summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAsha Akkiangady <aakkiang@redhat.com>2014-05-14 12:46:20 -0400
committerAsha Akkiangady <aakkiang@redhat.com>2014-05-14 12:56:02 -0400
commit05d9cf388e1f37f2b5d3a4ea472eda73e59b3ed4 (patch)
treeb3375ba0923379dfd24da66d6bf83b3d7351dd6f
parent7c1fc987bdd28b70eee1a5a0bf18c252bb31fa3f (diff)
New tests added for pki user-del.
Tests updated with latest return codes for the following CLIs: user-add, user-find and user-show Modified verifyErrorMsg subroutine to check for error codes.
Diffstat
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh174
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh542
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh126
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh200
-rwxr-xr-xtests/dogtag/shared/rhcs-shared.sh20
5 files changed, 796 insertions, 266 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh
index ae3b9c9ed..7d207ad4c 100755
--- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh
+++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh
@@ -45,6 +45,11 @@
# Test Suite Globals
########################################################################
run_pki-user-cli-user-add-ca_tests(){
+ rlPhaseStartSetup "pki_user_cli_user_add-ca-startup: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+
rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test"
rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \
0 \
@@ -57,22 +62,21 @@ run_pki-user-cli-user-add-ca_tests(){
rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out"
rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out"
rlAssertNotGrep "Error: Invalid module \"user---help\"." "$TmpDir/pki_user_cfg.out"
- rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/843"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test"
rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \
0 \
"pki user-add --help"
- rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out"
+ rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out"
rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out"
rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out"
rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out"
rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out"
rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out"
rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out"
rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/pki_user_add_cfg.out"
- rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/843"
rlPhaseEnd
##### Tests to add CA users using a user of admin group with a valid cert####
@@ -381,7 +385,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-ca-001_20.out 2>&1"\
- 1 \
+ 255 \
"Should not be able to add user using CA_adminV with maximum --phone with character symbols in it"
rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ca-001_20.out"
rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ca-001_20.out"
@@ -393,7 +397,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-ca-001_21.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user using CA_adminV --phone with character #"
rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ca-001_21.out"
rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ca-001_21.out"
@@ -405,7 +409,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-ca-001_22.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user using CA_adminV --phone with character *"
rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ca-001_22.out"
rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ca-001_22.out"
@@ -417,7 +421,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-ca-001_23.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user using CA_adminV --phone with character $"
rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ca-001_23.out"
rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ca-001_23.out"
@@ -544,15 +548,15 @@ run_pki-user-cli-user-add-ca_tests(){
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-034: Add a duplicate user to CA"
- command="pki -d $CERTDB_DIR \
+ command="pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-ca-002.out 2>&1 "
- rlLog "Command=$command"
- expmsg="ConflictingOperationException: Entry already exists."
- rlRun "$command" 1 "Add duplicate user"
- rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ca-002.out"
+ rlLog "Command=$command"
+ expmsg="ConflictingOperationException: Entry already exists."
+ rlRun "$command" 255 "Add duplicate user"
+ rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ca-002.out"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-035: Add a user to CA with -t option"
@@ -575,7 +579,7 @@ run_pki-user-cli-user-add-ca_tests(){
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-036: Add a user -- missing required option user id"
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
-t ca \
@@ -586,9 +590,9 @@ run_pki-user-cli-user-add-ca_tests(){
-c $CERTDB_DIR_PASSWORD \
-t ca \
user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-ca-004.out" \
- 1\
+ 255 \
"Add user -- missing required option user id"
- rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki-user-add-ca-004.out"
+ rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-ca-004.out"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-037: Add a user -- missing required option --fullName"
@@ -597,10 +601,10 @@ run_pki-user-cli-user-add-ca_tests(){
-c $CERTDB_DIR_PASSWORD \
-t ca \
user-add $user1 > $TmpDir/pki-user-add-ca-005.out 2>&1"
- expmsg="Error: Missing required option: fullName"
rlLog "Executing: $command"
- rlRun "$command" 1 "Add a user -- missing required option --fullName"
- rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ca-005.out"
+ errmsg="Error: Missing required option: fullName"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-038: Add a user -- all options provided"
@@ -641,7 +645,7 @@ run_pki-user-cli-user-add-ca_tests(){
rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ca-006_1.out"
rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-ca-006_1.out"
rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ca-006_1.out"
- rlPhaseEnd
+ rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-039: Add user to multiple groups"
user=u24
@@ -673,13 +677,17 @@ run_pki-user-cli-user-add-ca_tests(){
$user > $TmpDir/pki-user-add-ca-006.out " \
0 \
"Add user $user using CA_adminV"
- rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-ca-006.out"
- rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-ca-006.out"
- rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-ca-006.out"
- rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ca-006.out"
- rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ca-006.out"
- rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ca-006.out"
-
+ rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-ca-006.out"
+ rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-ca-006.out"
+ rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-ca-006.out"
+ rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ca-006.out"
+ rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ca-006.out"
+ rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ca-006.out"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-member-add Administrators $user"
rlRun "pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
@@ -722,7 +730,7 @@ run_pki-user-cli-user-add-ca_tests(){
rlPhaseStartTest "pki_user_cli_user_add-CA-040: Add user with --password less than 8 characters"
userpw="pass"
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-ca-008.out 2>&1"
@@ -732,16 +740,14 @@ run_pki-user-cli-user-add-ca_tests(){
-c $CERTDB_DIR_PASSWORD \
-t ca \
user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-ca-008.out 2>&1" \
- 1 \
+ 255 \
"Add a user --must be at least 8 characters --password"
rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ca-008.out"
-
rlPhaseEnd
##### Tests to add users using revoked cert#####
rlPhaseStartTest "pki_user_cli_user_add-CA-041: Should not be able to add user using a revoked cert CA_adminR"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_adminR \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -749,14 +755,13 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminR \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-revoke-adminR-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a user having revoked cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-revoke-adminR-002.out"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-042: Should not be able to add user using a agent with revoked cert CA_agentR"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_agentR \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -764,7 +769,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_agentR \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-revoke-agentR-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a user having revoked cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-revoke-agentR-002.out"
rlPhaseEnd
@@ -772,8 +777,7 @@ run_pki-user-cli-user-add-ca_tests(){
##### Tests to add users using an agent user#####
rlPhaseStartTest "pki_user_cli_user_add-CA-043: Should not be able to add user using a valid agent CA_agentV user"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_agentV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -781,14 +785,14 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_agentV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-agentV-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a agent cert"
rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-agentV-002.out"
rlPhaseEnd
- rlPhaseStartTest "pki_user_cli_user_add-CA-044: Should not be able to add user using a CA_agentR user"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
+ ##### Tests to add users using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA #####
+ rlPhaseStartTest "pki_user_cli_user_add-CA-044: Should not be able to add user using a CA_agentUTCA user"
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_agentR \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -796,17 +800,17 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_agentR \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-agentR-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a agent cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-agentR-002.out"
rlPhaseEnd
##### Tests to add users using expired cert#####
rlPhaseStartTest "pki_user_cli_user_add-CA-045: Should not be able to add user using admin user with expired cert CA_adminE"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
- rlRun "date"
- rlLog "Executing: pki -d $CERTDB_DIR \
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_adminE \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -814,7 +818,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminE \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-adminE-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a agent cert"
rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-adminE-002.out"
rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-adminE-002.out"
@@ -823,9 +827,9 @@ run_pki-user-cli-user-add-ca_tests(){
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-046: Should not be able to add user using CA_agentE cert"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
- rlRun "date"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_agentE \
-c $CERTDB_DIR_PASSWORD \
@@ -834,7 +838,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_agentE \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-agentE-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a agent cert"
rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ca-agentE-002.out"
rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-agentE-002.out"
@@ -844,8 +848,7 @@ run_pki-user-cli-user-add-ca_tests(){
##### Tests to add users using audit users#####
rlPhaseStartTest "pki_user_cli_user_add-CA-047: Should not be able to add user using a CA_auditV"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_auditV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -853,15 +856,14 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_auditV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-auditV-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a audit cert"
rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-auditV-002.out"
rlPhaseEnd
##### Tests to add users using operator user###
rlPhaseStartTest "pki_user_cli_user_add-CA-048: Should not be able to add user using a CA_operatorV"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
+ rlLog "Executing: pki -d $CERTDB_DIR \
-n CA_operatorV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1"
@@ -869,16 +871,13 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_operatorV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-operatorV-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a operator cert"
rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-operatorV-002.out"
rlPhaseEnd
-
- ##### Tests to add users using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users#####
rlPhaseStartTest "pki_user_cli_user_add-CA-049: Should not be able to add user using a cert created from a untrusted CA CA_adminUTCA"
-
- rlLog "Executing: pki -d /tmp/untrusted_cert_db \
+ rlLog "Executing: pki -d /tmp/untrusted_cert_db \
-n CA_adminUTCA \
-c Password \
user-add --fullName=\"$user1fullname\" $user1"
@@ -886,7 +885,7 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminUTCA \
-c Password \
