126d0e837Smanashsarma*** Settings *** 226d0e837Smanashsarma 326d0e837Smanashsarma 426d0e837SmanashsarmaDocumentation Suite to test certificate via DMTF redfishtool. 526d0e837Smanashsarma 626d0e837SmanashsarmaLibrary OperatingSystem 726d0e837SmanashsarmaLibrary String 826d0e837SmanashsarmaLibrary Collections 9fbd67007SGeorge KeishingLibrary JSONLibrary 1026d0e837Smanashsarma 1126d0e837SmanashsarmaResource ../../lib/resource.robot 1226d0e837SmanashsarmaResource ../../lib/bmc_redfish_resource.robot 1326d0e837SmanashsarmaResource ../../lib/openbmc_ffdc.robot 1426d0e837SmanashsarmaResource ../../lib/certificate_utils.robot 15579d8253SmanashsarmaResource ../../lib/dmtf_redfishtool_utils.robot 1626d0e837Smanashsarma 1726d0e837SmanashsarmaSuite Setup Suite Setup Execution 1826d0e837Smanashsarma 19*6fb70d98SMatt FischerTest Tags Redfishtool_Certificate 2026d0e837Smanashsarma 2126d0e837Smanashsarma*** Variables *** 2226d0e837Smanashsarma 2326d0e837Smanashsarma${root_cmd_args} = SEPARATOR= 24d4ba2493SGeorge Keishing... redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always 25e12c8479Smanashsarma${invalid_value} abc 2653ccf4d4Smanashsarma${keybit_length} ${2048} 2726d0e837Smanashsarma 2826d0e837Smanashsarma*** Test Cases *** 2926d0e837Smanashsarma 3026d0e837Smanashsarma 3126d0e837SmanashsarmaVerify Redfishtool Replace Server Certificate Valid CertKey 3226d0e837Smanashsarma [Documentation] Verify replace server certificate. 3326d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey 3426d0e837Smanashsarma 3526d0e837Smanashsarma Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok 3626d0e837Smanashsarma 3726d0e837Smanashsarma 3826d0e837SmanashsarmaVerify Redfishtool Replace Client Certificate Valid CertKey 3926d0e837Smanashsarma [Documentation] Verify replace client certificate. 4026d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey 4126d0e837Smanashsarma 4226d0e837Smanashsarma Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok 4326d0e837Smanashsarma 4426d0e837Smanashsarma 4526d0e837SmanashsarmaVerify Redfishtool Replace CA Certificate Valid Cert 4626d0e837Smanashsarma [Documentation] Verify replace CA certificate. 4726d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert 4826d0e837Smanashsarma 4926d0e837Smanashsarma Verify Redfishtool Replace Certificate CA Valid Certificate ok 5026d0e837Smanashsarma 5126d0e837Smanashsarma 5226d0e837SmanashsarmaVerify Redfishtool Client Certificate Install Valid CertKey 5326d0e837Smanashsarma [Documentation] Verify client certificate installation. 5426d0e837Smanashsarma [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey 5526d0e837Smanashsarma 5626d0e837Smanashsarma Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok 5726d0e837Smanashsarma 5826d0e837Smanashsarma 5926d0e837SmanashsarmaVerify Redfishtool CA Certificate Install Valid Cert 6026d0e837Smanashsarma [Documentation] Verify CA Certificate installation. 6126d0e837Smanashsarma [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert 6226d0e837Smanashsarma 6326d0e837Smanashsarma Verify Redfishtool Install Certificate CA Valid Certificate ok 6426d0e837Smanashsarma 6526d0e837Smanashsarma 6626d0e837SmanashsarmaVerify Redfishtool Replace Server Certificate Errors 6726d0e837Smanashsarma [Documentation] Verify error while replacing invalid server certificate. 6826d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors 6926d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 7026d0e837Smanashsarma 7126d0e837Smanashsarma Server Empty Certificate Empty Privatekey error 7226d0e837Smanashsarma Server Empty Certificate Valid Privatekey error 7326d0e837Smanashsarma Server Valid Certificate Empty Privatekey error 7426d0e837Smanashsarma 7526d0e837Smanashsarma 7626d0e837SmanashsarmaVerify Redfishtool Replace Client Certificate Errors 7726d0e837Smanashsarma [Documentation] Verify error while replacing invalid client certificate. 