class US356257_Tnt5205712c_SAM_PLUS_CN_EAP_TLS(aetest.Testcase):
    @aetest.setup
    def setup(self):
        self.nad_ip = cfg.te.get_PEZ().get_ip()
        UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip())
        self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium()
        s_log.info("###### SELENIUM URL ######## {} ".format(self.selenium_url))

        self.iseIP = cfg.te.get_POSITRON()[0].get_ip()
        s_log.info("###### ISE IP ######## {} ".format(self.iseIP))

        self.iseUrl = "https://" + self.iseIP + "/"
        s_log.info("###### ISE URL ######## {} ".format(self.iseUrl))

        self.iseUser = cfg.te.get_POSITRON()[0].get_login()
        s_log.info("###### ISE User ######## {} ".format(self.iseUser))

        self.isePassword = cfg.te.get_POSITRON()[0].get_password()
        s_log.info("###### ISE Password ######## {} ".format(self.isePassword))

        self.homeDir = automationDir()

        # Preconfigure Settings
        UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
        UiLib.bindFunction(self, UiLib.delete_library_conditions_with_prefix, ['Tnt'])
        UiLib.bindFunction(self, UiLib.remove_all_identity_source_from_sequence, ['All_User_ID_Stores', 'default'])
        UiLib.bindFunction(self, UiLib.config_certificate_authprofile,
                           [NAUplift_Constants.CER_NAME,
                            NAUplift_Constants.CER_NAME,
                            NAUplift_Constants.CER_DESCRIPTION,
                            NAUplift_Constants.CER_ATTRIBUTE,
                            '[not applicable]',
                            NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE]
                           )
        UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate,
                           [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])
        #
        funcs = [self.delete_all_policy_sets,
                 self.delete_library_conditions_with_prefix,
                 self.remove_all_identity_source_from_sequence,
                 self.config_certificate_authprofile,
                 self.trustedCertificates_deleteTrustedCertificate
                 ]

        retries = 3
        runFunctionsInOrderV2(funcs, self, retries, recordingDir=NAS_FOLDER)

    @aetest.test
    def Tnt5205712c(self):
        AD_DOMAIN_NAME = "demo.local" #cfg.suite.get_AD()[0].get_hostname()
        AD_ADMIN_USERNAME = cfg.suite.get_AD()[0].get_login()
        AD_ADMIN_PASSWORD = cfg.suite.get_AD()[0].get_password()

        attribute_check_map = {'sAMAccountName': NAUplift_Constants.ADD_USER,
                               'userPrincipalName': NAUplift_Constants.ADD_USER + '@' + AD_DOMAIN_NAME}

        AD_USERNAME = '******'
        AD_USER_PASSWORD = '******'
        AD_USER_ATTRS = '-samid testsuite1 -upn [email protected] -memberof "cn=Administrators,cn=Builtin,dc=demo,dc=local"'

        AD2016.add_user_with_attr(userToAdd=AD_USERNAME,
                                      userPwd=AD_USER_PASSWORD,
                                      domain=AD_DOMAIN_NAME,
                                      attributeDetails=AD_USER_ATTRS)

        cert_path= NAUplift_Constants.strPath + "tests/suites/network_access/uplift_test/test_data/eap_tls_cert/" + \
                                NAUplift_Constants.ISE_TRUSTED_CERT

        cert=NAUplift_Constants.ClientSystemCerts

        AD2016.add_cert_to_user(certname=NAUplift_Constants.ClientSystemCerts,
                                certpath=cert_path,
                                user=AD_USERNAME,
                                certificatePath="C:\\Users\\Administrator\\{}".format(cert))

        UiLib.bindFunction(self, UiLib.securitySetting_setCheckbox, ['SHA1', True])
        UiLib.bindFunction(self, UiLib.create_active_directory_with_any_mode,
                           [NAUplift_Constants.AD_NAME,
                            AD_DOMAIN_NAME,
                            AD_ADMIN_USERNAME,
                            AD_ADMIN_PASSWORD,
                            False,
                            None,
                            None,
                            AD_ATTRIBUTES,
                            NAUplift_Constants.ADD_USER  # NAUplift_Constants.AD_SHORT_USER
                            ])

        self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \
                                NAUplift_Constants.ISE_TRUSTED_CERT
        s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file))

        UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert,
                           [self.certificate_file,
                            NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])

