diff options
author | Asha Akkiangady <aakkiang@redhat.com> | 2015-02-16 18:53:29 -0500 |
---|---|---|
committer | Asha Akkiangady <aakkiang@redhat.com> | 2015-02-16 18:58:52 -0500 |
commit | 88c44e8ea7c9583a552340141f2c4df07f5dab7b (patch) | |
tree | 290b3fe49660dda66b4b9c01441611c8b204b3ee /tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh | |
parent | 6d278c63f41ae998feedc2885e95fcfaa38ee46a (diff) | |
download | pki-88c44e8ea7c9583a552340141f2c4df07f5dab7b.tar.gz pki-88c44e8ea7c9583a552340141f2c4df07f5dab7b.tar.xz pki-88c44e8ea7c9583a552340141f2c4df07f5dab7b.zip |
CA renewal manual, directory authenticated and
sslclient self renewal tests.
Subca usergroup tests and new tests added to
ca's usergroup.
Diffstat (limited to 'tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh')
-rw-r--r-- | tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh | 842 |
1 files changed, 842 insertions, 0 deletions
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh b/tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh new file mode 100644 index 000000000..441dc0d60 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh @@ -0,0 +1,842 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/subca-tests/usergroups +# Description: Subordinate CA user and group tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki commands needs to be tested: +# Subordinate CA /ca/ug +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-legacy-subca-usergroup_tests() +{ + local subsystemType=$1 + local csRole=$2 + + # Creating Temporary Directory for pki ca-usergroup + rlPhaseStartSetup "pki ca usergroup Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlPhaseEnd + + # Local Variables + get_topo_stack $csRole $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME) + local ca_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local ca_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local ca_host=$(eval echo \$${csRole}) + local valid_agent_user=$SUBCA_INST\_agentV + local valid_agent_user_password=$SUBCA_INST\_agentV_password + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + local valid_audit_user=$SUBCA_INST\_auditV + local valid_audit_user_password=$SUBCA_INST\_auditV_password + local valid_operator_user=$SUBCA_INST\_operatorV + local valid_operator_user_password=$SUBCA_INST\_operatorV_password + local valid_agent_cert=$SUBCA_INST\_agentV + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local ca_admin_user=$(eval echo \$${SUBCA_INST}_ADMIN_USER) + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + disable_ca_nonce $tomcat_name + + rlPhaseStartTest "pki_subca_usergroup-001: Valid SUBCA admin add users" + local userid="ug02" + local fullname=$userid + local password="password$userid" + local email="$userid@redhat.com" + local phone="12345" + local state="CA" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_001.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_001.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_001_2.txt" 0 "Add user $userid to $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_001.txt" + rlAssertNotGrep "Fail" "$TmpDir/subca_usergroup_001_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-002: Valid CA admin list users" + local userid="ug02" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_002_2.txt" 0 "List all CA user in $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_002.txt" + rlAssertGrep "$userid" "$TmpDir/subca_usergroup_002_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-003: Valid CA admin edit users" + local userid="ug04" + local fullname=$userid + local password=password$userid + local email="$userid@redhat.com" + local phone="1234" + local state="CA" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_003_2.txt" 0 "Add user $userid to $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_003.txt" + #Now edit user - phone number change + phone="4567" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_003_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_003_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_003_002_2.txt" 0 "Modify user $userid to have a new phone number $phone" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_003_002.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-004: Valid CA admin delete users" + local userid="ug05" + local fullname=$userid + local password="password$userid" + local email="$userid@redhat.com" + local phone="1234" + local state="CA" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_004_2.txt" 0 "Add user $userid to $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_004.txt" + rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_004_2.txt" + #Now delete user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_004_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=users&RS_ID=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_004_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=users&RS_ID=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_004_002_2.txt" 0 "Delete user $userid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_004_002.txt" + #Verify user is deleted + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_004_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_004_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_004_003_2.txt" 0 "List all CA user in $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_004_003.txt" + rlAssertNotGrep "$userid" "$TmpDir/subca_usergroup_004_003_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-005: Valid CA admin view certs of users" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_005.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$valid_admin_user\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_005.