7826d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors 7926d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 8026d0e837Smanashsarma 8126d0e837Smanashsarma Client Empty Certificate Empty Privatekey error 8226d0e837Smanashsarma Client Empty Certificate Valid Privatekey error 8326d0e837Smanashsarma Client Valid Certificate Empty Privatekey error 8426d0e837Smanashsarma 8526d0e837Smanashsarma 8626d0e837SmanashsarmaVerify Redfishtool Replace CA Certificate Errors 8726d0e837Smanashsarma [Documentation] Verify error while replacing invalid CA certificate. 8826d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors 8926d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 9026d0e837Smanashsarma 9126d0e837Smanashsarma CA Empty Certificate error 9226d0e837Smanashsarma 9326d0e837Smanashsarma 9426d0e837SmanashsarmaVerify Redfishtool Client Certificate Install Errors 9526d0e837Smanashsarma [Documentation] Verify error while installing invalid client certificate. 9626d0e837Smanashsarma [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors 9726d0e837Smanashsarma [Template] Verify Redfishtool Install Certificate 9826d0e837Smanashsarma 9926d0e837Smanashsarma Client Empty Certificate Empty Privatekey error 10026d0e837Smanashsarma Client Empty Certificate Valid Privatekey error 10126d0e837Smanashsarma Client Valid Certificate Empty Privatekey error 10226d0e837Smanashsarma 10326d0e837Smanashsarma 104c0efe585SmanashsarmaVerify Redfishtool CA Certificate Install Errors 105c0efe585Smanashsarma [Documentation] Verify error while installing invalid CA certificate. 106c0efe585Smanashsarma [Tags] Verify_Redfishtool_CA_Certificate_Install_Errors 107c0efe585Smanashsarma [Template] Verify Redfishtool Install Certificate 108c0efe585Smanashsarma 109c0efe585Smanashsarma # cert_type cert_format expected_status 110c0efe585Smanashsarma CA Empty Certificate error 111c0efe585Smanashsarma 112c0efe585Smanashsarma 11316b3c7bfSGeorge KeishingVerify Error While Uploading Same CA Certificate Via Redfishtool 114c0efe585Smanashsarma [Documentation] Verify error while uploading same CA certificate two times. 11516b3c7bfSGeorge Keishing [Tags] Verify_Error_While_Uploading_Same_CA_Certificate_Via_Redfishtool 116c0efe585Smanashsarma 117c0efe585Smanashsarma # Create certificate file for uploading. 118c0efe585Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365 119c0efe585Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 120c0efe585Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 121c0efe585Smanashsarma 122c0efe585Smanashsarma # Install CA certificate. 123c0efe585Smanashsarma Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data} 124c0efe585Smanashsarma 125c0efe585Smanashsarma # Adding delay after certificate installation. 126c0efe585Smanashsarma Sleep 30s 127c0efe585Smanashsarma 128c0efe585Smanashsarma # Check error while uploading same certificate. 129c0efe585Smanashsarma Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data} 130c0efe585Smanashsarma 131c0efe585Smanashsarma 132c0efe585SmanashsarmaInstall Server Certificate Using Redfishtool And Verify Via OpenSSL 133c0efe585Smanashsarma [Documentation] Install server certificate using Redfishtool and verify via OpenSSL. 