diff options
author | Niranjan Mallapadi <mrniranjan@redhat.com> | 2015-02-16 20:44:52 +0530 |
---|---|---|
committer | Niranjan Mallapadi <mrniranjan@redhat.com> | 2015-02-16 20:45:50 +0530 |
commit | 6d278c63f41ae998feedc2885e95fcfaa38ee46a (patch) | |
tree | df992a25128304a4f9b09b321d5ed4fcba6177be | |
parent | 944372f857cd631c2cfc51ed7d090912fc2516ff (diff) | |
download | pki-6d278c63f41ae998feedc2885e95fcfaa38ee46a.tar.gz pki-6d278c63f41ae998feedc2885e95fcfaa38ee46a.tar.xz pki-6d278c63f41ae998feedc2885e95fcfaa38ee46a.zip |
Port OCSP legacy tests beaker framewokr
Some minor fixes to CA EE tests
9 files changed, 1653 insertions, 59 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index c337ef837..556b9b971 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -277,6 +277,10 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh chmod a+x ./acceptance/legacy/subca-tests/logs/subca-ad-logs.sh + chmod a+x ./acceptance/legacy/ocsp-tests/usergroups/ocsp-ad-usergroups.sh + chmod a+x ./acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh + chmod a+x ./acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh + chmod a+x ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh # bug verifications chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh diff --git a/tests/dogtag/acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh b/tests/dogtag/acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh index 3185193a6..3f6c72361 100755 --- a/tests/dogtag/acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh +++ b/tests/dogtag/acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh @@ -1542,7 +1542,7 @@ run_ee-ca-enrollment_tests() rlFail "Unable to setup ldap instance" return 1 fi - rlRun "UidPwdDirAuth $cs_Role caadmin Secret123 add $tmp_ca_host \"$LDAP_BASEDN\" $LDAP_PORT" + rlRun "UidPwdDirAuth $cs_Role $CA_INST caadmin Secret123 add $tmp_ca_host \"$LDAP_BASEDN\" $LDAP_PORT" rlLog "Add 100 users to ou=People,$LDAP_BASEDN" rlRun "create_dir_user $LDAP_BASEDN 100 > $TmpDir/ldapusers.ldif" rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_ca_host -p $LDAP_PORT -f $TmpDir/ldapusers.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" @@ -1565,8 +1565,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1574,7 +1574,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1606,8 +1607,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1615,7 +1616,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1647,8 +1649,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1656,7 +1658,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1688,8 +1691,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1697,7 +1700,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1729,8 +1733,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1738,7 +1742,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1770,8 +1775,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1779,7 +1784,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1811,8 +1817,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1820,7 +1826,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1852,8 +1859,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1861,7 +1868,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -1893,8 +1901,8 @@ run_ee-ca-enrollment_tests() request_type:$request_type \ request_algo:$request_key_type \ request_size:$request_key_size \ - subject_cn:\"$subject\" \ - subject_uid: \ + subject_cn:$userid \ + subject_uid:$userid \ subject_email: \ subject_ou:IDM \ subject_organization:Redhat \ @@ -1902,7 +1910,8 @@ run_ee-ca-enrollment_tests() subject_archive:false \ cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" - local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN" rlLog "cert_requestdn=$cert_requestdn" rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" rlLog "curl --basic --dump-header $admin_out \ @@ -4553,12 +4562,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -4623,12 +4632,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -4693,12 +4702,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -4763,12 +4772,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -4833,12 +4842,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -4903,12 +4912,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -4973,12 +4982,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') @@ -5043,12 +5052,12 @@ run_ee-ca-enrollment_tests() rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ --dump-header $admin_out \ -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ - -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') diff --git a/tests/dogtag/acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh b/tests/dogtag/acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh new file mode 100755 index 000000000..6deede7d5 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh @@ -0,0 +1,91 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/ocsp-tests/ocsp-ad-acls.sh +# Description: OCSP Admin ACL tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following legacy test is being tested: +# OCSP Admin ACL tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi <mniranja@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-auth-plugin-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-ocsp-acl_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for legacy test + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_admin=$OCSP_INST\_adminV + local valid_admin_pwd=$OCSP_INST\_adminV_password + local admin_out="$TmpDir/admin_out" + + rlPhaseStartTest "pki_ocsp_ad-acl-001: DRM Console: List Acls" + local acls=("actions" "certServer.acl.configuration" "certServer.auth.configuration" "certServer.clone.configuration" "certServer.ee.crl" "certServer.ee.request.ocsp" "certServer.general.configuration" "certServer.log.configuration" "certServer.log.configuration.fileName" "certServer.log.content.signedAudit" "certServer.log.content.system" "certServer.log.content.system" "certServer.log.content.transactions" "certServer.ocsp.account" "certServer.ocsp.ca" "certServer.ocsp.cas" "certServer.ocsp.certificate" "certServer.ocsp.certificate" "certServer.ocsp.configuration" "certServer.ocsp.crl" "certServer.ocsp.group" "certServer.ocsp.groups" "certServer.ocsp.info" "certServer.ocsp.users" "certServer.registry.configuration" "certServer.securitydomain.domainxml") + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='acls' + local test_out=acls.