diff options
| author | hebingning <[email protected]> | 2022-11-14 10:18:04 +0800 |
|---|---|---|
| committer | hebingning <[email protected]> | 2022-11-14 10:18:04 +0800 |
| commit | 19cd5e94c7ebe83f2e41ab7a102a3d7dfffe1186 (patch) | |
| tree | 0e7791c1c68118e1ceaf82f6bb6b1b7302805af3 | |
| parent | 718f115393beca74422db9355323d0b31fdab184 (diff) | |
TSG-12576 调整API自动用例拦截策略相关 自动化用例
42 files changed, 551 insertions, 222 deletions
diff --git a/keyword/common/clear_data.robot b/keyword/common/clear_data.robot index e3da76d..7b00864 100644 --- a/keyword/common/clear_data.robot +++ b/keyword/common/clear_data.robot @@ -11,7 +11,7 @@ Resource common.robot ${policyUrl} /policy/compile
${decryptionProfileUrl} /policy/profile/decryption
${decryptionExclusionUrl} /policy/items
-${keyingProfileUrl} /policy/profile/keyringobj
+${keyringProfileUrl} /policy/profile/keyringobj
*** Keywords ***
DeletePolicyAndObjectAndOther
[Documentation] delete :policy object category app signature profile ...
@@ -42,6 +42,9 @@ DeletePolicyAndObjectAndOther Run Keyword If "${createDecryptionExclusionIds}"=="${EMPTY}" log no SSL Decryption exclusion to del
... ELSE DeleteExclusionByIds /${version}${decryptionExclusionUrl} ${createDecryptionExclusionIds}
+ #删除SSL keyring文件
+ Run Keyword If "${createKeyringId}"=="${EMPTY}" log no SSL keyring profile to del
+ ... ELSE DeleteProfileByIds /${version}${keyringProfileUrl} ${createKeyringId}
Run Keyword If "${appids}"=="${EMPTY}" log no appids to del
@@ -67,9 +70,9 @@ DeletePolicyAndGroupObject Run Keyword If "${createDefaultDecryptionProfileds}"=="${EMPTY}" log no SSL Decryption profiledId to del
... ELSE DeleteProfileByIds /${version}${decryptionProfileUrl} ${createDefaultDecryptionProfileds}
- #删除SSL keying文件
- Run Keyword If "${createKeyingIds}"=="${EMPTY}" log no SSL keying profile to del
- ... ELSE DeleteProfileByIds /${version}${keyingProfileUrl} ${createKeyingIds}
+ #删除SSL keyring文件
+ Run Keyword If "${createKeyringIds}"=="${EMPTY}" log no SSL keyring profile to del
+ ... ELSE DeleteProfileByIds /${version}${keyringProfileUrl} ${createKeyringIds}
DeletePolicyAndObject
[Arguments] ${policyids} ${objectids} ${categoriesId}=null
${objectId1} Create List [${objectids}]
diff --git a/keyword/common/login_logout.robot b/keyword/common/login_logout.robot index 60aa56a..695ffd1 100644 --- a/keyword/common/login_logout.robot +++ b/keyword/common/login_logout.robot @@ -3,15 +3,16 @@ Resource ${EXECDIR}/variable/incoming_common_variable.txt Resource ${EXECDIR}/variable/common_variable.txt Library REST ${httpVersion}://${host}:${port} Library Collections -#Library SSHLibrary Library yaml -#Library json Library OperatingSystem Library RequestsLibrary Resource ${EXECDIR}/keyword/policys/policy.robot Resource ${EXECDIR}/keyword/objects/object.robot Resource clear_data.robot Resource ${EXECDIR}/keyword/common/common_interface.robot +Resource ${EXECDIR}/keyword/profiles/profile.robot + +*** Variables *** *** Keywords *** InitPotocol @@ -197,6 +198,8 @@ ApiLogin ${vsysTypeCode} Run Keyword If ${tsgVersion}>=22.10 GetVsysType ${vsysId} ... ELSE Set Variable 1 + Run Keyword If ${tsgVersion}>=22.11 GetTrustAndUnTrustKeying keyringId + Run Keyword If ${tsgVersion}>=22.11 GetDefaultDescryption profileId #初始化接口中策略中引用协议和策略校验协议 Run Keyword If ${addPolicy}==1 InitPotocol #加载对象mode @@ -205,7 +208,8 @@ ApiLogin SET GLOBAL VARIABLE ${createObjectIds} ${EMPTY} SET GLOBAL VARIABLE ${createPolicyIds} ${EMPTY} SET GLOBAL VARIABLE ${createProfileds} ${EMPTY} - SET GLOBAL VARIABLE ${createKeyingIds} ${EMPTY} + SET GLOBAL VARIABLE ${createKeyringIds} ${EMPTY} + SET GLOBAL VARIABLE ${createKeyringId} ${EMPTY} SET GLOBAL VARIABLE ${createDefaultDecryptionProfileds} ${EMPTY} SET GLOBAL VARIABLE ${createDecryptionExclusionIds} ${EMPTY} SET GLOBAL VARIABLE ${createPacketCapturePolicyIds} ${EMPTY} @@ -299,10 +303,11 @@ AddInterceptPolicy SET GLOBAL VARIABLE ${testInterceptIP} ${objectId} ${HTTP_ID} Get From Dictionary ${objprotol} http ${SSL_ID} Get From Dictionary ${objprotol} ssl - ${mvysKeyingId} ${mvysDecryptionProfileId} Run Keyword If "${vsysType}"!="1" CreateMvsysInterProfile tango-ca-v3-trust-ca.cer tango-ca-v3-trust-ca.key + ${mvysKeyringId} ${mvysDecryptionProfileId} Run Keyword If "${vsysType}"!="1" and "${tsgVersion}"=="22.10" CreateMvsysInterProfile tango-ca-v3-trust-ca.cer tango-ca-v3-trust-ca.key ... ELSE Set Variable 1 1 Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":${mvysKeyingId},"decryption":${mvysDecryptionProfileId},"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + ${policyDict} Run Keyword If "${tsgVersion}">="22.11" Create Dictionary policyName=SecurityPolicy-Intercept-001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring_for_trusted":${turstKeyringId},"keyring_for_untrusted":${unTurstKeyringId},"decryption":${defaultDescryptionId},"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + ... ELSE Create Dictionary policyName=SecurityPolicy-Intercept-001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":${mvysKeyringId},"decryption":${mvysDecryptionProfileId},"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} log ${policyDict} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 SET GLOBAL VARIABLE ${testInterceptPolicy} ${policyId} diff --git a/keyword/common/logschema.robot b/keyword/common/logschema.robot index 04cb946..158163e 100644 --- a/keyword/common/logschema.robot +++ b/keyword/common/logschema.robot @@ -22,8 +22,8 @@ GetLogCondition ${filter} Set Variable common_client_ip='${client_ip}' AND common_policy_id=${policy_id} # ${logCondition} Run Keyword If "${logname}"=="security_event" or "${logname}"=="proxy_event" Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition} ,"common_client_ips":"${client_ip}","common_policy_ids":"${policy_id}"} # ... ELSE IF ${logname}=="session_record" and "${schemaType}"="ssh" Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition} ,"common_client_ips":"${client_ip}","common_schema_type":"${schemaType}"} - ${logCondition} Run Keyword If "${logname}"=="security_event" or "${logname}"=="proxy_event" Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","filter":"${filter}"} - ... ELSE IF ${logname}=="session_record" and "${schemaType}"="ssh" Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","filter":"${filter}"} + ${logCondition} Run Keyword If "${logname}"=="security_event" or "${logname}"=="proxy_event" Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","filter":"${filter}","vsysId":${vsysId}} + ... ELSE IF ${logname}=="session_record" and "${schemaType}"="ssh" Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","filter":"${filter}","vsysId":${vsysId}} log this time query condition:${logCondition} Delete All Sessions [Return] ${logCondition} diff --git a/keyword/policys/policy.robot b/keyword/policys/policy.robot index e6772e0..7afd256 100644 --- a/keyword/policys/policy.robot +++ b/keyword/policys/policy.robot @@ -398,6 +398,7 @@ PolilcysByTemplate Log 策略失效或删除,删除要清理统一删除列表
