126d0e837Smanashsarma*** Settings *** 226d0e837Smanashsarma 326d0e837Smanashsarma 426d0e837SmanashsarmaDocumentation Suite to test certificate via DMTF redfishtool. 526d0e837Smanashsarma 626d0e837SmanashsarmaLibrary OperatingSystem 726d0e837SmanashsarmaLibrary String 826d0e837SmanashsarmaLibrary Collections 926d0e837Smanashsarma 1026d0e837SmanashsarmaResource ../../lib/resource.robot 1126d0e837SmanashsarmaResource ../../lib/bmc_redfish_resource.robot 1226d0e837SmanashsarmaResource ../../lib/openbmc_ffdc.robot 1326d0e837SmanashsarmaResource ../../lib/certificate_utils.robot 14*579d8253SmanashsarmaResource ../../lib/dmtf_redfishtool_utils.robot 1526d0e837Smanashsarma 1626d0e837SmanashsarmaSuite Setup Suite Setup Execution 1726d0e837Smanashsarma 1826d0e837Smanashsarma 1926d0e837Smanashsarma*** Variables *** 2026d0e837Smanashsarma 2126d0e837Smanashsarma${root_cmd_args} = SEPARATOR= 2226d0e837Smanashsarma... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always 2326d0e837Smanashsarma 2426d0e837Smanashsarma 2526d0e837Smanashsarma*** Test Cases *** 2626d0e837Smanashsarma 2726d0e837Smanashsarma 2826d0e837SmanashsarmaVerify Redfishtool Replace Server Certificate Valid CertKey 2926d0e837Smanashsarma [Documentation] Verify replace server certificate. 3026d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey 3126d0e837Smanashsarma 3226d0e837Smanashsarma Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok 3326d0e837Smanashsarma 3426d0e837Smanashsarma 3526d0e837SmanashsarmaVerify Redfishtool Replace Client Certificate Valid CertKey 3626d0e837Smanashsarma [Documentation] Verify replace client certificate. 3726d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey 3826d0e837Smanashsarma 3926d0e837Smanashsarma Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok 4026d0e837Smanashsarma 4126d0e837Smanashsarma 4226d0e837SmanashsarmaVerify Redfishtool Replace CA Certificate Valid Cert 4326d0e837Smanashsarma [Documentation] Verify replace CA certificate. 4426d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert 4526d0e837Smanashsarma 4626d0e837Smanashsarma Verify Redfishtool Replace Certificate CA Valid Certificate ok 4726d0e837Smanashsarma 4826d0e837Smanashsarma 4926d0e837SmanashsarmaVerify Redfishtool Client Certificate Install Valid CertKey 5026d0e837Smanashsarma [Documentation] Verify client certificate installation. 5126d0e837Smanashsarma [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey 5226d0e837Smanashsarma 5326d0e837Smanashsarma Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok 5426d0e837Smanashsarma 5526d0e837Smanashsarma 5626d0e837SmanashsarmaVerify Redfishtool CA Certificate Install Valid Cert 5726d0e837Smanashsarma [Documentation] Verify CA Certificate installation. 5826d0e837Smanashsarma [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert 5926d0e837Smanashsarma 6026d0e837Smanashsarma Verify Redfishtool Install Certificate CA Valid Certificate ok 6126d0e837Smanashsarma 6226d0e837Smanashsarma 6326d0e837SmanashsarmaVerify Redfishtool Replace Server Certificate Errors 6426d0e837Smanashsarma [Documentation] Verify error while replacing invalid server certificate. 6526d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors 6626d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 6726d0e837Smanashsarma 6826d0e837Smanashsarma Server Empty Certificate Empty Privatekey error 6926d0e837Smanashsarma Server Empty Certificate Valid Privatekey error 7026d0e837Smanashsarma Server Valid Certificate Empty Privatekey error 7126d0e837Smanashsarma 7226d0e837Smanashsarma 7326d0e837SmanashsarmaVerify Redfishtool Replace Client Certificate Errors 7426d0e837Smanashsarma [Documentation] Verify error while replacing invalid client certificate. 