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/acl\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/acl\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + for i in "${acls[@]}"; do + rlAssertGrep "$i" "$TmpDir/$test_out" + done + rlPhaseEnd + + rlPhaseStartCleanup "Delete temporary dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh b/tests/dogtag/acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh new file mode 100755 index 000000000..b98222dd6 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh @@ -0,0 +1,356 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/ocsp-tests/ocsp-ag-tests +# Description: OCSP Agent Tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following legacy test is being tested: +# OCSP Agent Tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi <mniranja@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-auth-plugin-lib.sh +. /opt/rhqa_pki/env.sh + +run_ocsp-ag_tests() +{ + + + # Creating Temporary Directory for legacy test + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "export SSL_DIR=$CERTDB_DIR" + local cs_Type=$1 + local cs_Role=$2 + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + disable_ca_nonce $tomcat_name + rlPhaseEnd + + # Local Variables + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_ca_agent_cert=$CA_INST\_agentV + local valid_agent_cert=$OCSP_INST\_agentV + local valid_audit_cert=$OCSP_INST\_auditV + local valid_operator_cert=$OCSP_INST\_operatorV + local valid_admin_cert=$OCSP_INST\_adminV + local revoked_agent_cert=$OCSP_INST\_agentR + local revoked_admin_cert=$OCSP_INST\_adminR + local expired_admin_cert=$OCSP_INST\_adminE + local expired_agent_cert=$OCSP_INST\_agentE + local admin_out="$TmpDir/admin_out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local cert_info="$TmpDir/cert_info" + local ca_profile_out="$TmpDir/ca-profile-out" + local cert_out="$TmpDir/cert-show.out" + local cert_show_out="$TmpDir/cert_show.out" + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + local SSL_DIR=$CERTDB_DIR + + rlPhaseStartSetup "Remove existing CA cert" + local caID="CN=PKI $CA_INST Signing Cert,O=redhat" + local test_out=remove_ca.out + rlLog "list existing CA's" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + local caID=$(cat $TmpDir/list_ca.out | grep record.Id= | cut -d\" -f2) + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"caID=$caID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/removeCA\" > $TmpDir/$test_out" 0 "Remove Existing CA" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"caID=$caID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/removeCA\" > $TmpDir/$test_out" 0 "Remove Existing CA" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertNotGrep "record.Id" "$TmpDir/list_ca.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ag-tests-001: OCSP Agent: Add CA Cert" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Get CA Cert" + local op='displayIND' + local mimetype='application/x-x509-ca-cert' + local test_out=cacert.out + rlLog "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out" + rlRun "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local certificate_in_base64=$(cat -v $TmpDir/$test_out | grep record.base64= | awk -F\" '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/$/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g') + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"cert=$certificate_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCA\" > $TmpDir/addCA.out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "list existing CA's" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ag-tests-002: OCSP Agent: List CAs" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ag-tests-003: OCSP Agent: Add CRL's" + rlLog "Add CRL's" + local crlIssuingPoint="MasterCRL" + local certSerialNumber='' + local op="displayCRL" + local crlDisplayType="base64Encoded" + local pageStart='1' + local pageSize='50' + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/get_crls.out" + rlRun "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/get_crls.out" + local crl_in_base64=$(cat -v $TmpDir/get_crls.out | grep record.crlBase64Encoded= | awk -F\" '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE REVOCATION LIST-----/' | sed 's/$/-----END CERTIFICATE REVOCATION LIST-----/' | sed 's/\\r\\n//g') + rlAssertGret "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/get_crls.out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"crl=$crl_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCRL\" > $TmpDir/add_crl.out" 0 "Add CRL to OCSP" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"crl=$crl_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCRL\" > $TmpDir/add_crl.out" 0 "Add CRL to OCSP" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertNotGrep "fixed.unexpectedError = \"CRL sent is older than the current CRL.\"" "$TmpDir/add_crl.out" + rlPhaseEnd + + rlPhaseStartSetup "Generate 5 Certs of revoke all of them" + local request_type=pkcs10 + local request_key_type=rsa + local request_key_size=2048 + local profile=caUserCert + local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" + local userid="fooUser-$RANDOM" + local usercn="$userid" + local phone="1234" + local usermail="$userid@example.org" + local test_out=ca-$profile-test.txt + local i=1 + local upperlimit=6 + local serial_number_array=() + local request_dn_array=() + while [ $i -ne $upperlimit ];do + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Create a new certificate request of type $request_type with key size $request_key_size" + rlRun "create_new_cert_request \ + tmp_nss_db:$TEMP_NSS_DB \ + tmp_nss_db_password:$TEMP_NSS_DB_PWD \ + request_type:$request_type \ + request_algo:$request_key_type \ + request_size:$request_key_size \ + subject_cn:\"$usercn-$i\" \ + subject_uid:$userid-$i \ + subject_email:$usermail \ + subject_ou:IDM \ + subject_organization:RedHat \ + subject_country:US \ + subject_archive:false \ + cert_request_file:$TEMP_NSS_DB/$rand-$i-request.pem \ + cert_subject_file:$TEMP_NSS_DB/$rand-$i-subject.out" 0 "Create $request_type request for $profile" + local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-$i-subject.out | grep Request_DN | cut -d ":" -f2) + request_dn_array+=($cert_requestdn) + rlLog "cert_requestdn=cert_requestdn" + rlRun "cat $TEMP_NSS_DB/$rand-$i-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-$i-encoded-request.pem" + rlLog "curl --basic \ + --dump-header $admin_out \ + -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid-$i&sn_cn=$usercn-$i&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-$i-encoded-request.pem)\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\"" + rlRun "curl --basic \ + --dump-header $admin_out \ + -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid-$i&sn_cn=$usercn-$i&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-$i-encoded-request.pem)\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out" + local request_id=$(cat -v $TmpDir/$test_out | grep 'requestList.requestId' | awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}') + rlLog "request_id=$request_id" + rlLog "Approve $request_id using $valid_agent_cert" + local Second=`date +'%S' -d now` + local Minute=`date +'%M' -d now` + local Hour=`date +'%H' -d now` + local Day=`date +'%d' -d now` + local Month=`date +'%m' -d now` + local