blob: db064ec78c37156c9f235c023ecc5bff345a77a1 [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -06001*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
George Keishingbf17fab2019-06-13 09:22:22 -05008Library String
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -06009
Matt Fischer6fb70d92023-10-24 19:06:33 -060010Test Tags Certificate
Rahul Maheshwarie48fd3e2019-07-22 02:28:58 -050011
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -060012Suite Setup Suite Setup Execution
Anusha Dathatri109c2ce2020-06-03 22:19:05 -050013Suite Teardown Suite Teardown
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -060014Test Teardown Test Teardown Execution
15
16
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -050017*** Variables ***
18
19${invalid_value} abc
Zbigniew Kurzynski84ae0d32019-10-11 15:51:59 +020020${ROOT_CA_FILE_PATH} /etc/ssl/certs/authority/*
Rahul Maheshwarib0d8da42023-08-25 06:55:59 -050021${keybit_length} ${2048}
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -050022
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -060023** Test Cases **
24
25Verify Server Certificate Replace
26 [Documentation] Verify server certificate replace.
27 [Tags] Verify_Server_Certificate_Replace
28 [Template] Replace Certificate Via Redfish
29
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -050030 # cert_type cert_format expected_status
31 Server Valid Certificate Valid Privatekey ok
32 Server Empty Certificate Valid Privatekey error
33 Server Valid Certificate Empty Privatekey error
34 Server Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -060035
36
37Verify Client Certificate Replace
38 [Documentation] Verify client certificate replace.
39 [Tags] Verify_Client_Certificate_Replace
40 [Template] Replace Certificate Via Redfish
41
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -050042 # cert_type cert_format expected_status
43 Client Valid Certificate Valid Privatekey ok
44 Client Empty Certificate Valid Privatekey error
45 Client Valid Certificate Empty Privatekey error
46 Client Empty Certificate Empty Privatekey error
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -060047
48
Rahul Maheshwaric1f43ed2019-06-03 01:00:16 -050049Verify CA Certificate Replace
50 [Documentation] Verify CA certificate replace.
51 [Tags] Verify_CA_Certificate_Replace
52 [Template] Replace Certificate Via Redfish
53
54 # cert_type cert_format expected_status
55 CA Valid Certificate ok
56 CA Empty Certificate error
57
58
Rahul Maheshwari037a3432019-05-23 00:55:40 -050059Verify Client Certificate Install
60 [Documentation] Verify client certificate install.
61 [Tags] Verify_Client_Certificate_Install
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -050062 [Template] Install And Verify Certificate Via Redfish
Rahul Maheshwari037a3432019-05-23 00:55:40 -050063
Rahul Maheshwari3ecd1a62019-06-03 01:44:34 -050064 # cert_type cert_format expected_status
65 Client Valid Certificate Valid Privatekey ok
66 Client Empty Certificate Valid Privatekey error
67 Client Valid Certificate Empty Privatekey error
68 Client Empty Certificate Empty Privatekey error
Rahul Maheshwari037a3432019-05-23 00:55:40 -050069
70
Rahul Maheshwari479c9c52019-06-03 01:23:12 -050071Verify CA Certificate Install
72 [Documentation] Verify CA certificate install.
73 [Tags] Verify_CA_Certificate_Install
74 [Template] Install And Verify Certificate Via Redfish
75
76 # cert_type cert_format expected_status
77 CA Valid Certificate ok
78 CA Empty Certificate error
79
80
Rahul Maheshwarid35e6872020-02-11 03:16:46 -060081Verify Maximum CA Certificate Install
82 [Documentation] Verify maximum CA certificate install.
83 [Tags] Verify_Maximum_CA_Certificate_Install
84 [Teardown] Run Keywords FFDC On Test Case Fail AND Delete All CA Certificate Via Redfish
85
86 # Get CA certificate count from BMC.
ganesanb4d430282023-04-27 14:33:23 +000087 ${cert_list}= Redfish_Utils.Get Member List /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates
Rahul Maheshwarid35e6872020-02-11 03:16:46 -060088 ${cert_count}= Get Length ${cert_list}
89
90 # Install CA certificate to reach maximum count of 10.
91 FOR ${INDEX} IN RANGE ${cert_count} 10
92 Install And Verify Certificate Via Redfish CA Valid Certificate ok ${FALSE}
93 ${cert_count}= Evaluate ${cert_count} + 1
94 END
95
96 # Verify error while installing 11th CA certificate.
97 Install And Verify Certificate Via Redfish CA Valid Certificate error ${FALSE}
98
99
George Keishing16b3c7b2021-01-28 09:23:37 -0600100Verify Error While Uploading Same CA Certificate
Rahul Maheshwari8ba1ebd2020-02-12 03:40:03 -0600101 [Documentation] Verify error while uploading same CA certificate two times.
