diff options
author | Asha Akkiangady <aakkiang@redhat.com> | 2014-09-26 19:26:24 -0400 |
---|---|---|
committer | Asha Akkiangady <aakkiang@redhat.com> | 2014-09-26 19:35:12 -0400 |
commit | 527afdc481105048d38f14689e9e9fa707bebc26 (patch) | |
tree | 59ee7acd400f130ef7ad9ca3f196b523cd31b717 | |
parent | ee33bb2a90a183b9d5552c6ac193e9d8958a3974 (diff) | |
download | pki-527afdc481105048d38f14689e9e9fa707bebc26.tar.gz pki-527afdc481105048d38f14689e9e9fa707bebc26.tar.xz pki-527afdc481105048d38f14689e9e9fa707bebc26.zip |
User cli tests modified with host and port in
the request.
Fixed runtest.sh syntax error.
13 files changed, 568 insertions, 516 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh index f21e39031..9c3f873d2 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh @@ -39,40 +39,39 @@ . /opt/rhqa_pki/env.sh ######################################################################## -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-add-ca.sh ######################################################################## ######################################################################## # Test Suite Globals ######################################################################## run_pki-user-cli-user-add-ca_tests(){ -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi + else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) + fi -SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) -untrusted_cert_db_location=$UNTRUSTED_CERT_DB_LOCATION -untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA rlPhaseStartSetup "pki_user_cli_user_add-ca-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -870,7 +869,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlPhaseEnd ##### Tests to add users using revoked cert##### - rlPhaseStartTest "pki_user_cli_user_add-CA-041: Should not be able to add user using a revoked cert ${prefix}_adminR" + rlPhaseStartTest "pki_user_cli_user_add-CA-041: Should not be able to add user using a revoked cert CA_adminR" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_adminR \ -c $CERTDB_DIR_PASSWORD \ @@ -888,7 +887,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-revoke-adminR-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-CA-042: Should not be able to add user using a agent with revoked cert ${prefix}_agentR" + rlPhaseStartTest "pki_user_cli_user_add-CA-042: Should not be able to add user using a agent with revoked cert CA_agentR" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ @@ -908,7 +907,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD ##### Tests to add users using an agent user##### - rlPhaseStartTest "pki_user_cli_user_add-CA-043: Should not be able to add user using a valid agent ${prefix}_agentV user" + rlPhaseStartTest "pki_user_cli_user_add-CA-043: Should not be able to add user using a valid agent CA_agentV user" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentV \ -c $CERTDB_DIR_PASSWORD \ @@ -926,27 +925,27 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-agentV-002.out" rlPhaseEnd - ##### Tests to add users using ${prefix}_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA ##### - rlPhaseStartTest "pki_user_cli_user_add-CA-044: Should not be able to add user using a ${prefix}_agentUTCA user" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n ${prefix}_agentR \ - -c $CERTDB_DIR_PASSWORD \ + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-CA-044: Should not be able to add user using a CA_agentUTCA user" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n ${prefix}_agentR \ - -c $CERTDB_DIR_PASSWORD \ + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-agentR-002.out 2>&1" \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-agentUTCA-002.out 2>&1" \ 255 \ "Should not be able to add user $user1 using a agent cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-agentR-002.out" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ca-agentUTCA-002.out" rlPhaseEnd ##### Tests to add users using expired cert##### - rlPhaseStartTest "pki_user_cli_user_add-CA-045: Should not be able to add user using admin user with expired cert ${prefix}_adminE" + rlPhaseStartTest "pki_user_cli_user_add-CA-045: Should not be able to add user using admin user with expired cert CA_adminE" #Set datetime 2 days ahead rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" rlRun "date" @@ -970,7 +969,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-CA-046: Should not be able to add user using ${prefix}_agentE cert" + rlPhaseStartTest "pki_user_cli_user_add-CA-046: Should not be able to add user using CA_agentE cert" #Set datetime 2 days ahead rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" rlRun "date" @@ -995,7 +994,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlPhaseEnd ##### Tests to add users using audit users##### - rlPhaseStartTest "pki_user_cli_user_add-CA-047: Should not be able to add user using a ${prefix}_auditV" + rlPhaseStartTest "pki_user_cli_user_add-CA-047: Should not be able to add user using a CA_auditV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ @@ -1010,11 +1009,12 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ca-auditV-002.out 2>&1" \ 255 \ "Should not be able to add user $user1 using a audit cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-auditV-002.out" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ca-auditV-002.out" rlPhaseEnd + ##### Tests to add users using operator user### - rlPhaseStartTest "pki_user_cli_user_add-CA-048: Should not be able to add user using a ${prefix}_operatorV" + rlPhaseStartTest "pki_user_cli_user_add-CA-048: Should not be able to add user using a CA_operatorV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_operatorV \ -c $CERTDB_DIR_PASSWORD \ @@ -1032,14 +1032,14 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-operatorV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-CA-049: Should not be able to add user using a cert created from a untrusted CA ${prefix}_adminUTCA" - rlLog "Executing: pki -d $untrusted_cert_db_location \ - -n ${prefix}_adminUTCA \ - -c $untrusted_cert_db_password \ + rlPhaseStartTest "pki_user_cli_user_add-CA-049: Should not be able to add user using a cert created from a untrusted CA CA_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"$user1fullname\" $user1" - echo "spawn -noecho pki -d $untrusted_cert_db_location -n ${prefix}_adminUTCA -c $untrusted_cert_db_password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1" > $TmpDir/pki-user-add-ca-adminUTCA-002.out + echo "spawn -noecho pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1" > $TmpDir/pki-user-add-ca-adminUTCA-002.out echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$(eval echo \$${prefix}_DOMAIN) Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$(eval echo \$${prefix}_DOMAIN) Security Domain' Import CA certificate (Y/n)? \"" >> $TmpDir/pki-user-add-ca-adminUTCA-002.out echo "send -- \"Y\r\"" >> $TmpDir/pki-user-add-ca-adminUTCA-002.out diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh index 5ae51bdd4..50338e6e5 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh @@ -39,16 +39,9 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-cert-find-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-cert-find-ca.sh ###################################################################################### -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## - run_pki-user-cli-user-cert-add-ca_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 @@ -95,11 +88,17 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add --help > $TmpDir/pki_user_cert_add_cfg.out 2>&1" \ 0 \ "User cert add configuration" - rlAssertGrep "user-cert-add <User ID> --input <file> \[OPTIONS...\]" "$TmpDir/pki_user_cert_add_cfg.out" - rlAssertGrep "--input <file> Input file" "$TmpDir/pki_user_cert_add_cfg.out" - rlAssertGrep "--help Show help options" "$TmpDir/pki_user_cert_add_cfg.out" + rlAssertGrep "usage: user-cert-add <User ID> --input <file> \[OPTIONS...\]" "$TmpDir/pki_user_cert_add_cfg.out" + rlAssertGrep "--input <file> Input file" "$TmpDir/pki_user_cert_add_cfg.out" + rlAssertGrep "--help Show help options" "$TmpDir/pki_user_cert_add_cfg.out" + rlAssertGrep "--serial <serial number> Serial number of certificate in CA" "$TmpDir/pki_user_cert_add_cfg.out" rlLog "FAIL: https://fedorahosted.org/pki/ticket/843" rlPhaseEnd +# pki user-cert-add --help +usage: user-cert-add <User ID> [OPTIONS...] + --help Show help options + --input <file> Input file + --serial <serial number> Serial number of certificate in CA ##### Tests to add certs to CA users #### @@ -508,7 +507,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-007-tier1: Add one cert to a use -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"New User1\" u1" command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $user2" - errmsg="Error: Missing required option: input" + errmsg="Error: Missing input file or serial number" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" rlRun "pki -d $CERTDB_DIR \ @@ -552,7 +551,7 @@ rlPhaseEnd ##### Add one cert to a user - Input file does not exist ##### rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0010: Add one cert to a user should fail when Input file does not exist " command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $user2 --input $TmpDir/tempfile.pem" - errmsg="FileNotFoundException: $TmpDir/tempfile.pem (No such file or directory)" + errmsg="FileNotFoundException: $TmpDir/tempfile.pem does not exist" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" rlPhaseEnd @@ -1290,7 +1289,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0019: Add an Admin user \"admin_ rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10" "$TmpDir/pki_user_cert_add_CA_useraddcert_0019.out" rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_add_CA_useraddcert_0019.out" rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_useraddcert_0019.out" - rlRun "certutil -d $TEMP_NSS_DB -A -n \"CA Signing Certificate - $(eval echo \$${prefix}_DOMAIN) Security Domain\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" rlLog "pki -d $TEMP_NSS_DB/ \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ @@ -1381,19 +1380,6 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0019: Add an Admin user \"admin_ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ca \ user-del admin_user1" - rlRun "pki -d $TEMP_NSS_DB/ \ - -n admin_user1-crmf \ - -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - -c $TEMP_NSS_DB_PASSWD \ - user-del new_test_user2" - - rlRun "pki -d $TEMP_NSS_DB/ \ - -n admin_user1-crmf \ - -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - -c $TEMP_NSS_DB_PASSWD \ - user-del new_test_user1" rlPhaseEnd @@ -1618,12 +1604,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0021: Adding a cert as CA_agentV local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} local decimal_valid_serialNumber_crmf=$(echo "ibase=16;$CONV_UPP_VAL_CRMF"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0021pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentV" command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0021crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentV" rlPhaseEnd @@ -1655,13 +1641,13 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0022: Adding a cert as CA_audito local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} local decimal_valid_serialNumber_crmf=$(echo "ibase=16;$CONV_UPP_VAL_CRMF"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0022pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_auditorV" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" command="pki -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0022crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_auditorV" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" @@ -1697,12 +1683,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0023: Adding a cert as CA_adminE rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0023pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminE" command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0023crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminE" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" @@ -1813,12 +1799,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0026: Adding a cert as CA_agentE rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0026pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentE" command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0026crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentE" @@ -1826,9 +1812,9 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0026: Adding a cert as CA_agentE rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - ##### Adding a cert as CA_adminUTCA ##### + ##### Adding a cert as role_user_UTCA ##### -rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0027: Adding a cert as CA_adminUTCA should fail" +rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0027: Adding a cert as role_user_UTCA should fail" k=27 local userid="new_user7" local userFullname="New User7" @@ -1852,23 +1838,23 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0027: Adding a cert as CA_adminU local STRIP_HEX_CRMF=$(echo $cert_serialNumber_crmf | cut -dx -f2) local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} local decimal_valid_serialNumber_crmf=$(echo "ibase=16;$CONV_UPP_VAL_CRMF"|bc) - command="pki -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as role_user_UTCA" - command="pki -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - ##### Adding a cert as CA_agentUTCA ##### + ##### Adding a cert as role_user_UTCA ##### -rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0028: Adding a cert as CA_agentUTCA should fail" +rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0028: Adding a cert as role_user_UTCA should fail" k=28 local userid="new_user8" local userFullname="New User8" @@ -1892,15 +1878,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0028: Adding a cert as CA_agentU local STRIP_HEX_CRMF=$(echo $cert_serialNumber_crmf | cut -dx -f2) local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} local decimal_valid_serialNumber_crmf=$(echo "ibase=16;$CONV_UPP_VAL_CRMF"|bc) - command="pki -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as role_user_UTCA" - command="pki -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" @@ -1933,12 +1919,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0029: Adding a cert as CA_operat local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} local decimal_valid_serialNumber_crmf=$(echo "ibase=16;$CONV_UPP_VAL_CRMF"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0029pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_operatorV" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0029crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_operatorV" @@ -1971,12 +1957,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0030: Adding a cert as user not local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} local decimal_valid_serialNumber_crmf=$(echo "ibase=16;$CONV_UPP_VAL_CRMF"|bc) command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0030pkcs10.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0030crmf.pem" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" @@ -2085,6 +2071,4 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd - - } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh index 66fabe949..81c348a30 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh @@ -39,15 +39,8 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-cert-delete-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-cert-delete-ca.sh ###################################################################################### - -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## - run_pki-user-cli-user-cert-delete-ca_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 @@ -353,12 +346,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseStartTest "pki_user_cli_user_cert-del-CA-008: Delete certs assigned to a user - as CA_agentV should fail" i=1 command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication usinf cert CA_agentV" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_agentV" rlPhaseEnd @@ -368,12 +361,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseStartTest "pki_user_cli_user_cert-del-CA-009: Delete certs assigned to a user - as CA_auditorV should fail" i=1 command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_auditorV" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_auditorV" @@ -388,12 +381,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_adminE" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_adminE" @@ -409,12 +402,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_agentE" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_agentE" @@ -454,36 +447,36 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd - ##### Delete certs asigned to a user - as CA_adminUTCA ##### + ##### Delete certs asigned to a user - as role_user_UTCA ##### - rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0014: Delete certs assigned to a user - as CA_adminUTCA should fail" + rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0014: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - ##### Delete certs asigned to a user - as CA_agentUTCA ##### + ##### Delete certs asigned to a user - as role_user_UTCA ##### - rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0015: Delete certs assigned to a user - as CA_agentUTCA should fail" + rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0015: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd @@ -492,12 +485,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0016: Delete certs assigned to a user - as CA_operatorV should fail" i=1 command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_operatorV" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert CA_operatorV" @@ -582,12 +575,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0019: Delete certs assigned to u rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0020: Delete certs assigned to a user - using a cert not assigned to any role should fail" i=1 command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n $user1$i-pkcs10 -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authenticating using a cert not assigned to any role" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n $user1$i-crmf -c $CERTDB_DIR_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authenticating using a cert not assigned to any role" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh index 90ca40162..c621b3b1b 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh @@ -39,15 +39,9 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-cert-find-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-cert-find-ca.sh ###################################################################################### -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## - run_pki-user-cli-user-cert-find-ca_tests(){ subsystemId=$1 @@ -886,7 +880,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-022: Find certs assigned to use rlPhaseStartTest "pki_user_cli_user_cert-find-CA-023: Find the certs of a user as CA_agentV should fail" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-find $user2" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid agent user" rlPhaseEnd @@ -894,7 +888,7 @@ rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-find-CA-024: Find the certs of a user as CA_auditorV should fail" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-find $user2" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" @@ -906,7 +900,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-025: Find the certs of a user a rlRun "date" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-find $user2" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with expired cert" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" @@ -918,7 +912,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-026: Find the certs of a user a rlRun "date" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-find $user2" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with expired cert" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" @@ -938,32 +932,32 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-028: Find the certs of a user a rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" rlPhaseEnd -rlPhaseStartTest "pki_user_cli_user_cert-find-CA-029: Find the certs of a user as CA_adminUTCA should fail" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD user-cert-find $user2" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" +rlPhaseStartTest "pki_user_cli_user_cert-find-CA-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd -rlPhaseStartTest "pki_user_cli_user_cert-find-CA-030: Find the certs of a user as CA_agentUTCA should fail" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD user-cert-find $user2" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" +rlPhaseStartTest "pki_user_cli_user_cert-find-CA-030: Find the certs of a user as role_user_UTCA should fail" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-find-CA-031: Find the certs of a user as CA_operatorV should fail" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-find $user2" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as CA_operatorV" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-find-CA-032: Find the certs of a user as a user not associated with any role, should fail" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD user-cert-find $user2" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" @@ -1005,5 +999,4 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" #rlRun "popd" #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd - } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh index 06e4ff91d..8581ad9a2 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh @@ -39,15 +39,9 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-cert-show-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-cert-show-ca.sh ###################################################################################### -######################################################################## -# Test Suite Globals -######################################################################## - -######################################################################## - run_pki-user-cli-user-cert-show-ca_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 @@ -92,7 +86,7 @@ testname="pki_user_cert_show" ##### pki_user_cli_user_cert_show_ca-configtest #### rlPhaseStartTest "pki_user_cli_user_cert-show-configtest-001: pki user-cert-show configuration test" - rlRun "pki user-cert-show --help > $TmpDir/pki_user_cert_show_cfg.out 2>&1" \ + rlRun "pki -h $SUBSYSTEM_HOST user-cert-show --help > $TmpDir/pki_user_cert_show_cfg.out 2>&1" \ 0 \ "User cert show configuration" rlAssertGrep "usage: user-cert-show <User ID> <Cert ID> \[OPTIONS...\]" "$TmpDir/pki_user_cert_show_cfg.out" @@ -112,15 +106,17 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-add --fullName=\"$user2fullname\" $user2" cert_type="pkcs10" - rlRun "generate_user_cert $cert_info $k \"$user2\" \"$user2fullname\" $user2@example.org $testname $cert_type" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$user2\" \"$user2fullname\" $user2@example.org $testname $cert_type $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) $prefix" 0 "Generating temp cert" cert_serialNumber_pkcs10=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber_pkcs10 | cut -dx -f2) CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} decimal_valid_serialNumber_pkcs10=$(echo "ibase=16;$CONV_UPP_VAL_PKCS10"|bc) cert_type="crmf" - rlRun "generate_user_cert $cert_info $k \"$user2\" \"$user2fullname\" $user2@example.org $testname $cert_type" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$user2\" \"$user2fullname\" $user2@example.org $testname $cert_type $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) $prefix" 0 "Generating temp cert" cert_serialNumber_crmf=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_CRMF=$(echo $cert_serialNumber_crmf | cut -dx -f2) CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} @@ -129,6 +125,8 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ user-cert-add $user2 --input $TmpDir/pki_user_cert_show-CA_validcert_002pkcs10.pem > $TmpDir/pki_user_cert_show_CA_useraddcert_002.out" \ 0 \ @@ -136,26 +134,32 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" > $TmpDir/pki_user_cert_show_CA_usershowcert_002.