Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / bc287538376126bb1382d08995e9aa1743bc056e / . / redfish / managers / test_certificate.robot
blob: 025e8aea76ca33ac91815a7cd31d546808229657 [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]1*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
George Keishingbf17fab2019-06-13 09:22:22 -0500[diff] [blame]8Library String
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]9
Matt Fischer6fb70d92023-10-24 19:06:33 -0600[diff] [blame]10Test Tags Certificate
Rahul Maheshwarie48fd3e2019-07-22 02:28:58 -0500[diff] [blame]11
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]12Suite Setup Suite Setup Execution
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500[diff] [blame]13Suite Teardown Suite Teardown
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]14Test Teardown Test Teardown Execution
15
16
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]17*** Variables ***
18
19${invalid_value} abc
Zbigniew Kurzynski84ae0d32019-10-11 15:51:59 +0200[diff] [blame]20${ROOT_CA_FILE_PATH} /etc/ssl/certs/authority/*
Rahul Maheshwarib0d8da42023-08-25 06:55:59 -0500[diff] [blame]21${keybit_length} ${2048}
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]22
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]23** Test Cases **
24
25Verify Server Certificate Replace
26 [Documentation] Verify server certificate replace.
27 [Tags] Verify_Server_Certificate_Replace
28 [Template] Replace Certificate Via Redfish
29
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]30 # cert_type cert_format expected_status.
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]31 Server Valid Certificate Valid Privatekey ok
32 Server Empty Certificate Valid Privatekey error
33 Server Valid Certificate Empty Privatekey error
34 Server Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]35
36
37Verify Client Certificate Replace
38 [Documentation] Verify client certificate replace.
39 [Tags] Verify_Client_Certificate_Replace
40 [Template] Replace Certificate Via Redfish
41
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]42 # cert_type cert_format expected_status.
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]43 Client Valid Certificate Valid Privatekey ok
44 Client Empty Certificate Valid Privatekey error
45 Client Valid Certificate Empty Privatekey error
46 Client Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]47
48
Rahul Maheshwaric1f43ed2019-06-03 01:00:16 -0500[diff] [blame]49Verify CA Certificate Replace
50 [Documentation] Verify CA certificate replace.
51 [Tags] Verify_CA_Certificate_Replace
52 [Template] Replace Certificate Via Redfish
53
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]54 # cert_type cert_format expected_status.
Rahul Maheshwaric1f43ed2019-06-03 01:00:16 -0500[diff] [blame]55 CA Valid Certificate ok
56 CA Empty Certificate error
57
58
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]59Verify Client Certificate Install
60 [Documentation] Verify client certificate install.
61 [Tags] Verify_Client_Certificate_Install
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]62 [Template] Install And Verify Certificate Via Redfish
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]63
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]64 # cert_type cert_format expected_status.
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -0500[diff] [blame]65 Client Valid Certificate Valid Privatekey ok
66 Client Empty Certificate Valid Privatekey error
67 Client Valid Certificate Empty Privatekey error
68 Client Empty Certificate Empty Privatekey error
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]69
70
Rahul Maheshwari479c9c52019-06-03 01:23:12 -0500[diff] [blame]71Verify CA Certificate Install
72 [Documentation] Verify CA certificate install.
73 [Tags] Verify_CA_Certificate_Install
74 [Template] Install And Verify Certificate Via Redfish
75
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]76 # cert_type cert_format expected_status.
Rahul Maheshwari479c9c52019-06-03 01:23:12 -0500[diff] [blame]77 CA Valid Certificate ok
78 CA Empty Certificate error
79
80
Rahul Maheshwarid35e6872020-02-11 03:16:46 -0600[diff] [blame]81Verify Maximum CA Certificate Install
82 [Documentation] Verify maximum CA certificate install.
