1*** Settings *** 2Documentation Test certificate in OpenBMC. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/certificate_utils.robot 8Library String 9 10Test Tags Certificate 11 12Suite Setup Suite Setup Execution 13Suite Teardown Suite Teardown 14Test Teardown Test Teardown Execution 15 16 17*** Variables *** 18 19${invalid_value} abc 20${ROOT_CA_FILE_PATH} /etc/ssl/certs/authority/* 21${keybit_length} ${2048} 22 23** Test Cases ** 24 25Verify Server Certificate Replace 26 [Documentation] Verify server certificate replace. 27 [Tags] Verify_Server_Certificate_Replace 28 [Template] Replace Certificate Via Redfish 29 30 # cert_type cert_format expected_status. 31 Server Valid Certificate Valid Privatekey ok 32 Server Empty Certificate Valid Privatekey error 33 Server Valid Certificate Empty Privatekey error 34 Server Empty Certificate Empty Privatekey error 35 36 37Verify Client Certificate Replace 38 [Documentation] Verify client certificate replace. 39 [Tags] Verify_Client_Certificate_Replace 40 [Template] Replace Certificate Via Redfish 41 42 # cert_type cert_format expected_status. 43 Client Valid Certificate Valid Privatekey ok 44 Client Empty Certificate Valid Privatekey error 45 Client Valid Certificate Empty Privatekey error 46 Client Empty Certificate Empty Privatekey error 47 48 49Verify CA Certificate Replace 50 [Documentation] Verify CA certificate replace. 51 [Tags] Verify_CA_Certificate_Replace 52 [Template] Replace Certificate Via Redfish 53 54 # cert_type cert_format expected_status. 55 CA Valid Certificate ok 56 CA Empty Certificate error 57 58 59Verify Client Certificate Install 60 [Documentation] Verify client certificate install. 61 [Tags] Verify_Client_Certificate_Install 62 [Template] Install And Verify Certificate Via Redfish 63 64 # cert_type cert_format expected_status. 65 Client Valid Certificate Valid Privatekey ok 66 Client Empty Certificate Valid Privatekey error 67 Client Valid Certificate Empty Privatekey error 68 Client Empty Certificate Empty Privatekey error 69 70 71Verify CA Certificate Install 72 [Documentation] Verify CA certificate install. 73 [Tags] Verify_CA_Certificate_Install 74 [Template] Install And Verify Certificate Via Redfish 75 76 # cert_type cert_format expected_status. 77 CA Valid Certificate ok 78 CA Empty Certificate error 79 80 81Verify Maximum CA Certificate Install 82 [Documentation] Verify maximum CA certificate install. 83 [Tags] Verify_Maximum_CA_Certificate_Install 84 [Teardown] Run Keywords FFDC On Test Case Fail AND Delete All CA Certificate Via Redfish 85 86 # Get CA certificate count from BMC. 87 ${cert_list}= Redfish_Utils.Get Member List /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates 88 ${cert_count}= Get Length ${cert_list} 89 90 # Install CA certificate to reach maximum count of 10. 91 FOR ${INDEX} IN RANGE ${cert_count} 10 92 Install And Verify Certificate Via Redfish CA Valid Certificate ok ${FALSE} 93 ${cert_count}= Evaluate ${cert_count} + 1 94 END 95 96 # Verify error while installing 11th CA certificate. 97 Install And Verify Certificate Via Redfish CA Valid Certificate error ${FALSE} 98 99 100Verify Error While Uploading Same CA Certificate 101 [Documentation] Verify error while uploading same CA certificate two times. 102 [Tags] Verify_Error_While_Uploading_Same_CA_Certificate 103 104 # Create certificate file for uploading. 105 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate 365 106 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 107 ${file_data}= Decode Bytes To String ${bytes} UTF-8 108 109 # Install CA certificate. 110 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} ok data=${file_data} 111 112 # Adding delay after certificate installation. 113 Sleep 30s 114 115 # Check error while uploading same certificate. 116 Install Certificate File On BMC ${REDFISH_CA_CERTIFICATE_URI} error data=${file_data} 117 118 119Verify Server Certificate View Via Openssl 120 [Documentation] Verify server certificate via openssl command. 