xref: /openbmc/openbmc-test-automation/openpower/ext_interfaces/test_vmicert_management.robot (revision 663c2da54c94ff23e986dd4c1ca3bd48891b2f57)
1*** Settings ***
2
3Documentation    VMI certificate exchange tests.
4
5Library          ../../lib/jobs_processing.py
6Resource         ../../lib/resource.robot
7Resource         ../../lib/bmc_redfish_resource.robot
8Resource         ../../lib/openbmc_ffdc.robot
9Resource         ../../lib/bmc_redfish_utils.robot
10Resource         ../../lib/utils.robot
11
12Suite Setup       Suite Setup Execution
13Test Teardown     FFDC On Test Case Fail
14Suite Teardown    Run Keyword And Ignore Error  Suite Teardown Execution
15
16Force Tags        vmi_certificate_test
17
18
19*** Variables ***
20
21# users           User Name               password
22@{ADMIN}          admin_user              TestPwd123
23@{OPERATOR}       operator_user           TestPwd123
24@{ReadOnly}       readonly_user           TestPwd123
25@{NoAccess}       noaccess_user           TestPwd123
26# Removing Operator, need to add it back once support is given.
27&{USERS}          Administrator=${ADMIN}  ReadOnly=${ReadOnly}
28${VMI_BASE_URI}   /ibm/v1/
29
30
31*** Test Cases ***
32
33Get CSR Request Signed By VMI And Verify
34    [Documentation]  Get CSR request signed by VMI using different user roles and verify.
35    [Tags]  Get_CSR_Request_Signed_By_VMI_And_Verify
36    [Template]  Get Certificate Signed By VMI
37
38    # username           password             force_create  valid_csr  valid_status_code
39    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
40
41    # Send CSR request from operator user.
42    # operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
43
44    # Send CSR request from ReadOnly user.
45    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
46
47    # Send CSR request from NoAccess user.
48    # noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
49
50
51Get Root Certificate Using Different Privilege Users Role
52    [Documentation]  Get root certificate using different users.
53    [Tags]  Get_Root_Certificate_Using_Different_Privilege_Users_Role
54    [Template]  Get Root Certificate
55
56    # username     password    force_create  valid_csr  valid_status_code
57    # Request root certificate from admin user.
58    admin_user     TestPwd123  ${True}       ${True}    ${HTTP_OK}
59
60    # Request root certificate from operator user.
61    # operator_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
62
63    # Request root certificate from ReadOnly user.
64    readonly_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
65
66    # Request root certificate from NoAccess user.
67    # noaccess_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
68
69
70Send CSR Request When VMI Is Off And Verify
71    [Documentation]  Send CSR signing request to VMI when it is off and expect an error.
72    [Tags]  Send_CSR_Request_When_VMI_Is_Off_And_Verify
73    [Setup]  Redfish Power Off
74    [Teardown]  Run keywords  Redfish Power On  stack_mode=skip  AND  FFDC On Test Case Fail
75    [Template]  Get Certificate Signed By VMI
76
77    # username           password             force_create  valid_csr  valid_status_code         read_timeout
78    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_SERVICE_UNAVAILABLE}   60
79
80    # Send CSR request from operator user.
81    # operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
82
83    # Send CSR request from ReadOnly user.
84    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
85
86    # Send CSR request from NoAccess user.
87    # noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
88
89
90Get Corrupted CSR Request Signed By VMI And Verify
91    [Documentation]  Send corrupted CSR for signing and expect an error.
92    [Tags]  Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify
93    [Template]  Get Certificate Signed By VMI
94
95    # username           password             force_create  valid_csr   valid_status_code    read_timeout
96    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${False}    ${HTTP_BAD_REQUEST}  60
97
98    # Send CSR request from operator user.
99    # operator_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
100
101    # Send CSR request from ReadOnly user.
102    readonly_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
103
104    # Send CSR request from NoAccess user.
105    # noaccess_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
106
107
108Get Root Certificate When VMI Is Off And Verify
109    [Documentation]  Get root certificate when vmi is off and verify.
