126d0e837Smanashsarma*** Settings *** 226d0e837Smanashsarma 326d0e837Smanashsarma 426d0e837SmanashsarmaDocumentation Suite to test certificate via DMTF redfishtool. 526d0e837Smanashsarma 626d0e837SmanashsarmaLibrary OperatingSystem 726d0e837SmanashsarmaLibrary String 826d0e837SmanashsarmaLibrary Collections 926d0e837Smanashsarma 1026d0e837SmanashsarmaResource ../../lib/resource.robot 1126d0e837SmanashsarmaResource ../../lib/bmc_redfish_resource.robot 1226d0e837SmanashsarmaResource ../../lib/openbmc_ffdc.robot 1326d0e837SmanashsarmaResource ../../lib/certificate_utils.robot 14579d8253SmanashsarmaResource ../../lib/dmtf_redfishtool_utils.robot 1526d0e837Smanashsarma 1626d0e837SmanashsarmaSuite Setup Suite Setup Execution 1726d0e837Smanashsarma 1826d0e837Smanashsarma 1926d0e837Smanashsarma*** Variables *** 2026d0e837Smanashsarma 2126d0e837Smanashsarma${root_cmd_args} = SEPARATOR= 22*d4ba2493SGeorge Keishing... redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always 2326d0e837Smanashsarma 24e12c8479Smanashsarma${invalid_value} abc 2526d0e837Smanashsarma 2626d0e837Smanashsarma*** Test Cases *** 2726d0e837Smanashsarma 2826d0e837Smanashsarma 2926d0e837SmanashsarmaVerify Redfishtool Replace Server Certificate Valid CertKey 3026d0e837Smanashsarma [Documentation] Verify replace server certificate. 3126d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey 3226d0e837Smanashsarma 3326d0e837Smanashsarma Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok 3426d0e837Smanashsarma 3526d0e837Smanashsarma 3626d0e837SmanashsarmaVerify Redfishtool Replace Client Certificate Valid CertKey 3726d0e837Smanashsarma [Documentation] Verify replace client certificate. 3826d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey 3926d0e837Smanashsarma 4026d0e837Smanashsarma Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok 4126d0e837Smanashsarma 4226d0e837Smanashsarma 4326d0e837SmanashsarmaVerify Redfishtool Replace CA Certificate Valid Cert 4426d0e837Smanashsarma [Documentation] Verify replace CA certificate. 4526d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert 4626d0e837Smanashsarma 4726d0e837Smanashsarma Verify Redfishtool Replace Certificate CA Valid Certificate ok 4826d0e837Smanashsarma 4926d0e837Smanashsarma 5026d0e837SmanashsarmaVerify Redfishtool Client Certificate Install Valid CertKey 5126d0e837Smanashsarma [Documentation] Verify client certificate installation. 5226d0e837Smanashsarma [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey 5326d0e837Smanashsarma 5426d0e837Smanashsarma Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok 5526d0e837Smanashsarma 5626d0e837Smanashsarma 5726d0e837SmanashsarmaVerify Redfishtool CA Certificate Install Valid Cert 5826d0e837Smanashsarma [Documentation] Verify CA Certificate installation. 5926d0e837Smanashsarma [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert 6026d0e837Smanashsarma 6126d0e837Smanashsarma Verify Redfishtool Install Certificate CA Valid Certificate ok 6226d0e837Smanashsarma 6326d0e837Smanashsarma 6426d0e837SmanashsarmaVerify Redfishtool Replace Server Certificate Errors 6526d0e837Smanashsarma [Documentation] Verify error while replacing invalid server certificate. 6626d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors 6726d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 6826d0e837Smanashsarma 6926d0e837Smanashsarma Server Empty Certificate Empty Privatekey error 7026d0e837Smanashsarma Server Empty Certificate Valid Privatekey error 7126d0e837Smanashsarma Server Valid Certificate Empty Privatekey error 7226d0e837Smanashsarma 7326d0e837Smanashsarma 7426d0e837SmanashsarmaVerify Redfishtool Replace Client Certificate Errors 7526d0e837Smanashsarma [Documentation] Verify error while replacing invalid client certificate. 