Year=`date +'%Y' -d now` + local start_year=$Year + let end_year=$Year+1 + local end_day="1" + local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second" + local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid-$i\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid-$i\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') + rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert" + local STRIP_HEX=$(echo $serial_number | cut -dx -f2) + local serial=$STRIP_HEX + local CONV_UPP_VAL=${STRIP_HEX^^} + local CONV_LOW_VAL=${STRIP_HEX,,} + serial_number_array+=(0x$CONV_LOW_VAL) + local decimal_serial_number=$(echo "ibase=16;$CONV_UPP_VAL"|bc) + local Day=`date +'%d' -d now` + local Month=`date +'%m' -d now` + local revocationReason="0" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number" + rlAssertGrep "header.revoked = \"yes\"" "$TmpDir/$test_out" + rlAssertGrep "header.error = null" "$TmpDir/$test_out" + let i=$i+1 + done + rlPhaseEnd + + + rlPhaseStartSetup "Update CRL" + local caID="CN=PKI $CA_INST Signing Cert,O=redhat" + local test_out=remove_ca.out + rlLog "list existing CA's" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + local caID=$(cat $TmpDir/list_ca.out | grep record.Id= | cut -d\" -f2) + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"caID=$caID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/removeCA\" > $TmpDir/$test_out" 0 "Remove Existing CA" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"caID=$caID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/removeCA\" > $TmpDir/$test_out" 0 "Remove Existing CA" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertNotGrep "record.Id" "$TmpDir/list_ca.out" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Get CA Cert" + local op='displayIND' + local mimetype='application/x-x509-ca-cert' + local test_out=cacert.out + rlLog "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out" + rlRun "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local certificate_in_base64=$(cat -v $TmpDir/$test_out | grep record.base64= | awk -F\" '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/$/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g') + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"cert=$certificate_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCA\" > $TmpDir/addCA.out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "list existing CA's" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + local crlIssuingPoint="MasterCRL" + local signatureAlgorithm="SHA512withRSA" + local test_out=updatecrl.out + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD -d \"crlIssuingPoint=$crlIssuingPoint&signatureAlgorithm=$signatureAlgorithm\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateCRL\" > $TmpDir/$test_out" 0 "Update CRL" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD -d \"crlIssuingPoint=$crlIssuingPoint&signatureAlgorithm=$signatureAlgorithm\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateCRL\" > $TmpDir/$test_out" 0 "Update CRL" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/$test_out" + rlAssertGrep "header.crlUpdate = \"Scheduled\"" "$TmpDir/$test_out" + rlLog "Add CRL's" + local crlIssuingPoint="MasterCRL" + local certSerialNumber='' + local op="displayCRL" + local crlDisplayType="base64Encoded" + local pageStart='1' + local pageSize='50' + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/get_crls.out" + rlRun "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/get_crls.out" + local crl_in_base64=$(cat -v $TmpDir/get_crls.out | grep record.crlBase64Encoded= | awk -F\" '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE REVOCATION LIST-----/' | sed 's/$/-----END CERTIFICATE REVOCATION LIST-----/' | sed 's/\\r\\n//g') + rlAssertGret "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/get_crls.out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"crl=$crl_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCRL\" > $TmpDir/add_crl.out" 0 "Add CRL to OCSP" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"crl=$crl_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCRL\" > $TmpDir/add_crl.out" 0 "Add CRL to OCSP" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "fixed.unexpectedError = \"CRL sent is older than the current CRL.\"" "$TmpDir/add_crl.out" + rlPhaseEnd + + + rlPhaseStartSetup "Add the latest crl to OCSP" + rlLog "Dump the crl to a file" + local crlIssuingPoint="MasterCRL" + local certSerialNumber='' + local op="displayCRL" + local crlDisplayType="base64Encoded" + local pageStart='1' + local pageSize='50' + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/get_crls.out" + rlRun "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/get_crls.out" + local crl_in_base64=$(cat -v $TmpDir/get_crls.out | grep record.crlBase64Encoded= | awk -F\" '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE REVOCATION LIST-----/' | sed 's/$/-----END CERTIFICATE REVOCATION LIST-----/' | sed 's/\\r\\n//g') + rlAssertGret "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/get_crls.out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"crl=$crl_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCRL\" > $TmpDir/add_crl.out" 0 "Add CRL to OCSP" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"crl=$crl_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/addCRL\" > $TmpDir/add_crl.out" 0 "Add CRL to OCSP" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "fixed.unexpectedError = \"CRL sent is older than the current CRL.\"" "$TmpDir/add_crl.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ag-tests-004: OCSP Agent: Verify the revoked cert status" + for i in $(seq 0 $((${#serial_number_array[@]} - 1))) + do + + rlLog "curl --basic --dump-header $admin_out -d \"op=displayBySerial&serialNumber=${serial_number_array[$i]}\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/displayBySerial 1> $TmpDir/cert.out" + rlRun "curl --basic --dump-header $admin_out -d \"op=displayBySerial&serialNumber=${serial_number_array[$i]}\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/displayBySerial 1> $TmpDir/cert.out" + local certificate_base64=$(cat -v $TmpDir/cert.out | grep "header.certChainBase64 = "|awk -F \" '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/$/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g') + rlLog "certificate_base64=$certificate_base64" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"cert=$certificate_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/checkCert\" > $TmpDir/check_cert.out" 0 "Check certificate status" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD --data-urlencode \"cert=$certificate_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/agent/ocsp/checkCert\" > $TmpDir/check_cert.out" 0 "Check certificate status" + rlAssertGrep "header.status = \"revoked\"" "$TmpDir/check_cert.out" + rlAssertGrep "header.serialno = \"${serial_number_array[$i]}\"" "$TmpDir/check_cert.out" + rlAssertGrep "header.subjectDN = \"${request_dn_array[$i]}\"" "$TmpDir/check_cert.out" + rlAssertGrep "header.issuerDN = \"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/check_cert.out" + done + rlPhaseEnd + + rlPhaseStartCleanup "Delete temporary dir and enable nonce" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + enable_ca_nonce $tomcat_name + rlPhaseEnd +} +verify_cert() +{ + local serial_number=$1 + local request_dn=$2 + STRIP_HEX=$(echo $serial_number | cut -dx -f2) + CONV_LOW_VAL=${STRIP_HEX,,} + rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number" + rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out" + rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$cert_show_out" + rlAssertGrep "Subject: $request_dn" "$cert_show_out" + rlAssertGrep "Status: VALID" "$cert_show_out" +} + diff --git a/tests/dogtag/acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh b/tests/dogtag/acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh new file mode 100755 index 000000000..943153ac0 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh @@ -0,0 +1,140 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/ocsp-tests/ocsp-ad-internaldb.sh +# Description: OCSP Admin internaldb tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following legacy test is being tested: +# OCSP Admin Internaldb tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi <mniranja@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-auth-plugin-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-ocsp-internaldb_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for legacy test + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_ca_agent_cert=$CA_INST\_agentV + local valid_agent=$OCSP_INST\_agentV + local valid_agent_pwd=$OCSP_INST\_agentV_password + local valid_audit=$OCSP_INST\_auditV + local valid_audit_pwd=$OCSP_INST\_auditV_password + local valid_operator=$OCSP_INST\_operatorV + local valid_operator_pwd=$OCSP_INST\_operatorV_password + local valid_admin=$OCSP_INST\_adminV + local valid_admin_pwd=$OCSP_INST\_adminV_password + local revoked_agent=$OCSP_INST\_agentR + local revoked_admin=$OCSP_INST\_adminR + local expired_admin=$OCSP_INST\_adminE + local expired_agent=$OCSP_INST\_agentE + local admin_out="$TmpDir/admin_out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + + rlPhaseStartTest "pki_ocsp_ad-internaldb-001: OCSP Console: List Internaldb" + local OP_TYPE='OP_READ' + local OP_SCOPE='ldap' + local RS_ID='RS_ID_CONFIG' + local test_out=internaldb.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&ldapconn.host=&ldapconn.port=&ldapauth.bindDN=&ldapconn.version=&\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/server\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&ldapconn.host=&ldapconn.port=&ldapauth.bindDN=&ldapconn.version=&\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/server\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "ldapconn.host=localhost" "$TmpDir/$test_out" + rlAssertGrep "ldapconn.port=$(eval echo \$${OCSP_INST}_LDAP_PORT)" "$TmpDir/$test_out" + rlAssertGrep "ldapauth.bindDN=cn=DirectoryManager" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad-internaldb-002: OCSP Console: Edit Internaldb" + rlLog "Edit Internal DB" + local OP_TYPE='OP_MODIFY' + local OP_SCOPE='ldap' + local RS_ID='RS_ID_CONFIG' + local ldaphost="$(hostname)" + local ldapport=$(eval echo \$${OCSP_INST}_LDAP_PORT) + local ldapbindDN='cn=Directory Manager' + local ldapversion='3' + local maxConns='15' + local minConns='3' + local test_out=internaldb.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&ldapconn.host=$ldaphost&ldapconn.port=$ldapport&ldapauth.bindDN=$ldapbindDN&ldapconn.version=$ldapversion&maxConns=$maxConns&minConns=$minConns\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/server\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&ldapconn.host=$ldaphost&ldapconn.port=$ldapport&ldapauth.bindDN=$ldapbindDN&ldapconn.version=$ldapversion&maxConns=$maxConns&minConns=$minConns\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/server\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&ldapconn.host=&ldapconn.port=&ldapauth.bindDN=&ldapconn.version=&\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/server\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "ldapconn.host=$ldaphost" "$TmpDir/$test_out" + rlAssertGrep "ldapconn.port=$ldapport" "$TmpDir/$test_out" + rlAssertGrep "ldapauth.bindDN=cn=DirectoryManager" "$TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&ldapconn.host=localhost&ldapconn.port=$ldapport&ldapauth.bindDN=$ldapbindDN&ldapconn.version=$ldapversion&maxConns=$maxConns&minConns=$minConns\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/server\" > $TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartCleanup "Delete temporary dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh b/tests/dogtag/acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh new file mode 100755 index 000000000..821c27a0b --- /dev/null +++ b/tests/dogtag/acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh @@ -0,0 +1,194 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/ocsp-tests/ocsp-ad-logs.sh +# Description: OCSP Admin logs tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki key cli commands needs to be tested: +# OCSP Admin logs test +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi <mniranja@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-ocsp-log_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for legacy test + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_ca_agent_cert=$CA_INST\_agentV + local valid_agent=$OCSP_INST\_agentV + local valid_agent_pwd=$OCSP_INST\_agentV_password + local valid_audit=$OCSP_INST\_auditV + local valid_audit_pwd=$OCSP_INST\_auditV_password + local valid_operator=$OCSP_INST\_operatorV + local valid_operator_pwd=$OCSP_INST\_operatorV_password + local valid_admin=$OCSP_INST\_adminV + local valid_admin_pwd=$OCSP_INST\_adminV_password + local revoked_agent=$OCSP_INST\_agentR + local revoked_admin=$OCSP_INST\_adminR + local expired_admin=$OCSP_INST\_adminE + local expired_agent=$OCSP_INST\_agentE + local admin_out="$TmpDir/admin_out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + + + rlPhaseStartTest "pki_console_log-001: OCSP Admin Interface - Add a new log file" + rlLog "Create a new log of type system" + local logfile=log$RANDOM + local level=0 + local rolloverinterval=1 + local logtype="system" + local flushinterval=5 + local filename=/tmp/$logfile + local logenable="True" + local signedAuditCertNickname="kraauditsigningcert" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log >> $admin_out" 0 "Create $logfile file of type $logtype" + rlLog "List all logs" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "List all logs configured" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "$logfile=file:visible" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_log-002: