summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoshni Pattath <rpattath@redhat.com>2014-07-07 13:15:30 -0400
committerRoshni Pattath <rpattath@redhat.com>2014-07-07 13:15:30 -0400
commit4234d56b5601b74cdca892e241d9679fc6360195 (patch)
tree2ddee9649eb6d28ef598867c0a87a49850c01bc4
parent9c8269257382b125a241c876b98cf0f6e5dda8b7 (diff)
downloadpki-4234d56b5601b74cdca892e241d9679fc6360195.tar.gz
pki-4234d56b5601b74cdca892e241d9679fc6360195.tar.xz
pki-4234d56b5601b74cdca892e241d9679fc6360195.zip
Tests for pki group-add, pki group-show, pki group-del
Diffstat
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh494
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh526
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh589
3 files changed, 1609 insertions, 0 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh
new file mode 100755
index 000000000..c6166dbf5
--- /dev/null
+++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh
@@ -0,0 +1,494 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli
+# Description: PKI group-add CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki cli commands needs to be tested:
+# pki-group-cli-group-add Add group to pki subsystems.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Authors: Roshni Pattath <rpattath@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+########################################################################
+#pki-user-cli-user-ca.sh should be first executed prior to pki-group-cli-group-add-ca.sh
+########################################################################
+
+########################################################################
+# Test Suite Globals
+########################################################################
+run_pki-group-cli-group-add-ca_tests(){
+
+ rlPhaseStartSetup "pki_group_cli_group_add-ca-startup: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli-configtest: pki group --help configuration test"
+ rlRun "pki group --help > $TmpDir/pki_group_cfg.out 2>&1" \
+ 0 \
+ "pki group --help"
+ rlAssertGrep "group-find Find groups" "$TmpDir/pki_group_cfg.out"
+ rlAssertGrep "group-show Show group" "$TmpDir/pki_group_cfg.out"
+ rlAssertGrep "group-add Add group" "$TmpDir/pki_group_cfg.out"
+ rlAssertGrep "group-mod Modify group" "$TmpDir/pki_group_cfg.out"
+ rlAssertGrep "group-del Remove group" "$TmpDir/pki_group_cfg.out"
+ rlAssertGrep "group-member Group member management commands" "$TmpDir/pki_group_cfg.out"
+ rlAssertNotGrep "Error: Invalid module \"group---help\"." "$TmpDir/pki_group_cfg.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-configtest: pki group-add configuration test"
+ rlRun "pki group-add --help > $TmpDir/pki_group_add_cfg.out 2>&1" \
+ 0 \
+ "pki group-add --help"
+ rlAssertGrep "usage: group-add <Group ID> --description <Description> \[OPTIONS...\]" "$TmpDir/pki_group_add_cfg.out"
+ rlAssertGrep "\--description <description> Description" "$TmpDir/pki_group_add_cfg.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_add_cfg.out"
+ rlPhaseEnd
+
+ ##### Tests to add CA groups using a user of admin group with a valid cert####
+ rlPhaseStartTest "pki_group_cli_group_add-CA-001: Add a group to CA using CA_adminV"
+ group1=new_group1
+ group_desc1="New Group1"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"$group_desc1\" $group1"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-group-add-ca-001.out" \
+ 0 \
+ "Add group $group1 to CA_adminV"
+ rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-group-add-ca-001.out"
+ rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-add-ca-001.out"
+ rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-group-add-ca-001.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-002:maximum length of group id"
+ group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-group-add-ca-001_1.out" \
+ 0 \
+ "Added group using CA_adminV with maximum group id length"
+ actual_groupid_string=`cat $TmpDir/pki-group-add-ca-001_1.out | grep 'Group ID:' | xargs echo`
+ expected_groupid_string="Group ID: $group2"
+ if [[ $actual_groupid_string = $expected_groupid_string ]] ; then
+ rlPass "Group ID: $group2 found"
+ else
+ rlFail "Group ID: $group2 not found"
+ fi
+ rlAssertGrep "Description: Test Group" "$TmpDir/pki-group-add-ca-001_1.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-003:Group id with # character"
+ group3=abc#
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description test $group3 > $TmpDir/pki-group-add-ca-001_2.out" \
+ 0 \
+ "Added group using CA_adminV, group id with # character"
+ rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-group-add-ca-001_2.out"
+ rlAssertGrep "Group ID: $group3" "$TmpDir/pki-group-add-ca-001_2.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-004:Group id with $ character"
+ group4=abc$
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group4 > $TmpDir/pki-group-add-ca-001_3.out" \
+ 0 \
+ "Added group using CA_adminV, group id with $ character"
+ rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-group-add-ca-001_3.out"
+ rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-group-add-ca-001_3.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_3.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-005:Group id with @ character"
+ group5=abc@
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group5 > $TmpDir/pki-group-add-ca-001_4.out " \
+ 0 \
+ "Added group using CA_adminV, group id with @ character"
+ rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-group-add-ca-001_4.out"
+ rlAssertGrep "Group ID: $group5" "$TmpDir/pki-group-add-ca-001_4.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_4.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-006:Group id with ? character"
+ group6=abc?