        UiLib.bindFunction(self, UiLib.config_network_device, [NAUplift_Constants.NETWORK_DEVICE_NAME,
                                                               self.nad_ip,
                                                               NAUplift_Constants.SHARED_SECRET])

        funcs = [self.securitySetting_setCheckbox,
                 self.create_active_directory_with_any_mode,
                 self.trustedCertificates_setTrustedCert,
                 self.config_network_device,
                 ]

        retries = 3
        runFunctionsInOrderV2(funcs, self, retries,recordingDir=NAS_FOLDER)

        UiLib.bindFunction(self, UiLib.create_simple_library_condition, [CONDITIONS[0],
                                                                         'Network Access',
                                                                         'Protocol',
                                                                         'EQUALS',
                                                                         'RADIUS'])

        UiLib.bindFunction(self, UiLib.create_policy_set, [POLICY_SET, CONDITIONS[0], POLICY_SET_PROTOCOL])

        funcs = [self.create_simple_library_condition,
                 self.create_policy_set
                 ]

        retries = 3
        runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)

        UiLib.bindFunction(self, UiLib.create_library_condition, [NAUplift_Constants.AD_NAME,
                                                                  AD_ATTRIBUTES,
                                                                  ATTRIBUTE_VALUE,
                                                                  AUTH_CONDITIONS,
                                                                  CONDITIONS[1]])


        # Configuring the policy in authorization policy
        UiLib.bindFunction(self, UiLib.create_authorization_rule_for_simple_condition,
                           [POLICY_SET,AUTHORIZATION_RULE_NAME,
                            CONDITIONS[1],
                            AUTHORIZATION_POLICY_PROFILE,
                            SECURITY_GROUP])

        UiLib.bindFunction(self, UiLib.config_certificate_authprofile,
                           [NAUplift_Constants.CER_NAME,
                            NAUplift_Constants.CER_NAME,
                            NAUplift_Constants.CER_DESCRIPTION,
                            NAUplift_Constants.CER_ATTRIBUTE,
                            NAUplift_Constants.AD_NAME,
                            NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE])

        funcs = [self.create_library_condition,
                 self.create_authorization_rule_for_simple_condition,
                 self.config_certificate_authprofile
                 ]

        retries = 3
        runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)


        # PEZ Authentication Flow
        s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
        self.pezlib = Pezlib()

        # Copy Certificates to PEZ
        self.pezlib.copy_cert_pez(root_path=NAUplift_Constants.strPath,
                                  ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
                                  client_certificate=NAUplift_Constants.ClientSystemCerts,
                                  client_key=NAUplift_Constants.ClientSystemKeys)

        # # Run EAP-TLS Authentication
        self.pezlib.run_eap_tls(root_path=NAUplift_Constants.strPath,
                                ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
                                client_sys_cert=NAUplift_Constants.ClientSystemCerts,
                                client_sys_key=NAUplift_Constants.ClientSystemKeys,
                                internal_user=NAUplift_Constants.ADD_USER,
                                ise_ip=self.iseIP)

        # self.app.run()
        # self.app = self.uilib.login_into_ise()
        # Add Validation Steps
        UiLib.bindFunction(self, UiLib.compare_attributes_from_live_logs, [attribute_check_map])

        retries = 3

        functs = [self.compare_attributes_from_live_logs]
        runFunctionsInOrderV2(functs, self, retries, record=False, killPreviousFF=False)

    @aetest.cleanup
    def cleanup(self):
        pass
        UiLib.bindFunction(self, UiLib.trustedCertificates_deleteTrustedCertificate,
                           [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])

        UiLib.bindFunction(self, UiLib.config_certificate_authprofile,
                           [NAUplift_Constants.CER_NAME, NAUplift_Constants.CER_NAME,
                            NAUplift_Constants.CER_DESCRIPTION,
                            NAUplift_Constants.CER_ATTRIBUTE, '[not applicable]',
                            NAUplift_Constants.MATCH_CLIENT_CERT_ENABLE])

        UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]])

        # Delete Library Conditions
        UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
                           [CONDITIONS])

        UiLib.bindFunction(self, UiLib.delete_network_device,
                           [NAUplift_Constants.NETWORK_DEVICE_NAME])

        funcs = [self.trustedCertificates_deleteTrustedCertificate,
                 self.config_certificate_authprofile,
                 self.delete_policy_set,
                 self.delete_multiple_library_condition,
                 self.delete_network_device
                 ]
        retries = 3
        runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)

        UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
                           [AUTH_CONDITIONS])