${updateStatus} Run Keyword If ${tsgVersion}>=22.06 Run Keyword And Continue On Failure DisablePolicies ${policyTemp} disable
... ELSE Run Keyword And Continue On Failure DisablePolicies ${policyTemp} disable
+ Log To Console 当前验证已执行完成并关闭策略
Run Keyword If "${updateStatus}" != "200" Log DisableError FOR POLICYS
${updateVerifyPolicyId} Run Keyword If "${opAction}"=="add" Set Variable ${policyId}
log ${editPolicyId}
@@ -1147,7 +1148,7 @@ GetIdFromPolicyId GetIdFromPolicyId1
[Documentation] 从格式数据[{'policyType': 'tsg_security', 'policyIds': [129581]}]中获取策略id,因为是逐个策略添加返回值所以直接去第一个的policyIds即可
[Arguments] ${policyIdList} ${key}=null
- Log To Console Call GetIdFromPolicyId
+ Log To Console Call GetIdFromPolicyId1
Log ${policyIdList}
${id} Set Variable ${EMPTY}
${policyTemp} Create List
@@ -1380,9 +1381,19 @@ CreatePolicysAndObjects ... ELSE IF "${method}"=="insert" Set Variable insert_profile
... ELSE IF "${method}"=="run_script" Set Variable run_script_profile
... ELSE Set Variable message
- ${return} ${keyring} Run Keyword And Ignore Error Get From Dictionary ${policyData} keyring
- ${keyring} = Run Keyword If "${return}"!="FAIL" and "${keyring}" != "None" Set Variable ${keyring}
- ... ELSE Set Variable ""
+ # ${return} ${keyring} Run Keyword And Ignore Error Get From Dictionary ${policyData} keyring
+ # ${keyring} = Run Keyword If "${return}"!="FAIL" and "${keyring}" != "None" Set Variable ${keyring}
+ # ... ELSE Set Variable ""
+ #创建一个新的keyring
+ ${return} ${keyringCertName} Run Keyword And Ignore Error Get From Dictionary ${policyData} keyringCertName
+ ${keyringCertName} = Run Keyword If "${return}"!="FAIL" and "${keyringCertName}" != "None" Set Variable ${keyringCertName}
+ ... ELSE Set Variable ""
+ ${return} ${keyringKeyName} Run Keyword And Ignore Error Get From Dictionary ${policyData} keyringKeyName
+ ${keyringKeyName} = Run Keyword If "${return}"!="FAIL" and "${keyringKeyName}" != "None" Set Variable ${keyringKeyName}
+ ... ELSE Set Variable ""
+
+ ${keyring} Run Keyword If "${return}"!="FAIL" CreateKeyringProfile ${keyringCertName} ${keyringKeyName}
+ ... ELSE Set Variable 1
${return} ${decryption} Run Keyword And Ignore Error Get From Dictionary ${policyData} decryption
${decryption} = Run Keyword If "${return}"!="FAIL" and "${decryption}" != "None" Set Variable ${decryption}
... ELSE Set Variable ""
@@ -1424,7 +1435,8 @@ CreatePolicysAndObjects ... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"!="FAIL" and "${mirrorVlan}"!= "None" and "${policyType}" == "tsg_security" and "${return}" == "FAIL" Set Variable {"protocol":"${key}","traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":${mirrorVlan}}}
... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"=="FAIL" and "${policyType}" == "tsg_security" and "${return}" == "FAIL" Set Variable {"protocol":"${key}","traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":null}}
... ELSE IF "${action}" == "monitor" and "${returnMirrorVlan}"=="FAIL" and "${policyType}" == "tsg_security" and "${return}" != "FAIL" Set Variable {"protocol":"${key}","traffic_mirror":{"enable":${mirrorEnable},"mirror_vlan":null},"packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
- ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" Set Variable {"protocol":"SSL","keyring": ${keyring},"decryption":${decryption},"traffic_mirror":${traffic_mirror}}
+ ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}<=22.10 Set Variable {"protocol":"SSL","keyring": ${keyring},"decryption":${decryption},"traffic_mirror":${traffic_mirror}}
+ ... ELSE IF "${action}" == "intercept" and "${key}" == "ssl" and ${tsgVersion}>=22.11 Set Variable {"protocol":"SSL","keyring_for_trusted":${keyring},"keyring_for_untrusted":${unTurstKeyringId},"decryption":${defaultDescryptionId},"traffic_mirror":${traffic_mirror}}
... ELSE IF "${return}" != "FAIL" Set Variable {"protocol":"${key}","packet_capture":{"enable":${logCapture},"capture_depth":${captureDepth}}}
... ELSE Set Variable {"protocol":"${key}"}
END
@@ -1513,8 +1525,8 @@ CreateSslDecryptionProfile ... ELSE Set Variable ${decryptionProfileJson}
Comment 替换vsysid
- ${policyJson} = Run Keyword If "${vsysId}"!="1" Replace String ${policyJson} "vsysId": 1 "vsysId": ${vsysId}
- ... ELSE Set Variable ${policyJson}
+ ${decryptionProfileJson} = Run Keyword If "${vsysId}"!="1" Replace String ${decryptionProfileJson} "vsysId": 1 "vsysId": ${vsysId}
+ ... ELSE Set Variable ${decryptionProfileJson}
${return} ${issuer} Run Keyword And Ignore Error Get From Dictionary ${decryptionProfile} issuer
${decryptionProfileJson} = Run Keyword If "${return}"!="FAIL" and "${issuer}" != "None" Replace String ${decryptionProfileJson} "issuer": 0 "issuer": ${issuer}
diff --git a/keyword/profiles/profile.robot b/keyword/profiles/profile.robot index 409b889..cdf1820 100644 --- a/keyword/profiles/profile.robot +++ b/keyword/profiles/profile.robot @@ -17,7 +17,7 @@ Library ${EXECDIR}/customlib/judge_profilelist.py ${dnsProfileUrl} /policy/profile/dnsrecords
${resPagesProfileUrl} /v1/policy/profile/responsepages
${hijackProfileUrl} /v1/policy/profile/hijackfiles
-${keyringProfileUrl} /v1/policy/profile/keyringobj
+${keyringProfileUrl} /policy/profile/keyringobj
${tcaProfileUrl} /v1/policy/profile/trustedcacertobj
${insertProfileUrl} /v1/policy/profile/insertscripts
${decryptionUrl} /policy/profile/decryption
@@ -153,7 +153,7 @@ ProfileCreate2 ... ELSE IF "${profileType}"=="respageprofile" CreateResPagesProfile ${profileData}[filename] ${code}
... ELSE IF "${profileType}"=="hijackprofile" CreateHijackProfile ${profileData}[filename] ${profileData}[data] ${code}
... ELSE IF "${profileType}"=="insertprofile" CreateInsertProfile ${profileData}[filename] ${profileData}[data] ${code}
- ... ELSE IF "${profileType}"=="keyingprofile" CreateKeyringProfile ${profileData}[cerfilename] ${profileData}[keyfilename] ${profileData}[data] ${code}
+ ... ELSE IF "${profileType}"=="keyringprofile" CreateKeyringProfile ${profileData}[cerfilename] ${profileData}[keyfilename] ${profileData}[data] ${code}
... ELSE IF "${profileType}"=="tcaprofile" CreateTrustedCertificateAuthoritiesProfile ${profileData}[filename] ${code}
... ELSE IF "${profileType}"=="decryptionprofile" CreateDecryptionProfile ${profileData}[data] ${code}
... ELSE IF "${profileType}"=="trafficmirrorprofile" CreateTrafficMirrorProfile ${profileData}[data] ${code}
@@ -182,8 +182,6 @@ DnsProfileRequest ${bodyJson} json.Dumps ${bodyJson}
