+Apply TLS-based Call-Home configuration
+ [Documentation] Upload netopeer2 configuration files needed for TLS transport
+ Generate certificates for TLS configuration
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-keystore.xml
+ ... configuration-files/ietf-keystore.xml
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-truststore.xml
+ ... configuration-files/ietf-truststore.xml
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/configuration-files/tls/ietf-netconf-server.xml
+ ... configuration-files/ietf-netconf-server.xml
+
+Generate certificates for TLS configuration
+ [Documentation] Generates certificates for 2-way TLS authentication (ca, server, client)
+ ${stdout} SSHLibrary.Execute Command rm -rf ./certs && mkdir ./certs
+ SSHLibrary.Put File ${CURDIR}/../variables/netconf/callhome/x509_v3.cfg ./x509_v3.cfg
+ ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/ca.key 2048
+ ${stdout} SSHLibrary.Execute Command
+ ... openssl req -x509 -new -extensions v3_ca -nodes -key ./certs/ca.key -sha256 -days 365 -subj "/C=US/ST=CA/L=Netopeer/O=netopeerCA/CN=netopeerCA" -out ./certs/ca.pem
+ ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/server.key 2048
+ ${stdout} SSHLibrary.Execute Command
+ ... openssl req -new -sha256 -key ./certs/server.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-server" -out ./certs/server.csr
+ ${stdout} SSHLibrary.Execute Command
+ ... openssl x509 -req -in ./certs/server.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/server.crt -days 365 -sha256
+ ${stdout} SSHLibrary.Execute Command openssl rsa -in ./certs/server.key -pubout > ./certs/server.pub
+ ${stdout} SSHLibrary.Execute Command openssl genrsa -out ./certs/client.key 2048
+ ${stdout} SSHLibrary.Execute Command
+ ... openssl req -new -sha256 -key ./certs/client.key -subj "/C=US/ST=CA/L=Netopeer/O=Netopeer2/CN=netopeer2-client" -out ./certs/client.csr
+ ${stdout} SSHLibrary.Execute Command
+ ... openssl x509 -req -in ./certs/client.csr -CA ./certs/ca.pem -CAkey ./certs/ca.key -CAcreateserial -extfile x509_v3.cfg -out ./certs/client.crt -days 1024 -sha256
+ ${stdout} SSHLibrary.Execute Command mv ./certs ./configuration-files/certs
+
+Register keys and certificates in ODL controller
+ [Documentation] Register pre-configured netopeer2 certificates and key in ODL-netconf keystore
+ ${base64-client-key} ${stderr} SSHLibrary.Execute_Command
+ ... openssl enc -base64 -A -in ./configuration-files/certs/client.key
+ ... return_stdout=True
+ ... return_stderr=True
+ ${template} OperatingSystem.Get File ${ADD_KEYSTORE_ENTRY_REQ}
+ ${body} Replace String ${template} {base64-client-key} ${base64-client-key}
+ ${resp} RequestsLibrary.Post Request
+ ... session
+ ... ${netconf_keystore_url}:add-keystore-entry
+ ... data=${body}
+ ... headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+ ${client-key} ${stderr} SSHLibrary.Execute_Command
+ ... sed -u '1d; $d' ./configuration-files/certs/client.key | sed -z 's!\\n!\\\\n!g'
+ ... return_stdout=True
+ ... return_stderr=True
+ ${certificate-chain} ${stderr} SSHLibrary.Execute_Command
+ ... sed -u '1d; $d' ./configuration-files/certs/client.crt | sed -z 's!\\n!\\\\n!g'
+ ... return_stdout=True
+ ... return_stderr=True
+ ${template} OperatingSystem.Get File ${ADD_PRIVATE_KEY_REQ}
+ ${body} Replace String ${template} {client-key} ${client-key}
+ ${body} Replace String ${body} {certificate-chain} ${certificate-chain}
+ ${resp} RequestsLibrary.Post Request
+ ... session
+ ... ${netconf_keystore_url}:add-private-key
+ ... data=${body}
+ ... headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+ ${ca-certificate} ${stderr} SSHLibrary.Execute_Command
+ ... sed -u '1d; $d' ./configuration-files/certs/ca.pem | sed -z 's!\\n!\\\\n!g'
+ ... return_stdout=True
+ ... return_stderr=True
+ ${device-certificate} ${stderr} SSHLibrary.Execute_Command
+ ... sed -u '1d; $d' ./configuration-files/certs/server.crt | sed -z 's!\\n!\\\\n!g'
+ ... return_stdout=True
+ ... return_stderr=True
+ ${template} OperatingSystem.Get File ${ADD_TRUSTED_CERTIFICATE}
+ ${body} Replace String ${template} {ca-certificate} ${ca-certificate}
+ ${body} Replace String ${body} {device-certificate} ${device-certificate}
+ ${resp} RequestsLibrary.Post Request
+ ... session
+ ... ${netconf_keystore_url}:add-trusted-certificate
+ ... data=${body}
+ ... headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}
+
+Register global credentials for SSH call-home devices (APIv1)
+ [Documentation] Set global credentials for SSH call-home devices
+ [Arguments] ${username} ${password}
+ ${template} OperatingSystem.Get File ${CREATE_GLOBAL_CREDENTIALS_REQ}
+ ${body} Replace String ${template} {username} ${username}
+ ${body} Replace String ${body} {password} ${password}
+ ${resp} RequestsLibrary.Put Request session ${global_config_url} data=${body} headers=${HEADERS}
+ Should Contain ${ALLOWED_STATUS_CODES} ${resp.status_code}