xref: /openbmc/openbmc-test-automation/openpower/ext_interfaces/test_vmicert_management.robot (revision 037407d32b7ca72f455e7daf70bf8db5502ddd0c)
1*** Settings ***
2
3Documentation    VMI certificate exchange tests.
4
5Library          ../../lib/jobs_processing.py
6Resource         ../../lib/resource.robot
7Resource         ../../lib/bmc_redfish_resource.robot
8Resource         ../../lib/openbmc_ffdc.robot
9Resource         ../../lib/bmc_redfish_utils.robot
10Resource         ../../lib/utils.robot
11
12Suite Setup       Suite Setup Execution
13Test Teardown     FFDC On Test Case Fail
14Suite Teardown    Suite Teardown Execution
15
16
17*** Variables ***
18
19# users           User Name               password
20@{ADMIN}          admin_user              TestPwd123
21@{OPERATOR}       operator_user           TestPwd123
22@{ReadOnly}       readonly_user           TestPwd123
23@{NoAccess}       noaccess_user           TestPwd123
24&{USERS}          Administrator=${ADMIN}  Operator=${OPERATOR}  ReadOnly=${ReadOnly}
25...               NoAccess=${NoAccess}
26${VMI_BASE_URI}   /ibm/v1/
27
28
29*** Test Cases ***
30
31Get CSR Request Signed By VMI And Verify
32    [Documentation]  Get CSR request signed by VMI using different user roles and verify.
33    [Tags]  Get_CSR_Request_Signed_By_VMI_And_Verify
34    [Template]  Get Certificate Signed By VMI
35
36    # username           password             force_create  valid_csr  valid_status_code
37    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
38
39    # Send CSR request from operator user.
40    operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
41
42    # Send CSR request from ReadOnly user.
43    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
44
45    # Send CSR request from NoAccess user.
46    noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
47
48
49Get Root Certificate Using Different Privilege Users Roles
50    [Documentation]  Get root certificate using different users.
51    [Tags]  Get_Root_Certificate_Using_Different_Users
52    [Template]  Get Root Certificate
53
54    # username     password    force_create  valid_csr  valid_status_code
55    # Request root certificate from admin user.
56    admin_user     TestPwd123  ${True}       ${True}    ${HTTP_OK}
57
58    # Request root certificate from operator user.
59    operator_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
60
61    # Request root certificate from ReadOnly user.
62    readonly_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
63
64    # Request root certificate from NoAccess user.
65    noaccess_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
66
67
68Send CSR Request When VMI Is Off And Verify
69    [Documentation]  Send CSR signing request to VMI when it is off and expect an error.
70    [Tags]  Get_CSR_Request_When_VMI_Is_Off_And_verify
71    [Setup]  Redfish Power Off
72    [Teardown]  Run keywords  Redfish Power On  stack_mode=skip  AND  FFDC On Test Case Fail
73    [Template]  Get Certificate Signed By VMI
74
75    # username           password             force_create  valid_csr  valid_status_code
76    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_INTERNAL_SERVER_ERROR}
77
78    # Send CSR request from operator user.
79    operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
80
81    # Send CSR request from ReadOnly user.
82    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
83
84    # Send CSR request from NoAccess user.
85    noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
86
87Get Corrupted CSR Request Signed By VMI And Verify
88    [Documentation]  Send corrupted CSR for signing and expect an error.
89    [Tags]  Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify
90    [Template]  Get Certificate Signed By VMI
91
92    # username           password             force_create  valid_csr   valid_status_code
93    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${False}    ${HTTP_INTERNAL_SERVER_ERROR}
94
95    # Send CSR request from operator user.
96    operator_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
97
98    # Send CSR request from ReadOnly user.
99    readonly_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
100
101    # Send CSR request from NoAccess user.
102    noaccess_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
103
104Get Root Certificate When VMI Is Off And Verify
105    [Documentation]  Get root certificate when vmi is off and verify.