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group6 > $TmpDir/pki-group-add-ca-001_5.out " \
+ 0 \
+ "Added group using CA_adminV, group id with ? character"
+ rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-group-add-ca-001_5.out"
+ rlAssertGrep "Group ID: $group6" "$TmpDir/pki-group-add-ca-001_5.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_5.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-007:Group id as 0"
+ group7=0
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group7 > $TmpDir/pki-group-add-ca-001_6.out " \
+ 0 \
+ "Added group using CA_adminV, group id 0"
+ rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-group-add-ca-001_6.out"
+ rlAssertGrep "Group ID: $group7" "$TmpDir/pki-group-add-ca-001_6.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-add-ca-001_6.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-008:--description with maximum length"
+ groupdesc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"$groupdesc\" g1 > $TmpDir/pki-group-add-ca-001_7.out" \
+ 0 \
+ "Added group using CA_adminV with maximum --description length"
+ rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-group-add-ca-001_7.out"
+ rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-add-ca-001_7.out"
+ rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-group-add-ca-001_7.out"
+ actual_desc_string=`cat $TmpDir/pki-group-add-ca-001_7.out | grep Description: | xargs echo`
+ expected_desc_string="Description: $groupdesc"
+ if [[ $actual_desc_string = $expected_desc_string ]] ; then
+ rlPass "Description: $groupdesc found"
+ else
+ rlFail "Description: $groupdesc not found"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-009:--desccription with maximum length and symbols"
+ groupdesc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='$groupdesc' g2 > $TmpDir/pki-group-add-ca-001_8.out" \
+ 0 \
+ "Added group using CA_adminV with maximum --desc length and character symbols in it"
+ rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-group-add-ca-001_8.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-add-ca-001_8.out"
+ actual_desc_string=`cat $TmpDir/pki-group-add-ca-001_8.out | grep Description: | xargs echo`
+ expected_desc_string="Description: $groupdesc"
+ if [[ $actual_desc_string = $expected_desc_string ]] ; then
+ rlPass "Description: $groupdesc found"
+ else
+ rlFail "Description: $groupdesc not found"
+ fi
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-010: Add a duplicate group to CA"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-add --description='Duplicate Group' $group1"
+ errmsg="ConflictingOperationException: Entry already exists."
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-011: Add a group to CA with -t option"
+ desc="Test Group"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-add --description=\"$desc\" g3"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-add --description=\"$desc\" g3 > $TmpDir/pki-group-add-ca-0011.out" \
+ 0 \
+ "Add group g3 to CA"
+ rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-group-add-ca-0011.out"
+ rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-add-ca-0011.out"
+ rlAssertGrep "Description: $desc" "$TmpDir/pki-group-add-ca-0011.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-012: Add a group -- missing required option group id"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-add --description='$group1'"
+ errmsg="Error: No Group ID specified."
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-013: Add a group -- missing required option --description"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-add $group1"
+ errmsg="Error: Missing required option: description"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group name"
+ rlPhaseEnd
+
+
+ ##### Tests to add groups using revoked cert#####
+ rlPhaseStartTest "pki_group_cli_group_add-CA-014: Should not be able to add group using a revoked cert CA_adminR"
+ command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert CA_adminR"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-015: Should not be able to add group using a agent with revoked cert CA_agentR"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert CA_agentR"
+ rlPhaseEnd
+
+
+ ##### Tests to add groups using an agent user#####
+ rlPhaseStartTest "pki_group_cli_group_add-CA-016: Should not be able to add group using a valid agent CA_agentV user"
+ command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert CA_agentV"
+ rlPhaseEnd
+
+
+ ##### Tests to add groups using expired cert#####
+ rlPhaseStartTest "pki_group_cli_group_add-CA-017: Should not be able to add group using admin user with expired cert CA_adminE"
+ rlRun "date --set='next day'" 0 "Set System date a day ahead"
+ rlRun "date --set='next day'" 0 "Set System date a day ahead"
+ rlRun "date"
+ command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert CA_adminE"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962"
+ rlRun "date --set='2 days ago'" 0 "Set System back to the present day"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-018: Should not be able to add group using CA_agentE cert"
+ rlRun "date --set='next day'" 0 "Set System date a day ahead"
+ rlRun "date --set='next day'" 0 "Set System date a day ahead"
+ rlRun "date"
+ command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert CA_agentE"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962"
+ rlRun "date --set='2 days ago'" 0 "Set System back to the present day"
+ rlPhaseEnd
+
+ ##### Tests to add groups using audit users#####
+ rlPhaseStartTest "pki_group_cli_group_add-CA-019: Should not be able to add group using a CA_auditV"
+ command="pki -d $CERTDB_DIR -n CA_auditorV -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert CA_auditorV"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962"
+ rlPhaseEnd
+
+ ##### Tests to add groups using operator user###
+ rlPhaseStartTest "pki_group_cli_group_add-CA-020: Should not be able to add group using a CA_operatorV"
+ command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD group-add --description='$desc' $group1"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_operatorV"
+ rlPhaseEnd
+
+
+ ##### Tests to add groups using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users#####
+ rlPhaseStartTest "pki_group_cli_group_add-CA-021: Should not be able to add group using a cert created from a untrusted CA CA_adminUTCA"