user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-adminUTCA-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to add user $user1 using a untrusted cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-adminUTCA-002.out"
rlPhaseEnd
@@ -901,10 +900,11 @@ run_pki-user-cli-user-add-ca_tests(){
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-ca-001_50.out 2>&1" \
- 1 \
+ 255 \
"Adding user using CA_adminV with user id length exceed maximum defined in ldap schema"
rlAssertGrep "ClientResponseFailure: ldap can't save, exceeds max length" "$TmpDir/pki-user-add-ca-001_50.out"
rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-ca-001_50.out"
+ rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-001_50.out"
rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842"
rlPhaseEnd
@@ -1069,35 +1069,21 @@ run_pki-user-cli-user-add-ca_tests(){
rlPhaseStartTest "pki_user_cli_user_add-CA-058: email address with i18n characters"
rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters"
- rlLog "pki -d $CERTDB_DIR \
- -n CA_adminV \
- -c $CERTDB_DIR_PASSWORD \
- user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_adminV \
- -c $CERTDB_DIR_PASSWORD \
- user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31 > $TmpDir/pki-user-add-ca-001_58.out 2>&1" \
- 0 \
- "Adding email negyvenkettő@qetestsdomain.com with i18n characters"
- rlAssertGrep "PKIException: Unable to add user" "$TmpDir/pki-user-add-ca-001_58.out"
- rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ca-001_58.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unable to add user"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters"
rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_add-CA-059: email address with i18n characters"
rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters"
- rlLog "pki -d $CERTDB_DIR \
- -n CA_adminV \
- -c $CERTDB_DIR_PASSWORD \
- user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_adminV \
- -c $CERTDB_DIR_PASSWORD \
- user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32 > $TmpDir/pki-user-add-ca-001_59.out 2>&1" \
- 0 \
- "Adding email četrdesmitdivi@qetestsdomain.com with i18n characters"
- rlAssertGrep "PKIException: Unable to add user" "$TmpDir/pki-user-add-ca-001_59.out"
- rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ca-001_59.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unable to add user"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters"
rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860"
rlPhaseEnd
@@ -1261,20 +1247,22 @@ run_pki-user-cli-user-add-ca_tests(){
rlLog "valid_serialNumber=$valid_serialNumber"
#Import user certs to $TEMP_NSS_DB
rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded"
- rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u""
+ rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\""
local expfile="$TmpDir/expfile_pkiuser1.out"
rlLog "Executing: pki -d $TEMP_NSS_DB \
-n pkiUser1 \
-c Password \
- user-find --start=1 --size=5"
+ user-add --fullName=test_user u39"
echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password user-add --fullName=test_user u39" > $expfile
- echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=qeblade3.rhq.lab.eng.bos.redhat.com,O=rhq.lab.eng.bos.redhat.com Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=rhq.lab.eng.bos.redhat.com Security Domain'
+ echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain'
Import CA certificate (Y/n)? \"" >> $expfile
echo "send -- \"Y\r\"" >> $expfile
echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile
echo "send -- \"\r\"" >> $expfile
echo "expect eof" >> $expfile
- rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-ca-pkiUser1-002.out 2>&1" 1 "Should not be able to add users using a user cert"
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-pkiUser1-002.out"
rlPhaseEnd
@@ -1327,5 +1315,9 @@ Import CA certificate (Y/n)? \"" >> $expfile
0 \
"Deleted user ÉricTêko"
rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out"
+
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
}
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh
index eedecd44d..a0e0eac4d 100755
--- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh
+++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh
@@ -3,13 +3,14 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli
-# Description: PKI user-add CLI tests
+# Description: PKI user-del CLI tests
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# The following ipa cli commands needs to be tested:
-# pki-user-cli-user-add Add users to pki subsystems.
+# pki-user-cli-user-del Delete pki subsystem users.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
-# Author: Laxmi Sunkara <lsunkara@redhat.com>
+# Author: Asha Akkiangady <aakkiang@redhat.com>
+# Laxmi Sunkara <lsunkara@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
@@ -42,18 +43,36 @@
########################################################################
# Test Suite Globals
########################################################################
-user1=ca_agent2
-user1fullname="Test ca_agent"
-user2=abcdefghijklmnopqrstuvwxyx12345678
-user3=abc#
-user4=abc$
-user5=abc@
-user6=abc?
-user7=0
run_pki-user-cli-user-del-ca_tests(){
- rlPhaseStartTest "pki_user_cli_user_del-001: Add users to test user-del functionality"
- del_user=($CA_adminV_user $CA_adminR_user $CA_adminE_user $CA_adminUTCA_user $CA_agentV_user $CA_agentR_user $CA_agentE_user $CA_agentUTCA_user $CA_auditV_user $CA_operatorV_user)
+
+ rlPhaseStartSetup "pki_user_cli_user_del-CA-ca-startup: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-ca-configtest-001: pki user-del --help configuration test"
+ rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help"
+ rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-ca-configtest-002: pki user-del configuration test"
+ rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del"
+ rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out"
+ rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out"
+ rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-003: Delete valid users"
+ user1=ca_agent2
+ user1fullname="Test ca_agent"
+ user2=abcdefghijklmnopqrstuvwxyx12345678
+ user3=abc#
+ user4=abc$
+ user5=abc@
+ user6=abc?
+ user7=0
#positive test cases
#Add users to CA using CA_adminV cert
i=1
@@ -79,6 +98,10 @@ run_pki-user-cli-user-del-ca_tests(){
0 \
"Deleted user u$i"
rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-user1-00$i.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show u$i"
+ errmsg="UserNotFoundException: User u$i not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist"
let i=$i+1
done
#Add users to CA using CA_adminV cert
@@ -107,10 +130,15 @@ run_pki-user-cli-user-del-ca_tests(){
0 \
"Deleted user $usr"
rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ca-user2-00$j.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show $usr"