106    [Tags]  Get_Root_Certificate_When_VMI_Is_Off_And_Verify
107    [Setup]  Redfish Power Off
108    [Teardown]  Run keywords  Redfish Power On  stack_mode=skip  AND  FFDC On Test Case Fail
109    [Template]  Get Root Certificate
110
111    # username           password             force_create  valid_csr  valid_status_code
112    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
113
114    # Request root certificate from operator user.
115    operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
116
117    # Request root certificate from ReadOnly user.
118    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
119
120    # Request root certificate from NoAccess user.
121    noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
122
123
124Get Root Certificate After BMC Reboot And Verify
125    [Documentation]  Get root certificate after bmc reboot and verify.
126    [Tags]  Get_Root_Certificate_After_BMC_Reboot_And_Verify
127    [Setup]  Run Keywords  OBMC Reboot (off)  AND  Redfish Power On
128    [Template]  Get Root Certificate
129
130    # username            password             force_create  valid_csr  valid_status_code
131    ${OPENBMC_USERNAME}   ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
132
133    # Request root certificate from operator user.
134    operator_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
135
136    # Request root certificate from ReadOnly user.
137    readonly_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
138
139    # Request root certificate from NoAccess user.
140    noaccess_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
141
142Get Concurrent Root Certificate Requests From Multiple Admin Users
143    [Documentation]  Get multiple concurrent root certificate requests from multiple admins
144    ...  and verify no errors.
145    [Tags]  Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users
146
147    FOR  ${i}  IN RANGE  ${5}
148        ${dict}=  Execute Process Multi Keyword  ${5}
149        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
150        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
151        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
152        Dictionary Should Not Contain Value  ${dict}  False
153        ...  msg=One or more operations has failed.
154    END
155
156Get Concurrent CSR Requests From Multiple Admin Users
157    [Documentation]  Get multiple concurrent csr requests from multiple admins and verify no errors.
158    [Tags]  Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users
159
160    FOR  ${i}  IN RANGE  ${5}
161        ${dict}=  Execute Process Multi Keyword  ${5}
162        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
163        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
164        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
165        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
166        Dictionary Should Not Contain Value  ${dict}  False
167        ...  msg=One or more operations has failed.
168    END
169
170Get Concurrent Corrupted CSR Requests From Multiple Admin Users
171    [Documentation]  Get multiple concurrent corrupted csr requests from multiple admins and verify no errors.
172    [Tags]  Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users
173
174    FOR  ${i}  IN RANGE  ${5}
175        ${dict}=  Execute Process Multi Keyword  ${5}
176        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
177        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
178        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
179        Dictionary Should Not Contain Value  ${dict}  False
180        ...  msg=One or more operations has failed.
181    END
182
183Get Concurrent Root Certificate Request From Operator Users
184    [Documentation]  Get multiple concurrent root certificate from non admin users and verify no errors.
185    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Operator_Users
186
187    FOR  ${i}  IN RANGE  ${5}
188        ${dict}=  Execute Process Multi Keyword  ${5}
189        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
190        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
191        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
192        Dictionary Should Not Contain Value  ${dict}  False
193        ...  msg=One or more operations has failed.
194    END
195
196Get Concurrent Root Certificate Request From Admin And Non Admin Users
197    [Documentation]  Get multiple concurrent root certificate from admin and non admin users
198    ...  and verify no errors.
199    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users
200
201    FOR  ${i}  IN RANGE  ${5}
202        ${dict}=  Execute Process Multi Keyword  ${5}
203        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
204        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
205        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
206        Dictionary Should Not Contain Value  ${dict}  False
207        ...  msg=One or more operations has failed.
208    END
209
210Get Concurrent Root Certificate Request From Different Non Admin Users
211    [Documentation]  Get multiple concurrent root certificate from different non admin users
212    ...  and verify no errors.
213    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users
214
215    FOR  ${i}  IN RANGE  ${5}
216        ${dict}=  Execute Process Multi Keyword  ${5}
217        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
218        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
219        ...  Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
220        Dictionary Should Not Contain Value  ${dict}  False
221        ...  msg=One or more operations has failed.