+ command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password group-add --description='$desc' $group1"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_adminUTCA"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-022: group id length exceeds maximum limit defined in the schema"
+ group_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1`
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-add --description=test '$group_length_exceed_max'"
+ errmsg="ClientResponseFailure: ldap can't save, exceeds max length"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-023: description with i18n characters"
+ rlLog "group-add description Örjan Äke with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='Örjan Äke' g4"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='Örjan Äke' g4 > $TmpDir/pki-group-add-ca-001_51.out 2>&1" \
+ 0 \
+ "Adding g4 with description Örjan Äke"
+ rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-group-add-ca-001_51.out"
+ rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-add-ca-001_51.out"
+ rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-group-add-ca-001_51.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-024: description with i18n characters"
+ rlLog "group-add description Éric Têko with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='Éric Têko' g5"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='Éric Têko' g5 > $TmpDir/pki-group-add-ca-001_52.out 2>&1" \
+ 0 \
+ "Adding g5 with description Éric Têko"
+ rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-group-add-ca-001_52.out"
+ rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-add-ca-001_52.out"
+ rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-group-add-ca-001_52.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-025: description with i18n characters"
+ rlLog "group-add description éénentwintig dvidešimt with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='éénentwintig dvidešimt' g6"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-group-add-ca-001_53.out 2>&1" \
+ 0 \
+ "Adding description éénentwintig dvidešimt with i18n characters"
+ rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-group-add-ca-001_53.out"
+ rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-group-add-ca-001_53.out"
+ rlAssertGrep "Group ID: g6" "$TmpDir/pki-group-add-ca-001_53.out"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g6"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g6 > $TmpDir/pki-group-add-ca-001_53_2.out 2>&1" \
+ 0 \
+ "Show group g6 with description éénentwintig dvidešimt in i18n characters"
+ rlAssertGrep "Group \"g6\"" "$TmpDir/pki-group-add-ca-001_53_2.out"
+ rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-group-add-ca-001_53_2.out"
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-026: group id with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÖrjanÄke'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ca-001_56.out 2>&1" \
+ 0 \
+ "Adding gid ÖrjanÄke with i18n characters"
+ rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ca-001_56.out"
+ rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ca-001_56.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_add-CA-027: groupid with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÉricTêko'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_57.out 2>&1" \
+ 0 \
+ "Adding group id ÉricTêko with i18n characters"
+ rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_57.out"
+ rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_57.out"
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_group_cli_group_cleanup: Deleting groups"
+
+ #===Deleting groups created using CA_adminV cert===#
+ i=1
+ while [ $i -lt 7 ] ; do
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \
+ 0 \
+ "Deleted group g$i"
+ rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out"
+ let i=$i+1
+ done
+ #===Deleting groups(symbols) created using CA_adminV cert===#
+ j=1
+ while [ $j -lt 8 ] ; do
+ eval grp=\$group$j
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del '$grp' > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \
+ 0 \
+ "Deleted group $grp"
+ actual_delete_group_string=`cat $TmpDir/pki-group-del-ca-group-symbol-00$j.out | grep 'Deleted group' | xargs echo`
+ expected_delete_group_string="Deleted group $grp"
+ if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then
+ rlPass "Deleted group \"$grp\" found in $TmpDir/pki-group-del-ca-group-symbol-00$j.out"
+ else
+ rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-group-del-ca-group-symbol-00$j.out"
+ fi
+ let j=$j+1
+ done
+ #===Deleting i18n groups created using CA_adminV cert===#
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \
+ 0 \
+ "Deleted group ÖrjanÄke"
+ rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \
+ 0 \
+ "Deleted group ÉricTêko"
+ rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out"
+
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh
new file mode 100755
index 000000000..bda1b1b82
--- /dev/null
+++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh
@@ -0,0 +1,526 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli
+# Description: PKI group-del CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki cli commands needs to be tested:
+# pki-group-cli-group-del Delete pki subsystem groups.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Author: Roshni Pattath <rpattath@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+
+########################################################################
+# Test Suite Globals
+########################################################################
+
+run_pki-group-cli-group-del-ca_tests(){
+
+ rlPhaseStartSetup "pki_group_cli_group_del-CA-ca-startup: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-ca-configtest-001: pki group-del --help configuration test"
+ rlRun "pki group-del --help > $TmpDir/group_del.out 2>&1" 0 "pki group-del --help"
+ rlAssertGrep "usage: group-del <Group ID>" "$TmpDir/group_del.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/group_del.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-ca-configtest-002: pki group-del configuration test"
+ rlRun "pki group-del > $TmpDir/group_del_2.out 2>&1" 255 "pki group-del"
+ rlAssertGrep "usage: group-del <Group ID>" "$TmpDir/group_del_2.out"
+ rlAssertGrep " --help Show help options" "$TmpDir/group_del_2.out"
+ rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/group_del_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-003: Delete valid groups"
+ group1=ca_group
+ group1desc="Test group"
+ group2=abcdefghijklmnopqrstuvwxyx12345678
+ group3=abc#
+ group4=abc$
+ group5=abc@
+ group6=abc?
