gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
a7c988027875e4d41bd22e25d99182dbbaed934b
dongxiaoyan-tsg-autotest/01-TestCase/tsg_adc/api_security/Intercept_SSL_Decryption_Tests.robot

864 lines
58 KiB
Plaintext
Raw Blame History

*** Settings ***
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} url=${url} profiledId=${profiledId}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
Resource ../../../03-Variable/ApplicationID.txt
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /v1/policy/profile/decryption
${profiledId} ${EMPTY}
*** Test Cases ***
Intercept_SSL_Decryption-00001
[Tags] intercpt-服务器证书校验开关关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat
... ELSE set variable curl -kv https://wrong.host.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat
... ELSE set variable curl -kv https://untrusted-root.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://expired.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00002
[Tags] 拦截intercpt-服务器证书校验打开-failclose
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat
... ELSE set variable curl -kv https://wrong.host.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to
... ELSE Create List SSL_ERROR_SYSCALL in connection to
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat
... ELSE set variable curl -kv https://untrusted-root.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to
... ELSE Create List SSL_ERROR_SYSCALL in connection to
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to
... ELSE Create List SSL_ERROR_SYSCALL in connection to
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://expired.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to
... ELSE Create List SSL_ERROR_SYSCALL in connection to
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00003
[Tags] 拦截intercpt-服务器证书校验打开-pass-through
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat
... ELSE set variable curl -kv https://wrong.host.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat
... ELSE set variable curl -kv https://untrusted-root.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://expired.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00004
[Tags] intercpt-EV关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*myssl.cn isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
... ELSE set variable curl -kv https://www.myssl.cn
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni myssl.cn
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00005
[Tags] intercpt-EV开启
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*myssl.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat
... ELSE set variable curl -kv https://myssl.com
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat
... ELSE set variable curl -kv https://myssl.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List TrustAsia EV TLS Pro CA G3
... ELSE Create List TrustAsia EV TLS Pro CA G3
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni myssl.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00006
[Tags] 拦截intercpt-CT关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*vip.com isHexbin=${0}
${addItemList2} Create Dictionary keywordArray=*jd.com isHexbin=${0}
${addItemList3} Create Dictionary keywordArray=*mail.ru isHexbin=${0}
${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.vip.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat
... ELSE set variable curl -kv https://mail.ru/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mail.ru
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00007
[Tags] 拦截intercpt-CT开启
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":1,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*vip.com isHexbin=${0}
${addItemList2} Create Dictionary keywordArray=*jd.com isHexbin=${0}
${addItemList3} Create Dictionary keywordArray=*mail.ru isHexbin=${0}
${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List GlobalSign RSA OV SSL CA 2018
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Secure Site Pro CA G2
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.vip.com
Should Be Equal As Strings ${returnvalue} true
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat
... ELSE set variable curl -kv https://mail.ru/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mail.ru
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00008
[Tags] 拦截intercpt-MA关闭
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*badssl.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat
... ELSE set variable curl -kv https://client.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni client.badssl.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00009
[Tags] 拦截intercpt-MA开启
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*badssl.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat
... ELSE set variable curl -kv https://client.badssl.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List DigiCert SHA2 Secure Server CA
... ELSE Create List DigiCert SHA2 Secure Server CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni client.badssl.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00010
[Tags] 拦截intercpt-协议版本-SSL3
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*newdaynews.ru isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat
... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/
${stringlist} run keyword if '${systemType}'=='Windows' Create List newdaynews.ru
... ELSE Create List newdaynews.ru
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni newdaynews.ru
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00011
[Tags] 拦截intercpt-协议版本-TLS1.0
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls10","max":"tls10","mirror_client":0,"allow_http2":0}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*github.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat
... ELSE set variable curl -kv https://github.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List github.com
... ELSE Create List github.com
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni github.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00012
[Tags] 拦截intercpt-协议版本-TLS1.1
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls11","max":"tls11","mirror_client":0,"allow_http2":0}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*jd.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat
... ELSE set variable curl -kv https://github.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00013
[Tags] 拦截intercpt-协议版本-TLS1.2
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls12","max":"tls12","mirror_client":0,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*taobao.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat
... ELSE set variable curl -kv https://www.taobao.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni taobao.com
Should Be Equal As Strings ${returnvalue} true
Intercept_SSL_Decryption-00014
[Tags] 拦截intercpt-协议版本-TLS1.3
Comment 创建Decryption Profile
${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0}
${protocol_version} set variable "protocol_version":{"min":"tls13","max":"tls13","mirror_client":0,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${response} CreatePolicyFileNoFile ${url} ${data}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${addItemList1} Create Dictionary keywordArray=*mi.com isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Intercept策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat
... ELSE set variable curl -kv https://www.taobao.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List mi.com
... ELSE Create List mi.com
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mi.com
Should Be Equal As Strings ${returnvalue} true
Reference in New Issue View Git Blame Copy Permalink