diff options
| author | Niranjan Mallapadi <mrniranjan@redhat.com> | 2014-09-25 13:55:15 +0530 |
|---|---|---|
| committer | Niranjan Mallapadi <mrniranjan@redhat.com> | 2014-09-25 13:56:39 +0530 |
| commit | f388716272cd2b244875a5a63a93baceca53583f (patch) | |
| tree | de210ed38cc8452edb1070bb109cd5e8c3952104 | |
| parent | 19334816454c81019cf3d86b98f67752cbcbf2ec (diff) | |
Add host & port info to cert-request-review
| -rwxr-xr-x | tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-review-ca.sh | 759 |
1 files changed, 535 insertions, 224 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-review-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-review-ca.sh index 3dbc115ca..5aeb9b08f 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-review-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-review-ca.sh @@ -41,30 +41,35 @@ run_pki-cert-request-review-ca_tests() { + local cs_Type=$1 + local cs_Role=$2 + # Creating Temporary Directory for pki cert-request-review rlPhaseStartSetup "pki cert-request_show Temporary Directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" rlRun "pushd $TmpDir" rlPhaseEnd - + # Local Variables - local CA_agentV_user=CA_agentV - local CA_auditV_user=CA_auditV - local CA_operatorV_user=CA_operatorV - local CA_adminV_user=CA_adminV - local CA_agentR_user=CA_agentR - local CA_adminR_user=CA_adminR - local CA_adminE_user=CA_adminE - local CA_agentE_user=CA_agentE + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local CA_agentV_user=$CA_INST\_agentV + local CA_auditV_user=$CA_INST\_auditV + local CA_operatorV_user=$CA_INST\_operatorV + local CA_adminV_user=$CA_INST\_adminV + local CA_agentR_user=$CA_INST\_agentR + local CA_adminR_user=$CA_INST\_adminR + local CA_adminE_user=$CA_INST\_adminE + local CA_agentE_user=$CA_INST\_agentE local TEMP_NSS_DB="$TmpDir/nssdb" local TEMP_NSS_DB_PWD="redhat" local exp="$TmpDir/expfile.out" local expout="$TmpDir/exp_out" local cert_info="$TmpDir/cert_info" local cert_request_review=$TmpDir/cert-request-review.out - local target_port=8080 - local target_https_port=8443 - local tmp_ca_host=$(hostname) + local target_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_https_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) local target_host=$tmp_ca_host local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1) local i18n_array=("Örjan Äke:Örjan_Äke" "Éric Têko:Éric_Têko" "éénentwintig dvidešimt:éénentwintig_dvidešimt" "kakskümmend üks:kakskümmend_üks" "двадцять один тридцять:двадцять_один_тридцять") @@ -72,8 +77,10 @@ run_pki-cert-request-review-ca_tests() local tmp_junk_data=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 200 | head -n 1) local exp="$TmpDir/expfile.out" local expout="$TmpDir/exp_out" - local admin_cert_nickname="PKI Administrator for $CA_DOMAIN" + local admin_cert_nickname="caadmincert" local profile=caUserCert + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 # Config test of pki cert-request-review rlPhaseStartTest "pki_cert_cli-configtest: pki cert-request-review --help configuration test" @@ -112,11 +119,13 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ cert-request-review $request_id \ @@ -148,11 +157,13 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ cert-request-review $request_id \ @@ -184,12 +195,14 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentV_user\" \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "Cancel enrollment request $request_id" @@ -220,7 +233,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -272,7 +285,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -314,20 +327,22 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign 1> $cert_request_review" 0 "Assign enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "Assigned certificate request $request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin(Member of Certificate Manager Agents)" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" - rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" + rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$request_id-ldap.out" rlAssertGrep "caadmin" "$TmpDir/$request_id-ldap.out" rlPhaseEnd @@ -335,6 +350,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Un assign $ret_requestid" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$admin_cert_nickname\" \ cert-request-review $request_id \ --action unassign 1> $cert_request_review" 0 "Assign enrollment request $request_id to $admin_cert_nickname" @@ -368,13 +385,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local i18n_request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $i18n_request_id \ --action approve 1> $cert_request_review" 0 "Approve enrollment request $i18n_request_id" rlAssertGrep "Approved certificate request $i18n_request_id" "$cert_request_review" @@ -396,8 +415,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -405,13 +424,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -420,6 +439,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action approve 1> $cert_request_review" rlAssertGrep "Approved certificate request $renewal_request_id" "$cert_request_review" @@ -440,8 +461,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -449,19 +470,21 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ cert-request-review $renewal_request_id \ @@ -484,8 +507,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -493,13 +516,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -508,6 +531,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action cancel 1> $cert_request_review" rlAssertGrep "Canceled certificate request $renewal_request_id" "$cert_request_review" @@ -528,8 +553,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -537,13 +562,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -591,8 +616,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -600,13 +625,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -644,8 +669,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -653,24 +678,26 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumbe =$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action assign 1> $cert_request_review" 0 "Assign Enrollment request $renewal_request_id to $admin_cert_nickname" rlAssertGrep "Assigned certificate request $renewal_request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$renewal_request_id requestOwner > $TmpDir/$renewal_request_id-ldap.out" - rlAssertGrep "dn: cn=$renewal_request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$renewal_request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$renewal_request_id requestOwner > $TmpDir/$renewal_request_id-ldap.out" + rlAssertGrep "dn: cn=$renewal_request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$renewal_request_id-ldap.out" rlAssertGrep "caadmin" "$TmpDir/$renewal_request_id-ldap.out" rlPhaseEnd @@ -679,6 +706,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action unassign 1> $cert_request_review" 0 "Un-Assign renewal request $renewal_request_id using $admin_cert_nickname cert" rlAssertGrep "Unassigned certificate request $renewal_request_id" "$cert_request_review" @@ -703,8 +732,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port: \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -712,13 +741,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -727,6 +756,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action approve 1> $cert_request_review" rlAssertGrep "Approved certificate request $renewal_request_id" "$cert_request_review" @@ -757,13 +788,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -771,6 +804,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 1,255 rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -806,8 +841,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -815,13 +850,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -830,6 +865,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action approve 1> $cert_request_review" rlAssertGrep "Approved certificate request $renewal_request_id" "$cert_request_review" @@ -837,6 +874,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action approve > $cert_request_review 2>&1" 255,1 "Approving already approved renewal request $renewal_request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -865,6 +904,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 1,255 "Approve non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -909,19 +950,23 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ - cert-request-review $request_id \ + -h $target_host \ + -p $target_port \ + cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 1,255 "Approving rejected request $request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -951,19 +996,23 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "Cancel Enrollment request $request_id" rlAssertGrep "Canceled certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 1,255 "Approving rejected request $request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1003,6 +1052,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -1015,7 +1066,7 @@ run_pki-cert-request-review-ca_tests() rlAssertGrep " --help Show help options" "$cert_request_review" rlPhaseEnd - rlPhaseStartTest "pki_cert_request_review-0028: Approve an enrollment request as CA_agentV assigned to caadmin user(Member of Certificate Manager Agents)" + rlPhaseStartTest "pki_cert_request_review-0028: Approve an enrollment request as Valid Agent Cert assigned to caadmin user(Member of Certificate Manager Agents)" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ tmp_nss_db:$TEMP_NSS_DB \ @@ -1039,30 +1090,34 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign 1> $cert_request_review" 0 "Assign enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "Assigned certificate request $request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" - rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" + rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$request_id-ldap.out" rlAssertGrep "caadmin" "$TmpDir/$request_id-ldap.out" rlLog "Approve $request_id as $CA_agentV_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 255,1 "Approve enrollment request $request_id" rlAssertGrep "PKIException: Problem approving request in CertRequestResource.assignRequest! Not authorized to do this operation." "$cert_request_review" rlPhaseEnd - + rlPhaseStartTest "pki_cert_request_review-0029: Approve an unassigned Enrollment request" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -1087,7 +1142,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -1095,12 +1150,16 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign 1> $cert_request_review" 0 "Assign enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "Unassigned certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -1130,7 +1189,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -1146,6 +1205,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -1157,6 +1218,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --file $TmpDir/$rand\.xml > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -1168,7 +1231,7 @@ run_pki-cert-request-review-ca_tests() rlAssertGrep " read in from file." "$cert_request_review" rlAssertGrep " --help Show help options" "$cert_request_review" rlPhaseEnd - + rlPhaseStartTest "pki_cert_request_review-0032: Rejecting a approved Enrollment request should fail" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -1193,18 +1256,22 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentV_user\" \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 "Rejecting an approved request $request_id" @@ -1240,8 +1307,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -1249,13 +1316,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -1264,6 +1331,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action approve 1> $cert_request_review" rlAssertGrep "Approved certificate request $renewal_request_id" "$cert_request_review" @@ -1271,6 +1340,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action reject > $cert_request_review 2>&1" 255,1 "Rejecting already approved renewal request $renewal_request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1298,6 +1369,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 "Rejecting non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -1341,13 +1414,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -1355,6 +1430,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 "Rejecting $request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1380,6 +1457,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -1416,13 +1495,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -1430,6 +1511,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1464,8 +1547,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -1473,13 +1556,13 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlAssertGrep "Request ID: $renewal_request_id" "$cert_request_submit" rlAssertGrep "Type: renewal" "$cert_request_submit" @@ -1488,6 +1571,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action approve 1> $cert_request_review" rlAssertGrep "Approved certificate request $renewal_request_id" "$cert_request_review" @@ -1495,6 +1580,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action cancel > $cert_request_review 2>&1" 255,1 "Canceling