+ group7=0
+ #positive test cases
+ #Add groups to CA using CA_adminV cert
+ i=1
+ while [ $i -lt 25 ] ; do
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test_group g$i"
+ let i=$i+1
+ done
+
+ #===Deleting groups created using CA_adminV cert===#
+ i=1
+ while [ $i -lt 25 ] ; do
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del g$i"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del g$i > $TmpDir/pki-group-del-ca-group1-00$i.out" \
+ 0 \
+ "Deleted group g$i"
+ rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group1-00$i.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show g$i"
+ errmsg="GroupNotFoundException: Group g$i not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist"
+ let i=$i+1
+ done
+ #Add groups to CA using CA_adminV cert
+ i=1
+ while [ $i -lt 8 ] ; do
+ eval grp=\$group$i
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test_group $grp"
+ let i=$i+1
+ done
+
+ #===Deleting groups(symbols) created using CA_adminV cert===#
+ j=1
+ while [ $j -lt 8 ] ; do
+ eval grp=\$group$j
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del $grp "
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del $grp > $TmpDir/pki-group-del-ca-group2-00$j.out" \
+ 0 \
+ "Deleted group $grp"
+ rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group2-00$j.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show $grp"
+ errmsg="GroupNotFoundException: Group $grp not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist"
+ let j=$j+1
+ done
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-004: Case sensitive groupid"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test_group group_abc"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del GROUP_ABC > $TmpDir/pki-group-del-ca-group-002_1.out" \
+ 0 \
+ "Deleted group GROUP_ABC groupid is not case sensitive"
+ rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-group-del-ca-group-002_1.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show group_abc"
+ errmsg="GroupNotFoundException: Group group_abc not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-005: Delete group when required option group id is missing"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del > $TmpDir/pki-group-del-ca-group-003_1.out 2>&1" \
+ 255 \
+ "Cannot delete a group without groupid"
+ rlAssertGrep "usage: group-del <Group ID>" "$TmpDir/pki-group-del-ca-group-003_1.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-006: Maximum length of group id"
+ group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test \"$group2\" > $TmpDir/pki-group-add-ca-001_1.out" \
+ 0 \
+ "Added group using CA_adminV with maximum group id length"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del \"$group2\" > $TmpDir/pki-group-del-ca-group-006.out" \
+ 0 \
+ "Deleting group with maximum group id length using CA_adminV"
+ actual_groupid_string=`cat $TmpDir/pki-group-del-ca-group-006.out | grep 'Deleted group' | xargs echo`
+ expected_groupid_string="Deleted group $group2"
+ if [[ $actual_groupid_string = $expected_groupid_string ]] ; then
+ rlPass "Deleted group \"$group2\" found"
+ else
+ rlFail "Deleted group \"$group2\" not found"
+ fi
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show \"$group2\""
+ errmsg="GroupNotFoundException: Group \"$group2\" not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-007: groupid with maximum length and symbols"
+ groupid=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test '$groupid' > $TmpDir/pki-group-add-ca-001_8.out" \
+ 0 \
+ "Added group using CA_adminV with maximum groupid length and character symbols in it"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del '$groupid' > $TmpDir/pki-group-del-ca-group-007.out" \
+ 0 \
+ "Deleting group with maximum group id length and character symbols using CA_adminV"
+ actual_groupid_string=`cat $TmpDir/pki-group-del-ca-group-007.out| grep 'Deleted group' | xargs echo`
+ expected_groupid_string="Deleted group $groupid"
+ if [[ $actual_groupid_string = $expected_groupid_string ]] ; then
+ rlPass "Deleted group $groupid found"
+ else
+ rlFail "Deleted group $groupid not found"
+ fi
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show '$groupid' > $TmpDir/pki-group-del-ca-group-007_2.out 2>&1" \
+ 255 \
+ "Verify expected error message - deleted group with max length and character symbols should not exist"
+ actual_error_string=`cat $TmpDir/pki-group-del-ca-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo`
+ expected_error_string="GroupNotFoundException: Group $groupid not found"
+ if [[ $actual_error_string = $expected_error_string ]] ; then
+ rlPass "GroupNotFoundException: Group $groupid not found message found"
+ else
+ rlFail "GroupNotFoundException: Group $groupid not found message not found"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-008: Delete group from CA with -t option"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"g1description\" g1 > $TmpDir/pki-group-add-ca-009.out" \
+ 0 \
+ "Add group g1 to CA"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-del g1 > $TmpDir/pki-group-del-ca-group-009.out" \
+ 0 \
+ "Deleting group g1 using -t ca option"
+ rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-group-del-ca-group-009.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show g1"
+ errmsg="GroupNotFoundException: Group g1 not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-009: Should not be able to delete group using a revoked cert CA_adminR"
+ #Add a group
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-ca-010.out" \
+ 0 \
+ "Add group g2 to CA"
+ command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-001.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-001.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-001.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-001.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-010: Should not be able to delete group using a agent with revoked cert CA_agentR"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a agent having a revoked cert"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-002.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-002.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-002.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-002.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-011: Should not be able to delete group using a valid agent CA_agentV user"
+ command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a valid agent cert"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-003.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-003.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-003.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-003.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-012: Should not be able to delete group using a admin user with expired cert CA_adminE"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using an expired admin cert"
+ #Set datetime back on original
+ rlRun "date --set='-2 days'" 0 "Set System back to the present day"
+ rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-004.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-004.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-004.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-004.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-013: Should not be able to delete a group using CA_agentE cert"
