1*** Settings ***
2
3Documentation    VMI certificate exchange tests.
4
5Library          ../../lib/jobs_processing.py
6Resource         ../../lib/resource.robot
7Resource         ../../lib/bmc_redfish_resource.robot
8Resource         ../../lib/openbmc_ffdc.robot
9Resource         ../../lib/bmc_redfish_utils.robot
10Resource         ../../lib/utils.robot
11
12Suite Setup       Suite Setup Execution
13Test Teardown     FFDC On Test Case Fail
14Suite Teardown    Run Keyword And Ignore Error  Suite Teardown Execution
15
16Test Tags        Vmicert_Management
17
18
19*** Variables ***
20
21# users           User Name               password
22@{ADMIN}          admin_user              TestPwd123
23@{OPERATOR}       operator_user           TestPwd123
24@{ReadOnly}       readonly_user           TestPwd123
25@{NoAccess}       noaccess_user           TestPwd123
26# Removing Operator, need to add it back once support is given.
27&{USERS}          Administrator=${ADMIN}  ReadOnly=${ReadOnly}
28${VMI_BASE_URI}   /ibm/v1/
29
30
31*** Test Cases ***
32
33Get CSR Request Signed By VMI And Verify
34    [Documentation]  Get CSR request signed by VMI using different user roles and verify.
35    [Tags]  Get_CSR_Request_Signed_By_VMI_And_Verify
36    [Template]  Get Certificate Signed By VMI
37
38    # username           password             force_create  valid_csr  valid_status_code
39    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
40
41    # Send CSR request from operator user.
42    # operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
43
44    # Send CSR request from ReadOnly user.
45    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
46
47    # Send CSR request from NoAccess user.
48    # noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
49
50
51Get Root Certificate Using Different Privilege Users Role
52    [Documentation]  Get root certificate using different users.
53    [Tags]  Get_Root_Certificate_Using_Different_Privilege_Users_Role
54    [Template]  Get Root Certificate
55
56    # username     password    force_create  valid_csr  valid_status_code
57    # Request root certificate from admin user.
58    admin_user     TestPwd123  ${True}       ${True}    ${HTTP_OK}
59
60    # Request root certificate from operator user.
61    # operator_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
62
63    # Request root certificate from ReadOnly user.
64    readonly_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
65
66    # Request root certificate from NoAccess user.
67    # noaccess_user  TestPwd123  ${False}      ${True}    ${HTTP_FORBIDDEN}
68
69
70Send CSR Request When VMI Is Off And Verify
71    [Documentation]  Send CSR signing request to VMI when it is off and expect an error.
72    [Tags]  Send_CSR_Request_When_VMI_Is_Off_And_Verify
73    [Setup]  Redfish Power Off
74    [Teardown]  Run Keywords  Redfish Power On  stack_mode=skip  AND
75    ...  Wait For Host Boot Progress To Reach Required State
76    [Template]  Get Certificate Signed By VMI
77
78    # username           password             force_create  valid_csr  valid_status_code         read_timeout
79    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_SERVICE_UNAVAILABLE}   60
80
81    # Send CSR request from operator user.
82    # operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
83
84    # Send CSR request from ReadOnly user.
85    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
86
87    # Send CSR request from NoAccess user.
88    # noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
89
90
91Get Corrupted CSR Request Signed By VMI And Verify
92    [Documentation]  Send corrupted CSR for signing and expect an error.
93    [Tags]  Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify
94    [Template]  Get Certificate Signed By VMI
95
96    # username           password             force_create  valid_csr   valid_status_code    read_timeout
97    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${False}    ${HTTP_BAD_REQUEST}  60
98
99    # Send CSR request from operator user.
100    # operator_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
101
102    # Send CSR request from ReadOnly user.
103    readonly_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
104
105    # Send CSR request from NoAccess user.
106    # noaccess_user        TestPwd123           ${False}      ${False}    ${HTTP_FORBIDDEN}
107
108
109Get Root Certificate When VMI Is Off And Verify
110    [Documentation]  Get root certificate when vmi is off and verify.
111    [Tags]  Get_Root_Certificate_When_VMI_Is_Off_And_Verify
112    [Setup]  Redfish Power Off
113    [Teardown]  Run Keywords  Redfish Power On  stack_mode=skip  AND
114    ...  Wait For Host Boot Progress To Reach Required State
115    [Template]  Get Root Certificate
116
117    # username           password             force_create  valid_csr  valid_status_code
118    ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
119
120    # Request root certificate from operator user.