George Keishing16b3c7b2021-01-28 09:23:37 -0600102 [Tags] Verify_Error_While_Uploading_Same_CA_Certificate
Rahul Maheshwari8ba1ebd2020-02-12 03:40:03 -0600103
104 # Create certificate file for uploading.
105 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365
106 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
107 ${file_data}= Decode Bytes To String ${bytes} UTF-8
108
109 # Install CA certificate.
110 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data}
111
112 # Adding delay after certificate installation.
113 Sleep 30s
114
115 # Check error while uploading same certificate.
116 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data}
117
118
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500119Verify Server Certificate View Via Openssl
120 [Documentation] Verify server certificate via openssl command.
121 [Tags] Verify_Server_Certificate_View_Via_Openssl
122
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500123 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
George Keishingbf17fab2019-06-13 09:22:22 -0500124 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path}
125 ${file_data}= Decode Bytes To String ${bytes} UTF-8
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500126
127 ${certificate_dict}= Create Dictionary
ganesanb4d430282023-04-27 14:33:23 +0000128 ... @odata.id=/redfish/v1/Managers/${MANAGER_ID}/NetworkProtocol/HTTPS/Certificates/1
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500129 ${payload}= Create Dictionary CertificateString=${file_data}
130 ... CertificateType=PEM CertificateUri=${certificate_dict}
131
132 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
ganesanb85c22652023-04-22 16:08:30 +0000133 ... body=${payload} valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500134
135 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
136
137
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500138Verify CSR Generation For Server Certificate
139 [Documentation] Verify CSR generation for server certificate.
140 [Tags] Verify_CSR_Generation_For_Server_Certificate
141 [Template] Generate CSR Via Redfish
142
143 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
ganesanb8d31f152023-04-27 14:01:55 +0000144 Server RSA ${keybit_length} ${EMPTY} ok
145 Server EC ${EMPTY} prime256v1 ok
146 Server EC ${EMPTY} secp521r1 ok
147 Server EC ${EMPTY} secp384r1 ok
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500148
149
150Verify CSR Generation For Client Certificate
151 [Documentation] Verify CSR generation for client certificate.
152 [Tags] Verify_CSR_Generation_For_Client_Certificate
153 [Template] Generate CSR Via Redfish
154
155 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
ganesanb8d31f152023-04-27 14:01:55 +0000156 Client RSA ${keybit_length} ${EMPTY} ok
157 Client EC ${EMPTY} prime256v1 ok
158 Client EC ${EMPTY} secp521r1 ok
159 Client EC ${EMPTY} secp384r1 ok
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500160
161
162Verify CSR Generation For Server Certificate With Invalid Value
163 [Documentation] Verify error while generating CSR for server certificate with invalid value.
164 [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value
165 [Template] Generate CSR Via Redfish
166
167 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status
ganesanb8d31f152023-04-27 14:01:55 +0000168 Server ${invalid_value} ${keybit_length} prime256v1 error
169 Server RAS ${invalid_value} ${EMPTY} error
170 Server EC ${EMPTY} ${invalid_value} error
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500171
172
173Verify CSR Generation For Client Certificate With Invalid Value
174 [Documentation] Verify error while generating CSR for client certificate with invalid value.
175 [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value
176 [Template] Generate CSR Via Redfish
177
ganesanb8d31f152023-04-27 14:01:55 +0000178 Client ${invalid_value} ${keybit_length} prime256v1 error
179 Client RSA ${invalid_value} ${EMPTY} error
180 Client EC ${EMPTY} ${invalid_value} error
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500181
182
Anusha Dathatribc855642020-06-17 05:21:14 -0500183Verify Expired Certificate Install
184 [Documentation] Verify installation of expired certificate.
185 [Tags] Verify_Expired_Certificate_Install
186 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
187 [Template] Install And Verify Certificate Via Redfish
188 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500189
Anusha Dathatribc855642020-06-17 05:21:14 -0500190 # cert_type cert_format expected_status
rramyasr-in9832b8e2023-06-28 02:25:05 -0500191 Client Expired Certificate ok
192 CA Expired Certificate ok
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500193
194
Anusha Dathatribc855642020-06-17 05:21:14 -0500195Verify Expired Certificate Replace
196 [Documentation] Verify replacing the certificate with an expired one.
197 [Tags] Verify_Expired_Certificate_Replace
198 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
199 [Template] Replace Certificate Via Redfish
200 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500201
Anusha Dathatribc855642020-06-17 05:21:14 -0500202 # cert_type cert_format expected_status
rramyasr-in9832b8e2023-06-28 02:25:05 -0500203 Server Expired Certificate ok
Anusha Dathatrie20d18d2020-05-07 04:02:30 -0500204
205
Anusha Dathatribc855642020-06-17 05:21:14 -0500206Verify Not Yet Valid Certificate Install
207 [Documentation] Verify installation of not yet valid certificates.
