def Tnt5048980c(self):
UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_PASSWORD
])
functs = [self.identities_add_simple_user]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'UTF8USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_UTF8USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5995039c(self):
UiLib.bindFunction(self, UiLib.Enable_Peap_Eap_Mschap, [])
UiLib.bindFunction(self, UiLib.Enable_Weak_Ciphers, [])
functs = [self.Enable_Peap_Eap_Mschap, self.Enable_Weak_Ciphers]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' +
'SIMPLE_USER_peapms_md5.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + '@' + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5281274c(self):
# pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer",
# docker_image_version="v4")
UiLib.bindFunction(
self, UiLib.networkDevices_create_with_range_and_two_secret, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip,
NAUplift_Constants.SHARED_SECRET, 'asci', '32'
])
functs = [self.networkDevices_create_with_range_and_two_secret]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5213050c(self):
UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy,
["Internal Users", POLICY_SET])
funcs = [self.edit_identity_source_in_default_policy]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
## Run EAP-TLS Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5753124c(self):
# pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer",
# docker_image_version="v4")
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip,
NAUplift_Constants.SHARED_SECRET
])
UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy,
[NAUplift_Constants.AD_NAME, POLICY_SET])
UiLib.bindFunction(
self, UiLib.create_authorization_rule_for_simple_condition, [
POLICY_SET, AUTHZ_POLICY_NAME[1], AUTH_COND_NAME[1],
AUTH_PROFILE, None
])
functs = [
self.config_network_device,
self.edit_identity_source_in_default_policy,
self.create_authorization_rule_for_simple_condition
]
runFunctionsInOrderV2(
functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
#record=record_option
record=True)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run PEAP-GTC Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + '@' + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option,
recordingDir=NAS_FOLDER)
def Tnt5988327c(self):
UiLib.bindFunction(self, UiLib.delete_user_identity,
[NAUplift_Constants.ADD_USER])
# create new identity source sequence
UiLib.bindFunction(self, UiLib.create_identity_source_sequence, [
IDENTITY_SEQUENCE_NAME,
["Internal Users", NAUplift_Constants.AD_NAME]
])
UiLib.bindFunction(
self, UiLib.create_authentication_rule_for_simple_condition, [
POLICY_SET, AUTHENTICATION_POLICY, AUTH_COND_NAME[2],
IDENTITY_SEQUENCE_NAME
])
functs = [
self.delete_user_identity, self.create_identity_source_sequence,
self.create_authentication_rule_for_simple_condition
]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5212069c(self):
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run PEAP-GTC Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'UTF_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_UTF_USER, AD_DOMAIN_NAME])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def Tnt5048856c(self):
# # PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run Peap EAP MSCHAPV2 Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' +
'user_nxtlgn_pwdcng_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
["user_nxtlgn_pwdchng", None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5121851c(self):
# step2:
# Enable domain in the Authentication domain
UiLib.bindFunction(self, UiLib.domain_authentication_enable, [
NAUplift_Constants.AD_SCOPE1, NAUplift_Constants.AD_NAME,
AD_DOMAIN_NAME
])
funcs = [self.domain_authentication_enable]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run EAP-TLS Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + "@" + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5212325c(self):
# pez_utils.start_pez_docker_image(docker_image="dockerhub.cisco.com/isepy-release-docker/pez-executer",
# docker_image_version="v4")
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Run EAP-TLS Authentication
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'SIMPLE_USER_peap.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(
self, UiLib.radius_live_logs,
[NAUplift_Constants.AD_SIMPLE_USER + "@" + AD_DOMAIN_NAME, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
