2 Documentation Test suite to test SSL security fuctionality
4 Library RequestsLibrary
6 Library ../../../libraries/Sxp.py
7 Resource ../../../libraries/SxpLib.robot
8 Resource ../../../libraries/WaitForFailure.robot
9 Resource ../../../libraries/SSHKeywords.robot
11 Suite Setup Setup SXP Environment Local 5
12 Suite Teardown Clean SXP Environment 5
13 Test Setup Clean Nodes
24 [Documentation] Test of SSL security with two SXP-nodes both have each other in truststores
26 SxpLib.Add Connection ${version} speaker 127.0.0.2 64999 127.0.0.1 security_mode=TLS
27 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.2 security_mode=TLS
28 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.2
30 BuiltIn.Wait Until Keyword Succeeds
33 ... SxpLib.Verify Connection
39 SxpLib.Clean Connections 127.0.0.1
40 SxpLib.Clean Connections 127.0.0.2
41 SxpLib.Add Connection ${version} listener 127.0.0.2 64999 127.0.0.1 security_mode=TLS
42 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.2 security_mode=TLS
43 BuiltIn.Wait Until Keyword Succeeds
46 ... SxpLib.Verify Connection
52 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
54 SxpLib.Clean Connections 127.0.0.1
55 SxpLib.Clean Connections 127.0.0.2
56 SxpLib.Add Connection ${version} both 127.0.0.2 64999 127.0.0.1 security_mode=TLS
57 SxpLib.Add Connection ${version} both 127.0.0.1 64999 127.0.0.2 security_mode=TLS
58 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} both 127.0.0.2
60 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} both 127.0.0.1
64 [Documentation] Test of SSL security with two SXP-nodes while node-1 does not contain node-3 in truststore
66 SxpLib.Add Connection ${version} speaker 127.0.0.3 64999 127.0.0.1 security_mode=TLS
67 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.3 security_mode=TLS
68 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
71 ... SxpLib.Verify Connection
77 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
80 ... SxpLib.Verify Connection
86 SxpLib.Clean Connections 127.0.0.1
87 SxpLib.Clean Connections 127.0.0.3
88 SxpLib.Add Connection ${version} listener 127.0.0.3 64999 127.0.0.1 security_mode=TLS
89 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.3 security_mode=TLS
90 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
93 ... SxpLib.Verify Connection
99 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
102 ... SxpLib.Verify Connection
108 SxpLib.Clean Connections 127.0.0.1
109 SxpLib.Clean Connections 127.0.0.3
110 SxpLib.Add Connection ${version} both 127.0.0.3 64999 127.0.0.1 security_mode=TLS
111 SxpLib.Add Connection ${version} both 127.0.0.1 64999 127.0.0.3 security_mode=TLS
112 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
115 ... SxpLib.Verify Connection
121 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
124 ... SxpLib.Verify Connection
131 SSL ConectivityCase 3
132 [Documentation] Test of SSL security with two SXP-nodes while both of nodes does not have each other in truststores
134 SxpLib.Add Connection ${version} speaker 127.0.0.4 64999 127.0.0.1 security_mode=TLS
135 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.4 security_mode=TLS
136 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
139 ... SxpLib.Verify Connection
145 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
148 ... SxpLib.Verify Connection
154 SxpLib.Clean Connections 127.0.0.1
155 SxpLib.Clean Connections 127.0.0.4
156 SxpLib.Add Connection ${version} listener 127.0.0.4 64999 127.0.0.1 security_mode=TLS
157 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.4 security_mode=TLS
158 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
161 ... SxpLib.Verify Connection
167 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
170 ... SxpLib.Verify Connection
176 SxpLib.Clean Connections 127.0.0.1
177 SxpLib.Clean Connections 127.0.0.4
178 SxpLib.Add Connection ${version} both 127.0.0.4 64999 127.0.0.1 security_mode=TLS
179 SxpLib.Add Connection ${version} both 127.0.0.1 64999 127.0.0.4 security_mode=TLS
180 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
183 ... SxpLib.Verify Connection
189 WaitForFailure.Verify_Keyword_Never_Passes_Within_Timeout
192 ... SxpLib.Verify Connection
199 SSL ConectivityCase 4
200 [Documentation] Test of SSL security in topology consisting of SXP-nodes that does not uses any security,
201 ... uses TCP-MD5 and SSL security. Each node contains series of bindings that in the end should
202 ... be all propagated to node-5 in topology.