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" > $TmpDir/pki_user_cert_show_CA_usershowcert_002.out" \ 0 \ "Show cert assigned to $user2" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_002.out" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ user-cert-add $user2 --input $TmpDir/pki_user_cert_show-CA_validcert_002crmf.pem > $TmpDir/pki_user_cert_show_CA_useraddcert_002crmf.out" \ 0 \ @@ -163,21 +167,25 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" > $TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" > $TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" \ 0 \ "Show cert assigned to $user2" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" rlAssertGrep "Serial Number: $cert_serialNumber_crmf" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_002crmf.out" rlPhaseEnd @@ -186,12 +194,12 @@ testname="pki_user_cert_show" rlPhaseStartTest "pki_user_cli_user_cert-show-CA-003: pki user-cert-show should fail if an invalid Cert ID is provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '3;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '3;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '3;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '3;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" @@ -201,12 +209,12 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - User does not exist ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-004: pki user-cert-show should fail if a non-existing User ID is provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show testuser4 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show testuser4 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="UserNotFoundException: User testuser4 not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing user is provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show testuser4 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show testuser4 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="UserNotFoundException: User testuser4 not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing user is provided" @@ -218,13 +226,15 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-add --fullName=\"$user1fullname\" $user1" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user1" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a Cert ID and User ID mismatch" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user1" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a Cert ID and User ID mismatch" @@ -233,7 +243,7 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-006-tier1: pki user-cert-show should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;50;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=u16,E=u16@example.org,CN=New User1,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;50;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=u16,E=u16@example.org,CN=New User1,OU=Engineering,O=Example,C=US'" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" @@ -247,14 +257,18 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-add --fullName=\"New User1\" u16" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show u16" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show u16" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-del u16" rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" rlPhaseEnd @@ -265,20 +279,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded > $TmpDir/pki_user_cert_show_CA_usershowcert_008.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded > $TmpDir/pki_user_cert_show_CA_usershowcert_008.out" \ 0 \ "Show cert assigned to user - --encoded option" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_008.out" rlLog "$(cat $TmpDir/pki_user_cert_show_CA_usershowcert_008.out | grep Subject | awk -F":" '{print $2}')" @@ -288,20 +306,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded > $TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded > $TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" \ 0 \ "Show cert assigned to user - --encoded option" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" rlAssertGrep "Serial Number: $cert_serialNumber_crmf" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out" rlLog "$(cat $TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" @@ -312,12 +334,12 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - --encoded option - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-009: pki user-cert-show should fail if User ID is not provided with --encoded option" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --encoded" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --encoded" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" @@ -328,7 +350,7 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0010: pki user-cert-show should fail if Cert ID is not provided with --encoded option" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" @@ -342,59 +364,67 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output.out" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output.out" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output.out > $TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output.out > $TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" \ 0 \ "Show cert assigned to user - --output <file> option" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output.out" rlRun "openssl x509 -in $TmpDir/pki_user_cert_show_CA_usercertshow_output.out -noout -serial 1> $TmpDir/temp_out-openssl" 0 "Run openssl to verify PEM output" rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out > $TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --output $TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out > $TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" \ 0 \ "Show cert assigned to user - --output <file> option" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out" rlRun "openssl x509 -in $TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" rlAssertGrep "Serial Number: $cert_serialNumber_crmf" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" rlPhaseEnd ##### Show certs asigned to a user - --output <file> option - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0012: pki user-cert-show should fail if User ID is not provided with --output <file> option" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output $TmpDir/user_cert_show_output0012" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output $TmpDir/user_cert_show_output0012" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output $TmpDir/user_cert_show_output0012" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output $TmpDir/user_cert_show_output0012" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" @@ -405,7 +435,7 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - --output <file> option - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0013: pki user-cert-show should fail if Cert ID is not provided with --output <file> option" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 --output $TmpDir/user_cert_show_output0013" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 --output $TmpDir/user_cert_show_output0013" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" @@ -416,12 +446,12 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - --output <file> option - Directory does not exist ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0014: pki user-cert-show should fail if --output <file> directory does not exist" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output /tmp/tmpDir/user_cert_show_output0014" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output /tmp/tmpDir/user_cert_show_output0014" errmsg="FileNotFoundException: /tmp/tmpDir/user_cert_show_output0014 (No such file or directory)" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when output file does not exist" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output /tmp/tmpDir/user_cert_show_output0014" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output /tmp/tmpDir/user_cert_show_output0014" errmsg="FileNotFoundException: /tmp/tmpDir/user_cert_show_output0014 (No such file or directory)" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when output file does not exist" @@ -431,7 +461,7 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - --output <file> option - without <file> argument ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0015: pki user-cert-show should fail if --output option file argument is not provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --output" errmsg="Error: Missing argument for option: output" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when output option does not have an argument" @@ -443,20 +473,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty > $TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty > $TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" \ 0 \ "Show cert assigned to user - --pretty option" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" rlAssertGrep "Validity" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016.out" @@ -467,20 +501,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty > $TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --pretty > $TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" \ 0 \ "Show cert assigned to user - --pretty option" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" rlAssertGrep "Serial Number: $cert_serialNumber_crmf" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" rlAssertGrep "Validity" "$TmpDir/pki_user_cert_show_CA_usershowcert_0016crmf.out" @@ -493,12 +531,12 @@ testname="pki_user_cert_show" rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0017: pki user-cert-show should fail if User ID is not provided with --pretty option" rlLog "$user2" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --pretty" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --pretty" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" @@ -509,7 +547,7 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - --pretty option - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0018: pki user-cert-show should fail if Cert ID is not provided with --pretty option" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 --pretty" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user1 --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" @@ -526,15 +564,17 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-add --fullName=\"$newuserfullname\" $newuserid" cert_type="pkcs10" - rlRun "generate_user_cert $cert_info $k \"$newuserid\" \"$newuserfullname\" $newuserid@example.org $testname $cert_type" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$newuserid\" \"$newuserfullname\" $newuserid@example.org $testname $cert_type $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) $prefix" 0 "Generating temp cert" cert_serialNumber_pkcs10_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10_new=$(echo $cert_serialNumber_pkcs10_new | cut -dx -f2) CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} decimal_valid_serialNumber_pkcs10_new=$(echo "ibase=16;$CONV_UPP_VAL_PKCS10_new"|bc) cert_type="crmf" - rlRun "generate_user_cert $cert_info $k \"$newuserid\" \"$newuserfullname\" $newuserid@example.org $testname $cert_type" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$newuserid\" \"$newuserfullname\" $newuserid@example.org $testname $cert_type $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) $prefix" 0 "Generating temp cert" cert_serialNumber_crmf_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_CRMF_new=$(echo $cert_serialNumber_crmf_new | cut -dx -f2) CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} @@ -543,6 +583,8 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ user-cert-add $newuserid --input $TmpDir/pki_user_cert_show-CA_validcert_0019pkcs10.pem > $TmpDir/pki_user_cert_show_CA_useraddcert_0019.out" \ 0 \ @@ -550,20 +592,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $newuserid \"2;$decimal_valid_serialNumber_pkcs10_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019" + user-cert-show $newuserid \"2;$decimal_valid_serialNumber_pkcs10_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $newuserid \"2;$decimal_valid_serialNumber_pkcs10_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019 > $TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" \ + user-cert-show $newuserid \"2;$decimal_valid_serialNumber_pkcs10_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019 > $TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" \ 0 \ "Show cert assigned to user - --pretty, --output and --encoded options" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10_new" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" rlAssertGrep "Validity" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019.out" @@ -580,6 +626,8 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ user-cert-add $newuserid --input $TmpDir/pki_user_cert_show-CA_validcert_0019crmf.pem > $TmpDir/pki_user_cert_show_CA_useraddcert_0019crmf.out" \ 0 \ @@ -588,20 +636,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $newuserid \"2;$decimal_valid_serialNumber_crmf_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019crmf" + user-cert-show $newuserid \"2;$decimal_valid_serialNumber_crmf_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019crmf" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $newuserid \"2;$decimal_valid_serialNumber_crmf_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019crmf > $TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" \ + user-cert-show $newuserid \"2;$decimal_valid_serialNumber_crmf_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\" --encoded --pretty --output $TmpDir/user_cert_show_output0019crmf > $TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" \ 0 \ "Show cert assigned to user - --pretty, --output and --encoded options" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf_new;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf_new;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" rlAssertGrep "Serial Number: $cert_serialNumber_crmf_new" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" rlAssertGrep "Validity" "$TmpDir/pki_user_cert_show_CA_usershowcert_0019crmf.out" @@ -617,6 +669,8 @@ testname="pki_user_cert_show" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-del $newuserid" rlPhaseEnd @@ -624,13 +678,13 @@ testname="pki_user_cert_show" rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0020: Show certs assigned to a user - as CA_agentV should fail" rlLog "$user2" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentV" - command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentV" rlPhaseEnd @@ -638,12 +692,12 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - as CA_auditorV ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0021: Show certs assigned to a user - as CA_auditorV should fail" - command="pki -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_auditorV" - command="pki -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_auditorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_auditorV" @@ -657,13 +711,13 @@ testname="pki_user_cert_show" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_adminE" - command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_adminE" @@ -675,12 +729,12 @@ testname="pki_user_cert_show" rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0023: pki user-cert-show should fail if an incomplete Cert ID is provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an incomplete Cert ID is provided" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an incomplete Cert ID is provided" @@ -694,13 +748,13 @@ testname="pki_user_cert_show" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentE" - command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentE" @@ -711,12 +765,12 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - as CA_adminR ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0025: Show certs assigned to a user - as CA_adminR should fail" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_adminR" - command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_adminR" @@ -726,46 +780,46 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - as CA_agentR ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0026: Show certs assigned to a user - as CA_agentR should fail" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentR" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentR" rlPhaseEnd - ##### Show certs asigned to a user - as CA_adminUTCA ##### + ##### Show certs asigned to a user - as role_user_UTCA ##### - rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0027: Show certs assigned to a user - as CA_adminUTCA should fail" - command="pki -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0027: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" - command="pki -d $CERTDB_DIR -n ${prefix}_adminUTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - ##### Show certs asigned to a user - as CA_agentUTCA ##### + ##### Show certs asigned to a user - as role_user_UTCA ##### - rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0028: Show certs assigned to a user - as CA_agentUTCA should fail" - command="pki -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0028: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" - command="pki -d $CERTDB_DIR -n ${prefix}_agentUTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n role_user_UTCA -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_agentUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd @@ -773,13 +827,13 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - as CA_operatorV ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0029: Show certs assigned to a user - as CA_operatorV should fail" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_operatorV" - command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as CA_operatorV" @@ -791,20 +845,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030 > $TmpDir/pki_user_cert_show_CA_usershowcert_0030.out 2>&1" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030 > $TmpDir/pki_user_cert_show_CA_usershowcert_0030.out 2>&1" \ 0 \ "Show cert assigned to user - --output and --encoded options" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" rlAssertGrep "Serial Number: $cert_serialNumber_pkcs10" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030.out" @@ -816,20 +874,24 @@ testname="pki_user_cert_show" rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030crmf" + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030crmf" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030crmf > $TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" \ + user-cert-show $user2 \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\" --encoded --output $TmpDir/user_cert_show_output0030crmf > $TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" \ 0 \ "Show cert assigned to user - --output and --encoded options" - rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" + rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" rlAssertGrep "Serial Number: $cert_serialNumber_crmf" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usershowcert_0030crmf.out" @@ -843,13 +905,13 @@ testname="pki_user_cert_show" ##### Show certs asigned to a user - as a user not associated with any role##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0031: Show certs assigned to a user - as as a user not associated with any role, should fail" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as $user1" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as $user1" @@ -860,7 +922,7 @@ testname="pki_user_cert_show" rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0032: Show certs assigned to a user - switch position of the required options" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' $user2" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD user-cert-show '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US' $user2" errmsg="User Not Found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when options are switched position" @@ -873,7 +935,7 @@ testname="pki_user_cert_show" rlPhaseStartTest "pki_user_cli_user_cert-show-CA-033: Show certs assigned to user - Subject name has i18n Characters" k=33 cert_type="pkcs10" - rlRun "generate_user_cert $cert_info $k \"Örjan Äke\" \"Örjan Äke\" "test@example.org" $testname $cert_type" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"Örjan Äke\" \"Örjan Äke\" "test@example.org" $testname $cert_type $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) $prefix" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -881,27 +943,33 @@ rlPhaseStartTest "pki_user_cli_user_cert-show-CA-033: Show certs assigned to use rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ user-cert-add $user1 --input $TmpDir/pki_user_cert_show-CA_validcert_0033pkcs10.pem > $TmpDir/pki_user_cert_show_CA_useraddcert_0033.out" \ 0 \ "Cert is added to the user $user1" - rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_useraddcert_0033.out" + rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_useraddcert_0033.out" rlLog "Executing: pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user1 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\"" + user-cert-show $user1 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ -t ca \ - user-cert-show $user1 \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\" > $TmpDir/pki_user_cert_show_ca_0033.out" \ + user-cert-show $user1 \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\" > $TmpDir/pki_user_cert_show_ca_0033.out" \ 0 \ "Show certs assigned to $user1 with i18n chars" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_ca_0033.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_ca_0033.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_ca_0033.out" rlAssertGrep "Serial Number: $cert_serialNumber" "$TmpDir/pki_user_cert_show_ca_0033.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=${prefix}_DOMAIN Security Domain" "$TmpDir/pki_user_cert_show_ca_0033.out" + rlAssertGrep "Issuer: $(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_user_cert_show_ca_0033.out" rlAssertGrep "Subject: UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_ca_0033.out" @@ -917,6 +985,8 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ user-del $usr > $TmpDir/pki-user-del-ca-user-symbol-00$j.out" \ 0 \ "Deleted user $usr" @@ -928,5 +998,4 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd - } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh index f5d14106a..8745aa39c 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh @@ -39,9 +39,6 @@ . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh - -######################################################################## -# Test Suite Globals ######################################################################## run_pki-user-cli-user-del-ca_tests(){ @@ -393,7 +390,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-010: Should not be able to delete user using a revoked cert ${prefix}_adminR" + rlPhaseStartTest "pki_user_cli_user_del-CA-010: Should not be able to delete user using a revoked cert ROOTCA_adminR" #Add a user rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ @@ -427,7 +424,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-011: Should not be able to delete user using a agent with revoked cert ${prefix}_agentR" + rlPhaseStartTest "pki_user_cli_user_del-CA-011: Should not be able to delete user using a agent with revoked cert ROOTCA_agentR" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ @@ -452,7 +449,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-012: Should not be able to delete user using a valid agent ${prefix}_agentV user" + rlPhaseStartTest "pki_user_cli_user_del-CA-012: Should not be able to delete user using a valid agent ROOTCA_agentV user" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentV \ -c $CERTDB_DIR_PASSWORD \ @@ -460,7 +457,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-del u23" command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-del u23" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a valid agent cert" #Make sure user is not deleted @@ -477,7 +474,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-003.