Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 68f985b351f420114a6349b674fd833b3259eaab / . / redfish / dmtf_tools / test_redfishtool_certificate.robot
blob: 65ae4ab96e36f9741d641a3d01e96fc9c7ef4886 [file] [log] [blame]
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]1*** Settings ***
2
3
4Documentation Suite to test certificate via DMTF redfishtool.
5
6Library OperatingSystem
7Library String
8Library Collections
9
10Resource ../../lib/resource.robot
11Resource ../../lib/bmc_redfish_resource.robot
12Resource ../../lib/openbmc_ffdc.robot
13Resource ../../lib/certificate_utils.robot
manashsarma579d8252020-05-28 08:10:51 -0500[diff] [blame]14Resource ../../lib/dmtf_redfishtool_utils.robot
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]15
16Suite Setup Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} = SEPARATOR=
22... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27
28Verify Redfishtool Replace Server Certificate Valid CertKey
29 [Documentation] Verify replace server certificate.
30 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey
31
32 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok
33
34
35Verify Redfishtool Replace Client Certificate Valid CertKey
36 [Documentation] Verify replace client certificate.
37 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey
38
39 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok
40
41
42Verify Redfishtool Replace CA Certificate Valid Cert
43 [Documentation] Verify replace CA certificate.
44 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert
45
46 Verify Redfishtool Replace Certificate CA Valid Certificate ok
47
48
49Verify Redfishtool Client Certificate Install Valid CertKey
50 [Documentation] Verify client certificate installation.
51 [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey
52
53 Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok
54
55
56Verify Redfishtool CA Certificate Install Valid Cert
57 [Documentation] Verify CA Certificate installation.
58 [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert
59
60 Verify Redfishtool Install Certificate CA Valid Certificate ok
61
62
63Verify Redfishtool Replace Server Certificate Errors
64 [Documentation] Verify error while replacing invalid server certificate.
65 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors
66 [Template] Verify Redfishtool Replace Certificate
67
68 Server Empty Certificate Empty Privatekey error
69 Server Empty Certificate Valid Privatekey error
70 Server Valid Certificate Empty Privatekey error
71
72
73Verify Redfishtool Replace Client Certificate Errors
74 [Documentation] Verify error while replacing invalid client certificate.
75 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors
76 [Template] Verify Redfishtool Replace Certificate
77
78 Client Empty Certificate Empty Privatekey error
79 Client Empty Certificate Valid Privatekey error
80 Client Valid Certificate Empty Privatekey error
81
82
83Verify Redfishtool Replace CA Certificate Errors
84 [Documentation] Verify error while replacing invalid CA certificate.
85 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors
86 [Template] Verify Redfishtool Replace Certificate
87
88 CA Empty Certificate error
89
90
91Verify Redfishtool Client Certificate Install Errors
92 [Documentation] Verify error while installing invalid client certificate.
93 [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors
94 [Template] Verify Redfishtool Install Certificate
95
96 Client Empty Certificate Empty Privatekey error
97 Client Empty Certificate Valid Privatekey error
98 Client Valid Certificate Empty Privatekey error
99
100
manashsarmac0efe582020-06-15 09:51:48 -0500[diff] [blame]101Verify Redfishtool CA Certificate Install Errors
102 [Documentation] Verify error while installing invalid CA certificate.
103 [Tags] Verify_Redfishtool_CA_Certificate_Install_Errors
104 [Template] Verify Redfishtool Install Certificate
105
106 # cert_type cert_format expected_status
107 CA Empty Certificate error
108
109
110Verify Error While Uploding Same CA Certificate Via Redfishtool
111 [Documentation] Verify error while uploading same CA certificate two times.
112 [Tags] Verify_Error_While_Uploding_Same_CA_Certificate_Via_Redfishtool
113
114 # Create certificate file for uploading.
115 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365
116 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
117 ${file_data}= Decode Bytes To String ${bytes} UTF-8
118
119 # Install CA certificate.
120 Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data}
121
122 # Adding delay after certificate installation.
123 Sleep 30s
124
125 # Check error while uploading same certificate.
126 Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data}
127
128
129Install Server Certificate Using Redfishtool And Verify Via OpenSSL
130 [Documentation] Install server certificate using Redfishtool and verify via OpenSSL.
131 [Tags] Install_Server_Certificate_Using_Redfishtool_And_Verify_Via_OpenSSL.
132
133 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
134 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
135 ${file_data}= Decode Bytes To String ${bytes} UTF-8
136
137 ${certificate_dict}= Create Dictionary
138 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
139
140 ${dict_objects}= Create Dictionary CertificateString=${file_data}
141 ... CertificateType=PEM CertificateUri=${certificate_dict}
142
143 ${string}= Convert To String ${dict_objects}
144 ${string}= Replace String ${string} ' "
145 ${payload}= Set Variable '${string}'
146
147 ${response}= Redfishtool Post
148 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
149
150 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
151
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]152*** Keywords ***
153
154
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]155Verify Redfishtool Install Certificate
156 [Documentation] Install and verify certificate using Redfishtool.
157 [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True}
158
159 # Description of argument(s):
160 # cert_type Certificate type (e.g. "Client" or "CA").
161 # cert_format Certificate file format
162 # expected_status Expected status of certificate install Redfishtool
163 # request (i.e. "ok" or "error").
164 # delete_cert Certificate will be deleted before installing if this True.