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="ClientResponseFailure: Error status 401 Unauthorized returned"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a agent cert"
+
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962"
+ rlRun "date --set='-2 days'" 0 "Set System back to the present day"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-005.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-005.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-005.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-005.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-014: Should not be able to delete group using a CA_auditV"
+ command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a audit cert"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-006.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-006.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-006.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-006.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-015: Should not be able to delete group using a CA_operatorV"
+ command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD group-del g2"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a operator cert"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-007.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-007.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-007.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-007.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-016: Should not be able to delete group using a cert created from a untrusted CA CA_adminUTCA"
+ command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password group-del g2"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a untrusted cert"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-008.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-008.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-008.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-008.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-017: Should not be able to delete group using a user cert"
+ local TEMP_NSS_DB="$TmpDir/nssdb"
+ local ret_reqstatus
+ local ret_requestid
+ local valid_serialNumber
+ local temp_out="$TmpDir/usercert-show.out"
+ #Create a user cert
+ rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \
+ \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset"
+ rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out"
+ rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)"
+ rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out"
+ valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2`
+ rlLog "valid_serialNumber=$valid_serialNumber"
+ #Import user certs to $TEMP_NSS_DB
+ rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded"
+ rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\""
+ local expfile="$TmpDir/expfile_pkiuser1.out"
+ rlLog "Executing: pki -d $TEMP_NSS_DB \
+ -n pkiUser1 \
+ -c Password \
+ group-del g2"
+ echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password group-del g2" > $expfile
+ echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain'
+Import CA certificate (Y/n)? \"" >> $expfile
+ echo "send -- \"Y\r\"" >> $expfile
+ echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile
+ echo "send -- \"\r\"" >> $expfile
+ echo "expect eof" >> $expfile
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ cat $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-group-del-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to delete groups using a user cert"
+ rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-group-del-ca-pkiUser1-002.out"
+ #Make sure group is not deleted
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-009.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-009.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-009.out"
+ rlAssertGrep "Description: g2description" "$TmpDir/pki-group-show-ca-009.out"
+
+ #Cleanup:delete group g2
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del g2 > $TmpDir/pki-group-del-ca-018.out 2>&1"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-018: delete group id with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ca-001_19.out 2>&1" \
+ 0 \
+ "Adding gid ÖrjanÄke with i18n characters"
+ rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ca-001_19.out"
+ rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ca-001_19.out"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÖrjanÄke'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-001_19_3.out 2>&1" \
+ 0 \
+ "Deleted gid ÖrjanÄke with i18n characters"
+ rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-001_19_3.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show 'ÖrjanÄke'"
+ errmsg="GroupNotFoundException: Group ÖrjanÄke not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA-020: delete groupid with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_20.out 2>&1" \
+ 0 \
+ "Adding group id ÉricTêko with i18n characters"
+ rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_20.out"
+ rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_20.out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show 'ÉricTêko' > $TmpDir/pki-group-add-ca-001_20_2.out" \
+ 0 \
+ "Show group 'ÉricTêko'"
+ rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-ca-001_20_2.out"
+ rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ca-001_20_2.out"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÉricTêko'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-001_20_3.out 2>&1" \
+ 0 \
+ "Delete gid ÉricTêko with i18n characters"
+ rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-001_20_3.out"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show 'ÉricTêko'"
+ errmsg="GroupNotFoundException: Group ÉricTêko not found"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_del-CA_cleanup-004: Deleting the temp directory"
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh
new file mode 100755
index 000000000..556ae7eee
--- /dev/null
+++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh
@@ -0,0 +1,589 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli
+# Description: PKI group-show CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki cli commands needs to be tested:
+# pki-group-cli-group-show Show groups
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Authors: Roshni Pattath <rpattath@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+######################################################################################
+#pki-user-cli-user-add-ca.sh should be first executed prior to pki-group-cli-group-show-ca.sh
+######################################################################################
+
+########################################################################
+# Test Suite Globals
+########################################################################
+
+########################################################################
+run_pki-group-cli-group-show-ca_tests(){
+ #local variables
+ group1=test_group
+ group1desc="Test Group"
+ group2=abcdefghijklmnopqrstuvwxyx12345678
+ group3=abc#
+ group4=abc$
+ group5=abc@
+ group6=abc?
