2 Documentation Test suite to test SSL security fuctionality
3 Suite Setup Setup SXP Environment Local 6
4 Suite Teardown Clean SXP Environment 6
6 Library RequestsLibrary
8 Library ../../../libraries/Sxp.py
9 Resource ../../../libraries/SxpLib.robot
10 Resource ../../../libraries/WaitForFailure.robot
11 Resource ../../../libraries/SSHKeywords.robot
20 [Documentation] Test of SSL security with two SXP-nodes both have each other in truststores
22 Add Connection ${version} speaker 127.0.0.2 64999 127.0.0.1 security_mode=TLS
23 Add Connection ${version} listener 127.0.0.1 64999 127.0.0.2 security_mode=TLS
24 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} speaker 127.0.0.2
26 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} listener 127.0.0.1
28 Clean Connections 127.0.0.1
29 Clean Connections 127.0.0.2
30 Add Connection ${version} listener 127.0.0.2 64999 127.0.0.1 security_mode=TLS
31 Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.2 security_mode=TLS
32 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} listener 127.0.0.2
34 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} speaker 127.0.0.1
36 Clean Connections 127.0.0.1
37 Clean Connections 127.0.0.2
38 Add Connection ${version} both 127.0.0.2 64999 127.0.0.1 security_mode=TLS
39 Add Connection ${version} both 127.0.0.1 64999 127.0.0.2 security_mode=TLS
40 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} both 127.0.0.2
42 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} both 127.0.0.1
46 [Documentation] Test of SSL security with two SXP-nodes while node-1 does not contain node-3 in truststore
48 Add Connection ${version} speaker 127.0.0.3 64999 127.0.0.1 security_mode=TLS
49 Add Connection ${version} listener 127.0.0.1 64999 127.0.0.3 security_mode=TLS
50 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} speaker 127.0.0.3
52 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} listener 127.0.0.1
54 Clean Connections 127.0.0.1
55 Clean Connections 127.0.0.3
56 Add Connection ${version} listener 127.0.0.3 64999 127.0.0.1 security_mode=TLS
57 Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.3 security_mode=TLS
58 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} listener 127.0.0.3
60 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} speaker 127.0.0.1
62 Clean Connections 127.0.0.1
63 Clean Connections 127.0.0.3
64 Add Connection ${version} both 127.0.0.3 64999 127.0.0.1 security_mode=TLS
65 Add Connection ${version} both 127.0.0.1 64999 127.0.0.3 security_mode=TLS
66 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} both 127.0.0.3
68 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} both 127.0.0.1
72 [Documentation] Test of SSL security with two SXP-nodes while both of nodes does not have each other in truststores
74 Add Connection ${version} speaker 127.0.0.4 64999 127.0.0.1 security_mode=TLS
75 Add Connection ${version} listener 127.0.0.1 64999 127.0.0.4 security_mode=TLS
76 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} speaker 127.0.0.4
78 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} listener 127.0.0.1
80 Clean Connections 127.0.0.1
81 Clean Connections 127.0.0.4
82 Add Connection ${version} listener 127.0.0.4 64999 127.0.0.1 security_mode=TLS
83 Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.4 security_mode=TLS
84 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} listener 127.0.0.4
86 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} speaker 127.0.0.1
88 Clean Connections 127.0.0.1
89 Clean Connections 127.0.0.4
90 Add Connection ${version} both 127.0.0.4 64999 127.0.0.1 security_mode=TLS
91 Add Connection ${version} both 127.0.0.1 64999 127.0.0.4 security_mode=TLS
92 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} both 127.0.0.4
94 Verify_Keyword_Never_Passes_Within_Timeout 15 1 Verify Connection ${version} both 127.0.0.1
98 [Documentation] Test of SSL security in topology consisting of SXP-nodes that does not uses any security,
99 ... uses TCP-MD5 and SSL security. Each node conatains series of bindings that in the end should
100 ... be all propagated to node-5 in topology.