222    END
223
224Get Concurrent CSR Request From Operator Users
225    [Documentation]  Get multiple concurrent csr request from non admin users and verify no errors.
226    [Tags]  Get_Concurrent_CSR_Request_From_Operator_Users
227
228    FOR  ${i}  IN RANGE  ${5}
229        ${dict}=  Execute Process Multi Keyword  ${5}
230        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
231        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
232        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
233        Dictionary Should Not Contain Value  ${dict}  False
234        ...  msg=One or more operations has failed.
235    END
236
237Get Root Certificate And Send CSR Request Concurrently And Verify
238    [Documentation]  Get root certificate and send csr request concurrently and
239    ...  verify gets root and signed certificate.
240    [Tags]  Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify
241
242    FOR  ${i}  IN RANGE  ${5}
243        ${dict}=  Execute Process Multi Keyword  ${5}
244        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
245        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
246        Dictionary Should Not Contain Value  ${dict}  False
247        ...  msg=One or more operations has failed.
248    END
249
250Get Concurrent Root Certificate And Send CSR Request And Verify
251    [Documentation]  Get concurrent root certificate and send csr request
252    ...  and verify gets root certificate and signed certificate.
253    [Tags]  Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify
254
255    FOR  ${i}  IN RANGE  ${5}
256        ${dict}=  Execute Process Multi Keyword  ${5}
257        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
258        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
259        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
260        Dictionary Should Not Contain Value  ${dict}  False
261        ...  msg=One or more operations has failed.
262    END
263
264Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify
265    [Documentation]  Get root certificate and send multiple csr requests concurrently and
266    ...  verify gets root certificate and signed certificates.
267    [Tags]  Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify
268
269    FOR  ${i}  IN RANGE  ${5}
270        ${dict}=  Execute Process Multi Keyword  ${5}
271        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
272        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
273        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
274        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
275        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
276        Dictionary Should Not Contain Value  ${dict}  False
277        ...  msg=One or more operations has failed.
278    END
279
280Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify
281    [Documentation]  Get root certificate and send multiple corrupted csr requests concurrently and
282    ...  verify gets root certificate and error for corrupted csr requests.
283    [Tags]  Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify
284
285    FOR  ${i}  IN RANGE  ${5}
286        ${dict}=  Execute Process Multi Keyword  ${5}
287        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
288        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
289        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
290        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
291        Dictionary Should Not Contain Value  ${dict}  False
292        ...  msg=One or more operations has failed.
293    END
294
295Send Concurrent CSR Request And Corrupted CSR Request And Verify
296    [Documentation]  Send concurrent csr request and corrupted csr request
297    ...  and verify gets certificate for valid csr and error for corrupted csr.
298    [Tags]  Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify
299
300    FOR  ${i}  IN RANGE  ${5}
301        ${dict}=  Execute Process Multi Keyword  ${5}
302        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
303        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
304        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
305        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
306        Dictionary Should Not Contain Value  ${dict}  False
307        ...  msg=One or more operations has failed.
308    END
309
310Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify
311    [Documentation]  Get root certificate send csr and corrupted csr requests concurrently and
312    ...  verify gets root certificate and certificate for valid csr and error for corrupted csr.
313    [Tags]  Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify
314
315    FOR  ${i}  IN RANGE  ${5}
316        ${dict}=  Execute Process Multi Keyword  ${5}
317        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
318        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
319        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
320        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
321        Dictionary Should Not Contain Value  ${dict}  False
322        ...  msg=One or more operations has failed.
323    END
324
325Send Concurrent CSR Request From Admin And Non Admin Users And Verify
326    [Documentation]  Send concurrent csr requests from admin and non-admin users and verify
327    ...  admin gets certificate and non-admin gets error.