+ group7=0
+
+ rlPhaseStartSetup "pki_group_cli_group_show-ca-startup: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_show-configtest: pki group-show configuration test"
+ rlRun "pki group-show --help > $TmpDir/pki_group_show_cfg.out 2>&1" \
+ 0 \
+ "pki group-show"
+ rlAssertGrep "usage: group-show <Group ID> \[OPTIONS...\]" "$TmpDir/pki_group_show_cfg.out"
+ rlAssertGrep "\--help Show help options" "$TmpDir/pki_group_show_cfg.out"
+ rlPhaseEnd
+
+ ##### Tests to show CA groups ####
+ rlPhaseStartTest "pki_group_cli_group_show-CA-001: Add group to CA using CA_adminV and show group"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=\"$group1desc\" $group1" \
+ 0 \
+ "Add group $group1 using CA_adminV"
+ rlLog "Executing: pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group1"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group1 > $TmpDir/pki-group-show-ca-001.out" \
+ 0 \
+ "Show group $group1"
+ rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-group-show-ca-001.out"
+ rlAssertGrep "Group ID: $group1" "$TmpDir/pki-group-show-ca-001.out"
+ rlAssertGrep "Description: $group1desc" "$TmpDir/pki-group-show-ca-001.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-002: maximum length of group id"
+ group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group2" \
+ 0 \
+ "Add group $group2 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group2 > $TmpDir/pki-group-show-ca-001_1.out" \
+ 0 \
+ "Show $group2 group"
+ rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-group-show-ca-001_1.out"
+ actual_groupid_string=`cat $TmpDir/pki-group-show-ca-001_1.out | grep 'Group ID:' | xargs echo`
+ expected_groupid_string="Group ID: $group2"
+ if [[ $actual_groupid_string = $expected_groupid_string ]] ; then
+ rlPass "Group ID: $group2 found"
+ else
+ rlFail "Group ID: $group2 not found"
+ fi
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_1.out"
+
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-003: Group id with # character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group3" \
+ 0 \
+ "Add group $group3 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group3 > $TmpDir/pki-group-show-ca-001_2.out" \
+ 0 \
+ "Show $group3 group"
+ rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-group-show-ca-001_2.out"
+ rlAssertGrep "Group ID: $user3" "$TmpDir/pki-group-show-ca-001_2.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-004: Group id with $ character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group4" \
+ 0 \
+ "Add group $group4 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group4 > $TmpDir/pki-group-show-ca-001_3.out" \
+ 0 \
+ "Show $group4 group"
+ rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-group-show-ca-001_3.out"
+ rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-group-show-ca-001_3.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_3.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-005: Group id with @ character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group5" \
+ 0 \
+ "Add $group5 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group5 > $TmpDir/pki-group-show-ca-001_4.out" \
+ 0 \
+ "Show $group5 group"
+ rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-group-show-ca-001_4.out"
+ rlAssertGrep "Group ID: $group5" "$TmpDir/pki-group-show-ca-001_4.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_4.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-006: Group id with ? character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group6" \
+ 0 \
+ "Add $group6 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group6 > $TmpDir/pki-group-show-ca-001_5.out" \
+ 0 \
+ "Show $group6 group"
+ rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-group-show-ca-001_5.out"
+ rlAssertGrep "Group ID: $group6" "$TmpDir/pki-group-show-ca-001_5.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_5.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-007: Group id as 0"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test $group7" \
+ 0 \
+ "Add group $group7 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show $group7 > $TmpDir/pki-group-show-ca-001_6.out" \
+ 0 \
+ "Show group $group7"
+ rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-group-show-ca-001_6.out"
+ rlAssertGrep "Group ID: $group7" "$TmpDir/pki-group-show-ca-001_6.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_6.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-008: --description with maximum length"