110    [Tags]  Get_Root_Certificate_When_VMI_Is_Off_And_Verify
111    [Setup]  Redfish Power Off
112    [Teardown]  Run keywords  Redfish Power On  stack_mode=skip  AND  FFDC On Test Case Fail
113    [Template]  Get Root Certificate
114
115    # username           password             force_create  valid_csr  valid_status_code
116    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
117
118    # Request root certificate from operator user.
119    # operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
120
121    # Request root certificate from ReadOnly user.
122    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
123
124    # Request root certificate from NoAccess user.
125    # noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
126
127
128Get Root Certificate After BMC Reboot And Verify
129    [Documentation]  Get root certificate after bmc reboot and verify.
130    [Tags]  Get_Root_Certificate_After_BMC_Reboot_And_Verify
131    [Setup]  Run Keywords  OBMC Reboot (off)  stack_mode=skip  AND  Redfish Power On
132    [Template]  Get Root Certificate
133
134    # username            password             force_create  valid_csr  valid_status_code
135    ${OPENBMC_USERNAME}   ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
136
137    # Request root certificate from operator user.
138    # operator_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
139
140    # Request root certificate from ReadOnly user.
141    readonly_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
142
143    # Request root certificate from NoAccess user.
144    # noaccess_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
145
146
147Get Concurrent Root Certificate Requests From Multiple Admin Users
148    [Documentation]  Get multiple concurrent root certificate requests from multiple admins
149    ...  and verify no errors.
150    [Tags]  Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users
151
152    FOR  ${i}  IN RANGE  ${5}
153        ${dict}=  Execute Process Multi Keyword  ${5}
154        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
155        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
156        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
157        Dictionary Should Not Contain Value  ${dict}  False
158        ...  msg=One or more operations has failed.
159    END
160
161
162Get Concurrent CSR Requests From Multiple Admin Users
163    [Documentation]  Get multiple concurrent csr requests from multiple admins and verify no errors.
164    [Tags]  Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users
165
166    FOR  ${i}  IN RANGE  ${5}
167        ${dict}=  Execute Process Multi Keyword  ${5}
168        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
169        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
170        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
171        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
172        Dictionary Should Not Contain Value  ${dict}  False
173        ...  msg=One or more operations has failed.
174    END
175
176
177Get Concurrent Corrupted CSR Requests From Multiple Admin Users
178    [Documentation]  Get multiple concurrent corrupted csr requests from multiple admins and verify no errors.
179    [Tags]  Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users
180
181    FOR  ${i}  IN RANGE  ${5}
182        ${dict}=  Execute Process Multi Keyword  ${5}
183        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
184        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
185        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
186        Dictionary Should Not Contain Value  ${dict}  False
187        ...  msg=One or more operations has failed.
188    END
189
190
191*** Comment ***
192
193Get Concurrent Root Certificate Request From Operator Users
194    [Documentation]  Get multiple concurrent root certificate from non admin users and verify no errors.
195    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Operator_Users
196
197    FOR  ${i}  IN RANGE  ${5}
198        ${dict}=  Execute Process Multi Keyword  ${5}
199        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
200        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
201        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
202        Dictionary Should Not Contain Value  ${dict}  False
203        ...  msg=One or more operations has failed.
204    END
205
206
207*** Test Cases ***
208
209Get Concurrent Root Certificate Request From Admin And Non Admin Users
210    [Documentation]  Get multiple concurrent root certificate from admin and non admin users
211    ...  and verify no errors.
212    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users
213
214    FOR  ${i}  IN RANGE  ${5}
215        ${dict}=  Execute Process Multi Keyword  ${5}
216        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
217        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
218        Dictionary Should Not Contain Value  ${dict}  False
219        ...  msg=One or more operations has failed.
220    END
221
222
223*** Comment ***
224
225Get Concurrent Root Certificate Request From Different Non Admin Users
226    [Documentation]  Get multiple concurrent root certificate from different non admin users
227    ...  and verify no errors.
228    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users
229
230    FOR  ${i}  IN RANGE  ${5}
231        ${dict}=  Execute Process Multi Keyword  ${5}
232        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
233        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
234        ...  Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
235        Dictionary Should Not Contain Value  ${dict}  False
236        ...  msg=One or more operations has failed.
237    END
238
239
240Get Concurrent CSR Request From Operator Users
241    [Documentation]  Get multiple concurrent csr request from non admin users and verify no errors.