204 SxpLib.Add Connection ${version} listener 127.0.0.2 64999 127.0.0.1 security_mode=TLS
205 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.2 security_mode=TLS
206 BuiltIn.Wait Until Keyword Succeeds
209 ... SxpLib.Verify Connection
215 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
217 SxpLib.Add Connection ${version} listener 127.0.0.3 64999 127.0.0.1 paswd
218 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.3 paswd
219 BuiltIn.Wait Until Keyword Succeeds
222 ... SxpLib.Verify Connection
228 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
230 SxpLib.Add Connection ${version} listener 127.0.0.4 64999 127.0.0.1
231 SxpLib.Add Connection ${version} speaker 127.0.0.1 64999 127.0.0.4
232 BuiltIn.Wait Until Keyword Succeeds
235 ... SxpLib.Verify Connection
241 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.1
243 SxpLib.Add Connection ${version} speaker 127.0.0.5 64999 127.0.0.1 security_mode=TLS
244 SxpLib.Add Connection ${version} listener 127.0.0.1 64999 127.0.0.5 security_mode=TLS
245 BuiltIn.Wait Until Keyword Succeeds 120x 1s SxpLib.Verify Connection ${version} speaker 127.0.0.5
247 BuiltIn.Wait Until Keyword Succeeds
250 ... SxpLib.Verify Connection
256 BuiltIn.Wait Until Keyword Succeeds 120x 1s Verify Topology Bindings 5
260 Setup SXP Environment Local
261 [Documentation] Create session to Controller, copy keystores to ODL machines and setup topology for testing
262 [Arguments] ${node_range}
263 RequestsLibrary.Create Session
265 ... http://${ODL_SYSTEM_IP}:${RESTCONFPORT}
267 ... timeout=${DEFAULT_TIMEOUT_HTTP}
269 SSHKeywords.Open_Connection_To_ODL_System
270 ${ODL_SYSTEM_JAVA_HOME} SSHLibrary.Execute_Command
271 ... java -XshowSettings:properties -version 2>&1 | grep java.home | sed 's/.*= //'
272 FOR ${node} IN RANGE 1 ${node_range}+1
273 SSHKeywords.Execute_Command_Should_Pass
274 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -genkeypair -alias odl-sxp-${node} -keyalg RSA -storepass ${password} -keypass ${password} -dname "CN=www.opendaylight.org, OU=csit, O=ODL, L=N/A, S=N/A, C=N/A" -keystore csit-keystore-${node}
275 SSHKeywords.Execute_Command_Should_Pass
276 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -exportcert -keystore csit-keystore-${node} -alias odl-sxp-${node} -storepass ${password} -file odl-sxp-${node}.cer
277 # Node-1 TRUSTS Node-2, Node-5
279 SSHKeywords.Execute_Command_Should_Pass
280 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-1 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-2.cer -noprompt
281 SSHKeywords.Execute_Command_Should_Pass
282 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-1 -alias odl-sxp-5 -storepass ${password} -keypass ${password} -file odl-sxp-5.cer -noprompt
283 # Node-2 TRUSTS Node-1
284 SSHKeywords.Execute_Command_Should_Pass
285 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-2 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
286 # Node-3 TRUSTS Node-1
287 SSHKeywords.Execute_Command_Should_Pass
288 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-3 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
289 # Node-5 TRUSTS Node-1
290 SSHKeywords.Execute_Command_Should_Pass
291 ... ${ODL_SYSTEM_JAVA_HOME}/bin/keytool -importcert -keystore csit-truststore-5 -alias odl-sxp-2 -storepass ${password} -keypass ${password} -file odl-sxp-1.cer -noprompt
292 SSHKeywords.Execute_Command_Should_Pass cp csit-keystore-4 csit-truststore-4
293 SSHKeywords.Execute_Command_Should_Pass rm odl-sxp-*.cer
294 SSHKeywords.Execute_Command_Should_Pass mv ./csit-keystore-* ${ssl_stores}
295 SSHKeywords.Execute_Command_Should_Pass mv ./csit-truststore-* ${ssl_stores}
296 SSHLibrary.Close Connection
297 FOR ${node} IN RANGE 1 ${node_range}+1
298 ${SSL} BuiltIn.Create Dictionary
299 ... truststore=${ssl_stores}/csit-truststore-${node}
300 ... keystore=${ssl_stores}/csit-keystore-${node}
301 ... password=${password}
302 ${rnd_retry_time} BuiltIn.Evaluate random.randint(1, 5) modules=random
303 SxpLib.Add Node 127.0.0.${node} ${EMPTY} ssl_stores=${SSL} retry_open_timer=${rnd_retry_time}
304 BuiltIn.Wait Until Keyword Succeeds
307 ... SxpLib.Check Node started
309 ... system=${ODL_SYSTEM_IP}
310 SxpLib.Add Bindings ${node}00 1.1.1.${node}/32 127.0.0.${node}
311 SxpLib.Add Bindings ${node}00 2.2.2.${node}/32 127.0.0.${node}
314 Verify Topology Bindings
315 [Documentation] Create session to Controller
316 [Arguments] ${node_range}
317 ${resp} SxpLib.Get Bindings 127.0.0.5
318 FOR ${node} IN RANGE 1 ${node_range}+1
319 SxpLib.Should Contain Binding ${resp} ${node}00 1.1.1.${node}/32
320 SxpLib.Should Contain Binding ${resp} ${node}00 2.2.2.${node}/32
324 [Documentation] Cleanup of resources alocated by test suite
325 SxpLib.Clean Connections 127.0.0.1
326 SxpLib.Clean Connections 127.0.0.2
327 SxpLib.Clean Connections 127.0.0.3
328 SxpLib.Clean Connections 127.0.0.4
329 SxpLib.Clean Connections 127.0.0.5