From 188ddfce7b9a7d61025ea12b03d2382cee1e32b9 Mon Sep 17 00:00:00 2001 From: lyf Date: Fri, 19 Mar 2021 17:10:35 +0800 Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BA=A4intercept=E7=AD=96=E7=95=A5ss?= =?UTF-8?q?l=E5=92=8Chttp=E5=8D=8F=E8=AE=AE=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tsg_ui/ui_security/Ui_AllowSSLCase.robot | 4 +- .../ui_security/Ui_InterceptHttpCase.robot | 169 ++++ .../ui_security/Ui_InterceptSSLCase.robot | 941 ++++++++++++++++++ 3 files changed, 1112 insertions(+), 2 deletions(-) create mode 100644 01-TestCase/tsg_ui/ui_security/Ui_InterceptHttpCase.robot create mode 100644 01-TestCase/tsg_ui/ui_security/Ui_InterceptSSLCase.robot diff --git a/01-TestCase/tsg_ui/ui_security/Ui_AllowSSLCase.robot b/01-TestCase/tsg_ui/ui_security/Ui_AllowSSLCase.robot index 64661d5..884d082 100644 --- a/01-TestCase/tsg_ui/ui_security/Ui_AllowSSLCase.robot +++ b/01-TestCase/tsg_ui/ui_security/Ui_AllowSSLCase.robot @@ -9,7 +9,7 @@ Resource ../../../02-Keyword/tsg_ui/policy/UIPolicy.robot *** Test Cases *** -###############################################################VOIP################################################################# +################################################################################################################################ SecurityAllowSSL001 [Tags] Allow SSL SNI #新建对象fqdn @@ -129,4 +129,4 @@ SecurityAllowSSL006 -###############################################################VOIP################################################################# +################################################################################################################################ diff --git a/01-TestCase/tsg_ui/ui_security/Ui_InterceptHttpCase.robot b/01-TestCase/tsg_ui/ui_security/Ui_InterceptHttpCase.robot new file mode 100644 index 0000000..ccf52de --- /dev/null +++ b/01-TestCase/tsg_ui/ui_security/Ui_InterceptHttpCase.robot @@ -0,0 +1,169 @@ +*** Settings *** +Force Tags tsg-ui Policies Security +Library Selenium2Library +Resource ../../../02-Keyword/tsg_ui/objects/NewObjectPages.robot +Resource ../../../02-Keyword/tsg_ui/objects/NewObject.robot +Resource ../../../02-Keyword/tsg_ui/Menu.robot +Resource ../../../03-Variable/PolicyObjectDefault.txt +Resource ../../../02-Keyword/tsg_ui/policy/UIPolicy.robot + + +*** Test Cases *** +################################################################################################################################ +SecurityInterceptHTTP001 + [Tags] Intercept Http FQDN + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN keywordtext=$poplar.ru + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${hostname} create list ${TEST NAME}_FQDN + + ${filter} create list Host + + ${filterInfo} Create Dictionary Filter=${filter} Hostname=${hostname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + PoliciesDelete + +SecurityInterceptHTTP002 + [Tags] Intercept Http FQDN + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN keywordtext=*environment.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${hostname} create list ${TEST NAME}_FQDN + + ${filter} create list Host + + ${filterInfo} Create Dictionary Filter=${filter} Hostname=${hostname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + PoliciesDelete + +SecurityInterceptHTTP003 + [Tags] Intercept Http FQDN + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=$mil.qianlong.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=*.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${hostname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 + + ${filter} create list Host + + ${filterInfo} Create Dictionary Filter=${filter} Hostname=${hostname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + PoliciesDelete + +SecurityInterceptHTTP004 + [Tags] Intercept Http FQDN + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=$mil.qianlong.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=*.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${hostname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 + + ${filter} create list Host + + ${filterInfo} Create Dictionary Filter=${filter} Hostname=${hostname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=close PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + +SecurityInterceptHTTP006 + [Tags] Intercept Http Category + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${hostname} create list recreation + + ${filter} create list Host + + ${filterInfo} Create Dictionary Filter=${filter} Hostname=${hostname} Hosttype=Category + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + +#007和008自动化创建不了,需要手工测试 +SecurityInterceptHTTP009 + [Tags] Intercept Http FQDN + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN keywordtext=$poplar.ru + + ${hostname} create list ${TEST NAME}_FQDN + + ${filter} create list Host + + ${filterInfo} Create Dictionary Filter=${filter} Hostname=${hostname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} FilterInfo=${filterInfo} + + PoliciesDelete + +SecurityInterceptHTTP010 + [Tags] Intercept Http Category + + ${dip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=163.171.198.89 Port=1-65535 + + ${destinationAddIpList} Create List ${dip1} + + ${destinationInfo} Create Dictionary destinationAddIpList=${destinationAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=HTTP PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} DestinationInfo=${destinationInfo} + + + + +################################################################################################################################ diff --git a/01-TestCase/tsg_ui/ui_security/Ui_InterceptSSLCase.robot b/01-TestCase/tsg_ui/ui_security/Ui_InterceptSSLCase.robot new file mode 100644 index 0000000..678136c --- /dev/null +++ b/01-TestCase/tsg_ui/ui_security/Ui_InterceptSSLCase.robot @@ -0,0 +1,941 @@ +*** Settings *** +Force Tags tsg-ui Policies Security +Library Selenium2Library +Resource ../../../02-Keyword/tsg_ui/objects/NewObjectPages.robot +Resource ../../../02-Keyword/tsg_ui/objects/NewObject.robot +Resource ../../../02-Keyword/tsg_ui/Menu.robot +Resource ../../../03-Variable/PolicyObjectDefault.txt +Resource ../../../02-Keyword/tsg_ui/policy/UIPolicy.robot + + +*** Test Cases *** +################################################################################################################################ +SecurityInterceptSSL001 + [Tags] Intercept SSL SNI + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN keywordtext=$www.facebook.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + PoliciesDelete + +SecurityInterceptSSL002 + [Tags] Intercept SSL SNI + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN keywordtext=*youtube.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + PoliciesDelete + +SecurityInterceptSSL003 + [Tags] Intercept SSL SNI + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=$twitter.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=*.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + PoliciesDelete + + + +SecurityInterceptSSL005 + [Tags] Intercept SSL Category + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list chat + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} Hosttype=Category + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} + + +SecurityInterceptSSL006 + [Tags] Intercept SSL FQDN + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN keywordtext=$mail.ru + + ${sniname} create list ${TEST NAME}_FQDN + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + UIPolicies ${policyInfo} FilterInfo=${filterInfo} + + PoliciesDelete + + + + +################################################################################################################################ +#DecryptionProfile 按钮用例 +SecurityInterceptSSL007 + [Tags] Intercept SSL 证书验证开关全部开启Fail-close + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*wrong.host.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=*untrusted-root.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN3 keywordtext=*self-signed.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN4 keywordtext=*expired.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 ${TEST NAME}_FQDN3 ${TEST NAME}_FQDN4 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=1 Issuer=1 Self-signed=1 Expiry Date=1 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_按钮开启Fail-close Dict1=${dict} Fail1=Fail-close + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL008 + [Tags] Intercept SSL 证书验证开关全部关闭 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*wrong.host.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=*untrusted-root.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN3 keywordtext=*self-signed.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN4 keywordtext=*expired.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 ${TEST NAME}_FQDN3 ${TEST NAME}_FQDN4 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_证书验证关闭1 Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + + + +SecurityInterceptSSL009 + [Tags] Intercept SSL 证书验证开关failclose-Common Name打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*wrong.host.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=1 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_证书验证开关failclose-Common Name打开 Dict1=${dict} Fail1=Fail-close + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL010 + [Tags] Intercept SSL 证书验证开关failclose-Issuer打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*untrusted-root.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=1 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_证书验证开关failclose-Issuer打开 Dict1=${dict} Fail1=Fail-close + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL011 + [Tags] Intercept SSL 证书验证开关failclose-Self-signed打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*self-signed.badssl.com + + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=1 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_证书验证开关failclose-Self-signed打开 Dict1=${dict} Fail1=Fail-close + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL012 + [Tags] Intercept SSL 证书验证开关failclose-Expiry-Date打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*expired.