1345236ec54SGeorge Keishing [Tags] Install_Server_Certificate_Using_Redfishtool_And_Verify_Via_OpenSSL 135c0efe585Smanashsarma 136c0efe585Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 137c0efe585Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 138c0efe585Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 139c0efe585Smanashsarma 140c0efe585Smanashsarma ${certificate_dict}= Create Dictionary 1414d430283Sganesanb ... @odata.id=/redfish/v1/Managers/${MANAGER_ID}/NetworkProtocol/HTTPS/Certificates/1 142c0efe585Smanashsarma 143c0efe585Smanashsarma ${dict_objects}= Create Dictionary CertificateString=${file_data} 144c0efe585Smanashsarma ... CertificateType=PEM CertificateUri=${certificate_dict} 145c0efe585Smanashsarma 146c0efe585Smanashsarma ${string}= Convert To String ${dict_objects} 147c0efe585Smanashsarma ${string}= Replace String ${string} ' " 148c0efe585Smanashsarma ${payload}= Set Variable '${string}' 149c0efe585Smanashsarma 150c0efe585Smanashsarma ${response}= Redfishtool Post 151c0efe585Smanashsarma ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 15241e5ad25SAlagiridhilipank ... expected_error=${HTTP_OK}, ${HTTP_NO_CONTENT} 153c0efe585Smanashsarma 154c0efe585Smanashsarma Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 155c0efe585Smanashsarma 156e12c8479Smanashsarma 1572843e39eSTony LeeVerify CSR Generation For Server Certificate Via Redfishtool 158e12c8479Smanashsarma [Documentation] Verify CSR generation for server certificate. 1592843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Server_Certificate_Via_Redfishtool 160e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 161e12c8479Smanashsarma 162e12c8479Smanashsarma # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 1638d31f15eSganesanb Server RSA ${keybit_length} ${EMPTY} ok 164e12c8479Smanashsarma Server EC ${EMPTY} prime256v1 ok 165e12c8479Smanashsarma Server EC ${EMPTY} secp521r1 ok 166e12c8479Smanashsarma Server EC ${EMPTY} secp384r1 ok 167e12c8479Smanashsarma 168e12c8479Smanashsarma 1692843e39eSTony LeeVerify CSR Generation For Client Certificate Via Redfishtool 170e12c8479Smanashsarma [Documentation] Verify CSR generation for client certificate. 1712843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Client_Certificate_Via_Redfishtool 172e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 173e12c8479Smanashsarma 174e12c8479Smanashsarma # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 1758d31f15eSganesanb Client RSA ${keybit_length} ${EMPTY} ok 176e12c8479Smanashsarma Client EC ${EMPTY} prime256v1 ok 177e12c8479Smanashsarma Client EC ${EMPTY} secp521r1 ok 178e12c8479Smanashsarma Client EC ${EMPTY} secp384r1 ok 179e12c8479Smanashsarma 180e12c8479Smanashsarma 1812843e39eSTony LeeVerify CSR Generation For Server Certificate With Invalid Value Via Redfishtool 182e12c8479Smanashsarma [Documentation] Verify error while generating CSR for server certificate with invalid value. 1832843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value_Via_Redfishtool 184e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 185e12c8479Smanashsarma 186e12c8479Smanashsarma # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 1878d31f15eSganesanb Server ${invalid_value} ${keybit_length} prime256v1 error 188e12c8479Smanashsarma Server RAS ${invalid_value} ${EMPTY} error 189e12c8479Smanashsarma 190e12c8479Smanashsarma 1912843e39eSTony LeeVerify CSR Generation For Client Certificate With Invalid Value Via Redfishtool 192e12c8479Smanashsarma [Documentation] Verify error while generating CSR for client certificate with invalid value. 1932843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value_Via_Redfishtool 194e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 195e12c8479Smanashsarma 1968d31f15eSganesanb Client ${invalid_value} ${keybit_length} prime256v1 error 197e12c8479Smanashsarma Client RSA ${invalid_value} ${EMPTY} error 198e12c8479Smanashsarma 19926d0e837Smanashsarma*** Keywords *** 20026d0e837Smanashsarma 20126d0e837Smanashsarma 202e12c8479SmanashsarmaGenerate CSR Via Redfishtool 203e12c8479Smanashsarma [Documentation] Generate CSR using Redfish. 