165
166 Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}'
167 ... Delete All CA Certificate Via Redfisthtool
168 ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}'
169 ... Redfishtool Delete Certificate Via BMC CLI ${cert_type}
170
171 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
172 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
173 ${file_data}= Decode Bytes To String ${bytes} UTF-8
174
175 ${certificate_uri}= Set Variable If
176 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
177 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
178
179 ${cert_id}= Redfishtool Install Certificate File On BMC
180 ... ${certificate_uri} ${expected_status} data=${file_data}
181 Logging Installed certificate id: ${cert_id}
182
183 # Adding delay after certificate installation.
184 Sleep 30s
185
186 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
187
188 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok'
189 ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString
190
191 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
192
193 [Return] ${cert_id}
194
195
196Delete All CA Certificate Via Redfisthtool
197 [Documentation] Delete all CA certificate via Redfish.
198
199 ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates
200 ${json_object}= To JSON ${cmd_output}
201 ${cert_list}= Set Variable ${json_object["Members"]}
202 FOR ${cert} IN @{cert_list}
manashsarma579d8252020-05-28 08:10:51 -0500[diff] [blame]203 Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args}
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]204 END
205
206
207Redfishtool Delete Certificate Via BMC CLI
208 [Documentation] Delete certificate via BMC CLI.
209 [Arguments] ${cert_type}
210
211 # Description of argument(s):
212 # cert_type Certificate type (e.g. "Client" or "CA").
213
214 ${certificate_file_path} ${certificate_service} ${certificate_uri}=
215 ... Run Keyword If '${cert_type}' == 'Client'
216 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
217 ... ${REDFISH_LDAP_CERTIFICATE_URI}
218 ... ELSE IF '${cert_type}' == 'CA'
219 ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service
220 ... ${REDFISH_CA_CERTIFICATE_URI}
221
222 ${file_status} ${stderr} ${rc}= BMC Execute Command
223 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
224
225 Return From Keyword If "${file_status}" != "Found"
226 BMC Execute Command rm ${certificate_file_path}
227 BMC Execute Command systemctl restart ${certificate_service}
228 BMC Execute Command systemctl daemon-reload
229
230
231Redfishtool Install Certificate File On BMC
232 [Documentation] Install certificate file in BMC using POST operation.
233 [Arguments] ${uri} ${status}=ok &{kwargs}
234
235 # Description of argument(s):
236 # uri URI for installing certificate file via Redfishtool.
237 # e.g. "/redfish/v1/AccountService/LDAP/Certificates".
238 # status Expected status of certificate installation via Redfishtool.
239 # e.g. error, ok.
240 # kwargs A dictionary of keys/values to be passed directly to
241 # POST Request.
242
243 Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD}
244
245 ${headers}= Create Dictionary Content-Type=application/octet-stream
246 ... X-Auth-Token=${XAUTH_TOKEN}
247 Set To Dictionary ${kwargs} headers ${headers}
248
249 ${ret}= Post Request openbmc ${uri} &{kwargs}
250 ${content_json}= To JSON ${ret.content}
251 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1
252
253 Run Keyword If '${status}' == 'ok'
254 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
255 ... ELSE IF '${status}' == 'error'
256 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
257
258 Delete All Sessions
259
260 [Return] ${cert_id}
261
262
263Verify Redfishtool Replace Certificate
264 [Documentation] Verify replace server certificate.
265 [Arguments] ${cert_type} ${cert_format} ${expected_status}
266
267 # Description of argument(s):
268 # cert_type Certificate type (e.g. "Client", "Server" or "CA").
269 # cert_format Certificate file format
270 # (e.g. "Valid_Certificate_Valid_Privatekey").
271 # expected_status Expected status of certificate replace Redfishtool
272 # request (i.e. "ok" or "error").
273
274 # Install certificate before replacing client or CA certificate.
275 ${cert_id}= Run Keyword If '${cert_type}' == 'Client'
276 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok
277 ... ELSE IF '${cert_type}' == 'CA'
278 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok
279
280 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
281 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
282 ${file_data}= Decode Bytes To String ${bytes} UTF-8
283
284 ${certificate_uri}= Set Variable If
285 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1
286 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1
287 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id}
288
289 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
290 ${dict_objects}= Create Dictionary CertificateString=${file_data}
291 ... CertificateType=PEM CertificateUri=${certificate_dict}
292 ${string}= Convert To String ${dict_objects}
293 ${string}= Replace String ${string} ' "
294 ${payload}= Set Variable '${string}'
295
296 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
297 ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND}
298
299 ${response}= Redfishtool Post
Anusha Dathatrif5103462020-06-18 05:40:43 -0500[diff] [blame]300 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
301 ... expected_error=${expected_resp}
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]302
303 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
304 ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString
305
306 Run Keyword If '${expected_status}' == 'ok'
307 ... Should Contain ${cert_file_content} ${bmc_cert_content}
308 ... ELSE
309 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
310
311
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]312Redfishtool GetAttribute
313 [Documentation] Execute redfishtool for GET operation.
314 [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}=""
315
316 # Description of argument(s):
317 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
318 # Attribute The specific attribute to be retrieved with the URI.
319 # cmd_args Commandline arguments.
320 # expected_error Expected error optionally provided in testcase (e.g. 401 /
321 # authentication error, etc. ).
322
323 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
324 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
325 ${json_object}= To JSON ${cmd_output}
326
327 [Return] ${json_object["CertificateString"]}
328
329
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]330Suite Setup Execution
331 [Documentation] Do suite setup execution.
332
333 ${tool_exist}= Run which redfishtool
334 Should Not Be Empty ${tool_exist}
335
336 # Create certificate sub-directory in current working directory.
337 Create Directory certificate_dir