Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / fc0c35a233477bf488b42bada19ebab4c2ad38e7 / . / redfish / dmtf_tools / test_redfishtool_certificate.robot
blob: 5c84b6289fa365802bb73e5980820e31cc5bf8c0 [file] [log] [blame]
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]1*** Settings ***
2
3
4Documentation Suite to test certificate via DMTF redfishtool.
5
6Library OperatingSystem
7Library String
8Library Collections
9
10Resource ../../lib/resource.robot
11Resource ../../lib/bmc_redfish_resource.robot
12Resource ../../lib/openbmc_ffdc.robot
13Resource ../../lib/certificate_utils.robot
manashsarma579d8252020-05-28 08:10:51 -0500[diff] [blame]14Resource ../../lib/dmtf_redfishtool_utils.robot
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]15
16Suite Setup Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} = SEPARATOR=
George Keishingd4ba2492022-01-10 08:27:34 -0600[diff] [blame]22... redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]23
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]24${invalid_value} abc
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]25
26*** Test Cases ***
27
28
29Verify Redfishtool Replace Server Certificate Valid CertKey
30 [Documentation] Verify replace server certificate.
31 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey
32
33 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok
34
35
36Verify Redfishtool Replace Client Certificate Valid CertKey
37 [Documentation] Verify replace client certificate.
38 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey
39
40 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok
41
42
43Verify Redfishtool Replace CA Certificate Valid Cert
44 [Documentation] Verify replace CA certificate.
45 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert
46
47 Verify Redfishtool Replace Certificate CA Valid Certificate ok
48
49
50Verify Redfishtool Client Certificate Install Valid CertKey
51 [Documentation] Verify client certificate installation.
52 [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey
53
54 Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok
55
56
57Verify Redfishtool CA Certificate Install Valid Cert
58 [Documentation] Verify CA Certificate installation.
59 [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert
60
61 Verify Redfishtool Install Certificate CA Valid Certificate ok
62
63
64Verify Redfishtool Replace Server Certificate Errors
65 [Documentation] Verify error while replacing invalid server certificate.
66 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors
67 [Template] Verify Redfishtool Replace Certificate
68
69 Server Empty Certificate Empty Privatekey error
70 Server Empty Certificate Valid Privatekey error
71 Server Valid Certificate Empty Privatekey error
72
73
74Verify Redfishtool Replace Client Certificate Errors
75 [Documentation] Verify error while replacing invalid client certificate.
76 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors
77 [Template] Verify Redfishtool Replace Certificate
78
79 Client Empty Certificate Empty Privatekey error
80 Client Empty Certificate Valid Privatekey error
81 Client Valid Certificate Empty Privatekey error
82
83
84Verify Redfishtool Replace CA Certificate Errors
85 [Documentation] Verify error while replacing invalid CA certificate.
86 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors
87 [Template] Verify Redfishtool Replace Certificate
88
89 CA Empty Certificate error
90
91
92Verify Redfishtool Client Certificate Install Errors
93 [Documentation] Verify error while installing invalid client certificate.
94 [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors
95 [Template] Verify Redfishtool Install Certificate
96
97 Client Empty Certificate Empty Privatekey error
98 Client Empty Certificate Valid Privatekey error
99 Client Valid Certificate Empty Privatekey error
100
101
manashsarmac0efe582020-06-15 09:51:48 -0500[diff] [blame]102Verify Redfishtool CA Certificate Install Errors
103 [Documentation] Verify error while installing invalid CA certificate.
104 [Tags] Verify_Redfishtool_CA_Certificate_Install_Errors
105 [Template] Verify Redfishtool Install Certificate
106
107 # cert_type cert_format expected_status
108 CA Empty Certificate error
109
110
George Keishing16b3c7b2021-01-28 09:23:37 -0600[diff] [blame]111Verify Error While Uploading Same CA Certificate Via Redfishtool
manashsarmac0efe582020-06-15 09:51:48 -0500[diff] [blame]112 [Documentation] Verify error while uploading same CA certificate two times.
George Keishing16b3c7b2021-01-28 09:23:37 -0600[diff] [blame]113 [Tags] Verify_Error_While_Uploading_Same_CA_Certificate_Via_Redfishtool
manashsarmac0efe582020-06-15 09:51:48 -0500[diff] [blame]114
115 # Create certificate file for uploading.
116 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365
117 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
118 ${file_data}= Decode Bytes To String ${bytes} UTF-8
119
120 # Install CA certificate.
121 Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data}
122
123 # Adding delay after certificate installation.
124 Sleep 30s
125
126 # Check error while uploading same certificate.