83 [Tags] Verify_Maximum_CA_Certificate_Install
84 [Teardown] Run Keywords FFDC On Test Case Fail AND Delete All CA Certificate Via Redfish
85
86 # Get CA certificate count from BMC.
ganesanb4d430282023-04-27 14:33:23 +0000[diff] [blame]87 ${cert_list}= Redfish_Utils.Get Member List /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates
Rahul Maheshwarid35e6872020-02-11 03:16:46 -0600[diff] [blame]88 ${cert_count}= Get Length ${cert_list}
89
90 # Install CA certificate to reach maximum count of 10.
91 FOR ${INDEX} IN RANGE ${cert_count} 10
92 Install And Verify Certificate Via Redfish CA Valid Certificate ok ${FALSE}
93 ${cert_count}= Evaluate ${cert_count} + 1
94 END
95
96 # Verify error while installing 11th CA certificate.
97 Install And Verify Certificate Via Redfish CA Valid Certificate error ${FALSE}
98
99
George Keishing16b3c7b2021-01-28 09:23:37 -0600[diff] [blame]100Verify Error While Uploading Same CA Certificate
Rahul Maheshwari8ba1ebd2020-02-12 03:40:03 -0600[diff] [blame]101 [Documentation] Verify error while uploading same CA certificate two times.
George Keishing16b3c7b2021-01-28 09:23:37 -0600[diff] [blame]102 [Tags] Verify_Error_While_Uploading_Same_CA_Certificate
Rahul Maheshwari8ba1ebd2020-02-12 03:40:03 -0600[diff] [blame]103
104 # Create certificate file for uploading.
105 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365
106 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
107 ${file_data}= Decode Bytes To String ${bytes} UTF-8
108
109 # Install CA certificate.
110 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data}
111
112 # Adding delay after certificate installation.
113 Sleep 30s
114
115 # Check error while uploading same certificate.
116 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data}
117
118
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]119Verify Server Certificate View Via Openssl
120 [Documentation] Verify server certificate via openssl command.
121 [Tags] Verify_Server_Certificate_View_Via_Openssl
122
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]123 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
George Keishingbf17fab2019-06-13 09:22:22 -0500[diff] [blame]124 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
125 ${file_data}= Decode Bytes To String ${bytes} UTF-8
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]126
127 ${certificate_dict}= Create Dictionary
ganesanb4d430282023-04-27 14:33:23 +0000[diff] [blame]128 ... @odata.id=/redfish/v1/Managers/${MANAGER_ID}/NetworkProtocol/HTTPS/Certificates/1
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]129 ${payload}= Create Dictionary CertificateString=${file_data}
130 ... CertificateType=PEM CertificateUri=${certificate_dict}
131
132 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
ganesanb85c22652023-04-22 16:08:30 +0000[diff] [blame]133 ... body=${payload} valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]134
135 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
136
137
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]138Verify CSR Generation For Server Certificate
139 [Documentation] Verify CSR generation for server certificate.
140 [Tags] Verify_CSR_Generation_For_Server_Certificate
141 [Template] Generate CSR Via Redfish
142
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]143 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status.
144 Server RSA ${keybit_length} ${EMPTY} ok
145 Server EC ${EMPTY} prime256v1 ok
146 Server EC ${EMPTY} secp521r1 ok
147 Server EC ${EMPTY} secp384r1 ok
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]148
149
150Verify CSR Generation For Client Certificate
151 [Documentation] Verify CSR generation for client certificate.
152 [Tags] Verify_CSR_Generation_For_Client_Certificate
153 [Template] Generate CSR Via Redfish
154
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]155 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status.
156 Client RSA ${keybit_length} ${EMPTY} ok
157 Client EC ${EMPTY} prime256v1 ok
158 Client EC ${EMPTY} secp521r1 ok
159 Client EC ${EMPTY} secp384r1 ok
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]160
161
162Verify CSR Generation For Server Certificate With Invalid Value
163 [Documentation] Verify error while generating CSR for server certificate with invalid value.
164 [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value
165 [Template] Generate CSR Via Redfish
166
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]167 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status.
