dongxiaoyan-tsg-autotest/01-TestCase/tsg_adc/api_security/DenySSLTests.robot

*** Settings ***
Test Teardown     DeletePolicyAndObjectAndApplicationAndSignature    ${policyIds}    ${objectids}
Force Tags        tsg_adc    tsg_security
Library           OperatingSystem
Library           Selenium2Library    
Resource          ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource          ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource          ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource          ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource          ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
Resource          ../../../03-Variable/ApplicationID.txt
Resource          ../../../03-Variable/BifangApiVariable.txt
Resource          ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
Resource          ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot    
Library           ../../../04-CustomLibrary/Library/VerifyPolicy.py
*** Variables ***
${policyIds}      ${EMPTY}
${objectids}      ${EMPTY}

*** Test Cases ***
SecurityPolicy-Deny-SSL-00001
    [Tags]    Deny    IP    SSL    SNI    SAN    CN
    Comment    创建IP
    ${addItemList1}    Create Dictionary    isSession=endpoint    ip=${testClentIP}    port=0-65535    direction=0    protocol=0    isInitialize=0
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict}    Create Dictionary    objectType=ip    objectSubType=endpoint    isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId}    AddObjects    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    
    Comment    创建SNI
    ${addItemList1}    Create Dictionary    keywordArray=$www.prlib.ru    isHexbin=${0}
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict1}    Create Dictionary    objectType=fqdn    objectSubType=fqdn       isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId1}    AddObjects    ${1}    ${objectDict1}  
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${objectId1}
    
    Comment    创建CN
    ${addItemList1}    Create Dictionary    keywordArray=*prlib.ru    isHexbin=${0}
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict1}    Create Dictionary    objectType=fqdn    objectSubType=fqdn       isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId2}    AddObjects    ${1}    ${objectDict1}  
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${objectId2}
    
    Comment    创建SAN
    ${addItemList1}    Create Dictionary    keywordArray=*prlib.ru    isHexbin=${0}
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict1}    Create Dictionary    objectType=fqdn    objectSubType=fqdn       isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId3}    AddObjects    ${1}    ${objectDict1}  
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${objectId3}
    
    Comment    创建Deny策略
    ${policyDict}    Create Dictionary    policyName=${TEST NAME}    policyType=tsg_security    action=deny    source=${objectId}|TSG_SECURITY_SOURCE_ADDR    userRegion={"protocol":"SSL","method":"drop"}    filterList=${objectId3}|TSG_FIELD_SSL_SAN,${objectId1}|TSG_FIELD_SSL_SNI,${objectId2}|TSG_FIELD_SSL_CN    isValid=${1}    appIdObjects=${SSL_ID}
    ${rescode}    ${policyId}   AddPolicies    1    ${policyDict}    v2
    ${policyIds}    set Variable    ${policyId}[0][policyIds][0] 
    
    ${starttime}    Get Time
    #功能端验证
    Sleep    ${policyVerificationSleepSeconds}s
    
    Comment    策略验证
    #新增策略验证
    #创建attributes中的字典
    ${sni}    Create Dictionary    attributeType=string    attributeName=sni    appId=199    appName=ssl    protocol=ssl    attributeValue={"string": "www.prlib.ru"}
    ${cn}    Create Dictionary    attributeType=string    attributeName=cn    appId=199    appName=ssl    protocol=ssl    attributeValue={"string": "www.prlib.ru"}
    ${san}    Create Dictionary    attributeType=string    attributeName=san    appId=199    appName=ssl    protocol=ssl    attributeValue={"string": "www.prlib.ru"}
    ${app_id}    Create Dictionary    attributeType=string    attributeName=app_id    attributeValue={"string": "199"}
    
    ${ipsource}    Create Dictionary    attributeType=ip    attributeName=source    attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
    ${ipdestination}    Create Dictionary    attributeType=ip    attributeName=destination    attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
    # 合成attributes字典集
    ${attributes}    Create List    ${app_id}    ${ipsource}    ${ipdestination}    ${sni}    ${cn}    ${san}
    ${verifySession}    Create Dictionary    attributes=${attributes}
    ${verifyList}    Create Dictionary    policyType=tsg_security    verifySession=${verifySession}
    log    ${verifyList}
    ${rescode}    ${resData}    VerifyPolicies    ${verifyList}
    # 打印检查结果
    ${objectid_verify}    Set Variable    ${objectids}
    ${objectid_verify}    Catenate    SEPARATOR=,    ${objectid_verify}       ${policyIds}
    # # 调用关键字 提取应答json获取其中所有的id值，并判断新下发的id值是否在应答json的id中
    log         ${objectid_verify}
    ${testType}    Evaluate    type($objectid_verify)
    ${testType}    Evaluate    type($resData)
    log     ${resData}
    sleep    5
    ${ok}    VerifyProxy    ${resData}    ${objectid_verify}
    Should Be Equal As Strings    ${ok}    true
    
