*** Settings ***
Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}
Force Tags        tsg_adc    Security_Policy
Library           OperatingSystem
Resource          ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource          ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource          ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource          ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource          ../../../../03-Variable/AllFlowCaseVariable.txt

*** Variables ***
${policyIds}      ${EMPTY}
${objectids}      ${EMPTY}

*** Test Cases ***
SecurityPolicy-Allow-SSL-00001
    [Tags]    Selfserver    Allow    Ssl    Ip
    Comment    创建目标IP
    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    Comment    创建安全策略
    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00001    policyType=tsg_security    policyDesc=autotest    userTags=    action=allow    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR    isValid=${1}    appObjectIdArray=3
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    #删除策略
    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/rutube/rutube.html
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    видео
    ...    ELSE    Create List    рутуб
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    ${s}    Convert to String    ${policyId}
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com

SecurityPolicy-Allow-SSL-00002
    [Tags]    Selfserver    Allow    Ssl    Ip+Cat完整匹配
    Comment    创建目标IP
    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    Comment    创建cat
    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$open.node.com
    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${object_fqdn_Id}
    Comment    创建安全策略
    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00002    policyType=tsg_security    policyDesc=autotest    userTags=    action=allow    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI    isValid=${1}    appObjectIdArray=3
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    #删除策略
    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/twitter/twitter.html
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    Twitter
    ...    ELSE    Create List    新鲜事一网打尽
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    ${s}    Convert to String    ${policyId}
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com

SecurityPolicy-Allow-SSL-00003
    [Tags]    Selfserver    Allow    Ssl    Ip+Fqdn右匹配
    Comment    创建目标IP
    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.100.5|32|0/0
    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
    ${objectids}    set Variable    ${objectId}
    Comment    创建fqdn
    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*open.node.com
    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${object_fqdn_Id}
    Comment    创建安全策略
    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Allow-SSL-00003    policyType=tsg_security    policyDesc=autotest    userTags=    action=allow    effectiveRange=    userRegion={"protocol": "SSL"}    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI    isValid=${1}    appObjectIdArray=3
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    #删除策略
    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
    ...    ELSE    set variable    curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    字节跳动
    ...    ELSE    Create List    字节跳动
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    ${s}    Convert to String    ${policyId}
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host    open.node.com