1*** Settings *** 2Documentation Test certificate in OpenBMC. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/certificate_utils.robot 8Library String 9 10Suite Setup Suite Setup Execution 11Test Teardown Test Teardown Execution 12 13 14** Test Cases ** 15 16Verify Server Certificate Replace 17 [Documentation] Verify server certificate replace. 18 [Tags] Verify_Server_Certificate_Replace 19 [Template] Replace Certificate Via Redfish 20 21 # cert_type cert_format expected_status 22 Server Valid Certificate Valid Privatekey ok 23 Server Empty Certificate Valid Privatekey error 24 Server Valid Certificate Empty Privatekey error 25 Server Empty Certificate Empty Privatekey error 26 27 28Verify Client Certificate Replace 29 [Documentation] Verify client certificate replace. 30 [Tags] Verify_Client_Certificate_Replace 31 [Template] Replace Certificate Via Redfish 32 33 # cert_type cert_format expected_status 34 Client Valid Certificate Valid Privatekey ok 35 Client Empty Certificate Valid Privatekey error 36 Client Valid Certificate Empty Privatekey error 37 Client Empty Certificate Empty Privatekey error 38 39 40Verify CA Certificate Replace 41 [Documentation] Verify CA certificate replace. 42 [Tags] Verify_CA_Certificate_Replace 43 [Template] Replace Certificate Via Redfish 44 45 # cert_type cert_format expected_status 46 CA Valid Certificate ok 47 CA Empty Certificate error 48 49 50Verify Client Certificate Install 51 [Documentation] Verify client certificate install. 52 [Tags] Verify_Client_Certificate_Install 53 [Template] Install And Verify Certificate Via Redfish 54 55 # cert_type cert_format expected_status 56 Client Valid Certificate Valid Privatekey ok 57 Client Empty Certificate Valid Privatekey error 58 Client Valid Certificate Empty Privatekey error 59 Client Empty Certificate Empty Privatekey error 60 61 62Verify CA Certificate Install 63 [Documentation] Verify CA certificate install. 64 [Tags] Verify_CA_Certificate_Install 65 [Template] Install And Verify Certificate Via Redfish 66 67 # cert_type cert_format expected_status 68 CA Valid Certificate ok 69 CA Empty Certificate error 70 71 72Verify Server Certificate View Via Openssl 73 [Documentation] Verify server certificate via openssl command. 74 [Tags] Verify_Server_Certificate_View_Via_Openssl 75 76 redfish.Login 77 78 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 79 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 80 ${file_data}= Decode Bytes To String ${bytes} UTF-8 81 82 ${certificate_dict}= Create Dictionary 83 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1 84 ${payload}= Create Dictionary CertificateString=${file_data} 85 ... CertificateType=PEM CertificateUri=${certificate_dict} 86 87 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 88 ... body=${payload} 89 90 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 91 92 93*** Keywords *** 94 95Install And Verify Certificate Via Redfish 96 [Documentation] Install and verify certificate using Redfish. 97 [Arguments] ${cert_type} ${cert_format} ${expected_status} 98 99 # Description of argument(s): 100 # cert_type Certificate type (e.g. "Client" or "CA"). 101 # cert_format Certificate file format 102 # (e.g. "Valid_Certificate_Valid_Privatekey"). 103 # expected_status Expected status of certificate replace Redfish 104 # request (i.e. "ok" or "error"). 105 106 redfish.Login 107 Delete Certificate Via BMC CLI ${cert_type} 108 109 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365 110 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time} 111 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 112 ${file_data}= Decode Bytes To String ${bytes} UTF-8 113 114 ${certificate_uri}= Set Variable If 115 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 116 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 117 118 Install Certificate File On BMC ${certificate_uri} ${expected_status} data=${file_data} 119 120 # Adding delay after certificate installation. 121 Sleep 30s 122 123 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 124 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute 125 ... ${certificate_uri}/1 CertificateString 126 127 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 128 129 130Install Certificate File On BMC 131 [Documentation] Install certificate file in BMC using POST operation. 132 [Arguments] ${uri} ${status}=ok &{kwargs} 133 134 # Description of argument(s): 135 # uri URI for installing certificate file via REST 136 # e.g. "/xyz/openbmc_project/certs/server/https". 