127 Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data}
128
129
130Install Server Certificate Using Redfishtool And Verify Via OpenSSL
131 [Documentation] Install server certificate using Redfishtool and verify via OpenSSL.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]132 [Tags] Install_Server_Certificate_Using_Redfishtool_And_Verify_Via_OpenSSL
manashsarmac0efe582020-06-15 09:51:48 -0500[diff] [blame]133
134 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
135 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
136 ${file_data}= Decode Bytes To String ${bytes} UTF-8
137
138 ${certificate_dict}= Create Dictionary
139 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
140
141 ${dict_objects}= Create Dictionary CertificateString=${file_data}
142 ... CertificateType=PEM CertificateUri=${certificate_dict}
143
144 ${string}= Convert To String ${dict_objects}
145 ${string}= Replace String ${string} ' "
146 ${payload}= Set Variable '${string}'
147
148 ${response}= Redfishtool Post
149 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
150
151 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
152
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]153
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]154Verify CSR Generation For Server Certificate Via Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]155 [Documentation] Verify CSR generation for server certificate.
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]156 [Tags] Verify_CSR_Generation_For_Server_Certificate_Via_Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]157 [Template] Generate CSR Via Redfishtool
158
159 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
160 Server RSA ${2048} ${EMPTY} ok
161 Server EC ${EMPTY} prime256v1 ok
162 Server EC ${EMPTY} secp521r1 ok
163 Server EC ${EMPTY} secp384r1 ok
164
165
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]166Verify CSR Generation For Client Certificate Via Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]167 [Documentation] Verify CSR generation for client certificate.
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]168 [Tags] Verify_CSR_Generation_For_Client_Certificate_Via_Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]169 [Template] Generate CSR Via Redfishtool
170
171 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
172 Client RSA ${2048} ${EMPTY} ok
173 Client EC ${EMPTY} prime256v1 ok
174 Client EC ${EMPTY} secp521r1 ok
175 Client EC ${EMPTY} secp384r1 ok
176
177
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]178Verify CSR Generation For Server Certificate With Invalid Value Via Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]179 [Documentation] Verify error while generating CSR for server certificate with invalid value.
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]180 [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value_Via_Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]181 [Template] Generate CSR Via Redfishtool
182
183 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
184 Server ${invalid_value} ${2048} prime256v1 error
185 Server RAS ${invalid_value} ${EMPTY} error
186
187
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]188Verify CSR Generation For Client Certificate With Invalid Value Via Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]189 [Documentation] Verify error while generating CSR for client certificate with invalid value.
Tony Lee2843e392020-10-05 16:17:50 +0800[diff] [blame]190 [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value_Via_Redfishtool
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]191 [Template] Generate CSR Via Redfishtool
192
193 Client ${invalid_value} ${2048} prime256v1 error
194 Client RSA ${invalid_value} ${EMPTY} error
195
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]196*** Keywords ***
197
198
manashsarmae12c8472020-07-24 07:15:47 -0500[diff] [blame]199Generate CSR Via Redfishtool
200 [Documentation] Generate CSR using Redfish.
201 [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status}
202
203 # Description of argument(s):
204 # cert_type Certificate type ("Server" or "Client").
205 # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA").
206 # key_bit_length CSR key bit length ("2048").
207 # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1").
208 # expected_status Expected status of certificate replace Redfishtool request ("ok" or "error").
209
210 ${certificate_uri}= Set Variable If
211 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/
212 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/
213
214 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
215
216 ${csr_dict}= Create Dictionary City=Austin CertificateCollection=${certificate_dict}
217 ... CommonName=${OPENBMC_HOST} Country=US Organization=IBM
218 ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length}
219 ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id}
220
221 # Remove not applicable field for CSR generation.
222 Run Keyword If '${key_pair_algorithm}' == 'EC' Remove From Dictionary ${csr_dict} KeyBitLength
223 ... ELSE IF '${key_pair_algorithm}' == 'RSA' Remove From Dictionary ${csr_dict} KeyCurveId
224
225 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
226 ... '${expected_status}' == 'error' ${HTTP_BAD_REQUEST}
227
228 ${string}= Convert To String ${csr_dict}
229
230 ${string2}= Replace String ${string} ' "
231
232 ${payload}= Set Variable '${string2}'
233
234 ${response}= Redfishtool Post
235 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
236 ... expected_error=${expected_resp}
237
238 # Delay added between two CSR generation request.
239 Sleep 5s
240
241
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]242Verify Redfishtool Install Certificate
243 [Documentation] Install and verify certificate using Redfishtool.
244 [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True}
245
246 # Description of argument(s):
247 # cert_type Certificate type (e.g. "Client" or "CA").
248 # cert_format Certificate file format
249 # expected_status Expected status of certificate install Redfishtool
250 # request (i.e. "ok" or "error").
251 # delete_cert Certificate will be deleted before installing if this True.
252
253 Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}'
254 ... Delete All CA Certificate Via Redfisthtool
255 ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}'
256 ... Redfishtool Delete Certificate Via BMC CLI ${cert_type}
257
258 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
259 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
260 ${file_data}= Decode Bytes To String ${bytes} UTF-8
261
262 ${certificate_uri}= Set Variable If
263 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}
264 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}
265
266 ${cert_id}= Redfishtool Install Certificate File On BMC
267 ... ${certificate_uri} ${expected_status} data=${file_data}
268 Logging Installed certificate id: ${cert_id}
269
270 # Adding delay after certificate installation.
271 Sleep 30s
272
273 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
274
275 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok'
276 ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString
277
278 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
279
280 [Return] ${cert_id}
281
282
283Delete All CA Certificate Via Redfisthtool
284 [Documentation] Delete all CA certificate via Redfish.
