*** Settings *** Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} Force Tags tsg_adc Security_Policy Library OperatingSystem Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot Resource ../../../03-Variable/AllFlowCaseVariable.txt *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /v1/policy/profile/decryption ${profileId} ${EMPTY} *** Test Cases *** Intercept_SSL_Decryption-00001 [Tags] intercpt-服务器证书校验开关关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat ... ELSE set variable curl -kv https://wrong.host.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat ... ELSE set variable curl -kv https://self-signed.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat ... ELSE set variable curl -kv https://expired.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com Intercept_SSL_Decryption-00002 [Tags] 拦截intercpt-服务器证书校验打开-failclose Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat ... ELSE set variable curl -kv https://wrong.host.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat ... ELSE set variable curl -kv https://self-signed.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat ... ELSE set variable curl -kv https://expired.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com Intercept_SSL_Decryption-00003 [Tags] 拦截intercpt-服务器证书校验打开-pass-through Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat ... ELSE set variable curl -kv https://wrong.host.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat ... ELSE set variable curl -kv https://self-signed.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat ... ELSE set variable curl -kv https://expired.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com Intercept_SSL_Decryption-00004 [Tags] intercpt-EV关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*myssl.com,*myssl.cn ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat ... ELSE set variable curl -kv https://myssl.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat ... ELSE set variable curl -kv https://www.myssl.cn ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn Intercept_SSL_Decryption-00005 [Tags] intercpt-EV开启 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*myssl.com,*myssl.cn ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat ... ELSE set variable curl -kv https://myssl.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat ... ELSE set variable curl -kv https://www.myssl.cn ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn Intercept_SSL_Decryption-00006 [Tags] 拦截intercpt-CT关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*jd.com,*mail.ru ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat ... ELSE set variable curl -kv https://www.vip.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat ... ELSE set variable curl -kv https://mail.ru/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mail.ru Intercept_SSL_Decryption-00007 [Tags] 拦截intercpt-CT开启 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":1,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*jd.com,*mail.ru ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable GlobalSign RSA OV SSL CA 2018 ... ELSE set variable GlobalSign RSA OV SSL CA 2018 ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat ... ELSE set variable curl -kv https://www.vip.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Secure Site Pro CA G2 ... ELSE set variable Secure Site Pro CA G2 ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat ... ELSE set variable curl -kv https://mail.ru/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mail.ru Intercept_SSL_Decryption-00008 [Tags] 拦截intercpt-MA关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat ... ELSE set variable curl -kv https://client.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com Intercept_SSL_Decryption-00009 [Tags] 拦截intercpt-MA开启 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat ... ELSE set variable curl -kv https://client.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable DigiCert SHA2 Secure Server CA ... ELSE set variable DigiCert SHA2 Secure Server CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com Intercept_SSL_Decryption-00010 [Tags] 拦截intercpt-协议版本-SSL3 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*ya.ru,*yandex.ru ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00010 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_11.bat ... ELSE set variable curl -kv https://ya.ru ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni ya.ru Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_12.bat ... ELSE set variable curl -kv https://yandex.ru ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni yandex.ru Intercept_SSL_Decryption-00011 [Tags] 拦截intercpt-协议版本-TLS1.0 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls10","max":"tls10","mirror_client":0,"allow_http2":0} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*github.com,*jd.com,*mi.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00011 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat ... ELSE set variable curl -kv https://github.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat ... ELSE set variable curl -kv https:///www.mi.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com Intercept_SSL_Decryption-00012 [Tags] 拦截intercpt-协议版本-TLS1.1 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls11","max":"tls11","mirror_client":0,"allow_http2":0} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*github.com,*jd.com,*mi.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00012 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat ... ELSE set variable curl -kv https://github.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat ... ELSE set variable curl -kv https:///www.mi.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com Intercept_SSL_Decryption-00013 [Tags] 拦截intercpt-协议版本-TLS1.2 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls12","max":"tls12","mirror_client":0,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*jd.com,*taobao.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00013 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat ... ELSE set variable curl -kv https://www.taobao.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni taobao.com Intercept_SSL_Decryption-00014 [Tags] 拦截intercpt-协议版本-TLS1.3 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls13","max":"tls13","mirror_client":0,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*github.com,*halfrost.com,*mi.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_fqdn_Id} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00014 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat ... ELSE set variable curl -kv https://www.vip.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni vip.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL012.bat ... ELSE set variable curl -kv https://halfrost.com/tls1-3_start/ ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni halfrost.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat ... ELSE set variable curl -kv https:///www.mi.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset ... ELSE set variable Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat ... ELSE set variable curl -kv https://github.com ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA ... ELSE set variable Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommand ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com