242    [Tags]  Get_Concurrent_CSR_Request_From_Operator_Users
243
244    FOR  ${i}  IN RANGE  ${5}
245        ${dict}=  Execute Process Multi Keyword  ${5}
246        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
247        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
248        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
249        Dictionary Should Not Contain Value  ${dict}  False
250        ...  msg=One or more operations has failed.
251    END
252
253
254*** Test Cases ***
255
256Get Root Certificate And Send CSR Request Concurrently And Verify
257    [Documentation]  Get root certificate and send csr request concurrently and
258    ...  verify gets root and signed certificate.
259    [Tags]  Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify
260
261    FOR  ${i}  IN RANGE  ${5}
262        ${dict}=  Execute Process Multi Keyword  ${5}
263        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
264        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
265        Dictionary Should Not Contain Value  ${dict}  False
266        ...  msg=One or more operations has failed.
267    END
268
269
270Get Concurrent Root Certificate And Send CSR Request And Verify
271    [Documentation]  Get concurrent root certificate and send csr request
272    ...  and verify gets root certificate and signed certificate.
273    [Tags]  Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify
274
275    FOR  ${i}  IN RANGE  ${5}
276        ${dict}=  Execute Process Multi Keyword  ${5}
277        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
278        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
279        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
280        Dictionary Should Not Contain Value  ${dict}  False
281        ...  msg=One or more operations has failed.
282    END
283
284
285Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify
286    [Documentation]  Get root certificate and send multiple csr requests concurrently and
287    ...  verify gets root certificate and signed certificates.
288    [Tags]  Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify
289
290    FOR  ${i}  IN RANGE  ${5}
291        ${dict}=  Execute Process Multi Keyword  ${5}
292        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
293        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
294        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
295        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
296        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
297        Dictionary Should Not Contain Value  ${dict}  False
298        ...  msg=One or more operations has failed.
299    END
300
301
302Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify
303    [Documentation]  Get root certificate and send multiple corrupted csr requests concurrently and
304    ...  verify gets root certificate and error for corrupted csr requests.
305    [Tags]  Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify
306
307    FOR  ${i}  IN RANGE  ${5}
308        ${dict}=  Execute Process Multi Keyword  ${5}
309        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
310        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
311        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
312        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
313        Dictionary Should Not Contain Value  ${dict}  False
314        ...  msg=One or more operations has failed.
315    END
316
317
318Send Concurrent CSR Request And Corrupted CSR Request And Verify
319    [Documentation]  Send concurrent csr request and corrupted csr request
320    ...  and verify gets certificate for valid csr and error for corrupted csr.
321    [Tags]  Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify
322
323    FOR  ${i}  IN RANGE  ${5}
324        ${dict}=  Execute Process Multi Keyword  ${5}
325        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
326        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
327        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
328        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
329        Dictionary Should Not Contain Value  ${dict}  False
330        ...  msg=One or more operations has failed.
331    END
332
333
334Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify
335    [Documentation]  Get root certificate send csr and corrupted csr requests concurrently and
336    ...  verify gets root certificate and certificate for valid csr and error for corrupted csr.
337    [Tags]  Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify
338
339    FOR  ${i}  IN RANGE  ${5}
340        ${dict}=  Execute Process Multi Keyword  ${5}
341        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
342        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
343        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
344        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
345        Dictionary Should Not Contain Value  ${dict}  False
346        ...  msg=One or more operations has failed.
347    END
348
349
350Send Concurrent CSR Request From Admin And Non Admin Users And Verify
351    [Documentation]  Send concurrent csr requests from admin and non-admin users and verify
352    ...  admin gets certificate and non-admin gets error.
353    [Tags]  Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify
354
355    FOR  ${i}  IN RANGE  ${5}
356        ${dict}=  Execute Process Multi Keyword  ${5}
357        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
358        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
359        Dictionary Should Not Contain Value  ${dict}  False
360        ...  msg=One or more operations has failed.
361    END
362
363
364*** Comment ***
365
366Send Concurrent CSR Request From Non Admin Users And Verify
367    [Documentation]  Send concurrent csr request from non admin users
368    ...  and verify gets error.
