1*** Settings ***
2Documentation  Certificate utilities keywords.
3
4Library        OperatingSystem
5Resource       rest_client.robot
6Resource       resource.robot
7
8
9*** Keywords ***
10
11Install Certificate File On BMC
12    [Documentation]  Install certificate file in BMC using REST PUT operation.
13    [Arguments]  ${uri}  ${status}=ok  ${quiet}=${1}  &{kwargs}
14
15    # Description of argument(s):
16    # uri         URI for installing certificate file via REST
17    #             e.g. "/xyz/openbmc_project/certs/server/https".
18    # status      Expected status of certificate installation via REST
19    #             e.g. error, ok.
20    # quiet       If enabled, turns off logging to console.
21    # kwargs      A dictionary of keys/values to be passed directly to
22    #             PUT Request.
23
24    Initialize OpenBMC  quiet=${quiet}
25
26    ${headers}=  Create Dictionary  Content-Type=application/octet-stream
27    ...  X-Auth-Token=${XAUTH_TOKEN}
28    Set To Dictionary  ${kwargs}  headers  ${headers}
29
30    Run Keyword If  '${quiet}' == '${0}'  Log Request  method=Put
31    ...  base_uri=${uri}  args=&{kwargs}
32
33    ${ret}=  Put Request  openbmc  ${uri}  &{kwargs}
34    Run Keyword If  '${quiet}' == '${0}'  Log Response  ${ret}
35
36    Run Keyword If  '${status}' == 'ok'
37    ...  Should Be Equal As Strings  ${ret.status_code}  ${HTTP_OK}
38    ...  ELSE IF  '${status}' == 'error'
39    ...  Should Be Equal As Strings  ${ret.status_code}  ${HTTP_BAD_REQUEST}
40
41    Delete All Sessions
42
43
44Get Certificate Content From BMC Via Openssl
45    [Documentation]  Get certificate content from BMC via openssl.
46
47    Check If Openssl Tool Exist
48
49    ${openssl_cmd}=  Catenate
50    ...  timeout 10  openssl s_client -connect ${OPENBMC_HOST}:443 -showcerts
51    ${output}=  Run  ${openssl_cmd}
52
53    ${result}=  Fetch From Left
54    ...  ${output}  -----END CERTIFICATE-----
55    ${result}=  Fetch From Right  ${result}  -----BEGIN CERTIFICATE-----
56    [Return]  ${result}
57
58
59Get Certificate File Content From BMC
60    [Documentation]  Get required certificate file content from BMC.
61    [Arguments]  ${cert_type}=Client
62
63    # Description of argument(s):
64    # cert_type      Certificate type (e.g. "Client" or "CA").
65
66    ${certificate}  ${stderr}  ${rc}=  Run Keyword If  '${cert_type}' == 'Client'
67    ...    BMC Execute Command  cat /etc/nslcd/certs/cert.pem
68    ...  ELSE IF  '${cert_type}' == 'CA'
69    ...    BMC Execute Command  cat /etc/ssl/certs/Root-CA.pem
70
71    [Return]  ${certificate}
72
73
74Generate Certificate File Via Openssl
75    [Documentation]  Create certificate file via openssl with required content
76    ...              and returns its path.
77    [Arguments]  ${cert_format}  ${time}=365  ${cert_dir_name}=certificate_dir
78
79    # Description of argument(s):
80    # cert_format          Certificate file format
81    #                      e.g. Valid_Certificate_Empty_Privatekey.
82    # time                 Number of days to certify the certificate for.
83    # cert_dir_name        The name of the sub-directory where the certificate
84    #                      is stored.