204e12c8479Smanashsarma [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status} 205e12c8479Smanashsarma 206e12c8479Smanashsarma # Description of argument(s): 207e12c8479Smanashsarma # cert_type Certificate type ("Server" or "Client"). 208e12c8479Smanashsarma # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA"). 209e12c8479Smanashsarma # key_bit_length CSR key bit length ("2048"). 210e12c8479Smanashsarma # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1"). 211e12c8479Smanashsarma # expected_status Expected status of certificate replace Redfishtool request ("ok" or "error"). 212e12c8479Smanashsarma 213e12c8479Smanashsarma ${certificate_uri}= Set Variable If 214e12c8479Smanashsarma ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/ 215e12c8479Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/ 216e12c8479Smanashsarma 217e12c8479Smanashsarma ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 218e12c8479Smanashsarma 219e12c8479Smanashsarma ${csr_dict}= Create Dictionary City=Austin CertificateCollection=${certificate_dict} 2208e6ebd25Srramyasr-in ... CommonName=${OPENBMC_HOST} Country=US Organization=xyz 221e12c8479Smanashsarma ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length} 222e12c8479Smanashsarma ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id} 223e12c8479Smanashsarma 224e12c8479Smanashsarma # Remove not applicable field for CSR generation. 225e12c8479Smanashsarma Run Keyword If '${key_pair_algorithm}' == 'EC' Remove From Dictionary ${csr_dict} KeyBitLength 226e12c8479Smanashsarma ... ELSE IF '${key_pair_algorithm}' == 'RSA' Remove From Dictionary ${csr_dict} KeyCurveId 227e12c8479Smanashsarma 22885c22656Sganesanb ${expected_resp}= Set Variable If 22985c22656Sganesanb ... '${expected_status}' == 'ok' ${HTTP_OK}, ${HTTP_NO_CONTENT} 230e12c8479Smanashsarma ... '${expected_status}' == 'error' ${HTTP_BAD_REQUEST} 231e12c8479Smanashsarma 232e12c8479Smanashsarma ${string}= Convert To String ${csr_dict} 233e12c8479Smanashsarma 234e12c8479Smanashsarma ${string2}= Replace String ${string} ' " 235e12c8479Smanashsarma 236e12c8479Smanashsarma ${payload}= Set Variable '${string2}' 237e12c8479Smanashsarma 238e12c8479Smanashsarma ${response}= Redfishtool Post 239e12c8479Smanashsarma ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR 240e12c8479Smanashsarma ... expected_error=${expected_resp} 241e12c8479Smanashsarma 242e12c8479Smanashsarma # Delay added between two CSR generation request. 243e12c8479Smanashsarma Sleep 5s 244e12c8479Smanashsarma 245e12c8479Smanashsarma 24626d0e837SmanashsarmaVerify Redfishtool Install Certificate 24726d0e837Smanashsarma [Documentation] Install and verify certificate using Redfishtool. 24826d0e837Smanashsarma [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True} 24985c22656Sganesanb ... ${install_type}=install 25026d0e837Smanashsarma 25126d0e837Smanashsarma # Description of argument(s): 25226d0e837Smanashsarma # cert_type Certificate type (e.g. "Client" or "CA"). 25326d0e837Smanashsarma # cert_format Certificate file format 25426d0e837Smanashsarma # expected_status Expected status of certificate install Redfishtool 25526d0e837Smanashsarma # request (i.e. "ok" or "error"). 