diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Intercept_SSL_keyring_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Intercept_SSL_keyring_Tests.robot new file mode 100644 index 0000000..b9e8c0e --- /dev/null +++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Intercept_SSL_keyring_Tests.robot @@ -0,0 +1,200 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags tsg_adc Security_Policy +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot +Library Custometest + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /policy/profile/keyringobj +${keyringId} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Intercept-SSL-00001 + [Tags] ip root selfserver + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/root/ mesalab-ca-cert.pem mesalab-ca-key.pem + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable видео mesalab-ca + ... ELSE set variable рутуб mesalab-ca + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Intercept-SSL-00002 + [Tags] root selfserver ip+cat + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/root/ tango-ca-root-01-cer.pem tango-ca-root-01-key.pem + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable Twitter tango-ca-root + ... ELSE set variable Twitter tango-ca-root + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Intercept-SSL-00003 + [Tags] root ip+fqdn selfserver + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/root/ tango-ca-trust-ca-cer.pem tango-ca-trust-ca-key.pem + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable 字节跳动 Tango National Proxy CA + ... ELSE set variable 字节跳动 Tango National Proxy CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Intercept-SSL-00004 + [Tags] Selfserver ip intermediate + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/intermediate/ tang-ca-v3-intermediate-01-cer.pem tang-ca-v3-intermediate-01-key.pem {"isValid":1,"opAction":"add","returnData":1,"keyringName":"test1","keyringType":"intermediate","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa1024","keyringId":null,"includeRoot":0} + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable видео tang-ca-v3-intermediate-01 + ... ELSE set variable рутуб tang-ca-v3-intermediate-01 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Intercept-SSL-00005 + [Tags] selfserver ip+cat intermediate + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/intermediate/ tang-ca-v3-intermediate-02-cer.pem tang-ca-v3-intermediate-02-key.pem {"isValid":1,"opAction":"add","returnData":1,"keyringName":"test2","keyringType":"intermediate","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa1024","keyringId":null,"includeRoot":0} + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable tang-ca-v3-intermediate-02 Twitter + ... ELSE set variable Twitter tang-ca-v3-intermediate-02 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Intercept-SSL-00006 + [Tags] ip+fqdn selfserver end-entity + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/end-entity/ tang-ca-v3-www.amazon.cn-cer.pem tang-ca-v3-www.amazon.cn-key.pem {"isValid":1,"opAction":"add","returnData":1,"keyringName":"test3","keyringType":"end-entity","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa1024","keyringId":null,"includeRoot":0} + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable 字节跳动 Tango Secure Gateway CA + ... ELSE set variable 字节跳动 Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Intercept-SSL-00007 + [Tags] Selfserver ip end-entity + Comment 创建证书 + ${response} CreatePolicyMutipartFile ${url} keyrings/end-entity/ tang-ca-v3-www.bing.com-cer.pem tang-ca-v3-www.bing.com-key.pem {"isValid":1,"opAction":"add","returnData":1,"keyringName":"test4","keyringType":"end-entity","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa1024","keyringId":null,"includeRoot":0} + ${keyringId} Get From Dictionary ${response} keyringId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":${keyringId},"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' set variable видео Tango Secure Gateway CA + ... ELSE set variable рутуб Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com