121 [Tags] Verify_Server_Certificate_View_Via_Openssl 122 123 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 124 ${bytes}= OperatingSystem.Get Binary File ${cert_file_path} 125 ${file_data}= Decode Bytes To String ${bytes} UTF-8 126 127 ${certificate_dict}= Create Dictionary 128 ... @odata.id=/redfish/v1/Managers/${MANAGER_ID}/NetworkProtocol/HTTPS/Certificates/1 129 ${payload}= Create Dictionary CertificateString=${file_data} 130 ... CertificateType=PEM CertificateUri=${certificate_dict} 131 132 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 133 ... body=${payload} valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 134 135 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 136 137 138Verify CSR Generation For Server Certificate 139 [Documentation] Verify CSR generation for server certificate. 140 [Tags] Verify_CSR_Generation_For_Server_Certificate 141 [Template] Generate CSR Via Redfish 142 143 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status. 144 Server RSA ${keybit_length} ${EMPTY} ok 145 Server EC ${EMPTY} prime256v1 ok 146 Server EC ${EMPTY} secp521r1 ok 147 Server EC ${EMPTY} secp384r1 ok 148 149 150Verify CSR Generation For Client Certificate 151 [Documentation] Verify CSR generation for client certificate. 152 [Tags] Verify_CSR_Generation_For_Client_Certificate 153 [Template] Generate CSR Via Redfish 154 155 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status. 156 Client RSA ${keybit_length} ${EMPTY} ok 157 Client EC ${EMPTY} prime256v1 ok 158 Client EC ${EMPTY} secp521r1 ok 159 Client EC ${EMPTY} secp384r1 ok 160 161 162Verify CSR Generation For Server Certificate With Invalid Value 163 [Documentation] Verify error while generating CSR for server certificate with invalid value. 164 [Tags] Verify_CSR_Generation_For_Server_Certificate_With_Invalid_Value 165 [Template] Generate CSR Via Redfish 166 167 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status. 168 Server ${invalid_value} ${keybit_length} prime256v1 error 169 Server RAS ${invalid_value} ${EMPTY} error 170 Server EC ${EMPTY} ${invalid_value} error 171 172 173Verify CSR Generation For Client Certificate With Invalid Value 174 [Documentation] Verify error while generating CSR for client certificate with invalid value. 175 [Tags] Verify_CSR_Generation_For_Client_Certificate_With_Invalid_Value 176 [Template] Generate CSR Via Redfish 177 178 # csr_type key_pair_algorithm key_bit_length key_curv_id expected_status. 179 Client ${invalid_value} ${keybit_length} prime256v1 error 180 Client RSA ${invalid_value} ${EMPTY} error 181 Client EC ${EMPTY} ${invalid_value} error 182 183 184Verify Expired Certificate Install 185 [Documentation] Verify installation of expired certificate. 186 [Tags] Verify_Expired_Certificate_Install 187 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 188 [Template] Install And Verify Certificate Via Redfish 189 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 190 191 # cert_type cert_format expected_status. 192 Client Expired Certificate ok 193 CA Expired Certificate ok 194 195 196Verify Expired Certificate Replace 197 [Documentation] Verify replacing the certificate with an expired one. 198 [Tags] Verify_Expired_Certificate_Replace 199 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 200 [Template] Replace Certificate Via Redfish 201 #[Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 202 203 # cert_type cert_format expected_status. 204 Server Expired Certificate ok 205 206 207Verify Not Yet Valid Certificate Install 208 [Documentation] Verify installation of not yet valid certificates. 209 [Tags] Verify_Not_Yet_Valid_Certificate_Install 210 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 211 [Template] Install And Verify Certificate Via Redfish 212 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 213 214 # cert_type cert_format expected_status. 