    
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
    ...    ELSE    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    timed out
    ...    ELSE    Create List    timed out
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    
    Comment    日志验证
    #日志验证
    ${s}    Convert to String    ${policyIds}
    ${returnvalue}    GetLogList_new    security_event_log    ${starttime}    ${testClentIP}    ${s}    ssl_sni    www.prlib.ru
    Should Be Equal As Strings    ${returnvalue}    true

SecurityPolicy-Deny-SSL-00002
    [Tags]    Deny    IP    SSL    SNI
    Comment    创建IP
    ${addItemList1}    Create Dictionary    isSession=endpoint    ip=${testClentIP}    port=0-65535    direction=0    protocol=0    isInitialize=0
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict}    Create Dictionary    objectType=ip    objectSubType=endpoint    isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId}    AddObjects    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    
    Comment    创建SNI
    ${addItemList1}    Create Dictionary    keywordArray=$www.prlib.ru    isHexbin=${0}
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict1}    Create Dictionary    objectType=fqdn    objectSubType=fqdn       isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId1}    AddObjects    ${1}    ${objectDict1}  
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${objectId1}

    Comment    创建Deny策略
    ${policyDict}    Create Dictionary    policyName=${TEST NAME}    policyType=tsg_security    action=deny    source=${objectId}|TSG_SECURITY_SOURCE_ADDR    userRegion={"protocol":"SSL","method":"drop"}    filterList=${objectId1}|TSG_FIELD_SSL_SNI   isValid=${1}    appIdObjects=${SSL_ID}
    ${rescode}    ${policyId}   AddPolicies    1    ${policyDict}    v2
    ${policyIds}    set Variable    ${policyId}[0][policyIds][0] 
    
    ${starttime}    Get Time
    #功能端验证
    Sleep    ${policyVerificationSleepSeconds}s
    
    Comment    策略验证
    #新增策略验证
    #创建attributes中的字典
    ${sni}    Create Dictionary    attributeType=string    attributeName=sni    appId=199    appName=ssl    protocol=ssl    attributeValue={"string": "www.prlib.ru"}
    ${app_id}    Create Dictionary    attributeType=string    attributeName=app_id    attributeValue={"string": "199"}
    
    ${ipsource}    Create Dictionary    attributeType=ip    attributeName=source    attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
    ${ipdestination}    Create Dictionary    attributeType=ip    attributeName=destination    attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
    # 合成attributes字典集
    ${attributes}    Create List    ${app_id}    ${ipsource}    ${ipdestination}    ${sni}    
    ${verifySession}    Create Dictionary    attributes=${attributes}
    ${verifyList}    Create Dictionary    policyType=tsg_security    verifySession=${verifySession}
    log    ${verifyList}
    ${rescode}    ${resData}    VerifyPolicies    ${verifyList}
    # 打印检查结果
    ${objectid_verify}    Set Variable    ${objectids}
    ${objectid_verify}    Catenate    SEPARATOR=,    ${objectid_verify}       ${policyIds}
    # # 调用关键字 提取应答json获取其中所有的id值，并判断新下发的id值是否在应答json的id中
    log         ${objectid_verify}
    ${testType}    Evaluate    type($objectid_verify)
    ${testType}    Evaluate    type($resData)
    log     ${resData}
    sleep    5
    ${ok}    VerifyProxy    ${resData}    ${objectid_verify}
    Should Be Equal As Strings    ${ok}    true
    

    
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
    ...    ELSE    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    timed out
    ...    ELSE    Create List    timed out
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Comment    日志验证
    #日志验证
    ${s}    Convert to String    ${policyIds}
    ${returnvalue}    GetLogList_new    security_event_log    ${starttime}    ${testClentIP}    ${s}    ssl_sni    www.prlib.ru
    Should Be Equal As Strings    ${returnvalue}    true

SecurityPolicy-Deny-SSL-00003    
    [Tags]    Deny    IP    SSL    CN
    Comment    创建IP
    ${addItemList1}    Create Dictionary    isSession=endpoint    ip=${testClentIP}    port=0-65535    direction=0    protocol=0    isInitialize=0
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict}    Create Dictionary    objectType=ip    objectSubType=endpoint    isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId}    AddObjects    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    