7526d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors 7626d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 7726d0e837Smanashsarma 7826d0e837Smanashsarma Client Empty Certificate Empty Privatekey error 7926d0e837Smanashsarma Client Empty Certificate Valid Privatekey error 8026d0e837Smanashsarma Client Valid Certificate Empty Privatekey error 8126d0e837Smanashsarma 8226d0e837Smanashsarma 8326d0e837SmanashsarmaVerify Redfishtool Replace CA Certificate Errors 8426d0e837Smanashsarma [Documentation] Verify error while replacing invalid CA certificate. 8526d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors 8626d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 8726d0e837Smanashsarma 8826d0e837Smanashsarma CA Empty Certificate error 8926d0e837Smanashsarma 9026d0e837Smanashsarma 9126d0e837SmanashsarmaVerify Redfishtool Client Certificate Install Errors 9226d0e837Smanashsarma [Documentation] Verify error while installing invalid client certificate. 9326d0e837Smanashsarma [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors 9426d0e837Smanashsarma [Template] Verify Redfishtool Install Certificate 9526d0e837Smanashsarma 9626d0e837Smanashsarma Client Empty Certificate Empty Privatekey error 9726d0e837Smanashsarma Client Empty Certificate Valid Privatekey error 9826d0e837Smanashsarma Client Valid Certificate Empty Privatekey error 9926d0e837Smanashsarma 10026d0e837Smanashsarma 10126d0e837Smanashsarma*** Keywords *** 10226d0e837Smanashsarma 10326d0e837Smanashsarma 10426d0e837SmanashsarmaVerify Redfishtool Install Certificate 10526d0e837Smanashsarma [Documentation] Install and verify certificate using Redfishtool. 10626d0e837Smanashsarma [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True} 10726d0e837Smanashsarma 10826d0e837Smanashsarma # Description of argument(s): 10926d0e837Smanashsarma # cert_type Certificate type (e.g. "Client" or "CA"). 11026d0e837Smanashsarma # cert_format Certificate file format 11126d0e837Smanashsarma # expected_status Expected status of certificate install Redfishtool 11226d0e837Smanashsarma # request (i.e. "ok" or "error"). 11326d0e837Smanashsarma # delete_cert Certificate will be deleted before installing if this True. 11426d0e837Smanashsarma 11526d0e837Smanashsarma Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}' 11626d0e837Smanashsarma ... Delete All CA Certificate Via Redfisthtool 11726d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}' 11826d0e837Smanashsarma ... Redfishtool Delete Certificate Via BMC CLI ${cert_type} 11926d0e837Smanashsarma 12026d0e837Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 12126d0e837Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 12226d0e837Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 12326d0e837Smanashsarma 12426d0e837Smanashsarma ${certificate_uri}= Set Variable If 12526d0e837Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 12626d0e837Smanashsarma ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 12726d0e837Smanashsarma 12826d0e837Smanashsarma ${cert_id}= Redfishtool Install Certificate File On BMC 12926d0e837Smanashsarma ... ${certificate_uri} ${expected_status} data=${file_data} 13026d0e837Smanashsarma Logging Installed certificate id: ${cert_id} 13126d0e837Smanashsarma 13226d0e837Smanashsarma # Adding delay after certificate installation. 13326d0e837Smanashsarma Sleep 30s 13426d0e837Smanashsarma 13526d0e837Smanashsarma ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 13626d0e837Smanashsarma 13726d0e837Smanashsarma ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' 13826d0e837Smanashsarma ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString 13926d0e837Smanashsarma 14026d0e837Smanashsarma Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 14126d0e837Smanashsarma 14226d0e837Smanashsarma [Return] ${cert_id} 14326d0e837Smanashsarma 14426d0e837Smanashsarma 14526d0e837SmanashsarmaDelete All CA Certificate Via Redfisthtool 14626d0e837Smanashsarma [Documentation] Delete all CA certificate via Redfish. 