168 Server ${invalid_value} ${keybit_length} prime256v1 error
169 Server RAS ${invalid_value} ${EMPTY} error
170 Server EC ${EMPTY} ${invalid_value} error
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]171
172
173Verify CSR Generation For Client Certificate With Invalid Value
174 [Documentation] Verify error while generating CSR for client certificate with invalid value.
175 [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value
176 [Template] Generate CSR Via Redfish
177
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]178 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status.
179 Client ${invalid_value} ${keybit_length} prime256v1 error
180 Client RSA ${invalid_value} ${EMPTY} error
181 Client EC ${EMPTY} ${invalid_value} error
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]182
183
Anusha Dathatribc855642020-06-17 05:21:14 -0500[diff] [blame]184Verify Expired Certificate Install
185 [Documentation] Verify installation of expired certificate.
186 [Tags] Verify_Expired_Certificate_Install
187 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
188 [Template] Install And Verify Certificate Via Redfish
189 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500[diff] [blame]190
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]191 # cert_type cert_format expected_status.
192 Client Expired Certificate ok
193 CA Expired Certificate ok
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500[diff] [blame]194
195
Anusha Dathatribc855642020-06-17 05:21:14 -0500[diff] [blame]196Verify Expired Certificate Replace
197 [Documentation] Verify replacing the certificate with an expired one.
198 [Tags] Verify_Expired_Certificate_Replace
199 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
200 [Template] Replace Certificate Via Redfish
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]201 #[Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500[diff] [blame]202
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]203 # cert_type cert_format expected_status.
204 Server Expired Certificate ok
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500[diff] [blame]205
206
Anusha Dathatribc855642020-06-17 05:21:14 -0500[diff] [blame]207Verify Not Yet Valid Certificate Install
208 [Documentation] Verify installation of not yet valid certificates.
209 [Tags] Verify_Not_Yet_Valid_Certificate_Install
210 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
211 [Template] Install And Verify Certificate Via Redfish
212 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
Anusha Dathatri1a7a6b52020-06-10 04:57:37 -0500[diff] [blame]213
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]214 # cert_type cert_format expected_status.
215 Client Not Yet Valid Certificate ok
216 CA Not Yet Valid Certificate ok
Anusha Dathatribc855642020-06-17 05:21:14 -0500[diff] [blame]217
218
219Verify Not Yet Valid Certificate Replace
220 [Documentation] Verify replacing certificate with a not yet valid one.
221 [Tags] Verify_Not_Yet_Valid_Certificate_Replace
222 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
223 [Template] Replace Certificate Via Redfish
224 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
225
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]226 # cert_type cert_format expected_status.
227 Server Not Yet Valid Certificate ok
228 Client Not Yet Valid Certificate ok
229 CA Not Yet Valid Certificate ok
Anusha Dathatribc855642020-06-17 05:21:14 -0500[diff] [blame]230
Anusha Dathatri1a7a6b52020-06-10 04:57:37 -0500[diff] [blame]231
Tony Lee027f6072021-02-09 17:41:41 +0800[diff] [blame]232Verify Certificates Location Via Redfish
233 [Documentation] Verify the location of certificates via Redfish.
234 [Tags] Verify_Certificates_Location_Via_Redfish
235
236 ${cert_id}= Install And Verify Certificate Via Redfish
237 ... CA Valid Certificate ok
238
239 ${resp}= Redfish.Get /redfish/v1/CertificateService/CertificateLocations
240 ${Links}= Get From Dictionary ${resp.dict} Links
241
242 ${match_cert}= Catenate
ganesanb4d430282023-04-27 14:33:23 +0000[diff] [blame]243 ... /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates/${cert_id}
Tony Lee027f6072021-02-09 17:41:41 +0800[diff] [blame]244 ${match}= Set Variable ${False}
245
246 FOR ${Certificates_dict} IN @{Links['Certificates']}
Sridevi Rameshac155722025-05-02 05:09:40 -0500[diff] [blame]247 IF "${Certificates_dict['@odata.id']}}" != "${match_cert}}" CONTINUE
Tony Lee027f6072021-02-09 17:41:41 +0800[diff] [blame]248 ${match}= Set Variable ${True}
249 END
250
251 Should Be Equal ${match} ${True}
252 ... msg=Verify the location of certificates via Redfish fail.