208 [Tags] Verify_Not_Yet_Valid_Certificate_Install
209 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
210 [Template] Install And Verify Certificate Via Redfish
211 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
Anusha Dathatri1a7a6b52020-06-10 04:57:37 -0500212
Anusha Dathatribc855642020-06-17 05:21:14 -0500213 # cert_type cert_format expected_status
214 Client Not Yet Valid Certificate ok
215 CA Not Yet Valid Certificate ok
216
217
218Verify Not Yet Valid Certificate Replace
219 [Documentation] Verify replacing certificate with a not yet valid one.
220 [Tags] Verify_Not_Yet_Valid_Certificate_Replace
221 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date
222 [Template] Replace Certificate Via Redfish
223 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date
224
225 # cert_type cert_format expected_status
226 Server Not Yet Valid Certificate ok
227 Client Not Yet Valid Certificate ok
228 CA Not Yet Valid Certificate ok
229
Anusha Dathatri1a7a6b52020-06-10 04:57:37 -0500230
Tony Lee027f6072021-02-09 17:41:41 +0800231Verify Certificates Location Via Redfish
232 [Documentation] Verify the location of certificates via Redfish.
233 [Tags] Verify_Certificates_Location_Via_Redfish
234
235 ${cert_id}= Install And Verify Certificate Via Redfish
236 ... CA Valid Certificate ok
237
238 ${resp}= Redfish.Get /redfish/v1/CertificateService/CertificateLocations
239 ${Links}= Get From Dictionary ${resp.dict} Links
240
241 ${match_cert}= Catenate
ganesanb4d430282023-04-27 14:33:23 +0000242 ... /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates/${cert_id}
Tony Lee027f6072021-02-09 17:41:41 +0800243 ${match}= Set Variable ${False}
244
245 FOR ${Certificates_dict} IN @{Links['Certificates']}
246 Continue For Loop If
247 ... "${Certificates_dict['@odata.id']}}" != "${match_cert}}"
248 ${match}= Set Variable ${True}
249 END
250
251 Should Be Equal ${match} ${True}
252 ... msg=Verify the location of certificates via Redfish fail.
253
254
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600255*** Keywords ***
256
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500257Get Current BMC Date
258 [Documentation] Get current BMC date.
259
260 ${cli_date_time}= CLI Get BMC DateTime
261 Set Test Variable ${cli_date_time}
262
263Restore BMC Date
264 [Documentation] Restore BMC date to its prior value.
265
ganesanb4d430282023-04-27 14:33:23 +0000266 Redfish.Patch ${REDFISH_BASE_URI}Managers/${MANAGER_ID} body={'DateTime': '${cli_date_time}'}
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500267 ... valid_status_codes=[${HTTP_OK}]
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500268
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600269
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500270Generate CSR Via Redfish
271 [Documentation] Generate CSR using Redfish.
272 [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status}
273
274 # Description of argument(s):
275 # cert_type Certificate type ("Server" or "Client").
276 # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA")
277 # key_bit_length CSR key bit length ("2048").
278 # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1").
279 # expected_status Expected status of certificate replace Redfish
280 # request ("ok" or "error").
281
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500282 ${certificate_uri}= Set Variable If
283 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/
284 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/
285
286 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
287 ${payload}= Create Dictionary City=Austin CertificateCollection=${certificate_dict}
rramyasr-in8e6ebd22023-02-20 09:44:23 -0600288 ... CommonName=${OPENBMC_HOST} Country=US Organization=xyz
Rahul Maheshwari1e0f6a82019-08-29 01:33:23 -0500289 ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length}
290 ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id}
291
292 # Remove not applicable field for CSR generation.
293 Run Keyword If '${key_pair_algorithm}' == 'EC' Remove From Dictionary ${payload} KeyBitLength
294 ... ELSE IF '${key_pair_algorithm}' == 'RSA' Remove From Dictionary ${payload} KeyCurveId
295
296 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK}
297 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}, ${HTTP_BAD_REQUEST}
298 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR
299 ... body=${payload} valid_status_codes=[${expected_resp}]
300
301 # Delay added between two CSR generation request.
302 Sleep 5s
303
304
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600305Suite Setup Execution
306 [Documentation] Do suite setup tasks.
307
308 # Create certificate sub-directory in current working directory.
309 Create Directory certificate_dir
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500310 Redfish.Login
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600311
312
313Test Teardown Execution
314 [Documentation] Do the post test teardown.
315
316 FFDC On Test Case Fail
Anusha Dathatri109c2ce2020-06-03 22:19:05 -0500317
318Suite Teardown
319 [Documentation] Do suite teardown tasks.
320
manashsarmab9feda72020-10-05 10:40:12 -0500321 Redfish.Logout