        UiLib.bindFunction(self, UiLib.deleting_ad, [NAUplift_Constants.AD_NAME])

        funcs = [self.delete_multiple_library_condition,
                 self.deleting_ad
                 ]
        retries = 3
        runFunctionsInOrderV2(funcs, self, retries, record=False, killPreviousFF=False)
示例#2
0
class US355292_Tnt5212445c_Proxy_Authentication_using_EAP_TLS(aetest.Testcase):
    @aetest.setup
    def setup(self):
        s_log.info('Logging into the ISE')
        try:
            self.selenium_url = cfg.te.get_WIN_CLIENT().get_internal_selenium()
            s_log.info("###### SELENIUM URL ######## {} ".format(
                self.selenium_url))

            self.iseIP = cfg.te.get_POSITRON()[0].get_ip()
            s_log.info("###### ISE IP ######## {} ".format(self.iseIP))

            self.iseLoginurl = "https://" + self.iseIP + "/"
            s_log.info("###### ISE URL ######## {} ".format(self.iseLoginurl))

            self.iseUser = cfg.te.get_POSITRON()[0].get_login()
            s_log.info("###### ISE User ######## {} ".format(self.iseUser))

            self.isePassword = cfg.te.get_POSITRON()[0].get_password()
            s_log.info("###### ISE Password ######## {} ".format(
                self.isePassword))

            # RAD SERVER DETAILS
            self.iseIP_radserver = cfg.te.get_POSITRON()[1].get_ip()
            s_log.info("###### Radius IP ######## {} ".format(
                self.iseIP_radserver))

            self.iseUrl_radserver = "https://" + self.iseIP_radserver + "/"
            s_log.info("###### Radius URL ######## {} ".format(
                self.iseUrl_radserver))

            self.iseUser_radserver = cfg.te.get_POSITRON()[1].get_login()
            s_log.info("###### Radius User ######## {} ".format(self.iseUser))

            self.isePassword_radserver = cfg.te.get_POSITRON()[1].get_password(
            )
            s_log.info("###### Radius Password ######## {} ".format(
                self.isePassword))

            UiLib.check_app_up(cfg.te.get_POSITRON()[0].get_ip())

            self.homeDir = automationDir()
            self.uilib = UiLib(self,
                               seleniumUrl=self.selenium_url,
                               iseUrl=self.iseLoginurl,
                               logger=s_log,
                               iseUser=self.iseUser,
                               isePass=self.isePassword)

            self.app = self.uilib.login_into_ise()

            UiLib.bindFunction(self, UiLib.delete_network_device,
                               [NAUplift_Constants.NETWORK_DEVICE_NAME])

            UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
            # Delete Library Conditions
            UiLib.bindFunction(self,
                               UiLib.delete_library_conditions_with_prefix,
                               ['Tnt'])

            UiLib.bindFunction(self, UiLib.delete_user_identity,
                               [NAUplift_Constants.ADD_USER])

            UiLib.bindFunction(self, UiLib.delete_radius_server_sequence,
                               [NAUplift_Constants.RADIUS_SEQUENCE_NAME])

            UiLib.bindFunction(self, UiLib.delete_rad_server,
                               [NAUplift_Constants.RADIUS_SERVER_NAME])

            UiLib.bindFunction(self,
                               UiLib.remove_all_identity_source_from_sequence,
                               ['All_User_ID_Stores', 'default'])

            UiLib.bindFunction(
                self, UiLib.trustedCertificates_deleteTrustedCertificate,
                [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])

            funcs = [
                self.delete_network_device, self.delete_all_policy_sets,
                self.delete_library_conditions_with_prefix,
                self.delete_user_identity, self.delete_radius_server_sequence,
                self.delete_rad_server,
                self.remove_all_identity_source_from_sequence,
                self.trustedCertificates_deleteTrustedCertificate
            ]

            retries = 3
            runFunctionsInOrderV2(funcs,
                                  self,
                                  retries,
                                  record=False,
                                  killPreviousFF=False)
            time.sleep(5)

            self.app.quit()
            self.app.run()

            UiLib.bindFunction(self, UiLib.login_different_ise, [
                self.iseUrl_radserver, self.iseUser_radserver,
                self.isePassword_radserver
            ])

            UiLib.bindFunction(self, UiLib.delete_all_policy_sets, [])
            UiLib.bindFunction(self,
                               UiLib.delete_library_conditions_with_prefix,
                               ['Tnt'])
            UiLib.bindFunction(self, UiLib.delete_user_identity,
                               [NAUplift_Constants.ADD_USER])
            UiLib.bindFunction(self, UiLib.delete_network_device,
                               [NAUplift_Constants.NETWORK_DEVICE_NAME])