${response} Run Keyword If "${opAction}"=="add" BasePostRequestForV2 ${dnsProfileUrl} ${bodyJson} ${version}
... ELSE BaseEditRequestForV2 ${dnsProfileUrl} ${bodyJson} ${version}
- #${response} BasePostRequestForV2 ${dnsProfileUrl} ${bodyJson} ${version}
- #${recordId} Set Variable ${response}[data][list][0][recordId]
${rescode} Set Variable ${response['code']}
Run Keyword If "${code}"=="${EMPTY}" Should Be Equal As Strings ${rescode} 200
... ELSE Should Be Equal As Strings ${rescode} ${code}
@@ -202,9 +200,7 @@ DeleteDnsProfileByIds1 [Arguments] ${profileIds}
${response} BaseDeleteRequest /${version}/${dnsProfileUrl} {"recordIds":${profileIds}}
${response_code} Get From Dictionary ${response} code
- #log aaaaaaaaaa:${response_code}
Should Be Equal As Strings ${response_code} 200
- #Integer ${response_code} 200
${response} Convert to String ${response}
log ${response}
@@ -221,9 +217,7 @@ DeleteProfileByIds1 #删除对象
${response} BaseDeleteRequest ${ProfileUrl} {"${delName}":${recordIds}}
${response_code} Get From Dictionary ${response} code
- #log aaaaaaaaaa:${response_code}
Should Be Equal As Strings ${response_code} 200
- #Integer ${response_code} 200
${response} Convert to String ${response}
log ${response}
@@ -292,42 +286,6 @@ CreateInsertProfile ${insertResponse} ResPagesAndHijackAndInsertProfileRequest ${insertProfileUrl} ${path}insert_files/ ${fileName} ${bodyJson} ${code} ${opAction} ${profileId}
[Return] ${insertResponse}
-CreateKeyringProfile
- [Documentation]
- ... 必传参数:cerFileName公钥文件名称keyFileName私钥文件名称 ${keyingProfileData}(必填参数字典) code 接口返回的code码,为空就代表200
- ... 返回值:${keyingResponse}是文件id
- [Arguments] ${cerFileName} ${keyFileName} ${keyingProfileData} ${code} ${opAction}=add ${profileId}=1
- ${keyringProfileMode}= Get File ${path}/data/template/keyringprofilemode.yaml
- ${keyringProfileModeData}= yaml.Safe Load ${keyringProfileMode}
- ${keyringProfileModeData1} Get From Dictionary ${keyringProfileModeData} keyringprofilemode
- ${keyringProfileModeData1} = Evaluate str(${keyringProfileModeData1})
- ${return} ${keyringType} Run Keyword And Ignore Error Get From Dictionary ${keyingProfileData} keyringType
- log --${keyringType}
- ${keyringProfileModeData1} = Run Keyword If "${return}"!="FAIL" Replace String ${keyringProfileModeData1} 'keyringType': 'root' 'keyringType': '${keyringType}'
- ... ELSE Set Variable ${keyringProfileModeData1}
- ${return} ${publicKeyAlgo} Run Keyword And Ignore Error Get From Dictionary ${keyingProfileData} publicKeyAlgo
- ${keyringProfileModeData1} = Run Keyword If "${return}"!="FAIL" Replace String ${keyringProfileModeData1} 'publicKeyAlgo': 'rsa1024' 'publicKeyAlgo': '${publicKeyAlgo}'
- ... ELSE Set Variable ${keyringProfileModeData1}
- ${return} ${reissueExpiryHour} Run Keyword And Ignore Error Get From Dictionary ${keyingProfileData} reissueExpiryHour
- ${keyringProfileModeData1} = Run Keyword If "${return}"!="FAIL" Replace String ${keyringProfileModeData1} 'reissueExpiryHour': 30 'reissueExpiryHour': ${reissueExpiryHour}
- ... ELSE Set Variable ${keyringProfileModeData1}
- ${return} ${includeRoot} Run Keyword And Ignore Error Get From Dictionary ${keyingProfileData} includeRoot
- ${keyringProfileModeData1} = Run Keyword If "${return}"!="FAIL" Replace String ${keyringProfileModeData1} 'includeRoot': 1 'includeRoot': ${includeRoot}
- ... ELSE Set Variable ${keyringProfileModeData1}
- ${return} ${useHsm} Run Keyword And Ignore Error Get From Dictionary ${keyingProfileData} useHsm
- ${keyringProfileModeData1} = Run Keyword If "${return}"!="FAIL" Replace String ${keyringProfileModeData1} 'useHsm': 1 'useHsm': ${useHsm}
- ... ELSE Set Variable ${keyringProfileModeData1}
- ${return} ${slotId} Run Keyword And Ignore Error Get From Dictionary ${keyingProfileData} slotId
- ${keyringProfileModeData1} = Run Keyword If "${return}"!="FAIL" Replace String ${keyringProfileModeData1} 'slotId': 10 'slotId': ${slotId}
- ... ELSE Set Variable ${keyringProfileModeData1}
- ${suffix} Generate Random String
- ${randomName} Catenate SEPARATOR=_ test ${suffix}
- ${keyringProfileModeData1} Replace String ${keyringProfileModeData1} 'keyringName': 'test' 'keyringName': '${randomName}'
- ${keyringProfileModeData1} Replace String ${keyringProfileModeData1} 'opAction': 'add' 'opAction': '${opAction}'
- ${keyringProfileModeData1} Replace String ${keyringProfileModeData1} 'keyringId': 1 'keyringId': '${profileId}'
- ${bodyJson} dictconversion ${keyringProfileModeData1}
- ${keyringResponse} KeyringsProfileRequest ${keyringProfileUrl} ${path}keying_files/ ${cerFileName} ${keyFileName} ${bodyJson} ${useHsm} ${code} ${opAction} ${profileId}
- [Return] ${keyringResponse}
CreateTrustedCertificateAuthoritiesProfile
[Documentation]
... 必传参数:fileName(文件名称)code 接口返回的code码,为空就代表200
@@ -343,7 +301,7 @@ CreateTrustedCertificateAuthoritiesProfile ${tcaProfileModeData1} Replace String ${tcaProfileModeData1} 'opAction': 'add' 'opAction': '${opAction}'
${tcaProfileModeData1} Replace String ${tcaProfileModeData1} 'certId': 1 'certId': '${profileId}'
${bodyJson} dictconversion ${tcaProfileModeData1}
- ${tcaResponse} TrustedCertificateAuthoritiesProfileRequest ${tcaProfileUrl} ${path}keying_files/ ${fileName} ${bodyJson} ${code} ${opAction} ${profileId}
+ ${tcaResponse} TrustedCertificateAuthoritiesProfileRequest ${tcaProfileUrl} ${path}keyring_files/ ${fileName} ${bodyJson} ${code} ${opAction} ${profileId}
[Return] ${tcaResponse}
@@ -494,9 +452,6 @@ CachedIntermediateCertificatesRequest ${rescode} Set Variable ${response['code']}
Run Keyword If "${code}"=="${EMPTY}" Should Be Equal As Strings ${rescode} 200
... ELSE Should Be Equal As Strings ${rescode} ${code}
- # ${recordId1} Run Keyword If "${rescode}"=="200" Set Variable ${response}[data][list][0][recordId]
- # ... ELSE IF "${rescode}"=="200" and "${opAction}"=="update" Set Variable ${recordId}
- # ... ELSE Set Variable ${EMPTY}
[Return] ${response}
@@ -659,15 +614,20 @@ PayloadProfileRequest CreateMvsysInterProfile
[Arguments] ${cerName} ${keyName}
- ${profiledId} CreatePolicyFile /${version}/policy/profile/keyringobj ${path}/keying_files/ ${cerName} keying ${keyName}
+ ${profiledId} CreatePolicyFile /${version}/policy/profile/keyringobj ${path}/keyring_files/ ${cerName} keyring ${keyName}
${DecryptionProfileId} CreateDefaultDecryptionProfile {"opAction":"add","returnData":1,"list":[{"profileName":"test","profileDesc":"","isValid":1,"isShared":0,"decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}}}],"refuseCode":true,"vsysId":${vsysId}}
[Return] ${profiledId} ${DecryptionProfileId}
+CreateKeyringProfile
+ [Arguments] ${cerName} ${keyName}
+ ${profiledId} CreatePolicyFile /${version}/policy/profile/keyringobj ${path}/keyring_files/ ${cerName} keyring ${keyName} keyring
+ [Return] ${profiledId}
