1*** Settings *** 2Documentation Test certificate in OpenBMC. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/certificate_utils.robot 8Library String 9 10Test Tags Certificate 11 12Suite Setup Suite Setup Execution 13Suite Teardown Suite Teardown 14Test Teardown Test Teardown Execution 15 16 17*** Variables *** 18 19${invalid_value} abc 20${ROOT_CA_FILE_PATH} /etc/ssl/certs/authority/* 21${keybit_length} ${2048} 22 23** Test Cases ** 24 25Verify Server Certificate Replace 26 [Documentation] Verify server certificate replace. 27 [Tags] Verify_Server_Certificate_Replace 28 [Template] Replace Certificate Via Redfish 29 30 # cert_type cert_format expected_status 31 Server Valid Certificate Valid Privatekey ok 32 Server Empty Certificate Valid Privatekey error 33 Server Valid Certificate Empty Privatekey error 34 Server Empty Certificate Empty Privatekey error 35 36 37Verify Client Certificate Replace 38 [Documentation] Verify client certificate replace. 39 [Tags] Verify_Client_Certificate_Replace 40 [Template] Replace Certificate Via Redfish 41 42 # cert_type cert_format expected_status 43 Client Valid Certificate Valid Privatekey ok 44 Client Empty Certificate Valid Privatekey error 45 Client Valid Certificate Empty Privatekey error 46 Client Empty Certificate Empty Privatekey error 47 48 49Verify CA Certificate Replace 50 [Documentation] Verify CA certificate replace. 51 [Tags] Verify_CA_Certificate_Replace 52 [Template] Replace Certificate Via Redfish 53 54 # cert_type cert_format expected_status 55 CA Valid Certificate ok 56 CA Empty Certificate error 57 58 59Verify Client Certificate Install 60 [Documentation] Verify client certificate install. 61 [Tags] Verify_Client_Certificate_Install 62 [Template] Install And Verify Certificate Via Redfish 63 64 # cert_type cert_format expected_status 65 Client Valid Certificate Valid Privatekey ok 66 Client Empty Certificate Valid Privatekey error 67 Client Valid Certificate Empty Privatekey error 68 Client Empty Certificate Empty Privatekey error 69 70 71Verify CA Certificate Install 72 [Documentation] Verify CA certificate install. 73 [Tags] Verify_CA_Certificate_Install 74 [Template] Install And Verify Certificate Via Redfish 75 76 # cert_type cert_format expected_status 77 CA Valid Certificate ok 78 CA Empty Certificate error 79 80 81Verify Maximum CA Certificate Install 82 [Documentation] Verify maximum CA certificate install. 83 [Tags] Verify_Maximum_CA_Certificate_Install 84 [Teardown] Run Keywords FFDC On Test Case Fail AND Delete All CA Certificate Via Redfish 85 86 # Get CA certificate count from BMC. 87 ${cert_list}= Redfish_Utils.Get Member List /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates 88 ${cert_count}= Get Length ${cert_list} 89 90 # Install CA certificate to reach maximum count of 10. 91 FOR ${INDEX} IN RANGE ${cert_count} 10 92 Install And Verify Certificate Via Redfish CA Valid Certificate ok ${FALSE} 93 ${cert_count}= Evaluate ${cert_count} + 1 94 END 95 96 # Verify error while installing 11th CA certificate. 97 Install And Verify Certificate Via Redfish CA Valid Certificate error ${FALSE} 98 99 100Verify Error While Uploading Same CA Certificate 101 [Documentation] Verify error while uploading same CA certificate two times. 102 [Tags] Verify_Error_While_Uploading_Same_CA_Certificate 103 104 # Create certificate file for uploading. 105 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365 106 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 107 ${file_data}= Decode Bytes To String ${bytes} UTF-8 108 109 # Install CA certificate. 110 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data} 111 112 # Adding delay after certificate installation. 113 Sleep 30s 114 115 # Check error while uploading same certificate. 116 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data} 117 118 119Verify Server Certificate View Via Openssl 120 [Documentation] Verify server certificate via openssl command. 121 [Tags] Verify_Server_Certificate_View_Via_Openssl 122 123 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 124 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 125 ${file_data}= Decode Bytes To String ${bytes} UTF-8 126 127 ${certificate_dict}= Create Dictionary 128 ... @odata.id=/redfish/v1/Managers/${MANAGER_ID}/NetworkProtocol/HTTPS/Certificates/1 129 ${payload}= Create Dictionary CertificateString=${file_data} 130 ... CertificateType=PEM CertificateUri=${certificate_dict} 131 132 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 133 ... body=${payload} valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 134 135 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 136 137 138Verify CSR Generation For Server Certificate 139 [Documentation] Verify CSR generation for server certificate. 140 [Tags] Verify_CSR_Generation_For_Server_Certificate 141 [Template] Generate CSR Via Redfish 142 143 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 144 Server RSA ${keybit_length} ${EMPTY} ok 145 Server EC ${EMPTY} prime256v1 ok 146 Server EC ${EMPTY} secp521r1 ok 147 Server EC ${EMPTY} secp384r1 ok 148 149 150Verify CSR Generation For Client Certificate 151 [Documentation] Verify CSR generation for client certificate. 152 [Tags] Verify_CSR_Generation_For_Client_Certificate 153 [Template] Generate CSR Via Redfish 154 155 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 156 Client RSA ${keybit_length} ${EMPTY} ok 157 Client EC ${EMPTY} prime256v1 ok 158 Client EC ${EMPTY} secp521r1 ok 159 Client EC ${EMPTY} secp384r1 ok 160 161 162Verify CSR Generation For Server Certificate With Invalid Value 163 [Documentation] Verify error while generating CSR for server certificate with invalid value. 