+ errmsg="UserNotFoundException: User $usr not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist"
let j=$j+1
done
rlPhaseEnd
- rlPhaseStartTest "pki_user_cli_user_del-002: Case sensitive userid, Negative test case"
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-004: Case sensitive userid"
rlRun "pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
@@ -122,26 +150,494 @@ run_pki-user-cli-user-del-ca_tests(){
0 \
"Deleted user USER_ABC userid is not case sensitive"
rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-ca-user-002_1.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show user_abc"
+ errmsg="UserNotFoundException: User user_abc not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist"
rlPhaseEnd
- rlPhaseStartTest "pki_user_cli_user_del-003: user id missing, Negative test case"
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-005: Delete user when required option user id is missing"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del > $TmpDir/pki-user-del-ca-user-003_1.out 2>&1" \
+ 255 \
+ "Cannot delete a user without userid"
+ rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-ca-user-003_1.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-006: Maximum length of user id"
+ user2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1`
rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-ca-001_1.out" \
+ 0 \
+ "Added user using CA_adminV with maximum user id length"
+ rlRun "pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
- user-add --fullName=test_user test_user"
+ user-del \"$user2\" > $TmpDir/pki-user-del-ca-user-006.out" \
+ 0 \
+ "Deleting user with maximum user id length using CA_adminV"
+ actual_userid_string=`cat $TmpDir/pki-user-del-ca-user-006.out | grep 'Deleted user' | xargs echo`
+ expected_userid_string="Deleted user $user2"
+ if [[ $actual_userid_string = $expected_userid_string ]] ; then
+ rlPass "Deleted user \"$user2\" found"
+ else
+ rlFail "Deleted user \"$user2\" not found"
+ fi
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show \"$user2\""
+ errmsg="UserNotFoundException: User \"$user2\" not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-007: userid with maximum length and symbols"
+ userid=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1`
rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName=test '$userid' > $TmpDir/pki-user-add-ca-001_8.out" \
+ 0 \
+ "Added user using CA_adminV with maximum userid length and character symbols in it"
+ rlRun "pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
- user-del > $TmpDir/pki-user-del-ca-user-003_1.out 2>&1" \
- 1 \
- "Cannot delete a user without userid"
- rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-ca-user-003_1.out"
+ user-del '$userid' > $TmpDir/pki-user-del-ca-user-007.out" \
+ 0 \
+ "Deleting user with maximum user id length and character symbols using CA_adminV"
+ actual_userid_string=`cat $TmpDir/pki-user-del-ca-user-007.out| grep 'Deleted user' | xargs echo`
+ expected_userid_string="Deleted user $userid"
+ if [[ $actual_userid_string = $expected_userid_string ]] ; then
+ rlPass "Deleted user $userid found"
+ else
+ rlFail "Deleted user $userid not found"
+ fi
rlRun "pki -d $CERTDB_DIR \
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
- user-del test_user > $TmpDir/pki-user-del-ca-user-003_2.out" \
+ user-show '$userid' > $TmpDir/pki-user-del-ca-user-007_2.out 2>&1" \
+ 255 \
+ "Verify expected error message - deleted user with max length and character symbols should not exist"
+ actual_error_string=`cat $TmpDir/pki-user-del-ca-user-007_2.out| grep 'UserNotFoundException:' | xargs echo`
+ expected_error_string="UserNotFoundException: User $userid not found"
+ if [[ $actual_error_string = $expected_error_string ]] ; then
+ rlPass "UserNotFoundException: User $userid not found message found"
+ else
+ rlFail "UserNotFoundException: User $userid not found message not found"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-008: delete user that has all attributes and a certificate"
+ user1="testuser1"
+ user1fullname="Test ca_agent"
+ email="ca_agent2@myemail.com"
+ user_password="agent2Password"
+ phone="1234567890"
+ state="NC"
+ type="Administrators"
+ pem_file="$TmpDir/testuser1.pem"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ user-add --fullName=\"$user1fullname\" \
+ --email $email \
+ --password $user_password \
+ --phone $phone \
+ --state $state \
+ --type $type \
+ $user1 > $TmpDir/pki-user-add-ca-008.out" \
+ 0 \
+ "Add user $user1 to CA -- all options provided"
+ #Add certificate to the user
+ local TEMP_NSS_DB="$TmpDir/nssdb"
+ local ret_reqstatus
+ local ret_requestid
+ local valid_serialNumber
+ local temp_out="$TmpDir/usercert-show.out"
+ rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \
+ \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset"
+ rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out"
+ rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)"
+ rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out"
+ valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2`
+ rlLog "valid_serialNumber=$valid_serialNumber"
+ rlRun "pki cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output"
+ rlLog "pki -d $CERTDB_DIR/ \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ user-cert-add $user1 --input $pem_file"
+ rlRun "pki -d $CERTDB_DIR/ \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_CA_useraddcert_008.out" \
+ 0 \
+ "Cert is added to the user $user1"
+ #Add user to Administrator's group
+ gid="Administrators"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ca-008.out" \
+ 0 \
+ "Adding user $user1 to group \"$gid\""
+ #Delete user
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del $user1 > $TmpDir/pki-user-del-ca-user-008.out" \
0 \
- "Deleted user test_user"
- rlAssertGrep "Deleted user \"test_user\"" "$TmpDir/pki-user-del-ca-user-003_2.out"
+ "Deleting user $user1 with all attributes and a certificate"
+ rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-ca-user-008.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show $user1"
+ errmsg="UserNotFoundException: User $user1 not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-009: Delete user from CA with -t option"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-ca-009.out" \
+ 0 \
+ "Add user u22 to CA"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ user-del u22 > $TmpDir/pki-user-del-ca-user-009.out" \
+ 0 \
+ "Deleting user u22 using -t ca option"
+ rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-ca-user-009.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show u22"
+ errmsg="UserNotFoundException: User u22 not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-010: Should not be able to delete user using a revoked cert CA_adminR"
+ #Add a user