14726d0e837Smanashsarma 14826d0e837Smanashsarma ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates 14926d0e837Smanashsarma ${json_object}= To JSON ${cmd_output} 15026d0e837Smanashsarma ${cert_list}= Set Variable ${json_object["Members"]} 15126d0e837Smanashsarma FOR ${cert} IN @{cert_list} 152*579d8253Smanashsarma Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} 15326d0e837Smanashsarma END 15426d0e837Smanashsarma 15526d0e837Smanashsarma 15626d0e837SmanashsarmaRedfishtool Delete Certificate Via BMC CLI 15726d0e837Smanashsarma [Documentation] Delete certificate via BMC CLI. 15826d0e837Smanashsarma [Arguments] ${cert_type} 15926d0e837Smanashsarma 16026d0e837Smanashsarma # Description of argument(s): 16126d0e837Smanashsarma # cert_type Certificate type (e.g. "Client" or "CA"). 16226d0e837Smanashsarma 16326d0e837Smanashsarma ${certificate_file_path} ${certificate_service} ${certificate_uri}= 16426d0e837Smanashsarma ... Run Keyword If '${cert_type}' == 'Client' 16526d0e837Smanashsarma ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 16626d0e837Smanashsarma ... ${REDFISH_LDAP_CERTIFICATE_URI} 16726d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'CA' 16826d0e837Smanashsarma ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service 16926d0e837Smanashsarma ... ${REDFISH_CA_CERTIFICATE_URI} 17026d0e837Smanashsarma 17126d0e837Smanashsarma ${file_status} ${stderr} ${rc}= BMC Execute Command 17226d0e837Smanashsarma ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 17326d0e837Smanashsarma 17426d0e837Smanashsarma Return From Keyword If "${file_status}" != "Found" 17526d0e837Smanashsarma BMC Execute Command rm ${certificate_file_path} 17626d0e837Smanashsarma BMC Execute Command systemctl restart ${certificate_service} 17726d0e837Smanashsarma BMC Execute Command systemctl daemon-reload 17826d0e837Smanashsarma 17926d0e837Smanashsarma 18026d0e837SmanashsarmaRedfishtool Install Certificate File On BMC 18126d0e837Smanashsarma [Documentation] Install certificate file in BMC using POST operation. 18226d0e837Smanashsarma [Arguments] ${uri} ${status}=ok &{kwargs} 18326d0e837Smanashsarma 18426d0e837Smanashsarma # Description of argument(s): 18526d0e837Smanashsarma # uri URI for installing certificate file via Redfishtool. 18626d0e837Smanashsarma # e.g. "/redfish/v1/AccountService/LDAP/Certificates". 18726d0e837Smanashsarma # status Expected status of certificate installation via Redfishtool. 18826d0e837Smanashsarma # e.g. error, ok. 18926d0e837Smanashsarma # kwargs A dictionary of keys/values to be passed directly to 19026d0e837Smanashsarma # POST Request. 19126d0e837Smanashsarma 19226d0e837Smanashsarma Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 19326d0e837Smanashsarma 19426d0e837Smanashsarma ${headers}= Create Dictionary Content-Type=application/octet-stream 19526d0e837Smanashsarma ... X-Auth-Token=${XAUTH_TOKEN} 19626d0e837Smanashsarma Set To Dictionary ${kwargs} headers ${headers} 19726d0e837Smanashsarma 19826d0e837Smanashsarma ${ret}= Post Request openbmc ${uri} &{kwargs} 19926d0e837Smanashsarma ${content_json}= To JSON ${ret.content} 20026d0e837Smanashsarma ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1 20126d0e837Smanashsarma 20226d0e837Smanashsarma Run Keyword If '${status}' == 'ok' 20326d0e837Smanashsarma ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 20426d0e837Smanashsarma ... ELSE IF '${status}' == 'error' 20526d0e837Smanashsarma ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 20626d0e837Smanashsarma 20726d0e837Smanashsarma Delete All Sessions 20826d0e837Smanashsarma 20926d0e837Smanashsarma [Return] ${cert_id} 21026d0e837Smanashsarma 21126d0e837Smanashsarma 21226d0e837SmanashsarmaVerify Redfishtool Replace Certificate 21326d0e837Smanashsarma [Documentation] Verify replace server certificate. 21426d0e837Smanashsarma [Arguments] ${cert_type} ${cert_format} ${expected_status} 21526d0e837Smanashsarma 21626d0e837Smanashsarma # Description of argument(s): 21726d0e837Smanashsarma # cert_type Certificate type (e.g. "Client", "Server" or "CA"). 21826d0e837Smanashsarma # cert_format Certificate file format 21926d0e837Smanashsarma # (e.g. "Valid_Certificate_Valid_Privatekey"). 