144 lines
8.6 KiB
Plaintext
144 lines
8.6 KiB
Plaintext
*** Settings ***
|
||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||
Force Tags tsg_adc tsg_security
|
||
Library OperatingSystem
|
||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||
Resource ../../../03-Variable/ApplicationID.txt
|
||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||
|
||
|
||
*** Variables ***
|
||
${policyIds} ${EMPTY}
|
||
${objectids} ${EMPTY}
|
||
|
||
*** Test Cases ***
|
||
SecurityPolicy-Intesept-Https-00001
|
||
[Tags] Intercept https ip+sni
|
||
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建fqdn
|
||
${addItemList1} Create Dictionary keywordArray=$www.reviewpro.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.reviewpro.com"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_SSL_00001.bat
|
||
... ELSE set variable curl -kv https://www.reviewpro.com/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List reviewpro Tango Secure Gateway CA
|
||
... ELSE Create List reviewpro Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.reviewpro.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
SecurityPolicy-Intesept-Https-00002
|
||
[Tags] Intercept https
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_SSL_00002.bat
|
||
... ELSE set variable curl -kv https://fenopy.se/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Fenopy Tango Secure Gateway CA
|
||
... ELSE Create List Fenopy Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL
|
||
Should Be Equal As Strings ${returnvalue} true |