From edf709ae450738ae32bc4e921f5bfd262c7c00d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A7=AC=E5=B7=8D=E5=B7=9D?= <jiweichuan@zdjizhi.com>
Date: Sat, 25 Apr 2020 21:25:07 +0800
Subject: [PATCH] =?UTF-8?q?monitor=E5=8A=A8=E4=BD=9CSSL=E5=8D=8F=E8=AE=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Api_Security/Monitor_SSL_Tests.robot      | 213 ++++++++++++++++++
 1 file changed, 213 insertions(+)
 create mode 100644 01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_SSL_Tests.robot

diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_SSL_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_SSL_Tests.robot
new file mode 100644
index 0000000..e7a468a
--- /dev/null
+++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_SSL_Tests.robot
@@ -0,0 +1,213 @@
+*** Settings ***
+Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}
+Force Tags        tsg_adc    Security_Policy
+Library           OperatingSystem
+Resource          ../../../../02-Keyword/tsg_adc/SystemCommand.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
+Resource          ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
+Resource          ../../../../03-Variable/AllFlowCaseVariable.txt
+
+*** Variables ***
+${policyIds}      ${EMPTY}
+${objectids}      ${EMPTY}
+
+*** Test Cases ***
+SecurityPolicy-Monitor-SSL-00001
+    [Tags]    Selfserver    Monitor    Ip    Ssl
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00001    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/rutube/rutube.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    видео
+    ...    ELSE    Create List    рутуб
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Monitor-SSL-00002
+    [Tags]    Selfserver    Monitor    Ssl    Sni    Ip+Fqdn右匹配
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00002    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Twitter
+    ...    ELSE    Create List    新鲜事一网打尽
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Monitor-SSL-00003
+    [Tags]    Selfserver    Monitor    Ssl    Ip+Cat完整匹配    Sni
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}
+    Comment    创建cat
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00003    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    字节跳动
+    ...    ELSE    Create List    字节跳动
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Monitor-SSL-00004
+    [Tags]    Selfserver    SSL    Monitor    Cn    Ip+Fqdn右匹配
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00004    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Twitter
+    ...    ELSE    Create List    新鲜事一网打尽
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Monitor-SSL-00005
+    [Tags]    Selfserver    Monitor    Ssl    Ip+Cat完整匹配    Cn
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}
+    Comment    创建cat
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00005    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol":"SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    字节跳动
+    ...    ELSE    Create List    字节跳动
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Monitor-SSL-00006
+    [Tags]    Selfserver    Monitor    Ssl    San    Ip+Fqdn右匹配
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00006    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol":"SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Twitter
+    ...    ELSE    Create List    新鲜事一网打尽
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com
+
+SecurityPolicy-Monitor-SSL-00007
+    [Tags]    Selfserver    Monitor    Ssl    Ip+Cat完整匹配    San
+    Comment    创建目标IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}
+    Comment    创建cat
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectId}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Monitor-SSL-00007    policyType=tsg_security    policyDesc=autotest    userTags=    action=monitor    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN    isValid=${1}    appObjectIdArray=3
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
+    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    字节跳动
+    ...    ELSE    Create List    字节跳动
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com