1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Library ../../lib/jobs_processing.py 6Resource ../../lib/resource.robot 7Resource ../../lib/bmc_redfish_resource.robot 8Resource ../../lib/openbmc_ffdc.robot 9Resource ../../lib/bmc_redfish_utils.robot 10Resource ../../lib/utils.robot 11 12Suite Setup Suite Setup Execution 13Test Teardown FFDC On Test Case Fail 14Suite Teardown Suite Teardown Execution 15 16 17*** Variables *** 18 19# users User Name password 20@{ADMIN} admin_user TestPwd123 21@{OPERATOR} operator_user TestPwd123 22@{ReadOnly} readonly_user TestPwd123 23@{NoAccess} noaccess_user TestPwd123 24&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly} 25... NoAccess=${NoAccess} 26${VMI_BASE_URI} /ibm/v1/ 27 28 29*** Test Cases *** 30 31Get CSR Request Signed By VMI And Verify 32 [Documentation] Get CSR request signed by VMI using different user roles and verify. 33 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 34 [Setup] Redfish Power On 35 [Template] Get Certificate Signed By VMI 36 37 # username password force_create valid_csr valid_status_code 38 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 39 40 # Send CSR request from operator user. 41 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 42 43 # Send CSR request from ReadOnly user. 44 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 45 46 # Send CSR request from NoAccess user. 47 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 48 49 50Get Root Certificate Using Different Privilege Users Roles 51 [Documentation] Get root certificate using different users. 52 [Tags] Get_Root_Certificate_Using_Different_Users 53 [Setup] Redfish Power On 54 [Template] Get Root Certificate 55 56 # username password force_create valid_csr valid_status_code 57 # Request root certificate from admin user. 58 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 59 60 # Request root certificate from operator user. 61 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 62 63 # Request root certificate from ReadOnly user. 64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 65 66 # Request root certificate from NoAccess user. 67 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 68 69 70Send CSR Request When VMI Is Off And Verify 71 [Documentation] Send CSR signing request to VMI when it is off and expect an error. 72 [Tags] Get_CSR_Request_When_VMI_Is_Off_And_verify 73 [Setup] Redfish Power Off 74 [Template] Get Certificate Signed By VMI 75 76 # username password force_create valid_csr valid_status_code 77 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_INTERNAL_SERVER_ERROR} 78 79 # Send CSR request from operator user. 80 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 81 82 # Send CSR request from ReadOnly user. 83 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 84 85 # Send CSR request from NoAccess user. 86 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 87 88Get Corrupted CSR Request Signed By VMI And Verify 89 [Documentation] Send corrupted CSR for signing and expect an error. 90 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify 91 [Setup] Redfish Power On 92 [Template] Get Certificate Signed By VMI 93 94 # username password force_create valid_csr valid_status_code 95 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 96 97 # Send CSR request from operator user. 98 operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 99 100 # Send CSR request from ReadOnly user. 101 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 102 103 # Send CSR request from NoAccess user. 104 noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 105 106Get Root Certificate When VMI Is Off And Verify 107 [Documentation] Get root certificate when vmi is off and verify. 108 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify 109 [Setup] Redfish Power Off 110 [Template] Get Root Certificate 111 112 # username password force_create valid_csr valid_status_code 113 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 114 115 # Request root certificate from operator user. 116 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 117 118 # Request root certificate from ReadOnly user. 119 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 120 121 # Request root certificate from NoAccess user. 122 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 123 124 125Get Root Certificate After BMC Reboot And Verify 126 [Documentation] Get root certificate after bmc reboot and verify. 127 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify 128 [Setup] Run Keywords OBMC Reboot (off) AND Redfish Power On 129 [Template] Get Root Certificate 130 131 # username password force_create valid_csr valid_status_code 132 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 133 134 # Request root certificate from operator user. 135 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 136 137 # Request root certificate from ReadOnly user. 138 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 139 140 # Request root certificate from NoAccess user. 141 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 142 143Get Concurrent Root Certificate Requests From Multiple Admin Users 144 [Documentation] Get multiple concurrent root certificate requests from multiple admins 145 ... and verify no errors. 146 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users 147 148 FOR ${i} IN RANGE ${5} 149 ${dict}= Execute Process Multi Keyword ${5} 150 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 151 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 152 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 153 Dictionary Should Not Contain Value ${dict} False 154 ... msg=One or more operations has failed. 155 END 156 157Get Concurrent CSR Requests From Multiple Admin Users 158 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. 