121    # operator_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
122
123    # Request root certificate from ReadOnly user.
124    readonly_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
125
126    # Request root certificate from NoAccess user.
127    # noaccess_user        TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
128
129
130Get Root Certificate After BMC Reboot And Verify
131    [Documentation]  Get root certificate after bmc reboot and verify.
132    [Tags]  Get_Root_Certificate_After_BMC_Reboot_And_Verify
133    [Setup]  Run Keywords  OBMC Reboot (off)  stack_mode=skip  AND  Redfish Power On
134    [Template]  Get Root Certificate
135
136    # username            password             force_create  valid_csr  valid_status_code
137    ${OPENBMC_USERNAME}   ${OPENBMC_PASSWORD}  ${True}       ${True}    ${HTTP_OK}
138
139    # Request root certificate from operator user.
140    # operator_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
141
142    # Request root certificate from ReadOnly user.
143    readonly_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
144
145    # Request root certificate from NoAccess user.
146    # noaccess_user         TestPwd123           ${False}      ${True}    ${HTTP_FORBIDDEN}
147
148
149Get Concurrent Root Certificate Requests From Multiple Admin Users
150    [Documentation]  Get multiple concurrent root certificate requests from multiple admins
151    ...  and verify no errors.
152    [Tags]  Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users
153
154    FOR  ${i}  IN RANGE  ${5}
155        ${dict}=  Execute Process Multi Keyword  ${5}
156        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
157        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
158        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
159        Dictionary Should Not Contain Value  ${dict}  False
160        ...  msg=One or more operations has failed.
161    END
162
163
164Get Concurrent CSR Requests From Multiple Admin Users
165    [Documentation]  Get multiple concurrent csr requests from multiple admins and verify no errors.
166    [Tags]  Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users
167
168    FOR  ${i}  IN RANGE  ${5}
169        ${dict}=  Execute Process Multi Keyword  ${5}
170        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
171        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
172        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
173        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
174        Dictionary Should Not Contain Value  ${dict}  False
175        ...  msg=One or more operations has failed.
176    END
177
178
179Get Concurrent Corrupted CSR Requests From Multiple Admin Users
180    [Documentation]  Get multiple concurrent corrupted csr requests from multiple admins and verify no errors.
181    [Tags]  Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users
182
183    FOR  ${i}  IN RANGE  ${5}
184        ${dict}=  Execute Process Multi Keyword  ${5}
185        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
186        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
187        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
188        Dictionary Should Not Contain Value  ${dict}  False
189        ...  msg=One or more operations has failed.
190    END
191
192
193*** Comments ***
194
195Get Concurrent Root Certificate Request From Operator Users
196    [Documentation]  Get multiple concurrent root certificate from non admin users and verify no errors.
197    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Operator_Users
198
199    FOR  ${i}  IN RANGE  ${5}
200        ${dict}=  Execute Process Multi Keyword  ${5}
201        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
202        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
203        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
204        Dictionary Should Not Contain Value  ${dict}  False
205        ...  msg=One or more operations has failed.
206    END
207
208
209*** Test Cases ***
210
211Get Concurrent Root Certificate Request From Admin And Non Admin Users
212    [Documentation]  Get multiple concurrent root certificate from admin and non admin users
213    ...  and verify no errors.
214    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users
215
216    FOR  ${i}  IN RANGE  ${5}
217        ${dict}=  Execute Process Multi Keyword  ${5}
218        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
219        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
220        Dictionary Should Not Contain Value  ${dict}  False
221        ...  msg=One or more operations has failed.
222    END
223
224
225*** Comments ***
226
227Get Concurrent Root Certificate Request From Different Non Admin Users
228    [Documentation]  Get multiple concurrent root certificate from different non admin users
229    ...  and verify no errors.
230    [Tags]  Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users
231
232    FOR  ${i}  IN RANGE  ${5}
233        ${dict}=  Execute Process Multi Keyword  ${5}
234        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
235        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
236        ...  Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
237        Dictionary Should Not Contain Value  ${dict}  False
238        ...  msg=One or more operations has failed.
239    END
240
241
242Get Concurrent CSR Request From Operator Users
243    [Documentation]  Get multiple concurrent csr request from non admin users and verify no errors.