            UiLib.bindFunction(
                self, UiLib.trustedCertificates_deleteTrustedCertificate,
                [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])

            funcs = [
                self.login_different_ise, self.delete_all_policy_sets,
                self.delete_library_conditions_with_prefix,
                self.delete_user_identity, self.delete_network_device,
                self.trustedCertificates_deleteTrustedCertificate
            ]

            retries = 3
            runFunctionsInOrderV2(funcs,
                                  self,
                                  retries,
                                  record=False,
                                  killPreviousFF=False)
            time.sleep(5)

            self.app.quit()
            self.app.run()

            self.app = self.uilib.login_into_ise()

        except Exception as E:
            s_log.error("Failed to Login to ISE - {}".format(E))
            assert False

    @aetest.test
    def Tnt5212445c(self):

        # Step 1:
        # - Configure Radius Server
        UiLib.bindFunction(self, UiLib.rad_server, [
            NAUplift_Constants.RADIUS_SERVER_NAME, self.iseIP_radserver,
            NAUplift_Constants.SHARED_SECRET
        ])
        # Step 2:
        # - Configure Radius Server Sequence
        UiLib.bindFunction(self, UiLib.configure_radius_server_sequence, [
            NAUplift_Constants.RADIUS_SEQUENCE_NAME,
            [NAUplift_Constants.RADIUS_SERVER_NAME]
        ])
        # # Step 3:
        # # - Configure Authentication Proxy - Forward all
        # UiLib.bindFunction(self, UiLib.edit_default_policy_set,
        #                    [NAUplift_Constants.RADIUS_SEQUENCE_NAME])
        UiLib.bindFunction(
            self, UiLib.create_simple_library_condition,
            [AUTH_COND_NAME, 'Network Access', 'Protocol', 'EQUALS', 'RADIUS'])

        # Step 6:
        # create new policy set
        UiLib.bindFunction(self, UiLib.create_policy_set, [
            POLICY_SET, AUTH_COND_NAME, NAUplift_Constants.RADIUS_SEQUENCE_NAME
        ])

        nad_ip = cfg.te.get_PEZ().get_ip()
        UiLib.bindFunction(self, UiLib.config_network_device, [
            NAUplift_Constants.NETWORK_DEVICE_NAME, nad_ip,
            NAUplift_Constants.SHARED_SECRET
        ])
        # Step 4
        # Add Internal User
        UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
            NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
            NAUplift_Constants.ADD_NEWPASSWORD
        ])

        self.certificate_file = NAUplift_Constants.strPath + "resources/CommonCriteria/" + \
                                NAUplift_Constants.ISE_TRUSTED_CERT
        s_log.info("CERTIFICATE FILE PATH: {}".format(self.certificate_file))

        # step 7:
        # import root certificate on ISE:
        # Navigate to System > Certificate Operations > Trust Certificates,
        # import root certificate
        UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [
            self.certificate_file,
            NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT
        ])

        retries = 3
        funcs = [
            self.rad_server,
            self.configure_radius_server_sequence,
            self.create_simple_library_condition,
            self.create_policy_set,
            self.config_network_device,
            self.identities_add_simple_user,
            self.trustedCertificates_setTrustedCert,
        ]

        runFunctionsInOrderV2(funcs,
                              self,
                              retries,
                              record=False,
                              killPreviousFF=False)

        self.app.quit()
        self.app.run()

        # Configuration of RADIUS SERVER
        UiLib.bindFunction(self, UiLib.login_different_ise, [
            self.iseUrl_radserver, self.iseUser_radserver,
            self.isePassword_radserver
        ])

        # Step 09: Add user in RADIUS SERVER
        UiLib.bindFunction(self, UiLib.identities_add_simple_user, [
            NAUplift_Constants.ADD_USER, NAUplift_Constants.ADD_EMAIL,
            NAUplift_Constants.ADD_NEWPASSWORD
        ])

        UiLib.bindFunction(self, UiLib.config_network_device, [
            NAUplift_Constants.NETWORK_DEVICE_NAME, self.iseIP,
            NAUplift_Constants.SHARED_SECRET
        ])

        # step 11:
        # import root certificate on ISE to Radius Server:
        # Navigate to System > Certificate Operations > Trust Certificates, import root certificate

        UiLib.bindFunction(self, UiLib.trustedCertificates_setTrustedCert, [
            self.certificate_file,
            NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT
        ])

        funcs = [
            self.login_different_ise,
            self.identities_add_simple_user,
            self.config_network_device,
            self.trustedCertificates_setTrustedCert,
        ]

        runFunctionsInOrderV2(funcs,
                              self,
                              retries,
                              record=False,
                              killPreviousFF=False)