25626d0e837Smanashsarma # delete_cert Certificate will be deleted before installing if this True. 25726d0e837Smanashsarma 25885c22656Sganesanb Run Keyword If '${cert_type}' == 'CA' 25985c22656Sganesanb ... Delete All CA Certificate Via Redfishtool ${delete_cert} 26085c22656Sganesanb ... ELSE IF '${cert_type}' == 'Client' 26185c22656Sganesanb ... Redfishtool Delete Certificate Via BMC CLI ${cert_type} ${delete_cert} 26285c22656Sganesanb 26385c22656Sganesanb Return From Keyword If "${install_type}" != "install" and "${file_status}" != "Not Found" 26426d0e837Smanashsarma 26526d0e837Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 26626d0e837Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 26726d0e837Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 26826d0e837Smanashsarma 26926d0e837Smanashsarma ${certificate_uri}= Set Variable If 27026d0e837Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 27126d0e837Smanashsarma ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 27226d0e837Smanashsarma 27326d0e837Smanashsarma ${cert_id}= Redfishtool Install Certificate File On BMC 27426d0e837Smanashsarma ... ${certificate_uri} ${expected_status} data=${file_data} 27526d0e837Smanashsarma Logging Installed certificate id: ${cert_id} 27602d32765SYi Hu Set Test Variable ${cert_id} 27726d0e837Smanashsarma 27826d0e837Smanashsarma # Adding delay after certificate installation. 27926d0e837Smanashsarma Sleep 30s 28026d0e837Smanashsarma 28126d0e837Smanashsarma ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 28226d0e837Smanashsarma 28326d0e837Smanashsarma ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' 28426d0e837Smanashsarma ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString 28526d0e837Smanashsarma 28626d0e837Smanashsarma Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 28726d0e837Smanashsarma 28826d0e837Smanashsarma 28985c22656SganesanbDelete All CA Certificate Via Redfishtool 29026d0e837Smanashsarma [Documentation] Delete all CA certificate via Redfish. 29185c22656Sganesanb [Arguments] ${delete_cert}=${True} 29226d0e837Smanashsarma 2934d430283Sganesanb ${cmd_output}= Redfishtool Get /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates 294fbd67007SGeorge Keishing ${cmd_output}= Convert String to JSON ${cmd_output} 295fbd67007SGeorge Keishing ${cert_list}= Set Variable ${cmd_output["Members"]} 29685c22656Sganesanb ${uri_length}= Get Length ${cert_list} 29785c22656Sganesanb ${file_status}= Set Variable If 29885c22656Sganesanb ... "${uri_length}" == "0" Not Found 29985c22656Sganesanb ... "${uri_length}" != "0" Found 30085c22656Sganesanb ${cert_id}= Set Variable If 30185c22656Sganesanb ... "${uri_length}" != "0" ${cert_list[-1]["@odata.id"].split("/")[-1].strip()} 30285c22656Sganesanb ... "${uri_length}" == "0" None 30385c22656Sganesanb Set Test Variable ${cert_id} 30485c22656Sganesanb Set Test Variable ${file_status} 30585c22656Sganesanb Return From Keyword If "${file_status}" != "Found" or "${delete_cert}" != "${True}" 30626d0e837Smanashsarma FOR ${cert} IN @{cert_list} 307579d8253Smanashsarma Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} 30826d0e837Smanashsarma END 30926d0e837Smanashsarma 31026d0e837Smanashsarma 31126d0e837SmanashsarmaRedfishtool Delete Certificate Via BMC CLI 31226d0e837Smanashsarma [Documentation] Delete certificate via BMC CLI. 31385c22656Sganesanb [Arguments] ${cert_type} ${delete_cert}=${True} 31426d0e837Smanashsarma 31526d0e837Smanashsarma # Description of argument(s): 31626d0e837Smanashsarma # cert_type Certificate type (e.g. "Client" or "CA"). 