+
CreatePolicyFile
[Documentation]
... 必传参数:url、filePath(文件路径)、fileName(文件名称)、flag(模块标识)
... 可选参数:header(不传时使用默认值)
- [Arguments] ${url} ${filePath} ${fileName} ${flag}=${EMPTY} ${feature}=${EMPTY}
+ [Arguments] ${url} ${filePath} ${fileName} ${flag}=${EMPTY} ${feature}=${EMPTY} ${sslType}=${EMPTY}
log ${feature}
${suffix} Generate Random String
${randomName} Catenate SEPARATOR=_ test ${suffix}
@@ -680,14 +640,14 @@ CreatePolicyFile ... ELSE IF '${flag}'=='insertcss' and ${tsgVersion}<22.06 Set Variable {"isValid":1,"format":"css","insertOn":"","opAction":"add","profileName":"${randomName}","profileId":null,"returnData":1}
... ELSE IF '${flag}'=='insertcss' and ${tsgVersion}>=22.06 Set Variable {"isValid":1,"format":"css","insertOn":"","opAction":"add","profileName":"${randomName}","profileId":null,"vsysId":${vsysId},"isShared":0,"returnData":1}
... ELSE IF '${flag}'=='runScript' and ${tsgVersion}>=22.08 Set Variable {"maxExecTime":${feature},"namespaceId":1,"opAction":"add","profileName":"${randomName}","vsysId":${vsysId},"returnData":1}
- ... ELSE IF '${flag}'=='keying' and ${tsgVersion}>=22.10 Set Variable {"isValid":1,"opAction":"add","returnData":1,"keyringName":"${fileName}","keyringType":"root","reissueExpiryHour":24,"crl":"null","publicKeyAlgo":"rsa2048","keyringId":null,"includeRoot":0,"useHsm":0,"vsysId":${vsysId},"isShared":0,"slotId":null}
+ ... ELSE IF '${flag}'=='keyring' and ${tsgVersion}>=22.10 Set Variable {"isValid":1,"opAction":"add","returnData":1,"keyringName":"${fileName}","keyringType":"root","reissueExpiryHour":24,"crl":"null","publicKeyAlgo":"rsa2048","keyringId":null,"includeRoot":0,"useHsm":0,"vsysId":${vsysId},"isShared":0,"slotId":null}
${header} Set Variable ${value}
${binFile} Evaluate open(r"${filePath}${fileName}",'rb')
- ${privateBinFile} Run Keyword If "${flag}"=="keying" Evaluate open(r"${filePath}${feature}",'rb')
+ ${privateBinFile} Run Keyword If "${flag}"=="keyring" Evaluate open(r"${filePath}${feature}",'rb')
... ELSE Set Variable ${EMPTY}
- ${fileDict} Run Keyword If "${flag}"=="keying" Create Dictionary publicFile=${binFile} privateFile=${privateBinFile}
+ ${fileDict} Run Keyword If "${flag}"=="keyring" Create Dictionary publicFile=${binFile} privateFile=${privateBinFile}
... ELSE Create Dictionary file=${binFile}
${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream
${suffix} Generate Random String
@@ -696,9 +656,9 @@ CreatePolicyFile ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc}
${msg} Set Variable ${content['msg']}
${list} Set Variable ${content['data']['list']}
- ${profiledId} Run Keyword If "${flag}"=="keying" Set Variable ${list[0]['keyringId']}
+ ${profiledId} Run Keyword If "${flag}"=="keyring" Set Variable ${list[0]['keyringId']}
... ELSE Set Variable ${list[0]['profileId']}
- ${profileName} Run Keyword If "${flag}"=="keying" Set Variable ${list[0]['keyringName']}
+ ${profileName} Run Keyword If "${flag}"=="keyring" Set Variable ${list[0]['keyringName']}
... ELSE Set Variable ${list[0]['profileName']}
${response} Create Dictionary msg=${msg} profileId=${profiledId} profileName=${profileName}
Log add operation:${msg}
@@ -706,7 +666,8 @@ CreatePolicyFile ${profiledIdList} Create List ${profiledId}
${createProfiledsTemp} Run Keyword If "${createProfileds}"!="${EMPTY}" AppendListToList ${createProfileds} ${profiledIdList}
... ELSE Set Variable ${profiledIdList}
- Run Keyword If "${flag}"=="keying" SET GLOBAL VARIABLE ${createKeyingIds} ${createProfiledsTemp}
+ Run Keyword If "${flag}"=="keyring" and "${sslType}"=="${EMPTY}" SET GLOBAL VARIABLE ${createKeyringIds} ${createProfiledsTemp}
+ ... ELSE IF "${flag}"=="keyring" and "${sslType}"!="${EMPTY}" SET GLOBAL VARIABLE ${createKeyringId} ${createProfiledsTemp}
... ELSE SET GLOBAL VARIABLE ${createProfileds} ${createProfiledsTemp}
[Return] ${profiledId}
@@ -714,9 +675,6 @@ CreateDecryptionProfile [Documentation]
... 创建SSL解密配置文件
[Arguments] ${decryptionProfileJson} ${code}=null
- # ${returnData} Get From Dictionary ${decryptionProfileJson} returnData
- # ${bodyJson} json.Dumps ${decryptionProfileJson}
- # log ${bodyJson}
${response} BasePostRequestForV2 ${decryptionProfileUrl} ${decryptionProfileJson} ${version}
log ${response}
@@ -732,9 +690,6 @@ CreateDefaultDecryptionProfile [Documentation]
... 创建默认的SSL解密配置文件
[Arguments] ${decryptionProfileJson} ${code}=null
- # ${returnData} Get From Dictionary ${decryptionProfileJson} returnData
- # ${bodyJson} json.Dumps ${decryptionProfileJson}
- # log ${bodyJson}
${response} BasePostRequestForV2 ${decryptionProfileUrl} ${decryptionProfileJson} ${version}
log ${response}
@@ -744,4 +699,39 @@ CreateDefaultDecryptionProfile ${createDefaultDecryptionProfiledsTemp} Run Keyword If "${createDefaultDecryptionProfileds}"!="${EMPTY}" AppendListToList ${createDefaultDecryptionProfileds} ${profiledIdList}
... ELSE Set Variable ${profiledIdList}
SET GLOBAL VARIABLE ${createDefaultDecryptionProfileds} ${createDefaultDecryptionProfiledsTemp}
- [Return] ${profiledId}
\ No newline at end of file + [Return] ${profiledId}
+
+GetTrustAndUnTrustKeying
+ [Arguments] ${resType}
+ ${headers} Set variable {"Authorization":"${token}","Content-Type":"application/json"}
+ Create session api ${httpVersion}://${host}:${port} ${headers} verify=false
+ #查询SSL的内置信任Keying
+ ${response} Get Request api /${version}${keyringProfileUrl}?vsysId=${vsysId}&keyringName=Trusted Default&isIntegratedSubVsys=false
+ ${turstKeyring} GetResId ${response} ${resType}
+ SET GLOBAL VARIABLE ${turstKeyringId} ${turstKeyring}
+ #查询SSL的内置信任Keying
+ ${response} Get Request api /${version}${keyringProfileUrl}?vsysId=${vsysId}&keyringName=Untrusted&isIntegratedSubVsys=false
+ ${unTurstKeyring} GetResId ${response} ${resType}
+ SET GLOBAL VARIABLE ${unTurstKeyringId} ${unTurstKeyring}
+ [Return] ${turstKeyringId} ${unTurstKeyringId}
+
+GetDefaultDescryption
+ [Arguments] ${resType}
+ ${headers} Set variable {"Authorization":"${token}","Content-Type":"application/json"}
+ Create session api ${httpVersion}://${host}:${port} ${headers} verify=false
+ #查询SSL的内置信任Keying
+ ${response} Get Request api /${version}${decryptionUrl}?vsysId=${vsysId}&keyringName=decryption-default&isIntegratedSubVsys=false
+ ${defaultDescryption} GetResId ${response} ${resType}
+ SET GLOBAL VARIABLE ${defaultDescryptionId} ${defaultDescryption}
+ [Return] ${defaultDescryptionId}
+
+GetResId
+ [Arguments] ${response} ${resType}
+ ${response} to json ${response.content}
+ ${list} Set variable ${response['data']['list']}
+ FOR ${item} IN @{list}
+ ${isBuiltin} Get From Dictionary ${item} isBuiltin
+ ${id} Get From Dictionary ${item} ${resType}
+ Run Keyword If "${isBuiltin}"=="1" Exit for loop
+ END
+ [Return] ${id}
