deny中SSL协议，测试通过

01-TestCase/tsg_adc/selfserver/Api_Security/Deny_SSL_Tests.robot

@@ -0,0 +1,213 @@
+*** Settings ***
+Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}
+Force Tags        tsg_adc    Security_Policy
+Library           OperatingSystem
+Resource          ../../../../02-Keyword/tsg_adc/SystemCommand.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
+Resource          ../../../../03-Variable/AllFlowCaseVariable.txt
+
+*** Variables ***
+${policyIds}      ${EMPTY}
+${objectids}      ${EMPTY}
+
+*** Test Cases ***
+SecurityPolicy-Deny-SSL-00001
+    [Tags]    ip    Selfserver    deny    SSL
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-SSL-00001    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"rst"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
+    ...    ELSE    set variable    curl https://open.node.com/test/xiaozhu/xiaozhu.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Deny-SSL-00002
+    [Tags]    Selfserver    SSL    deny    sni    ip+fqdn右匹配
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    FQDN
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId},${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00002    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"drop"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Deny-SSL-00003
+    [Tags]    Selfserver    SSL    ip+cat完整匹配    deny    sni
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    FQDN
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId},${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00003    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"drop"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Deny-SSL-00004
+    [Tags]    Selfserver    SSL    deny    ip+fqdn右匹配    cn
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    FQDN
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId},${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00004    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"drop"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Deny-SSL-00005
+    [Tags]    Selfserver    SSL    ip+cat完整匹配    deny    cn
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    FQDN
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId},${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00005    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"rst"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Deny-SSL-00006
+    [Tags]    Selfserver    SSL    deny    ip+fqdn右匹配    san
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    FQDN
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId},${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00006    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"rst"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Deny-SSL-00007
+    [Tags]    Selfserver    SSL    ip+cat完整匹配    deny    sam
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    FQDN
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId},${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00007    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol": "SSL","method":"drop"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
+    ...    ELSE    Create List    Connection reset by peer
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com