approved renewal request $renewal_request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1522,6 +1609,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancel non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -1565,19 +1654,23 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancelling a rejected request $request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1604,6 +1697,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -1640,13 +1735,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -1666,6 +1763,7 @@ run_pki-cert-request-review-ca_tests() rlAssertGrep "BadRequestException: Request Not In Pending State" "$expout" rlPhaseEnd + rlPhaseStartTest "pki_cert_request_review-0051: update a rejected Enrollment request" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -1690,13 +1788,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -1724,6 +1824,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action update > $cert_request_review 2>&1" 1,255 "Updating non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -1751,6 +1853,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action update > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -1787,13 +1891,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -1838,13 +1944,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -1873,6 +1981,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action Validate > $cert_request_review 2>&1" 1,255 "Validating non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -1902,6 +2012,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action validate > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -1939,13 +2051,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" @@ -1953,6 +2067,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -1982,13 +2098,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -1996,6 +2114,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign rejected Enrollment request $request_id to $CA_agentV_user" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -2009,6 +2129,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assigning non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -2035,6 +2157,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -2047,6 +2171,7 @@ run_pki-cert-request-review-ca_tests() rlAssertGrep " --help Show help options" "$cert_request_review" rlPhaseEnd + rlPhaseStartTest "pki_cert_request_review-0065: Unassign a approved Enrollment request to caadmin(Member of Certificate Manager Agents) user" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -2071,19 +2196,23 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign Enrollment request $request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -2113,13 +2242,15 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -2127,6 +2258,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign rejected Enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -2140,6 +2273,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassigning non-existent request id $request_id" rlAssertGrep "Request ID $tmp_request_id not found" "$cert_request_review" @@ -2166,6 +2301,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "No request id is passed to pki cert-request-review" rlAssertGrep "Error: Missing Certificate Request ID" "$cert_request_review" @@ -2202,7 +2339,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2210,9 +2347,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 255 "Approve Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0071: Approve an Enrollment request using caadmin (Member of Certificate Manager Agents) cert" @@ -2220,11 +2359,14 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlPhaseEnd + rlPhaseStartTest "pki_cert_request_review-0072: Approve an Enrollment request using audit Cert(CA_auditV)" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -2249,7 +2391,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2257,9 +2399,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_auditV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 255 "Approve Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0073: Approve Enrollment request using operator Cert(CA_operatorV)" @@ -2267,9 +2411,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_operatorV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 255 "Approve Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0074: Approve Enrollment request using Normal user cert who has no privileges" @@ -2281,6 +2427,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -n \"$CA_adminV_user\" \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ ca-user-add $pki_user \ --fullName \"$pki_user_fullName\" \ --password $pki_pwd" 0 "Create $pki_user User" @@ -2297,43 +2445,51 @@ run_pki-cert-request-review-ca_tests() subject_c: \ archive:false \ req_profile:$profile \ - target_host: \ + target_host:$target_host \ protocol: \ - port: \ + port:$target_port \ cert_db_dir:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ certdb_nick:\"$CA_agentV_user\" \ cert_info:$cert_info" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) rlLog "Get the $pki_user cert in a output file" - rlRun "pki cert-show $cert_serialNumber --encoded --output $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --encoded --output $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-cert-show.out" rlAssertGrep "Certificate \"$cert_serialNumber\"" "$TEMP_NSS_DB/pki-cert-show.out" - rlRun "pki cert-show 0x1 --encoded --output $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/ca-cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show 0x1 --encoded --output $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/ca-cert-show.out" rlAssertGrep "Certificate \"0x1\"" "$TEMP_NSS_DB/ca-cert-show.out" rlLog "Add the $pki_user cert to $TEMP_NSS_DB NSS DB" rlRun "pki -d $TEMP_NSS_DB \ -c $TEMP_NSS_DB_PWD \ + -h $target_host \ + -p $target_port \ -n "$pki_user" client-cert-import \ --cert $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-client-cert.out" rlAssertGrep "Imported certificate \"$pki_user\"" "$TEMP_NSS_DB/pki-client-cert.out" rlLog "Get CA cert imported to $TEMP_NSS_DB NSS DB" rlRun "pki -d $TEMP_NSS_DB \ -c $TEMP_NSS_DB_PWD \ - -n \"CA Signing Certificate - $CA_DOMAIN Security Domain\" client-cert-import \ + -h $target_host \ + -p $target_port \ + -n \"casigningcert\" client-cert-import \ --ca-cert $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/pki-ca-cert.out" - rlAssertGrep "Imported certificate \"CA Signing Certificate - $CA_DOMAIN Security Domain\"" "$TEMP_NSS_DB/pki-ca-cert.out" + rlAssertGrep "Imported certificate \"casigningcert\"" "$TEMP_NSS_DB/pki-ca-cert.out" rlRun "pki -d $CERTDB_DIR \ - -n CA_adminV \ + -n $CA_adminV_user \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -t ca user-cert-add $pki_user \ --input $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki_user_cert_add.out" 0 "Cert is added to the user $pki_user" rlLog "Approve $request_id as Normal user $pki_user" rlRun "pki -d $TEMP_NSS_DB \ -c $TEMP_NSS_DB_PWD \ -n \"$pki_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 1,255 "Approve Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0075: Approve Enrollment request using valid user" @@ -2341,6 +2497,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -u $pki_user \ -w $pki_pwd \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id --action approve > $cert_request_review 2>&1" 1,255 rlAssertGrep "Authentication method not allowed" "$cert_request_review" rlPhaseEnd @@ -2352,13 +2510,15 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -u $invalid_pki_user \ -w $invalid_pki_user_pwd \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id --action approve > $cert_request_review 2>&1" 1,255 rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0077: Approve Enrollment request using Expired Admin cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -2370,6 +2530,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Approve $request_id using $CA_adminE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminE_user\" cert-request-review $request_id --action approve > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" rlLog "Set the date back to it's original date & time" @@ -2380,7 +2542,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0078: Approve Enrollment request using Expired Agent cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -2392,7 +2554,9 @@ run_pki-cert-request-review-ca_tests() rlLog "Approve $request_id using $CA_agentE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ - -n \"$CA_agentE_user\" cert-request-review $request_id --action approve > $cert_request_review 2>&1" 1,255 + -n \"$CA_agentE_user\" \ + -h $target_host \ + -p $target_port cert-request-review $request_id --action approve > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" rlLog "Set the date back to it's original date & time" rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" @@ -2405,6 +2569,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminR_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve > $cert_request_review 2>&1" 255 "Approve Enrollment request $request_id" rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" @@ -2415,11 +2581,14 @@ run_pki-cert-request-review-ca_tests() -U https://$target_host:$target_https_port \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlPhaseEnd + rlPhaseStartTest "pki_cert_request_review-0081: Reject an Enrollment request using admin cert(CA_adminV)" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -2444,7 +2613,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2452,9 +2621,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 "Reject Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0082: Reject an Enrollment request using caadmin(Member of Certificate Manager Agents) cert" @@ -2462,6 +2633,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -2491,7 +2664,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2499,9 +2672,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_auditV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 255 "Reject Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0084: Reject Enrollment request using operator Cert(CA_operatorV)" @@ -2509,9 +2684,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_operatorV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 255 "Reject Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0085: Reject Enrollment request using Normal user cert who has no privileges" @@ -2519,14 +2696,18 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $TEMP_NSS_DB \ -c $TEMP_NSS_DB_PWD \ -n \"$pki_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 "Reject Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0086: Reject Enrollment request using valid user" rlLog "Rejecting $request_id using user $pki_user" rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -u $pki_user \ -w $pki_pwd \ cert-request-review $request_id --action reject > $cert_request_review 2>&1" 1,255 @@ -2538,6 +2719,8 @@ run_pki-cert-request-review-ca_tests() local invalid_pki_user_pwd=Secret123 rlLog "Rejecting $request_id using $invalid_pki_user who does not exist" rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -u $invalid_pki_user \ -w $invalid_pki_user_pwd \ cert-request-review $request_id --action reject > $cert_request_review 2>&1" 1,255 @@ -2546,7 +2729,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0088: Reject Enrollment request using Expired Admin cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -2558,6 +2741,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Reject $request_id using $CA_adminE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminE_user\" cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -2569,7 +2754,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0089: Reject Enrollment request using Expired Agent cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -2581,6 +2766,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Rejecting $request_id using $CA_agentE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentE_user\" cert-request-review $request_id \ --action reject> $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -2595,6 +2782,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminR_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject > $cert_request_review 2>&1" 255 "Reject Enrollment request $request_id" rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" @@ -2605,6 +2794,8 @@ run_pki-cert-request-review-ca_tests() -U https://$target_host:$target_https_port \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action reject 1> $cert_request_review" 0 "Rejecting Enrollment request $request_id" rlAssertGrep "Rejected certificate request $request_id" "$cert_request_review" @@ -2634,7 +2825,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2642,9 +2833,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancel Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0093: Cancel Enrollment request using Admin Cert(caadmin) having agent privileges" @@ -2652,6 +2845,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "Cancel Enrollment request $request_id using caadmin having agent privileges" rlAssertGrep "Canceled certificate