159 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users 160 161 FOR ${i} IN RANGE ${5} 162 ${dict}= Execute Process Multi Keyword ${5} 163 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 164 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 165 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 166 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 167 Dictionary Should Not Contain Value ${dict} False 168 ... msg=One or more operations has failed. 169 END 170 171Get Concurrent Corrupted CSR Requests From Multiple Admin Users 172 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. 173 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users 174 175 FOR ${i} IN RANGE ${5} 176 ${dict}= Execute Process Multi Keyword ${5} 177 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 178 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 179 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 180 Dictionary Should Not Contain Value ${dict} False 181 ... msg=One or more operations has failed. 182 END 183 184Get Concurrent Root Certificate Request From Operator Users 185 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. 186 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users 187 188 FOR ${i} IN RANGE ${5} 189 ${dict}= Execute Process Multi Keyword ${5} 190 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 191 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 192 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 193 Dictionary Should Not Contain Value ${dict} False 194 ... msg=One or more operations has failed. 195 END 196 197Get Concurrent Root Certificate Request From Admin And Non Admin Users 198 [Documentation] Get multiple concurrent root certificate from admin and non admin users 199 ... and verify no errors. 200 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users 201 202 FOR ${i} IN RANGE ${5} 203 ${dict}= Execute Process Multi Keyword ${5} 204 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 205 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 206 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 207 Dictionary Should Not Contain Value ${dict} False 208 ... msg=One or more operations has failed. 209 END 210 211Get Concurrent Root Certificate Request From Different Non Admin Users 212 [Documentation] Get multiple concurrent root certificate from different non admin users 213 ... and verify no errors. 214 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users 215 216 FOR ${i} IN RANGE ${5} 217 ${dict}= Execute Process Multi Keyword ${5} 218 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 219 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 220 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 221 Dictionary Should Not Contain Value ${dict} False 222 ... msg=One or more operations has failed. 223 END 224 225Get Concurrent CSR Request From Operator Users 226 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. 227 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users 228 229 FOR ${i} IN RANGE ${5} 230 ${dict}= Execute Process Multi Keyword ${5} 231 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 232 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 233 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 234 Dictionary Should Not Contain Value ${dict} False 235 ... msg=One or more operations has failed. 236 END 237 238Get Root Certificate And Send CSR Request Concurrently And Verify 239 [Documentation] Get root certificate and send csr request concurrently and 240 ... verify gets root and signed certificate. 241 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify 242 243 FOR ${i} IN RANGE ${5} 244 ${dict}= Execute Process Multi Keyword ${5} 245 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 246 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 247 Dictionary Should Not Contain Value ${dict} False 248 ... msg=One or more operations has failed. 249 END 250 251Get Concurrent Root Certificate And Send CSR Request And Verify 252 [Documentation] Get concurrent root certificate and send csr request 253 ... and verify gets root certificate and signed certificate. 254 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify 255 256 FOR ${i} IN RANGE ${5} 257 ${dict}= Execute Process Multi Keyword ${5} 258 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 259 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 260 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 261 Dictionary Should Not Contain Value ${dict} False 262 ... msg=One or more operations has failed. 263 END 264 265Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify 266 [Documentation] Get root certificate and send multiple csr requests concurrently and 267 ... verify gets root certificate and signed certificates. 268 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify 269 270 FOR ${i} IN RANGE ${5} 271 ${dict}= Execute Process Multi Keyword ${5} 272 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 273 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 274 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 275 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 276 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 277 Dictionary Should Not Contain Value ${dict} False 278 ... msg=One or more operations has failed. 279 END 280 281Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify 282 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and 283 ... verify gets root certificate and error for corrupted csr requests. 284 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify 285 286 FOR ${i} IN RANGE ${5} 287 ${dict}= Execute Process Multi Keyword ${5} 288 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 289 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 290 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 291 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 292 Dictionary Should Not Contain Value ${dict} False 293 ... msg=One or more operations has failed. 