1*** Settings *** 2 3 4Documentation Suite to test certificate via DMTF redfishtool. 5 6Library OperatingSystem 7Library String 8Library Collections 9 10Resource ../../lib/resource.robot 11Resource ../../lib/bmc_redfish_resource.robot 12Resource ../../lib/openbmc_ffdc.robot 13Resource ../../lib/certificate_utils.robot 14 15 16Suite Setup Suite Setup Execution 17 18 19*** Variables *** 20 21${root_cmd_args} = SEPARATOR= 22... redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always 23 24 25*** Test Cases *** 26 27 28Verify Redfishtool Replace Server Certificate Valid CertKey 29 [Documentation] Verify replace server certificate. 30 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Valid_CertKey 31 32 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok 33 34 35Verify Redfishtool Replace Client Certificate Valid CertKey 36 [Documentation] Verify replace client certificate. 37 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Valid_CertKey 38 39 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok 40 41 42Verify Redfishtool Replace CA Certificate Valid Cert 43 [Documentation] Verify replace CA certificate. 44 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Valid_Cert 45 46 Verify Redfishtool Replace Certificate CA Valid Certificate ok 47 48 49Verify Redfishtool Client Certificate Install Valid CertKey 50 [Documentation] Verify client certificate installation. 51 [Tags] Verify_Redfishtool_Client_Certificate_Install_Valid_CertKey 52 53 Verify Redfishtool Install Certificate Client Valid Certificate Valid Privatekey ok 54 55 56Verify Redfishtool CA Certificate Install Valid Cert 57 [Documentation] Verify CA Certificate installation. 58 [Tags] Verify_Redfishtool_CA_Certificate_Install_Valid_Cert 59 60 Verify Redfishtool Install Certificate CA Valid Certificate ok 61 62 63Verify Redfishtool Replace Server Certificate Errors 64 [Documentation] Verify error while replacing invalid server certificate. 65 [Tags] Verify_Redfishtool_Replace_Server_Certificate_Errors 66 [Template] Verify Redfishtool Replace Certificate 67 68 Server Empty Certificate Empty Privatekey error 69 Server Empty Certificate Valid Privatekey error 70 Server Valid Certificate Empty Privatekey error 71 72 73Verify Redfishtool Replace Client Certificate Errors 74 [Documentation] Verify error while replacing invalid client certificate. 75 [Tags] Verify_Redfishtool_Replace_Client_Certificate_Errors 76 [Template] Verify Redfishtool Replace Certificate 77 78 Client Empty Certificate Empty Privatekey error 79 Client Empty Certificate Valid Privatekey error 80 Client Valid Certificate Empty Privatekey error 81 82 83Verify Redfishtool Replace CA Certificate Errors 84 [Documentation] Verify error while replacing invalid CA certificate. 85 [Tags] Verify_Redfishtool_Replace_CA_Certificate_Errors 86 [Template] Verify Redfishtool Replace Certificate 87 88 CA Empty Certificate error 89 90 91Verify Redfishtool Client Certificate Install Errors 92 [Documentation] Verify error while installing invalid client certificate. 93 [Tags] Verify_Redfishtool_Client_Certificate_Install_Errors 94 [Template] Verify Redfishtool Install Certificate 95 96 Client Empty Certificate Empty Privatekey error 97 Client Empty Certificate Valid Privatekey error 98 Client Valid Certificate Empty Privatekey error 99 100 101*** Keywords *** 102 103 104Is HTTP error Expected 105 [Documentation] Check if the HTTP error is expected. 106 [Arguments] ${cmd_output} ${error_expected} 107 108 # Description of argument(s): 109 # cmd_output Output of an HTTP operation. 110 # error_expected Expected error. 111 112 @{words} = Split String ${error_expected} , 113 @{errorString}= Split String ${cmd_output} ${SPACE} 114 Should Contain Any ${errorString} @{words} 115 116 117Verify Redfishtool Install Certificate 118 [Documentation] Install and verify certificate using Redfishtool. 119 [Arguments] ${cert_type} ${cert_format} ${expected_status} ${delete_cert}=${True} 120 121 # Description of argument(s): 122 # cert_type Certificate type (e.g. "Client" or "CA"). 123 # cert_format Certificate file format 124 # expected_status Expected status of certificate install Redfishtool 125 # request (i.e. "ok" or "error"). 