\ No newline at end of file diff --git a/other/data/security/ssl/security-ssl-allow-fqdn-exactly-famousSites-data.yaml b/other/data/security/ssl/security-ssl-allow-fqdn-exactly-famousSites-data.yaml index d35a624..9219c9c 100644 --- a/other/data/security/ssl/security-ssl-allow-fqdn-exactly-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-allow-fqdn-exactly-famousSites-data.yaml @@ -28,30 +28,6 @@ - "queryFiledKey": "ssl_sni" "queryValue": "www.youtube.com" - - - "hopeSuccessNumber": 1 - "command": "wget -q -O- https://twitter.com/" - "commandRes": "Help Center" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "twitter.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.facebook.com/" - "commandRes": "登录或注册" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.facebook.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.google.com.hk/ | iconv -f utf-8 -t gbk" - "commandRes": "Google" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.google.com" "isValid": 1 "scheduleId": "condation": diff --git a/other/data/security/ssl/security-ssl-allow-fqdn-suffix-famousSites-data.yaml b/other/data/security/ssl/security-ssl-allow-fqdn-suffix-famousSites-data.yaml index 4382e30..d701fe1 100644 --- a/other/data/security/ssl/security-ssl-allow-fqdn-suffix-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-allow-fqdn-suffix-famousSites-data.yaml @@ -28,30 +28,6 @@ - "queryFiledKey": "ssl_sni" "queryValue": "www.youtube.com" - - - "hopeSuccessNumber": 1 - "command": "wget -q -O- https://twitter.com/" - "commandRes": "Help Center" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "twitter.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.facebook.com/" - "commandRes": "登录或注册" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.facebook.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.google.com.hk/ | iconv -f utf-8 -t gbk" - "commandRes": "Google" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.google.com" "isValid": 1 "scheduleId": "condation": diff --git a/other/data/security/ssl/security-ssl-deny-fqdn-exactly-famousSites-data.yaml b/other/data/security/ssl/security-ssl-deny-fqdn-exactly-famousSites-data.yaml index 57e6e97..1812c6f 100644 --- a/other/data/security/ssl/security-ssl-deny-fqdn-exactly-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-deny-fqdn-exactly-famousSites-data.yaml @@ -1,9 +1,9 @@ #注意keywordArray下的关键字必须为数组形式 -"deny-fqdn-exactly-famousSites_data": +"deny-reset-fqdn-exactly-famousSites_data": - "opAction": "add" "returnData": 1 - "policyName": "security-ssl-deny-fqdn-exactly-0001" + "policyName": "security-ssl-deny-reset-fqdn-exactly-famousSites" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -27,8 +27,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.youtube.com" "logQueryParam": - "queryFiledKey": "ssl_sni" @@ -37,8 +35,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.google.com" "logQueryParam": - "queryFiledKey": "ssl_sni" @@ -65,11 +61,12 @@ - "keywordArray": - "$twitter.com" - "keywordArray": - - "$www.youtube.com" + - "$www.youtube.com" +"deny-tamper-fqdn-exactly-famousSites_data": - "opAction": "add" "returnData": 1 - "policyName": "security-ssl-deny-fqdn-exactly-0002" + "policyName": "security-ssl-deny-tamper-fqdn-exactly-famousSites" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -91,8 +88,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.youtube.com" "logQueryParam": - "queryFiledKey": "ssl_sni" @@ -101,8 +96,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.facebook.com/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.facebook.com" "logQueryParam": - "queryFiledKey": "ssl_sni" @@ -111,8 +104,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.google.com" "logQueryParam": - "queryFiledKey": "ssl_sni" @@ -142,4 +133,117 @@ - "$twitter.com" - "keywordArray": - "$www.youtube.com" -
\ No newline at end of file +"ipv6-deny-reset-fqdn-exactly-famousSites_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ipv6-ssl-deny-reset-fqdn-exactly-famousSites" + "policyType": "tsg_security" + "logType": "security_event" + "action": "deny" + "method": "reset" + "isGre": 0 + "userTags": "" + "doBlacklist": 0 + "doLog": 1 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "protocol": "ssl" + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "logCapture": 1 + "captureDepth": 2000 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.youtube.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.google.com" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "$www.google.com.hk" + - "keywordArray": + - "$www.youtube.com" +"ipv6-deny-tamper-fqdn-exactly-famousSites_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ipv6-ssl-deny-tamper-fqdn-exactly-famousSites" + "policyType": "tsg_security" + "logType": "security_event" + "action": "deny" + "isGre": 0 + "method": "tamper" + "userTags": "" + "doBlacklist": 0 + "doLog": 1 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "protocol": "ssl" + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.youtube.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.facebook.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.facebook.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.google.com" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "$www.facebook.com" + - "keywordArray": + - "$www.google.com.hk" + - "keywordArray": + - "$www.youtube.com"
\ No newline at end of file diff --git a/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml b/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml index d8f5cb0..045002d 100644 --- a/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml @@ -1,9 +1,9 @@ #注意keywordArray下的关键字必须为数组形式 -"deny-fqdn-suffix-famousSites_data": +"deny-reset-fqdn-suffix-famousSites_data": - "opAction": "add" "returnData": 1 - "policyName": "security-ssl-deny-fqdn-suffix-0001" + "policyName": "security-ssl-deny-reset-fqdn-suffix-famousSites" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -72,10 +72,11 @@ - "*ogle.com.hk" - "keywordArray": - "*ter.com" +"deny-tamper-fqdn-suffix-famousSites_data": - "opAction": "add" "returnData": 1 - "policyName": "security-ssl-deny-fqdn-suffix-0002" + "policyName": "security-ssl-deny-tamper-fqdn-suffix-famousSites" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -138,10 +139,11 @@ - "*cebook.com" - "keywordArray": - "*ogle.com.hk" +"deny-log-close-fqdn-suffix-famousSites_data": - "opAction": "add" "returnData": 1 - "policyName": "security-ssl-deny-fqdn-suffix-0001" + "policyName": "security-ssl-deny-log-close-fqdn-suffix-famousSites" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -209,4 +211,191 @@ - "keywordArray": - "*ogle.com.hk" - "keywordArray": - - "*ter.com"