328    [Tags]  Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify
329
330    FOR  ${i}  IN RANGE  ${5}
331        ${dict}=  Execute Process Multi Keyword  ${5}
332        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
333        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
334        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
335        Dictionary Should Not Contain Value  ${dict}  False
336        ...  msg=One or more operations has failed.
337    END
338
339Send Concurrent CSR Request From Non Admin Users And Verify
340    [Documentation]  Send concurrent csr request from non admin users
341    ...  and verify gets error.
342    [Tags]  Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify
343
344    FOR  ${i}  IN RANGE  ${5}
345        ${dict}=  Execute Process Multi Keyword  ${5}
346        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
347        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
348        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
349        Dictionary Should Not Contain Value  ${dict}  False
350        ...  msg=One or more operations has failed.
351    END
352
353Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently
354    [Documentation]  Get root certificate and send corrupted csr request from admin and
355    ...  csr from operator concurrently and verify gets root certificate and errors for corrupted
356    ...  and for operator.
357    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently
358
359    FOR  ${i}  IN RANGE  ${5}
360        ${dict}=  Execute Process Multi Keyword  ${5}
361        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
362        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
363        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
364        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
365        Dictionary Should Not Contain Value  ${dict}  False
366        ...  msg=One or more operations has failed.
367    END
368
369Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently
370    [Documentation]  Get root certificate from operator and send corrupted csr request
371    ...  and csr from admin and verify errors for operator and corrupted csr and signed certificate
372    ...  for valid csr.
373    [Tags]  Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently
374
375    FOR  ${i}  IN RANGE  ${5}
376        ${dict}=  Execute Process Multi Keyword  ${5}
377        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
378        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
379        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
380        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
381        Dictionary Should Not Contain Value  ${dict}  False
382        ...  msg=One or more operations has failed.
383    END
384
385
386Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently
387    [Documentation]  Get root certificate from operator and admin and
388    ...  and send csr request from admin concurrently and verify error for operator
389    ...  and admin gets root and signed certificate.
390    [Tags]  Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently
391
392    FOR  ${i}  IN RANGE  ${5}
393        ${dict}=  Execute Process Multi Keyword  ${5}
394        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
395        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
396        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
397        Dictionary Should Not Contain Value  ${dict}  False
398        ...  msg=One or more operations has failed.
399    END
400
401Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify
402    [Documentation]  Send csr request from admin and operator and corrupted
403    ...  csr request from admin and verify gets signed certificate for valid csr for admin
404    ...  gets error for operator and error for corrupted csr.
405    [Tags]  Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify
406
407    FOR  ${i}  IN RANGE  ${5}
408        ${dict}=  Execute Process Multi Keyword  ${5}
409        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
410        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
411        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
412        Dictionary Should Not Contain Value  ${dict}  False
413        ...  msg=One or more operations has failed.
414    END
415
416Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify
417    [Documentation]  Send corrupted csr request from admin and operator and csr request
418    ...  from admin concurrently and verify errors for corrupted csr and gets signed certificate
419    ...  for valid csr from admin.
420    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify
421
422    FOR  ${i}  IN RANGE  ${5}
423        ${dict}=  Execute Process Multi Keyword  ${5}
424        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
425        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
426        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
427        Dictionary Should Not Contain Value  ${dict}  False
428        ...  msg=One or more operations has failed.
429    END
430
431Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify
432    [Documentation]  Send corrupted csr requests from admin and operator and
433    ...  verify gets error.
434    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify
435
436    FOR  ${i}  IN RANGE  ${5}
437        ${dict}=  Execute Process Multi Keyword  ${5}
438        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
439        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
440        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
441        Dictionary Should Not Contain Value  ${dict}  False
442        ...  msg=One or more operations has failed.
443    END
444
445Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify
446    [Documentation]  Get root certificate from admin and csr requests from
447    ...  non admin users concurrently and verify gets root certificate for admin and
448    ...  errors for non-admins.