OCSP Admin Interface - List all logs" + rlLog "List all logs" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "List all logs configured" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "Transactions=file:visible" "$admin_out" + rlAssertGrep "SignedAudit=file:visible" "$admin_out" + rlAssertGrep "System=file:visible" "$admin_out" + rlAssertGrep "$logfile=file:visible" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_log-003: OCSP Admin Interface - Edit log file configuration" + local level=0 + local rolloverinterval=1 + local logtype="system" + local flushinterval=5 + local filename=/tmp/$logfile + local logenable="false" + local maxfilesize=3000 + local buffersize=512 + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=logRule&RS_ID=$logfile&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&bufferSize=$buffersize&maxFileSize=$maxfilesize&fileName=$filename&enable=$logenable&implName=file&type=$logtype&RULENAME=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log >> $admin_out" 0 "Modify $logfile file" + rlLog "Changes require restart of CA instance" + rlRun "rhcs_stop_instance $tomcat_name" + rlRun "rhcs_start_instance $tomcat_name" + rlLog "Read $logfile and verify values are updated" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=logRule&RS_ID=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "Read $logfile file" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "maxFileSize=$maxfilesize" "$admin_out" + rlAssertGrep "enable=$logenable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_log-004: OCSP Admin Interface - View log file" + rlLog "Read $logfile" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=logRule&RS_ID=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "Read $logfile file" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "implName=file" "$admin_out" + rlAssertGrep "type=$logtype" "$admin_out" + rlAssertGrep "enable=$logenable" "$admin_out" + rlAssertGrep "level=Debug" "$admin_out" + rlAssertGrep "bufferSize=$buffersize" "$admin_out" + rlAssertGrep "maxFileSize=$maxfilesize" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_log-005: OCSP Admin Interface - Delete log file" + rlLog "Delete log $logfile file" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=logRule&RS_ID=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "Delete $logfile file" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlLog "List all logs" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "List all logs configured" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "Transactions=file:visible" "$admin_out" + rlAssertGrep "SignedAudit=file:visible" "$admin_out" + rlAssertGrep "System=file:visible" "$admin_out" + rlAssertNotGrep "$logfile=file:visible" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_log-006: OCSP Admin Interface - Adding a log file with agent privileges should fail" + local logfile=log$RANDOM + local level=0 + local rolloverinterval=1 + local logtype="system" + local flushinterval=5 + local filename=/tmp/$logfile + local logenable="True" + local signedAuditCertNickname="caauditsigningcert" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_agent:$valid_agent_pwd" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "Create $logfile file of type $logtype" + rlAssertGrep "You are not authorized to perform this operation" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_log-007: OCSP Admin Interface - Adding a log file with audit privileges should fail" + local logfile=log$RANDOM + local level=0 + local rolloverinterval=1 + local logtype="system" + local flushinterval=5 + local filename=/tmp/$logfile + local logenable="True" + local signedAuditCertNickname="caauditsigningcert" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_audit:$valid_audit_pwd" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_ocsp_host:$target_secure_port/ocsp/log > $admin_out" 0 "Create $logfile file of type $logtype" + rlAssertGrep "You are not authorized to perform this operation" "$admin_out" + rlPhaseEnd + + rlPhaseStartCleanup "Delete temporary dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + + +} diff --git a/tests/dogtag/acceptance/legacy/ocsp-tests/usergroups/ocsp-ad-usergroups.sh b/tests/dogtag/acceptance/legacy/ocsp-tests/usergroups/ocsp-ad-usergroups.sh new file mode 100755 index 000000000..ca0801e45 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/ocsp-tests/usergroups/ocsp-ad-usergroups.sh @@ -0,0 +1,770 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/ocsp-tests/ocsp-ad-usergroups +# Description: OCSP Admin Console User groups tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following legacy test is being tested: +# OCSP Admin Console Usergroups tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi <mniranja@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-auth-plugin-lib.sh +. /opt/rhqa_pki/env.sh + +run_ocsp-ad_usergroups() +{ + local cs_Type=$1 + local cs_Role=$2 + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + + # Creating Temporary Directory for legacy test + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "export SSL_DIR=$CERTDB_DIR" + disable_ca_nonce $tomcat_name + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_ca_agent_cert=$CA_INST\_agentV + local valid_agent=$OCSP_INST\_agentV + local valid_agent_pwd=$OCSP_INST\_agentV_password + local valid_audit=$OCSP_INST\_auditV + local valid_audit_pwd=$OCSP_INST\_auditV_password + local valid_operator=$OCSP_INST\_operatorV + local valid_operator_pwd=$OCSP_INST\_operatorV_password + local valid_admin=$OCSP_INST\_adminV + local valid_admin_pwd=$OCSP_INST\_adminV_password + local revoked_agent=$OCSP_INST\_agentR + local revoked_admin=$OCSP_INST\_adminR + local expired_admin=$OCSP_INST\_adminE + local expired_agent=$OCSP_INST\_agentE + local admin_out="$TmpDir/admin_out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local cert_info="$TmpDir/cert_info" + local ca_profile_out="$TmpDir/ca-profile-out" + local cert_out="$TmpDir/cert-show.out" + local cert_show_out="$TmpDir/cert_show.out" + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + rlPhaseStartTest "pki_ocsp_ad_usergroups-001: OCSP Console: List Users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" >> $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" >> $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$valid_admin" "$TmpDir/$test_out" + rlAssertGrep "$valid_agent" "$TmpDir/$test_out" + rlAssertGrep "$valid_audit" "$TmpDir/$test_out" + rlAssertGrep "$valid_operator" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-002: OCSP Console: Add Users" + local user1=$OCSP_INST-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='users' + local RS_ID=$user1 + local fullname=$user1 + local password=$user1 + local email=$user1@example.org + local phone='' + local state='' + local groups='Online Certificate Status Manager Agents' + local userType='' + local test_out=add.