gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
783443473cf34abef9af1d670374e398e401cf3c
dongxiaoyan-tsg-autotest/01-TestCase/tsg_adc/api_security/Intercept_SSL_Decryption_Tests.robot

762 lines
58 KiB
Plaintext
Raw Blame History

*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /v1/policy/profile/decryption
${profileId} ${EMPTY}
*** Test Cases ***
Intercept_SSL_Decryption-00001
[Tags] intercpt-服务器证书校验开关关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat
... ELSE set variable curl -kv https://wrong.host.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat
... ELSE set variable curl -kv https://untrusted-root.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://expired.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com
Intercept_SSL_Decryption-00002
[Tags] 拦截intercpt-服务器证书校验打开-failclose
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat
... ELSE set variable curl -kv https://wrong.host.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat
... ELSE set variable curl -kv https://untrusted-root.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://expired.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com
Intercept_SSL_Decryption-00003
[Tags] 拦截intercpt-服务器证书校验打开-pass-through
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat
... ELSE set variable curl -kv https://wrong.host.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat
... ELSE set variable curl -kv https://untrusted-root.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://expired.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com
Intercept_SSL_Decryption-00004
[Tags] intercpt-EV关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*myssl.com,*myssl.cn
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat
... ELSE set variable curl -kv https://myssl.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
... ELSE set variable curl -kv https://www.myssl.cn
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn
Intercept_SSL_Decryption-00005
[Tags] intercpt-EV开启
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*myssl.com,*myssl.cn
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat
... ELSE set variable curl -kv https://myssl.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
... ELSE set variable curl -kv https://www.myssl.cn
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn
Intercept_SSL_Decryption-00006
[Tags] 拦截intercpt-CT关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*jd.com,*mail.ru
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat
... ELSE set variable curl -kv https://mail.ru/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mail.ru
Intercept_SSL_Decryption-00007
[Tags] 拦截intercpt-CT开启
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":1,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*jd.com,*mail.ru
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' set variable GlobalSign RSA OV SSL CA 2018
... ELSE set variable GlobalSign RSA OV SSL CA 2018
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Secure Site Pro CA G2
... ELSE set variable Secure Site Pro CA G2
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat
... ELSE set variable curl -kv https://mail.ru/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mail.ru
Intercept_SSL_Decryption-00008
[Tags] 拦截intercpt-MA关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat
... ELSE set variable curl -kv https://client.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com
Intercept_SSL_Decryption-00009
[Tags] 拦截intercpt-MA开启
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat
... ELSE set variable curl -kv https://client.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' set variable DigiCert SHA2 Secure Server CA
... ELSE set variable DigiCert SHA2 Secure Server CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com
Intercept_SSL_Decryption-00010
[Tags] 拦截intercpt-协议版本-SSL3
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*ya.ru,*yandex.ru
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00010 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat
... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_11.bat
... ELSE set variable curl -kv https://ya.ru
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni ya.ru
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_12.bat
... ELSE set variable curl -kv https://yandex.ru
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni yandex.ru
Intercept_SSL_Decryption-00011
[Tags] 拦截intercpt-协议版本-TLS1.0
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls10","max":"tls10","mirror_client":0,"allow_http2":0}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*github.com,*jd.com,*mi.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00011 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat
... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat
... ELSE set variable curl -kv https://github.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat
... ELSE set variable curl -kv https:///www.mi.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com
Intercept_SSL_Decryption-00012
[Tags] 拦截intercpt-协议版本-TLS1.1
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls11","max":"tls11","mirror_client":0,"allow_http2":0}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*github.com,*jd.com,*mi.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00012 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat
... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat
... ELSE set variable curl -kv https://github.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat
... ELSE set variable curl -kv https:///www.mi.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com
Intercept_SSL_Decryption-00013
[Tags] 拦截intercpt-协议版本-TLS1.2
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls12","max":"tls12","mirror_client":0,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*jd.com,*taobao.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00013 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat
... ELSE set variable curl -kv https://www.taobao.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni taobao.com
Intercept_SSL_Decryption-00014
[Tags] 拦截intercpt-协议版本-TLS1.3
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls13","max":"tls13","mirror_client":0,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*github.com,*halfrost.com,*mi.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00014 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni vip.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL012.bat
... ELSE set variable curl -kv https://halfrost.com/tls1-3_start/
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni halfrost.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat
... ELSE set variable curl -kv https:///www.mi.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset
... ELSE set variable Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat
... ELSE set variable curl -kv https://github.com
${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA
... ELSE set variable Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com
Reference in New Issue View Git Blame Copy Permalink