449    [Tags]  Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
450
451    FOR  ${i}  IN RANGE  ${5}
452        ${dict}=  Execute Process Multi Keyword  ${5}
453        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
454        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
455        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
456        Dictionary Should Not Contain Value  ${dict}  False
457        ...  msg=One or more operations has failed.
458    END
459
460Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify
461    [Documentation]  Get root certificate and send csr requests from non admin
462    ...  users and verify gets errors.
463    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
464
465    FOR  ${i}  IN RANGE  ${5}
466        ${dict}=  Execute Process Multi Keyword  ${5}
467        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
468        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
469        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
470        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
471        Dictionary Should Not Contain Value  ${dict}  False
472        ...  msg=One or more operations has failed.
473    END
474
475Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify
476    [Documentation]  Send corrupted csr request from admin and csr request from non admin
477    ...  users concurrently and verify gets errors.
478    [Tags]  Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
479
480    FOR  ${i}  IN RANGE  ${5}
481        ${dict}=  Execute Process Multi Keyword  ${5}
482        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
483        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
484        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
485        Dictionary Should Not Contain Value  ${dict}  False
486        ...  msg=One or more operations has failed.
487    END
488
489Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify
490    [Documentation]  Send csr and corrupted csr request from non admin users
491    ...  and verify gets errors.
492    [Tags]  Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
493
494    FOR  ${i}  IN RANGE  ${5}
495        ${dict}=  Execute Process Multi Keyword  ${5}
496        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
497        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
498        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
499        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
500        Dictionary Should Not Contain Value  ${dict}  False
501        ...  msg=One or more operations has failed.
502    END
503
504*** Keywords ***
505
506Generate CSR String
507    [Documentation]  Generate a csr string.
508
509    # Note: Generates and returns csr string.
510    ${csr_gen_time} =  Get Current Date Time
511    ${CSR_FILE}=  Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.csr
512    ${CSR_KEY}=   Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.key
513    Set Test Variable  ${CSR_FILE}
514    Set Test Variable  ${CSR_KEY}
515    ${ssl_cmd}=  Set Variable  openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
516    ${ssl_sub}=  Set Variable
517    ...  -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
518
519    # Run openssl command to create a new private key and use that to generate a CSR string
520    # in server.csr file.
521    ${output}=  Run  ${ssl_cmd} ${ssl_sub}
522    ${csr}=  OperatingSystem.Get File  ${CSR_FILE}
523
524    [Return]  ${csr}
525
526
527Send CSR To VMI And Get Signed
528    [Documentation]  Upload CSR to VMI and get signed.
529    [Arguments]  ${csr}  ${force_create}  ${username}  ${password}
530
531    # Description of argument(s):
532    # csr                    Certificate request from client to VMI.
533    # force_create           Create a new REST session if True.
534    # username               Username to create a REST session.
535    # password               Password to create a REST session.
536
537    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
538    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
539
540    ${data}=  Create Dictionary
541    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
542    ...  Content-Type=application/json
543
544    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Actions/SignCSR
545
546    # For SignCSR request, we need to pass CSR string generated by openssl command.
547    ${csr_data}=  Create Dictionary  CsrString  ${csr}
548    Set To Dictionary  ${data}  data  ${csr_data}
549
550    ${resp}=  Post Request  openbmc  ${cert_uri}  &{data}  headers=${headers}
551    Log to console  ${resp.content}
552
553    [Return]  ${resp}
554
555
556Get Root Certificate
557    [Documentation]  Get root certificate from VMI.
558    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
559    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
560
561    # Description of argument(s):
562    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
563    # username           Username to create a REST session.
564    # password           Password to create a REST session.
565    # force_create       Create a new REST session if True.
566    # valid_csr          Uses valid CSR string in the REST request if True.
567    #                    This is not applicable for root certificate.
568    # valid_status_code  Expected status code from REST request.