7626d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors 7726d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 7826d0e837Smanashsarma 7926d0e837Smanashsarma Client Empty Certificate Empty Privatekey error 8026d0e837Smanashsarma Client Empty Certificate Valid Privatekey error 8126d0e837Smanashsarma Client Valid Certificate Empty Privatekey error 8226d0e837Smanashsarma 8326d0e837Smanashsarma 8426d0e837SmanashsarmaVerify Redfishtool Replace CA Certificate Errors 8526d0e837Smanashsarma [Documentation] Verify error while replacing invalid CA certificate. 8626d0e837Smanashsarma [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors 8726d0e837Smanashsarma [Template] Verify Redfishtool Replace Certificate 8826d0e837Smanashsarma 8926d0e837Smanashsarma CA Empty Certificate error 9026d0e837Smanashsarma 9126d0e837Smanashsarma 9226d0e837SmanashsarmaVerify Redfishtool Client Certificate Install Errors 9326d0e837Smanashsarma [Documentation] Verify error while installing invalid client certificate. 9426d0e837Smanashsarma [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors 9526d0e837Smanashsarma [Template] Verify Redfishtool Install Certificate 9626d0e837Smanashsarma 9726d0e837Smanashsarma Client Empty Certificate Empty Privatekey error 9826d0e837Smanashsarma Client Empty Certificate Valid Privatekey error 9926d0e837Smanashsarma Client Valid Certificate Empty Privatekey error 10026d0e837Smanashsarma 10126d0e837Smanashsarma 102c0efe585SmanashsarmaVerify Redfishtool CA Certificate Install Errors 103c0efe585Smanashsarma [Documentation] Verify error while installing invalid CA certificate. 104c0efe585Smanashsarma [Tags] Verify_Redfishtool_CA_Certificate_Install_Errors 105c0efe585Smanashsarma [Template] Verify Redfishtool Install Certificate 106c0efe585Smanashsarma 107c0efe585Smanashsarma # cert_type cert_format expected_status 108c0efe585Smanashsarma CA Empty Certificate error 109c0efe585Smanashsarma 110c0efe585Smanashsarma 11116b3c7bfSGeorge KeishingVerify Error While Uploading Same CA Certificate Via Redfishtool 112c0efe585Smanashsarma [Documentation] Verify error while uploading same CA certificate two times. 11316b3c7bfSGeorge Keishing [Tags] Verify_Error_While_Uploading_Same_CA_Certificate_Via_Redfishtool 114c0efe585Smanashsarma 115c0efe585Smanashsarma # Create certificate file for uploading. 116c0efe585Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365 117c0efe585Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 118c0efe585Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 119c0efe585Smanashsarma 120c0efe585Smanashsarma # Install CA certificate. 121c0efe585Smanashsarma Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data} 122c0efe585Smanashsarma 123c0efe585Smanashsarma # Adding delay after certificate installation. 124c0efe585Smanashsarma Sleep 30s 125c0efe585Smanashsarma 126c0efe585Smanashsarma # Check error while uploading same certificate. 127c0efe585Smanashsarma Redfishtool Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data} 128c0efe585Smanashsarma 129c0efe585Smanashsarma 130c0efe585SmanashsarmaInstall Server Certificate Using Redfishtool And Verify Via OpenSSL 131c0efe585Smanashsarma [Documentation] Install server certificate using Redfishtool and verify via OpenSSL. 132c0efe585Smanashsarma [Tags] Install_Server_Certificate_Using_Redfishtool_And_Verify_Via_OpenSSL. 133c0efe585Smanashsarma 134c0efe585Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 135c0efe585Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 136c0efe585Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 137c0efe585Smanashsarma 138c0efe585Smanashsarma ${certificate_dict}= Create Dictionary 139c0efe585Smanashsarma ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1 140c0efe585Smanashsarma 141c0efe585Smanashsarma ${dict_objects}= Create Dictionary CertificateString=${file_data} 142c0efe585Smanashsarma ... CertificateType=PEM CertificateUri=${certificate_dict} 143c0efe585Smanashsarma 144c0efe585Smanashsarma ${string}= Convert To String ${dict_objects} 145c0efe585Smanashsarma ${string}= Replace String ${string} ' " 146c0efe585Smanashsarma ${payload}= Set Variable '${string}' 147c0efe585Smanashsarma 148c0efe585Smanashsarma ${response}= Redfishtool Post 149c0efe585Smanashsarma ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 150c0efe585Smanashsarma 151c0efe585Smanashsarma Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 152c0efe585Smanashsarma 153e12c8479Smanashsarma 1542843e39eSTony LeeVerify CSR Generation For Server Certificate Via Redfishtool 155e12c8479Smanashsarma [Documentation] Verify CSR generation for server certificate. 