2 Documentation Test suite to test SSL security fuctionality
3 Suite Setup Setup SXP Environment Local 5
4 Suite Teardown Clean SXP Environment 5
6 Library RequestsLibrary
8 Library ../../../libraries/Sxp.py
9 Resource ../../../libraries/SxpLib.robot
10 Resource ../../../libraries/WaitForFailure.robot
11 Resource ../../../libraries/SSHKeywords.robot
20 [Documentation] Test of SSL security with two SXP-nodes both have each other in truststores
22 SxpLib.Add Connection ${version} speaker 127.0.0.2 64999 127.0.0.1 security_mode=TLS
23 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.2 security_mode=TLS
24 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.2
26 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} listener 127.0.0.1
28 SxpLib.Clean Connections 127.0.0.1
29 SxpLib.Clean Connections 127.0.0.2
30 SxpLib.Add Connection ${version} listener 127.0.0.2 64999 127.0.0.1 security_mode=TLS
31 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.2 security_mode=TLS
32 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} listener 127.0.0.2
34 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
36 SxpLib.Clean Connections 127.0.0.1
37 SxpLib.Clean Connections 127.0.0.2
38 SxpLib.Add Connection ${version} both 127.0.0.2 64999 127.0.0.1 security_mode=TLS
39 SxpLib.Add Connection ${version} both 127.0.0.1 64999 127.0.0.2 security_mode=TLS
40 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} both 127.0.0.2
42 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} both 127.0.0.1
46 [Documentation] Test of SSL security with two SXP-nodes while node-1 does not contain node-3 in truststore
48 SxpLib.Add Connection ${version} speaker 127.0.0.3 64999 127.0.0.1 security_mode=TLS
49 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.3 security_mode=TLS
50 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} speaker 127.0.0.3
52 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} listener 127.0.0.1
54 SxpLib.Clean Connections 127.0.0.1
55 SxpLib.Clean Connections 127.0.0.3
56 SxpLib.Add Connection ${version} listener 127.0.0.3 64999 127.0.0.1 security_mode=TLS
57 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.3 security_mode=TLS
58 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} listener 127.0.0.3
60 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} speaker 127.0.0.1
62 SxpLib.Clean Connections 127.0.0.1
63 SxpLib.Clean Connections 127.0.0.3
64 SxpLib.Add Connection ${version} both 127.0.0.3 64999 127.0.0.1 security_mode=TLS
65 SxpLib.Add Connection ${version} both 127.0.0.1 64999 127.0.0.3 security_mode=TLS
66 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} both 127.0.0.3
68 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} both 127.0.0.1
72 [Documentation] Test of SSL security with two SXP-nodes while both of nodes does not have each other in truststores
74 SxpLib.Add Connection ${version} speaker 127.0.0.4 64999 127.0.0.1 security_mode=TLS
75 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.4 security_mode=TLS
76 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} speaker 127.0.0.4
78 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} listener 127.0.0.1
80 SxpLib.Clean Connections 127.0.0.1
81 SxpLib.Clean Connections 127.0.0.4
82 SxpLib.Add Connection ${version} listener 127.0.0.4 64999 127.0.0.1 security_mode=TLS
83 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.4 security_mode=TLS
84 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} listener 127.0.0.4
86 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} speaker 127.0.0.1
88 SxpLib.Clean Connections 127.0.0.1
89 SxpLib.Clean Connections 127.0.0.4
90 SxpLib.Add Connection ${version} both 127.0.0.4 64999 127.0.0.1 security_mode=TLS
91 SxpLib.Add Connection ${version} both 127.0.0.1 64999 127.0.0.4 security_mode=TLS
92 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} both 127.0.0.4
94 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout 60 1 SxpLib.Verify Connection ${version} both 127.0.0.1
98 [Documentation] Test of SSL security in topology consisting of SXP-nodes that does not uses any security,
99 ... uses TCP-MD5 and SSL security. Each node contains series of bindings that in the end should
100 ... be all propagated to node-5 in topology.