\ No newline at end of file + - "*ter.com" +"ipv6-deny-reset-fqdn-suffix-famousSites_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ipv6-ssl-deny-reset-fqdn-suffix-famousSites" + "policyType": "tsg_security" + "logType": "security_event" + "action": "deny" + "method": "reset" + "isGre": 0 + "userTags": "" + "doBlacklist": 0 + "doLog": 1 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "protocol": "ssl" + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.youtube.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.facebook.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.facebook.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" + "commandRes": "Connection reset by peer" + "schemaType": "ssl_sni" + "schemaVerify": "www.google.com" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.google.com" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "*youtube.com" + - "keywordArray": + - "*cebook.com" + - "keywordArray": + - "*ogle.com.hk" +"ipv6-deny-tamper-fqdn-suffix-famousSites_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ipv6-ssl-deny-tamper-fqdn-suffix-famousSites" + "policyType": "tsg_security" + "logType": "security_event" + "action": "deny" + "isGre": 0 + "method": "tamper" + "userTags": "" + "doBlacklist": 0 + "doLog": 1 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "protocol": "ssl" + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.youtube.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.facebook.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.facebook.com" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "www.google.com" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "*youtube.com" + - "keywordArray": + - "*cebook.com" + - "keywordArray": + - "*ogle.com.hk" +"ipv6-deny-log-close-fqdn-suffix-famousSites_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ipv6-ssl-deny-log-close-fqdn-suffix-famousSites" + "policyType": "tsg_security" + "logType": "security_event" + "action": "deny" + "method": "reset" + "isGre": 0 + "userTags": "" + "doBlacklist": 0 + "doLog": 0 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "protocol": "ssl" + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "empty" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.facebook.com/" + "commandRes": "Connection reset by peer" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "empty" + - + "hopeSuccessNumber": 1 + "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.google.com.hk/" + "commandRes": "Connection reset by peer" + "schemaType": "ssl_sni" + "schemaVerify": "www.google.com" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "empty" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "*youtube.com" + - "keywordArray": + - "*cebook.com" + - "keywordArray": + - "*ogle.com.hk"
\ No newline at end of file diff --git a/other/data/security/ssl/security-ssl-intercept-certificate-transparency-data.yaml b/other/data/security/ssl/security-ssl-intercept-certificate-transparency-data.yaml index 873f3fd..60b3002 100644 --- a/other/data/security/ssl/security-ssl-intercept-certificate-transparency-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-certificate-transparency-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 @@ -55,7 +56,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-commonName-data.yaml b/other/data/security/ssl/security-ssl-intercept-commonName-data.yaml index 7fec2f2..117a0e6 100644 --- a/other/data/security/ssl/security-ssl-intercept-commonName-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-commonName-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-commonName-failAction-data.yaml b/other/data/security/ssl/security-ssl-intercept-commonName-failAction-data.yaml index 67de8f2..473b3f0 100644 --- a/other/data/security/ssl/security-ssl-intercept-commonName-failAction-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-commonName-failAction-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 1 @@ -53,7 +54,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "fail_action": "pass-through" diff --git a/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml b/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml index 7789f2f..7c1e09d 100644 --- a/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "exclusionFqdn": "$www.example.com" "traffic_mirror": diff --git a/other/data/security/ssl/security-ssl-intercept-ev-certificate-data.yaml b/other/data/security/ssl/security-ssl-intercept-ev-certificate-data.yaml index 3afafd0..99c23bb 100644 --- a/other/data/security/ssl/security-ssl-intercept-ev-certificate-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-ev-certificate-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 @@ -55,7 +56,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml b/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml index fe17448..8a5b5fe 100644 --- a/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 @@ -54,7 +55,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "fail_action": "pass-through" diff --git a/other/data/security/ssl/security-ssl-intercept-expiry-date-untrusted-data.yaml b/other/data/security/ssl/security-ssl-intercept-expiry-date-untrusted-data.yaml index 7f7985f..04f8086 100644 --- a/other/data/security/ssl/security-ssl-intercept-expiry-date-untrusted-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-expiry-date-untrusted-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 0 + "keyringCertName": "tango-ca-v3-untrust-ca.cer" + "keyringKeyName": "tango-ca-v3-untrust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-data.yaml b/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-data.yaml index d5dc74f..7b2c27d 100644 --- a/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "traffic_mirror": "enable": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-famousSites-data.yaml b/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-famousSites-data.yaml index cd18c19..177e75e 100644 --- a/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-fqdn-exactly-famousSites-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "traffic_mirror": "enable": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-data.yaml b/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-data.yaml index f48e736..a3e27bd 100644 --- a/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "traffic_mirror": "enable": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-famousSites-data.yaml b/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-famousSites-data.yaml index 4ebe3d9..e2f4b2f 100644 --- a/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-fqdn-suffix-famousSites-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "traffic_mirror": "enable": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-issue-data.yaml