369    [Tags]  Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify
370
371    FOR  ${i}  IN RANGE  ${5}
372        ${dict}=  Execute Process Multi Keyword  ${5}
373        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
374        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
375        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
376        Dictionary Should Not Contain Value  ${dict}  False
377        ...  msg=One or more operations has failed.
378    END
379
380
381Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently
382    [Documentation]  Get root certificate and send corrupted csr request from admin and
383    ...  csr from operator concurrently and verify gets root certificate and errors for corrupted
384    ...  and for operator.
385    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently
386
387    FOR  ${i}  IN RANGE  ${5}
388        ${dict}=  Execute Process Multi Keyword  ${5}
389        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
390        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
391        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
392        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
393        Dictionary Should Not Contain Value  ${dict}  False
394        ...  msg=One or more operations has failed.
395    END
396
397
398Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently
399    [Documentation]  Get root certificate from operator and send corrupted csr request
400    ...  and csr from admin and verify errors for operator and corrupted csr and signed certificate
401    ...  for valid csr.
402    [Tags]  Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently
403
404    FOR  ${i}  IN RANGE  ${5}
405        ${dict}=  Execute Process Multi Keyword  ${5}
406        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
407        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
408        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
409        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
410        Dictionary Should Not Contain Value  ${dict}  False
411        ...  msg=One or more operations has failed.
412    END
413
414
415Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently
416    [Documentation]  Get root certificate from operator and admin and
417    ...  and send csr request from admin concurrently and verify error for operator
418    ...  and admin gets root and signed certificate.
419    [Tags]  Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently
420
421    FOR  ${i}  IN RANGE  ${5}
422        ${dict}=  Execute Process Multi Keyword  ${5}
423        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
424        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
425        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
426        Dictionary Should Not Contain Value  ${dict}  False
427        ...  msg=One or more operations has failed.
428    END
429
430
431Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify
432    [Documentation]  Send csr request from admin and operator and corrupted
433    ...  csr request from admin and verify gets signed certificate for valid csr for admin
434    ...  gets error for operator and error for corrupted csr.
435    [Tags]  Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify
436
437    FOR  ${i}  IN RANGE  ${5}
438        ${dict}=  Execute Process Multi Keyword  ${5}
439        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
440        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
441        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
442        Dictionary Should Not Contain Value  ${dict}  False
443        ...  msg=One or more operations has failed.
444    END
445
446
447Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify
448    [Documentation]  Send corrupted csr request from admin and operator and csr request
449    ...  from admin concurrently and verify errors for corrupted csr and gets signed certificate
450    ...  for valid csr from admin.
451    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify
452
453    FOR  ${i}  IN RANGE  ${5}
454        ${dict}=  Execute Process Multi Keyword  ${5}
455        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
456        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
457        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
458        Dictionary Should Not Contain Value  ${dict}  False
459        ...  msg=One or more operations has failed.
460    END
461
462
463Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify
464    [Documentation]  Send corrupted csr requests from admin and operator and
465    ...  verify gets error.
466    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify
467
468    FOR  ${i}  IN RANGE  ${5}
469        ${dict}=  Execute Process Multi Keyword  ${5}
470        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
471        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
472        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
473        Dictionary Should Not Contain Value  ${dict}  False
474        ...  msg=One or more operations has failed.
475    END
476
477
478*** Test Cases ***
479
480Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify
481    [Documentation]  Get root certificate from admin and csr requests from
482    ...  non admin users concurrently and verify gets root certificate for admin and
483    ...  errors for non-admins.
484    [Tags]  Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
485
486    FOR  ${i}  IN RANGE  ${5}
487        ${dict}=  Execute Process Multi Keyword  ${5}
488        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
489        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
490        Dictionary Should Not Contain Value  ${dict}  False
491        ...  msg=One or more operations has failed.
492    END
493
494
495Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify
496    [Documentation]  Get root certificate and send csr requests from non admin
497    ...  users and verify gets errors.
498    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
499
500    FOR  ${i}  IN RANGE  ${5}
501        ${dict}=  Execute Process Multi Keyword  ${5}
502        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
503        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
504        Dictionary Should Not Contain Value  ${dict}  False
505        ...  msg=One or more operations has failed.