137 # status Expected status of certificate installation via REST 138 # e.g. error, ok. 139 # kwargs A dictionary of keys/values to be passed directly to 140 # POST Request. 141 142 Initialize OpenBMC quiet=${quiet} 143 144 ${headers}= Create Dictionary Content-Type=application/octet-stream 145 ... X-Auth-Token=${XAUTH_TOKEN} 146 Set To Dictionary ${kwargs} headers ${headers} 147 148 ${ret}= Post Request openbmc ${uri} &{kwargs} 149 150 Run Keyword If '${status}' == 'ok' 151 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 152 ... ELSE IF '${status}' == 'error' 153 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 154 155 Delete All Sessions 156 157 158Replace Certificate Via Redfish 159 [Documentation] Test 'replace certificate' operation in the BMC via Redfish. 160 [Arguments] ${cert_type} ${cert_format} ${expected_status} 161 162 # Description of argument(s): 163 # cert_type Certificate type (e.g. "Server" or "Client"). 164 # cert_format Certificate file format 165 # (e.g. Valid_Certificate_Valid_Privatekey). 166 # expected_status Expected status of certificate replace Redfish 167 # request (i.e. "ok" or "error"). 168 169 # Install certificate before replacing client or CA certificate. 170 Run Keyword If '${cert_type}' == 'Client' 171 ... Install And Verify Certificate Via Redfish ${cert_type} Valid Certificate Valid Privatekey ok 172 ... ELSE IF '${cert_type}' == 'CA' 173 ... Install And Verify Certificate Via Redfish ${cert_type} Valid Certificate ok 174 175 redfish.Login 176 177 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365 178 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time} 179 180 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 181 ${file_data}= Decode Bytes To String ${bytes} UTF-8 182 183 ${certificate_uri}= Set Variable If 184 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 185 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 186 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/1 187 188 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 189 ${payload}= Create Dictionary CertificateString=${file_data} 190 ... CertificateType=PEM CertificateUri=${certificate_dict} 191 192 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 193 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR} 194 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 195 ... body=${payload} valid_status_codes=[${expected_resp}] 196 197 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 198 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString 199 200 Run Keyword If '${expected_status}' == 'ok' 201 ... Should Contain ${cert_file_content} ${bmc_cert_content} 202 ... ELSE 203 ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 204 205 206Verify Certificate Visible Via OpenSSL 207 [Documentation] Checks if given certificate is visible via openssl's showcert command. 208 [Arguments] ${cert_file_path} 209 210 # Description of argument(s): 211 # cert_file_path Certificate file path. 212 213 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 214 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl 215 Should Contain ${cert_file_content} ${openssl_cert_content} 216 217 218Delete Certificate Via BMC CLI 219 [Documentation] Delete certificate via BMC CLI. 220 [Arguments] ${cert_type} 221 222 # Description of argument(s): 223 # cert_type Certificate type (e.g. "Client" or "CA"). 224 225 ${certificate_file_path} ${certificate_service} ${certificate_uri}= 226 ... Run Keyword If '${cert_type}' == 'Client' 227 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 228 ... ${REDFISH_LDAP_CERTIFICATE_URI} 229 ... ELSE IF '${cert_type}' == 'CA' 230 ... Set Variable /etc/ssl/certs/Root-CA.pem phosphor-certificate-manager@authority.service 231 ... ${REDFISH_CA_CERTIFICATE_URI} 232 233 ${file_status} ${stderr} ${rc}= BMC Execute Command 234 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 235 236 Return From Keyword If "${file_status}" != "Found" 237 BMC Execute Command rm ${certificate_file_path} 238 BMC Execute Command systemctl restart ${certificate_service} 239 Wait Until Keyword Succeeds 1 min 10 sec 240 ... Redfish.Get ${certificate_uri}/1 valid_status_codes=[${HTTP_INTERNAL_SERVER_ERROR}] 241 242 243Suite Setup Execution 244 [Documentation] Do suite setup tasks. 245 246 # Create certificate sub-directory in current working directory. 247 Create Directory certificate_dir 248 249 250Test Teardown Execution 251 [Documentation] Do the post test teardown. 252 253 FFDC On Test Case Fail 254 redfish.Logout 255