resumeLastSession=True,
killFFWhenFinished=True,
record=record_option)
def Tnt5205712c(self):
AD_DOMAIN_NAME = "demo.local" #cfg.suite.get_AD()[0].get_hostname()
AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login()
AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password()
attribute_check_map = {'sAMAccountName': NAUplift_Constants.ADD_USER,
'userPrincipalName': NAUplift_Constants.ADD_USER + '@' + AD_DOMAIN_NAME}
AD_USERNAME = '******'
AD_USER_PASSWORD = '******'
AD_USER_ATTRS = '-samid testsuite1 -upn [email protected] -memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"'
AD2016.add_user_with_attr(userToAdd=AD_USERNAME,
userPwd=AD_USER_PASSWORD,
domain=AD_DOMAIN_NAME,
attributeDetails=AD_USER_ATTRS)
cert_path= NAUplift_Constants.strPath + "tests/suites/network_access/uplift_test/test_data/eap_tls_cert/" + \
NAUplift_Constants.ISE_TRUSTED_CERT
cert=NAUplift_Constants.ClientSystemCerts
AD2016.add_cert_to_user(certname=NAUplift_Constants.ClientSystemCerts,
certpath=cert_path,
user=AD_USERNAME,
certificatePath="C:\\Users\\Administrator\\{}".format(cert))
UiLib.bindFunction(self, UiLib.securitySetting_setCheckbox, ['SHA1', True])
UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode,
[NAUplift_Constants.AD_NAME,
AD_DOMAIN_NAME,
AD_ADMIN_USERNAME,
AD_ADMIN_PASSWORD,
False,
None,
None,
AD_ATTRIBUTES,
NAUplift_Constants.ADD_USER # NAUplift_Constants.AD_SHORT_USER
])
self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \
NAUplift_Constants.ISE_TRUSTED_CERT
s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file))
UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert,
[self.certificate_file,
NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
UiLib.bindFunction(self, UiLib.config_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME,
self.nad_ip,
NAUplift_Constants.SHARED_SECRET])
funcs = [self.securitySetting_setCheckbox,
self.create_active_directory_with_any_mode,
self.trustedCertificates_setTrustedCert,
self.config_network_device,
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries,recordingDir=NAS_FOLDER)
UiLib.bindFunction(self, UiLib.create_simple_library_condition, [CONDITIONS[0],
'Network Access',
'Protocol',
'EQUALS',
'RADIUS'])
UiLib.bindFunction(self, UiLib.create_policy_set, [POLICY_SET, CONDITIONS[0], POLICY_SET_PROTOCOL])
funcs = [self.create_simple_library_condition,
self.create_policy_set
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
UiLib.bindFunction(self, UiLib.create_library_condition, [NAUplift_Constants.AD_NAME,
AD_ATTRIBUTES,
ATTRIBUTE_VALUE,
AUTH_CONDITIONS,
CONDITIONS[1]])
# Configuring the policy in authorization policy
UiLib.bindFunction(self, UiLib.create_authorization_rule_for_simple_condition,
[POLICY_SET,AUTHORIZATION_RULE_NAME,
CONDITIONS[1],
AUTHORIZATION_POLICY_PROFILE,
SECURITY_GROUP])
UiLib.bindFunction(self, UiLib.config_certificate_authprofile,
[NAUplift_Constants.CER_NAME,
NAUplift_Constants.CER_NAME,
NAUplift_Constants.CER_DESCRIPTION,
NAUplift_Constants.CER_ATTRIBUTE,
NAUplift_Constants.AD_NAME,
NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE])
funcs = [self.create_library_condition,
self.create_authorization_rule_for_simple_condition,
self.config_certificate_authprofile
]
retries = 3
runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Copy Certificates to PEZ
self.pezlib.copy_cert_pez(root_path=NAUplift_Constants.strPath,
ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_certificate=NAUplift_Constants.ClientSystemCerts,
client_key=NAUplift_Constants.ClientSystemKeys)
# # Run EAP-TLS Authentication
self.pezlib.run_eap_tls(root_path=NAUplift_Constants.strPath,
ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_sys_cert=NAUplift_Constants.ClientSystemCerts,
client_sys_key=NAUplift_Constants.ClientSystemKeys,
internal_user=NAUplift_Constants.ADD_USER,
ise_ip=self.iseIP)
# self.app.run()
# self.app = self.uilib.login_into_ise()
# Add Validation Steps
UiLib.bindFunction(self, UiLib.compare_attributes_from_live_logs, [attribute_check_map])
retries = 3
functs = [self.compare_attributes_from_live_logs]
runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False)
def Tnt5994926c(self):
UiLib.bindFunction(self, UiLib.Disable_Weak_Ciphers, [])
# Setup for FIPS mode, removing the default protocols
UiLib.bindFunction(self, UiLib.edit_default_allowed_protocols,
[NAUplift_Constants.DEFAULT_POLICY_SET, False])