253
254
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]255*** Keywords ***
256
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500[diff] [blame]257Get Current BMC Date
258 [Documentation] Get current BMC date.
259
260 ${cli_date_time}= CLI Get BMC DateTime
261 Set Test Variable ${cli_date_time}
262
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]263
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500[diff] [blame]264Restore BMC Date
265 [Documentation] Restore BMC date to its prior value.
266
ganesanb4d430282023-04-27 14:33:23 +0000[diff] [blame]267 Redfish.Patch ${REDFISH_BASE_URI}Managers/${MANAGER_ID} body={'DateTime': '${cli_date_time}'}
rramyasr-ined0c14a2025-03-03 03:35:04 -0600[diff] [blame]268 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]269
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]270
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]271Generate CSR Via Redfish
272 [Documentation] Generate CSR using Redfish.
273 [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status}
274
275 # Description of argument(s):
276 # cert_type Certificate type ("Server" or "Client").
277 # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA")
278 # key_bit_length CSR key bit length ("2048").
279 # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1").
280 # expected_status Expected status of certificate replace Redfish
281 # request ("ok" or "error").
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]282 IF '${cert_type}' == 'Server'
283 ${certificate_uri}= Set Variable ${REDFISH_HTTPS_CERTIFICATE_URI}/
284 ELSE IF '${cert_type}' == 'Client'
285 ${certificate_uri}= Set Variable ${REDFISH_LDAP_CERTIFICATE_URI}/
286 ELSE
287 ${certificate_uri}= Set Variable None
288 END
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]289
290 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
291 ${payload}= Create Dictionary City=Austin CertificateCollection=${certificate_dict}
rramyasr-in8e6ebd22023-02-20 09:44:23 -0600[diff] [blame]292 ... CommonName=${OPENBMC_HOST} Country=US Organization=xyz
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]293 ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length}
294 ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id}
295
296 # Remove not applicable field for CSR generation.
George Keishinge6e161e2025-05-08 10:18:30 +0530[diff] [blame]297 IF '${key_pair_algorithm}' == 'EC'
298 Remove From Dictionary ${payload} KeyBitLength
299 ELSE IF '${key_pair_algorithm}' == 'RSA'
300 Remove From Dictionary ${payload} KeyCurveId
301 END
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]302
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]303 IF '${expected_status}' == 'ok'
304 ${expected_resp}= Evaluate [${HTTP_OK}]
305 ELSE IF '${expected_status}' == 'error'
306 ${expected_resp}= Evaluate [${HTTP_INTERNAL_SERVER_ERROR}, ${HTTP_BAD_REQUEST}]
307 ELSE
308 ${expected_resp}= Evaluate [] # empty or default list if needed
309 END
310
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]311 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]312 ... body=${payload} valid_status_codes=${expected_resp}
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500[diff] [blame]313
314 # Delay added between two CSR generation request.
315 Sleep 5s
316
317
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]318Suite Setup Execution
319 [Documentation] Do suite setup tasks.
320
321 # Create certificate sub-directory in current working directory.
322 Create Directory certificate_dir
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500[diff] [blame]323 Redfish.Login
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]324
325
326Test Teardown Execution
327 [Documentation] Do the post test teardown.
328
329 FFDC On Test Case Fail
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500[diff] [blame]330
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]331
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500[diff] [blame]332Suite Teardown
333 [Documentation] Do suite teardown tasks.
334
rramyasr-ind19c1b12025-11-13 01:10:34 -0600[diff] [blame]335 Redfish.Logout