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=1 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_failclose-Expiry-Date打开 Dict1=${dict} Fail1=Fail-close + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + + +SecurityInterceptSSL013 + [Tags] Intercept SSL 证书验证开关全部开启Pass-through + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*wrong.host.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=*untrusted-root.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN3 keywordtext=*self-signed.badssl.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN4 keywordtext=*expired.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 ${TEST NAME}_FQDN3 ${TEST NAME}_FQDN4 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=1 Issuer=1 Self-signed=1 Expiry Date=1 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_按钮开启Fail-close Dict1=${dict} Fail1=Pass-through + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL014 + [Tags] Intercept SSL 证书验证开关pass-through-Common打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*wrong.host.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=1 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_pass-through-Common打开 Dict1=${dict} Fail1=Pass-through + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL015 + [Tags] Intercept SSL 证书验证开关pass-through-Issuer打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*untrusted-root.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=1 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_pass-through-Issuer打开 Dict1=${dict} Fail1=Pass-through + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL016 + [Tags] Intercept SSL 证书验证开关pass-through-Self-signed打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*self-signed.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=1 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_pass-through-Self-signed打开 Dict1=${dict} Fail1=Pass-through + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL017 + [Tags] Intercept SSL 证书验证开关pass-through-Expiry Date打开 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*expired.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=1 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_pass-through-Expiry Date打开 Dict1=${dict} Fail1=Pass-through + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL018 + [Tags] Intercept SSL 证书验证开关EV开启 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=$www.myssl.cn + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=$pbsz.ebank.cmbchina.com + + ${sniname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=1 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_EV开启 Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL019 + [Tags] Intercept SSL 证书验证开关CT开启 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=$www.jd.com + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN2 keywordtext=$mail.ru + + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN3 keywordtext=$www.vip.com + + ${sniname} create list ${TEST NAME}_FQDN1 ${TEST NAME}_FQDN2 ${TEST NAME}_FQDN3 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=1 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_CT开启 Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL020 + [Tags] Intercept SSL 证书验证开关MA开启 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*client.badssl.com + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=1 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_MA开启 Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + + +SecurityInterceptSSL021 + [Tags] Intercept SSL 证书验证开关开启Certificate Pinning + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=1 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_开启Certificate Pinning Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL022 + [Tags] Intercept SSL 证书验证开关关闭Certificate Pinning + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_关闭Certificate Pinning Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + + +SecurityInterceptSSL023 + [Tags] Intercept SSL 证书验证开关关闭Certificate Not Installed + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_关闭Certificate Not Installed Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL024 + [Tags] Intercept SSL 证书验证开关开启Certificate Not Installed + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=1 Mirror Client Versions=1 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_开启Certificate Not Installed Dict1=${dict} + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL025 + [Tags] Intercept SSL 证书验证开关IP-协议版本SSL3.0 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=0 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_IP-协议版本SSL3.0 Dict1=${dict} min1=SSLv3.0 max1=SSLv3.0 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL026 + [Tags] Intercept SSL 证书验证开关IP-协议版本TSL1.0 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=0 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_IP-协议版本TSL1.0 