285
286 ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates
287 ${json_object}= To JSON ${cmd_output}
288 ${cert_list}= Set Variable ${json_object["Members"]}
289 FOR ${cert} IN @{cert_list}
manashsarma579d8252020-05-28 08:10:51 -0500[diff] [blame]290 Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args}
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]291 END
292
293
294Redfishtool Delete Certificate Via BMC CLI
295 [Documentation] Delete certificate via BMC CLI.
296 [Arguments] ${cert_type}
297
298 # Description of argument(s):
299 # cert_type Certificate type (e.g. "Client" or "CA").
300
301 ${certificate_file_path} ${certificate_service} ${certificate_uri}=
302 ... Run Keyword If '${cert_type}' == 'Client'
303 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service
304 ... ${REDFISH_LDAP_CERTIFICATE_URI}
305 ... ELSE IF '${cert_type}' == 'CA'
306 ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service
307 ... ${REDFISH_CA_CERTIFICATE_URI}
308
309 ${file_status} ${stderr} ${rc}= BMC Execute Command
310 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found"
311
312 Return From Keyword If "${file_status}" != "Found"
313 BMC Execute Command rm ${certificate_file_path}
314 BMC Execute Command systemctl restart ${certificate_service}
315 BMC Execute Command systemctl daemon-reload
316
317
318Redfishtool Install Certificate File On BMC
319 [Documentation] Install certificate file in BMC using POST operation.
320 [Arguments] ${uri} ${status}=ok &{kwargs}
321
322 # Description of argument(s):
323 # uri URI for installing certificate file via Redfishtool.
324 # e.g. "/redfish/v1/AccountService/LDAP/Certificates".
325 # status Expected status of certificate installation via Redfishtool.
326 # e.g. error, ok.
327 # kwargs A dictionary of keys/values to be passed directly to
328 # POST Request.
329
330 Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD}
331
332 ${headers}= Create Dictionary Content-Type=application/octet-stream
333 ... X-Auth-Token=${XAUTH_TOKEN}
334 Set To Dictionary ${kwargs} headers ${headers}
335
336 ${ret}= Post Request openbmc ${uri} &{kwargs}
337 ${content_json}= To JSON ${ret.content}
338 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1
339
340 Run Keyword If '${status}' == 'ok'
341 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
342 ... ELSE IF '${status}' == 'error'
343 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
344
345 Delete All Sessions
346
347 [Return] ${cert_id}
348
349
350Verify Redfishtool Replace Certificate
351 [Documentation] Verify replace server certificate.
352 [Arguments] ${cert_type} ${cert_format} ${expected_status}
353
354 # Description of argument(s):
355 # cert_type Certificate type (e.g. "Client", "Server" or "CA").
356 # cert_format Certificate file format
357 # (e.g. "Valid_Certificate_Valid_Privatekey").
358 # expected_status Expected status of certificate replace Redfishtool
359 # request (i.e. "ok" or "error").
360
361 # Install certificate before replacing client or CA certificate.
362 ${cert_id}= Run Keyword If '${cert_type}' == 'Client'
363 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok
364 ... ELSE IF '${cert_type}' == 'CA'
365 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok
366
367 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format}
368 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
369 ${file_data}= Decode Bytes To String ${bytes} UTF-8
370
371 ${certificate_uri}= Set Variable If
372 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1
373 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1
374 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id}
375
376 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
377 ${dict_objects}= Create Dictionary CertificateString=${file_data}
378 ... CertificateType=PEM CertificateUri=${certificate_dict}
379 ${string}= Convert To String ${dict_objects}
380 ${string}= Replace String ${string} ' "
381 ${payload}= Set Variable '${string}'
382
383 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
384 ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND}
385
386 ${response}= Redfishtool Post
Anusha Dathatrif5103462020-06-18 05:40:43 -0500[diff] [blame]387 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
388 ... expected_error=${expected_resp}
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]389
390 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
391 ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString
392
393 Run Keyword If '${expected_status}' == 'ok'
394 ... Should Contain ${cert_file_content} ${bmc_cert_content}
395 ... ELSE
396 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
397
398
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]399Redfishtool GetAttribute
400 [Documentation] Execute redfishtool for GET operation.
401 [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}=""
402
403 # Description of argument(s):
404 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
405 # Attribute The specific attribute to be retrieved with the URI.
406 # cmd_args Commandline arguments.
407 # expected_error Expected error optionally provided in testcase (e.g. 401 /
408 # authentication error, etc. ).
409
410 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri}
411 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error}
412 ${json_object}= To JSON ${cmd_output}
413
414 [Return] ${json_object["CertificateString"]}
415
416
manashsarma26d0e832020-05-26 05:46:55 -0500[diff] [blame]417Suite Setup Execution
418 [Documentation] Do suite setup execution.
419
420 ${tool_exist}= Run which redfishtool
421 Should Not Be Empty ${tool_exist}
422
423 # Create certificate sub-directory in current working directory.
424 Create Directory certificate_dir