506    END
507
508
509Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify
510    [Documentation]  Send corrupted csr request from admin and csr request from non admin
511    ...  users concurrently and verify gets errors.
512    [Tags]  Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
513
514    FOR  ${i}  IN RANGE  ${5}
515        ${dict}=  Execute Process Multi Keyword  ${5}
516        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
517        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
518        Dictionary Should Not Contain Value  ${dict}  False
519        ...  msg=One or more operations has failed.
520    END
521
522
523Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify
524    [Documentation]  Send csr and corrupted csr request from non admin users
525    ...  and verify gets errors.
526    [Tags]  Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
527
528    FOR  ${i}  IN RANGE  ${5}
529        ${dict}=  Execute Process Multi Keyword  ${5}
530        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
531        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
532        Dictionary Should Not Contain Value  ${dict}  False
533        ...  msg=One or more operations has failed.
534    END
535
536
537*** Comment ***
538
539Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify
540    [Documentation]  Get root certificate from admin and send csr requests
541    ...  from admin and operator concurrently and verify gets root certificate
542    ...  and signed certificate and gets error for operator.
543    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify
544
545    FOR  ${i}  IN RANGE  ${5}
546        ${dict}=  Execute Process Multi Keyword  ${5}
547        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
548        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
549        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
550        Dictionary Should Not Contain Value  ${dict}  False
551        ...  msg=One or more operations has failed.
552    END
553
554
555Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify
556    [Documentation]  Get root certificate from admin and send corrupted csr requests
557    ...  from admin and operator concurrently and verify gets root certificate and errors
558    ...  for corrupted csr.
559    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify
560
561    FOR  ${i}  IN RANGE  ${5}
562        ${dict}=  Execute Process Multi Keyword  ${5}
563        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
564        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
565        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
566        Dictionary Should Not Contain Value  ${dict}  False
567        ...  msg=One or more operations has failed.
568    END
569
570
571*** Keywords ***
572
573Generate CSR String
574    [Documentation]  Generate a csr string.
575
576    # Note: Generates and returns csr string.
577    ${csr_gen_time} =  Get Current Date Time
578    ${CSR_FILE}=  Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.csr
579    ${CSR_KEY}=   Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.key
580    Set Test Variable  ${CSR_FILE}
581    Set Test Variable  ${CSR_KEY}
582    ${ssl_cmd}=  Set Variable  openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
583    ${ssl_sub}=  Set Variable
584    ...  -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
585
586    # Run openssl command to create a new private key and use that to generate a CSR string
587    # in server.csr file.
588    ${output}=  Run  ${ssl_cmd} ${ssl_sub}
589    ${csr}=  OperatingSystem.Get File  ${CSR_FILE}
590
591    [Return]  ${csr}
592
593
594Send CSR To VMI And Get Signed
595    [Documentation]  Upload CSR to VMI and get signed.
596    [Arguments]  ${csr}  ${force_create}  ${username}  ${password}  ${read_timeout}
597
598    # Description of argument(s):
599    # csr                    Certificate request from client to VMI.
600    # force_create           Create a new REST session if True.
601    # username               Username to create a REST session.
602    # password               Password to create a REST session.
603
604    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
605    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
606
607    ${data}=  Create Dictionary
608    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
609    ...  Content-Type=application/json
610
611    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Actions/SignCSR
612
613    # For SignCSR request, we need to pass CSR string generated by openssl command.
614    ${csr_data}=  Create Dictionary  CsrString  ${csr}
615
616    ${resp}=  POST On Session  openbmc  ${cert_uri}  json=${csr_data}  headers=${headers}
617    ...  timeout=${read_timeout}  expected_status=any
618    Log to console  ${resp.content}
619
620    [Return]  ${resp}
621
622
623Get Root Certificate
624    [Documentation]  Get root certificate from VMI.
625    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
626    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
627
628    # Description of argument(s):
629    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
630    # username           Username to create a REST session.
631    # password           Password to create a REST session.
632    # force_create       Create a new REST session if True.
633    # valid_csr          Uses valid CSR string in the REST request if True.
634    #                    This is not applicable for root certificate.
635    # valid_status_code  Expected status code from REST request.