102 SxpLib.Add Connection ${version} listener 127.0.0.2 64999 127.0.0.1 security_mode=TLS
103 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.2 security_mode=TLS
104 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} listener 127.0.0.2
106 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
108 SxpLib.Add Connection ${version} listener 127.0.0.3 64999 127.0.0.1 paswd
109 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.3 paswd
110 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} listener 127.0.0.3
112 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
114 SxpLib.Add Connection ${version} listener 127.0.0.4 64999 127.0.0.1
115 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.4
116 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} listener 127.0.0.4
118 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
120 SxpLib.Add Connection ${version} speaker 127.0.0.5 64999 127.0.0.1 security_mode=TLS
121 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.5 security_mode=TLS
122 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.5
124 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} listener 127.0.0.1
126 BuiltIn.Wait Until Keyword Succeeds 120x 1s Verify Topology Bindings 5
129 Setup SXP Environment Local
130 [Arguments] ${node_range}
131 [Documentation] Create session to Controller, copy keystores to ODL machines and setup topology for testing
132 RequestsLibrary.Create Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} timeout=${DEFAULT_TIMEOUT_HTTP} max_retries=0
133 SSHKeywords.Open_Connection_To_ODL_System
134 ${ODL_SYSTEM_JAVA_HOME} SSHLibrary.Execute_Command java -XshowSettings:properties -version 2>&1 | grep java.home | sed 's/.*= //'
135 FOR ${node} IN RANGE 1 ${node_range}+1
136 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -genkeypair -alias odl-sxp-${node} -keyalg RSA -storepass ${password} -keypass ${password} -dname "CN=www.opendaylight.org, OU=csit, O=ODL, L=N/A, S=N/A, C=N/A" -keystore csit-keystore-${node}
137 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -exportcert -keystore csit-keystore-${node} -alias odl-sxp-${node} -storepass ${password} -file odl-sxp-${node}.cer
138 # Node-1 TRUSTS Node-2, Node-5
140 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-1 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-2.cer -noprompt
141 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-1 -alias odl-sxp-5 -storepass ${password} -keypass ${password} -file odl-sxp-5.cer -noprompt
142 # Node-2 TRUSTS Node-1
143 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-2 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
144 # Node-3 TRUSTS Node-1
145 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-3 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
146 # Node-5 TRUSTS Node-1
147 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-5 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
148 SSHKeywords.Execute_Command_Should_Pass cp csit-keystore-4 csit-truststore-4
149 SSHKeywords.Execute_Command_Should_Pass rm odl-sxp-*.cer
150 SSHKeywords.Execute_Command_Should_Pass mv ./csit-keystore-* ${ssl_stores}
151 SSHKeywords.Execute_Command_Should_Pass mv ./csit-truststore-* ${ssl_stores}
152 SSHLibrary.Close Connection
153 FOR ${node} IN RANGE 1 ${node_range}+1
154 ${SSL} BuiltIn.Create Dictionary truststore=${ssl_stores}/csit-truststore-${node} keystore=${ssl_stores}/csit-keystore-${node} password=${password}
155 ${rnd_retry_time} = BuiltIn.Evaluate random.randint(1, 5) modules=random
156 SxpLib.Add Node 127.0.0.${node} ${EMPTY} ssl_stores=${SSL} retry_open_timer=${rnd_retry_time}
157 BuiltIn.Wait Until Keyword Succeeds 20x 10s SxpLib.Check Node started 127.0.0.${node} system=${ODL_SYSTEM_IP}
158 SxpLib.Add Bindings ${node}00 1.1.1.${node}/32 127.0.0.${node}
159 SxpLib.Add Bindings ${node}00 2.2.2.${node}/32 127.0.0.${node}
162 Verify Topology Bindings
163 [Arguments] ${node_range}
164 [Documentation] Create session to Controller
165 ${resp} SxpLib.Get Bindings 127.0.0.5
166 FOR ${node} IN RANGE 1 ${node_range}+1
167 SxpLib.Should Contain Binding ${resp} ${node}00 1.1.1.${node}/32
168 SxpLib.Should Contain Binding ${resp} ${node}00 2.2.2.${node}/32
172 [Documentation] Cleanup of resources alocated by test suite
173 SxpLib.Clean Connections 127.0.0.1
174 SxpLib.Clean Connections 127.0.0.2
175 SxpLib.Clean Connections 127.0.0.3
176 SxpLib.Clean Connections 127.0.0.4
177 SxpLib.Clean Connections 127.0.0.5