102 Add Connection ${version} listener 127.0.0.2 64999 127.0.0.1 security_mode=TLS
103 Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.2 security_mode=TLS
104 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} listener 127.0.0.2
106 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} speaker 127.0.0.1
108 Add Connection ${version} listener 127.0.0.3 64999 127.0.0.1 paswd
109 Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.3 paswd
110 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} listener 127.0.0.3
112 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} speaker 127.0.0.1
114 Add Connection ${version} listener 127.0.0.4 64999 127.0.0.1
115 Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.4
116 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} listener 127.0.0.4
118 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} speaker 127.0.0.1
120 Add Connection ${version} speaker 127.0.0.5 64999 127.0.0.1 security_mode=TLS
121 Add Connection ${version} listener 127.0.0.1 64999 127.0.0.5 security_mode=TLS
122 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} speaker 127.0.0.5
124 Wait Until Keyword Succeeds 15 1 Verify Connection ${version} listener 127.0.0.1
126 Wait Until Keyword Succeeds 15 1 Verify Topology Bindings 6
129 Setup SXP Environment Local
130 [Arguments] ${node_range}
131 [Documentation] Create session to Controller, copy keystores to ODL machines and setup topology for testing
133 Open_Connection_To_ODL_System
134 ${ODL_SYSTEM_JAVA_HOME} SSHLibrary.Execute_Command java -XshowSettings:properties -version 2>&1 | grep java.home | sed 's/.*= //'
135 : FOR ${node} IN RANGE 1 ${node_range}
136 \ SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -genkeypair -alias odl-sxp-${node} -keyalg RSA -storepass ${password} -keypass ${password} -dname "CN=www.opendaylight.org, OU=csit, O=ODL, L=N/A, S=N/A, C=N/A" -keystore csit-keystore-${node}
137 \ SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -exportcert -keystore csit-keystore-${node} -alias odl-sxp-${node} -storepass ${password} -file odl-sxp-${node}.cer
138 # Node-1 TRUSTS Node-2, Node-5
139 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-1 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-2.cer -noprompt
140 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-1 -alias odl-sxp-5 -storepass ${password} -keypass ${password} -file odl-sxp-5.cer -noprompt
141 # Node-2 TRUSTS Node-1
142 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-2 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
143 # Node-3 TRUSTS Node-1
144 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-3 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
145 # Node-5 TRUSTS Node-1
146 SSHKeywords.Execute_Command_Should_Pass ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-5 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
147 SSHKeywords.Execute_Command_Should_Pass cp csit-keystore-4 csit-truststore-4
148 SSHKeywords.Execute_Command_Should_Pass rm odl-sxp-*.cer
149 SSHKeywords.Execute_Command_Should_Pass mv ./csit-keystore-* ${ssl_stores}
150 SSHKeywords.Execute_Command_Should_Pass mv ./csit-truststore-* ${ssl_stores}
151 SSHLibrary.Close Connection
152 : FOR ${node} IN RANGE 1 ${node_range}
153 \ ${SSL} Create Dictionary truststore=${ssl_stores}/csit-truststore-${node} keystore=${ssl_stores}/csit-keystore-${node} password=${password}
154 \ Add Node 127.0.0.${node} ${EMPTY} ssl_stores=${SSL}
155 \ Add Binding ${node}00 1.1.1.${node}/32 127.0.0.${node}
156 \ Add Binding ${node}00 2.2.2.${node}/32 127.0.0.${node}
158 Verify Topology Bindings
159 [Arguments] ${node_range}
160 [Documentation] Create session to Controller
161 ${resp} Get Bindings 127.0.0.5
162 : FOR ${node} IN RANGE 1 ${node_range}
163 \ Should Contain Binding ${resp} ${node}00 2.2.2.${node}/32
166 [Documentation] Cleanup of resources alocated by test suite
167 Clean Connections 127.0.0.1
168 Clean Connections 127.0.0.2
169 Clean Connections 127.0.0.3
170 Clean Connections 127.0.0.4
171 Clean Connections 127.0.0.5