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$valid_admin_user\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_05_2.txt" 0 "View user $valid_admin_user certificate" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_005.txt" + rlRun "cat $TmpDir/subca_usergroup_05_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_05_3.txt" + rlAssertGrep "BEGIN CERTIFICATE" "$TmpDir/subca_usergroup_05_3.txt" + rlAssertGrep "END CERTIFICATE" "$TmpDir/subca_usergroup_05_3.txt" + #view certificate of ca admin user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_005_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$ca_admin_user\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_005_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$ca_admin_user\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_005_002_2.txt" 0 "View user $ca_admin_user certificate" + rlRun "cat $TmpDir/subca_usergroup_005_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_005_002_3.txt" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_005_002.txt" + rlAssertGrep "BEGIN CERTIFICATE" "$TmpDir/subca_usergroup_005_002_3.txt" + rlAssertGrep "END CERTIFICATE" "$TmpDir/subca_usergroup_005_002_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-006: Valid CA admin import certs into users" + local userid="ug06" + local fullname=$userid + local password=password$userid + local email="$userid@mail_domain.com" + local phone="1234" + local state="CA" + #Add a user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=Administrators&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=Administrators&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_006_2.txt" 0 "Add user $userid to $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006.txt" + rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_006_2.txt" + #Create a certificate request + local profile_id="caUserCert" + local request_type="crmf" + local request_key_size=2048 + local request_key_type="rsa" + + rlRun "create_new_cert_request \ + tmp_nss_db:$TEMP_NSS_DB \ + tmp_nss_db_password:$TEMP_NSS_DB_PWD \ + request_type:$request_type \ + request_algo:$request_key_type \ + request_size:$request_key_size \ + subject_cn:$userid \ + subject_uid:$userid \ + subject_email:$email \ + subject_ou:IDM \ + subject_organization:Redhat \ + subject_country:US \ + subject_archive:false \ + cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ + cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" + rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006_002.txt \ + -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006_002.txt \ + -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/subca_usergroup_006_002_2.txt" 0 "Submit Certificare request" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_002.txt" + local request_id=$(cat -v $TmpDir/subca_usergroup_006_002_2.txt | grep 'requestList.requestId' | awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}') + rlLog "requestid=$request_id" + #Approve certificate request + local Second=`date +'%S' -d now` + local Minute=`date +'%M' -d now` + local Hour=`date +'%H' -d now` + local Day=`date +'%d' -d now` + local Month=`date +'%m' -d now` + local Year=`date +'%Y' -d now` + local start_year=$Year + let end_year=$Year+1 + local end_day="1" + local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second" + local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second" + local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" + local cert_ext_subjAltNames="RFC822Name: " + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $TmpDir/subca_usergroup_006_003.txt \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\"" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $TmpDir/subca_usergroup_006_003.txt \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/subca_usergroup_006_003_2.txt" 0 "Submit Certificare request" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_003.txt" + local serial_number=$(cat -v $TmpDir/subca_usergroup_006_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') + rlLog "serial_number=$serial_number" + local certificate_in_base64=$(cat -v $TmpDir/subca_usergroup_006_003_2.txt | grep 'outputList.outputVal' | awk -F 'outputList.outputVal=\"' '{print $2}' | awk -F '-----BEGIN CERTIFICATE-----' '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/-----END CERTIFICATE-----\\n\";/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g') + rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64" + #Add certificate to user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + --data \"OP_TYPE=OP_ADD&OP_SCOPE=certs&RS_ID=$userid\" \ + --data-urlencode \"cert=$certificate_in_base64\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + --data \"OP_TYPE=OP_ADD&OP_SCOPE=certs&RS_ID=$userid\" \ + --data-urlencode \"cert=$certificate_in_base64\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_006_004_2.txt" 0 "Add certificate serial_number $serial_number to $userid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_004.txt" + #Make sure certificate got added to user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006_005.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_006_005.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_006_005_2.txt" 0 "Read certificate of $userid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_005.txt" + rlRun "cat $TmpDir/subca_usergroup_006_005_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_006_005_3.txt" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/subca_usergroup_006_005_3.txt" + rlAssertGrep "-----END CERTIFICATE-----" "$TmpDir/subca_usergroup_006_005_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-007: Valid CA admin list groups" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_007.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_007.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_007_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_007.txt" + rlRun "cat $TmpDir/subca_usergroup_007_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_007_3.txt" + rlAssertGrep "Administrators" "$TmpDir/subca_usergroup_007_3.txt" + rlAssertGrep "Certificate Manager Agents" "$TmpDir/subca_usergroup_007_3.txt" + rlAssertGrep "Trusted Managers" "$TmpDir/subca_usergroup_007_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-008: Valid CA admin add a user to the group" + local userid="ug08" + local fullname=$userid + local password=password$userid + local email="$userid@redhat.com" + local phone="1234" + local state="CA" + local groupid="group01" + local groupdesc="group01_desc" + #Add user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_008.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_008.