1562843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Server_Certificate_Via_Redfishtool 157e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 158e12c8479Smanashsarma 159e12c8479Smanashsarma # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 160e12c8479Smanashsarma Server RSA ${2048} ${EMPTY} ok 161e12c8479Smanashsarma Server EC ${EMPTY} prime256v1 ok 162e12c8479Smanashsarma Server EC ${EMPTY} secp521r1 ok 163e12c8479Smanashsarma Server EC ${EMPTY} secp384r1 ok 164e12c8479Smanashsarma 165e12c8479Smanashsarma 1662843e39eSTony LeeVerify CSR Generation For Client Certificate Via Redfishtool 167e12c8479Smanashsarma [Documentation] Verify CSR generation for client certificate. 1682843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Client_Certificate_Via_Redfishtool 169e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 170e12c8479Smanashsarma 171e12c8479Smanashsarma # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 172e12c8479Smanashsarma Client RSA ${2048} ${EMPTY} ok 173e12c8479Smanashsarma Client EC ${EMPTY} prime256v1 ok 174e12c8479Smanashsarma Client EC ${EMPTY} secp521r1 ok 175e12c8479Smanashsarma Client EC ${EMPTY} secp384r1 ok 176e12c8479Smanashsarma 177e12c8479Smanashsarma 1782843e39eSTony LeeVerify CSR Generation For Server Certificate With Invalid Value Via Redfishtool 179e12c8479Smanashsarma [Documentation] Verify error while generating CSR for server certificate with invalid value. 1802843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value_Via_Redfishtool 181e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 182e12c8479Smanashsarma 183e12c8479Smanashsarma # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 184e12c8479Smanashsarma Server ${invalid_value} ${2048} prime256v1 error 185e12c8479Smanashsarma Server RAS ${invalid_value} ${EMPTY} error 186e12c8479Smanashsarma 187e12c8479Smanashsarma 1882843e39eSTony LeeVerify CSR Generation For Client Certificate With Invalid Value Via Redfishtool 189e12c8479Smanashsarma [Documentation] Verify error while generating CSR for client certificate with invalid value. 1902843e39eSTony Lee [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value_Via_Redfishtool 191e12c8479Smanashsarma [Template] Generate CSR Via Redfishtool 192e12c8479Smanashsarma 193e12c8479Smanashsarma Client ${invalid_value} ${2048} prime256v1 error 194e12c8479Smanashsarma Client RSA ${invalid_value} ${EMPTY} error 195e12c8479Smanashsarma 19626d0e837Smanashsarma*** Keywords *** 19726d0e837Smanashsarma 19826d0e837Smanashsarma 199e12c8479SmanashsarmaGenerate CSR Via Redfishtool 200e12c8479Smanashsarma [Documentation] Generate CSR using Redfish. 201e12c8479Smanashsarma [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status} 202e12c8479Smanashsarma 203e12c8479Smanashsarma # Description of argument(s): 204e12c8479Smanashsarma # cert_type Certificate type ("Server" or "Client"). 205e12c8479Smanashsarma # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA"). 206e12c8479Smanashsarma # key_bit_length CSR key bit length ("2048"). 207e12c8479Smanashsarma # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1"). 208e12c8479Smanashsarma # expected_status Expected status of certificate replace Redfishtool request ("ok" or "error"). 209e12c8479Smanashsarma 210e12c8479Smanashsarma ${certificate_uri}= Set Variable If 211e12c8479Smanashsarma ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/ 212e12c8479Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/ 213e12c8479Smanashsarma 214e12c8479Smanashsarma ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 215e12c8479Smanashsarma 216e12c8479Smanashsarma ${csr_dict}= Create Dictionary City=Austin CertificateCollection=${certificate_dict} 217e12c8479Smanashsarma ... CommonName=${OPENBMC_HOST} Country=US Organization=IBM 218e12c8479Smanashsarma ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length} 219e12c8479Smanashsarma ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id} 220e12c8479Smanashsarma 221e12c8479Smanashsarma # Remove not applicable field for CSR generation. 