1*** Settings *** 2Documentation Test certificate in OpenBMC. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/certificate_utils.robot 8 9Suite Setup Suite Setup Execution 10Test Teardown Test Teardown Execution 11 12 13** Test Cases ** 14 15Verify Server Certificate Replace 16 [Documentation] Verify server certificate replace. 17 [Tags] Verify_Server_Certificate_Replace 18 [Template] Replace Certificate Via Redfish 19 20 # cert_type cert_format expected_status 21 Server Valid Certificate Valid Privatekey ok 22 Server Empty Certificate Valid Privatekey error 23 Server Valid Certificate Empty Privatekey error 24 Server Empty Certificate Empty Privatekey error 25 26 27Verify Client Certificate Replace 28 [Documentation] Verify client certificate replace. 29 [Tags] Verify_Client_Certificate_Replace 30 [Template] Replace Certificate Via Redfish 31 32 # cert_type cert_format expected_status 33 Client Valid Certificate Valid Privatekey ok 34 Client Empty Certificate Valid Privatekey error 35 Client Valid Certificate Empty Privatekey error 36 Client Empty Certificate Empty Privatekey error 37 38 39Verify CA Certificate Replace 40 [Documentation] Verify CA certificate replace. 41 [Tags] Verify_CA_Certificate_Replace 42 [Template] Replace Certificate Via Redfish 43 44 # cert_type cert_format expected_status 45 CA Valid Certificate ok 46 CA Empty Certificate error 47 48 49Verify Client Certificate Install 50 [Documentation] Verify client certificate install. 51 [Tags] Verify_Client_Certificate_Install 52 [Template] Install And Verify Certificate Via Redfish 53 54 # cert_type cert_format expected_status 55 Client Valid Certificate Valid Privatekey ok 56 Client Empty Certificate Valid Privatekey error 57 Client Valid Certificate Empty Privatekey error 58 Client Empty Certificate Empty Privatekey error 59 60 61Verify CA Certificate Install 62 [Documentation] Verify CA certificate install. 63 [Tags] Verify_CA_Certificate_Install 64 [Template] Install And Verify Certificate Via Redfish 65 66 # cert_type cert_format expected_status 67 CA Valid Certificate ok 68 CA Empty Certificate error 69 70 71Verify Server Certificate View Via Openssl 72 [Documentation] Verify server certificate via openssl command. 73 [Tags] Verify_Server_Certificate_View_Via_Openssl 74 75 redfish.Login 76 77 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey 78 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path} 79 80 ${certificate_dict}= Create Dictionary 81 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1 82 ${payload}= Create Dictionary CertificateString=${file_data} 83 ... CertificateType=PEM CertificateUri=${certificate_dict} 84 85 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 86 ... body=${payload} 87 88 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path} 89 90 91*** Keywords *** 92 93Install And Verify Certificate Via Redfish 94 [Documentation] Install and verify certificate using Redfish. 95 [Arguments] ${cert_type} ${cert_format} ${expected_status} 96 97 # Description of argument(s): 98 # cert_type Certificate type (e.g. "Client" or "CA"). 99 # cert_format Certificate file format 100 # (e.g. "Valid_Certificate_Valid_Privatekey"). 101 # expected_status Expected status of certificate replace Redfish 102 # request (i.e. "ok" or "error"). 103 104 redfish.Login 105 Delete Certificate Via BMC CLI ${cert_type} 106 107 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365 108 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time} 109 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path} 110 111 ${certificate_uri}= Set Variable If 112 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI} 113 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI} 114 115 Install Certificate File On BMC ${certificate_uri} ${expected_status} data=${file_data} 116 117 # Adding delay after certificate installation. 118 Sleep 30s 119 120 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 121 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute 122 ... ${certificate_uri}/1 CertificateString 123 124 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content} 125 126 127Install Certificate File On BMC 128 [Documentation] Install certificate file in BMC using POST operation. 129 [Arguments] ${uri} ${status}=ok &{kwargs} 130 131 # Description of argument(s): 132 # uri URI for installing certificate file via REST 133 # e.g. "/xyz/openbmc_project/certs/server/https". 134 # status Expected status of certificate installation via REST 135 # e.g. error, ok. 136 # kwargs A dictionary of keys/values to be passed directly to 137 # POST Request. 