294 END 295 296Send Concurrent CSR Request And Corrupted CSR Request And Verify 297 [Documentation] Send concurrent csr request and corrupted csr request 298 ... and verify gets certificate for valid csr and error for corrupted csr. 299 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify 300 301 FOR ${i} IN RANGE ${5} 302 ${dict}= Execute Process Multi Keyword ${5} 303 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 304 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 305 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 306 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 307 Dictionary Should Not Contain Value ${dict} False 308 ... msg=One or more operations has failed. 309 END 310 311Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify 312 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and 313 ... verify gets root certificate and certificate for valid csr and error for corrupted csr. 314 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify 315 316 FOR ${i} IN RANGE ${5} 317 ${dict}= Execute Process Multi Keyword ${5} 318 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 319 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 320 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 321 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 322 Dictionary Should Not Contain Value ${dict} False 323 ... msg=One or more operations has failed. 324 END 325 326Send Concurrent CSR Request From Admin And Non Admin Users And Verify 327 [Documentation] Send concurrent csr requests from admin and non-admin users and verify 328 ... admin gets certificate and non-admin gets error. 329 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify 330 331 FOR ${i} IN RANGE ${5} 332 ${dict}= Execute Process Multi Keyword ${5} 333 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 334 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 335 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 336 Dictionary Should Not Contain Value ${dict} False 337 ... msg=One or more operations has failed. 338 END 339 340Send Concurrent CSR Request From Non Admin Users And Verify 341 [Documentation] Send concurrent csr request from non admin users 342 ... and verify gets error. 343 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify 344 345 FOR ${i} IN RANGE ${5} 346 ${dict}= Execute Process Multi Keyword ${5} 347 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 348 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 349 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 350 Dictionary Should Not Contain Value ${dict} False 351 ... msg=One or more operations has failed. 352 END 353 354Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently 355 [Documentation] Get root certificate and send corrupted csr request from admin and 356 ... csr from operator concurrently and verify gets root certificate and errors for corrupted 357 ... and for operator. 358 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently 359 360 FOR ${i} IN RANGE ${5} 361 ${dict}= Execute Process Multi Keyword ${5} 362 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 363 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 364 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 365 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 366 Dictionary Should Not Contain Value ${dict} False 367 ... msg=One or more operations has failed. 368 END 369 370Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently 371 [Documentation] Get root certificate from operator and send corrupted csr request 372 ... and csr from admin and verify errors for operator and corrupted csr and signed certificate 373 ... for valid csr. 374 [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently 375 376 FOR ${i} IN RANGE ${5} 377 ${dict}= Execute Process Multi Keyword ${5} 378 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 379 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 380 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 381 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 382 Dictionary Should Not Contain Value ${dict} False 383 ... msg=One or more operations has failed. 384 END 385 386 387Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently 388 [Documentation] Get root certificate from operator and admin and 389 ... and send csr request from admin concurrently and verify error for operator 390 ... and admin gets root and signed certificate. 391 [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently 392 393 FOR ${i} IN RANGE ${5} 394 ${dict}= Execute Process Multi Keyword ${5} 395 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 396 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 397 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 398 Dictionary Should Not Contain Value ${dict} False 399 ... msg=One or more operations has failed. 400 END 401 402*** Keywords *** 403 404Generate CSR String 405 [Documentation] Generate a csr string. 406 407 # Note: Generates and returns csr string. 408 ${csr_gen_time} = Get Current Date Time 409 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr 410 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key 411 Set Test Variable ${CSR_FILE} 412 Set Test Variable ${CSR_KEY} 413 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 414 ${ssl_sub}= Set Variable 415 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 416 417 # Run openssl command to create a new private key and use that to generate a CSR string 418 # in server.csr file. 419 ${output}= Run ${ssl_cmd} ${ssl_sub} 420 ${csr}= OperatingSystem.Get File ${CSR_FILE} 421 422 [Return] ${csr} 423 424 425Send CSR To VMI And Get Signed 426 [Documentation] Upload CSR to VMI and get signed. 