222e12c8479Smanashsarma Run Keyword If '${key_pair_algorithm}' == 'EC' Remove From Dictionary ${csr_dict} KeyBitLength 223e12c8479Smanashsarma ... ELSE IF '${key_pair_algorithm}' == 'RSA' Remove From Dictionary ${csr_dict} KeyCurveId 224e12c8479Smanashsarma 225e12c8479Smanashsarma ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 226e12c8479Smanashsarma ... '${expected_status}' == 'error' ${HTTP_BAD_REQUEST} 227e12c8479Smanashsarma 228e12c8479Smanashsarma ${string}= Convert To String ${csr_dict} 229e12c8479Smanashsarma 230e12c8479Smanashsarma ${string2}= Replace String ${string} ' " 231e12c8479Smanashsarma 232e12c8479Smanashsarma ${payload}= Set Variable '${string2}' 233e12c8479Smanashsarma 234e12c8479Smanashsarma ${response}= Redfishtool Post 235e12c8479Smanashsarma ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR 236e12c8479Smanashsarma ... expected_error=${expected_resp} 237e12c8479Smanashsarma 238e12c8479Smanashsarma # Delay added between two CSR generation request. 239e12c8479Smanashsarma Sleep 5s 240e12c8479Smanashsarma 241e12c8479Smanashsarma 24226d0e837SmanashsarmaVerify Redfishtool Install Certificate 24326d0e837Smanashsarma [Documentation] Install and verify certificate using Redfishtool. 24426d0e837Smanashsarma [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True} 24526d0e837Smanashsarma 24626d0e837Smanashsarma # Description of argument(s): 24726d0e837Smanashsarma # cert_type Certificate type (e.g. "Client" or "CA"). 24826d0e837Smanashsarma # cert_format Certificate file format 24926d0e837Smanashsarma # expected_status Expected status of certificate install Redfishtool 25026d0e837Smanashsarma # request (i.e. "ok" or "error"). 25126d0e837Smanashsarma # delete_cert Certificate will be deleted before installing if this True. 25226d0e837Smanashsarma 25326d0e837Smanashsarma Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}' 25426d0e837Smanashsarma ... Delete All CA Certificate Via Redfisthtool 25526d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}' 25626d0e837Smanashsarma ... Redfishtool Delete Certificate Via BMC CLI ${cert_type} 25726d0e837Smanashsarma 25826d0e837Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 25926d0e837Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 26026d0e837Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 26126d0e837Smanashsarma 26226d0e837Smanashsarma ${certificate_uri}= Set Variable If 26326d0e837Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 26426d0e837Smanashsarma ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 26526d0e837Smanashsarma 26626d0e837Smanashsarma ${cert_id}= Redfishtool Install Certificate File On BMC 26726d0e837Smanashsarma ... ${certificate_uri} ${expected_status} data=${file_data} 26826d0e837Smanashsarma Logging Installed certificate id: ${cert_id} 26926d0e837Smanashsarma 27026d0e837Smanashsarma # Adding delay after certificate installation. 27126d0e837Smanashsarma Sleep 30s 27226d0e837Smanashsarma 27326d0e837Smanashsarma ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 27426d0e837Smanashsarma 27526d0e837Smanashsarma ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' 27626d0e837Smanashsarma ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString 27726d0e837Smanashsarma 27826d0e837Smanashsarma Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 27926d0e837Smanashsarma 28026d0e837Smanashsarma [Return] ${cert_id} 28126d0e837Smanashsarma 28226d0e837Smanashsarma 28326d0e837SmanashsarmaDelete All CA Certificate Via Redfisthtool 28426d0e837Smanashsarma [Documentation] Delete all CA certificate via Redfish. 