244    [Tags]  Get_Concurrent_CSR_Request_From_Operator_Users
245
246    FOR  ${i}  IN RANGE  ${5}
247        ${dict}=  Execute Process Multi Keyword  ${5}
248        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
249        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
250        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
251        Dictionary Should Not Contain Value  ${dict}  False
252        ...  msg=One or more operations has failed.
253    END
254
255
256*** Test Cases ***
257
258Get Root Certificate And Send CSR Request Concurrently And Verify
259    [Documentation]  Get root certificate and send csr request concurrently and
260    ...  verify gets root and signed certificate.
261    [Tags]  Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify
262
263    FOR  ${i}  IN RANGE  ${5}
264        ${dict}=  Execute Process Multi Keyword  ${5}
265        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
266        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
267        Dictionary Should Not Contain Value  ${dict}  False
268        ...  msg=One or more operations has failed.
269    END
270
271
272Get Concurrent Root Certificate And Send CSR Request And Verify
273    [Documentation]  Get concurrent root certificate and send csr request
274    ...  and verify gets root certificate and signed certificate.
275    [Tags]  Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify
276
277    FOR  ${i}  IN RANGE  ${5}
278        ${dict}=  Execute Process Multi Keyword  ${5}
279        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
280        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
281        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
282        Dictionary Should Not Contain Value  ${dict}  False
283        ...  msg=One or more operations has failed.
284    END
285
286
287Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify
288    [Documentation]  Get root certificate and send multiple csr requests concurrently and
289    ...  verify gets root certificate and signed certificates.
290    [Tags]  Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify
291
292    FOR  ${i}  IN RANGE  ${5}
293        ${dict}=  Execute Process Multi Keyword  ${5}
294        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
295        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
296        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
297        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
298        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
299        Dictionary Should Not Contain Value  ${dict}  False
300        ...  msg=One or more operations has failed.
301    END
302
303
304Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify
305    [Documentation]  Get root certificate and send multiple corrupted csr requests concurrently and
306    ...  verify gets root certificate and error for corrupted csr requests.
307    [Tags]  Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify
308
309    FOR  ${i}  IN RANGE  ${5}
310        ${dict}=  Execute Process Multi Keyword  ${5}
311        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
312        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
313        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
314        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
315        Dictionary Should Not Contain Value  ${dict}  False
316        ...  msg=One or more operations has failed.
317    END
318
319
320Send Concurrent CSR Request And Corrupted CSR Request And Verify
321    [Documentation]  Send concurrent csr request and corrupted csr request
322    ...  and verify gets certificate for valid csr and error for corrupted csr.
323    [Tags]  Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify
324
325    FOR  ${i}  IN RANGE  ${5}
326        ${dict}=  Execute Process Multi Keyword  ${5}
327        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
328        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
329        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
330        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
331        Dictionary Should Not Contain Value  ${dict}  False
332        ...  msg=One or more operations has failed.
333    END
334
335
336Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify
337    [Documentation]  Get root certificate send csr and corrupted csr requests concurrently and
338    ...  verify gets root certificate and certificate for valid csr and error for corrupted csr.
339    [Tags]  Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify
340
341    FOR  ${i}  IN RANGE  ${5}
342        ${dict}=  Execute Process Multi Keyword  ${5}
343        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
344        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
345        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
346        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
347        Dictionary Should Not Contain Value  ${dict}  False
348        ...  msg=One or more operations has failed.
349    END
350
351
352Send Concurrent CSR Request From Admin And Non Admin Users And Verify
353    [Documentation]  Send concurrent csr requests from admin and non-admin users and verify
354    ...  admin gets certificate and non-admin gets error.
355    [Tags]  Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify
356
357    FOR  ${i}  IN RANGE  ${5}
358        ${dict}=  Execute Process Multi Keyword  ${5}
359        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
360        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
361        Dictionary Should Not Contain Value  ${dict}  False
362        ...  msg=One or more operations has failed.
363    END
364
365
366*** Comments ***
367
368Send Concurrent CSR Request From Non Admin Users And Verify
369    [Documentation]  Send concurrent csr request from non admin users
370    ...  and verify gets error.
371    [Tags]  Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify
372
373    FOR  ${i}  IN RANGE  ${5}
374        ${dict}=  Execute Process Multi Keyword  ${5}
375        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
376        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
377        ...  Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
378        Dictionary Should Not Contain Value  ${dict}  False
379        ...  msg=One or more operations has failed.
380    END
381
382
383Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently
384    [Documentation]  Get root certificate and send corrupted csr request from admin and
385    ...  csr from operator concurrently and verify gets root certificate and errors for corrupted
386    ...  and for operator.