request $request_id" "$cert_request_review" @@ -2681,7 +2876,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2689,9 +2884,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_auditV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancel Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0095: Cancel Enrollment request using Operator Cert(CA_operatorV)" @@ -2699,9 +2896,11 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_operatorV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancel Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0096: Cancel Enrollment request using Normal user cert who has no privileges" @@ -2709,14 +2908,18 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $TEMP_NSS_DB \ -c $TEMP_NSS_DB_PWD \ -n \"$pki_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancel Enrollment request $request_id" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0097: Cancel Enrollment request using valid user" rlLog "Cancel $request_id using user $pki_user" rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -u $pki_user \ -w $pki_pwd \ cert-request-review $request_id \ @@ -2729,6 +2932,8 @@ run_pki-cert-request-review-ca_tests() local invalid_pki_user_pwd=Secret123 rlLog "Cancel $request_id using invalid user $invalid_pki_user" rlRun "pki -d $CERTDB_DIR \ + -h $target_host \ + -p $target_port \ -u $invalid_pki_user \ -w $invalid_pki_user_pwd cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancel $request_id using invalid user" @@ -2737,7 +2942,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0099: Cancel Enrollment request using Expired Admin cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -2749,6 +2954,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Cancel $request_id using $CA_adminE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminE_user\" cert-request-review $request_id --action cancel > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" rlLog "Set the date back to it's original date & time" @@ -2759,7 +2966,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0100: Cancel Enrollment request using Expired Agent cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -2771,6 +2978,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Cancel $request_id using $CA_agentE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentE_user\" cert-request-review $request_id --action cancel > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" rlLog "Set the date back to it's original date & time" @@ -2784,6 +2993,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminR_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 255 "Approve Enrollment request $request_id" rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" @@ -2795,6 +3006,8 @@ run_pki-cert-request-review-ca_tests() -U https://$target_host:$target_https_port \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "cancel Enrollment request $request_id" rlAssertGrep "Canceled certificate request $request_id" "$cert_request_review" @@ -2824,7 +3037,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2842,7 +3055,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"update\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0104: Update Enrollment request using caadmin(Member of Certificate Manager Agents) cert" @@ -2897,7 +3110,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -2915,7 +3128,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"update\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0106: Update Enrollment request using operator Cert(CA_operatorV)" @@ -2933,7 +3146,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"update\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0107: Update Enrollment request using Normal user cert with no privileges" @@ -2951,7 +3164,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"update\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0108: Update Enrollment request using valid user" @@ -2992,7 +3205,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0110: Update Enrollment request using Expired Agent cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3024,7 +3237,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0111: Update Enrollment request using Expired Admin cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3123,7 +3336,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -3141,7 +3354,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"validate\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0115: Validate Enrollment request using caadmin(Member of Certificate Manager Agents) cert" @@ -3186,7 +3399,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -3204,7 +3417,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"validate\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0117: Validate Enrollment request using Operator Cert(CA_operatorV)" @@ -3222,7 +3435,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"validate\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0118: Validate Enrollment request using normal user cert with no privileges" @@ -3240,7 +3453,7 @@ run_pki-cert-request-review-ca_tests() echo "send -- \"validate\r\"" >> $exp echo "expect eof" >> $exp rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 1 - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$expout" + rlAssertGrep "Authorization Error" "$expout" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0119: Validate Enrollment request using valid user" @@ -3262,6 +3475,8 @@ run_pki-cert-request-review-ca_tests() rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0120: Validate Enrollment request using In-valid user" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 rlLog "Validate $request_id using $invalid_pki_user" local tmp_validity_period="900 days" local tmp_updated_date=$(date --date="$tmp_validity_period" +%Y-%m-%d) @@ -3279,9 +3494,10 @@ run_pki-cert-request-review-ca_tests() rlAssertGrep "PKIException: Unauthorized" "$expout" rlPhaseEnd + rlPhaseStartTest "pki_cert_request_review-0121: Validate Enrollment request using Expired admin Cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3313,7 +3529,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0122: Validate Enrollment request using expired agent Cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3403,31 +3619,35 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminV_user\" \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $request_id to $CA_adminV_user" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0126: Assign an Enrollment request to CA_agentV user" rlLog "Assign Enrollment request as $CA_agentV_user