22026d0e837Smanashsarma # expected_status Expected status of certificate replace Redfishtool 22126d0e837Smanashsarma # request (i.e. "ok" or "error"). 22226d0e837Smanashsarma 22326d0e837Smanashsarma # Install certificate before replacing client or CA certificate. 22426d0e837Smanashsarma ${cert_id}= Run Keyword If '${cert_type}' == 'Client' 22526d0e837Smanashsarma ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok 22626d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'CA' 22726d0e837Smanashsarma ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok 22826d0e837Smanashsarma 22926d0e837Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 23026d0e837Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 23126d0e837Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 23226d0e837Smanashsarma 23326d0e837Smanashsarma ${certificate_uri}= Set Variable If 23426d0e837Smanashsarma ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 23526d0e837Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 23626d0e837Smanashsarma ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id} 23726d0e837Smanashsarma 23826d0e837Smanashsarma ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 23926d0e837Smanashsarma ${dict_objects}= Create Dictionary CertificateString=${file_data} 24026d0e837Smanashsarma ... CertificateType=PEM CertificateUri=${certificate_dict} 24126d0e837Smanashsarma ${string}= Convert To String ${dict_objects} 24226d0e837Smanashsarma ${string}= Replace String ${string} ' " 24326d0e837Smanashsarma ${payload}= Set Variable '${string}' 24426d0e837Smanashsarma 24526d0e837Smanashsarma ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 24626d0e837Smanashsarma ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND} 24726d0e837Smanashsarma 24826d0e837Smanashsarma ${response}= Redfishtool Post 24926d0e837Smanashsarma ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate expected_error=${expected_resp} 25026d0e837Smanashsarma 25126d0e837Smanashsarma ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 25226d0e837Smanashsarma ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString 25326d0e837Smanashsarma 25426d0e837Smanashsarma Run Keyword If '${expected_status}' == 'ok' 25526d0e837Smanashsarma ... Should Contain ${cert_file_content} ${bmc_cert_content} 25626d0e837Smanashsarma ... ELSE 25726d0e837Smanashsarma ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 25826d0e837Smanashsarma 25926d0e837Smanashsarma 26026d0e837SmanashsarmaRedfishtool GetAttribute 26126d0e837Smanashsarma [Documentation] Execute redfishtool for GET operation. 26226d0e837Smanashsarma [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}="" 26326d0e837Smanashsarma 26426d0e837Smanashsarma # Description of argument(s): 26526d0e837Smanashsarma # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/). 26626d0e837Smanashsarma # Attribute The specific attribute to be retrieved with the URI. 26726d0e837Smanashsarma # cmd_args Commandline arguments. 26826d0e837Smanashsarma # expected_error Expected error optionally provided in testcase (e.g. 401 / 26926d0e837Smanashsarma # authentication error, etc. ). 27026d0e837Smanashsarma 27126d0e837Smanashsarma ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri} 27226d0e837Smanashsarma Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 27326d0e837Smanashsarma ${json_object}= To JSON ${cmd_output} 27426d0e837Smanashsarma 27526d0e837Smanashsarma [Return] ${json_object["CertificateString"]} 27626d0e837Smanashsarma 27726d0e837Smanashsarma 27826d0e837SmanashsarmaSuite Setup Execution 27926d0e837Smanashsarma [Documentation] Do suite setup execution. 28026d0e837Smanashsarma 28126d0e837Smanashsarma ${tool_exist}= Run which redfishtool 28226d0e837Smanashsarma Should Not Be Empty ${tool_exist} 28326d0e837Smanashsarma 28426d0e837Smanashsarma # Create certificate sub-directory in current working directory. 28526d0e837Smanashsarma Create Directory certificate_dir 286