# Setup the allowed protocols for FIPS mode.
# Enable FIPS mode under Administration->Settings
UiLib.bindFunction(self, UiLib.fips_mode_enabling_and_disabling,
["Enabled"])
funcs = [
self.Disable_Weak_Ciphers, self.edit_default_allowed_protocols,
self.fips_mode_enabling_and_disabling
]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
record=record_option,
killFFWhenFinished=True)
time.sleep(100)
s_log.info("Waited first 100 seconds")
time.sleep(100)
s_log.info("Waited second 100 seconds")
time.sleep(100)
s_log.info("Waited third 100 seconds")
time.sleep(100)
s_log.info("Waited fourth 100 seconds")
time.sleep(100)
s_log.info("Waited fifth 100 seconds")
time.sleep(100)
s_log.info("Waited sixth 100 seconds")
time.sleep(100)
s_log.info("Waited seventh 100 seconds")
time.sleep(100)
s_log.info("Waited eighth 100 seconds")
time.sleep(100)
s_log.info("Waited ninth 100 seconds")
time.sleep(100)
s_log.info("Waited tenth 100 seconds")
time.sleep(100)
s_log.info("Waited eleventh 100 seconds")
# Creating New Protocol
UiLib.bindFunction(self, UiLib.new_allowed_protocol,
["Peap_allowed_protocol"])
UiLib.bindFunction(self, UiLib.edit_default_policy_set,
["Peap_allowed_protocol", POLICY_SET])
funcs = [self.new_allowed_protocol, self.edit_default_policy_set]
runFunctionsInOrderV2(funcs,
self,
RETRIES,
record=record_option,
killFFWhenFinished=True)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
self.pezlib.run_and_verify_pezcmd('/tmp/' + 'USER_peapms.py',
tls_config=False,
negative_test=False)
# Add Validation Steps
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
RETRIES,
killFFWhenFinished=True,
record=record_option)
def copy_pez_files(obj):
pez_config_file_peap = "utilities/simulators/pez/pez_config_files/" \
"protocols/peap_gtc_working.py"
pez_config_file_mschapv2 = "utilities/simulators/pez/pez_config_files/" \
"protocols/peap_eap_mschapv2.py"
obj.pezlib = Pezlib()
obj.pezlib.create_directory(dirname='/tmp/peap_eap_gtc')
obj.pezlib.create_directory(dirname='/tmp/peap_mschapv2')
#peap_eap_cfg_data
for key in peap_eap_cfg_data:
obj.changes_peap_gtc = {
"radius:host":
"{}".format(obj.iseIP),
"radius:attributes:User-Name":
"{}".format(peap_eap_cfg_data[key]['internal_user']),
"radius:attributes:User-Password":
"******".format(peap_eap_cfg_data[key]['int_usr_pwd']),
"peap:eap_gtc:Change Password":
"******".format(peap_eap_cfg_data[key]['int_usr_new_pwd']),
"peap:eap_gtc:Password":
"******".format(peap_eap_cfg_data[key]['int_usr_pwd']),
"eap:inner_identity":
"{}".format(peap_eap_cfg_data[key]['internal_user']),
"radius:secret":
"acsi"
}
obj.pezlib.copy_pez_cfg_folder_test(
root_path=NAUplift_Constants.strPath,
config_file_path=pez_config_file_peap,
changable_value=obj.changes_peap_gtc,
local_path='/tmp/peap_eap_gtc' + '/' + key,
utf8=peap_eap_cfg_data[key]['utf8'])
obj.pezlib.copy_config_folder('/tmp/peap_eap_gtc')
#peap_mschapv2_cfg_data
for key in peap_mschapv2_cfg_data:
obj.changes_mschapv2 = {
"ciphers":
"{}".format(peap_mschapv2_cfg_data[key]['peap_ciphers']),
"peap:eap_ms_chapv2:name":
"{}".format(peap_mschapv2_cfg_data[key]['internal_user']),
"peap:eap_ms_chapv2:password":
"******".format(peap_mschapv2_cfg_data[key]['int_usr_pwd']),
"peap:eap_ms_chapv2:new_password":
