*** Settings ***
Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}    
Force Tags        tsg_adc    tsg_security    all_protol
Library           OperatingSystem
Resource          ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource          ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource          ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource          ../../../03-Variable/PolicyObjectDefault.txt
Library           Custometest
Library           json

*** Variables ***
${policyIds}      ${EMPTY}
${objectids}      ${EMPTY}
${url}            /policy/profile/responsepages
${profiledId}     ${EMPTY}

*** Test Cases ***
SecurityPolicy-Deny-AllProtol-00001
    [Tags]    Deny    
    # 创建对象-IP
    # addItemList全参数：（为方便说明，将参数值拆分为几部分，其实际值为单条无空格/回车字符串，每部分内代表的各参数不可跳跃。）
    #     [addrType]|[protocol]|[direction]|[isSession]#                        第一部分（可省略）
    #     [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]&   第二部分（不可省略）
    #     [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]|   第三部分（可省略）
    #     [isInitialize]|[itemName]|[itemDesc],                                 第四部分（可省略）
    #     ...
    Comment    创建目标IP
    ${objectDict}    Create Dictionary
		   	   ...    objectType=${Default_ObjectType}
           	   ...    isValid=${Default_IsValid}
           	   ...    objectSubType=${Default_ObjectSubType}
           	   ...    isInitialize=${Default_IsInitialize}
           	   ...    isExclusion=${Default_IsExclusion}
           	   ...    objectName=${Default_ObjectName}
           	   ...    objectDesc=${Default_ObjectDesc}
           	   ...    subObjectIds=${Default_SubObjectIds}
           	   ...    addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}    
    ${objectids}    set Variable    ${objectId}
    
    Comment    创建安全策略，针对所有协议，相当于BlackIP
    ${policyDict}    Create Dictionary
			   ...    policyName=${Default_PolicyName}
		   	   ...    policyType=${Default_PolicyType}
               ...    policyDesc=${Default_PolicyDesc}   
           	   ...    action=${Default_Action}
           	   ...    effectiveRange=${Default_EffectiveRange}
           	   ...    userRegion=${Default_UserRegion}
           	   ...    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
           	   ...    isValid=${Default_IsValid}
           	   ...    appObjectIdArray=${Default_AppObjectIdArray}
               ...    userTags=${Default_UserTags} 
               ...    doLog=${Default_DoLog}
               ...    scheduleId=${Default_ScheduleId}
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    ${policyId}    set Variable    {"policyType":"tsg_security","policyIds":[${policyId}]}   

    ${s}    Convert to String    ${policyId}
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_HTTP.bat
    ...    ELSE    set variable    curl -kv http://open.node.com/
   
    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
    ...    ELSE    Create List    Connection reset by peer
    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host	open.node.com
    
    Comment    功能端验证SSL验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat
    ...    ELSE    set variable    curl -kv https://open.node.com/
   
    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
    #OpenSSL SSL_connect: Connection was reset in connection to
    #Send failure: Connection was reset
    ...    ELSE    Create List    OpenSSL SSL_connect: Connection reset by peer in connection to
    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ssl_sni	open.node.com
    
    Comment    功能端验证DNS验证
    
    Comment    功能端验证FTP验证    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    
    ${ftpLogin}    FTP_login    ftp:192.168.100.5 -u"ftp_user:qazXSW@edc"
    should contain    ${ftpLogin}    fail 
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ftp_account    ftp_user
    
    Comment    功能端验证MAIL验证
    ${starttime}    Get Time
    ${mail}    EmailLogin    mail.tsgmail.com    25    dongxiaoyan@mail.tsgmail.com    dxy123
    should contain    ${mail}    fail
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    mail_account    dongxiaoyan@mail.tsgmail.com
    
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}