28526d0e837Smanashsarma 28626d0e837Smanashsarma ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates 28726d0e837Smanashsarma ${json_object}= To JSON ${cmd_output} 28826d0e837Smanashsarma ${cert_list}= Set Variable ${json_object["Members"]} 28926d0e837Smanashsarma FOR ${cert} IN @{cert_list} 290579d8253Smanashsarma Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} 29126d0e837Smanashsarma END 29226d0e837Smanashsarma 29326d0e837Smanashsarma 29426d0e837SmanashsarmaRedfishtool Delete Certificate Via BMC CLI 29526d0e837Smanashsarma [Documentation] Delete certificate via BMC CLI. 29626d0e837Smanashsarma [Arguments] ${cert_type} 29726d0e837Smanashsarma 29826d0e837Smanashsarma # Description of argument(s): 29926d0e837Smanashsarma # cert_type Certificate type (e.g. "Client" or "CA"). 30026d0e837Smanashsarma 30126d0e837Smanashsarma ${certificate_file_path} ${certificate_service} ${certificate_uri}= 30226d0e837Smanashsarma ... Run Keyword If '${cert_type}' == 'Client' 30326d0e837Smanashsarma ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 30426d0e837Smanashsarma ... ${REDFISH_LDAP_CERTIFICATE_URI} 30526d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'CA' 30626d0e837Smanashsarma ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service 30726d0e837Smanashsarma ... ${REDFISH_CA_CERTIFICATE_URI} 30826d0e837Smanashsarma 30926d0e837Smanashsarma ${file_status} ${stderr} ${rc}= BMC Execute Command 31026d0e837Smanashsarma ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 31126d0e837Smanashsarma 31226d0e837Smanashsarma Return From Keyword If "${file_status}" != "Found" 31326d0e837Smanashsarma BMC Execute Command rm ${certificate_file_path} 31426d0e837Smanashsarma BMC Execute Command systemctl restart ${certificate_service} 31526d0e837Smanashsarma BMC Execute Command systemctl daemon-reload 31626d0e837Smanashsarma 31726d0e837Smanashsarma 31826d0e837SmanashsarmaRedfishtool Install Certificate File On BMC 31926d0e837Smanashsarma [Documentation] Install certificate file in BMC using POST operation. 32026d0e837Smanashsarma [Arguments] ${uri} ${status}=ok &{kwargs} 32126d0e837Smanashsarma 32226d0e837Smanashsarma # Description of argument(s): 32326d0e837Smanashsarma # uri URI for installing certificate file via Redfishtool. 32426d0e837Smanashsarma # e.g. "/redfish/v1/AccountService/LDAP/Certificates". 32526d0e837Smanashsarma # status Expected status of certificate installation via Redfishtool. 32626d0e837Smanashsarma # e.g. error, ok. 32726d0e837Smanashsarma # kwargs A dictionary of keys/values to be passed directly to 32826d0e837Smanashsarma # POST Request. 32926d0e837Smanashsarma 33026d0e837Smanashsarma Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 33126d0e837Smanashsarma 33226d0e837Smanashsarma ${headers}= Create Dictionary Content-Type=application/octet-stream 33326d0e837Smanashsarma ... X-Auth-Token=${XAUTH_TOKEN} 33426d0e837Smanashsarma Set To Dictionary ${kwargs} headers ${headers} 33526d0e837Smanashsarma 33626d0e837Smanashsarma ${ret}= Post Request openbmc ${uri} &{kwargs} 33726d0e837Smanashsarma ${content_json}= To JSON ${ret.content} 33826d0e837Smanashsarma ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1 33926d0e837Smanashsarma 34026d0e837Smanashsarma Run Keyword If '${status}' == 'ok' 34126d0e837Smanashsarma ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 34226d0e837Smanashsarma ... ELSE IF '${status}' == 'error' 34326d0e837Smanashsarma ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 34426d0e837Smanashsarma 34526d0e837Smanashsarma Delete All Sessions 34626d0e837Smanashsarma 34726d0e837Smanashsarma [Return] ${cert_id} 34826d0e837Smanashsarma 34926d0e837Smanashsarma 35026d0e837SmanashsarmaVerify Redfishtool Replace Certificate 35126d0e837Smanashsarma [Documentation] Verify replace server certificate. 35226d0e837Smanashsarma [Arguments] ${cert_type} ${cert_format} ${expected_status} 35326d0e837Smanashsarma 35426d0e837Smanashsarma # Description of argument(s): 35526d0e837Smanashsarma # cert_type Certificate type (e.g. "Client", "Server" or "CA"). 35626d0e837Smanashsarma # cert_format Certificate file format 35726d0e837Smanashsarma # (e.g. "Valid_Certificate_Valid_Privatekey"). 