164 [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value 165 [Template] Generate CSR Via Redfish 166 167 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status 168 Server ${invalid_value} ${keybit_length} prime256v1 error 169 Server RAS ${invalid_value} ${EMPTY} error 170 Server EC ${EMPTY} ${invalid_value} error 171 172 173Verify CSR Generation For Client Certificate With Invalid Value 174 [Documentation] Verify error while generating CSR for client certificate with invalid value. 175 [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value 176 [Template] Generate CSR Via Redfish 177 178 Client ${invalid_value} ${keybit_length} prime256v1 error 179 Client RSA ${invalid_value} ${EMPTY} error 180 Client EC ${EMPTY} ${invalid_value} error 181 182 183Verify Expired Certificate Install 184 [Documentation] Verify installation of expired certificate. 185 [Tags] Verify_Expired_Certificate_Install 186 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 187 [Template] Install And Verify Certificate Via Redfish 188 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 189 190 # cert_type cert_format expected_status 191 Client Expired Certificate ok 192 CA Expired Certificate ok 193 194 195Verify Expired Certificate Replace 196 [Documentation] Verify replacing the certificate with an expired one. 197 [Tags] Verify_Expired_Certificate_Replace 198 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 199 [Template] Replace Certificate Via Redfish 200 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 201 202 # cert_type cert_format expected_status 203 Server Expired Certificate ok 204 205 206Verify Not Yet Valid Certificate Install 207 [Documentation] Verify installation of not yet valid certificates. 208 [Tags] Verify_Not_Yet_Valid_Certificate_Install 209 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 210 [Template] Install And Verify Certificate Via Redfish 211 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 212 213 # cert_type cert_format expected_status 214 Client Not Yet Valid Certificate ok 215 CA Not Yet Valid Certificate ok 216 217 218Verify Not Yet Valid Certificate Replace 219 [Documentation] Verify replacing certificate with a not yet valid one. 220 [Tags] Verify_Not_Yet_Valid_Certificate_Replace 221 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 222 [Template] Replace Certificate Via Redfish 223 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 224 225 # cert_type cert_format expected_status 226 Server Not Yet Valid Certificate ok 227 Client Not Yet Valid Certificate ok 228 CA Not Yet Valid Certificate ok 229 230 231Verify Certificates Location Via Redfish 232 [Documentation] Verify the location of certificates via Redfish. 233 [Tags] Verify_Certificates_Location_Via_Redfish 234 235 ${cert_id}= Install And Verify Certificate Via Redfish 236 ... CA Valid Certificate ok 237 238 ${resp}= Redfish.Get /redfish/v1/CertificateService/CertificateLocations 239 ${Links}= Get From Dictionary ${resp.dict} Links 240 241 ${match_cert}= Catenate 242 ... /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates/${cert_id} 243 ${match}= Set Variable ${False} 244 245 FOR ${Certificates_dict} IN @{Links['Certificates']} 246 Continue For Loop If 247 ... "${Certificates_dict['@odata.id']}}" != "${match_cert}}" 248 ${match}= Set Variable ${True} 249 END 250 251 Should Be Equal ${match} ${True} 252 ... msg=Verify the location of certificates via Redfish fail. 253 254 255*** Keywords *** 256 257Get Current BMC Date 258 [Documentation] Get current BMC date. 259 260 ${cli_date_time}= CLI Get BMC DateTime 261 Set Test Variable ${cli_date_time} 262 263Restore BMC Date 264 [Documentation] Restore BMC date to its prior value. 265 266 Redfish.Patch ${REDFISH_BASE_URI}Managers/${MANAGER_ID} body={'DateTime': '${cli_date_time}'} 267 ... valid_status_codes=[${HTTP_OK}] 268 269 270Generate CSR Via Redfish 271 [Documentation] Generate CSR using Redfish. 272 [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status} 273 274 # Description of argument(s): 275 # cert_type Certificate type ("Server" or "Client"). 276 # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA") 277 # key_bit_length CSR key bit length ("2048"). 278 # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1"). 279 # expected_status Expected status of certificate replace Redfish 280 # request ("ok" or "error"). 281 282 ${certificate_uri}= Set Variable If 283 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/ 284 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/ 285 286 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 287 ${payload}= Create Dictionary City=Austin CertificateCollection=${certificate_dict} 288 ... CommonName=${OPENBMC_HOST} Country=US Organization=xyz 289 ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length} 290 ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id} 291 292 # Remove not applicable field for CSR generation. 293 Run Keyword If '${key_pair_algorithm}' == 'EC' Remove From Dictionary ${payload} KeyBitLength 294 ... ELSE IF '${key_pair_algorithm}' == 'RSA' Remove From Dictionary ${payload} KeyCurveId 295 296 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 297 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR}, ${HTTP_BAD_REQUEST} 298 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR 299 ... body=${payload} valid_status_codes=[${expected_resp}] 300 301 # Delay added between two CSR generation request. 302 Sleep 5s 303 304 305Suite Setup Execution 306 [Documentation] Do suite setup tasks. 307 308 # Create certificate sub-directory in current working directory. 309 Create Directory certificate_dir 310 Redfish.Login 311 312 313Test Teardown Execution 314 [Documentation] Do the post test teardown. 315 316 FFDC On Test Case Fail 317 318Suite Teardown 319 [Documentation] Do suite teardown tasks. 320 321 Redfish.Logout 322