+ desc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='$desc' g1" \
+ 0 \
+ "Added group using CA_adminV with maximum --description length"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g1 > $TmpDir/pki-group-show-ca-001_7.out" \
+ 0 \
+ "Show group g1"
+ rlAssertGrep "Group \"g1\"" "$TmpDir/pki-group-show-ca-001_7.out"
+ rlAssertGrep "Group ID: g1" "$TmpDir/pki-group-show-ca-001_7.out"
+ actual_desc_string=`cat $TmpDir/pki-group-show-ca-001_7.out | grep Description: | xargs echo`
+ expected_desc_string="Description: $desc"
+ if [[ $actual_desc_string = $expected_desc_string ]] ; then
+ rlPass "Description: $desc found"
+ else
+ rlFail "Description: $desc not found"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-009: --description with maximum length and symbols"
+ desc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1`
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description='$desc' g2" \
+ 0 \
+ "Added group using CA_adminV with maximum --description length and character symbols in it"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g2 > $TmpDir/pki-group-show-ca-001_8.out" \
+ 0 \
+ "Show group g2"
+ rlAssertGrep "Group \"g2\"" "$TmpDir/pki-group-show-ca-001_8.out"
+ rlAssertGrep "Group ID: g2" "$TmpDir/pki-group-show-ca-001_8.out"
+ actual_desc_string=`cat $TmpDir/pki-group-show-ca-001_8.out | grep Description: | xargs echo`
+ expected_desc_string="Description: $desc"
+ if [[ $actual_desc_string = $expected_desc_string ]] ; then
+ rlPass "Description: $desc found"
+ else
+ rlFail "Description: $desc not found"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-010: --description with # character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=# g3" \
+ 0 \
+ "Add group g3 using pki CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g3 > $TmpDir/pki-group-show-ca-001_9.out" \
+ 0 \
+ "Add group g3"
+ rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ca-001_9.out"
+ rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ca-001_9.out"
+ rlAssertGrep "Description: #" "$TmpDir/pki-group-show-ca-001_9.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-011: --description with * character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=* g4" \
+ 0 \
+ "Add group g4 using pki CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g4 > $TmpDir/pki-group-show-ca-001_10.out" \
+ 0 \
+ "Show group g4 using CA_adminV"
+ rlAssertGrep "Group \"g4\"" "$TmpDir/pki-group-show-ca-001_10.out"
+ rlAssertGrep "Group ID: g4" "$TmpDir/pki-group-show-ca-001_10.out"
+ rlAssertGrep "Description: *" "$TmpDir/pki-group-show-ca-001_10.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-012: --description with $ character"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=$ g5" \
+ 0 \
+ "Add group g5 using pki CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g5 > $TmpDir/pki-group-show-ca-001_11.out" \
+ 0 \
+ "Show group g5 using CA_adminV"
+ rlAssertGrep "Group \"g5\"" "$TmpDir/pki-group-show-ca-001_11.out"
+ rlAssertGrep "Group ID: g5" "$TmpDir/pki-group-show-ca-001_11.out"
+ rlAssertGrep "Description: \\$" "$TmpDir/pki-group-show-ca-001_11.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-013: --description as number 0"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=0 g6" \
+ 0 \
+ "Add group g6 using pki CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show g6 > $TmpDir/pki-group-show-ca-001_12.out" \
+ 0 \
+ "Show group g6 using CA_adminV"
+ rlAssertGrep "Group \"g6\"" "$TmpDir/pki-group-show-ca-001_12.out"
+ rlAssertGrep "Group ID: g6" "$TmpDir/pki-group-show-ca-001_12.out"
+ rlAssertGrep "Description: 0" "$TmpDir/pki-group-show-ca-001_12.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-014: Show group with -t ca option"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-add --description=test g7" \
+ 0 \
+ "Adding group g7 using CA_adminV"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-show g7 > $TmpDir/pki-group-show-ca-001_32.out" \
+ 0 \
+ "Show group g7 using CA_adminV"
+ rlAssertGrep "Group \"g7\"" "$TmpDir/pki-group-show-ca-001_32.out"
+ rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-show-ca-001_32.out"
+ rlAssertGrep "Description: $test" "$TmpDir/pki-group-show-ca-001_32.out"
+ rlPhaseEnd
+
+
+ #Negative Cases
+ rlPhaseStartTest "pki_group_cli_group_show-CA-015: Missing required option group id"
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD -t ca group-show"
+ errmsg="Error: No Group ID specified."