215 Client Not Yet Valid Certificate ok 216 CA Not Yet Valid Certificate ok 217 218 219Verify Not Yet Valid Certificate Replace 220 [Documentation] Verify replacing certificate with a not yet valid one. 221 [Tags] Verify_Not_Yet_Valid_Certificate_Replace 222 [Setup] Run Keywords Get Current BMC Date AND Modify BMC Date 223 [Template] Replace Certificate Via Redfish 224 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore BMC Date 225 226 # cert_type cert_format expected_status. 227 Server Not Yet Valid Certificate ok 228 Client Not Yet Valid Certificate ok 229 CA Not Yet Valid Certificate ok 230 231 232Verify Certificates Location Via Redfish 233 [Documentation] Verify the location of certificates via Redfish. 234 [Tags] Verify_Certificates_Location_Via_Redfish 235 236 ${cert_id}= Install And Verify Certificate Via Redfish 237 ... CA Valid Certificate ok 238 239 ${resp}= Redfish.Get /redfish/v1/CertificateService/CertificateLocations 240 ${Links}= Get From Dictionary ${resp.dict} Links 241 242 ${match_cert}= Catenate 243 ... /redfish/v1/Managers/${MANAGER_ID}/Truststore/Certificates/${cert_id} 244 ${match}= Set Variable ${False} 245 246 FOR ${Certificates_dict} IN @{Links['Certificates']} 247 IF "${Certificates_dict['@odata.id']}}" != "${match_cert}}" CONTINUE 248 ${match}= Set Variable ${True} 249 END 250 251 Should Be Equal ${match} ${True} 252 ... msg=Verify the location of certificates via Redfish fail. 253 254 255*** Keywords *** 256 257Get Current BMC Date 258 [Documentation] Get current BMC date. 259 260 ${cli_date_time}= CLI Get BMC DateTime 261 Set Test Variable ${cli_date_time} 262 263 264Restore BMC Date 265 [Documentation] Restore BMC date to its prior value. 266 267 Redfish.Patch ${REDFISH_BASE_URI}Managers/${MANAGER_ID} body={'DateTime': '${cli_date_time}'} 268 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 269 270 271Generate CSR Via Redfish 272 [Documentation] Generate CSR using Redfish. 273 [Arguments] ${cert_type} ${key_pair_algorithm} ${key_bit_length} ${key_curv_id} ${expected_status} 274 275 # Description of argument(s): 276 # cert_type Certificate type ("Server" or "Client"). 277 # key_pair_algorithm CSR key pair algorithm ("EC" or "RSA") 278 # key_bit_length CSR key bit length ("2048"). 279 # key_curv_id CSR key curv id ("prime256v1" or "secp521r1" or "secp384r1"). 280 # expected_status Expected status of certificate replace Redfish 281 # request ("ok" or "error"). 282 IF '${cert_type}' == 'Server' 283 ${certificate_uri}= Set Variable ${REDFISH_HTTPS_CERTIFICATE_URI}/ 284 ELSE IF '${cert_type}' == 'Client' 285 ${certificate_uri}= Set Variable ${REDFISH_LDAP_CERTIFICATE_URI}/ 286 ELSE 287 ${certificate_uri}= Set Variable None 288 END 289 290 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 291 ${payload}= Create Dictionary City=Austin CertificateCollection=${certificate_dict} 292 ... CommonName=${OPENBMC_HOST} Country=US Organization=xyz 293 ... OrganizationalUnit=ISL State=AU KeyBitLength=${key_bit_length} 294 ... KeyPairAlgorithm=${key_pair_algorithm} KeyCurveId=${key_curv_id} 295 296 # Remove not applicable field for CSR generation. 297 IF '${key_pair_algorithm}' == 'EC' 298 Remove From Dictionary ${payload} KeyBitLength 299 ELSE IF '${key_pair_algorithm}' == 'RSA' 300 Remove From Dictionary ${payload} KeyCurveId 301 END 302 303 IF '${expected_status}' == 'ok' 304 ${expected_resp}= Evaluate [${HTTP_OK}] 305 ELSE IF '${expected_status}' == 'error' 306 ${expected_resp}= Evaluate [${HTTP_INTERNAL_SERVER_ERROR}, ${HTTP_BAD_REQUEST}] 307 ELSE 308 ${expected_resp}= Evaluate [] # empty or default list if needed 309 END 310 311 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR 312 ... body=${payload} valid_status_codes=${expected_resp} 313 314 # Delay added between two CSR generation request. 315 Sleep 5s 316 317 318Suite Setup Execution 319 [Documentation] Do suite setup tasks. 320 321 # Create certificate sub-directory in current working directory. 322 Create Directory certificate_dir 323 Redfish.Login 324 325 326Test Teardown Execution 327 [Documentation] Do the post test teardown. 328 329 FFDC On Test Case Fail 330 331 332Suite Teardown 333 [Documentation] Do suite teardown tasks. 334 335 Redfish.Logout