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_008_2.txt" 0 "Add user $userid to $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_008.txt" + rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_008_2.txt" + #Add user to group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_008_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_008_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_008_002_2.txt" 0 "Add group $groupid" + + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_008_002.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_008_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_008_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_008_003_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_008_003.txt" + rlRun "cat $TmpDir/subca_usergroup_008_003_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_008_003_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_008_003_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-009: Valid CA admin delete group" + local groupid="group09" + local groupdesc="group09_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009.txt" + rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_009_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_002_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009_002.txt" + rlRun "cat $TmpDir/subca_usergroup_009_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_009_002_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_009_002_3.txt" + #Delete group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_003_2.txt" 0 "Delete group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009_003.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_009_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_004_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009_004.txt" + rlRun "cat $TmpDir/subca_usergroup_009_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_009_004_3.txt" + rlAssertNotGrep "$groupid" "$TmpDir/subca_usergroup_009_004_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-010: Valid CA admin edit groups" + local userid="ug10" + local fullname=$userid + local password=password$userid + local email="$userid@redhat.com" + local phone="1234" + local state="CA" + local groupid="group10" + local groupdesc="group10_desc" + #Add user + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_010.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_010.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_010_2.txt" 0 "Add user $userid to $CA_INST" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_010.txt" + rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_010_2.txt" + #Add user to group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_010_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_010_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_010_002_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_010_002.txt" + rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_010_002_2.txt" + #Edit group - change description + local groupdesc2="group10_desc_changed" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_010_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc2&user=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_010_003.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc2&user=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_010_003_2.txt" 0 "Edit $groupid change desc $groupdesc2" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_010_003.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-011: Valid CA agent cannot add new user" + local userid="ug11" + local fullname=$userid + local password="password$userid" + local email="$userid@redhat.com" + local phone="12345" + local state="CA" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_011.txt \ + -u $valid_agent_user:$valid_agent_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_011.txt \ + -u $valid_agent_user:$valid_agent_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_011_2.txt" 0 "Add user $userid to $CA_INST using a agent user" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_011.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_011_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-012: CA Audit user cannot add new user" + local userid="ug12" + local fullname=$userid + local password="password$userid" + local email="$userid@redhat.com" + local phone="12345" + local state="CA" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_012.txt \ + -u $valid_audit_user:$valid_audit_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_012.txt \ + -u $valid_audit_user:$valid_audit_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_012_2.txt" 0 "Add user $userid to $CA_INST using a audit user" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_012.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_012_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-013: CA Operator user cannot add new user" + local userid="ug13" + local fullname=$userid + local password="password$userid" + local email="$userid@redhat.com" + local phone="12345" + local state="CA" + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_013.txt \ + -u $valid_operator_user:$valid_operator_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_013.txt \ + -u $valid_operator_user:$valid_operator_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_013_2.txt" 0 "Add user $userid to $CA_INST using a operator user" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_013.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_013_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-014: CA audit user cannot add new group" + local groupid="group14" + local groupdesc="group14_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_014.txt \ + -u $valid_audit_user:$valid_audit_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_014.txt \ + -u $valid_audit_user:$valid_audit_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_014_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_014.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_014_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-015: CA agent user cannot add new group" + local groupid="group15" + local groupdesc="group15_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_015.txt \ + -u $valid_agent_user:$valid_agent_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_015.txt \ + -u $valid_agent_user:$valid_agent_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_015_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_015.