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-013: Should not be able to delete user using a admin user with expired cert ${prefix}_adminE" + rlPhaseStartTest "pki_user_cli_user_del-CA-013: Should not be able to delete user using a admin user with expired cert ROOTCA_adminE" #Set datetime 2 days ahead rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" rlRun "date" @@ -508,7 +505,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-014: Should not be able to delete a user using ${prefix}_agentE cert" + rlPhaseStartTest "pki_user_cli_user_del-CA-014: Should not be able to delete a user using ROOTCA_agentE cert" rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" rlRun "date" rlLog "Executing: pki -d $CERTDB_DIR \ @@ -538,7 +535,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-005.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-015: Should not be able to delete user using a ${prefix}_auditV" + rlPhaseStartTest "pki_user_cli_user_del-CA-015: Should not be able to delete user using a ROOTCA_auditV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ @@ -546,7 +543,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-del u23" command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-del u23" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a audit cert" #Make sure user is not deleted @@ -563,7 +560,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-006.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-016: Should not be able to delete user using a ${prefix}_operatorV" + rlPhaseStartTest "pki_user_cli_user_del-CA-016: Should not be able to delete user using a ROOTCA_operatorV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_operatorV \ -c $CERTDB_DIR_PASSWORD \ @@ -571,7 +568,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-del u23" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-del u23" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a operator cert" #Make sure user is not deleted @@ -588,12 +585,12 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-007.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-CA-017: Should not be able to delete user using a cert created from a untrusted CA ${prefix}_adminUTCA" + rlPhaseStartTest "pki_user_cli_user_del-CA-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" rlLog "Executing: pki -d $untrusted_cert_db_location \ - -n ${prefix}_adminUTCA \ + -n role_user_UTCA \ -c $untrusted_cert_db_password \ user-del u23" - command="pki -d $untrusted_cert_db_location -n ${prefix}_adminUTCA -c $untrusted_cert_db_password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-del u23" + command="pki -d $untrusted_cert_db_location -n role_user_UTCA -c $untrusted_cert_db_password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-del u23" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a untrusted cert" @@ -662,7 +659,7 @@ Import CA certificate (Y/n)? \"" >> $expfile "Show user u23" rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-009.out" rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-009.out" - rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-009.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ca-009.out" #Cleanup:delete user u23 rlRun "pki -d $CERTDB_DIR \ @@ -759,7 +756,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user 'ÉricTêko' should not exist" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-${prefix}_cleanup-004: Deleting the temp directory" + rlPhaseStartTest "pki_user_cli_user_del-ROOTCA_cleanup-004: Deleting the temp directory" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh index f9c6e09ca..a70c5a16d 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh @@ -442,7 +442,7 @@ user7=0 rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ca-0014.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-021: Should not be able to find user using a revoked cert ${prefix}_adminR" + rlPhaseStartTest "pki_user_cli_user_find-ca-021: Should not be able to find user using a revoked cert ROOTCA_adminR" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_adminR \ -c $CERTDB_DIR_PASSWORD \ @@ -460,7 +460,7 @@ user7=0 rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-revoke-adminR-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-022: Should not be able to find users using an agent with revoked cert ${prefix}_agentR" + rlPhaseStartTest "pki_user_cli_user_find-ca-022: Should not be able to find users using an agent with revoked cert ROOTCA_agentR" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ @@ -478,7 +478,7 @@ user7=0 rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-revoke-agentR-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-023: Should not be able to find users using a valid agent ${prefix}_agentV user" + rlPhaseStartTest "pki_user_cli_user_find-ca-023: Should not be able to find users using a valid agent ROOTCA_agentV user" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentV \ -c $CERTDB_DIR_PASSWORD \ @@ -496,7 +496,7 @@ user7=0 rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ca-agentV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-024: Should not be able to find users using a ${prefix}_agentR user" + rlPhaseStartTest "pki_user_cli_user_find-ca-024: Should not be able to find users using a ROOTCA_agentR user" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ @@ -514,7 +514,7 @@ user7=0 rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-agentR-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-025: Should not be able to find users using admin user with expired cert ${prefix}_adminE" + rlPhaseStartTest "pki_user_cli_user_find-ca-025: Should not be able to find users using admin user with expired cert ROOTCA_adminE" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" @@ -538,7 +538,7 @@ user7=0 rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-026: Should not be able to find users using ${prefix}_agentE cert" + rlPhaseStartTest "pki_user_cli_user_find-ca-026: Should not be able to find users using ROOTCA_agentE cert" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" @@ -562,7 +562,7 @@ user7=0 rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-027: Should not be able to find users using a ${prefix}_auditV" + rlPhaseStartTest "pki_user_cli_user_find-ca-027: Should not be able to find users using a ROOTCA_auditV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ @@ -580,7 +580,7 @@ user7=0 rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ca-auditV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-028: Should not be able to find users using a ${prefix}_operatorV" + rlPhaseStartTest "pki_user_cli_user_find-ca-028: Should not be able to find users using a ROOTCA_operatorV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_operatorV \ -c $CERTDB_DIR_PASSWORD \ @@ -598,22 +598,22 @@ user7=0 rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ca-operatorV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ca-029: Should not be able to find user using a cert created from a untrusted CA ${prefix}_adminUTCA" + rlPhaseStartTest "pki_user_cli_user_find-ca-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" rlLog "Executing: pki -d $untrusted_cert_db_location \ - -n ${prefix}_adminUTCA \ + -n role_user_UTCA \ -c $untrusted_cert_db_password \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-find --start=1 --size=5" rlRun "pki -d $untrusted_cert_db_location \ - -n ${prefix}_adminUTCA \ + -n role_user_UTCA \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -c $untrusted_cert_db_password \ - user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-adminUTCA-002.out 2>&1" \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ca-role_user_UTCA-002.out 2>&1" \ 255 \ "Should not be able to find users using a untrusted cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-adminUTCA-002.out" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ca-role_user_UTCA-002.out" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_find-ca-030: Should not be able to find user using a user cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh index 04890c2dd..bf3e90bf5 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh @@ -427,7 +427,7 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-add-CA-015: Should not be able to user-membership-add using CA_auditV cert" command="pki -d $CERTDB_DIR -n ${prefix}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD user-membership-add testuser1 \"Administrators\"" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_auditV cert" rlPhaseEnd @@ -435,17 +435,17 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-add-CA-016: Should not be able to user-membership-add using CA_operatorV cert" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-add testuser1 \"Administrators\"" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_operatorV cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-add-CA-017: Should not be able to user-membership-add using CA_adminUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n ${prefix}_adminUTCA -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-add testuser1 \"Administrators\"" + rlPhaseStartTest "pki_user_cli_user_membership-add-CA-017: Should not be able to user-membership-add using role_user_UTCA cert" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-add testuser1 \"Administrators\"" rlLog "Executing $command" errmsg="PKIException: Unauthorized" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using CA_adminUTCA cert" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_membership-add-CA-018: Should not be able to user-membership-add using CA_agentUTCA cert" @@ -543,7 +543,7 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group local expfile="$TmpDir/expfile_testuser1.out" echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile - echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo $${prefix}_DOMAIN) indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' Import CA certificate (Y/n)? \"" >> $expfile echo "send -- \"Y\r\"" >> $expfile echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile @@ -552,7 +552,7 @@ Import CA certificate (Y/n)? \"" >> $expfile echo "catch wait result" >> $expfile echo "exit [lindex \$result 3]" >> $expfile rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ca-testuser1-002.out" 255 "Should not be able to add users using a non Administrator user" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ca-testuser1-002.out" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ca-testuser1-002.out" #Add testuser1 to Administrators group rlRun "pki -d $CERTDB_DIR \ @@ -616,7 +616,7 @@ Import CA certificate (Y/n)? \"" >> $expfile --action approve" command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -c Password -n \"testuser1\" ca-cert-request-review $ret_requestid --action approve" rlLog "Executing: $command" - errmsg="Authorization failed on resource: certServer.ca.certrequests, operation: execute" + errmsg="Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Approve Certificate request using testuser1" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh index 85dc53b90..0e15d184e 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh @@ -331,7 +331,7 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-del-CA-010: Should not be able to user-membership-del using a valid agent CA_agentV user" command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert CA_agentV" rlPhaseEnd @@ -363,7 +363,7 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-del-CA-013: Should not be able to user-membership-del using CA_auditV cert" command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_auditV cert" rlPhaseEnd @@ -371,25 +371,25 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-del-CA-014: Should not be able