        # PEZ Authentication Flow
        s_log.info("---------------- PEZ AUTHENTICATION FLOW -----------")
        self.pezlib = Pezlib()

        # Copy Certificates to PEZ
        self.pezlib.copy_cert_pez(
            root_path=NAUplift_Constants.strPath,
            ise_trusted_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
            client_certificate=NAUplift_Constants.ClientSystemCerts,
            client_key=NAUplift_Constants.ClientSystemKeys)

        # Run EAP-TLS Authentication
        self.pezlib.run_eap_tls(
            root_path=NAUplift_Constants.strPath,
            ise_trust_cert=NAUplift_Constants.ISE_TRUSTED_CERT,
            client_sys_cert=NAUplift_Constants.ClientSystemCerts,
            client_sys_key=NAUplift_Constants.ClientSystemKeys,
            ise_ip=self.iseIP)

        # Validation Steps in Radius Server
        UiLib.bindFunction(self, UiLib.radius_live_logs,
                           [NAUplift_Constants.ADD_USER, None])
        functs = [
            self.radius_live_logs,
        ]
        runFunctionsInOrderV2(functs,
                              self,
                              retries,
                              record=False,
                              killPreviousFF=False)

        self.app.quit()
        self.app.run()

        # Validation in ISE
        UiLib.bindFunction(self, UiLib.login_different_ise,
                           [self.iseLoginurl, self.iseUser, self.isePassword])

        UiLib.bindFunction(self, UiLib.radius_live_logs,
                           [NAUplift_Constants.ADD_USER, None])

        functs = [self.login_different_ise, self.radius_live_logs]

        runFunctionsInOrderV2(functs,
                              self,
                              retries,
                              record=False,
                              killPreviousFF=False)
        self.app.quit()
        self.app.run()

    @aetest.cleanup
    def cleanup(self):
        time.sleep(5)

        # Validation in ISE
        UiLib.bindFunction(self, UiLib.login_different_ise,
                           [self.iseLoginurl, self.iseUser, self.isePassword])

        UiLib.bindFunction(self,
                           UiLib.trustedCertificates_deleteTrustedCertificate,
                           [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])

        UiLib.bindFunction(self, UiLib.delete_user_identity,
                           [NAUplift_Constants.ADD_USER])

        UiLib.bindFunction(self, UiLib.delete_network_device,
                           [NAUplift_Constants.NETWORK_DEVICE_NAME])

        UiLib.bindFunction(self, UiLib.delete_policy_set, [[POLICY_SET]])
        # Delete Library Conditions
        UiLib.bindFunction(self, UiLib.delete_multiple_library_condition,
                           [[AUTH_COND_NAME]])

        #
        UiLib.bindFunction(self, UiLib.delete_radius_server_sequence,
                           [NAUplift_Constants.RADIUS_SEQUENCE_NAME])

        UiLib.bindFunction(self, UiLib.delete_rad_server,
                           [NAUplift_Constants.RADIUS_SERVER_NAME])

        funcs = [
            self.login_different_ise,
            self.trustedCertificates_deleteTrustedCertificate,
            self.delete_user_identity, self.delete_network_device,
            self.delete_policy_set, self.delete_multiple_library_condition,
            self.delete_radius_server_sequence, self.delete_rad_server
        ]

        retries = 3
        runFunctionsInOrderV2(funcs,
                              self,
                              retries,
                              record=False,
                              killPreviousFF=False)
        time.sleep(5)

        self.app.quit()
        self.app.run()

        # Confiuration to Radius Server
        # LOGIN to Ise
        UiLib.bindFunction(self, UiLib.login_different_ise, [
            self.iseUrl_radserver, self.iseUser_radserver,
            self.isePassword_radserver
        ])

        UiLib.bindFunction(self,
                           UiLib.trustedCertificates_deleteTrustedCertificate,
                           [NAUplift_Constants.FRIENDLYNAME_ISE_TRUSTED_CERT])

        UiLib.bindFunction(self, UiLib.delete_user_identity,
                           [NAUplift_Constants.ADD_USER])

        UiLib.bindFunction(self, UiLib.delete_network_device,
                           [NAUplift_Constants.NETWORK_DEVICE_NAME])

        funcs = [
            self.login_different_ise,
            self.trustedCertificates_deleteTrustedCertificate,
            self.delete_user_identity, self.delete_network_device
        ]

        retries = 3
        runFunctionsInOrderV2(funcs,
                              self,
                              retries,
                              record=False,
                              killPreviousFF=False)
        time.sleep(5)

        self.app.quit()