user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentV_user\" \ cert-request-review $request_id \ --action assign 1> $cert_request_review" 0 "Assign Enrollment request $request_id to $CA_agentV_user" rlAssertGrep "Assigned certificate request $request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" - rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$request_id-ldap.out" - rlAssertGrep "CA_agentV" "$TmpDir/$request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" + rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$request_id-ldap.out" + rlAssertGrep "$CA_agentV_user" "$TmpDir/$request_id-ldap.out" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0127: Assign an Enrollment request using Audit Cert(CA_auditV)" @@ -3454,16 +3674,18 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_auditV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $request_id to $CA_auditV_user" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0128: Assign Enrollment request using operator cert(CA_operatorV)" @@ -3471,6 +3693,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_OperatorV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $request_id to $CA_operatorV_user" rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -3481,14 +3705,18 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $TEMP_NSS_DB \ -c $TEMP_NSS_DB_PWD \ -n \"$pki_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $request_id to $pki_user" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0130: Assign Enrollment request using valid user" rlLog "Assign Enrollment request using $pki_user" rlRun "pki -d $TEMP_NSS_DB \ + -h $target_host \ + -p $target_port \ -u $pki_user \ -w $pki_pwd \ cert-request-review $request_id \ @@ -3501,6 +3729,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $TEMP_NSS_DB \ -u $invalid_pki_user \ -w $invalid_pki_user_pwd \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $request_id to $invalid_pki_user" rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" @@ -3508,7 +3738,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0132: Assign Enrollment request using Expired Admin cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3520,6 +3750,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Assign $request_id using $CA_adminE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminE_user\" cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -3531,7 +3763,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0133: Assign Enrollment request using Expired Agent cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3543,6 +3775,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Assign $request_id using $CA_agentE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentE_user\" cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -3557,6 +3791,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminR_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign > $cert_request_review 2>&1" 255 "Assign Enrollment request $request_id" rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" @@ -3596,16 +3832,18 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_adminV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign Enrollment request $request_id to $CA_adminV_user" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0137: Unassign an Enrollment request to CA_agentV user" @@ -3613,11 +3851,14 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign 1> $cert_request_review" 0 "Unassign Enrollment request $request_id to $CA_agentV_user" rlAssertGrep "Unassigned certificate request $request_id" "$cert_request_review" rlPhaseEnd + rlPhaseStartTest "pki_cert_request_review-0138: Unassign an Enrollment request using Audit Cert(CA_auditV)" rlLog "Generate pkcs10 certificate request" rlRun "create_new_cert_request \ @@ -3642,16 +3883,18 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_auditV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign Enrollment request $request_id to $CA_auditV_user" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0139: Unassign Enrollment request using operator cert(CA_operatorV)" @@ -3659,6 +3902,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_OperatorV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign Enrollment request $request_id" rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -3667,16 +3912,20 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0140: Unassign Enrollment request using normal user cert with no privileges" rlLog "Unassign Enrollment request using $pki_user cert" rlRun "pki -d $TEMP_NSS_DB \ + -h $target_host \ + -p $target_port \ -c $TEMP_NSS_DB_PWD \ -n \"$pki_user\" \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign Enrollment request $request_id as $pki_user" - rlAssertGrep "Authorization failed on resource: certServer.ca.certrequests, operation: execute" "$cert_request_review" + rlAssertGrep "Authorization Error" "$cert_request_review" rlPhaseEnd rlPhaseStartTest "pki_cert_request_review-0141: Unassign Enrollment request using valid user" rlLog "Unassign Enrollment request using $pki_user" rlRun "pki -d $TEMP_NSS_DB \ + -h $target_host \ + -p $target_port \ -u $pki_user \ -w $pki_pwd \ cert-request-review $request_id \ @@ -3689,6 +3938,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $TEMP_NSS_DB \ -u $invalid_pki_user \ -w $invalid_pki_user_pwd \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 "Unassign Enrollment request $request_id as $invalid_pki_user" rlAssertGrep "PKIException: Unauthorized" "$cert_request_review" @@ -3696,7 +3947,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0143: Unassign Enrollment request using Expired Admin cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_adminE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3708,6 +3959,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Unassign $request_id using $CA_adminE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminE_user\" cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -3719,7 +3972,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0144: Unassign Enrollment request using Expired Agent cert" local cur_date=$(date) - local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}') + local end_date=$(certutil -L -d $CERTDB_DIR -n $CA_agentE_user | grep "Not After" | awk -F ": " '{print $2}') rlLog "Current Date/Time: $(date)" rlLog "Current Date/Time: before modifying using chrony $(date)" rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" @@ -3731,6 +3984,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Unassign $request_id using $CA_agentE_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_agentE_user\" cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 