427 [Arguments] ${csr} ${force_create} ${username} ${password} 428 429 # Description of argument(s): 430 # csr Certificate request from client to VMI. 431 # force_create Create a new REST session if True. 432 # username Username to create a REST session. 433 # password Password to create a REST session. 434 435 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 436 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 437 438 ${data}= Create Dictionary 439 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 440 ... Content-Type=application/json 441 442 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 443 444 # For SignCSR request, we need to pass CSR string generated by openssl command. 445 ${csr_data}= Create Dictionary CsrString ${csr} 446 Set To Dictionary ${data} data ${csr_data} 447 448 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers} 449 Log to console ${resp.content} 450 451 [Return] ${resp} 452 453 454Get Root Certificate 455 [Documentation] Get root certificate from VMI. 456 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 457 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 458 459 # Description of argument(s): 460 # cert_type Type of the certificate requesting. eg. root or SignCSR. 461 # username Username to create a REST session. 462 # password Password to create a REST session. 463 # force_create Create a new REST session if True. 464 # valid_csr Uses valid CSR string in the REST request if True. 465 # This is not applicable for root certificate. 466 # valid_status_code Expected status code from REST request. 467 468 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 469 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 470 471 ${data}= Create Dictionary 472 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 473 ... Content-Type=application/json 474 475 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 476 477 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers} 478 479 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 480 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 481 482 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 483 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 484 Should Contain ${cert["Certificate"]} END CERTIFICATE 485 486 487Get Subject 488 [Documentation] Generate a csr string. 489 [Arguments] ${file_name} ${is_csr_file} 490 491 # Description of argument(s): 492 # file_name Name of CSR or signed CERT file. 493 # is_csr_file A True value means a CSR while a False is for signed CERT file. 494 495 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject: 496 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject: 497 498 [Return] ${subject} 499 500 501Get Public Key 502 [Documentation] Generate a csr string. 503 [Arguments] ${file_name} ${is_csr_file} 504 505 # Description of argument(s): 506 # file_name Name of CSR or CERT file. 507 # is_csr_file A True value means a CSR while a False is for signed CERT file. 508 509 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey 510 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey 511 512 [Return] ${PublicKey} 513 514 515Get Certificate Signed By VMI 516 [Documentation] Get signed certificate from VMI. 517 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 518 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 519 520 # Description of argument(s): 521 # cert_type Type of the certificate requesting. eg. root or SignCSR. 522 # username Username to create a REST session. 523 # password Password to create a REST session. 524 # force_create Create a new REST session if True. 525 # valid_csr Uses valid CSR string in the REST request if True. 526 # This is not applicable for root certificate. 527 # valid_status_code Expected status code from REST request. 528 529 Set Test Variable ${CSR} CSR 530 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 531 532 ${CSR}= Generate CSR String 533 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 534 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} 535 536 # For SignCSR request, we need to pass CSR string generated by openssl command 537 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 538 539 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 540 541 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 542 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 543 544 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 545 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 546 Should Contain ${cert["Certificate"]} END CERTIFICATE 547 548 # Now do subject and public key verification 549 ${subject_csr}= Get Subject ${CSR_FILE} True 550 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 551 552 # create a crt file with certificate string 553 ${signed_cert}= Set Variable ${cert["Certificate"]} 554 ${testcert_gen_time} = Get Current Date Time 555 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert 556 557 Create File ${test_cert_file} ${signed_cert} 558 ${subject_signed_csr}= Get Subject ${test_cert_file} False 559 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False 560 561 Should be equal as strings ${subject_signed_csr} ${subject_csr} 562 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 563 564 565Suite Setup Execution 566 [Documentation] Suite setup execution. 567 568 Remove Files *.csr *.key *.cert 569 # Create different user accounts. 570 Redfish.Login 571 Redfish Power On 572 Create Users With Different Roles users=${USERS} force=${True} 573 574 575Suite Teardown Execution 576 [Documentation] Suite teardown execution. 577 578 Remove Files *.csr *.key *.cert 579 Delete BMC Users Via Redfish users=${USERS} 580 Delete All Sessions 581 Redfish.Logout 582