*** Settings *** Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} url=${url} profiledId=${profiledId} Force Tags tsg_adc tsg_security Library OperatingSystem Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot Resource ../../../03-Variable/ApplicationID.txt Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot Library ../../../04-CustomLibrary/Library/VerifyPolicy.py Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot Resource ../../../03-Variable/AllFlowCaseVariable.txt *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /v1/policy/profile/decryption ${profiledId} ${EMPTY} *** Test Cases *** Intercept_SSL_Decryption-00001 [Tags] intercpt-服务器证书校验开关关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat ... ELSE set variable curl -kv https://wrong.host.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat ... ELSE set variable curl -kv https://self-signed.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat ... ELSE set variable curl -kv https://expired.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00002 [Tags] 拦截intercpt-服务器证书校验打开-failclose Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat ... ELSE set variable curl -kv https://wrong.host.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to ... ELSE Create List SSL_ERROR_SYSCALL in connection to ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to ... ELSE Create List SSL_ERROR_SYSCALL in connection to ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat ... ELSE set variable curl -kv https://self-signed.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to ... ELSE Create List SSL_ERROR_SYSCALL in connection to ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat ... ELSE set variable curl -kv https://expired.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to ... ELSE Create List SSL_ERROR_SYSCALL in connection to ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00003 [Tags] 拦截intercpt-服务器证书校验打开-pass-through Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat ... ELSE set variable curl -kv https://wrong.host.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat ... ELSE set variable curl -kv https://self-signed.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat ... ELSE set variable curl -kv https://expired.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00004 [Tags] intercpt-EV关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*myssl.cn isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat ... ELSE set variable curl -kv https://www.myssl.cn ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni myssl.cn Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00005 [Tags] intercpt-EV开启 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*myssl.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat ... ELSE set variable curl -kv https://myssl.com ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat ... ELSE set variable curl -kv https://myssl.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List TrustAsia EV TLS Pro CA G3 ... ELSE Create List TrustAsia EV TLS Pro CA G3 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni myssl.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00006 [Tags] 拦截intercpt-CT关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*vip.com isHexbin=${0} ${addItemList2} Create Dictionary keywordArray=*jd.com isHexbin=${0} ${addItemList3} Create Dictionary keywordArray=*mail.ru isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat ... ELSE set variable curl -kv https://www.vip.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.vip.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat ... ELSE set variable curl -kv https://mail.ru/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mail.ru Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00007 [Tags] 拦截intercpt-CT开启 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":1,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*vip.com isHexbin=${0} ${addItemList2} Create Dictionary keywordArray=*jd.com isHexbin=${0} ${addItemList3} Create Dictionary keywordArray=*mail.ru isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List GlobalSign RSA OV SSL CA 2018 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat ... ELSE set variable curl -kv https://www.vip.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Secure Site Pro CA G2 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.vip.com Should Be Equal As Strings ${returnvalue} true Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat ... ELSE set variable curl -kv https://mail.ru/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mail.ru Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00008 [Tags] 拦截intercpt-MA关闭 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*badssl.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat ... ELSE set variable curl -kv https://client.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni client.badssl.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00009 [Tags] 拦截intercpt-MA开启 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*badssl.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat ... ELSE set variable curl -kv https://client.badssl.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List DigiCert SHA2 Secure Server CA ... ELSE Create List DigiCert SHA2 Secure Server CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni client.badssl.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00010 [Tags] 拦截intercpt-协议版本-SSL3 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*newdaynews.ru isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List newdaynews.ru ... ELSE Create List newdaynews.ru ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni newdaynews.ru Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00011 [Tags] 拦截intercpt-协议版本-TLS1.0 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls10","max":"tls10","mirror_client":0,"allow_http2":0} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*github.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat ... ELSE set variable curl -kv https://github.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List github.com ... ELSE Create List github.com ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni github.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00012 [Tags] 拦截intercpt-协议版本-TLS1.1 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls11","max":"tls11","mirror_client":0,"allow_http2":0} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*jd.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat ... ELSE set variable curl -kv https://github.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00013 [Tags] 拦截intercpt-协议版本-TLS1.2 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls12","max":"tls12","mirror_client":0,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*taobao.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat ... ELSE set variable curl -kv https://www.taobao.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni taobao.com Should Be Equal As Strings ${returnvalue} true Intercept_SSL_Decryption-00014 [Tags] 拦截intercpt-协议版本-TLS1.3 Comment 创建Decryption Profile ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} ${protocol_version} set variable "protocol_version":{"min":"tls13","max":"tls13","mirror_client":0,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${response} CreatePolicyFileNoFile ${url} ${data} ${profiledId} Get From Dictionary ${response} profileId Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId} AddObjects ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=*mi.com isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Intercept策略 ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat ... ELSE set variable curl -kv https://www.taobao.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List mi.com ... ELSE Create List mi.com ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mi.com Should Be Equal As Strings ${returnvalue} true