31726d0e837Smanashsarma 31826d0e837Smanashsarma ${certificate_file_path} ${certificate_service} ${certificate_uri}= 31926d0e837Smanashsarma ... Run Keyword If '${cert_type}' == 'Client' 32026d0e837Smanashsarma ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 32126d0e837Smanashsarma ... ${REDFISH_LDAP_CERTIFICATE_URI} 32226d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'CA' 32326d0e837Smanashsarma ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service 32426d0e837Smanashsarma ... ${REDFISH_CA_CERTIFICATE_URI} 32526d0e837Smanashsarma 32626d0e837Smanashsarma ${file_status} ${stderr} ${rc}= BMC Execute Command 32726d0e837Smanashsarma ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 32826d0e837Smanashsarma 32985c22656Sganesanb Set Test Variable ${file_status} 33085c22656Sganesanb Return From Keyword If "${file_status}" != "Found" or '${delete_cert}' != "${True}" 33126d0e837Smanashsarma BMC Execute Command rm ${certificate_file_path} 33226d0e837Smanashsarma BMC Execute Command systemctl restart ${certificate_service} 33326d0e837Smanashsarma BMC Execute Command systemctl daemon-reload 33426d0e837Smanashsarma 33526d0e837Smanashsarma 33626d0e837SmanashsarmaRedfishtool Install Certificate File On BMC 33726d0e837Smanashsarma [Documentation] Install certificate file in BMC using POST operation. 33826d0e837Smanashsarma [Arguments] ${uri} ${status}=ok &{kwargs} 33926d0e837Smanashsarma 34026d0e837Smanashsarma # Description of argument(s): 34126d0e837Smanashsarma # uri URI for installing certificate file via Redfishtool. 34226d0e837Smanashsarma # e.g. "/redfish/v1/AccountService/LDAP/Certificates". 34326d0e837Smanashsarma # status Expected status of certificate installation via Redfishtool. 34426d0e837Smanashsarma # e.g. error, ok. 34526d0e837Smanashsarma # kwargs A dictionary of keys/values to be passed directly to 34626d0e837Smanashsarma # POST Request. 34726d0e837Smanashsarma 34826d0e837Smanashsarma Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 34926d0e837Smanashsarma 35026d0e837Smanashsarma ${headers}= Create Dictionary Content-Type=application/octet-stream 35126d0e837Smanashsarma ... X-Auth-Token=${XAUTH_TOKEN} 35226d0e837Smanashsarma Set To Dictionary ${kwargs} headers ${headers} 35326d0e837Smanashsarma 3547ffc3a54SGeorge Keishing ${resp}= POST On Session openbmc ${uri} &{kwargs} expected_status=any 35585c22656Sganesanb ${cert_id}= Set Variable If 35685c22656Sganesanb ... '${resp.status_code}' == '${HTTP_OK}' ${resp.json()["Id"]} 35785c22656Sganesanb ... '${resp.status_code}' == '${HTTP_NO_CONTENT}' ${resp.json()["Id"]} -1 35826d0e837Smanashsarma 35926d0e837Smanashsarma Run Keyword If '${status}' == 'ok' 36085c22656Sganesanb ... Should Contain Any "${resp.status_code}" ${HTTP_OK} ${HTTP_NO_CONTENT} 36126d0e837Smanashsarma ... ELSE IF '${status}' == 'error' 362fbd67007SGeorge Keishing ... Should Be Equal As Strings ${resp.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 36326d0e837Smanashsarma 36426d0e837Smanashsarma Delete All Sessions 36526d0e837Smanashsarma 366409df05dSGeorge Keishing RETURN ${cert_id} 36726d0e837Smanashsarma 36826d0e837Smanashsarma 36926d0e837SmanashsarmaVerify Redfishtool Replace Certificate 37026d0e837Smanashsarma [Documentation] Verify replace server certificate. 37126d0e837Smanashsarma [Arguments] ${cert_type} ${cert_format} ${expected_status} 37226d0e837Smanashsarma 37326d0e837Smanashsarma # Description of argument(s): 37426d0e837Smanashsarma # cert_type Certificate type (e.g. "Client", "Server" or "CA"). 37526d0e837Smanashsarma # cert_format Certificate file format 37626d0e837Smanashsarma # (e.g. "Valid_Certificate_Valid_Privatekey"). 37726d0e837Smanashsarma # expected_status Expected status of certificate replace Redfishtool 37826d0e837Smanashsarma # request (i.e. "ok" or "error"). 37926d0e837Smanashsarma 38026d0e837Smanashsarma # Install certificate before replacing client or CA certificate. 