b/other/data/security/ssl/security-ssl-intercept-issue-data.yaml index 377d14c..a3ee654 100644 --- a/other/data/security/ssl/security-ssl-intercept-issue-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-issue-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 @@ -55,7 +56,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml b/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml index 2473bd8..00172f2 100644 --- a/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 @@ -54,7 +55,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-no-filter-data.yaml b/other/data/security/ssl/security-ssl-intercept-no-filter-data.yaml index 58d3812..4c456d8 100644 --- a/other/data/security/ssl/security-ssl-intercept-no-filter-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-no-filter-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "traffic_mirror": "enable": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-only-ipAndApplication-data.yaml b/other/data/security/ssl/security-ssl-intercept-only-ipAndApplication-data.yaml index b8e0af8..a9d656a 100644 --- a/other/data/security/ssl/security-ssl-intercept-only-ipAndApplication-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-only-ipAndApplication-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "traffic_mirror": "enable": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-self-signed-data.yaml b/other/data/security/ssl/security-ssl-intercept-self-signed-data.yaml index 3f4afa2..16d5447 100644 --- a/other/data/security/ssl/security-ssl-intercept-self-signed-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-self-signed-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml b/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml index 3976225..c865051 100644 --- a/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml @@ -8,7 +8,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 @@ -54,7 +55,8 @@ "logType": "security_event" "isGre": 0 "action": "intercept" - "keyring": 1 + "keyringCertName": "tango-ca-v3-trust-ca.cer" + "keyringKeyName": "tango-ca-v3-trust-ca.key" "decryption": 1 "decryptionProfile": "cn": 0 diff --git a/other/data/security/ssl/security-ssl-monitor-fqdn-exactly-famousSites-data.yaml b/other/data/security/ssl/security-ssl-monitor-fqdn-exactly-famousSites-data.yaml index ca4e078..aa8db83 100644 --- a/other/data/security/ssl/security-ssl-monitor-fqdn-exactly-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-monitor-fqdn-exactly-famousSites-data.yaml @@ -30,30 +30,6 @@ - "queryFiledKey": "ssl_sni" "queryValue": "www.youtube.com" - - - "hopeSuccessNumber": 1 - "command": "wget -q -O- https://twitter.com/" - "commandRes": "Help Center" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "twitter.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.facebook.com/" - "commandRes": "登录或注册" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.facebook.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.google.com.hk/ | iconv -f utf-8 -t gbk" - "commandRes": "Google" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.google.com" "isValid": 1 "scheduleId": "condation": @@ -128,4 +104,4 @@ "objectList": - "addItemList": - "keywordArray": - - "$freestockimages.ru" + - "*eestockimages.ru" diff --git a/other/data/security/ssl/security-ssl-monitor-fqdn-suffix-famousSites-data.yaml b/other/data/security/ssl/security-ssl-monitor-fqdn-suffix-famousSites-data.yaml index 33b653a..0dda166 100644 --- a/other/data/security/ssl/security-ssl-monitor-fqdn-suffix-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-monitor-fqdn-suffix-famousSites-data.yaml @@ -30,30 +30,6 @@ - "queryFiledKey": "ssl_sni" "queryValue": "www.youtube.com" - - - "hopeSuccessNumber": 1 - "command": "wget -q -O- https://twitter.com/" - "commandRes": "Help Center" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "twitter.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.facebook.com/" - "commandRes": "登录或注册" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.facebook.com" - - - "hopeSuccessNumber": 1 - "command": "curl -kv --http1.0 https://www.google.com.hk/ | iconv -f utf-8 -t gbk" - "commandRes": "Google" - "logQueryParam": - - - "queryFiledKey": "ssl_sni" - "queryValue": "www.google.com" "isValid": 1 "scheduleId": "condation": diff --git a/other/keying_files/end-entity_caentity.cer b/other/keyring_files/end-entity_caentity.cer index 0573c36..0573c36 100644 --- a/other/keying_files/end-entity_caentity.cer +++ b/other/keyring_files/end-entity_caentity.cer diff --git a/other/keying_files/end-entity_caentity.chain.pem b/other/keyring_files/end-entity_caentity.chain.pem index a67faa0..a67faa0 100644 --- a/other/keying_files/end-entity_caentity.chain.pem +++ b/other/keyring_files/end-entity_caentity.chain.pem diff --git a/other/keying_files/end-entity_caentity.key b/other/keyring_files/end-entity_caentity.key index 7dc70c1..7dc70c1 100644 --- a/other/keying_files/end-entity_caentity.key +++ b/other/keyring_files/end-entity_caentity.key diff --git a/other/keying_files/intermediate_camiddle.cer b/other/keyring_files/intermediate_camiddle.cer index c1d1d79..c1d1d79 100644 --- a/other/keying_files/intermediate_camiddle.cer +++ b/other/keyring_files/intermediate_camiddle.cer diff --git a/other/keying_files/intermediate_camiddle.chain.pem b/other/keyring_files/intermediate_camiddle.chain.pem index ffb67b0..ffb67b0 100644 --- a/other/keying_files/intermediate_camiddle.chain.pem +++ b/other/keyring_files/intermediate_camiddle.chain.pem diff --git a/other/keying_files/intermediate_camiddle.key b/other/keyring_files/intermediate_camiddle.key index a426c08..a426c08 100644 --- a/other/keying_files/intermediate_camiddle.key +++ b/other/keyring_files/intermediate_camiddle.key diff --git a/other/keying_files/null.cer b/other/keyring_files/null.cer index e69de29..e69de29 100644 --- a/other/keying_files/null.cer +++ b/other/keyring_files/null.cer diff --git a/other/keying_files/root_ca.cer b/other/keyring_files/root_ca.cer index 4397d29..4397d29 100644 --- a/other/keying_files/root_ca.cer +++ b/other/keyring_files/root_ca.cer diff --git a/other/keying_files/root_ca.key b/other/keyring_files/root_ca.key index ebc3e78..ebc3e78 100644 --- a/other/keying_files/root_ca.key +++ b/other/keyring_files/root_ca.key diff --git a/other/keyring_files/tango-ca-v3-trust-ca.cer b/other/keyring_files/tango-ca-v3-trust-ca.cer new file mode 100644 index 0000000..454de76 --- /dev/null +++ b/other/keyring_files/tango-ca-v3-trust-ca.