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-ca-010.out" \
+ 0 \
+ "Add user u23 to CA"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_adminR \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-001.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-001.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-001.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-001.out"
rlPhaseEnd
+ rlPhaseStartTest "pki_user_cli_user_del-CA-011: Should not be able to delete user using a agent with revoked cert CA_agentR"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_agentR \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-002.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-002.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-002.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-002.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-012: Should not be able to delete user using a valid agent CA_agentV user"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_agentV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a valid agent cert"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-003.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-003.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-003.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-003.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-013: Should not be able to delete user using a admin user with expired cert CA_adminE"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_adminE \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using an expired admin cert"
+ #Set datetime back on original
+ rlRun "date --set='-2 days'" 0 "Set System back to the present day"
+ rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-004.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-004.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-004.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-004.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-014: Should not be able to delete a user using CA_agentE cert"
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_agentE \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="ClientResponseFailure: Error status 401 Unauthorized returned"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent cert"
+
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962"
+ rlRun "date --set='-2 days'" 0 "Set System back to the present day"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-005.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-005.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-005.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-005.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-015: Should not be able to delete user using a CA_auditV"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_auditV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a audit cert"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-006.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-006.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-006.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-006.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-016: Should not be able to delete user using a CA_operatorV"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_operatorV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23"
+ command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD user-del u23"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a operator cert"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-007.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-007.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-007.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-007.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-017: Should not be able to delete user using a cert created from a untrusted CA CA_adminUTCA"
+ rlLog "Executing: pki -d /tmp/untrusted_cert_db \
+ -n CA_adminUTCA \
+ -c Password \
+ user-del u23"
+ command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password user-del u23"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a untrusted cert"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-008.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-008.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-008.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-008.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-018: Should not be able to delete user using a user cert"
+ local TEMP_NSS_DB="$TmpDir/nssdb"
+ local ret_reqstatus
+ local ret_requestid
+ local valid_serialNumber
+ local temp_out="$TmpDir/usercert-show.out"
+ #Create a user cert
+ rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \
+ \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset"
+ rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out"
+ rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)"
+ rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out"
+ valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2`
+ rlLog "valid_serialNumber=$valid_serialNumber"
+ #Import user certs to $TEMP_NSS_DB
+ rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded"
+ rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\""
+ local expfile="$TmpDir/expfile_pkiuser1.out"
+ rlLog "Executing: pki -d $TEMP_NSS_DB \
+ -n pkiUser1 \
+ -c Password \
+ user-del u23"
+ echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password user-del u23" > $expfile
+ echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain'
+Import CA certificate (Y/n)? \"" >> $expfile
+ echo "send -- \"Y\r\"" >> $expfile
+ echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile
+ echo "send -- \"\r\"" >> $expfile
+ echo "expect eof" >> $expfile
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ cat $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert"
+ rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-ca-pkiUser1-002.out"
+ #Make sure user is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show u23 > $TmpDir/pki-user-show-ca-009.out" \
+ 0 \
+ "Show user u23"
+ rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-009.out"
+ rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-009.out"
+ rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-009.out"
+
+ #Cleanup:delete user u23
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del u23 > $TmpDir/pki-user-del-ca-018.out 2>&1"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-019: delete user id with i18n characters"
+ rlLog "user-add userid ÖrjanÄke with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName=test 'ÖrjanÄke' > $TmpDir/pki-user-add-ca-001_19.out 2>&1" \
+ 0 \
+ "Adding uid ÖrjanÄke with i18n characters"
+ rlAssertGrep "Added user \"ÖrjanÄke\"" "$TmpDir/pki-user-add-ca-001_19.out"