636
637    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
638    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
639
640    ${data}=  Create Dictionary
641    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
642    ...  Content-Type=application/json
643
644    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Certificate/root
645
646    ${resp}=  GET On Session  openbmc  ${cert_uri}  &{data}  headers=${headers}
647    ...  expected_status=any
648
649    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
650    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
651
652    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
653    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
654    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
655
656
657Get Subject
658    [Documentation]  Generate a csr string.
659    [Arguments]  ${file_name}  ${is_csr_file}
660
661    # Description of argument(s):
662    # file_name          Name of CSR or signed CERT file.
663    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
664
665    ${subject}=  Run Keyword If  ${is_csr_file}
666    ...     Run  openssl req -in ${file_name} -text -noout | grep Subject:
667    ...   ELSE
668    ...     Run  openssl x509 -in ${file_name} -text -noout | grep Subject:
669
670    [Return]  ${subject}
671
672
673Get Public Key
674    [Documentation]  Generate a csr string.
675    [Arguments]  ${file_name}  ${is_csr_file}
676
677    # Description of argument(s):
678    # file_name          Name of CSR or CERT file.
679    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
680
681    ${PublicKey}=  Run Keyword If  ${is_csr_file}  Run  openssl req -in ${file_name} -noout -pubkey
682    ...   ELSE  Run  openssl x509 -in ${file_name} -noout -pubkey
683
684    [Return]  ${PublicKey}
685
686
687Get Certificate Signed By VMI
688    [Documentation]  Get signed certificate from VMI.
689    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
690    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
691    ...  ${read_timeout}=20
692
693    # Description of argument(s):
694    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
695    # username           Username to create a REST session.
696    # password           Password to create a REST session.
697    # force_create       Create a new REST session if True.
698    # valid_csr          Uses valid CSR string in the REST request if True.
699    #                    This is not applicable for root certificate.
700    # valid_status_code  Expected status code from REST request.
701
702    Set Test Variable  ${CSR}  CSR
703    Set Test Variable  ${CORRUPTED_CSR}  CORRUPTED_CSR
704
705    ${CSR}=  Generate CSR String
706    ${csr_left}  ${csr_right}=  Split String From Right  ${CSR}  ==  1
707    ${CORRUPTED_CSR}=  Catenate  SEPARATOR=  ${csr_left}  \N  ${csr_right}
708
709    # For SignCSR request, we need to pass CSR string generated by openssl command
710    ${csr_str}=  Set Variable If  ${valid_csr} == ${True}  ${CSR}  ${CORRUPTED_CSR}
711
712    ${resp}=  Send CSR To VMI And Get Signed  ${csr_str}  ${force_create}  ${username}  ${password}
713    ...  ${read_timeout}
714
715    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
716    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
717
718    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
719    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
720    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
721
722    # Now do subject and public key verification
723    ${subject_csr}=  Get Subject  ${CSR_FILE}  True
724    ${pubKey_csr}=  Get Public Key  ${CSR_FILE}  True
725
726    # create a crt file with certificate string
727    ${signed_cert}=  Set Variable  ${cert["Certificate"]}
728    ${testcert_gen_time} =  Get Current Date Time
729    ${test_cert_file}=   Catenate  SEPARATOR=_  ${testcert_gen_time}  test_certificate.cert
730
731    Create File  ${test_cert_file}  ${signed_cert}
732    ${subject_signed_csr}=  Get Subject   ${test_cert_file}  False
733    ${pubKey_signed_csr}=  Get Public Key  ${test_cert_file}  False
734
735    Should be equal as strings    ${subject_signed_csr}    ${subject_csr}
736    Should be equal as strings    ${pubKey_signed_csr}     ${pubKey_csr}
737
738
739Suite Setup Execution
740    [Documentation]  Suite setup execution.
741
742    Remove Files  *.csr  *.key  *.cert
743    # Create different user accounts.
744    Redfish.Login
745    Redfish Power On
746    Create Users With Different Roles  users=${USERS}  force=${True}
747
748
749Suite Teardown Execution
750    [Documentation]  Suite teardown execution.
751
752    Remove Files  *.csr  *.key  *.cert
753    Delete BMC Users Via Redfish  users=${USERS}
754    Delete All Sessions
755    Redfish.Logout
756