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIJAKkZA2wHOYFDMA0GCSqGSIb3DQEBCwUAMC0xDzANBgNV +BAMMBlRTRyBDQTEaMBgGA1UECgwRTWFzZXJhdGkgU29sdXRpb24wHhcNMjIwMjE2 +MDg0OTMyWhcNNDIwMjExMDg0OTMyWjAtMQ8wDQYDVQQDDAZUU0cgQ0ExGjAYBgNV +BAoMEU1hc2VyYXRpIFNvbHV0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAyAfT3h/At7OaSH7/hqvh5H+NFMJAsuM6RsB812idxrNdnEldIJb1sh4J +JbPViI/hhCrB6e3rx27oeyFsxFPRmFK+dEpIHI9pQra+ZT8BN1G2seRMOuiZ7p/J +tKtyff9ejwpVzk3nGrRRsFJ7lRHaXZy7vE2oS+ne9re8eYcSg1aBv34uOljwHjPH +k/8iM1pPcHLUdUdRrH1R+SutIx3PciwI0FjBGIB+yUTFpxlcGTySdFOHiSiJESdD +4k8/2bkSy80Iu8mgmeEL4zPxcLb4nGyxvi/SZNceVBiT27Y+Ry89Ml83C0ERnApY +a9XULndiCgHaGla1BLOOiEjAM71mrwIDAQABo4GbMIGYMBEGCWCGSAGG+EIBAQQE +AwICBDBJBgNVHSUEQjBABggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggr +BgEFBQcDCAYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDAdBgNVHQ4EFgQUmZAagCLQ +uMZ/T7bKkhL/3jzlgacwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZI +hvcNAQELBQADggEBACIxLmfZdlncpBdv5q+aBFXaoPacrcQ+Sp6+mzkeasgmW3PU +dfgJlTqJXNdG9D3VWCuWMzVsDDlP0tKKOXCXJ2mU3WwbfVKddQ/AP4b4jQannH4A +6bkZXm+kwJH40oOymPT+AwVXKcrmHor31j5yIKiffvimEtH511i1iPMxE4KmwN/o +ntHfww14Pk3ICCt7dMJsiTHHp9GU+XlcjwmzGEgBoD3B+8CYhYOk5kT3XbuopSXw +98XTsZHy83xPOsJ1p6nhOP9dlh1/2G0KBOe1kvn8s1gP5ojUPpYvf2MzHw90Pnpy +LhiVVAWOET2MANXMLaJisLI3/XPfmPqQUFza5os= +-----END CERTIFICATE----- diff --git a/other/keyring_files/tango-ca-v3-trust-ca.key b/other/keyring_files/tango-ca-v3-trust-ca.key new file mode 100644 index 0000000..19f2374 --- /dev/null +++ b/other/keyring_files/tango-ca-v3-trust-ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyAfT3h/At7OaSH7/hqvh5H+NFMJAsuM6RsB812idxrNdnEld +IJb1sh4JJbPViI/hhCrB6e3rx27oeyFsxFPRmFK+dEpIHI9pQra+ZT8BN1G2seRM +OuiZ7p/JtKtyff9ejwpVzk3nGrRRsFJ7lRHaXZy7vE2oS+ne9re8eYcSg1aBv34u +OljwHjPHk/8iM1pPcHLUdUdRrH1R+SutIx3PciwI0FjBGIB+yUTFpxlcGTySdFOH +iSiJESdD4k8/2bkSy80Iu8mgmeEL4zPxcLb4nGyxvi/SZNceVBiT27Y+Ry89Ml83 +C0ERnApYa9XULndiCgHaGla1BLOOiEjAM71mrwIDAQABAoIBAQC7LxgEdJJTVa66 +yJ012QK6YOIU2vLQc/LE4rvwl+WNW6vt5HlRVfL1i0XkEjVwZbQTii+MSSiqqA7F +qrGtxwIMGOJA0IJKt6k41Om2tQ7eRYlBTvJG7gOeWcjXWNj7L029bV5+gEgTpUoM +RiN/jAVcNJ85xzIGWARdu/KThuK8I0AXF2G1z/xpWlBrVr9LPG7zgpJgChxzHtV0 +1PYizR1ruRXO9OD7tSCmO81+0TXNeA96RPaj4x/f4Lm9nyct9AM1QzBchKaqXy1h +2C3Bp0NWXsszSPj2m6Z7wCnP6bV+b7/qCBP1mOZR8485oZ+/Gk0oWpLEHPV66Xwb +eOKCe2qBAoGBAOV3O7YOKaDZpUlACqoJSuUR+HbNrU+FDhe2KlrEkCFTb2nEDSFV +DAbhKJ+aOKg0EqfcKtmsOKne4YnLeERQ9rP4Hvs6++DwJs3nMovtywvv4q51WvWf +msGyHAm2cagggFIDcA4tQS2RPLXPxkTDXGRXHKiqVGvqAS2fIfgyA0gVAoGBAN8p +PRbwvGydn9FShcGwqB47AcnGNJJLhRkvqOo2u+WVl9CBMoMKwmz5BbExapn8nYo1 +fm6Cu1xHTudP1weAXS5d1qL6Eg9YfQgU9gtOVpCVJ35M0kX2xgZgxfNFLZa33AH7 +8Pin2OdFAGO05wwb/GrjBHhwaSqdrFaaya/IKgCzAoGAeOIITc9GNNuTjHQ1agA9 +OVHvP774h0TD+M/Znjmg6D2JGwHSHPYtwM4K1ZGsOUg9b7q3xDZLH4ov7KSI9gxk ++shCof0fxg8dkiky4q5h4ib8lwVx5qWvJE1NIfzAAV8l2o6/EGjcxkGV5v3PKFh2 +qtGNYnlgwfzjpAIKJjNKsUUCgYAZKe9HjPHSVZvV4LZQdvkeH40+EWmQLY/enS8w +6ecaJlouGsN1X1s5KoNnzai1oHSrRwjwsTErYKcXEjuvDtxzBAXV7tjmfhXrOWHd +OIIuX4NKjKMRXJhL09G+csiHPEhEuQIdJ+Afg/pdQ+LhzK4T53Fzm0lgktMCGQYx +GiMSXQKBgQC0fIfu0/DnB4sWVhlrU8uTlW8ULGZbRNFB4ZxJfqFPCKGWzGWlxlxn +k4xKqcxpYHkcM2jIQIDWAgRodtb/3Y9Ir4m6/EEYQsZD7k2yl/X72zEcKW4+VRA0 +HOMezXsN2ze3Y2nFruXcXFbm8W0RxF0+6NpKLlhBXxZWjXDZyL74zQ== +-----END RSA PRIVATE KEY----- diff --git a/other/keyring_files/tango-ca-v3-untrust-ca.cer b/other/keyring_files/tango-ca-v3-untrust-ca.cer new file mode 100644 index 0000000..f7b2849 --- /dev/null +++ b/other/keyring_files/tango-ca-v3-untrust-ca.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIJAPR/4X//sMw6MA0GCSqGSIb3DQEBCwUAMDcxGTAXBgNV +BAMMEFRTRyBDQSBVbnRydXN0ZWQxGjAYBgNVBAoMEU1hc2VyYXRpIFNvbHV0aW9u +MB4XDTIyMDIxNjA4NTI1MFoXDTQyMDIxMTA4NTI1MFowNzEZMBcGA1UEAwwQVFNH +IENBIFVudHJ1c3RlZDEaMBgGA1UECgwRTWFzZXJhdGkgU29sdXRpb24wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRKodTSHZ96CSdzBGwpqqIN3YvJfC +T+x3QDY3X4eSOXLBIBRUM1o5qsqRjPbZwJDGcDCfu3RI6K9sUFPSRNI2cGJf25rH +6ZoVtVwOCI0x+IK0kJboL4uzjJm8ym62uo4idiLYf+NE2+X8yzZqs4MIJZmrU32D +4ShgO/r2uQ2fC+Y+JyHnOjLm7sKi3XlsG8iuBfUFN78j2Q1QaTl/PeLGQZaxL4ry +QMQz9Jt32javBpm8i2FwDMzjtQC2K23JjFPf0ub4oEY2u42OTMbkpE9/ysJVOeDp +btPOOkeoCSeuvDz6eBPTmsIzWOSmUSGIPWl+pNRwgrAirzNcZGjRDpILAgMBAAGj +gZswgZgwEQYJYIZIAYb4QgEBBAQDAgIEMEkGA1UdJQRCMEAGCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMIBgorBgEEAYI3CgMBBgorBgEEAYI3 +CgMEMB0GA1UdDgQWBBQBa3CLowvUuZ3M67ngQIQDoSAR6jAMBgNVHRMEBTADAQH/ +MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAJa8jp2xQACqH+LlP6Ci8 +u+bgtuvAWdapPetVoqDVl1G0rEqo7JKWbC434uCbQ6r186nhf8X5EI1wFAyJnZOR +M+m9ZIezD+H/ynosJG/8o0Pm/y3zfGeEI4vGqTmoPUJVPSyV0ndYxoXVY/94XOXQ +daXZom82041dP1nwh/HQwjSQy+u+7tqm4/qlA1Vvtc6R6b4PJyiQglMf/7LcVumc +ua9rer07+bsqK6/cf2799qXwwt2uctqDAelN6qVU6rEPX29xhPOpg/A3Ya9EgLyn +pimU80Bk+FjPSbdWNMPzSs3E7C2G31hwJQjki1sdTxJ/HpuH/BdurmjhOIJkURX1 +wQ== +-----END CERTIFICATE----- + diff --git a/other/keyring_files/tango-ca-v3-untrust-ca.key b/other/keyring_files/tango-ca-v3-untrust-ca.key new file mode 100644 index 0000000..3994a97 --- /dev/null +++ b/other/keyring_files/tango-ca-v3-untrust-ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzESqHU0h2fegkncwRsKaqiDd2LyXwk/sd0A2N1+HkjlywSAU +VDNaOarKkYz22cCQxnAwn7t0SOivbFBT0kTSNnBiX9uax+maFbVcDgiNMfiCtJCW +6C+Ls4yZvMputrqOInYi2H/jRNvl/Ms2arODCCWZq1N9g+EoYDv69rkNnwvmPich +5zoy5u7Cot15bBvIrgX1BTe/I9kNUGk5fz3ixkGWsS+K8kDEM/Sbd9o2rwaZvIth +cAzM47UAtittyYxT39Lm+KBGNruNjkzG5KRPf8rCVTng6W7TzjpHqAknrrw8+ngT +05rCM1jkplEhiD1pfqTUcIKwIq8zXGRo0Q6SCwIDAQABAoIBAEBrNyredFqFGYKX +TAZEwPn+O3hqoYGKKwzAl1iHK/4VV/dH4qFbQI0HK7MTPZYWgJHUN8FoIJgNqaUD +ACxDv/ejIaMRYpLBPPKzq0BRuhWURcQkBTNcKzaIlMNRI/FEjCaaEwsr6cSBhNpg +S90Cl8Qt93RsdBzvGQigYdkFKyKI0eVtXLatRUuS+eCNY0XgfsPRr3wWuliYj85f +DVuaBu58XHDvQIgBbubvIc1uo0kZkACmYrTdwS0O5dWU2C6eVXGHX8U2/zSurn9s +kYqBH1DH2A38Z8ck6k7DFicRtDA2EPfzvCvHm7nHIEdh5tGzD5WqvPRIXqnQ4jBd +zBAEJkECgYEA6OwMD7tRtkXn9tJ0FSNYge03L1ShCewcQ0bvpkKKLvg0bny2RynC +MYHjjgvvQvLb07hZoUqszMhAmrPr+xWfp/eoi7ERqqafElbE07LE26VVslKCCd7n +6qa1vZUIFmjThfuImMBWPILNOGwFyOvCaAxIHsvy9P9x2EcsIfV4x2MCgYEA4IHT +swtVFxm3HAia47k7tnlCRUvV/xkVH5Cyp5E70jgi67G6TKk1Aw88ZTVpoVg5U31z +jfdK0b9mF/gbgYYDtZHlq7vOKz96VH78nfBkA1AJ1h6B3Qqqw3RYVW43+QWSSxxn ++R/OKjZIRA16fGNINLeMSj2wcaKTkHokwCvlLzkCgYEAtC4Ncon8Pt07ANNyWvu5 +tuBTJTj5TlyozF5uepXUoVr97E5rDwe9omCRMEwJLSgDZ3efVkcW/18Votb2AIiM +tfm+FznFqdY1DZGztvP+ls8CSOzMjWgyzXFi+6Hy3KsAng+jbk6zJyIkMLZXj0LZ +Y3XEwJYSfvWwEpeUCz0BznMCgYEAvystlc73hLUb654ULgbjpsx4NsONlCvKhddT +mUYc9zNf4Oy0o2SNxG4r0k56BK44GjS/ucoyBoqBJ7XXziHMdMaoF+TSeJcT1nFP +MDmrH/r+dToDALJ9l/Mw6IXy2XP6D0U/7606g003meMUQmjT6jfFGM6QuSJjnumy +84QtIlkCgYAGEH/c/daFeOrVXcfZuf1evD1ihnmYypL+rixbqjMudzgzIRaV9Uan +S5ha6BC3a/vv9yss3OsVH7Khu+MlG89CgfkdvmQxMj82yJdoRc2vLmGbkIl3/Ebe +VIxxFIiBZfNqadDn96ZU5Zdjjo4xilTANOL2gVoir04//PBe+eBPNA== +-----END RSA PRIVATE KEY----- diff --git a/other/keying_files/ВставкаСкриптов!@#$%^&(-+=‘;。,?.cer b/other/keyring_files/ВставкаСкриптов!@#$%^&(-+=‘;。,?.cer index 4397d29..4397d29 100644 --- a/other/keying_files/ВставкаСкриптов!@#$%^&(-+=‘;。,?.cer +++ b/other/keyring_files/ВставкаСкриптов!@#$%^&(-+=‘;。,?.cer |