1,255 rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_request_review" @@ -3744,6 +3999,8 @@ run_pki-cert-request-review-ca_tests() rlLog "Unassign $request_id as Normal user $CA_adminR_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$CA_adminR_user\" \ cert-request-review $request_id \ --action unassign > $cert_request_review 2>&1" 255 "Unassign Enrollment request $request_id" @@ -3769,8 +4026,8 @@ run_pki-cert-request-review-ca_tests() request_type:crmf \ request_algo:rsa \ request_size:2048 \ - subject_cn:\"IDM $tmp_profile Test1\" \ - subject_uid:IDM-$tmp_profile \ + subject_cn:\"IDM Test1\" \ + subject_uid:IDMTest1 \ subject_email:idmtest@foobar.org \ subject_ou:IDM \ subject_organization:FooBar \ @@ -3785,19 +4042,23 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Critical: yes\" > $TmpDir/cert-show.out " + rlLog "request_id = $request_id" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlLog "cert_serialNumber=$cert_serialNumber" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Critical: yes\" > $TmpDir/cert-show.out " rlLog "Verify only Key Encipherment extension is only added" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertNotGrep "Digital Signature" "$TmpDir/cert-show.out" @@ -3828,19 +4089,21 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 14 \"Critical: yes\" > $TmpDir/cert-show.out " + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 14 \"Critical: yes\" > $TmpDir/cert-show.out " rlLog "Verify only Key Encipherment extension is only added" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" @@ -3871,20 +4134,22 @@ run_pki-cert-request-review-ca_tests() -c $TEMP_NSS_DB_PWD cert-request-profile-show $tmp_profile \ --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" - rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $tmp_profile" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 14 \"Critical: yes\" > $TmpDir/cert-show.out " + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 14 \"Critical: yes\" > $TmpDir/cert-show.out " rlLog "Verify only Key Encipherment extension is only added" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" @@ -3916,19 +4181,21 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out " + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out " rlLog "Verify Digital Signature and Non-Encipherment extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" @@ -3960,26 +4227,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Data Encipherment" "$TmpDir/cert-show.out" rlLog "Verify Extended Key Usage extensions are added" - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.1" "$TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.2" "$TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.4" "$TmpDir/cert-show.out" @@ -4009,26 +4278,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Data Encipherment" "$TmpDir/cert-show.out" rlLog "Verify Extended Key Usage extensions are added" - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.1" "$TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.2" "$TmpDir/cert-show.out" rlAssertNotGrep "1.3.6.1.5.5.7.3.4" "$TmpDir/cert-show.out" @@ -4058,26 +4329,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Data Encipherment" "$TmpDir/cert-show.out" rlLog "Verify Extended Key Usage extensions are added" - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.2" "$TmpDir/cert-show.out" rlAssertNotGrep "1.3.6.1.5.5.7.3.4" "$TmpDir/cert-show.out" rlPhaseEnd @@ -4106,26 +4379,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Data Encipherment" "$TmpDir/cert-show.out" rlLog "Verify Extended Key Usage extensions are added" - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.2" "$TmpDir/cert-show.out" rlAssertNotGrep "1.3.6.1.5.5.7.3.4" "$TmpDir/cert-show.out" rlPhaseEnd @@ -4154,19 +4429,21 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 15 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 15 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" @@ -4179,7 +4456,7 @@ run_pki-cert-request-review-ca_tests() rlPhaseStartTest "pki_cert_request_review-0156: Approve Enrollment request from caCrossSignedCACert profile" local tmp_profile=caCrossSignedCACert - rlRun "create_new_cert_request \ + rlRun "create_new_cert_re1quest \ tmp_nss_db:$TEMP_NSS_DB \ tmp_nss_db_password:$TEMP_NSS_DB_PWD \ request_type:pkcs10 \ @@ -4201,19 +4478,21 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 15 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 15 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" @@ -4248,19 +4527,21 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "OCSPSigning" "$TmpDir/cert-show.out" rlPhaseEnd @@ -4288,26 +4569,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Data Encipherment" "$TmpDir/cert-show.out" rlLog "Verify Extended Key Usage extensions are added" - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.2" "$TmpDir/cert-show.out" rlPhaseEnd @@ -4335,26 +4618,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $tmp_profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action approve 1> $cert_request_review" 0 "Approve Enrollment request $request_id" rlAssertGrep "Approved certificate request $request_id" "$cert_request_review" rlLog "Verify Certificate has Key Encipherment extension added" - local cert_serialNumber=$(pki cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" + local cert_serialNumber=$(pki -h $target_host -p $target_port cert-request-show $request_id | grep "Certificate ID:" | awk -F ": " '{print $2}') + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 5 \"Critical: yes\" > $TmpDir/cert-show.out" rlLog "Verify Key Usage extensions are added" rlAssertGrep "Digital Signature" "$TmpDir/cert-show.out" rlAssertGrep "Non Repudiation" "$TmpDir/cert-show.out" rlAssertGrep "Key Encipherment" "$TmpDir/cert-show.out" rlAssertGrep "Data Encipherment" "$TmpDir/cert-show.out" rlLog "Verify Extended Key Usage extensions are added" - rlRun "pki cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" + rlRun "pki -h $target_host -p $target_port cert-show $cert_serialNumber --pretty | grep -A 4 \"Extended Key Usage:\" > $TmpDir/cert-show.out" rlAssertGrep "1.3.6.1.5.5.7.3.2" "$TmpDir/cert-show.out" rlPhaseEnd @@ -4382,19 +4667,23 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "Reject Enrollment request $request_id" rlAssertGrep "Canceled certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 "Cancelling a rejected request $request_id" rlAssertGrep "BadRequestException: Request Not In Pending State" "$cert_request_review" @@ -4424,7 +4713,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -4432,12 +4721,16 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign 1> $cert_request_review" 0 "Unassign enrollment request $request_id" rlAssertGrep "Unassigned certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "Cancel certificate request $request_id" rlAssertGrep "Canceled certificate request $request_id" "$cert_request_review" @@ -4467,24 +4760,28 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign 1> $cert_request_review" 0 "Assign enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "Assigned certificate request $request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" - rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" + rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$request_id-ldap.out" rlAssertGrep "caadmin" "$TmpDir/$request_id-ldap.out" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel > $cert_request_review 2>&1" 1,255 rlAssertGrep "PKIException: Problem approving request in CertRequestResource.assignRequest! Not authorized to do this operation" "$cert_request_review" @@ -4505,6 +4802,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action cancel 1> $cert_request_review" 0 "Cancel enrollment request $request_id" rlAssertGrep "Canceled certificate request $request_id" "$cert_request_review" @@ -4534,7 +4833,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -4563,13 +4862,15 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action assign 1> $cert_request_review" 0 "Assign enrollment request $request_id to $admin_cert_nickname" rlAssertGrep "Assigned certificate request $request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" - rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$request_id requestOwner > $TmpDir/$request_id-ldap.out" + rlAssertGrep "dn: cn=$request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$request_id-ldap.out" rlAssertGrep "caadmin" "$TmpDir/$request_id-ldap.out" rlRun "pki -d $CERTDB_DIR \ -h $target_host \ @@ -4604,7 +4905,7 @@ run_pki-cert-request-review-ca_tests() --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" rlLog "Update $profile xml with certificate request details" rlRun "generate_cert_request_xml $TEMP_NSS_DB/$rand-request.pem $TEMP_NSS_DB/$rand-subject.out $TEMP_NSS_DB/$rand-profile.xml $profile" - rlRun "pki cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $cert_request_submit" 0 "Submit certificate request" rlAssertGrep "Request Status: pending" "$cert_request_submit" rlAssertGrep "Operation Result: success" "$cert_request_submit" local request_id=$(cat $cert_request_submit | grep "Request ID:" | awk -F ": " '{print $2}') @@ -4612,12 +4913,16 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$admin_cert_nickname\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action unassign 1> $cert_request_review" 0 "Unassign enrollment request $request_id" rlAssertGrep "Unassigned certificate request $request_id" "$cert_request_review" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $request_id \ --action validate 1> $cert_request_review" 0 "Cancel certificate request $request_id" rlAssertGrep "Validated certificate request $request_id" "$cert_request_review" @@ -4638,8 +4943,8 @@ run_pki-cert-request-review-ca_tests() org: \ country: \ archive:false \ - host: \ - port:8080 \ + host:$target_host \ + port:$target_port \ profile:$profile \ cert_db:$CERTDB_DIR \ cert_db_pwd:$CERTDB_DIR_PASSWORD \ @@ -4647,29 +4952,33 @@ run_pki-cert-request-review-ca_tests() cert_info:$cert_info \ expect_data:$exp" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) - rlRun "pki cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" + rlRun "pki -h $target_host -p $target_port cert-request-profile-show caManualRenewal --output $TmpDir/$cert_serialNumber-renewal.xml" 0 "Get caManualRenewal profile xml" local STRIP_HEX=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL=${STRIP_HEX^^} local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) rlLog "Modify caManualRenewal profile xml to add serial Number $cert_serialNumber to be submitted for renewal" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/SerialNumber\" -v $decimal_valid_serialNumber $TmpDir/$cert_serialNumber-renewal.xml" - rlRun "pki cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" + rlRun "pki -h $target_host -p $target_port cert-request-submit $TmpDir/$cert_serialNumber-renewal.xml 1> $cert_request_submit" 0 "Submit renewal request" local renewal_request_id=$(cat $cert_request_submit | grep "Request ID" | awk -F ": " '{print $2}') rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ + -h $target_host \ + -p $target_port \ -n \"$admin_cert_nickname\" \ cert-request-review $renewal_request_id \ --action assign 1> $cert_request_review" 0 "Assign Enrollment request $renewal_request_id to $admin_cert_nickname" rlAssertGrep "Assigned certificate request $renewal_request_id" "$cert_request_review" rlLog "Issue ldapsearch against CA Directory Server DB to verify if the request is assigned to caadmin" - rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,o=pki-tomcat-CA\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ - -h $target_host -p 1600 cn=$renewal_request_id requestOwner > $TmpDir/$renewal_request_id-ldap.out" - rlAssertGrep "dn: cn=$renewal_request_id,ou=ca,ou=requests,o=pki-tomcat-CA" "$TmpDir/$renewal_request_id-ldap.out" + rlRun "ldapsearch -x -LLL -b \"ou=ca,ou=requests,dc=pki-ca\" -D \"cn=Directory Manager\" -w $LDAP_ROOTDNPWD \ + -h $target_host -p 389 cn=$renewal_request_id requestOwner > $TmpDir/$renewal_request_id-ldap.out" + rlAssertGrep "dn: cn=$renewal_request_id,ou=ca,ou=requests,dc=pki-ca" "$TmpDir/$renewal_request_id-ldap.out" rlAssertGrep "caadmin" "$TmpDir/$renewal_request_id-ldap.out" rlLog "Assign $renewal_request_id to $CA_agentV_user" rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action assign > $cert_request_review 2>&1" 1,255 "Assign Enrollment request $renewal_request_id to $CA_agentV_user" rlAssertGrep "PKIException: Problem approving request in CertRequestResource.assignRequest! Not authorized to do this operation" "$cert_request_review" @@ -4680,6 +4989,8 @@ run_pki-cert-request-review-ca_tests() rlRun "pki -d $CERTDB_DIR \ -c $CERTDB_DIR_PASSWORD \ -n \"$CA_agentV_user\" \ + -h $target_host \ + -p $target_port \ cert-request-review $renewal_request_id \ --action unassign > $cert_request_review 2>&1" 255,1 "Un-Assign renewal request $renewal_request_id using $CA_agentV_user cert" rlAssertGrep "PKIException: Problem approving request in CertRequestResource.assignRequest! Not authorized to do this operation" "$cert_request_review" |