+ rlAssertGrep "User ID: ÖrjanÄke" "$TmpDir/pki-user-add-ca-001_19.out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show 'ÖrjanÄke' > $TmpDir/pki-user-add-ca-001_19_2.out" \
+ 0 \
+ "Show user 'ÖrjanÄke'"
+ rlAssertGrep "User \"ÖrjanÄke\"" "$TmpDir/pki-user-add-ca-001_19_2.out"
+ rlAssertGrep "User ID: ÖrjanÄke" "$TmpDir/pki-user-add-ca-001_19_2.out"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÖrjanÄke'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-001_19_3.out 2>&1" \
+ 0 \
+ "Delete uid ÖrjanÄke with i18n characters"
+ rlAssertGrep "Deleted user \"ÖrjanÄke\"" "$TmpDir/pki-user-del-ca-001_19_3.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show 'ÖrjanÄke'"
+ errmsg="UserNotFoundException: User 'ÖrjanÄke' not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user 'ÖrjanÄke' should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA-020: delete userid with i18n characters"
+ rlLog "user-add userid ÉricTêko with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName=test 'ÉricTêko' > $TmpDir/pki-user-add-ca-001_20.out 2>&1" \
+ 0 \
+ "Adding user id ÉricTêko with i18n characters"
+ rlAssertGrep "Added user \"ÉricTêko\"" "$TmpDir/pki-user-add-ca-001_20.out"
+ rlAssertGrep "User ID: ÉricTêko" "$TmpDir/pki-user-add-ca-001_20.out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-show 'ÉricTêko' > $TmpDir/pki-user-add-ca-001_20_2.out" \
+ 0 \
+ "Show user 'ÉricTêko'"
+ rlAssertGrep "User \"ÉricTêko\"" "$TmpDir/pki-user-add-ca-001_20_2.out"
+ rlAssertGrep "User ID: ÉricTêko" "$TmpDir/pki-user-add-ca-001_20_2.out"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÉricTêko'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-001_20_3.out 2>&1" \
+ 0 \
+ "Delete uid ÉricTêko with i18n characters"
+ rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-001_20_3.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD user-show 'ÉricTêko'"
+ errmsg="UserNotFoundException: User 'ÉricTêko' not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user 'ÉricTêko' should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_del-CA_cleanup-004: Deleting the temp directory"
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlPhaseEnd
}
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh
index 765732e58..d1a5a856d 100755
--- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh
+++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh
@@ -69,15 +69,16 @@ run_pki-user-cli-user-find-ca_tests(){
rlPhaseStartTest "pki_user_cli_user_find-ca-configtest-001: pki user-find --help configuration test"
rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help"
- rlAssertGrep "usage: user-find [FILTER] [OPTIONS...]" "$TmpDir/user_find.out"
- rlAssertGrep "--size <size> Page size" "$TmpDir/user_find.out"
- rlAssertGrep "--start <start> Page start" "$TmpDir/user_find.out"
+ rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out"
+ rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out"
+ rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out"
rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/843"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_find-ca-configtest-002: pki user-find configuration test"
- rlRun "pki user-find > $TmpDir/user_find_2.out 2>&1" 0 "pki user-find"
+ rlRun "pki user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find"
rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_find_2.out"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/821"
rlPhaseEnd
@@ -146,13 +147,13 @@ run_pki-user-cli-user-find-ca_tests(){
maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1`
rlLog "pki -d $CERTDB_DIR \
-n \"CA_adminV\" \
- -c $CERTDB_DIR_PASSWORD \
- user-find --size=$maximum_check"
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$maximum_check"
rlRun "pki -d $CERTDB_DIR \
-n \"CA_adminV\" \
- -c $CERTDB_DIR_PASSWORD \
- user-find --size=$maximum_check > $TmpDir/pki-user-find-ca-003_3.out 2>&1" \
- 1 \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$maximum_check > $TmpDir/pki-user-find-ca-003_3.out 2>&1" \
+ 255 \
"More than maximum possible value as input"
rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-ca-003_3.out"
rlPhaseEnd
@@ -160,8 +161,8 @@ run_pki-user-cli-user-find-ca_tests(){
rlPhaseStartTest "pki_user_cli_user_find-ca-008: Find users, check for negative input --size=-1"
rlRun "pki -d $CERTDB_DIR \
-n \"CA_adminV\" \
- -c $CERTDB_DIR_PASSWORD \
- user-find --size=-1 > $TmpDir/pki-user-find-ca-004.out 2>&1" \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=-1 > $TmpDir/pki-user-find-ca-004.out 2>&1" \
0 \
"No users returned as the size entered is negative value"
rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ca-004.out"
@@ -171,13 +172,13 @@ run_pki-user-cli-user-find-ca_tests(){
size_noninteger="abc"
rlLog "Executing: pki -d $CERTDB_DIR \
-n \"CA_adminV\" \
- -c $CERTDB_DIR_PASSWORD \
- user-find --size=$size_noninteger > $TmpDir/pki-user-find-ca-005.out 2>&1"
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$size_noninteger > $TmpDir/pki-user-find-ca-005.out 2>&1"
rlRun "pki -d $CERTDB_DIR \
-n \"CA_adminV\" \
- -c $CERTDB_DIR_PASSWORD \
- user-find --size=$size_noninteger > $TmpDir/pki-user-find-ca-005.out 2>&1" \
- 1 \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$size_noninteger > $TmpDir/pki-user-find-ca-005.out 2>&1" \
+ 255 \
"No users returned"
rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-ca-005.out"
rlPhaseEnd
@@ -187,7 +188,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n \"CA_adminV\" \
-c $CERTDB_DIR_PASSWORD \
user-find --size= > $TmpDir/pki-user-find-ca-006.out 2>&1" \
- 1 \
+ 255 \
"No users returned, as --size= "
rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-ca-006.out"
rlPhaseEnd
@@ -259,7 +260,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n \"CA_adminV\" \
-c $CERTDB_DIR_PASSWORD \
user-find --start=$maximum_check > $TmpDir/pki-user-find-ca-008_3.out 2>&1" \
- 1 \
+ 255 \
"Find users, --start with more than maximum possible input"
rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-ca-008_3.out"
rlPhaseEnd
@@ -290,7 +291,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n \"CA_adminV\" \
-c $CERTDB_DIR_PASSWORD \
user-find --start=$size_noninteger > $TmpDir/pki-user-find-ca-0011.out 2>&1" \
- 1 \
+ 255 \
"Incorrect input to find user"
rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-ca-0011.out"
rlPhaseEnd
@@ -300,7 +301,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n \"CA_adminV\" \
-c $CERTDB_DIR_PASSWORD \
user-find --start= > $TmpDir/pki-user-find-ca-0012.out 2>&1" \
- 1 \
+ 255 \
"No users returned, as --start= "
rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-ca-0012.out"
rlPhaseEnd
@@ -359,7 +360,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_adminR \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-revoke-adminR-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a revoked admin cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-revoke-adminR-002.out"