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "List users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$user1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-003: OCSP Console: Edit Users" + local OP_TYPE='OP_MODIFY' + local OP_SCOPE='users' + local RS_ID=$user1 + local fullname=$user1-01 + local password=$user1 + local email=$user1@example.org + local phone='' + local state='' + local userType='' + local test_out=modify.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "List users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$user1:$fullname" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartSetup "Generate certificate" + local request_type=pkcs10 + local request_key_type=rsa + local request_key_size=1024 + local profile=caUserCert + local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" + local userid="$user1" + local usercn="$fullname" + local phone="1234-$RANDOM" + local usermail="$userid@example.org" + local test_out=ca-$profile-test.txt + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Create a new certificate request of type $request_type with key size $request_key_size" + rlRun "create_new_cert_request \ + tmp_nss_db:$TEMP_NSS_DB \ + tmp_nss_db_password:$TEMP_NSS_DB_PWD \ + request_type:$request_type \ + request_algo:$request_key_type \ + request_size:$request_key_size \ + subject_cn:\"$usercn\" \ + subject_uid:$userid \ + subject_email:$usermail \ + subject_ou:IDM \ + subject_organization:RedHat \ + subject_country:US \ + subject_archive:false \ + cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ + cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" + local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + rlLog "cert_requestdn=cert_requestdn" + rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" + rlLog "curl --basic \ + --dump-header $admin_out \ + -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\"" + rlRun "curl --basic \ + --dump-header $admin_out \ + -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out" + local request_id=$(cat -v $TmpDir/$test_out | grep 'requestList.requestId' | awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}') + rlLog "request_id=$request_id" + rlLog "Approve $request_id using $valid_agent_cert" + local Second=`date +'%S' -d now` + local Minute=`date +'%M' -d now` + local Hour=`date +'%H' -d now` + local Day=`date +'%d' -d now` + local Month=`date +'%m' -d now` + local Year=`date +'%Y' -d now` + local start_year=$Year + let end_year=$Year+1 + local end_day="1" + local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second" + local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\"" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit certificate request" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') + local certificate_in_base64=$(cat -v $TmpDir/$test_out | grep 'outputList.outputVal' | awk -F 'outputList.outputVal=\"' '{print $2}' | awk -F '-----BEGIN CERTIFICATE-----' '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/-----END CERTIFICATE-----\\n\";/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g') + rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-004: OCSP Console: Import Cert to the user" + local OP_TYPE='OP_ADD' + local OP_SCOPE='certs' + local RS_ID="$user1" + local cert=$certificate_in_base64 + local test_out=addcert.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" --data-urlencode \"cert=$certificate_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Import cert to $user1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" --data-urlencode \"cert=$certificate_in_base64\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Import cert to $user1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "Verify if cert is added" + local OP_TYPE='OP_READ' + local OP_SCOPE='certs' + local RS_ID="$userid" + local test_out=search.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search certificate" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "-----BEGIN+CERTIFICATE-----" "$TmpDir/$test_out" + rlAssertGrep "-----END+CERTIFICATE-----" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-005: OCSP Console: Add Group" + local group1=$OCSP_INST-group-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='groups' + local RS_ID=$group1 + local desc=$group1 + local user=$user1 + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "Verify group is added" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-006: OCSP Console: Edit Group" + local OP_TYPE='OP_MODIFY' + local OP_SCOPE='groups' + local RS_ID=$group1 + local desc=$group1 + local user=$valid_admin,$valid_agent,$valid_audit + local test_out=edit.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&desc=$desc&user=$user\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Edit $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&desc=$desc&user=$user\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Edit $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-007: OCSP Console: Delete Group" + local OP_TYPE='OP_DELETE' + local OP_SCOPE='groups' + local RS_ID=$group1 + local test_out=groupdelete.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "Verify group is deleted" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-008: OCSP Console: Delete User" + local OP_TYPE='OP_DELETE' + local OP_SCOPE='users' + local RS_ID="$user1:true" + rlLog "Delete $user1" + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $user1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $user1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "List users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$user1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-009: OCSP Console: Verify Agent user cannot add new user" + local user2=$OCSP_INST-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='users' + local RS_ID=$user2 + local fullname=$user2 + local password=$user2 + local email=$user2@example.org + local phone='' + local state='' + local groups='Data Recovery Manager Agents' + local userType='' + local test_out=add.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "List users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$user2" "$TmpDir/$test_out" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0010: OCSP Console: Verify Audit user cannot add new user" + local user2=$OCSP_INST-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='users' + local RS_ID=$user2 + local fullname=$user2 + local password=$user2 + local email=$user2@example.org + local phone='' + local state='' + local groups='Data Recovery Manager Agents' + local userType='' + local test_out=add.