85
86    Check If Openssl Tool Exist
87
88    ${openssl_cmd}=  Catenate  openssl req -x509 -sha256 -newkey rsa:2048
89    ...  ${SPACE}-nodes -days ${time}
90    ...  ${SPACE}-keyout ${cert_dir_name}/cert.pem -out ${cert_dir_name}/cert.pem
91    ...  ${SPACE}-subj "/O=XYZ Corporation /CN=www.xyz.com"
92
93    ${rc}  ${output}=  Run And Return RC and Output  ${openssl_cmd}
94    Should Be Equal  ${rc}  ${0}  msg=${output}
95    OperatingSystem.File Should Exist
96    ...  ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
97
98    ${file_content}=  OperatingSystem.Get File
99    ...  ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
100    ${result}=  Fetch From Left  ${file_content}  -----END CERTIFICATE-----
101    ${cert_content}=  Fetch From Right  ${result}  -----BEGIN CERTIFICATE-----
102
103    ${result}=  Fetch From Left  ${file_content}  -----END PRIVATE KEY-----
104    ${private_key_content}=  Fetch From Right  ${result}  -----BEGIN PRIVATE KEY-----
105
106    ${cert_data}=
107    ...  Run Keyword if  '${cert_format}' == 'Valid Certificate Valid Privatekey'
108    ...  OperatingSystem.Get File  ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
109    ...  ELSE IF  '${cert_format}' == 'Empty Certificate Valid Privatekey'
110    ...  Remove String  ${file_content}  ${cert_content}
111    ...  ELSE IF  '${cert_format}' == 'Valid Certificate Empty Privatekey'
112    ...  Remove String  ${file_content}  ${private_key_content}
113    ...  ELSE IF  '${cert_format}' == 'Empty Certificate Empty Privatekey'
114    ...  Remove String  ${file_content}  ${cert_content}  ${private_key_content}
115    ...  ELSE IF  '${cert_format}' == 'Expired Certificate'
116    ...  OperatingSystem.Get File  ${EXECDIR}${/}${cert_dir_name}${/}cert.pem
117    ...  ELSE IF  '${cert_format}' == 'Valid Certificate'
118    ...  Remove String  ${file_content}  ${private_key_content}
119    ...  -----BEGIN PRIVATE KEY-----  -----END PRIVATE KEY-----
120    ...  ELSE IF  '${cert_format}' == 'Empty Certificate'
121    ...  Remove String  ${file_content}  ${cert_content}
122    ...  ${private_key_content}  -----BEGIN PRIVATE KEY-----
123    ...  -----END PRIVATE KEY-----
124
125    ${random_name}=  Generate Random String  8
126    ${cert_name}=  Catenate  SEPARATOR=  ${random_name}  .pem
127    Create File  ${cert_dir_name}/${cert_name}  ${cert_data}
128
129    [Return]  ${EXECDIR}${/}${cert_dir_name}${/}${cert_name}
130
131
132Get Certificate Content From File
133    [Documentation]  Get certificate content from certificate file.
134    [Arguments]  ${cert_file_path}
135
136    # Description of argument(s):
137    # cert_file_path  Downloaded certificate file path.
138
139    ${file_content}=  OperatingSystem.Get File  ${cert_file_path}
140    ${result}=  Fetch From Left  ${file_content}  -----END CERTIFICATE-----
141    ${result}=  Fetch From Right  ${result}  -----BEGIN CERTIFICATE-----
142    [Return]  ${result}
143
144
145Check If Openssl Tool Exist
146    [Documentation]  Check if openssl tool installed or not.
147
148    ${rc}  ${output}=  Run And Return RC and Output  which openssl
149    Should Not Be Empty  ${output}  msg=Openssl tool not installed.
150
151
152Verify Certificate Visible Via OpenSSL
153    [Documentation]  Checks if given certificate is visible via openssl's showcert command.
154    [Arguments]  ${cert_file_path}
155
156    # Description of argument(s):
157    # cert_file_path           Certificate file path.
158
159    ${cert_file_content}=  OperatingSystem.Get File  ${cert_file_path}
160    ${openssl_cert_content}=  Get Certificate Content From BMC Via Openssl
161    Should Contain  ${cert_file_content}  ${openssl_cert_content}
162
163