1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Resource ../../lib/resource.robot 6Resource ../../lib/bmc_redfish_resource.robot 7Resource ../../lib/openbmc_ffdc.robot 8Resource ../../lib/bmc_redfish_utils.robot 9Resource ../../lib/utils.robot 10 11Suite Setup Suite Setup Execution 12Test Teardown FFDC On Test Case Fail 13Suite Teardown Suite Teardown Execution 14 15 16*** Variables *** 17 18# users User Name password 19@{ADMIN} admin_user TestPwd123 20@{OPERATOR} operator_user TestPwd123 21&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} 22${VMI_BASE_URI} /ibm/v1/ 23${CSR_FILE} csr_server.csr 24${CSR_KEY} csr_server.key 25 26*** Test Cases *** 27 28Get CSR Request Signed By VMI And Verify 29 [Documentation] Get CSR request signed by VMI using different user roles and verify. 30 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 31 [Template] Get Certificate Signed By VMI 32 33 # username password force_create valid_csr valid_status_code 34 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 35 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 36 37 38Get Root Certificate Using Different Privilege Users Roles 39 [Documentation] Get root certificate using different users. 40 [Tags] Get_Root_Certificate_Using_Different_Users 41 [Template] Get Root Certificate 42 43 # username password force_create valid_csr valid_status_code 44 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 45 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 46 47 48*** Keywords *** 49 50Generate CSR String 51 [Documentation] Generate a csr string. 52 53 # Note: Generates and returns csr string. 54 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 55 ${ssl_sub}= Set Variable 56 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 57 58 # Run openssl command to create a new private key and use that to generate a CSR string 59 # in server.csr file. 60 ${output}= Run ${ssl_cmd} ${ssl_sub} 61 ${csr}= OperatingSystem.Get File server.csr 62 63 [Return] ${csr} 64 65 66Send CSR To VMI And Get Signed 67 [Arguments] ${csr} ${force_create} ${username} ${password} 68 69 # Description of argument(s): 70 # csr Certificate request from client to VMI. 71 # force_create Create a new REST session if True. 72 # username Username to create a REST session. 73 # password Password to create a REST session. 74 75 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 76 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 77 78 ${data}= Create Dictionary 79 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 80 ... Content-Type=application/json 81 82 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 83 84 # For SignCSR request, we need to pass CSR string generated by openssl command. 85 ${csr_data}= Create Dictionary CsrString ${csr} 86 Set To Dictionary ${data} data ${csr_data} 87 88 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers} 89 90 [Return] ${resp} 91 92 93Get Root Certificate 94 [Documentation] Get root certificate from VMI. 95 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 96 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 97 98 # Description of argument(s): 99 # cert_type Type of the certificate requesting. eg. root or SignCSR. 100 # username Username to create a REST session. 101 # password Password to create a REST session. 102 # force_create Create a new REST session if True. 103 # valid_csr Uses valid CSR string in the REST request if True. 104 # This is not applicable for root certificate. 105 # valid_status_code Expected status code from REST request. 106 107 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 108 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 109 110 ${data}= Create Dictionary 111 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 112 ... Content-Type=application/json 113 114 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 115 116 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers} 117 118 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 119 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 120 121 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 122 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 123 Should Contain ${cert["Certificate"]} END CERTIFICATE 124 125 126Get Subject 127 [Documentation] Generate a csr string. 128 [Arguments] ${file_name} ${is_csr_file} 129 130 # Description of argument(s): 131 # file_name Name of CSR or signed CERT file. 132 # is_csr_file A True value means a CSR while a False is for signed CERT file. 133 134 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject: 135 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject: 136 137 [Return] ${subject} 138 139 140Get Public Key 141 [Documentation] Generate a csr string. 142 [Arguments] ${file_name} ${is_csr_file} 143 144 # Description of argument(s): 145 # file_name Name of CSR or CERT file. 146 # is_csr_file A True value means a CSR while a False is for signed CERT file. 147 148 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey 149 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey 150 151 [Return] ${PublicKey} 152 153 154Get Certificate Signed By VMI 155 [Documentation] Get signed certificate from VMI. 156 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 157 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 158 159 # Description of argument(s): 160 # cert_type Type of the certificate requesting. eg. root or SignCSR. 161 # username Username to create a REST session. 162 # password Password to create a REST session. 163 # force_create Create a new REST session if True. 164 # valid_csr Uses valid CSR string in the REST request if True. 165 # This is not applicable for root certificate. 166 # valid_status_code Expected status code from REST request. 167 168 Set Test Variable ${CSR} CSR 169 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 170 171 ${CSR}= Generate CSR String 172 173 # For SignCSR request, we need to pass CSR string generated by openssl command 174 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 175 176 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 177 178 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 179 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 180 181 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 182 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 183 Should Contain ${cert["Certificate"]} END CERTIFICATE 184 185 # Now do subject and public key verification 186 ${subject_csr}= Get Subject ${CSR_FILE} True 187 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 188 189 # create a crt file with certificate string 190 ${signed_cert}= Set Variable ${cert["Certificate"]} 191 192 Create File test_certificate.crt ${signed_cert} 193 ${subject_signed_csr}= Get Subject test_certificate.crt False 194 ${pubKey_signed_csr}= Get Public Key test_certificate.crt False 195 196 Should be equal as strings ${subject_signed_csr} ${subject_csr} 197 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 198 199 200Suite Setup Execution 201 [Documentation] Suite setup execution. 202 203 # Create different user accounts. 204 Redfish.Login 205 Create Users With Different Roles users=${USERS} force=${True} 206 207 208Suite Teardown Execution 209 [Documentation] Suite teardown execution. 210 211 Delete BMC Users Via Redfish users=${USERS} 212 Delete All Sessions 213 Redfish.Logout 214