1*** Settings *** 2Documentation Test certificate in OpenBMC. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/certificate_utils.robot 8Library String 9 10Force Tags Certificate_Test 11 12Suite Setup Suite Setup Execution 13Test Teardown Test Teardown Execution 14 15 16** Test Cases ** 17 18Verify Server Certificate Replace 19 [Documentation] Verify server certificate replace. 20 [Tags] Verify_Server_Certificate_Replace 21 [Template] Replace Certificate Via Redfish 22 23 # cert_type cert_format expected_status 24 Server Valid Certificate Valid Privatekey ok 25 Server Empty Certificate Valid Privatekey error 26 Server Valid Certificate Empty Privatekey error 27 Server Empty Certificate Empty Privatekey error 28 29 30Verify Client Certificate Replace 31 [Documentation] Verify client certificate replace. 32 [Tags] Verify_Client_Certificate_Replace 33 [Template] Replace Certificate Via Redfish 34 35 # cert_type cert_format expected_status 36 Client Valid Certificate Valid Privatekey ok 37 Client Empty Certificate Valid Privatekey error 38 Client Valid Certificate Empty Privatekey error 39 Client Empty Certificate Empty Privatekey error 40 41 42Verify CA Certificate Replace 43 [Documentation] Verify CA certificate replace. 44 [Tags] Verify_CA_Certificate_Replace 45 [Template] Replace Certificate Via Redfish 46 47 # cert_type cert_format expected_status 48 CA Valid Certificate ok 49 CA Empty Certificate error 50 51 52Verify Client Certificate Install 53 [Documentation] Verify client certificate install. 54 [Tags] Verify_Client_Certificate_Install 55 [Template] Install And Verify Certificate Via Redfish 56 57 # cert_type cert_format expected_status 58 Client Valid Certificate Valid Privatekey ok 59 Client Empty Certificate Valid Privatekey error 60 Client Valid Certificate Empty Privatekey error 61 Client Empty Certificate Empty Privatekey error 62 63 64Verify CA Certificate Install 65 [Documentation] Verify CA certificate install. 66 [Tags] Verify_CA_Certificate_Install 67 [Template] Install And Verify Certificate Via Redfish 68 69 # cert_type cert_format expected_status 70 CA Valid Certificate ok 71 CA Empty Certificate error 72 73 74Verify Server Certificate View Via Openssl 75 [Documentation] Verify server certificate via openssl command. 76 [Tags] Verify_Server_Certificate_View_Via_Openssl 77 78 redfish.Login 79 80 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 81 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 82 ${file_data}= Decode Bytes To String ${bytes} UTF-8 83 84 ${certificate_dict}= Create Dictionary 85 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1 86 ${payload}= Create Dictionary CertificateString=${file_data} 87 ... CertificateType=PEM CertificateUri=${certificate_dict} 88 89 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 90 ... body=${payload} 91 92 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 93 94 95*** Keywords *** 96 97Install And Verify Certificate Via Redfish 98 [Documentation] Install and verify certificate using Redfish. 99 [Arguments] ${cert_type} ${cert_format} ${expected_status} 100 101 # Description of argument(s): 102 # cert_type Certificate type (e.g. "Client" or "CA"). 103 # cert_format Certificate file format 104 # (e.g. "Valid_Certificate_Valid_Privatekey"). 105 # expected_status Expected status of certificate replace Redfish 106 # request (i.e. "ok" or "error"). 107 108 redfish.Login 109 Delete Certificate Via BMC CLI ${cert_type} 110 111 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365 112 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time} 113 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 114 ${file_data}= Decode Bytes To String ${bytes} UTF-8 115 116 ${certificate_uri}= Set Variable If 117 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 118 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 119 120 Install Certificate File On BMC ${certificate_uri} ${expected_status} data=${file_data} 121 122 # Adding delay after certificate installation. 123 Sleep 30s 124 125 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 126 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute 127 ... ${certificate_uri}/1 CertificateString 128 129 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 130 131 132Install Certificate File On BMC 133 [Documentation] Install certificate file in BMC using POST operation. 134 [Arguments] ${uri} ${status}=ok &{kwargs} 135 136 # Description of argument(s): 137 # uri URI for installing certificate file via REST 138 # e.g. "/xyz/openbmc_project/certs/server/https". 