    Comment    创建CN
    ${addItemList1}    Create Dictionary    keywordArray=*prlib.ru    isHexbin=${0}
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict1}    Create Dictionary    objectType=fqdn    objectSubType=fqdn       isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId2}    AddObjects    ${1}    ${objectDict1}  
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${objectId2}
    
    Comment    创建Deny策略
    ${policyDict}    Create Dictionary    policyName=${TEST NAME}    policyType=tsg_security    action=deny    source=${objectId}|TSG_SECURITY_SOURCE_ADDR    userRegion={"protocol":"SSL","method":"drop"}    filterList=${objectId2}|TSG_FIELD_SSL_CN    isValid=${1}    appIdObjects=${SSL_ID}
    ${rescode}    ${policyId}   AddPolicies    1    ${policyDict}    v2
    ${policyIds}    set Variable    ${policyId}[0][policyIds][0] 
    
    ${starttime}    Get Time
    #功能端验证
    Sleep    ${policyVerificationSleepSeconds}s
    
    Comment    策略验证
    #新增策略验证
    #创建attributes中的字典
    ${cn}    Create Dictionary    attributeType=string    attributeName=cn    appId=199    appName=ssl    protocol=ssl    attributeValue={"string": "www.prlib.ru"}
    ${app_id}    Create Dictionary    attributeType=string    attributeName=app_id    attributeValue={"string": "199"}
    
    ${ipsource}    Create Dictionary    attributeType=ip    attributeName=source    attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
    ${ipdestination}    Create Dictionary    attributeType=ip    attributeName=destination    attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
    # 合成attributes字典集
    ${attributes}    Create List    ${app_id}    ${ipsource}    ${ipdestination}    ${cn}    
    ${verifySession}    Create Dictionary    attributes=${attributes}
    ${verifyList}    Create Dictionary    policyType=tsg_security    verifySession=${verifySession}
    log    ${verifyList}
    ${rescode}    ${resData}    VerifyPolicies    ${verifyList}
    # 打印检查结果
    ${objectid_verify}    Set Variable    ${objectids}
    ${objectid_verify}    Catenate    SEPARATOR=,    ${objectid_verify}       ${policyIds}
    # # 调用关键字 提取应答json获取其中所有的id值，并判断新下发的id值是否在应答json的id中
    log         ${objectid_verify}
    ${testType}    Evaluate    type($objectid_verify)
    ${testType}    Evaluate    type($resData)
    log     ${resData}
    sleep    5
    ${ok}    VerifyProxy    ${resData}    ${objectid_verify}
    Should Be Equal As Strings    ${ok}    true
    

    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
    ...    ELSE    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    timed out
    ...    ELSE    Create List    timed out
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    
    Comment    日志验证
    #日志验证
    ${s}    Convert to String    ${policyIds}
    ${returnvalue}    GetLogList_new    security_event_log    ${starttime}    ${testClentIP}    ${s}    ssl_sni    www.prlib.ru
    Should Be Equal As Strings    ${returnvalue}    true
    
SecurityPolicy-Deny-SSL-00004
    [Tags]    Deny    IP    SSL    SAN
    Comment    创建IP
    ${addItemList1}    Create Dictionary    isSession=endpoint    ip=${testClentIP}    port=0-65535    direction=0    protocol=0    isInitialize=0
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict}    Create Dictionary    objectType=ip    objectSubType=endpoint    isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId}    AddObjects    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    
    Comment    创建SAN
    ${addItemList1}    Create Dictionary    keywordArray=*prlib.ru    isHexbin=${0}
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict1}    Create Dictionary    objectType=fqdn    objectSubType=fqdn       isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId3}    AddObjects    ${1}    ${objectDict1}  
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${objectId3}
    
    Comment    创建Deny策略
    ${policyDict}    Create Dictionary    policyName=${TEST NAME}    policyType=tsg_security    action=deny    source=${objectId}|TSG_SECURITY_SOURCE_ADDR    userRegion={"protocol":"SSL","method":"drop"}    filterList=${objectId3}|TSG_FIELD_SSL_SAN    isValid=${1}    appIdObjects=${SSL_ID}
    ${rescode}    ${policyId}   AddPolicies    1    ${policyDict}    v2
    ${policyIds}    set Variable    ${policyId}[0][policyIds][0] 
    
    ${starttime}    Get Time
    #功能端验证
    Sleep    ${policyVerificationSleepSeconds}s
    
    Comment    策略验证
    #新增策略验证
    #创建attributes中的字典
    ${san}    Create Dictionary    attributeType=string    attributeName=san    appId=199    appName=ssl    protocol=ssl    attributeValue={"string": "prlib.ru"}
    ${app_id}    Create Dictionary    attributeType=string    attributeName=app_id    attributeValue={"string": "199"}
    