to user-membership-del using CA_operatorV cert" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_operatorV cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-015: Should not be able to user-membership-del using CA_adminUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n ${prefix}_adminUTCA -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-015: Should not be able to user-membership-del using role_user_UTCA cert" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" rlLog "Executing $command" errmsg="PKIException: Unauthorized" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_adminUTCA cert" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-016: Should not be able to user-membership-del using CA_agentUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n ${prefix}_agentUTCA -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" + rlPhaseStartTest "pki_user_cli_user_membership-del-CA-016: Should not be able to user-membership-del using role_user_UTCA cert" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership-del user2 \"Administrators\"" rlLog "Executing $command" errmsg="PKIException: Unauthorized" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using CA_agentUTCA cert" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd @@ -702,7 +702,7 @@ Import CA certificate (Y/n)? \"" >> $expfile #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group command="pki -d $TEMP_NSS_DB -n testuser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u212" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" rlPhaseEnd @@ -757,7 +757,7 @@ Import CA certificate (Y/n)? \"" >> $expfile --action approve" command="pki -d $TEMP_NSS_DB -c Password -n \"testuser1\" -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid --action approve" rlLog "Executing: $command" - errmsg="Authorization failed on resource: certServer.ca.certrequests, operation: execute" + errmsg="Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Approve Certificate request using testuser1" rlPhaseEnd diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh index c7bd09224..1cb61a5e6 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh @@ -523,7 +523,7 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-find-CA-024: Should not be able to user-membership-find using a valid agent CA_agentV user" command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST user-membership-find userall --start=0 --size=5" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent CA_agentV user cert" rlPhaseEnd @@ -555,7 +555,7 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-find-CA-027: Should not be able to user-membership-find using CA_auditV cert" command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST user-membership-find userall --start=0 --size=5" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor CA_auditV user cert" rlPhaseEnd @@ -563,25 +563,25 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) rlPhaseStartTest "pki_user_cli_user_membership-find-CA-028: Should not be able to user-membership-find using CA_operatorV cert" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST user-membership-find userall --start=0 --size=5" rlLog "Executing $command" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator CA_operatorV user cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-029: Should not be able to user-membership-find using CA_adminUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n ${prefix}_adminUTCA -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c Password user-membership-find userall --start=0 --size=5" + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-029: Should not be able to user-membership-find using role_user_UTCA cert" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c Password user-membership-find userall --start=0 --size=5" rlLog "Executing $command" errmsg="PKIException: Unauthorized" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted CA_adminUTCA user cert" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-030: Should not be able to user-membership-find using CA_agentUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n ${prefix}_agentUTCA -c Password -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST user-membership-find userall --start=0 --size=5" + rlPhaseStartTest "pki_user_cli_user_membership-find-CA-030: Should not be able to user-membership-find using role_user_UTCA cert" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST user-membership-find userall --start=0 --size=5" rlLog "Executing $command" errmsg="PKIException: Unauthorized" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted CA_agentUTCA user cert" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh index 2f9ce3762..00d68e94d 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh @@ -39,7 +39,7 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-add-ca.sh #pki-user-cli-user-add-ca.sh should be first executed prior to pki-user-cli-user-mod-ca.sh ###################################################################################### @@ -117,7 +117,7 @@ i18nuser_mod_email="kakskümmend@example.com" ##### Tests to modify CA users #### - rlPhaseStartTest "pki_user_cli_user_mod-CA-002: Modify a user's fullname in CA using ${prefix}_adminV" + rlPhaseStartTest "pki_user_cli_user_mod-CA-002: Modify a user's fullname in CA using ROOTCA_adminV" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -143,7 +143,7 @@ i18nuser_mod_email="kakskümmend@example.com" rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-user-mod-ca-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-003: Modify a user's email,phone,state,password in CA using ${prefix}_adminV" + rlPhaseStartTest "pki_user_cli_user_mod-CA-003: Modify a user's email,phone,state,password in CA using ROOTCA_adminV" rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -734,13 +734,13 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-026: Modify user with --password " rlPhaseEnd ##### Tests to modify users using revoked cert##### - rlPhaseStartTest "pki_user_cli_user_mod-CA-027: Should not be able to modify user using a revoked cert ${prefix}_adminR" + rlPhaseStartTest "pki_user_cli_user_mod-CA-027: Should not be able to modify user using a revoked cert ROOTCA_adminR" command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-028: Should not be able to modify user using an agent or a revoked cert ${prefix}_agentR" + rlPhaseStartTest "pki_user_cli_user_mod-CA-028: Should not be able to modify user using an agent or a revoked cert ROOTCA_agentR" command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 @@ -748,14 +748,14 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-026: Modify user with --password " rlPhaseEnd ##### Tests to modify users using an agent user##### - rlPhaseStartTest "pki_user_cli_user_mod-CA-029: Should not be able to modify user using a ${prefix}_agentV user" + rlPhaseStartTest "pki_user_cli_user_mod-CA-029: Should not be able to modify user using a ROOTCA_agentV user" command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-030: Should not be able to modify user using a ${prefix}_agentR user" + rlPhaseStartTest "pki_user_cli_user_mod-CA-030: Should not be able to modify user using a ROOTCA_agentR user" command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 @@ -763,7 +763,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-026: Modify user with --password " rlPhaseEnd ##### Tests to modify users using expired cert##### - rlPhaseStartTest "pki_user_cli_user_mod-CA-031: Should not be able to modify user using a ${prefix}_adminE cert" + rlPhaseStartTest "pki_user_cli_user_mod-CA-031: Should not be able to modify user using a ROOTCA_adminE cert" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" @@ -775,7 +775,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-026: Modify user with --password " rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-032: Should not be able to modify user using a ${prefix}_agentE cert" + rlPhaseStartTest "pki_user_cli_user_mod-CA-032: Should not be able to modify user using a ROOTCA_agentE cert" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" @@ -788,27 +788,27 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-026: Modify user with --password " rlPhaseEnd ##### Tests to modify users using audit users##### - rlPhaseStartTest "pki_user_cli_user_mod-CA-033: Should not be able to modify user using a ${prefix}_auditV" + rlPhaseStartTest "pki_user_cli_user_mod-CA-033: Should not be able to modify user using a ROOTCA_auditV" command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" rlPhaseEnd ##### Tests to modify users using operator user### - rlPhaseStartTest "pki_user_cli_user_mod-CA-034: Should not be able to modify user using a ${prefix}_operatorV" + rlPhaseStartTest "pki_user_cli_user_mod-CA-034: Should not be able to modify user using a ROOTCA_operatorV" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" - errmsg="ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" + errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as ${prefix}_operatorV" rlPhaseEnd -##### Tests to modify users using ${prefix}_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users##### - rlPhaseStartTest "pki_user_cli_user_mod-CA-035: Should not be able to modify user using a cert created from a untrusted CA ${prefix}_adminUTCA" - command="pki -d $untrusted_cert_db_location -n ${prefix}_adminUTCA -c $untrusted_cert_db_password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_user_cli_user_mod-CA-035: Should not be able to modify user using a cert created from a untrusted CA ROOTCA_adminUTCA" + command="pki -d $untrusted_cert_db_location -n role_user_UTCA -c $untrusted_cert_db_password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as adminUTCA" + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does not exist" @@ -820,7 +820,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n ##### Tests to modify CA users with empty parameters #### - rlPhaseStartTest "pki_user_cli_user_mod-CA-037: Modify a user in CA using ${prefix}_adminV - fullname is empty" + rlPhaseStartTest "pki_user_cli_user_mod-CA-037: Modify a user in CA using ROOTCA_adminV - fullname is empty" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -840,7 +840,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-038: Modify a user in CA using ${prefix}_adminV - email is empty" + rlPhaseStartTest "pki_user_cli_user_mod-CA-038: Modify a user in CA using ROOTCA_adminV - email is empty" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -874,7 +874,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n rlAssertGrep "State: $state" "$TmpDir/pki-user-mod-ca-038_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-039: Modify a user in CA using ${prefix}_adminV - phone is empty" + rlPhaseStartTest "pki_user_cli_user_mod-CA-039: Modify a user in CA using ROOTCA_adminV - phone is empty" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -890,10 +890,10 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n errmsg="BadRequestException: Invalid DN syntax." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --phone is empty" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_mod-CA-040: Modify a user in CA using ${prefix}_adminV - state is empty" + rlPhaseStartTest "pki_user_cli_user_mod-CA-040: Modify a user in CA using ROOTCA_adminV - state is empty" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -908,12 +908,12 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n errmsg="BadRequestException: Invalid DN syntax." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify User --state is empty" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" rlPhaseEnd ##### Tests to modify CA users with the same value #### - rlPhaseStartTest "pki_user_cli_user_mod-CA-041: Modify a user in CA using ${prefix}_adminV - fullname same old value" + rlPhaseStartTest "pki_user_cli_user_mod-CA-041: Modify a user in CA using ROOTCA_adminV - fullname same old value" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -944,7 +944,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n ##### Tests to modify CA users adding values to params which were previously empty #### - rlPhaseStartTest "pki_user_cli_user_mod-CA-042: Modify a user in CA using ${prefix}_adminV - adding values to params which were previously empty" + rlPhaseStartTest "pki_user_cli_user_mod-CA-042: Modify a user in CA using ROOTCA_adminV - adding values to params which were previously empty" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -977,7 +977,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n ##### Tests to modify CA users having i18n chars in the fullname #### -rlPhaseStartTest "pki_user_cli_user_mod-CA-043: Modify a user's fullname having i18n chars in CA using ${prefix}_adminV" +rlPhaseStartTest "pki_user_cli_user_mod-CA-043: Modify a user's fullname having i18n chars in CA using ROOTCA_adminV" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -1005,7 +1005,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-043: Modify a user's fullname having ##### Tests to modify CA users having i18n chars in email #### -rlPhaseStartTest "pki_user_cli_user_mod-CA-044: Modify a user's email having i18n chars in CA using ${prefix}_adminV" +rlPhaseStartTest "pki_user_cli_user_mod-CA-044: Modify a user's email having i18n chars in CA using ROOTCA_adminV" command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --email=$i18nuser_mod_email $i18nuser" errmsg="PKIException: LDAP error (21): error result" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh index 211e3eb1c..c27da30b8 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh @@ -40,7 +40,7 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh +#pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-add-ca.sh #pki-user-cli-user-add-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh ###################################################################################### @@ -102,12 +102,12 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlPhaseEnd ##### Tests to show CA users #### - rlPhaseStartTest "pki_user_cli_user_show-CA-001: Add user to CA using ${prefix}_adminV and show user" + rlPhaseStartTest "pki_user_cli_user_show-CA-001: Add user to CA using ROOTCA_adminV and show user" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"$user1fullname\" $user1" \ 0 \ "Add user $user1 using ${prefix}_adminV" @@ -115,13 +115,13 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user1" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user1 > $TmpDir/pki-user-show-ca-001.out" \ 0 \ "Show user $user1" @@ -136,7 +136,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test $user2" \ 0 \ "Add user $user2 using ${prefix}_adminV" @@ -144,7 +144,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user2 > $TmpDir/pki-user-show-ca-001_1.out" \ 0 \ "Show $user2 user" @@ -165,7 +165,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test $user3" \ 0 \ "Add user $user3 using ${prefix}_adminV" @@ -173,7 +173,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user3 > $TmpDir/pki-user-show-ca-001_2.out" \ 0 \ "Show $user3 user" @@ -187,7 +187,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test $user4" \ 0 \ "Add user $user4 using ${prefix}_adminV" @@ -195,7 +195,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user4 > $TmpDir/pki-user-show-ca-001_3.out" \ 0 \ "Show $user4 user" @@ -209,7 +209,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test $user5" \ 0 \ "Add $user5 using ${prefix}_adminV" @@ -217,7 +217,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user5 > $TmpDir/pki-user-show-ca-001_4.out" \ 0 \ "Show $user5 user" @@ -231,7 +231,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test $user6" \ 0 \ "Add $user6 using ${prefix}_adminV" @@ -239,7 +239,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user6 > $TmpDir/pki-user-show-ca-001_5.out" \ 0 \ "Show $user6 user" @@ -253,7 +253,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test $user7" \ 0 \ "Add user $user7 using ${prefix}_adminV" @@ -261,7 +261,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show $user7 > $TmpDir/pki-user-show-ca-001_6.out" \ 0 \ "Show user $user7" @@ -276,7 +276,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --email=\"$email\" u1" \ 0 \ "Added user using ${prefix}_adminV with maximum --email length" @@ -284,7 +284,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u1 > $TmpDir/pki-user-show-ca-001_7.out" \ 0 \ "Show user u1" @@ -306,7 +306,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --email='$email' u2" \ 0 \ "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" @@ -314,7 +314,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u2 > $TmpDir/pki-user-show-ca-001_8.out" \ 0 \ "Show user u2" @@ -335,7 +335,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --email=# u3" \ 0 \ "Add user u3 using pki ${prefix}_adminV" @@ -343,7 +343,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u3 > $TmpDir/pki-user-show-ca-001_9.out" \ 0 \ "Add user u3" @@ -358,7 +358,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --email=* u4" \ 0 \ "Add user u4 using pki ${prefix}_adminV" @@ -366,7 +366,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u4 > $TmpDir/pki-user-show-ca-001_10.out" \ 0 \ "Show user u4 using ${prefix}_adminV" @@ -381,7 +381,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --email=$ u5" \ 0 \ "Add user u5 using pki ${prefix}_adminV" @@ -389,7 +389,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u5 > $TmpDir/pki-user-show-ca-001_11.out" \ 0 \ "Show user u5 using ${prefix}_adminV" @@ -404,7 +404,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --email=0 u6" \ 0 \ "Add user u6 using pki ${prefix}_adminV" @@ -412,7 +412,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u6 > $TmpDir/pki-user-show-ca-001_12.out" \ 0 \ "Show user u6 using ${prefix}_adminV" @@ -428,7 +428,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --state=\"$state\" u7 " \ 0 \ "Add user u7 using pki ${prefix}_adminV with maximum --state length" @@ -436,7 +436,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u7 > $TmpDir/pki-user-show-ca-001_13.out" \ 0 \ "Show user u7 using ${prefix}_adminV" @@ -458,7 +458,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --state='$state' u8" \ 0 \ "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" @@ -466,7 +466,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u8 > $TmpDir/pki-user-show-ca-001_14.out" \ 0 \ "Show user u8 using ${prefix}_adminV" @@ -487,7 +487,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --state=# u9" \ 0 \ "Added user using ${prefix}_adminV with --state # character" @@ -495,7 +495,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u9 > $TmpDir/pki-user-show-ca-001_15.out" \ 0 \ "Show user u9 using ${prefix}_adminV" @@ -510,7 +510,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --state=* u10" \ 0 \ "Adding user using ${prefix}_adminV with --state * character" @@ -518,7 +518,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u10 > $TmpDir/pki-user-show-ca-001_16.out" \ 0 \ "Show user u10 using ${prefix}_adminV" @@ -533,7 +533,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --state=$ u11" \ 0 \ "Adding user using ${prefix}_adminV with --state $ character" @@ -541,7 +541,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u11 > $TmpDir/pki-user-show-ca-001_17.out" \ 0 \ "Show user u11 using ${prefix}_adminV" @@ -556,7 +556,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --state=0 u12" \ 0 \ "Adding user using ${prefix}_adminV with --state 0" @@ -564,7 +564,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u12 > $TmpDir/pki-user-show-ca-001_18.out" \ 0 \ "Show pki ${prefix}_adminV user" @@ -581,7 +581,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --phone=\"$phone\" u13" \ 0 \ "Adding user using ${prefix}_adminV with maximum --phone length" @@ -589,7 +589,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u13 > $TmpDir/pki-user-show-ca-001_19.out" \ 0 \ "Show user u13 using ${prefix}_adminV" @@ -604,7 +604,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --phone=-1230 u14" \ 0 \ "Adding user using ${prefix}_adminV with --phone as negative number -1230" @@ -612,7 +612,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u14 > $TmpDir/pki-user-show-ca-001_24.out" \ 0 \ "Show user u14 using ${prefix}_adminV" @@ -627,7 +627,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --type=Auditors u15" \ 0 \ "Adding user using ${prefix}_adminV with --type as Auditors" @@ -635,7 +635,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u15 > $TmpDir/pki-user-show-ca-001_25.out" \ 0 \ "Show user u15 using ${prefix}_adminV" @@ -650,7 +650,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ 0 \ "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" @@ -658,7 +658,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u16 > $TmpDir/pki-user-show-ca-001_26.out" \ 0 \ "Show user u16 using ${prefix}_adminV" @@ -673,7 +673,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ 0 \ "Adding user using ${prefix}_adminV with --type Registration Manager Agents" @@ -681,7 +681,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u17 > $TmpDir/pki-user-show-ca-001_27.out" \ 0 \ "Show user u17 using ${prefix}_adminV" @@ -696,7 +696,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --type=\"Subsytem Group\" u18" \ 0 \ "Adding user using ${prefix}_adminV with --type Subsytem Group" @@ -704,7 +704,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u18 > $TmpDir/pki-user-show-ca-001_28.out" \ 0 \ "Show user u18 using ${prefix}_adminV" @@ -719,7 +719,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ 0 \ "Adding user using ${prefix}_adminV with --type Security Domain Administrators" @@ -727,7 +727,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u19 > $TmpDir/pki-user-show-ca-001_29.out" \ 0 \ "Show user u19 using ${prefix}_adminV" @@ -742,7 +742,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test --type=ClonedSubsystems u20" \ 0 \ "Adding user using ${prefix}_adminV with --type ClonedSubsystems" @@ -750,7 +750,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u20 > $TmpDir/pki-user-show-ca-001_30.out" \ 0 \ "Show user u20 using ${prefix}_adminV" @@ -773,7 +773,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u21 > $TmpDir/pki-user-show-ca-001_31.out" \ 0 \ "Show user u21 using ${prefix}_adminV" @@ -788,7 +788,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ca \ user-add --fullName=\"$user1fullname\" u22" \ 0 \ @@ -797,7 +797,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ca \ user-show u22 > $TmpDir/pki-user-show-ca-001_32.out" \ 0 \ @@ -817,7 +817,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ca \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -832,7 +832,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ca \ user-show u23 > $TmpDir/pki-user-show-ca-001_33.out" \ 0 \ @@ -860,7 +860,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ca \ user-show U23 > $TmpDir/pki-user-show-ca-001_35.out 2>&1" \ 0 \ @@ -874,7 +874,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ca-001_35.