rlPhaseEnd
@@ -373,7 +374,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_agentR \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-revoke-agentR-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a agent having revoked cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-revoke-agentR-002.out"
rlPhaseEnd
@@ -387,7 +388,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_agentV \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-agentV-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a agent cert"
rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-find-ca-agentV-002.out"
rlPhaseEnd
@@ -401,7 +402,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_agentR \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-agentR-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a revoked agent cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-agentR-002.out"
rlPhaseEnd
@@ -418,7 +419,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_adminE \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-adminE-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using an expired admin cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-adminE-002.out"
rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-ca-adminE-002.out"
@@ -438,7 +439,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_agentE \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-agentE-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using an expired agent cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-agentE-002.out"
rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-ca-agentE-002.out"
@@ -455,7 +456,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_auditV \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-auditV-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a audit cert"
rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-find-ca-auditV-002.out"
rlPhaseEnd
@@ -469,7 +470,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_operatorV \
-c $CERTDB_DIR_PASSWORD \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-operatorV-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a operator cert"
rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-find-ca-operatorV-002.out"
rlPhaseEnd
@@ -483,7 +484,7 @@ run_pki-user-cli-user-find-ca_tests(){
-n CA_adminUTCA \
-c Password \
user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-adminUTCA-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to find users using a untrusted cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-adminUTCA-002.out"
rlPhaseEnd
@@ -521,10 +522,58 @@ Import CA certificate (Y/n)? \"" >> $expfile
echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile
echo "send -- \"\r\"" >> $expfile
echo "expect eof" >> $expfile
- rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-ca-pkiUser1-002.out 2>&1" 1 "Should not be able to find users using a user cert"
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-pkiUser1-002.out"
rlPhaseEnd
+ rlPhaseStartTest "pki_user_cli_user_find-ca-031: find users when user id has i18n characters"
+ maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1`
+ rlLog "user-add userid ÖrjanÄke with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-user-find-ca-001_31.out 2>&1" \
+ 0 \
+ "Adding uid ÖrjanÄke with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$maximum_check "
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$maximum_check > $TmpDir/pki-user-show-ca-001_31_2.out" \
+ 0 \
+ "Find user with max size"
+ rlAssertGrep "User ID: ÖrjanÄke" "$TmpDir/pki-user-show-ca-001_31_2.out"
+ rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-ca-001_31_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_user_cli_user_find-ca-032: find users when userid has i18n characters"
+ maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1`
+ rlLog "user-add userid ÉricTêko with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-add --fullName='Éric Têko' 'ÉricTêko' > $TmpDir/pki-user-show-ca-001_32.out 2>&1" \
+ 0 \
+ "Adding user id ÉricTêko with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$maximum_check"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-find --size=$maximum_check > $TmpDir/pki-user-show-ca-001_32_2.out" \
+ 0 \
+ "Find user with max size"
+ rlAssertGrep "User ID: ÉricTêko" "$TmpDir/pki-user-show-ca-001_32_2.out"
+ rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-ca-001_32_2.out"
+ rlPhaseEnd
+
rlPhaseStartTest "pki_user_cli_user_cleanup-021: Deleting users"
#===Deleting users created using CA_adminV cert===#
i=1
@@ -552,6 +601,23 @@ Import CA certificate (Y/n)? \"" >> $expfile
let j=$j+1
done
+ #===Deleting i18n users created using CA_adminV cert===#
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-user-i18n_1.out" \
+ 0 \
+ "Deleted user ÖrjanÄke"
+ rlAssertGrep "Deleted user \"ÖrjanÄke\"" "$TmpDir/pki-user-del-ca-user-i18n_1.out"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \
+ 0 \
+ "Deleted user ÉricTêko"
+ rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out"
+
#Delete temporary directory
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh
index ab1daeb64..1eee9fe44 100755
--- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh
+++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh
@@ -50,14 +50,16 @@
########################################################################
run_pki-user-cli-user-show-ca_tests(){
-user1=ca_agent2
-user1fullname="Test ca_agent"
-user2=abcdefghijklmnopqrstuvwxyx12345678
-user3=abc#
-user4=abc$
-user5=abc@
-user6=abc?
-user7=0
+ #local variables
+ user1=ca_agent2
+ user1fullname="Test ca_agent"
+ user2=abcdefghijklmnopqrstuvwxyx12345678
+ user3=abc#
+ user4=abc$
+ user5=abc@
+ user6=abc?
+ user7=0
+
rlPhaseStartSetup "pki_user_cli_user_show-ca-startup: Create temporary directory"
rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
@@ -67,7 +69,8 @@ user7=0
rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \
0 \
"pki user-show"
- rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki_user_show_cfg.out"
+ rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out"
rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/843"
rlPhaseEnd
@@ -697,14 +700,11 @@ user7=0
#Negative Cases
rlPhaseStartTest "pki_user_cli_user_show-CA-031: Missing required option user id"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_adminV \
- -c $CERTDB_DIR_PASSWORD \
- -t ca \
- user-show > $TmpDir/pki-user-show-ca-001_34.out 2>&1" \
- 1 \
- "Cannot show user without user id"
- rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki-user-show-ca-001_34.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca user-show"
+ rlLog "Executing $command"
+ errmsg="Error: No User ID specified."