569
570    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
571    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
572
573    ${data}=  Create Dictionary
574    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
575    ...  Content-Type=application/json
576
577    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Certificate/root
578
579    ${resp}=  Get Request  openbmc  ${cert_uri}  &{data}  headers=${headers}
580
581    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
582    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
583
584    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
585    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
586    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
587
588
589Get Subject
590    [Documentation]  Generate a csr string.
591    [Arguments]  ${file_name}  ${is_csr_file}
592
593    # Description of argument(s):
594    # file_name          Name of CSR or signed CERT file.
595    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
596
597    ${subject}=  Run Keyword If  ${is_csr_file}  Run  openssl req -in ${file_name} -text -noout | grep Subject:
598    ...   ELSE  Run  openssl x509 -in ${file_name} -text -noout | grep Subject:
599
600    [Return]  ${subject}
601
602
603Get Public Key
604    [Documentation]  Generate a csr string.
605    [Arguments]  ${file_name}  ${is_csr_file}
606
607    # Description of argument(s):
608    # file_name          Name of CSR or CERT file.
609    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
610
611    ${PublicKey}=  Run Keyword If  ${is_csr_file}  Run  openssl req -in ${file_name} -noout -pubkey
612    ...   ELSE  Run  openssl x509 -in ${file_name} -noout -pubkey
613
614    [Return]  ${PublicKey}
615
616
617Get Certificate Signed By VMI
618    [Documentation]  Get signed certificate from VMI.
619    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
620    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
621
622    # Description of argument(s):
623    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
624    # username           Username to create a REST session.
625    # password           Password to create a REST session.
626    # force_create       Create a new REST session if True.
627    # valid_csr          Uses valid CSR string in the REST request if True.
628    #                    This is not applicable for root certificate.
629    # valid_status_code  Expected status code from REST request.
630
631    Set Test Variable  ${CSR}  CSR
632    Set Test Variable  ${CORRUPTED_CSR}  CORRUPTED_CSR
633
634    ${CSR}=  Generate CSR String
635    ${csr_left}  ${csr_right}=  Split String From Right  ${CSR}  ==  1
636    ${CORRUPTED_CSR}=  Catenate  SEPARATOR=  ${csr_left}  \N  ${csr_right}
637
638    # For SignCSR request, we need to pass CSR string generated by openssl command
639    ${csr_str}=  Set Variable If  ${valid_csr} == ${True}  ${CSR}  ${CORRUPTED_CSR}
640
641    ${resp}=  Send CSR To VMI And Get Signed  ${csr_str}  ${force_create}  ${username}  ${password}
642
643    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
644    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
645
646    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
647    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
648    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
649
650    # Now do subject and public key verification
651    ${subject_csr}=  Get Subject  ${CSR_FILE}  True
652    ${pubKey_csr}=  Get Public Key  ${CSR_FILE}  True
653
654    # create a crt file with certificate string
655    ${signed_cert}=  Set Variable  ${cert["Certificate"]}
656    ${testcert_gen_time} =  Get Current Date Time
657    ${test_cert_file}=   Catenate  SEPARATOR=_  ${testcert_gen_time}  test_certificate.cert
658
659    Create File  ${test_cert_file}  ${signed_cert}
660    ${subject_signed_csr}=  Get Subject   ${test_cert_file}  False
661    ${pubKey_signed_csr}=  Get Public Key  ${test_cert_file}  False
662
663    Should be equal as strings    ${subject_signed_csr}    ${subject_csr}
664    Should be equal as strings    ${pubKey_signed_csr}     ${pubKey_csr}
665
666
667Suite Setup Execution
668    [Documentation]  Suite setup execution.
669
670    Remove Files  *.csr  *.key  *.cert
671    # Create different user accounts.
672    Redfish.Login
673    Redfish Power On
674    Create Users With Different Roles  users=${USERS}  force=${True}
675
676
677Suite Teardown Execution
678    [Documentation]  Suite teardown execution.
679
680    Remove Files  *.csr  *.key  *.cert
681    Delete BMC Users Via Redfish  users=${USERS}
682    Delete All Sessions
683    Redfish.Logout
684