126 # delete_cert Certificate will be deleted before installing if this True. 127 128 Run Keyword If '${cert_type}' == 'CA' and '${delete_cert}' == '${True}' 129 ... Delete All CA Certificate Via Redfisthtool 130 ... ELSE IF '${cert_type}' == 'Client' and '${delete_cert}' == '${True}' 131 ... Redfishtool Delete Certificate Via BMC CLI ${cert_type} 132 133 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 134 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 135 ${file_data}= Decode Bytes To String ${bytes} UTF-8 136 137 ${certificate_uri}= Set Variable If 138 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 139 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 140 141 ${cert_id}= Redfishtool Install Certificate File On BMC 142 ... ${certificate_uri} ${expected_status} data=${file_data} 143 Logging Installed certificate id: ${cert_id} 144 145 # Adding delay after certificate installation. 146 Sleep 30s 147 148 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 149 150 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' 151 ... Redfishtool GetAttribute ${certificate_uri}/${cert_id} CertificateString 152 153 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 154 155 [Return] ${cert_id} 156 157 158Delete All CA Certificate Via Redfisthtool 159 [Documentation] Delete all CA certificate via Redfish. 160 161 ${cmd_output}= Redfishtool Get /redfish/v1/Managers/bmc/Truststore/Certificates 162 ${json_object}= To JSON ${cmd_output} 163 ${cert_list}= Set Variable ${json_object["Members"]} 164 FOR ${cert} IN @{cert_list} 165 Redfishtool Delete ${cert["@odata.id"]} ${root_cmd_args} ${HTTP_NO_CONTENT} 166 END 167 168 169Redfishtool Delete Certificate Via BMC CLI 170 [Documentation] Delete certificate via BMC CLI. 171 [Arguments] ${cert_type} 172 173 # Description of argument(s): 174 # cert_type Certificate type (e.g. "Client" or "CA"). 175 176 ${certificate_file_path} ${certificate_service} ${certificate_uri}= 177 ... Run Keyword If '${cert_type}' == 'Client' 178 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 179 ... ${REDFISH_LDAP_CERTIFICATE_URI} 180 ... ELSE IF '${cert_type}' == 'CA' 181 ... Set Variable ${ROOT_CA_FILE_PATH} phosphor-certificate-manager@authority.service 182 ... ${REDFISH_CA_CERTIFICATE_URI} 183 184 ${file_status} ${stderr} ${rc}= BMC Execute Command 185 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 186 187 Return From Keyword If "${file_status}" != "Found" 188 BMC Execute Command rm ${certificate_file_path} 189 BMC Execute Command systemctl restart ${certificate_service} 190 BMC Execute Command systemctl daemon-reload 191 192 193Redfishtool Install Certificate File On BMC 194 [Documentation] Install certificate file in BMC using POST operation. 195 [Arguments] ${uri} ${status}=ok &{kwargs} 196 197 # Description of argument(s): 198 # uri URI for installing certificate file via Redfishtool. 199 # e.g. "/redfish/v1/AccountService/LDAP/Certificates". 200 # status Expected status of certificate installation via Redfishtool. 201 # e.g. error, ok. 202 # kwargs A dictionary of keys/values to be passed directly to 203 # POST Request. 204 205 Initialize OpenBMC 20 ${quiet}=${1} ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 206 207 ${headers}= Create Dictionary Content-Type=application/octet-stream 208 ... X-Auth-Token=${XAUTH_TOKEN} 209 Set To Dictionary ${kwargs} headers ${headers} 210 211 ${ret}= Post Request openbmc ${uri} &{kwargs} 212 ${content_json}= To JSON ${ret.content} 213 ${cert_id}= Set Variable If '${ret.status_code}' == '${HTTP_OK}' ${content_json["Id"]} -1 214 215 Run Keyword If '${status}' == 'ok' 216 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 217 ... ELSE IF '${status}' == 'error' 218 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 219 220 Delete All Sessions 221 222 [Return] ${cert_id} 223 224 225Verify Redfishtool Replace Certificate 226 [Documentation] Verify replace server certificate. 227 [Arguments] ${cert_type} ${cert_format} ${expected_status} 228 229 # Description of argument(s): 230 # cert_type Certificate type (e.g. "Client", "Server" or "CA"). 231 # cert_format Certificate file format 232 # (e.g. "Valid_Certificate_Valid_Privatekey"). 233 # expected_status Expected status of certificate replace Redfishtool 234 # request (i.e. "ok" or "error"). 235 236 # Install certificate before replacing client or CA certificate. 