248 | Set Test Variable ${CSR_KEY} |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 249 | ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} |
| 250 | ${ssl_sub}= Set Variable |
| 251 | ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" |
| 252 | |
| 253 | # Run openssl command to create a new private key and use that to generate a CSR string |
| 254 | # in server.csr file. |
| 255 | ${output}= Run ${ssl_cmd} ${ssl_sub} |
Prashanth Katti | 7ee2825 | 2020-09-17 01:55:17 -0500 | [diff] [blame] | 256 | ${csr}= OperatingSystem.Get File ${CSR_FILE} |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 257 | |
| 258 | [Return] ${csr} |
| 259 | |
| 260 | |
| 261 | Send CSR To VMI And Get Signed |
George Keishing | f924895 | 2021-05-28 07:52:37 -0500 | [diff] [blame] | 262 | [Documentation] Upload CSR to VMI and get signed. |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 263 | [Arguments] ${csr} ${force_create} ${username} ${password} |
| 264 | |
| 265 | # Description of argument(s): |
| 266 | # csr Certificate request from client to VMI. |
| 267 | # force_create Create a new REST session if True. |
| 268 | # username Username to create a REST session. |
| 269 | # password Password to create a REST session. |
| 270 | |
| 271 | Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} |
| 272 | ... Initialize OpenBMC rest_username=${username} rest_password=${password} |
| 273 | |
| 274 | ${data}= Create Dictionary |
| 275 | ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} |
| 276 | ... Content-Type=application/json |
| 277 | |
| 278 | ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR |
| 279 | |
| 280 | # For SignCSR request, we need to pass CSR string generated by openssl command. |
| 281 | ${csr_data}= Create Dictionary CsrString ${csr} |
| 282 | Set To Dictionary ${data} data ${csr_data} |
| 283 | |
| 284 | ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers} |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 285 | Log to console ${resp.content} |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 286 | |
| 287 | [Return] ${resp} |
| 288 | |
| 289 | |
| 290 | Get Root Certificate |
| 291 | [Documentation] Get root certificate from VMI. |
| 292 | [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} |
| 293 | ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} |
| 294 | |
| 295 | # Description of argument(s): |
| 296 | # cert_type Type of the certificate requesting. eg. root or SignCSR. |
| 297 | # username Username to create a REST session. |
| 298 | # password Password to create a REST session. |
| 299 | # force_create Create a new REST session if True. |
| 300 | # valid_csr Uses valid CSR string in the REST request if True. |
| 301 | # This is not applicable for root certificate. |
| 302 | # valid_status_code Expected status code from REST request. |
| 303 | |
| 304 | Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} |
| 305 | ... Initialize OpenBMC rest_username=${username} rest_password=${password} |
| 306 | |
| 307 | ${data}= Create Dictionary |
| 308 | ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} |
| 309 | ... Content-Type=application/json |
| 310 | |
| 311 | ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root |
| 312 | |
| 313 | ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers} |
| 314 | |
| 315 | Should Be Equal As Strings ${resp.status_code} ${valid_status_code} |
| 316 | Return From Keyword If ${resp.status_code} != ${HTTP_OK} |
| 317 | |
| 318 | ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json |
| 319 | Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE |
| 320 | Should Contain ${cert["Certificate"]} END CERTIFICATE |
| 321 | |
| 322 | |
| 323 | Get Subject |
| 324 | [Documentation] Generate a csr string. |
| 325 | [Arguments] ${file_name} ${is_csr_file} |
| 326 | |
| 327 | # Description of argument(s): |
| 328 | # file_name Name of CSR or signed CERT file. |
| 329 | # is_csr_file A True value means a CSR while a False is for signed CERT file. |
| 330 | |
| 331 | ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject: |
| 332 | ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject: |
| 333 | |
| 334 | [Return] ${subject} |
| 335 | |
| 336 | |
| 337 | Get Public Key |
| 338 | [Documentation] Generate a csr string. |
| 339 | [Arguments] ${file_name} ${is_csr_file} |
| 340 | |
| 341 | # Description of argument(s): |
| 342 | # file_name Name of CSR or CERT file. |
| 343 | # is_csr_file A True value means a CSR while a False is for signed CERT file. |
| 344 | |
| 345 | ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey |
| 346 | ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey |
| 347 | |
| 348 | [Return] ${PublicKey} |
| 349 | |
| 350 | |
| 351 | Get Certificate Signed By VMI |
| 352 | [Documentation] Get signed certificate from VMI. |
| 353 | [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} |
| 354 | ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} |
| 355 | |
| 356 | # Description of argument(s): |
| 357 | # cert_type Type of the certificate requesting. eg. root or SignCSR. |
| 358 | # username Username to create a REST session. |
| 359 | # password Password to create a REST session. |
| 360 | # force_create Create a new REST session if True. |
| 361 | # valid_csr Uses valid CSR string in the REST request if True. |
| 362 | # This is not applicable for root certificate. |
| 363 | # valid_status_code Expected status code from REST request. |
| 364 | |
| 365 | Set Test Variable ${CSR} CSR |
| 366 | Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR |
| 367 | |
| 368 | ${CSR}= Generate CSR String |
shrsuman123 | 1b1c2a4 | 2020-11-02 23:02:30 -0600 | [diff] [blame] | 369 | ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 |
| 370 | ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 371 | |
| 372 | # For SignCSR request, we need to pass CSR string generated by openssl command |
| 373 | ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} |
| 374 | |
| 375 | ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} |
| 376 | |
| 377 | Should Be Equal As Strings ${resp.status_code} ${valid_status_code} |
| 378 | Return From Keyword If ${resp.status_code} != ${HTTP_OK} |
| 379 | |
| 380 | ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json |
| 381 | Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE |
| 382 | Should Contain ${cert["Certificate"]} END CERTIFICATE |
| 383 | |
| 384 | # Now do subject and public key verification |
| 385 | ${subject_csr}= Get Subject ${CSR_FILE} True |
| 386 | ${pubKey_csr}= Get Public Key ${CSR_FILE} True |
| 387 | |
| 388 | # create a crt file with certificate string |
| 389 | ${signed_cert}= Set Variable ${cert["Certificate"]} |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 390 | ${testcert_gen_time} = Get Current Date Time |
| 391 | ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 392 | |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 393 | Create File ${test_cert_file} ${signed_cert} |
| 394 | ${subject_signed_csr}= Get Subject ${test_cert_file} False |
| 395 | ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 396 | |
| 397 | Should be equal as strings ${subject_signed_csr} ${subject_csr} |
| 398 | Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} |
| 399 | |
| 400 | |
| 401 | Suite Setup Execution |
| 402 | [Documentation] Suite setup execution. |
| 403 | |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 404 | Remove Files *.csr *.key *.cert |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 405 | # Create different user accounts. |
| 406 | Redfish.Login |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 407 | Redfish Power On |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 408 | Create Users With Different Roles users=${USERS} force=${True} |
| 409 | |
| 410 | |
| 411 | Suite Teardown Execution |
| 412 | [Documentation] Suite teardown execution. |
| 413 | |
shrsuman123 | 5fc20cb | 2021-02-02 04:55:47 -0600 | [diff] [blame] | 414 | Remove Files *.csr *.key *.cert |
manashsarma | b7af817 | 2020-07-16 05:05:44 -0500 | [diff] [blame] | 415 | Delete BMC Users Via Redfish users=${USERS} |
| 416 | Delete All Sessions |
| 417 | Redfish.Logout |