139 # status Expected status of certificate installation via REST 140 # e.g. error, ok. 141 # kwargs A dictionary of keys/values to be passed directly to 142 # POST Request. 143 144 Initialize OpenBMC quiet=${quiet} 145 146 ${headers}= Create Dictionary Content-Type=application/octet-stream 147 ... X-Auth-Token=${XAUTH_TOKEN} 148 Set To Dictionary ${kwargs} headers ${headers} 149 150 ${ret}= Post Request openbmc ${uri} &{kwargs} 151 152 Run Keyword If '${status}' == 'ok' 153 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 154 ... ELSE IF '${status}' == 'error' 155 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 156 157 Delete All Sessions 158 159 160Replace Certificate Via Redfish 161 [Documentation] Test 'replace certificate' operation in the BMC via Redfish. 162 [Arguments] ${cert_type} ${cert_format} ${expected_status} 163 164 # Description of argument(s): 165 # cert_type Certificate type (e.g. "Server" or "Client"). 166 # cert_format Certificate file format 167 # (e.g. Valid_Certificate_Valid_Privatekey). 168 # expected_status Expected status of certificate replace Redfish 169 # request (i.e. "ok" or "error"). 170 171 # Install certificate before replacing client or CA certificate. 172 Run Keyword If '${cert_type}' == 'Client' 173 ... Install And Verify Certificate Via Redfish ${cert_type} Valid Certificate Valid Privatekey ok 174 ... ELSE IF '${cert_type}' == 'CA' 175 ... Install And Verify Certificate Via Redfish ${cert_type} Valid Certificate ok 176 177 redfish.Login 178 179 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365 180 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time} 181 182 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 183 ${file_data}= Decode Bytes To String ${bytes} UTF-8 184 185 ${certificate_uri}= Set Variable If 186 ... '${cert_type}' == 'Server' ${REDFISH_HTTPS_CERTIFICATE_URI}/1 187 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 188 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/1 189 190 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 191 ${payload}= Create Dictionary CertificateString=${file_data} 192 ... CertificateType=PEM CertificateUri=${certificate_dict} 193 194 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 195 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR} 196 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 197 ... body=${payload} valid_status_codes=[${expected_resp}] 198 199 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 200 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString 201 202 Run Keyword If '${expected_status}' == 'ok' 203 ... Should Contain ${cert_file_content} ${bmc_cert_content} 204 ... ELSE 205 ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 206 207 208Verify Certificate Visible Via OpenSSL 209 [Documentation] Checks if given certificate is visible via openssl's showcert command. 210 [Arguments] ${cert_file_path} 211 212 # Description of argument(s): 213 # cert_file_path Certificate file path. 214 215 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 216 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl 217 Should Contain ${cert_file_content} ${openssl_cert_content} 218 219 220Delete Certificate Via BMC CLI 221 [Documentation] Delete certificate via BMC CLI. 222 [Arguments] ${cert_type} 223 224 # Description of argument(s): 225 # cert_type Certificate type (e.g. "Client" or "CA"). 226 227 ${certificate_file_path} ${certificate_service} ${certificate_uri}= 228 ... Run Keyword If '${cert_type}' == 'Client' 229 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 230 ... ${REDFISH_LDAP_CERTIFICATE_URI} 231 ... ELSE IF '${cert_type}' == 'CA' 232 ... Set Variable /etc/ssl/certs/Root-CA.pem phosphor-certificate-manager@authority.service 233 ... ${REDFISH_CA_CERTIFICATE_URI} 234 235 ${file_status} ${stderr} ${rc}= BMC Execute Command 236 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 237 238 Return From Keyword If "${file_status}" != "Found" 239 BMC Execute Command rm ${certificate_file_path} 240 BMC Execute Command systemctl restart ${certificate_service} 241 Wait Until Keyword Succeeds 1 min 10 sec 242 ... Redfish.Get ${certificate_uri}/1 valid_status_codes=[${HTTP_INTERNAL_SERVER_ERROR}] 243 244 245Suite Setup Execution 246 [Documentation] Do suite setup tasks. 247 248 # Create certificate sub-directory in current working directory. 249 Create Directory certificate_dir 250 251 252Test Teardown Execution 253 [Documentation] Do the post test teardown. 254 255 FFDC On Test Case Fail 256 redfish.Logout 257