138 139 Initialize OpenBMC quiet=${quiet} 140 141 ${headers}= Create Dictionary Content-Type=application/octet-stream 142 ... X-Auth-Token=${XAUTH_TOKEN} 143 Set To Dictionary ${kwargs} headers ${headers} 144 145 ${ret}= Post Request openbmc ${uri} &{kwargs} 146 147 Run Keyword If '${status}' == 'ok' 148 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK} 149 ... ELSE IF '${status}' == 'error' 150 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR} 151 152 Delete All Sessions 153 154 155Replace Certificate Via Redfish 156 [Documentation] Test 'replace certificate' operation in the BMC via Redfish. 157 [Arguments] ${cert_type} ${cert_format} ${expected_status} 158 159 # Description of argument(s): 160 # cert_type Certificate type (e.g. "Server" or "Client"). 161 # cert_format Certificate file format 162 # (e.g. Valid_Certificate_Valid_Privatekey). 163 # expected_status Expected status of certificate replace Redfish 164 # request (i.e. "ok" or "error"). 165 166 # Install certificate before replacing client or CA certificate. 167 Run Keyword If '${cert_type}' == 'Client' 168 ... Install And Verify Certificate Via Redfish ${cert_type} Valid Certificate Valid Privatekey ok 169 ... ELSE IF '${cert_type}' == 'CA' 170 ... Install And Verify Certificate Via Redfish ${cert_type} Valid Certificate ok 171 172 redfish.Login 173 174 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365 175 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time} 176 177 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path} 178 179 ${certificate_uri}= Set Variable If 180 ... '${cert_type}' == 'Server' ${{REDFISH_HTTPS_CERTIFICATE_URI}/1 181 ... '${cert_type}' == 'Client' ${REDFISH_LDAP_CERTIFICATE_URI}/1 182 ... '${cert_type}' == 'CA' ${REDFISH_CA_CERTIFICATE_URI}/1 183 184 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri} 185 ${payload}= Create Dictionary CertificateString=${file_data} 186 ... CertificateType=PEM CertificateUri=${certificate_dict} 187 188 ${expected_resp}= Set Variable If '${expected_status}' == 'ok' ${HTTP_OK} 189 ... '${expected_status}' == 'error' ${HTTP_INTERNAL_SERVER_ERROR} 190 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate 191 ... body=${payload} valid_status_codes=[${expected_resp}] 192 193 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 194 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString 195 196 Run Keyword If '${expected_status}' == 'ok' 197 ... Should Contain ${cert_file_content} ${bmc_cert_content} 198 ... ELSE 199 ... Should Not Contain ${cert_file_content} ${bmc_cert_content} 200 201 202Verify Certificate Visible Via OpenSSL 203 [Documentation] Checks if given certificate is visible via openssl's showcert command. 204 [Arguments] ${cert_file_path} 205 206 # Description of argument(s): 207 # cert_file_path Certificate file path. 208 209 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path} 210 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl 211 Should Contain ${cert_file_content} ${openssl_cert_content} 212 213 214Delete Certificate Via BMC CLI 215 [Documentation] Delete certificate via BMC CLI. 216 [Arguments] ${cert_type} 217 218 # Description of argument(s): 219 # cert_type Certificate type (e.g. "Client" or "CA"). 220 221 ${certificate_file_path} ${certificate_service} ${certificate_uri}= 222 ... Run Keyword If '${cert_type}' == 'Client' 223 ... Set Variable /etc/nslcd/certs/cert.pem phosphor-certificate-manager@nslcd.service 224 ... ${REDFISH_LDAP_CERTIFICATE_URI} 225 ... ELSE IF '${cert_type}' == 'CA' 226 ... Set Variable /etc/ssl/certs/Root-CA.pem phosphor-certificate-manager@authority.service 227 ... ${REDFISH_CA_CERTIFICATE_URI} 228 229 ${file_status} ${stderr} ${rc}= BMC Execute Command 230 ... [ -f ${certificate_file_path} ] && echo "Found" || echo "Not Found" 231 232 Return From Keyword If "${file_status}" != "Found" 233 BMC Execute Command rm ${certificate_file_path} 234 BMC Execute Command systemctl restart ${certificate_service} 235 Wait Until Keyword Succeeds 1 min 10 sec 236 ... Redfish.Get ${certificate_uri}/1 valid_status_codes=[${HTTP_INTERNAL_SERVER_ERROR}] 237 238 239Suite Setup Execution 240 [Documentation] Do suite setup tasks. 241 242 # Create certificate sub-directory in current working directory. 243 Create Directory certificate_dir 244 245 246Test Teardown Execution 247 [Documentation] Do the post test teardown. 248 249 FFDC On Test Case Fail 250 redfish.Logout 251