387    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently
388
389    FOR  ${i}  IN RANGE  ${5}
390        ${dict}=  Execute Process Multi Keyword  ${5}
391        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
392        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
393        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
394        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
395        Dictionary Should Not Contain Value  ${dict}  False
396        ...  msg=One or more operations has failed.
397    END
398
399
400Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently
401    [Documentation]  Get root certificate from operator and send corrupted csr request
402    ...  and csr from admin and verify errors for operator and corrupted csr and signed certificate
403    ...  for valid csr.
404    [Tags]  Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently
405
406    FOR  ${i}  IN RANGE  ${5}
407        ${dict}=  Execute Process Multi Keyword  ${5}
408        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
409        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
410        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
411        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
412        Dictionary Should Not Contain Value  ${dict}  False
413        ...  msg=One or more operations has failed.
414    END
415
416
417Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently
418    [Documentation]  Get root certificate from operator and admin and
419    ...  and send csr request from admin concurrently and verify error for operator
420    ...  and admin gets root and signed certificate.
421    [Tags]  Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently
422
423    FOR  ${i}  IN RANGE  ${5}
424        ${dict}=  Execute Process Multi Keyword  ${5}
425        ...  Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
426        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
427        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
428        Dictionary Should Not Contain Value  ${dict}  False
429        ...  msg=One or more operations has failed.
430    END
431
432
433Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify
434    [Documentation]  Send csr request from admin and operator and corrupted
435    ...  csr request from admin and verify gets signed certificate for valid csr for admin
436    ...  gets error for operator and error for corrupted csr.
437    [Tags]  Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify
438
439    FOR  ${i}  IN RANGE  ${5}
440        ${dict}=  Execute Process Multi Keyword  ${5}
441        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
442        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
443        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
444        Dictionary Should Not Contain Value  ${dict}  False
445        ...  msg=One or more operations has failed.
446    END
447
448
449Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify
450    [Documentation]  Send corrupted csr request from admin and operator and csr request
451    ...  from admin concurrently and verify errors for corrupted csr and gets signed certificate
452    ...  for valid csr from admin.
453    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify
454
455    FOR  ${i}  IN RANGE  ${5}
456        ${dict}=  Execute Process Multi Keyword  ${5}
457        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
458        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
459        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
460        Dictionary Should Not Contain Value  ${dict}  False
461        ...  msg=One or more operations has failed.
462    END
463
464
465Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify
466    [Documentation]  Send corrupted csr requests from admin and operator and
467    ...  verify gets error.
468    [Tags]  Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify
469
470    FOR  ${i}  IN RANGE  ${5}
471        ${dict}=  Execute Process Multi Keyword  ${5}
472        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
473        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
474        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
475        Dictionary Should Not Contain Value  ${dict}  False
476        ...  msg=One or more operations has failed.
477    END
478
479
480*** Test Cases ***
481
482Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify
483    [Documentation]  Get root certificate from admin and csr requests from
484    ...  non admin users concurrently and verify gets root certificate for admin and
485    ...  errors for non-admins.
486    [Tags]  Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
487
488    FOR  ${i}  IN RANGE  ${5}
489        ${dict}=  Execute Process Multi Keyword  ${5}
490        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
491        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
492        Dictionary Should Not Contain Value  ${dict}  False
493        ...  msg=One or more operations has failed.
494    END
495
496
497Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify
498    [Documentation]  Get root certificate and send csr requests from non admin
499    ...  users and verify gets errors.
500    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
501
502    FOR  ${i}  IN RANGE  ${5}
503        ${dict}=  Execute Process Multi Keyword  ${5}
504        ...  Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
505        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
506        Dictionary Should Not Contain Value  ${dict}  False
507        ...  msg=One or more operations has failed.
508    END
509
510
511Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify
512    [Documentation]  Send corrupted csr request from admin and csr request from non admin
513    ...  users concurrently and verify gets errors.
514    [Tags]  Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify
515
516    FOR  ${i}  IN RANGE  ${5}
517        ${dict}=  Execute Process Multi Keyword  ${5}
518        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
519        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
520        Dictionary Should Not Contain Value  ${dict}  False
521        ...  msg=One or more operations has failed.
522    END
523
524
525Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify
526    [Documentation]  Send csr and corrupted csr request from non admin users
527    ...  and verify gets errors.