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-016: Checking if group id case sensitive "
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca \
+ group-show G7 > $TmpDir/pki-group-show-ca-001_35.out 2>&1" \
+ 0 \
+ "Group ID is not case sensitive"
+ rlAssertGrep "Group \"G7\"" "$TmpDir/pki-group-show-ca-001_35.out"
+ rlAssertGrep "Group ID: g7" "$TmpDir/pki-group-show-ca-001_35.out"
+ rlAssertGrep "Description: test" "$TmpDir/pki-group-show-ca-001_35.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-017: Should not be able to show group using a revoked cert CA_adminR"
+ command="pki -d $CERTDB_DIR -n CA_adminR -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-018: Should not be able to show group using an agent with revoked cert CA_agentR"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-019: Should not be able to show group using a valid agent CA_agentV user"
+ command="pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-020: Should not be able to show group using a CA_agentR user"
+ command="pki -d $CERTDB_DIR -n CA_agentR -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a revoked agent cert"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-021: Should not be able to show group using admin user with expired cert CA_adminE"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ command="pki -d $CERTDB_DIR -n CA_adminE -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert"
+ rlRun "date --set='2 days ago'" 0 "Set System back to the present day"
+ rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-022: Should not be able to show group using CA_agentE cert"
+ #Set datetime 2 days ahead
+ rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead"
+ rlRun "date"
+ command="pki -d $CERTDB_DIR -n CA_agentE -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert"
+ rlRun "date --set='2 days ago'" 0 "Set System back to the present day"
+ rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-023: Should not be able to show group using a CA_auditV"
+ command="pki -d $CERTDB_DIR -n CA_auditV -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-024: Should not be able to show group using a CA_operatorV"
+ command="pki -d $CERTDB_DIR -n CA_operatorV -c $CERTDB_DIR_PASSWORD group-show g7"
+ errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.groups, operation: execute"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-025: Should not be able to show group using a cert created from a untrusted CA CA_adminUTCA"
+ command="pki -d /tmp/untrusted_cert_db -n CA_adminUTCA -c Password group-show g7"
+ errmsg="PKIException: Unauthorized"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using CA_adminUTCA"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-ca-026: Should not be able to show group using a user cert"
+ #Create a user cert
+ local TEMP_NSS_DB="$TmpDir/nssdb"
+ local ret_reqstatus
+ local ret_requestid
+ local valid_serialNumber
+ local temp_out="$TmpDir/usercert-show.out"
+ rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \
+ \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \
+ --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset"
+ rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out"
+ rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)"
+ rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out"
+ valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2`
+ rlLog "valid_serialNumber=$valid_serialNumber"
+ #Import user certs to $TEMP_NSS_DB
+ rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded"
+ rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u""
+ local expfile="$TmpDir/expfile_pkiuser1.out"
+ rlLog "Executing: pki -d $TEMP_NSS_DB \
+ -n pkiUser1 \
+ -c Password \
+ group-show g7"
+ echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password group-show g7" > $expfile
+ echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain'
+Import CA certificate (Y/n)? \"" >> $expfile
+ echo "send -- \"Y\r\"" >> $expfile
+ echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile
+ echo "send -- \"\r\"" >> $expfile
+ echo "expect eof" >> $expfile
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-group-show-ca-pkiUser1-002.out 2>&1" 255 "Should not be able to show groups using a user cert"
+ rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-group-show-ca-pkiUser1-002.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-027: group id length exceeds maximum limit defined in the schema"
+ group_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1`
+ command="pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD group-show '$group_length_exceed_max'"
+ errmsg="ClientResponseFailure: ldap can't save, exceeds max length"
+ errorcode=255
+ rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using CA_adminV with group id length exceed maximum defined in ldap schema should fail"
+ rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-028: group id with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-show-ca-001_56.out 2>&1" \
+ 0 \
+ "Adding gid ÖrjanÄke with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show 'ÖrjanÄke'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show 'ÖrjanÄke' > $TmpDir/pki-group-show-ca-001_56_2.out" \
+ 0 \
+ "Show group 'ÖrjanÄke'"
+ rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-group-show-ca-001_56_2.out"
+ rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-show-ca-001_56_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_show-CA-029: groupid with i18n characters"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_57.out 2>&1" \
+ 0 \
+ "Adding group id ÉricTêko with i18n characters"
+ rlLog "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show 'ÉricTêko'"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-show 'ÉricTêko' > $TmpDir/pki-group-show-ca-001_57_2.out" \
+ 0 \
+ "Show group 'ÉricTêko'"
+ rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-show-ca-001_57_2.out"
+ rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-show-ca-001_57_2.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_group_cli_group_cleanup-046: Deleting the temp directory and groups"
+
+ #===Deleting groups created using CA_adminV cert===#
+ i=1
+ while [ $i -lt 8 ] ; do
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del g$i > $TmpDir/pki-group-del-ca-group-00$i.out" \
+ 0 \
+ "Deleted group g$i"
+ rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ca-group-00$i.out"
+ let i=$i+1
+ done
+ #===Deleting groups(symbols) created using CA_adminV cert===#
+ j=1
+ while [ $j -lt 8 ] ; do
+ eval grp=\$group$j
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del $grp > $TmpDir/pki-group-del-ca-group-symbol-00$j.out" \
+ 0 \
+ "Deleted group $grp"
+ rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ca-group-symbol-00$j.out"
+ let j=$j+1
+ done
+
+ #===Deleting i18n groups created using CA_adminV cert===#
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ca-group-i18n_1.out" \
+ 0 \
+ "Deleted group ÖrjanÄke"
+ rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ca-group-i18n_1.out"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ group-del 'ÉricTêko' > $TmpDir/pki-group-del-ca-group-i18n_2.out" \
+ 0 \
+ "Deleted group ÉricTêko"
+ rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ca-group-i18n_2.out"
+
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlPhaseEnd
+}
generated by cgit (git 2.34.1) at 2024-09-28 17:17:46 +0000