237 ${cert_id}= Run Keyword If '${cert_type}' == 'Client' 238 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate Valid Privatekey ok 239 ... ELSE IF '${cert_type}' == 'CA' 240 ... Verify Redfishtool Install Certificate ${cert_type} Valid Certificate ok 241 242 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} 243 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 244 ${file_data}= Decode Bytes To String ${bytes} UTF-8 245 246 ${certificate_uri}= Set Variable If 247 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 248 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 249 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/${cert_id} 250 251 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 252 ${dict_objects}= Create Dictionary CertificateString=${file_data} 253 ... CertificateType=PEM CertificateUri=${certificate_dict} 254 ${string}= Convert To String ${dict_objects} 255 ${string}= Replace String ${string} ' " 256 ${payload}= Set Variable '${string}' 257 258 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 259 ... '${expected_status}' == 'error' ${HTTP_NOT_FOUND} 260 261 ${response}= Redfishtool Post 262 ... ${payload} /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate expected_error=${expected_resp} 263 264 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 265 ${bmc_cert_content}= Redfishtool GetAttribute ${certificate_uri} CertificateString 266 267 Run Keyword If '${expected_status}' == 'ok' 268 ... Should Contain ${cert_file_content} ${bmc_cert_content} 269 ... ELSE 270 ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 271 272 273Redfishtool Get 274 [Documentation] Execute redfishtool for GET operation. 275 [Arguments] ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}="" 276 277 # Description of argument(s): 278 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/). 279 # cmd_args Commandline arguments. 280 # expected_error Expected error optionally provided in testcase (e.g. 401 / 281 # authentication error, etc. ). 282 283 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri} 284 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 285 286 [Return] ${cmd_output} 287 288 289Redfishtool GetAttribute 290 [Documentation] Execute redfishtool for GET operation. 291 [Arguments] ${uri} ${Attribute} ${cmd_args}=${root_cmd_args} ${expected_error}="" 292 293 # Description of argument(s): 294 # uri URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/). 295 # Attribute The specific attribute to be retrieved with the URI. 296 # cmd_args Commandline arguments. 297 # expected_error Expected error optionally provided in testcase (e.g. 401 / 298 # authentication error, etc. ). 299 300 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} GET ${uri} 301 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 302 ${json_object}= To JSON ${cmd_output} 303 304 [Return] ${json_object["CertificateString"]} 305 306 307Redfishtool Post 308 [Documentation] Execute redfishtool for Post operation. 309 [Arguments] ${payload} ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}="" 310 311 # Description of argument(s): 312 # payload Payload with POST operation (e.g. data for user name, password, role, 313 # enabled attribute) 314 # uri URI for POST operation (e.g. /redfish/v1/AccountService/Accounts/). 315 # cmd_args Commandline arguments. 316 # expected_error Expected error optionally provided in testcase (e.g. 401 / 317 # authentication error, etc. ). 318 319 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} POST ${uri} --data=${payload} 320 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 321 322 [Return] ${cmd_output} 323 324 325Redfishtool Delete 326 [Documentation] Execute redfishtool for Post operation. 327 [Arguments] ${uri} ${cmd_args}=${root_cmd_args} ${expected_error}="" 328 329 # Description of argument(s): 330 # uri URI for DELETE operation. 331 # cmd_args Commandline arguments. 332 # expected_error Expected error optionally provided in testcase (e.g. 401 / 333 # authentication error, etc. ). 334 335 ${rc} ${cmd_output}= Run and Return RC and Output ${cmd_args} DELETE ${uri} 336 Run Keyword If ${rc} != 0 Is HTTP error Expected ${cmd_output} ${expected_error} 337 338 [Return] ${cmd_output} 339 340 341Suite Setup Execution 342 [Documentation] Do suite setup execution. 343 344 ${tool_exist}= Run which redfishtool 345 Should Not Be Empty ${tool_exist} 346 347 # Create certificate sub-directory in current working directory. 348 Create Directory certificate_dir 349