528    [Tags]  Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify
529
530    FOR  ${i}  IN RANGE  ${5}
531        ${dict}=  Execute Process Multi Keyword  ${5}
532        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
533        ...  Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
534        Dictionary Should Not Contain Value  ${dict}  False
535        ...  msg=One or more operations has failed.
536    END
537
538
539*** Comments ***
540
541Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify
542    [Documentation]  Get root certificate from admin and send csr requests
543    ...  from admin and operator concurrently and verify gets root certificate
544    ...  and signed certificate and gets error for operator.
545    [Tags]  Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify
546
547    FOR  ${i}  IN RANGE  ${5}
548        ${dict}=  Execute Process Multi Keyword  ${5}
549        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
550        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
551        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
552        Dictionary Should Not Contain Value  ${dict}  False
553        ...  msg=One or more operations has failed.
554    END
555
556
557Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify
558    [Documentation]  Get root certificate from admin and send corrupted csr requests
559    ...  from admin and operator concurrently and verify gets root certificate and errors
560    ...  for corrupted csr.
561    [Tags]  Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify
562
563    FOR  ${i}  IN RANGE  ${5}
564        ${dict}=  Execute Process Multi Keyword  ${5}
565        ...  Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
566        ...  Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST}
567        ...  Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN}
568        Dictionary Should Not Contain Value  ${dict}  False
569        ...  msg=One or more operations has failed.
570    END
571
572
573*** Keywords ***
574
575Generate CSR String
576    [Documentation]  Generate a csr string.
577
578    # Note: Generates and returns csr string.
579    ${csr_gen_time} =  Get Current Date Time
580    ${CSR_FILE}=  Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.csr
581    ${CSR_KEY}=   Catenate  SEPARATOR=_  ${csr_gen_time}  csr_server.key
582    Set Test Variable  ${CSR_FILE}
583    Set Test Variable  ${CSR_KEY}
584    ${ssl_cmd}=  Set Variable  openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
585    ${ssl_sub}=  Set Variable
586    ...  -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
587
588    # Run openssl command to create a new private key and use that to generate a CSR string
589    # in server.csr file.
590    ${output}=  Run  ${ssl_cmd} ${ssl_sub}
591    ${csr}=  OperatingSystem.Get File  ${CSR_FILE}
592
593    RETURN  ${csr}
594
595
596Send CSR To VMI And Get Signed
597    [Documentation]  Upload CSR to VMI and get signed.
598    [Arguments]  ${csr}  ${force_create}  ${username}  ${password}  ${read_timeout}
599
600    # Description of argument(s):
601    # csr                    Certificate request from client to VMI.
602    # force_create           Create a new REST session if True.
603    # username               Username to create a REST session.
604    # password               Password to create a REST session.
605
606    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
607    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
608
609    ${data}=  Create Dictionary
610    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
611    ...  Content-Type=application/json
612
613    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Actions/SignCSR
614
615    # For SignCSR request, we need to pass CSR string generated by openssl command.
616    ${csr_data}=  Create Dictionary  CsrString  ${csr}
617
618    ${resp}=  POST On Session  openbmc  ${cert_uri}  json=${csr_data}  headers=${headers}
619    ...  timeout=${read_timeout}  expected_status=any
620    Log to console  ${resp.content}
621
622    RETURN  ${resp}
623
624
625Get Root Certificate
626    [Documentation]  Get root certificate from VMI.
627    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
628    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
629
630    # Description of argument(s):
631    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
632    # username           Username to create a REST session.
633    # password           Password to create a REST session.
634    # force_create       Create a new REST session if True.
635    # valid_csr          Uses valid CSR string in the REST request if True.
636    #                    This is not applicable for root certificate.
637    # valid_status_code  Expected status code from REST request.
638
639    Run Keyword If  "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
640    ...  Initialize OpenBMC  rest_username=${username}  rest_password=${password}
641
642    ${data}=  Create Dictionary
643    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
644    ...  Content-Type=application/json
645
646    ${cert_uri}=  Set Variable  ${VMI_BASE_URI}Host/Certificate/root
647
648    ${resp}=  GET On Session  openbmc  ${cert_uri}  &{data}  headers=${headers}
649    ...  expected_status=any
650
651    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
652    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
653
654    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
655    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
656    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
657
658
659Get Subject
660    [Documentation]  Generate a csr string.
661    [Arguments]  ${file_name}  ${is_csr_file}
662
663    # Description of argument(s):
664    # file_name          Name of CSR or signed CERT file.