35826d0e837Smanashsarma # expected_status Expected status of certificate replace Redfishtool 35926d0e837Smanashsarma # request (i.e. "ok" or "error"). 36026d0e837Smanashsarma 36126d0e837Smanashsarma # Install certificate before replacing client or CA certificate. 36226d0e837Smanashsarma ${cert_id}= Run Keyword If '${cert_type}' == 'Client' 36326d0e837Smanashsarma ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok 36426d0e837Smanashsarma ... ELSE IF '${cert_type}' == 'CA' 36526d0e837Smanashsarma ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok 36626d0e837Smanashsarma 36726d0e837Smanashsarma ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 36826d0e837Smanashsarma ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 36926d0e837Smanashsarma ${file_data}= Decode Bytes To String ${bytes} UTF-8 37026d0e837Smanashsarma 37126d0e837Smanashsarma ${certificate_uri}= Set Variable If 37226d0e837Smanashsarma ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 37326d0e837Smanashsarma ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 37426d0e837Smanashsarma ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id} 37526d0e837Smanashsarma 37626d0e837Smanashsarma ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 37726d0e837Smanashsarma ${dict_objects}= Create Dictionary CertificateString=${file_data} 37826d0e837Smanashsarma ... CertificateType=PEM CertificateUri=${certificate_dict} 37926d0e837Smanashsarma ${string}= Convert To String ${dict_objects} 38026d0e837Smanashsarma ${string}= Replace String ${string} ' " 38126d0e837Smanashsarma ${payload}= Set Variable '${string}' 38226d0e837Smanashsarma 38326d0e837Smanashsarma ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 38426d0e837Smanashsarma ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND} 38526d0e837Smanashsarma 38626d0e837Smanashsarma ${response}= Redfishtool Post 387f510346dSAnusha Dathatri ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 388f510346dSAnusha Dathatri ... expected_error=${expected_resp} 38926d0e837Smanashsarma 39026d0e837Smanashsarma ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 39126d0e837Smanashsarma ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString 39226d0e837Smanashsarma 39326d0e837Smanashsarma Run Keyword If '${expected_status}' == 'ok' 39426d0e837Smanashsarma ... Should Contain ${cert_file_content} ${bmc_cert_content} 39526d0e837Smanashsarma ... ELSE 39626d0e837Smanashsarma ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 39726d0e837Smanashsarma 39826d0e837Smanashsarma 39926d0e837SmanashsarmaRedfishtool GetAttribute 40026d0e837Smanashsarma [Documentation] Execute redfishtool for GET operation. 40126d0e837Smanashsarma [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}="" 40226d0e837Smanashsarma 40326d0e837Smanashsarma # Description of argument(s): 40426d0e837Smanashsarma # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/). 40526d0e837Smanashsarma # Attribute The specific attribute to be retrieved with the URI. 40626d0e837Smanashsarma # cmd_args Commandline arguments. 40726d0e837Smanashsarma # expected_error Expected error optionally provided in testcase (e.g. 401 / 40826d0e837Smanashsarma # authentication error, etc. ). 40926d0e837Smanashsarma 41026d0e837Smanashsarma ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri} 41126d0e837Smanashsarma Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 41226d0e837Smanashsarma ${json_object}= To JSON ${cmd_output} 41326d0e837Smanashsarma 41426d0e837Smanashsarma [Return] ${json_object["CertificateString"]} 41526d0e837Smanashsarma 41626d0e837Smanashsarma 41726d0e837SmanashsarmaSuite Setup Execution 41826d0e837Smanashsarma [Documentation] Do suite setup execution. 41926d0e837Smanashsarma 42026d0e837Smanashsarma ${tool_exist}= Run which redfishtool 42126d0e837Smanashsarma Should Not Be Empty ${tool_exist} 42226d0e837Smanashsarma 42326d0e837Smanashsarma # Create certificate sub-directory in current working directory. 42426d0e837Smanashsarma Create Directory certificate_dir 425