Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / e37b0ccc8b51daaa2bf2385be1ed2295b4fad37a / . / openpower / ext_interfaces / test_vmicert_management.robot
blob: a93943822709e42e08f2c087ef9770b07ff8d97f [file] [log] [blame]
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]1*** Settings ***
2
3Documentation VMI certificate exchange tests.
4
5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
8Resource ../../lib/bmc_redfish_utils.robot
9Resource ../../lib/utils.robot
10
11Suite Setup Suite Setup Execution
12Test Teardown FFDC On Test Case Fail
13Suite Teardown Suite Teardown Execution
14
15
16*** Variables ***
17
18# users User Name password
19@{ADMIN} admin_user TestPwd123
20@{OPERATOR} operator_user TestPwd123
21&{USERS} Administrator=${ADMIN} Operator=${OPERATOR}
22${VMI_BASE_URI} /ibm/v1/
23${CSR_FILE} csr_server.csr
24${CSR_KEY} csr_server.key
25
26*** Test Cases ***
27
28Get CSR Request Signed By VMI And Verify
29 [Documentation] Get CSR request signed by VMI using different user roles and verify.
30 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify
31 [Template] Get Certificate Signed By VMI
32
33 # username password force_create valid_csr valid_status_code
34 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
35 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
36
37
38Get Root Certificate Using Different Privilege Users Roles
39 [Documentation] Get root certificate using different users.
40 [Tags] Get_Root_Certificate_Using_Different_Users
41 [Template] Get Root Certificate
42
43 # username password force_create valid_csr valid_status_code
44 admin_user TestPwd123 ${True} ${True} ${HTTP_OK}
45 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
46
47
48*** Keywords ***
49
50Generate CSR String
51 [Documentation] Generate a csr string.
52
53 # Note: Generates and returns csr string.
54 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
55 ${ssl_sub}= Set Variable
56 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
57
58 # Run openssl command to create a new private key and use that to generate a CSR string
59 # in server.csr file.
60 ${output}= Run ${ssl_cmd} ${ssl_sub}
61 ${csr}= OperatingSystem.Get File server.csr
62
63 [Return] ${csr}
64
65
66Send CSR To VMI And Get Signed
67 [Arguments] ${csr} ${force_create} ${username} ${password}
68
69 # Description of argument(s):
70 # csr Certificate request from client to VMI.
71 # force_create Create a new REST session if True.
72 # username Username to create a REST session.
73 # password Password to create a REST session.
74
75 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
76 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
77
78 ${data}= Create Dictionary
79 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
80 ... Content-Type=application/json
81
82 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR
83
84 # For SignCSR request, we need to pass CSR string generated by openssl command.
85 ${csr_data}= Create Dictionary CsrString ${csr}
86 Set To Dictionary ${data} data ${csr_data}
87
88 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers}
89
90 [Return] ${resp}
91
92
93Get Root Certificate
94 [Documentation] Get root certificate from VMI.
95 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
96 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
97
98 # Description of argument(s):
99 # cert_type Type of the certificate requesting. eg. root or SignCSR.
100 # username Username to create a REST session.
101 # password Password to create a REST session.
102 # force_create Create a new REST session if True.
103 # valid_csr Uses valid CSR string in the REST request if True.
104 # This is not applicable for root certificate.
105 # valid_status_code Expected status code from REST request.
106
107 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
108 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
109
110 ${data}= Create Dictionary
111 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
112 ... Content-Type=application/json
113
114 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root
115
116 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers}
117
118 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
119 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
120
121 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
122 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
123 Should Contain ${cert["Certificate"]} END CERTIFICATE
124
125
126Get Subject
127 [Documentation] Generate a csr string.
128 [Arguments] ${file_name} ${is_csr_file}
129
130 # Description of argument(s):
131 # file_name Name of CSR or signed CERT file.
132 # is_csr_file A True value means a CSR while a False is for signed CERT file.
133
134 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject:
135 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject:
136
137 [Return] ${subject}
138
139
140Get Public Key
141 [Documentation] Generate a csr string.
142 [Arguments] ${file_name} ${is_csr_file}
143
144 # Description of argument(s):
145 # file_name Name of CSR or CERT file.
146 # is_csr_file A True value means a CSR while a False is for signed CERT file.
147
148 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey
149 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey
150
151 [Return] ${PublicKey}
152
153
154Get Certificate Signed By VMI
155 [Documentation] Get signed certificate from VMI.
156 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
157 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
158
159 # Description of argument(s):
160 # cert_type Type of the certificate requesting. eg. root or SignCSR.
161 # username Username to create a REST session.
162 # password Password to create a REST session.
163 # force_create Create a new REST session if True.
164 # valid_csr Uses valid CSR string in the REST request if True.
165 # This is not applicable for root certificate.
166 # valid_status_code Expected status code from REST request.
167
168 Set Test Variable ${CSR} CSR
169 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR
170
171 ${CSR}= Generate CSR String
172
173 # For SignCSR request, we need to pass CSR string generated by openssl command
174 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR}
175
176 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password}
177
178 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
179 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
180
181 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
182 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
183 Should Contain ${cert["Certificate"]} END CERTIFICATE
184
185 # Now do subject and public key verification
186 ${subject_csr}= Get Subject ${CSR_FILE} True
187 ${pubKey_csr}= Get Public Key ${CSR_FILE} True
188
189 # create a crt file with certificate string
190 ${signed_cert}= Set Variable ${cert["Certificate"]}
191
192 Create File test_certificate.crt ${signed_cert}
193 ${subject_signed_csr}= Get Subject test_certificate.crt False
194 ${pubKey_signed_csr}= Get Public Key test_certificate.crt False
195
196 Should be equal as strings ${subject_signed_csr} ${subject_csr}
197 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr}
198
199
200Suite Setup Execution
201 [Documentation] Suite setup execution.
202
203 # Create different user accounts.
204 Redfish.Login
205 Create Users With Different Roles users=${USERS} force=${True}
206
207
208Suite Teardown Execution
209 [Documentation] Suite teardown execution.
210
211 Delete BMC Users Via Redfish users=${USERS}
212 Delete All Sessions
213 Redfish.Logout