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_015_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-016: CA operator user cannot add new group" + local groupid="group16" + local groupdesc="group16_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_016.txt \ + -u $valid_operator_user:$valid_operator_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_016.txt \ + -u $valid_operator_user:$valid_operator_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_016_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_016.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_016_2.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-017: CA agent user cannot delete existing group" + local groupid="group17" + local groupdesc="group17_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017.txt" + rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_017_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_002_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017_002.txt" + rlRun "cat $TmpDir/subca_usergroup_017_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_017_002_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_017_002_3.txt" + #Delete group using agent + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017_003.txt \ + -u $valid_agent_user:$valid_agent_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017_003.txt \ + -u $valid_agent_user:$valid_agent_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_003_2.txt" 0 "Delete group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017_003.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_017_003_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_017_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_004_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017_004.txt" + rlRun "cat $TmpDir/subca_usergroup_017_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_017_004_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_017_004_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup-018: CA Audit user cannot delete existing group" + local groupid="group18" + local groupdesc="group18_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018.txt" + rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_018_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_002_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018_002.txt" + rlRun "cat $TmpDir/subca_usergroup_018_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_018_002_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_018_002_3.txt" + #Delete group using auditor + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018_003.txt \ + -u $valid_audit_user:$valid_audit_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018_003.txt \ + -u $valid_audit_user:$valid_audit_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_003_2.txt" 0 "Delete group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018_003.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_018_003_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_018_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_004_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018_004.txt" + rlRun "cat $TmpDir/subca_usergroup_018_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_018_004_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_018_004_3.txt" + rlPhaseEnd + + + rlPhaseStartTest "pki_subca_usergroup-019: CA Operator user cannot delete existing group" + local groupid="group19" + local groupdesc="group19_desc" + #Add group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_2.txt" 0 "Add group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019.txt" + rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_019_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019_002.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_002_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019_002.txt" + rlRun "cat $TmpDir/subca_usergroup_019_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_019_002_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_019_002_3.txt" + #Delete group using operator + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019_003.txt \ + -u $valid_operator_user:$valid_operator_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019_003.txt \ + -u $valid_operator_user:$valid_operator_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_003_2.txt" 0 "Delete group $groupid" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019_003.txt" + rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_019_003_2.txt" + #List group + rlLog "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\"" + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_019_004.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_004_2.txt" 0 "List groups" + rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019_004.txt" + rlRun "cat $TmpDir/subca_usergroup_019_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_019_004_3.txt" + rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_019_004_3.txt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_usergroup_cleanup: Deleting users and groups" + local group=("group01" "group10" "group17" "group18" "group19") + i=0 + while [ $i -lt ${#group[@]} ] ; do + groupid=${group[$i]} + rlRun "curl --basic \ + --dump-header $TmpDir/ca_group_cleanup_$i.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_group_cleanup_$i_2.txt" 0 "Delete group $groupid" + let i=$i+1 + done + + local user=("ug02" "ug04" "ug06:true" "ug08" "ug10") + i=0 + while [ $i -lt ${#user[@]} ] ; do + userid=${user[$i]} + rlRun "curl --basic \ + --dump-header $TmpDir/subca_usergroup_cleanup_$i.txt \ + -u $valid_admin_user:$valid_admin_user_password \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=users&RS_ID=$userid\" \ + -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_cleanup_$i_2.txt" 0 "Delete user $userid" + let i=$i+1 + done + enable_ca_nonce $tomcat_name + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing temp directory" + rlPhaseEnd +} |