665    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
666
667    ${subject}=  Run Keyword If  ${is_csr_file}
668    ...     Run  openssl req -in ${file_name} -text -noout | grep Subject:
669    ...   ELSE
670    ...     Run  openssl x509 -in ${file_name} -text -noout | grep Subject:
671
672    RETURN  ${subject}
673
674
675Get Public Key
676    [Documentation]  Generate a csr string.
677    [Arguments]  ${file_name}  ${is_csr_file}
678
679    # Description of argument(s):
680    # file_name          Name of CSR or CERT file.
681    # is_csr_file        A True value means a CSR while a False is for signed CERT file.
682
683    ${PublicKey}=  Run Keyword If  ${is_csr_file}  Run  openssl req -in ${file_name} -noout -pubkey
684    ...   ELSE  Run  openssl x509 -in ${file_name} -noout -pubkey
685
686    RETURN  ${PublicKey}
687
688
689Get Certificate Signed By VMI
690    [Documentation]  Get signed certificate from VMI.
691    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
692    ...  ${force_create}=${False}  ${valid_csr}=${True}  ${valid_status_code}=${HTTP_OK}
693    ...  ${read_timeout}=20
694
695    # Description of argument(s):
696    # cert_type          Type of the certificate requesting. eg. root or SignCSR.
697    # username           Username to create a REST session.
698    # password           Password to create a REST session.
699    # force_create       Create a new REST session if True.
700    # valid_csr          Uses valid CSR string in the REST request if True.
701    #                    This is not applicable for root certificate.
702    # valid_status_code  Expected status code from REST request.
703
704    Set Test Variable  ${CSR}  CSR
705    Set Test Variable  ${CORRUPTED_CSR}  CORRUPTED_CSR
706
707    ${CSR}=  Generate CSR String
708    ${csr_left}  ${csr_right}=  Split String From Right  ${CSR}  ==  1
709    ${CORRUPTED_CSR}=  Catenate  SEPARATOR=  ${csr_left}  \N  ${csr_right}
710
711    # For SignCSR request, we need to pass CSR string generated by openssl command
712    ${csr_str}=  Set Variable If  ${valid_csr} == ${True}  ${CSR}  ${CORRUPTED_CSR}
713
714    ${resp}=  Send CSR To VMI And Get Signed  ${csr_str}  ${force_create}  ${username}  ${password}
715    ...  ${read_timeout}
716
717    Should Be Equal As Strings  ${resp.status_code}  ${valid_status_code}
718    Return From Keyword If  ${resp.status_code} != ${HTTP_OK}
719
720    ${cert}=  Evaluate  json.loads('''${resp.text}''', strict=False)  json
721    Should Contain  ${cert["Certificate"]}  BEGIN CERTIFICATE
722    Should Contain  ${cert["Certificate"]}  END CERTIFICATE
723
724    # Now do subject and public key verification
725    ${subject_csr}=  Get Subject  ${CSR_FILE}  True
726    ${pubKey_csr}=  Get Public Key  ${CSR_FILE}  True
727
728    # create a crt file with certificate string
729    ${signed_cert}=  Set Variable  ${cert["Certificate"]}
730    ${testcert_gen_time} =  Get Current Date Time
731    ${test_cert_file}=   Catenate  SEPARATOR=_  ${testcert_gen_time}  test_certificate.cert
732
733    Create File  ${test_cert_file}  ${signed_cert}
734    ${subject_signed_csr}=  Get Subject   ${test_cert_file}  False
735    ${pubKey_signed_csr}=  Get Public Key  ${test_cert_file}  False
736
737    Should be equal as strings    ${subject_signed_csr}    ${subject_csr}
738    Should be equal as strings    ${pubKey_signed_csr}     ${pubKey_csr}
739
740
741Suite Setup Execution
742    [Documentation]  Suite setup execution.
743
744    Remove Files  *.csr  *.key  *.cert
745    # Create different user accounts.
746    Redfish.Login
747
748    Redfish Power Off
749    Set BIOS Attribute  pvm_hmc_managed  Enabled
750
751    Redfish Power On
752    Wait For Host Boot Progress To Reach Required State
753    Create Users With Different Roles  users=${USERS}  force=${True}
754
755
756Suite Teardown Execution
757    [Documentation]  Suite teardown execution.
758
759    Remove Files  *.csr  *.key  *.cert
760    Delete BMC Users Via Redfish  users=${USERS}
761    Delete All Sessions
762    Redfish.Logout
763