Dict1=${dict} min1=TLSv1.0 max1=TLSv1.0 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + +SecurityInterceptSSL027 + [Tags] Intercept SSL 证书验证开关IP-协议版本TSL1.1 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=0 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_IP-协议版本TSL1.1 Dict1=${dict} min1=TLSv1.1 max1=TLSv1.1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + + +SecurityInterceptSSL028 + [Tags] Intercept SSL 证书验证开关IP-协议版本TSL1.2 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=0 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_IP-协议版本TSL1.2 Dict1=${dict} min1=TLSv1.2 max1=TLSv1.2 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete + + +SecurityInterceptSSL029 + [Tags] Intercept SSL 证书验证开关IP-协议版本TSL1.3 + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${dict} Create Dictionary Common Name=0 Issuer=0 Self-signed=0 Expiry Date=0 EV Certificat=0 + ... Certificate Transparency=0 Mutual Authentication=0 On Protocol Errors=0 Certificate Pinning=0 Certificate Not Installed=0 Mirror Client Versions=0 + ... Allow HTTP/2=1 + + ${DecryptionProfile} Create Dictionary DecryptionProfileSearchorCreate=Create DecryptionProfilename=${TEST NAME}_IP-协议版本TSL1.3 Dict1=${dict} min1=TLSv1.3 max1=TLSv1.3 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} DecryptionProfile=${DecryptionProfile} + + PoliciesDelete +################################################################################################################################ +#解密流量转发 + + +SecurityInterceptSSL030 + [Tags] Intercept SSL 解密流量mac + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*$twitter.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${MirrorDecryptedTrafficInfo} Create Dictionary MirrorDecryptedTraffic=open MirrorDecryptedTrafficSearchorCreate=Create MirrorDecryptedTrafficname=${TEST NAME}_解密流量mac Type=mac Shuru=11:11:11:11:11:11 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} MirrorDecryptedTrafficInfo=${MirrorDecryptedTrafficInfo} + + PoliciesDelete + + + +SecurityInterceptSSL031 + [Tags] Intercept SSL 解密流量vlan + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*$twitter.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${MirrorDecryptedTrafficInfo} Create Dictionary MirrorDecryptedTraffic=open MirrorDecryptedTrafficSearchorCreate=Create MirrorDecryptedTrafficname=${TEST NAME}_解密流量vlan Type=vlan Shuru=111 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} MirrorDecryptedTrafficInfo=${MirrorDecryptedTrafficInfo} + + PoliciesDelete + + + +################################################################################################################################ +#证书验证 +SecurityInterceptSSL032 + [Tags] Intercept SSL 根证书 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*$twitter.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${Keyring} Create Dictionary KeySearchorCreate=Create Keyname=${TEST NAME}_根证书1 File=${path}keyrings//root//ca-cer.pem File1=${path}keyrings//root//ca.key ExpiryHours1or2=2 Type=certificateType_select0 + ... Type1=keyringsadd_publicKeyAlgoSelet1 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} Keyring=${Keyring} + + PoliciesDelete + +SecurityInterceptSSL033 + [Tags] Intercept SSL 中间证书 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*$twitter.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${Keyring} Create Dictionary KeySearchorCreate=Create Keyname=${TEST NAME}_中间证书1 File=${path}keyrings//Intermediate//camiddle.chain.pem File1=${path}keyrings//Intermediate//camiddle.key ExpiryHours1or2=2 + ... Type=certificateType_select1 Type1=keyringsadd_publicKeyAlgoSelet2 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} Keyring=${Keyring} + + PoliciesDelete + +SecurityInterceptSSL034 + [Tags] Intercept SSL 实体证书 + #新建对象fqdn + Comment 新建对象fqdn + CreatePage FQDN single ${TEST NAME}_FQDN1 keywordtext=*$twitter.com + + ${sip1} Create Dictionary Sordtype=Source Type1=Ip CreateOrSearch=Create Add=Address Name=${TEST NAME}_IP1 Ipclienttext1=192.168.50.17 Port=1-65535 + + ${sourceAddIpList} Create List ${sip1} + + ${sourceInfo} Create Dictionary sourceAddIpList=${sourceAddIpList} + + ${sniname} create list ${TEST NAME}_FQDN1 + + ${filter} create list SNI + + ${filterInfo} Create Dictionary Filter=${filter} SSLSNIname=${sniname} + + ${policyInfo} Create Dictionary PolicyType=Security Policy CreateorEdit=Create PolicyName=${TEST NAME} PolicyAction=Intercept ApplicationSearch=SSL PolicyLogSession=1 PolicyEnabled=1 + + ${Keyring} Create Dictionary KeySearchorCreate=Create Keyname=${TEST NAME}_实体证书1 File=${path}keyrings//end-entity//caentity.chain.pem File1=${path}keyrings//end-entity//caentity.key ExpiryHours1or2=2 + ... Type=certificateType_select2 Type1=keyringsadd_publicKeyAlgoSelet3 + + UIPolicies ${policyInfo} SourceInfo=${sourceInfo} FilterInfo=${filterInfo} Keyring=${Keyring} + + PoliciesDelete + +################################################################################################################################