dongxiaoyan-tsg-autotest/01-TestCase/tsg_adc/selfserver/SelfServerDenyAllTests.robot

*** Settings ***
Test Teardown     DeletePolicyAndObject    ${policyIds}    ${objectids}    
Force Tags        tsg_adc    tsg_security    all_protol
Library           OperatingSystem
Resource          ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource          ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource          ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource          ../../../03-Variable/PolicyObjectDefault.txt
Resource          ../../../02-Keyword/tsg_common/StmpHandle.robot
Resource          ../../../03-Variable/BifangApiVariable.txt
Library           Custometest
Library           json

*** Variables ***
${policyIds}      ${EMPTY}
${objectids}      ${EMPTY}
${url}            /policy/profile/responsepages
${profiledId}     ${EMPTY}

*** Test Cases ***
SelfServerSecurityPolicy-Deny-AllProtol-00001
    [Tags]    securitypolciy    deny    allprotol    selfserver  
    
    ${caseName}    set variable    SelfServerSecurityPolicy-Deny-AllProtol-00001
    # 创建对象-IP
    # addItemList全参数：（为方便说明，将参数值拆分为几部分，其实际值为单条无空格/回车字符串，每部分内代表的各参数不可跳跃。）
    #     [addrType]|[protocol]|[direction]|[isSession]#                        第一部分（可省略）
    #     [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]&   第二部分（不可省略）
    #     [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]|   第三部分（可省略）
    #     [isInitialize]|[itemName]|[itemDesc],                                 第四部分（可省略）
    #     ...
    Comment    创建目标IP
    ${objectDict}    Create Dictionary
		   	   ...    objectType=ip
           	   ...    isValid=${Default_IsValid}
           	   ...    objectSubType=${Default_ObjectSubType}
           	   ...    isInitialize=${Default_IsInitialize}
           	   ...    isExclusion=${Default_IsExclusion}
           	   ...    objectName=${caseName}_IPobject
           	   ...    objectDesc=${Default_ObjectDesc}
           	   ...    subObjectIds=${Default_SubObjectIds}
           	   ...    addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}    
    ${objectids}    set Variable    ${objectId}
    
    Comment    创建安全策略，针对所有协议，相当于BlackIP
    ${policyDict}    Create Dictionary
			   ...    policyName=${caseName}_IPobject
		   	   ...    policyType=${tsg_security}
               ...    policyDesc=${Default_PolicyDesc}   
           	   ...    action=deny
           	   ...    effectiveRange=${Default_EffectiveRange}
           	   ...    userRegion=method:rst
           	   ...    referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
           	   ...    isValid=${Default_IsValid}
           	   ...    appObjectIdArray=${Default_AppObjectIdArray}
               ...    userTags=${Default_UserTags} 
               ...    doLog=${Default_DoLog}
               ...    scheduleId=${Default_ScheduleId}
    #默认客户端条件类型：clientip or clientsubid    ${Default_Client_Type}
    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
    ${s}    Convert to String    ${policyId}
    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}   
        
    
    Comment    功能端验证HTTP验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_HTTP.bat
    ...    ELSE    set variable    curl -kv http://open.node.com/
   
    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
    ...    ELSE    Create List    Connection reset by peer
    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    http_host	open.node.com
    
    Comment    功能端验证SSL验证
    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat
    ...    ELSE    set variable    curl -kv https://open.node.com/
   
    ${stringlist}     run keyword if    '${systemType}'=='Windows'    Create List    Connection was reset
    #OpenSSL SSL_connect: Connection was reset in connection to
    #Send failure: Connection was reset
    ...    ELSE    Create List    OpenSSL SSL_connect: Connection reset by peer in connection to
    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ssl_sni	open.node.com
    
    Comment    功能端验证DNS验证
   
    
    Comment    功能端验证MAIL验证
    ${starttime}    Get Time
    #${mail}    EmailLogin    mail.tsgmail.com    25    dongxiaoyan@mail.tsgmail.com    dxy123
    ${starttime}    Get Time
    ${Smtp服务器}    Set Variable    192.168.100.5
    ${Smtp服务器端口}    Set Variable    25
    ${邮箱账号}    Set Variable    dongxiaoyan@mail.tsgmail.com
    ${邮箱密码}    Set Variable    dxy123
    ${邮件主题}    Set Variable     что- иностранныеsuject
    ${发送者}    Set Variable    dongxiaoyan@mail.tsgmail.com
    ${附件}    Set Variable    ["${mailpath}/朱明明测试文件.txt"]
    ${接收者}    Set Variable    ["jwctest@mail.tsgmail.com"]
    ${抄送者}    Set Variable    ["zmmtest@mail.tsgmail.com"]
    ${密送者}    Set Variable    ["lyftest@mail.tsgmail.com"]
    ${邮件正文}    Set Variable    朱明明contentчто-иностранныеsuject
    ${mail}    EmailSendFull    ${Smtp服务器}    ${Smtp服务器端口}    ${邮箱账号}    ${邮箱密码}    ${邮件主题}    ${发送者}    ${接收者}    ${抄送者}    ${密送者}    ${邮件正文}    ${附件}
    should contain    ${mail}    mail_fail
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    mail_protocol_type     SMTP	
	
	Comment    功能端验证FTP验证    
    ${starttime}    Get Time
    Sleep    ${policyVerificationSleepSeconds}s
    
    ${ftpLogin}    FTP_login    ftp://192.168.100.5:21 -u"ftp_user:qazXSW@edc"    test.txt        
    should contain    ${ftpLogin}    ftp_fail 
    Sleep    ${policyLogVerificationSleepSeconds}s
    ${endtime}    Get Time
    #日志验证
    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    ftp_account    ''
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}