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_audit:$valid_audit_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_audit:$valid_audit_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "List users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$user2" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0011: OCSP Console: Verify Operator user cannot add new user" + local user2=$OCSP_INST-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='users' + local RS_ID=$user2 + local fullname=$user2 + local password=$user2 + local email=$user2@example.org + local phone='' + local state='' + local groups='Data Recovery Manager Agents' + local userType='' + local test_out=add.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_operator:$valid_operator_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_operator:$valid_operator_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=$groups&userType=$userType\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "List users" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='users' + local test_out=$OP_TYPE\.out + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" \ + -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "List Users" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$user2" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0012: OCSP Console: Verify Agent user cannot add new group" + local group2=$OCSP_INST-group-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='groups' + local RS_ID=$group2 + local desc=$group2 + local user=$user2 + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "Verify group is added" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$group2" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0013: OCSP Console: Verify Audit user cannot add new group" + local group2=$OCSP_INST-group-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='groups' + local RS_ID=$group2 + local desc=$group2 + local user=$user2 + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_audit:$valid_audit_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_audit:$valid_audit_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "Verify group is added" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$group2" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0014: OCSP Console: Verify Operator user cannot add new group" + local group2=$OCSP_INST-group-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='groups' + local RS_ID=$group2 + local desc=$group2 + local user=$user2 + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_operator:$valid_operator_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_operator:$valid_operator_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "Verify group is added" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$group2" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0015: OCSP Console: Verify Agent User cannot delete existing group" + local OP_TYPE='OP_DELETE' + local OP_SCOPE='groups' + local RS_ID=$group1 + local test_out=groupdelete.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "Verify group is deleted" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertNotGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartSetup "OCSP Console: Add Group" + local group1=$OCSP_INST-group-$RANDOM + local OP_TYPE='OP_ADD' + local OP_SCOPE='groups' + local RS_ID=$group1 + local desc=$group1 + local user=$user1 + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Add Group $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlLog "Verify group is added" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0016: OCSP Console: Verify Agent User cannot delete existing group" + local OP_TYPE='OP_DELETE' + local OP_SCOPE='groups' + local RS_ID=$group1 + local test_out=groupdelete.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_agent:$valid_agent_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "Verify group is not deleted" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0017: OCSP Console: Verify Audit User cannot delete existing group" + local OP_TYPE='OP_DELETE' + local OP_SCOPE='groups' + local RS_ID=$group1 + local test_out=groupdelete.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_audit:$valid_audit_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_audit:$valid_audit_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "Verify group is not deleted" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_ad_usergroups-0018: OCSP Console: Verify Operator User cannot delete existing group" + local OP_TYPE='OP_DELETE' + local OP_SCOPE='groups' + local RS_ID=$group1 + local test_out=groupdelete.out + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_operator:$valid_operator_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_operator:$valid_operator_pwd" -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE&RS_ID=$RS_ID\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Delete $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/$test_out" + rlLog "Verify group is not deleted" + local OP_TYPE='OP_SEARCH' + local OP_SCOPE='groups' + rlLog "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlRun "curl --capath $CERTDB_DIR \ + --dump-header $admin_out \ + --basic --user "$valid_admin:$valid_admin_pwd" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=$OP_SCOPE\" -k \"https://$tmp_ocsp_host:$target_secure_port/ocsp/ug\" > $TmpDir/$test_out" 0 "Search for $group1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlRun "process_curl_output $TmpDir/$test_out" 0 "Process curl output file" + rlAssertGrep "$group1" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartCleanup "Delete temporary dir and enable nonce" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + enable_ca_nonce $tomcat_name + rlPhaseEnd + +} +verify_cert() +{ + local serial_number=$1 + local request_dn=$2 + STRIP_HEX=$(echo $serial_number | cut -dx -f2) + CONV_LOW_VAL=${STRIP_HEX,,} + rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number" + rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out" + rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$cert_show_out" + rlAssertGrep "Subject: $request_dn" "$cert_show_out" + rlAssertGrep "Status: VALID" "$cert_show_out" +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh index 2c419664f..bdd0e6102 100755 --- a/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh +++ b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh @@ -154,7 +154,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "Invalid number format: abcd" "$TmpDir/$test_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-004: CA Cert Retrieval - List Certificates(Default values list first 20 records)" + rlPhaseStartTest "pki_subca_ee-retrieval-005: CA Cert Retrieval - List Certificates(Default values list first 20 records)" local op=listCerts local queryCertFilter="(|(certStatus=VALID)(certStatus=REVOKED))" local serialFrom="" @@ -170,7 +170,7 @@ run_ee-subca-retrieval_tests() rlAssertEquals "Verify No of records displayed is equal to $maxCount" $no_of_records $maxCount rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-005: CA Cert Retrieval - List Certificates from range 0x5 to 0x20" + rlPhaseStartTest "pki_subca_ee-retrieval-006: CA Cert Retrieval - List Certificates from range 0x5 to 0x20" local op=listCerts local queryCertFilter="(|(certStatus=VALID)(certStatus=REVOKED))" local serialFrom="0x5" @@ -283,7 +283,7 @@ run_ee-subca-retrieval_tests() let i=$i+1 done - rlPhaseStartTest "pki_subca_ee-retrieval-006: CA Cert Retrieval - List only valid certificates" + rlPhaseStartTest "pki_subca_ee-retrieval-007: CA Cert Retrieval - List only valid certificates" local op=listCerts local queryCertFilter="(certStatus=VALID)" local serialFrom="0" @@ -301,7 +301,7 @@ run_ee-subca-retrieval_tests() rlAssertNotGrep "record.revokedBy=\"$valid_agent_cert\"" "$TmpDir/$test_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-007: CA Cert Retrieval - List certs with max count of 10" + rlPhaseStartTest "pki_subca_ee-retrieval-008: CA Cert Retrieval - List certs with max count of 10" local op=listCerts local queryCertFilter="(certStatus=VALID)" local serialFrom="0" @@ -321,7 +321,7 @@ run_ee-subca-retrieval_tests() rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-008: CA Cert Retrieval - Search certs with max count of 10" + rlPhaseStartTest "pki_subca_ee-retrieval-009: CA Cert Retrieval - Search certs with max count of 10" local test_out=srcCerts.txt local op=srchCerts local serialNumberRangeInUse="on" @@ -446,7 +446,7 @@ run_ee-subca-retrieval_tests() rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-009: CA Cert Retrieval - Search certs with subject Name matching Email Address(method=exact)" + rlPhaseStartTest "pki_subca_ee-retrieval-0010: CA Cert Retrieval - Search certs with subject Name matching Email Address(method=exact)" local test_out=srcCerts.txt local op=srchCerts local serialNumberRangeInUse='' @@ -500,7 +500,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "record.serialNumber=\"$serial_number_without_hex_lower\"" "$TmpDir/$test_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0010: CA Cert Retrieval - Search certs with subject Name matching userID(method=exact)" + rlPhaseStartTest "pki_subca_ee-retrieval-0011: CA Cert Retrieval - Search certs with subject Name matching userID(method=exact)" local test_out=srcCerts.txt local op=srchCerts local serialNumberRangeInUse='' @@ -555,7 +555,7 @@ run_ee-subca-retrieval_tests() rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0011: CA Cert Retrieval - Search revoked certs with revoked by valid agent" + rlPhaseStartTest "pki_subca_ee-retrieval-0012: CA Cert Retrieval - Search revoked certs with revoked by valid agent" local test_out=srcCerts.txt local op=srchCerts local serialNumberRangeInUse='' @@ -610,7 +610,7 @@ run_ee-subca-retrieval_tests() rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0012: CA Cert Retrieval - Search revoked certs with revoked by reason Unspecified" + rlPhaseStartTest "pki_subca_ee-retrieval-0013: CA Cert Retrieval - Search revoked certs with revoked by reason Unspecified" local op=srchCerts local serialNumberRangeInUse='' local serialFrom='' @@ -755,7 +755,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "header.error = null" "$TmpDir/$test_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0013: CA Cert Retrieval - Search revoked certs with revoked by reason Unspecified & key compromise" + rlPhaseStartTest "pki_subca_ee-retrieval-0014: CA Cert Retrieval - Search revoked certs with revoked by reason Unspecified & key compromise" local op=srchCerts local serialNumberRangeInUse='' local serialFrom='' @@ -813,7 +813,7 @@ run_ee-subca-retrieval_tests() local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l) rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0014: CA Cert Retrieval - Search certs issued by Valid agent cert" + rlPhaseStartTest "pki_subca_ee-retrieval-0015: CA Cert Retrieval - Search certs issued by Valid agent cert" local op=srchCerts local serialNumberRangeInUse='' local serialFrom='' @@ -926,7 +926,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "Status: VALID" "$cert_out" rlAssertGrep "Not After: $NotAfterDate" "$cert_out" - rlPhaseStartTest "pki_subca_ee-retrieval-0015: CA Cert Retrieval - Search certs with a validity period of 15 days" + rlPhaseStartTest "pki_subca_ee-retrieval-0016: CA Cert Retrieval - Search certs with a validity period of 15 days" local op=srchCerts local serialNumberRangeInUse='' local serialFrom='' @@ -979,7 +979,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "record.subject=\"$cert_subject\"" "$TmpDir/$test_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0015: CA Cert Retrieval - Import CA Certificate chain" + rlPhaseStartTest "pki_subca_ee-retrieval-0017: CA Cert Retrieval - Import CA Certificate chain" local op='download' local mimetype='application/x-x509-ca-cert' local test_out=cacert.out @@ -988,7 +988,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0016: CA Cert Retrieval - Download CA certificate in binary format" + rlPhaseStartTest "pki_subca_ee-retrieval-0018: CA Cert Retrieval - Download CA certificate in binary format" local op='downloadBin' local mimetype='application/x-x509-ca-cert' local test_out=cacert.out @@ -997,7 +997,7 @@ run_ee-subca-retrieval_tests() rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" rlPhaseEnd - rlPhaseStartTest "pki_subca_ee-retrieval-0017: CA Cert Retrieval - Import latest CRL" + rlPhaseStartTest "pki_subca_ee-retrieval-0019: CA Cert Retrieval - Import latest CRL" local crlIssuingPoint='MasterCRL' local certSerialNumber='' local op='importCRL' diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index e6b2cfadf..0fcccdb7f 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -209,6 +209,11 @@ . ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh . ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh . ./acceptance/legacy/drm-tests/logs/drm-ad-logs.sh +. ./acceptance/legacy/ocsp-tests/usergroups/ocsp-ad-usergroups.sh +. ./acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh +. ./acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh +. ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh +. ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh . ./acceptance/bugzilla/bug_setup.sh . ./acceptance/bugzilla/bug_uninstall.sh . ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh @@ -1622,6 +1627,31 @@ rlJournalStart subsystemType=ca run_admin-subca-log_tests $subsystemType $MYROLE fi + PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_ocsp-ad_usergroups $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_admin-ocsp-acl_tests $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_admin-ocsp-log_tests $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_admin-ocsp-internaldb_tests $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_ocsp-ag_tests $subsystemType $MYROLE + fi rlPhaseEnd ######## DEV UNIT TESTS ############ DEV_JAVA_TESTS_UPPERCASE=$(echo $DEV_JAVA_TESTS | tr [a-z] [A-Z]) |