"******".format(peap_mschapv2_cfg_data[key]['int_usr_new_pwd']),
"eap:inner_identity":
"{}".format(peap_mschapv2_cfg_data[key]['internal_user']),
"radius:host":
"{}".format(obj.iseIP),
"radius:secret":
"acsi",
"radius:attributes:User-Name":
"{}".format(peap_mschapv2_cfg_data[key]['internal_user']),
"radius:attributes:User-Password":
"******".format(peap_mschapv2_cfg_data[key]['int_usr_pwd'])
}
obj.pezlib.copy_pez_cfg_folder_test(
root_path=NAUplift_Constants.strPath,
config_file_path=pez_config_file_mschapv2,
changable_value=obj.changes_mschapv2,
local_path='/tmp/peap_mschapv2' + '/' + key,
utf8=peap_mschapv2_cfg_data[key]['utf8'])
obj.pezlib.copy_config_folder('/tmp/peap_mschapv2')
def Tnt5121584c(self):
# Constants from CLOUD file
AD_DOMAIN_NAME = cfg.suite.get_AD()[0].get_hostname()
AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login()
AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password()
GROUP_AD = AD_DOMAIN_NAME + "/Builtin/Administrators"
# Enabling Scope mode and creating AD, joining in the group.
UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode, [
NAUplift_Constants.AD_NAME, AD_DOMAIN_NAME, AD_ADMIN_USERNAME,
AD_ADMIN_PASSWORD, True, NAUplift_Constants.AD_SCOPE1, GROUP_AD,
NAUplift_Constants.INFO, AD_ADMIN_USERNAME
])
# Adding ad in the identity sequence stores
UiLib.bindFunction(self, UiLib.adding_id_source,
[NAUplift_Constants.AD_NAME])
UiLib.bindFunction(self, UiLib.edit_identity_source_in_default_policy,
[NAUplift_Constants.AD_SCOPE1, POLICY_SET])
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.nad_ip,
NAUplift_Constants.SHARED_SECRET
])
UiLib.bindFunction(self, UiLib.create_simple_library_condition, [
POLICY_SET_COND_NAME, 'Network Access', 'Protocol', 'Equals',
'RADIUS'
])
UiLib.bindFunction(
self, UiLib.create_policy_set,
[POLICY_SET, POLICY_SET_COND_NAME, POLICY_SET_PROTOCOL])
funcs = [
self.create_active_directory_with_any_mode,
self.adding_id_source,
self.config_network_device,
self.create_simple_library_condition,
self.create_policy_set,
self.edit_identity_source_in_default_policy,
]
runFunctionsInOrderV2(funcs,
self,
retries,
resumeLastSession=True,
recordingDir=NAS_FOLDER)
UiLib.bindFunction(self, UiLib.create_simple_library_condition, [
AUTHZ_COND_NAME, NAUplift_Constants.AD_NAME,
NAUplift_Constants.INFO, 'Equals',
NAUplift_Constants.SPL_CHARACTERS
])
UiLib.bindFunction(
self, UiLib.create_authorization_rule_for_simple_condition, [
POLICY_SET, 'Authz_rule_1', AUTHZ_COND_NAME, 'PermitAccess',
None
])
funcs = [
self.create_simple_library_condition,
self.create_authorization_rule_for_simple_condition
]
runFunctionsInOrderV2(funcs,
self,
retries,
resumeLastSession=True,
recordingDir=NAS_FOLDER,
killFFWhenFinished=True)
# Pez authorization
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
pez = Pezlib()
status = []
try:
s_log.info("Running for {}".format(AD_ADMIN_USERNAME))
pez.run_pap_via_pez(1, NAUplift_Constants.strPath, self.iseIP,
AD_ADMIN_USERNAME, AD_ADMIN_PASSWORD,
NAUplift_Constants.SHARED_SECRET,
"10.0.10.151", "00:05:02:00:00:01")
status.append(True)
except Exception as e:
status.append(False)
s_log.error(e)
if not all(status):
self.failed(
"Authentication failed or username is not as expected. Please check the logs above."