    ${ipsource}    Create Dictionary    attributeType=ip    attributeName=source    attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
    ${ipdestination}    Create Dictionary    attributeType=ip    attributeName=destination    attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
    # 合成attributes字典集
    ${attributes}    Create List    ${app_id}    ${ipsource}    ${ipdestination}    ${san}
    ${verifySession}    Create Dictionary    attributes=${attributes}
    ${verifyList}    Create Dictionary    policyType=tsg_security    verifySession=${verifySession}
    log    ${verifyList}
    ${rescode}    ${resData}    VerifyPolicies    ${verifyList}
    # 打印检查结果
    ${objectid_verify}    Set Variable    ${objectids}
    ${objectid_verify}    Catenate    SEPARATOR=,    ${objectid_verify}       ${policyIds}
    # # 调用关键字 提取应答json获取其中所有的id值，并判断新下发的id值是否在应答json的id中
    log         ${objectid_verify}
    ${testType}    Evaluate    type($objectid_verify)
    ${testType}    Evaluate    type($resData)
    log     ${resData}
    sleep    5
    ${ok}    VerifyProxy    ${resData}    ${objectid_verify}
    Should Be Equal As Strings    ${ok}    true

    
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
    ...    ELSE    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    timed out
    ...    ELSE    Create List    timed out
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    
    Comment    日志验证
    #日志验证
    ${s}    Convert to String    ${policyIds}
    ${returnvalue}    GetLogList_new    security_event_log    ${starttime}    ${testClentIP}    ${s}    ssl_sni    www.prlib.ru
    Should Be Equal As Strings    ${returnvalue}    true

    
SecurityPolicy-Deny-SSL-00005
    [Tags]    Deny    IP    SSL
    Comment    创建IP
    ${addItemList1}    Create Dictionary    isSession=endpoint    ip=${testClentIP}    port=0-65535    direction=0    protocol=0    isInitialize=0
    ${addItemLists}    Create list    ${addItemList1}
    ${objectDict}    Create Dictionary    objectType=ip    objectSubType=endpoint    isValid=${1}    addItemList=${addItemLists}
    ${rescode}    ${objectId}    AddObjects    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    
    
    Comment    创建Deny策略
    ${policyDict}    Create Dictionary    policyName=${TEST NAME}    policyType=tsg_security    action=deny    source=${objectId}|TSG_SECURITY_SOURCE_ADDR    userRegion={"protocol":"SSL","method":"drop"}    isValid=${1}    appIdObjects=${SSL_ID}
    ${rescode}    ${policyId}   AddPolicies    1    ${policyDict}    v2
    ${policyIds}    set Variable    ${policyId}[0][policyIds][0] 
    
    ${starttime}    Get Time
    #功能端验证
    Sleep    ${policyVerificationSleepSeconds}s
    
    Comment    策略验证
    #新增策略验证
    #创建attributes中的字典
    ${app_id}    Create Dictionary    attributeType=string    attributeName=app_id    attributeValue={"string": "199"}
    
    ${ipsource}    Create Dictionary    attributeType=ip    attributeName=source    attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
    ${ipdestination}    Create Dictionary    attributeType=ip    attributeName=destination    attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
    # 合成attributes字典集
    ${attributes}    Create List    ${app_id}    ${ipsource}    ${ipdestination}
    ${verifySession}    Create Dictionary    attributes=${attributes}
    ${verifyList}    Create Dictionary    policyType=tsg_security    verifySession=${verifySession}
    log    ${verifyList}
    ${rescode}    ${resData}    VerifyPolicies    ${verifyList}
    # 打印检查结果
    ${objectid_verify}    Set Variable    ${objectids}
    ${objectid_verify}    Catenate    SEPARATOR=,    ${objectid_verify}       ${policyIds}
    # # 调用关键字 提取应答json获取其中所有的id值，并判断新下发的id值是否在应答json的id中
    log         ${objectid_verify}
    ${testType}    Evaluate    type($objectid_verify)
    ${testType}    Evaluate    type($resData)
    log     ${resData}
    sleep    5
    ${ok}    VerifyProxy    ${resData}    ${objectid_verify}
    Should Be Equal As Strings    ${ok}    true
 
    
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat
    ...    ELSE    set variable    ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat 
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    timed out 
    ...    ELSE    Create List    timed out
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    
    Comment    日志验证
    #日志验证
    ${s}    Convert to String    ${policyIds}
    ${returnvalue}    GetLogList_new    security_event_log    ${starttime}    ${testClentIP}    ${s}    ssl_sni    SSL
    Should Be Equal As Strings    ${returnvalue}    true