38185c22656Sganesanb Run Keyword If '${cert_type}' == 'Client' 38285c22656Sganesanb ... Verify Redfishtool Install Certificate ${cert_type} ${cert_format} ${expected_status} 38385c22656Sganesanb ... ${False} replace 38426d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'CA' 38585c22656Sganesanb ... Verify Redfishtool Install Certificate ${cert_type} ${cert_format} ${expected_status} 38685c22656Sganesanb ... ${False} replace 38726d0e837Smanashsarma 38826d0e837Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 38926d0e837Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 39026d0e837Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 39126d0e837Smanashsarma 39226d0e837Smanashsarma ${certificate_uri}= Set Variable If 39326d0e837Smanashsarma ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 39426d0e837Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 39526d0e837Smanashsarma ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id} 39626d0e837Smanashsarma 39726d0e837Smanashsarma ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 39826d0e837Smanashsarma ${dict_objects}= Create Dictionary CertificateString=${file_data} 39926d0e837Smanashsarma ... CertificateType=PEM CertificateUri=${certificate_dict} 40026d0e837Smanashsarma ${string}= Convert To String ${dict_objects} 40126d0e837Smanashsarma ${string}= Replace String ${string} ' " 40226d0e837Smanashsarma ${payload}= Set Variable '${string}' 40326d0e837Smanashsarma 40485c22656Sganesanb ${expected_resp}= Set Variable If 40585c22656Sganesanb ... '${expected_status}' == 'ok' ${HTTP_OK}, ${HTTP_NO_CONTENT} 40628af00afSmanashsarma ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND},${HTTP_INTERNAL_SERVER_ERROR} 40726d0e837Smanashsarma 40826d0e837Smanashsarma ${response}= Redfishtool Post 409f510346dSAnusha Dathatri ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 410f510346dSAnusha Dathatri ... expected_error=${expected_resp} 41126d0e837Smanashsarma 41226d0e837Smanashsarma ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 41303fcac19Smanashsarma Sleep 5s 41426d0e837Smanashsarma ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString 41526d0e837Smanashsarma 41626d0e837Smanashsarma Run Keyword If '${expected_status}' == 'ok' 41726d0e837Smanashsarma ... Should Contain ${cert_file_content} ${bmc_cert_content} 41826d0e837Smanashsarma ... ELSE 41926d0e837Smanashsarma ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 42026d0e837Smanashsarma 42126d0e837Smanashsarma 42226d0e837SmanashsarmaRedfishtool GetAttribute 42326d0e837Smanashsarma [Documentation] Execute redfishtool for GET operation. 42426d0e837Smanashsarma [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}="" 42526d0e837Smanashsarma 42626d0e837Smanashsarma # Description of argument(s): 42726d0e837Smanashsarma # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/). 42826d0e837Smanashsarma # Attribute The specific attribute to be retrieved with the URI. 42926d0e837Smanashsarma # cmd_args Commandline arguments. 43026d0e837Smanashsarma # expected_error Expected error optionally provided in testcase (e.g. 401 / 43126d0e837Smanashsarma # authentication error, etc. ). 43226d0e837Smanashsarma 43326d0e837Smanashsarma ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri} 43426d0e837Smanashsarma Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 43526d0e837Smanashsarma 436fbd67007SGeorge Keishing ${cmd_output}= Convert String to JSON ${cmd_output} 437fbd67007SGeorge Keishing 438409df05dSGeorge Keishing RETURN ${cmd_output["CertificateString"]} 43926d0e837Smanashsarma 44026d0e837Smanashsarma 44126d0e837SmanashsarmaSuite Setup Execution 44226d0e837Smanashsarma [Documentation] Do suite setup execution. 44326d0e837Smanashsarma 44426d0e837Smanashsarma ${tool_exist}= Run which redfishtool 44526d0e837Smanashsarma Should Not Be Empty ${tool_exist} 44626d0e837Smanashsarma 44726d0e837Smanashsarma # Create certificate sub-directory in current working directory. 44826d0e837Smanashsarma Create Directory certificate_dir 449