)
def Tnt5212445c(self):
# Step 1:
# - Configure Radius Server
UiLib.bindFunction(self, UiLib.rad_server, [
NAUplift_Constants.RADIUS_SERVER_NAME, self.iseIP_radserver,
NAUplift_Constants.SHARED_SECRET
])
# Step 2:
# - Configure Radius Server Sequence
UiLib.bindFunction(self, UiLib.configure_radius_server_sequence, [
NAUplift_Constants.RADIUS_SEQUENCE_NAME,
[NAUplift_Constants.RADIUS_SERVER_NAME]
])
# # Step 3:
# # - Configure Authentication Proxy - Forward all
# UiLib.bindFunction(self, UiLib.edit_default_policy_set,
# [NAUplift_Constants.RADIUS_SEQUENCE_NAME])
UiLib.bindFunction(
self, UiLib.create_simple_library_condition,
[AUTH_COND_NAME, 'Network Access', 'Protocol', 'EQUALS', 'RADIUS'])
# Step 6:
# create new policy set
UiLib.bindFunction(self, UiLib.create_policy_set, [
POLICY_SET, AUTH_COND_NAME, NAUplift_Constants.RADIUS_SEQUENCE_NAME
])
nad_ip = cfg.te.get_PEZ().get_ip()
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, nad_ip,
NAUplift_Constants.SHARED_SECRET
])
# Step 4
# Add Internal User
UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_NEWPASSWORD
])
self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \
NAUplift_Constants.ISE_TRUSTED_CERT
s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file))
# step 7:
# import root certificate on ISE:
# Navigate to System > Certificate Operations > Trust Certificates,
# import root certificate
UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [
self.certificate_file,
NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT
])
retries = 3
funcs = [
self.rad_server,
self.configure_radius_server_sequence,
self.create_simple_library_condition,
self.create_policy_set,
self.config_network_device,
self.identities_add_simple_user,
self.trustedCertificates_setTrustedCert,
]
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
self.app.quit()
self.app.run()
# Configuration of RADIUS SERVER
UiLib.bindFunction(self, UiLib.login_different_ise, [
self.iseUrl_radserver, self.iseUser_radserver,
self.isePassword_radserver
])
# Step 09: Add user in RADIUS SERVER
UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
NAUplift_Constants.ADD_NEWPASSWORD
])
UiLib.bindFunction(self, UiLib.config_network_device, [
NAUplift_Constants.NETWORK_DEVICE_NAME, self.iseIP,
NAUplift_Constants.SHARED_SECRET
])
# step 11:
# import root certificate on ISE to Radius Server:
# Navigate to System > Certificate Operations > Trust Certificates, import root certificate
UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [
self.certificate_file,
NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT
])
funcs = [
self.login_different_ise,
self.identities_add_simple_user,
self.config_network_device,
self.trustedCertificates_setTrustedCert,
]
runFunctionsInOrderV2(funcs,
self,
retries,
record=False,
killPreviousFF=False)
# PEZ Authentication Flow
s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
self.pezlib = Pezlib()
# Copy Certificates to PEZ
self.pezlib.copy_cert_pez(
root_path=NAUplift_Constants.strPath,
ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_certificate=NAUplift_Constants.ClientSystemCerts,
client_key=NAUplift_Constants.ClientSystemKeys)
# Run EAP-TLS Authentication
self.pezlib.run_eap_tls(
root_path=NAUplift_Constants.strPath,
ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
client_sys_cert=NAUplift_Constants.ClientSystemCerts,
client_sys_key=NAUplift_Constants.ClientSystemKeys,
ise_ip=self.iseIP)
# Validation Steps in Radius Server
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [
self.radius_live_logs,
]
runFunctionsInOrderV2(functs,
self,
retries,
record=False,
killPreviousFF=False)
self.app.quit()
self.app.run()
# Validation in ISE
UiLib.bindFunction(self, UiLib.login_different_ise,
[self.iseLoginurl, self.iseUser, self.isePassword])
UiLib.bindFunction(self, UiLib.radius_live_logs,
[NAUplift_Constants.ADD_USER, None])
functs = [self.login_different_ise, self.radius_live_logs]
runFunctionsInOrderV2(functs,
self,
retries,
record=False,
killPreviousFF=False)
self.app.quit()
self.app.run()