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-033: Should not be able to show user using a revoked cert ${prefix}_adminR" + rlPhaseStartTest "pki_user_cli_user_show-CA-033: Should not be able to show user using a revoked cert ROOTCA_adminR" command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-show u23" rlLog "Executing $command" errmsg="PKIException: Unauthorized" @@ -882,7 +882,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-034: Should not be able to show user using a agent with revoked cert ${prefix}_agentR" + rlPhaseStartTest "pki_user_cli_user_show-CA-034: Should not be able to show user using a agent with revoked cert ROOTCA_agentR" command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-show u23" rlLog "Executing $command" errmsg="PKIException: Unauthorized" @@ -890,7 +890,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-035: Should not be able to show user using a valid agent ${prefix}_agentV user" + rlPhaseStartTest "pki_user_cli_user_show-CA-035: Should not be able to show user using a valid agent ROOTCA_agentV user" command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" @@ -899,7 +899,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-036: Should not be able to show user using a ${prefix}_agentR user" + rlPhaseStartTest "pki_user_cli_user_show-CA-036: Should not be able to show user using a ROOTCA_agentR user" command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-show u23" rlLog "Executing $command" errmsg="PKIException: Unauthorized" @@ -907,7 +907,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-037: Should not be able to show user using admin user with expired cert ${prefix}_adminE" + rlPhaseStartTest "pki_user_cli_user_show-CA-037: Should not be able to show user using admin user with expired cert ROOTCA_adminE" #Set datetime 2 days ahead rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" rlRun "date" @@ -920,7 +920,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-038: Should not be able to show user using ${prefix}_agentE cert" + rlPhaseStartTest "pki_user_cli_user_show-CA-038: Should not be able to show user using ROOTCA_agentE cert" #Set datetime 2 days ahead rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" rlRun "date" @@ -933,7 +933,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-039: Should not be able to show user using a ${prefix}_auditV" + rlPhaseStartTest "pki_user_cli_user_show-CA-039: Should not be able to show user using a ROOTCA_auditV" command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" @@ -942,7 +942,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-040: Should not be able to show user using a ${prefix}_operatorV" + rlPhaseStartTest "pki_user_cli_user_show-CA-040: Should not be able to show user using a ROOTCA_operatorV" command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" @@ -951,22 +951,22 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-041: Should not be able to show user using a cert created from a untrusted CA ${prefix}_adminUTCA" + rlPhaseStartTest "pki_user_cli_user_show-CA-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" rlLog "Executing: pki -d $untrusted_cert_db_location \ - -n ${prefix}_adminUTCA \ + -n role_user_UTCA \ -c $untrusted_cert_db_password \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u23" rlRun "pki -d $untrusted_cert_db_location \ - -n ${prefix}_adminUTCA \ + -n role_user_UTCA \ -c $untrusted_cert_db_password \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-show u23 > $TmpDir/pki-user-show-ca-adminUTCA-002.out 2>&1" \ + user-show u23 > $TmpDir/pki-user-show-ca-role_user_UTCA-002.out 2>&1" \ 255 \ "Should not be able to show user u23 using a untrusted cert" - rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-adminUTCA-002.out" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-role_user_UTCA-002.out" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_show-ca-042: Should not be able to show user using a user cert" @@ -995,7 +995,7 @@ untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD -n pkiUser1 \ -c Password \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-find --start=1 --size=5" echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$(eval echo \$${prefix}_DOMAIN) Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$(eval echo \$${prefix}_DOMAIN) Security Domain' @@ -1016,7 +1016,7 @@ Import CA certificate (Y/n)? \"" >> $expfile -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show \"$user_length_exceed_max\"" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ @@ -1035,7 +1035,7 @@ Import CA certificate (Y/n)? \"" >> $expfile -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test 'ÖrjanÄke' > $TmpDir/pki-user-show-ca-001_56.out 2>&1" \ 0 \ "Adding uid ÖrjanÄke with i18n characters" @@ -1086,7 +1086,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" - del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user ${prefix}_adminUTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_agentUTCA_user ${prefix}_auditV_user ${prefix}_operatorV_user) + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) #===Deleting users created using ${prefix}_adminV cert===# i=1 @@ -1122,8 +1122,8 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-del 'ÖrjanÄke' > $TmpDir/pki-user-del-ca-user-i18n_1.out" \ 0 \ "Deleted user ÖrjanÄke" @@ -1132,8 +1132,8 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -h $SUBSYSTEM_HOST \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-del 'ÉricTêko' > $TmpDir/pki-user-del-ca-user-i18n_2.out" \ 0 \ "Deleted user ÉricTêko" diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index ae4f713d8..ce8bc1445 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -123,15 +123,15 @@ cmd1="python -m SimpleHTTPServer" dir2="/opt/rhqa_pki/" cmd2="ant report" -if [ $(echo "$MASTER" | grep $(hostname -s)|wc -l) -gt 0 ]; then +if [ $(echo "$MASTER" | grep $(hostname -s)|wc -l) -gt 0 ] ; then MYROLE=MASTER -elif [ $(echo "$CLONE1" | grep $(hostname -s)|wc -l) -gt 0 ]; then +elif [ $(echo "$CLONE1" | grep $(hostname -s)|wc -l) -gt 0 ] ; then MYROLE=CLONE1 -elif [ $(echo "$CLONE2" | grep $(hostname -s)|wc -l) -gt 0 ]; then +elif [ $(echo "$CLONE2" | grep $(hostname -s)|wc -l) -gt 0 ] ; then MYROLE=CLONE2 -elif [ $(echo "$SUBCA1" | grep $(hostname -s)|wc -l) -gt 0 ]; then +elif [ $(echo "$SUBCA1" | grep $(hostname -s)|wc -l) -gt 0 ] ; then MYROLE=SUBCA1 -elif [ $(echo "$SUBCA2" | grep $(hostname -s)| wc -l) -gt 0 ]; then +elif [ $(echo "$SUBCA2" | grep $(hostname -s)| wc -l) -gt 0 ] ; then MYROLE=SUBCA2 else MYROLE=UNKNOWN @@ -161,7 +161,7 @@ rlJournalStart OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2) TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2) - if [ "$QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + if [ "$QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ] ; then run_rhcs_set_time run_rhcs_install_set_vars run_rhcs_install_quickinstall @@ -179,28 +179,28 @@ rlJournalStart TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2) rlLog "Subsystem ID TKS=$TKS_INST" run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE - elif [ "$TOPO1_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO1_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_1 - elif [ "$TOPO2_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO2_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_2 - elif [ "$TOPO3_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO3_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_3 - elif [ "$TOPO4_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO4_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_4 - elif [ "$TOPO5_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO5_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_5 - elif [ "$TOPO6_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO6_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_6 - elif [ "$TOPO7_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO7_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_7 - elif [ "$TOPO8_UPPERCASE" = "TRUE" ]; then + elif [ "$TOPO8_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_8 fi @@ -314,48 +314,64 @@ rlJournalStart PKI_CA_USER_UPPERCASE=$(echo $PKI_CA_USER | tr [a-z] [A-Z]) if [ "$PKI_CA_USER_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user tests - run_pki-ca-user-cli-ca-user-add_tests - run_pki-ca-user-cli-ca-user-show_tests - run_pki-ca-user-cli-ca-user-find_tests - run_pki-ca-user-cli-ca-user-del_tests - run_pki-ca-user-cli-ca-user-membership-add_tests - run_pki-ca-user-cli-ca-user-membership-find_tests - run_pki-ca-user-cli-ca-user-membership-del_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-add_tests $subsystemId $subsystemType $MYROLE + run_pki-ca-user-cli-ca-user-show_tests $subsystemId $subsystemType $MYROLE + run_pki-ca-user-cli-ca-user-find_tests $subsystemId $subsystemType $MYROLE + run_pki-ca-user-cli-ca-user-del_tests $subsystemId $subsystemType $MYROLE + run_pki-ca-user-cli-ca-user-membership-add_tests $subsystemId $subsystemType $MYROLE + run_pki-ca-user-cli-ca-user-membership-find_tests $subsystemId $subsystemType $MYROLE + run_pki-ca-user-cli-ca-user-membership-del_tests $subsystemId $subsystemType $MYROLE fi CA_USER_ADD_UPPERCASE=$(echo $CA_USER_ADD | tr [a-z] [A-Z]) if [ "$CA_USER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-add tests - run_pki-ca-user-cli-ca-user-add_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-add_tests $subsystemId $subsystemType $MYROLE fi CA_USER_SHOW_UPPERCASE=$(echo $CA_USER_SHOW | tr [a-z] [A-Z]) if [ "$CA_USER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-show tests - run_pki-ca-user-cli-ca-user-show_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-show_tests $subsystemId $subsystemType $MYROLE fi CA_USER_FIND_UPPERCASE=$(echo $CA_USER_FIND | tr [a-z] [A-Z]) if [ "$CA_USER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-find-ca tests - run_pki-ca-user-cli-ca-user-find_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-find_tests $subsystemId $subsystemType $MYROLE fi CA_USER_DEL_UPPERCASE=$(echo $CA_USER_DEL | tr [a-z] [A-Z]) if [ "$CA_USER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-del tests - run_pki-ca-user-cli-ca-user-del_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-del_tests $subsystemId $subsystemType $MYROLE fi CA_USER_MEMBERSHIP_ADD_UPPERCASE=$(echo $CA_USER_MEMBERSHIP_ADD | tr [a-z] [A-Z]) if [ "$CA_USER_MEMBERSHIP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-membership-add tests - run_pki-ca-user-cli-ca-user-membership-add_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-membership-add_tests $subsystemId $subsystemType $MYROLE fi CA_USER_MEMBERSHIP_FIND_UPPERCASE=$(echo $CA_USER_MEMBERSHIP_FIND | tr [a-z] [A-Z]) if [ "$CA_USER_MEMBERSHIP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-membership-find tests - run_pki-ca-user-cli-ca-user-membership-find_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-membership-find_tests $subsystemId $subsystemType $MYROLE fi CA_USER_MEMBERSHIP_DEL_UPPERCASE=$(echo $CA_USER_MEMBERSHIP_DEL | tr [a-z] [A-Z]) if [ "$CA_USER_MEMBERSHIP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-membership-del tests - run_pki-ca-user-cli-ca-user-membership-del_tests + subsystemId=$CA_INST + subsystemType=ca + run_pki-ca-user-cli-ca-user-membership-del_tests $subsystemId $subsystemType $MYROLE fi ######## PKI CERT TESTS ############ @@ -505,7 +521,7 @@ rlJournalStart run_pki-group-cli-group-member-show-ca_tests fi BIG_INT_UPPERCASE=$(echo $BIG_INT | tr [a-z] [A-Z]) - if [ "$BIG_INT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$BIG_INT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then #Execute pki bigInt tests run_pki_big_int run_pki_cert @@ -515,7 +531,7 @@ rlJournalStart ######## PKI BUG VERIFICATIONS ############ BUG_VERIFICATION_UPPERCASE=$(echo $BUG_VERIFICATION | tr [a-z] [A-Z]) - if [ "$BUG_VERIFICATION_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$BUG_VERIFICATION_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then #Execute pki bigInt tests run_CS-backup-bug-verification run_pki-core-bug-verification @@ -524,7 +540,7 @@ rlJournalStart ######## PKI KEY KRA TESTS ############ PKI_KEY_KRA_TESTS_UPPERCASE=$(echo $PKI_KEY_KRA_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_KEY_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$PKI_KEY_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then subsystemType=kra run_pki-key-kra_tests run_pki-key-generate-kra_tests $subsystemType $MYROLE @@ -619,7 +635,7 @@ rlJournalStart ######## PKI KRA KEY TESTS ############ PKI_KRA_KEY_TESTS_UPPERCASE=$(echo $PKI_KRA_KEY_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_KRA_KEY_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$PKI_KRA_KEY_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then subsystemType=kra run_pki-kra-key-kra_tests run_pki-kra-key-generate-kra_tests $subsystemType $MYROLE @@ -634,7 +650,7 @@ rlJournalStart run_pki-kra-key-archive-kra_tests $subsystemType $MYROLE run_pki-kra-key-retrieve-kra_tests $subsystemType $MYROLE run_pki-kra-key-request-review-kra_tests $subsystemType $MYROLE - + fi KRA_KEY_CONFIG_UPPERCASE=$(echo $KRA_KEY_CONFIG | tr [a-z] [A-Z]) if [ "$KRA_KEY_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki kra key config tests |