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-032: Checking if user id case sensitive "
@@ -725,132 +725,79 @@ user7=0
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-033: Should not be able to show user using a revoked cert CA_adminR"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_adminR \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_adminR \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-revoke-adminR-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a admin having revoked cert"
- rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-revoke-adminR-002.out"
+ command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-034: Should not be able to show user using a agent with revoked cert CA_agentR"
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_agentR \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_agentR \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-revoke-agentR-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a agent having revoked cert"
- rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-revoke-agentR-002.out"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-035: Should not be able to show user using a valid agent CA_agentV user"
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_agentV \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_agentV \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-agentV-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a agent cert"
- rlAssertGrep "ForbiddenException: Authorization failed" "$TmpDir/pki-user-show-ca-agentV-002.out"
+ command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="ForbiddenException: Authorization failed"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/965"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-036: Should not be able to show user using a CA_agentR user"
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_agentR \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_agentR \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-agentR-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a revoked agent cert"
- rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-agentR-002.out"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-037: Should not be able to show user using admin user with expired cert CA_adminE"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
rlRun "date"
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_adminE \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_adminE \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-adminE-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using an expired admin cert"
- rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-adminE-002.out"
- rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-ca-adminE-002.out"
+ command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert"
rlRun "date --set='2 days ago'" 0 "Set System back to the present day"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-038: Should not be able to show user using CA_agentE cert"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
- rlRun "date --set='next day'" 0 "Set System date a day ahead"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
rlRun "date"
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_agentE \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_agentE \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-agentE-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a agent cert"
- rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-agentE-002.out"
- rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-ca-agentE-002.out"
- rlAssertNotGrep "" "$TmpDir/pki-user-show-ca-agentE-002.out"
+ command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert"
rlRun "date --set='2 days ago'" 0 "Set System back to the present day"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-039: Should not be able to show user using a CA_auditV"
-
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_auditV \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_auditV \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-auditV-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a audit cert"
- rlAssertGrep "ForbiddenException: Authorization failed" "$TmpDir/pki-user-show-ca-auditV-002.out"
+ command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="ForbiddenException: Authorization failed"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/965"
rlPhaseEnd
rlPhaseStartTest "pki_user_cli_user_show-CA-040: Should not be able to show user using a CA_operatorV"
- rlLog "Executing: pki -d $CERTDB_DIR \
- -n CA_operatorV \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23"
- rlRun "pki -d $CERTDB_DIR \
- -n CA_operatorV \
- -c $CERTDB_DIR_PASSWORD \
- user-show u23 > $TmpDir/pki-user-show-ca-operatorV-002.out 2>&1" \
- 1 \
- "Should not be able to show user u23 using a operator cert"
- rlAssertGrep "ForbiddenException: Authorization failed" "$TmpDir/pki-user-show-ca-operatorV-002.out"
+ command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD user-show u23"
+ rlLog "Executing $command"
+ errmsg="ForbiddenException: Authorization failed"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert"
rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/965"
rlPhaseEnd
@@ -863,7 +810,7 @@ user7=0
-n CA_adminUTCA \
-c Password \
user-show u23 > $TmpDir/pki-user-show-ca-adminUTCA-002.out 2>&1" \
- 1 \
+ 255 \
"Should not be able to show user u23 using a untrusted cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-adminUTCA-002.out"
rlPhaseEnd
@@ -901,7 +848,9 @@ Import CA certificate (Y/n)? \"" >> $expfile
echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile
echo "send -- \"\r\"" >> $expfile
echo "expect eof" >> $expfile
- rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-ca-pkiUser1-002.out 2>&1" 1 "Should not be able to find users using a user cert"
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert"
rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-pkiUser1-002.out"
rlPhaseEnd
@@ -915,7 +864,7 @@ Import CA certificate (Y/n)? \"" >> $expfile
-n CA_adminV \
-c $CERTDB_DIR_PASSWORD \
user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-ca-001_50.out 2>&1" \
- 1 \
+ 255 \
"Show user using CA_adminV with user id length exceed maximum defined in ldap schema"
rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-ca-001_50.out"
rlPhaseEnd
@@ -993,6 +942,23 @@ Import CA certificate (Y/n)? \"" >> $expfile
let j=$j+1
done
+ #===Deleting i18n users created using CA_adminV cert===#
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-user-i18n_1.out" \
+ 0 \
+ "Deleted user ÖrjanÄke"
+ rlAssertGrep "Deleted user \"ÖrjanÄke\"" "$TmpDir/pki-user-del-ca-user-i18n_1.out"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \
+ 0 \
+ "Deleted user ÉricTêko"
+ rlAssertGrep "Deleted user \"ÉricTêko\"" "$TmpDir/pki-user-del-ca-user-i18n_2.out"
+
#Delete temporary directory
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh
index bcde0513f..170341bae 100755
--- a/tests/dogtag/shared/rhcs-shared.sh
+++ b/tests/dogtag/shared/rhcs-shared.sh
@@ -30,6 +30,7 @@ verifyErrorMsg()
{
local command="$1"
local expmsg=$2
+ local expErrorCode=$3
local rc=0
rm -rf /tmp/errormsg.out /tmp/errormsg_clean.out
@@ -40,23 +41,32 @@ verifyErrorMsg()
rlLog "ERROR: Expected \"$command\" to fail."
rc=1
else
- rlLog "\"$command\" failed as expected."
+ rlLog "\"$command\" failed as expected."
$command 2> /tmp/errormsg.out
- sed 's/"//g' /tmp/errormsg.out > /tmp/errormsg_clean.out
+ sed 's/"//g' /tmp/errormsg.out > /tmp/errormsg_clean.out
actual=`cat /tmp/errormsg_clean.out`
if [[ "$actual" = "$expmsg" ]] ; then
rlPass "Error message as expected: $actual"
- return 0
+ if [ $expErrorCode ] ; then
+ if [[ "$rc" = "$expErrorCode" ]] ; then
+ rlPass "Error code as expected: $rc"
+ return 0
+ else
+ rlLog "ERROR: Error code is not expected. GOT: $rc EXP: $expErrorCode"
+ return 1
+ fi
+ else
+ rlLog "Error code validation is not selected."
+ return 0
+ fi
else
rlFail "ERROR: Message not as expected. GOT: $actual EXP: $expmsg"
return 1
fi
fi
-
return $rc
}
-
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# rhcs_quick_uninstall
# Usage: rhcs_quick_uninstall
generated by cgit (git 2.34.1) at 2026-04-14 03:07:21 +0000