2020-07-30 10:04:14 +02:00
# Copyright Project Harbor Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License
*** Settings ***
Documentation This resource contains keywords related to creating and using certificates. Requires scripts in infra/integration-image/scripts be available in PATH
*** Keywords ***
Generate Certificate Authority For Chrome
# add the ca to chrome trust list to enable https testing.
2021-03-17 15:33:02 +01:00
[Arguments] ${password}=%{HARBOR_PASSWORD} ${cert}=harbor_ca.crt
2020-07-30 10:04:14 +02:00
${rand}= Evaluate random.randint(0, 100000) modules=random
Log To Console Generate Certificate Authority For Chrome
${rc} ${out}= Run And Return Rc And Output echo ${password} > password${rand}.ca
2021-03-17 15:33:02 +01:00
Log ALL ${out}
2020-07-30 10:04:14 +02:00
Should Be Equal As Integers ${rc} 0
${rc} ${out}= Run And Return Rc And Output certutil -d sql:$HOME/.pki/nssdb -A -t TC -f password${rand}.ca -n "Harbor${rand}" -i ./harbor_ca.crt
2021-03-17 15:33:02 +01:00
Log ALL ${out}
2020-07-30 10:04:14 +02:00
Should Be Equal As Integers ${rc} 0
Generate Certificate Authority
# Generates CA (private/ca.key.pem, certs/ca.cert.pem, certs/STARK_ENTERPRISES_ROOT_CA.crt) in OUT_DIR
[Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${OUT_DIR}=/root/ca
Log To Console Generating Certificate Authority
${rc} ${out}= Run And Return Rc And Output generate-ca.sh -c ${CA_NAME} -d ${OUT_DIR}
Log ${out}
Should Be Equal As Integers ${rc} 0
Generate Wildcard Server Certificate
# Generates key and signs with CA for *.DOMAIN (csr/*.DOMAIN.csr.pem,
# private/*.DOMAIN.key.pem, certs/*.DOMAIN.cert.pem) in OUT_DIR
[Arguments] ${DOMAIN}=%{DOMAIN} ${OUT_DIR}=/root/ca ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA
Log To Console Generating Wildcard Server Certificate
Run Keyword Generate Server Key And CSR *.${DOMAIN} ${OUT_DIR}
Run Keyword Sign Server CSR ${CA_NAME} *.${DOMAIN} ${OUT_DIR}
Run Keyword Create Certificate Bundle CA_NAME=${CA_NAME} SRC_DIR=${OUT_DIR} CN=*.${DOMAIN}
${out}= Run ls -al ${OUT_DIR}/csr
Log ${out}
${out}= Run ls -al ${OUT_DIR}/private
Log ${out}
${out}= Run ls -al ${OUT_DIR}/certs
Log ${out}
Generate Server Key And CSR
# Generates key and CSR (private/DOMAIN.key.pem, csr/DOMAIN.csr.pem) in OUT_DIR
[Arguments] ${CN}=%{DOMAIN} ${OUT_DIR}=/root/ca
Log To Console Generating Server Key And CSR
${out}= Run generate-server-key-csr.sh -d ${OUT_DIR} -n ${CN}
Log ${out}
Sign Server CSR
# Generates certificate signed by CA (certs/DOMAIN.cert.pem) in OUT_DIR
[Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${CN}=%{DOMAIN} ${OUT_DIR}=/root/ca
Log To Console Signing Server CSR
${out}= Run sign-csr.sh -c ${CA_NAME} -d ${OUT_DIR} -n ${CN}
Log ${out}
Trust Certificate Authority
# Installs root certificate into trust store on Debian based distro
[Arguments] ${CRT_FILE}=/root/ca/certs/STARK_ENTERPRISES_ROOT_CA.crt
Log To Console Installing CA
${rc} ${out}= Run And Return Rc And Output ubuntu-install-ca.sh -f ${CRT_FILE}
Should Be Equal As Integers ${rc} 0
Log ${out}
Reload Default Certificate Authorities
# Reloads default certificates into trust store on Debian based distro
# Removes all user provided CAs
Log To Console Reloading Default CAs
${rc} ${out}= Run And Return Rc And Output ubuntu-reload-cas.sh
Should Be Equal As Integers ${rc} 0
Log ${out}
Create Certificate Bundle
[Arguments] ${CA_NAME}=STARK_ENTERPRISES_ROOT_CA ${SRC_DIR}=/root/ca ${OUT_FILE}=/root/ca/cert-bundle.tgz ${CN}=%{DOMAIN} ${TMP_DIR}=/root/ca/bundle
${rc} ${out}= Run And Return Rc And Output bundle-certs.sh -c ${CA_NAME} -d ${SRC_DIR} -f ${OUT_FILE} -n ${CN} -o ${TMP_DIR}
Should Be Equal As Integers ${rc} 0
Log ${out}
Get Certificate Authority CRT
# Return ascii armored certificate from file e.g. `-----BEGIN CERTIFICATE-----`
[Arguments] ${CA_CRT}=STARK_ENTERPRISES_ROOT_CA.crt ${DIR}=/root/ca/certs
${out}= Run cat ${DIR}/${CA_CRT}
[Return] ${out}
Get Server Certificate
# Return ascii armored certificate from file e.g. `-----BEGIN CERTIFICATE-----`
# PEM must be provided if using a wildcard cert not specified by DOMAIN
[Arguments] ${PEM}=%{DOMAIN}.cert.pem ${DIR}=/root/ca/certs
${out}= Run cat ${DIR}/${PEM}
[Return] ${out}
Get Server Key
# Return ascii armored key from file e.g. `-----BEGIN RSA PRIVATE KEY-----`
# PEM must be provided if using a wildcard cert not specified by DOMAIN
[Arguments] ${PEM}=%{DOMAIN}.key.pem ${DIR}=/root/ca/private
${out}= Run cat ${DIR}/${PEM}
[Return] ${out}